/*
- * Copyright (c) 2004 Apple Computer, Inc. All rights reserved.
+ * Copyright (c) 2004, 2010, 2011 Apple Inc. All rights reserved.
*
* @APPLE_LICENSE_HEADER_START@
*
#include <sys/appleapiopts.h>
#include <sys/types.h>
#include <sys/acl.h>
+#include <sys/fcntl.h>
#include <errno.h>
#include <stdio.h>
#include <stdarg.h>
#include <stdlib.h>
#include <string.h>
+#include <strings.h>
#include <membership.h>
#include <membershipPriv.h>
#include <pwd.h>
errno = ERANGE;
return(-1);
}
+
+ bzero(ext, reqsize);
+ ext->fsec_magic = OSSwapHostToBigInt32(KAUTH_FILESEC_MAGIC);
+
+ /* special case for _FILESEC_REMOVE_ACL */
+ if (acl == (acl_t)_FILESEC_REMOVE_ACL) {
+ ext->fsec_entrycount = OSSwapHostToBigInt32(KAUTH_FILESEC_NOACL);
+ return(reqsize);
+ }
/* export the header */
- ext->fsec_magic = OSSwapHostToBigInt32(KAUTH_FILESEC_MAGIC);
ext->fsec_entrycount = OSSwapHostToBigInt32(acl->a_entries);
ext->fsec_flags = OSSwapHostToBigInt32(acl->a_flags);
errno = ERANGE;
return(-1);
}
+
+ bzero(ext, reqsize);
+ ext->fsec_magic = KAUTH_FILESEC_MAGIC;
+
+ /* special case for _FILESEC_REMOVE_ACL */
+ if (acl == (acl_t)_FILESEC_REMOVE_ACL) {
+ ext->fsec_entrycount = KAUTH_FILESEC_NOACL;
+ return(reqsize);
+ }
/* export the header */
- ext->fsec_magic = KAUTH_FILESEC_MAGIC;
ext->fsec_entrycount = acl->a_entries;
ext->fsec_flags = acl->a_flags;
- /* XXX owner? */
/* copy ACEs */
for (i = 0; i < acl->a_entries; i++) {
{ACL_READ_SECURITY, "readsecurity", ACL_TYPE_FILE | ACL_TYPE_DIR},
{ACL_WRITE_SECURITY, "writesecurity", ACL_TYPE_FILE | ACL_TYPE_DIR},
{ACL_CHANGE_OWNER, "chown", ACL_TYPE_FILE | ACL_TYPE_DIR},
+ {ACL_SYNCHRONIZE, "synchronize", ACL_TYPE_FILE | ACL_TYPE_DIR},
{0, NULL, 0}
};
{ACL_ENTRY_DIRECTORY_INHERIT, "directory_inherit", ACL_TYPE_DIR},
{ACL_ENTRY_LIMIT_INHERIT, "limit_inherit", ACL_TYPE_FILE | ACL_TYPE_DIR},
{ACL_ENTRY_ONLY_INHERIT, "only_inherit", ACL_TYPE_DIR},
+ {ACL_FLAG_NO_INHERIT, "no_inherit", ACL_TYPE_ACL},
{0, NULL, 0}
};
/*
* reallocing snprintf with offset
*/
-
static int
raosnprintf(char **buf, size_t *size, ssize_t *offset, char *fmt, ...)
{
*/
field = strsep(&entry, " ");
errno = 0;
- if (!*field || strtol(field, NULL, 0) != 1)
+ if (field == NULL || !*field || strtol(field, NULL, 0) != 1)
{
error = EINVAL;
goto exit;
/* field 2: <uuid> */
if ((field = strsep(&entry, ":")) != NULL && *field)
{
- mbr_string_to_uuid(field, *uu);
+ uuid_parse(field, *uu);
need_tag = 0;
}
if (((uu = (uuid_t *) acl_get_qualifier(entry)) == NULL)
|| (acl_get_tag_type(entry, &tag) != 0)
|| (acl_get_flagset_np(entry, &flags) != 0)
- || (acl_get_permset(entry, &perms) != 0)
- || ((str = uuid_to_name(uu, &id, &isgid)) == NULL)) {
+ || (acl_get_permset(entry, &perms) != 0)) {
if (uu != NULL) acl_free(uu);
continue;
}
uuid_unparse_upper(*uu, uu_str);
- valid = raosnprintf(&buf, &bufsize, len_p, "\n%s:%s:%s:%d:%s",
- isgid ? "group" : "user",
- uu_str,
- str,
- id,
- (tag == ACL_EXTENDED_ALLOW) ? "allow" : "deny");
+ if ((str = uuid_to_name(uu, &id, &isgid)) != NULL) {
+ valid = raosnprintf(&buf, &bufsize, len_p, "\n%s:%s:%s:%d:%s",
+ isgid ? "group" : "user",
+ uu_str,
+ str,
+ id,
+ (tag == ACL_EXTENDED_ALLOW) ? "allow" : "deny");
+ } else {
+ valid = raosnprintf(&buf, &bufsize, len_p, "\nuser:%s:::%s",
+ uu_str,
+ (tag == ACL_EXTENDED_ALLOW) ? "allow" : "deny");
+ }
free(str);
acl_free(uu);
}
}
}
- buf[(*len_p)++] = '\n';
- buf[(*len_p)] = 0;
+
+ if(!raosnprintf(&buf, &bufsize, len_p, "\n")) goto err_nomem;
return buf;
err_nomem:
ssize_t
acl_size(acl_t acl)
{
+ /* special case for _FILESEC_REMOVE_ACL */
+ if (acl == (acl_t)_FILESEC_REMOVE_ACL)
+ return KAUTH_FILESEC_SIZE(0);
+
_ACL_VALIDATE_ACL(acl);
return(KAUTH_FILESEC_SIZE(acl->a_entries));
projects / apple / libc.git / blobdiff