1 /* set-mode-acl.c - set access control list equivalent to a mode
2 
3    Copyright (C) 2002-2003, 2005-2009 Free Software Foundation, Inc.
4 
5    This program is free software: you can redistribute it and/or modify
6    it under the terms of the GNU General Public License as published by
7    the Free Software Foundation; either version 3 of the License, or
8    (at your option) any later version.
9 
10    This program is distributed in the hope that it will be useful,
11    but WITHOUT ANY WARRANTY; without even the implied warranty of
12    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13    GNU General Public License for more details.
14 
15    You should have received a copy of the GNU General Public License
16    along with this program.  If not, see <http://www.gnu.org/licenses/>.
17 
18    Written by Paul Eggert and Andreas Gruenbacher, and Bruno Haible.  */
19 
20 #include <config.h>
21 
22 #include "acl.h"
23 
24 #include "acl-internal.h"
25 
26 #include "gettext.h"
27 #define _(msgid) gettext (msgid)
28 
29 
30 /* If DESC is a valid file descriptor use fchmod to change the
31    file's mode to MODE on systems that have fchown. On systems
32    that don't have fchown and if DESC is invalid, use chown on
33    NAME instead.
34    Return 0 if successful.  Return -1 and set errno upon failure.  */
35 
36 int
chmod_or_fchmod(const char * name,int desc,mode_t mode)37 chmod_or_fchmod (const char *name, int desc, mode_t mode)
38 {
39   if (HAVE_FCHMOD && desc != -1)
40     return fchmod (desc, mode);
41   else
42     return chmod (name, mode);
43 }
44 
45 /* Set the access control lists of a file. If DESC is a valid file
46    descriptor, use file descriptor operations where available, else use
47    filename based operations on NAME.  If access control lists are not
48    available, fchmod the target file to MODE.  Also sets the
49    non-permission bits of the destination file (S_ISUID, S_ISGID, S_ISVTX)
50    to those from MODE if any are set.
51    Return 0 if successful.  Return -1 and set errno upon failure.  */
52 
53 int
qset_acl(char const * name,int desc,mode_t mode)54 qset_acl (char const *name, int desc, mode_t mode)
55 {
56 #if USE_ACL
57 # if HAVE_ACL_GET_FILE
58   /* POSIX 1003.1e draft 17 (abandoned) specific version.  */
59   /* Linux, FreeBSD, MacOS X, IRIX, Tru64 */
60 #  if MODE_INSIDE_ACL
61   /* Linux, FreeBSD, IRIX, Tru64 */
62 
63   /* We must also have acl_from_text and acl_delete_def_file.
64      (acl_delete_def_file could be emulated with acl_init followed
65       by acl_set_file, but acl_set_file with an empty acl is
66       unspecified.)  */
67 
68 #   ifndef HAVE_ACL_FROM_TEXT
69 #    error Must have acl_from_text (see POSIX 1003.1e draft 17).
70 #   endif
71 #   ifndef HAVE_ACL_DELETE_DEF_FILE
72 #    error Must have acl_delete_def_file (see POSIX 1003.1e draft 17).
73 #   endif
74 
75   acl_t acl;
76   int ret;
77 
78   if (HAVE_ACL_FROM_MODE) /* Linux */
79     {
80       acl = acl_from_mode (mode);
81       if (!acl)
82 	return -1;
83     }
84   else /* FreeBSD, IRIX, Tru64 */
85     {
86       /* If we were to create the ACL using the functions acl_init(),
87 	 acl_create_entry(), acl_set_tag_type(), acl_set_qualifier(),
88 	 acl_get_permset(), acl_clear_perm[s](), acl_add_perm(), we
89 	 would need to create a qualifier.  I don't know how to do this.
90 	 So create it using acl_from_text().  */
91 
92 #   if HAVE_ACL_FREE_TEXT /* Tru64 */
93       char acl_text[] = "u::---,g::---,o::---,";
94 #   else /* FreeBSD, IRIX */
95       char acl_text[] = "u::---,g::---,o::---";
96 #   endif
97 
98       if (mode & S_IRUSR) acl_text[ 3] = 'r';
99       if (mode & S_IWUSR) acl_text[ 4] = 'w';
100       if (mode & S_IXUSR) acl_text[ 5] = 'x';
101       if (mode & S_IRGRP) acl_text[10] = 'r';
102       if (mode & S_IWGRP) acl_text[11] = 'w';
103       if (mode & S_IXGRP) acl_text[12] = 'x';
104       if (mode & S_IROTH) acl_text[17] = 'r';
105       if (mode & S_IWOTH) acl_text[18] = 'w';
106       if (mode & S_IXOTH) acl_text[19] = 'x';
107 
108       acl = acl_from_text (acl_text);
109       if (!acl)
110 	return -1;
111     }
112   if (HAVE_ACL_SET_FD && desc != -1)
113     ret = acl_set_fd (desc, acl);
114   else
115     ret = acl_set_file (name, ACL_TYPE_ACCESS, acl);
116   if (ret != 0)
117     {
118       int saved_errno = errno;
119       acl_free (acl);
120 
121       if (ACL_NOT_WELL_SUPPORTED (errno))
122 	return chmod_or_fchmod (name, desc, mode);
123       else
124 	{
125 	  errno = saved_errno;
126 	  return -1;
127 	}
128     }
129   else
130     acl_free (acl);
131 
132   if (S_ISDIR (mode) && acl_delete_def_file (name))
133     return -1;
134 
135   if (mode & (S_ISUID | S_ISGID | S_ISVTX))
136     {
137       /* We did not call chmod so far, so the special bits have not yet
138 	 been set.  */
139       return chmod_or_fchmod (name, desc, mode);
140     }
141   return 0;
142 
143 #  else /* !MODE_INSIDE_ACL */
144   /* MacOS X */
145 
146 #   if !HAVE_ACL_TYPE_EXTENDED
147 #    error Must have ACL_TYPE_EXTENDED
148 #   endif
149 
150   /* On MacOS X,  acl_get_file (name, ACL_TYPE_ACCESS)
151      and          acl_get_file (name, ACL_TYPE_DEFAULT)
152      always return NULL / EINVAL.  You have to use
153 		  acl_get_file (name, ACL_TYPE_EXTENDED)
154      or           acl_get_fd (open (name, ...))
155      to retrieve an ACL.
156      On the other hand,
157 		  acl_set_file (name, ACL_TYPE_ACCESS, acl)
158      and          acl_set_file (name, ACL_TYPE_DEFAULT, acl)
159      have the same effect as
160 		  acl_set_file (name, ACL_TYPE_EXTENDED, acl):
161      Each of these calls sets the file's ACL.  */
162 
163   acl_t acl;
164   int ret;
165 
166   /* Remove the ACL if the file has ACLs.  */
167   if (HAVE_ACL_GET_FD && desc != -1)
168     acl = acl_get_fd (desc);
169   else
170     acl = acl_get_file (name, ACL_TYPE_EXTENDED);
171   if (acl)
172     {
173       acl_free (acl);
174 
175       acl = acl_init (0);
176       if (acl)
177 	{
178 	  if (HAVE_ACL_SET_FD && desc != -1)
179 	    ret = acl_set_fd (desc, acl);
180 	  else
181 	    ret = acl_set_file (name, ACL_TYPE_EXTENDED, acl);
182 	  if (ret != 0)
183 	    {
184 	      int saved_errno = errno;
185 
186 	      acl_free (acl);
187 
188 	      if (ACL_NOT_WELL_SUPPORTED (saved_errno))
189 		return chmod_or_fchmod (name, desc, mode);
190 	      else
191 		{
192 		  errno = saved_errno;
193 		  return -1;
194 		}
195 	    }
196 	  acl_free (acl);
197 	}
198     }
199 
200   /* Since !MODE_INSIDE_ACL, we have to call chmod explicitly.  */
201   return chmod_or_fchmod (name, desc, mode);
202 #  endif
203 
204 # elif HAVE_ACL && defined GETACLCNT /* Solaris, Cygwin, not HP-UX */
205 
206 #  if defined ACL_NO_TRIVIAL
207   /* Solaris 10 (newer version), which has additional API declared in
208      <sys/acl.h> (acl_t) and implemented in libsec (acl_set, acl_trivial,
209      acl_fromtext, ...).  */
210 
211   acl_t *aclp;
212   char acl_text[] = "user::---,group::---,mask:---,other:---";
213   int ret;
214   int saved_errno;
215 
216   if (mode & S_IRUSR) acl_text[ 6] = 'r';
217   if (mode & S_IWUSR) acl_text[ 7] = 'w';
218   if (mode & S_IXUSR) acl_text[ 8] = 'x';
219   if (mode & S_IRGRP) acl_text[17] = acl_text[26] = 'r';
220   if (mode & S_IWGRP) acl_text[18] = acl_text[27] = 'w';
221   if (mode & S_IXGRP) acl_text[19] = acl_text[28] = 'x';
222   if (mode & S_IROTH) acl_text[36] = 'r';
223   if (mode & S_IWOTH) acl_text[37] = 'w';
224   if (mode & S_IXOTH) acl_text[38] = 'x';
225 
226   if (acl_fromtext (acl_text, &aclp) != 0)
227     {
228       errno = ENOMEM;
229       return -1;
230     }
231 
232   ret = (desc < 0 ? acl_set (name, aclp) : facl_set (desc, aclp));
233   saved_errno = errno;
234   acl_free (aclp);
235   if (ret < 0)
236     {
237       if (saved_errno == ENOSYS)
238 	return chmod_or_fchmod (name, desc, mode);
239       errno = saved_errno;
240       return -1;
241     }
242 
243   if (mode & (S_ISUID | S_ISGID | S_ISVTX))
244     {
245       /* We did not call chmod so far, so the special bits have not yet
246 	 been set.  */
247       return chmod_or_fchmod (name, desc, mode);
248     }
249   return 0;
250 
251 #  else /* Solaris, Cygwin, general case */
252 
253 #   ifdef ACE_GETACL
254   /* Solaris also has a different variant of ACLs, used in ZFS and NFSv4
255      file systems (whereas the other ones are used in UFS file systems).  */
256 
257   /* The flags in the ace_t structure changed in a binary incompatible way
258      when ACL_NO_TRIVIAL etc. were introduced in <sys/acl.h> version 1.15.
259      How to distinguish the two conventions at runtime?
260      We fetch the existing ACL.  In the old convention, usually three ACEs have
261      a_flags = ACE_OWNER / ACE_GROUP / ACE_OTHER, in the range 0x0100..0x0400.
262      In the new convention, these values are not used.  */
263   int convention;
264 
265   {
266     int count;
267     ace_t *entries;
268 
269     for (;;)
270       {
271 	if (desc != -1)
272 	  count = facl (desc, ACE_GETACLCNT, 0, NULL);
273 	else
274 	  count = acl (name, ACE_GETACLCNT, 0, NULL);
275 	if (count <= 0)
276 	  {
277 	    convention = -1;
278 	    break;
279 	  }
280 	entries = (ace_t *) malloc (count * sizeof (ace_t));
281 	if (entries == NULL)
282 	  {
283 	    errno = ENOMEM;
284 	    return -1;
285 	  }
286 	if ((desc != -1
287 	     ? facl (desc, ACE_GETACL, count, entries)
288 	     : acl (name, ACE_GETACL, count, entries))
289 	    == count)
290 	  {
291 	    int i;
292 
293 	    convention = 0;
294 	    for (i = 0; i < count; i++)
295 	      if (entries[i].a_flags & (ACE_OWNER | ACE_GROUP | ACE_OTHER))
296 		{
297 		  convention = 1;
298 		  break;
299 		}
300 	    free (entries);
301 	    break;
302 	  }
303 	/* Huh? The number of ACL entries changed since the last call.
304 	   Repeat.  */
305 	free (entries);
306       }
307   }
308 
309   if (convention >= 0)
310     {
311       ace_t entries[3];
312       int ret;
313 
314       if (convention)
315 	{
316 	  /* Running on Solaris 10.  */
317 	  entries[0].a_type = ALLOW;
318 	  entries[0].a_flags = ACE_OWNER;
319 	  entries[0].a_who = 0; /* irrelevant */
320 	  entries[0].a_access_mask = (mode >> 6) & 7;
321 	  entries[1].a_type = ALLOW;
322 	  entries[1].a_flags = ACE_GROUP;
323 	  entries[1].a_who = 0; /* irrelevant */
324 	  entries[1].a_access_mask = (mode >> 3) & 7;
325 	  entries[2].a_type = ALLOW;
326 	  entries[2].a_flags = ACE_OTHER;
327 	  entries[2].a_who = 0;
328 	  entries[2].a_access_mask = mode & 7;
329 	}
330       else
331 	{
332 	  /* Running on Solaris 10 (newer version) or Solaris 11.  */
333 	  entries[0].a_type = ACE_ACCESS_ALLOWED_ACE_TYPE;
334 	  entries[0].a_flags = NEW_ACE_OWNER;
335 	  entries[0].a_who = 0; /* irrelevant */
336 	  entries[0].a_access_mask =
337 	    (mode & 0400 ? NEW_ACE_READ_DATA : 0)
338 	    | (mode & 0200 ? NEW_ACE_WRITE_DATA : 0)
339 	    | (mode & 0100 ? NEW_ACE_EXECUTE : 0);
340 	  entries[1].a_type = ACE_ACCESS_ALLOWED_ACE_TYPE;
341 	  entries[1].a_flags = NEW_ACE_GROUP | NEW_ACE_IDENTIFIER_GROUP;
342 	  entries[1].a_who = 0; /* irrelevant */
343 	  entries[1].a_access_mask =
344 	    (mode & 0040 ? NEW_ACE_READ_DATA : 0)
345 	    | (mode & 0020 ? NEW_ACE_WRITE_DATA : 0)
346 	    | (mode & 0010 ? NEW_ACE_EXECUTE : 0);
347 	  entries[2].a_type = ACE_ACCESS_ALLOWED_ACE_TYPE;
348 	  entries[2].a_flags = ACE_EVERYONE;
349 	  entries[2].a_who = 0;
350 	  entries[2].a_access_mask =
351 	    (mode & 0004 ? NEW_ACE_READ_DATA : 0)
352 	    | (mode & 0002 ? NEW_ACE_WRITE_DATA : 0)
353 	    | (mode & 0001 ? NEW_ACE_EXECUTE : 0);
354 	}
355       if (desc != -1)
356 	ret = facl (desc, ACE_SETACL,
357 		    sizeof (entries) / sizeof (ace_t), entries);
358       else
359 	ret = acl (name, ACE_SETACL,
360 		   sizeof (entries) / sizeof (ace_t), entries);
361       if (ret < 0 && errno != EINVAL && errno != ENOTSUP)
362 	{
363 	  if (errno == ENOSYS)
364 	    return chmod_or_fchmod (name, desc, mode);
365 	  return -1;
366 	}
367     }
368 #   endif
369 
370   {
371     aclent_t entries[3];
372     int ret;
373 
374     entries[0].a_type = USER_OBJ;
375     entries[0].a_id = 0; /* irrelevant */
376     entries[0].a_perm = (mode >> 6) & 7;
377     entries[1].a_type = GROUP_OBJ;
378     entries[1].a_id = 0; /* irrelevant */
379     entries[1].a_perm = (mode >> 3) & 7;
380     entries[2].a_type = OTHER_OBJ;
381     entries[2].a_id = 0;
382     entries[2].a_perm = mode & 7;
383 
384     if (desc != -1)
385       ret = facl (desc, SETACL, sizeof (entries) / sizeof (aclent_t), entries);
386     else
387       ret = acl (name, SETACL, sizeof (entries) / sizeof (aclent_t), entries);
388     if (ret < 0)
389       {
390 	if (errno == ENOSYS)
391 	  return chmod_or_fchmod (name, desc, mode);
392 	return -1;
393       }
394   }
395 
396   if (!MODE_INSIDE_ACL || (mode & (S_ISUID | S_ISGID | S_ISVTX)))
397     {
398       /* We did not call chmod so far, so the special bits have not yet
399 	 been set.  */
400       return chmod_or_fchmod (name, desc, mode);
401     }
402   return 0;
403 
404 #  endif
405 
406 # elif HAVE_GETACL /* HP-UX */
407 
408   struct stat statbuf;
409   struct acl_entry entries[3];
410   int ret;
411 
412   if (desc != -1)
413     ret = fstat (desc, &statbuf);
414   else
415     ret = stat (name, &statbuf);
416   if (ret < 0)
417     return -1;
418 
419   entries[0].uid = statbuf.st_uid;
420   entries[0].gid = ACL_NSGROUP;
421   entries[0].mode = (mode >> 6) & 7;
422   entries[1].uid = ACL_NSUSER;
423   entries[1].gid = statbuf.st_gid;
424   entries[1].mode = (mode >> 3) & 7;
425   entries[2].uid = ACL_NSUSER;
426   entries[2].gid = ACL_NSGROUP;
427   entries[2].mode = mode & 7;
428 
429   if (desc != -1)
430     ret = fsetacl (desc, sizeof (entries) / sizeof (struct acl_entry), entries);
431   else
432     ret = setacl (name, sizeof (entries) / sizeof (struct acl_entry), entries);
433   if (ret < 0)
434     {
435       if (errno == ENOSYS || errno == EOPNOTSUPP)
436 	return chmod_or_fchmod (name, desc, mode);
437       return -1;
438     }
439 
440   if (mode & (S_ISUID | S_ISGID | S_ISVTX))
441     {
442       /* We did not call chmod so far, so the special bits have not yet
443 	 been set.  */
444       return chmod_or_fchmod (name, desc, mode);
445     }
446   return 0;
447 
448 # elif HAVE_ACLX_GET && 0 /* AIX */
449 
450   /* TODO: use aclx_fput or aclx_put, respectively */
451 
452 # elif HAVE_STATACL /* older AIX */
453 
454   union { struct acl a; char room[128]; } u;
455   int ret;
456 
457   u.a.acl_len = (char *) &u.a.acl_ext[0] - (char *) &u.a; /* no entries */
458   u.a.acl_mode = mode & ~(S_IXACL | 0777);
459   u.a.u_access = (mode >> 6) & 7;
460   u.a.g_access = (mode >> 3) & 7;
461   u.a.o_access = mode & 7;
462 
463   if (desc != -1)
464     ret = fchacl (desc, &u.a, u.a.acl_len);
465   else
466     ret = chacl (name, &u.a, u.a.acl_len);
467 
468   if (ret < 0 && errno == ENOSYS)
469     return chmod_or_fchmod (name, desc, mode);
470 
471   return ret;
472 
473 # else /* Unknown flavor of ACLs */
474   return chmod_or_fchmod (name, desc, mode);
475 # endif
476 #else /* !USE_ACL */
477   return chmod_or_fchmod (name, desc, mode);
478 #endif
479 }
480 
481 /* As with qset_acl, but also output a diagnostic on failure.  */
482 
483 int
set_acl(char const * name,int desc,mode_t mode)484 set_acl (char const *name, int desc, mode_t mode)
485 {
486   int r = qset_acl (name, desc, mode);
487   if (r != 0)
488     error (0, errno, _("setting permissions for %s"), quote (name));
489   return r;
490 }
491