PERFORCE change 22503 for review
Robert Watson
rwatson at freebsd.org
Thu Dec 19 04:19:42 GMT 2002
http://perforce.freebsd.org/chv.cgi?CH=22503
Change 22503 by rwatson at rwatson_paprika on 2002/12/18 20:18:53
First pass at system call wrappers, man page updates for
_link_np() variations.
Affected files ...
.. //depot/projects/trustedbsd/acl/lib/libc/posix1e/acl.3#2 edit
.. //depot/projects/trustedbsd/acl/lib/libc/posix1e/acl_delete.3#2 edit
.. //depot/projects/trustedbsd/acl/lib/libc/posix1e/acl_delete.c#2 edit
.. //depot/projects/trustedbsd/acl/lib/libc/posix1e/acl_get.3#2 edit
.. //depot/projects/trustedbsd/acl/lib/libc/posix1e/acl_get.c#2 edit
.. //depot/projects/trustedbsd/acl/lib/libc/posix1e/acl_set.3#2 edit
.. //depot/projects/trustedbsd/acl/lib/libc/posix1e/acl_set.c#2 edit
.. //depot/projects/trustedbsd/acl/lib/libc/posix1e/acl_valid.3#2 edit
.. //depot/projects/trustedbsd/acl/lib/libc/posix1e/acl_valid.c#2 edit
Differences ...
==== //depot/projects/trustedbsd/acl/lib/libc/posix1e/acl.3#2 (text+ko) ====
@@ -2,6 +2,8 @@
.\" Copyright (c) 2000, 2001, 2002 Robert N. M. Watson
.\" All rights reserved.
.\"
+.\" This software was developed by Robert Watson for the TrustedBSD Project.
+.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
@@ -25,7 +27,7 @@
.\"
.\" $FreeBSD: src/lib/libc/posix1e/acl.3,v 1.19 2002/11/08 15:01:28 rwatson Exp $
.\"
-.Dd January 28, 2000
+.Dd December 18, 2002
.Dt ACL 3
.Os
.Sh NAME
@@ -82,8 +84,10 @@
and may be used to create an empty entry in an ACL.
.It Xo
.Fn acl_delete_def_file ,
+.Fn acl_delete_def_link_np ,
+.Fn acl_delete_fd_np ,
.Fn acl_delete_file_np ,
-.Fn acl_delete_fd_np
+.Fn acl_delete_link_np
.Xc
These functions are described in
.Xr acl_delete 3 ,
@@ -114,9 +118,10 @@
.Xr acl_get_entry 3 ,
and may be used to retrieve a designated ACL entry from an ACL.
.It Xo
+.Fn acl_get_fd ,
+.Fn acl_get_fd_np ,
.Fn acl_get_file ,
-.Fn acl_get_fd ,
-.Fn acl_get_fd_np
+.Fn acl_get_link_np
.Xc
These functions are described in
.Xr acl_get 3 ,
@@ -138,9 +143,10 @@
.Xr acl_init 3 ,
and may be used to allocate a fresh (empty) ACL structure.
.It Xo
+.Fn acl_set_fd ,
+.Fn acl_set_fd_np ,
.Fn acl_set_file ,
-.Fn acl_set_fd ,
-.Fn acl_set_fd_np
+.Fn acl_set_link_np
.Xc
These functions are described in
.Xr acl_set 3 ,
@@ -163,8 +169,9 @@
and may be used to generate a text-form of a POSIX.1e semantics ACL.
.It Xo
.Fn acl_valid ,
+.Fn acl_valid_fd_np ,
.Fn acl_valid_file_np ,
-.Fn acl_valid_fd_np
+.Fn acl_valid_link_np
.Xc
These functions are described in
.Xr acl_valid 3 ,
==== //depot/projects/trustedbsd/acl/lib/libc/posix1e/acl_delete.3#2 (text+ko) ====
@@ -1,7 +1,9 @@
.\"-
-.\" Copyright (c) 2000 Robert N. M. Watson
+.\" Copyright (c) 2000, 2002 Robert N. M. Watson
.\" All rights reserved.
.\"
+.\" This software was developed by Robert Watson for the TrustedBSD Project.
+.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
@@ -30,8 +32,10 @@
.Os
.Sh NAME
.Nm acl_delete_def_file ,
+.Nm acl_delete_def_link_np ,
.Nm acl_delete_fd_np ,
.Nm acl_delete_file_np
+.Nm acl_delete_link_np
.Nd delete an ACL from a file
.Sh LIBRARY
.Lb libc
@@ -41,21 +45,33 @@
.Ft int
.Fn acl_delete_def_file "const char *path_p"
.Ft int
+.Fn acl_delete_def_link_np "const char *path_p"
+.Ft int
+.Fn acl_delete_fd_np "int filedes" "acl_type_t type"
+.Ft int
.Fn acl_delete_file_np "const char *path_p" "acl_type_t type"
.Ft int
-.Fn acl_delete_fd_np "int filedes" "acl_type_t type"
+.Fn acl_delete_link_np "const char *path_p" "acl_type_t type"
.Sh DESCRIPTION
The
.Fn acl_delete_def_file ,
+.Fn acl_delete_def_link_np ,
+.Fn acl_delete_fd_np ,
.Fn acl_delete_file_np ,
and
-.Fn acl_delete_fd_np
+.Fn acl_delete_link_np
each allow the deletion of an ACL from a file.
.Fn acl_delete_def_file
is a POSIX.1e call that deletes the default ACL from a file (normally a
-directory) by name; the other two calls are non-portable extensions that
-allow deleting of arbitrary ACL types from a file/directory by either path
-name, or by file descriptor.
+directory) by name; the remainder of the calls are non-portable extensions
+that permit the deletion of arbitrary ACL types from a file/directory
+either by path name or file descriptor.
+The
+.Fn _file
+variations follow a symlink if it occurs in the last segment of the
+path name; the
+.Fn _linke
+variations operate on the symlink itself.
.Sh IMPLEMENTATION NOTES
.Fx Ns 's
support for POSIX.1e interfaces and features is still under
@@ -118,5 +134,3 @@
and development continues.
.Sh AUTHORS
.An Robert N M Watson
-.Sh BUGS
-These features are not yet fully implemented.
==== //depot/projects/trustedbsd/acl/lib/libc/posix1e/acl_delete.c#2 (text+ko) ====
@@ -1,7 +1,9 @@
/*-
- * Copyright (c) 1999, 2000, 2001 Robert N. M. Watson
+ * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
* All rights reserved.
*
+ * This software was developed by Robert Watson for the TrustedBSD Project.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -43,7 +45,13 @@
return (__acl_delete_file(path_p, ACL_TYPE_DEFAULT));
}
+int
+acl_delete_def_link_np(const char *path_p)
+{
+ return (__acl_delete_link(path_p, ACL_TYPE_DEFAULT));
+}
+
int
acl_delete_file_np(const char *path_p, acl_type_t type)
{
@@ -51,6 +59,13 @@
return (__acl_delete_file(path_p, type));
}
+int
+acl_delete_link_np(const char *path_p, acl_type_t type)
+{
+
+ return (__acl_delete_link(path_p, type));
+}
+
int
acl_delete_fd_np(int filedes, acl_type_t type)
==== //depot/projects/trustedbsd/acl/lib/libc/posix1e/acl_get.3#2 (text+ko) ====
@@ -1,7 +1,9 @@
.\"-
-.\" Copyright (c) 2000 Robert N. M. Watson
+.\" Copyright (c) 2000, 2002 Robert N. M. Watson
.\" All rights reserved.
.\"
+.\" This software was developed by Robert Watson for the TrustedBSD Project.
+.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
@@ -31,7 +33,8 @@
.Sh NAME
.Nm acl_get_fd ,
.Nm acl_get_fd_np ,
-.Nm acl_get_file
+.Nm acl_get_file ,
+.Nm acl_get_link_np
.Nd get an ACL for a file
.Sh LIBRARY
.Lb libc
@@ -39,21 +42,20 @@
.In sys/types.h
.In sys/acl.h
.Ft acl_t
-.Fn acl_get_file "const char *path_p" "acl_type_t type"
-.Ft acl_t
.Fn acl_get_fd "int fd"
.Ft acl_t
.Fn acl_get_fd_np "int fd" "acl_type_t type"
+.Ft acl_t
+.Fn acl_get_file "const char *path_p" "acl_type_t type"
+.Ft acl_t
+.Fn acl_get_link_np "const char *path_p" "acl_type_t type"
.Sh DESCRIPTION
The
+.Fn acl_get_fd ,
.Fn acl_get_file ,
-.Fn acl_get_fd ,
-and
+.Fn acl_get_link_np ,
.Fn acl_get_fd_np
each allow the retrieval of an ACL from a file.
-.Fn acl_get_file
-is a POSIX.1e call that allows the retrieval of a
-specified type of ACL from a file by name;
.Fn acl_get_fd
is a POSIX.1e call that allows the retrieval of an ACL of type
ACL_TYPE_ACCESS
@@ -62,8 +64,16 @@
is a non-portable form of
.Fn acl_get_fd
that allows the retrieval of any type of ACL from a file descriptor.
+.Fn acl_get_file
+is a POSIX.1e call that allows the retrieval of a
+specified type of ACL from a file by name;
+.Fn acl_get_link_np
+is a non-portable variation on
+.Fn acl_get_file
+which does not follow a symlink if the target of the call is a
+symlink.
.Pp
-This function may cause memory to be allocated. The caller should free
+These functions may cause memory to be allocated. The caller should free
any releasable memory, when the new ACL is no longer required, by calling
.Xr acl_free 3
with the
@@ -135,5 +145,3 @@
and development continues.
.Sh AUTHORS
.An Robert N M Watson
-.Sh BUGS
-These features are not yet fully implemented.
==== //depot/projects/trustedbsd/acl/lib/libc/posix1e/acl_get.c#2 (text+ko) ====
@@ -1,7 +1,9 @@
/*-
- * Copyright (c) 1999, 2000, 2001 Robert N. M. Watson
+ * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
* All rights reserved.
*
+ * This software was developed by Robert Watson for the TrustedBSD Project.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -24,9 +26,11 @@
* SUCH DAMAGE.
*/
/*
- * acl_get_file - syscall wrapper for retrieving ACL by filename
* acl_get_fd - syscall wrapper for retrieving access ACL by fd
* acl_get_fd_np - syscall wrapper for retrieving ACL by fd (non-POSIX)
+ * acl_get_file - syscall wrapper for retrieving ACL by filename
+ * acl_get_link_np - syscall wrapper for retrieving ACL by filename (NOFOLLOW)
+ * (non-POSIX)
* acl_get_perm_np() checks if a permission is in the specified
* permset (non-POSIX)
* acl_get_permset() returns the permission set in the ACL entry
@@ -66,6 +70,25 @@
}
acl_t
+acl_get_link_np(const char *path_p, acl_type_t type)
+{
+ acl_t aclp;
+ int error;
+
+ aclp = acl_init(ACL_MAX_ENTRIES);
+ if (aclp == NULL)
+ return (NULL);
+
+ error = __acl_get_link(path_p, type, &aclp->ats_acl);
+ if (error) {
+ acl_free(aclp);
+ return (NULL);
+ }
+
+ return (aclp);
+}
+
+acl_t
acl_get_fd(int fd)
{
acl_t aclp;
==== //depot/projects/trustedbsd/acl/lib/libc/posix1e/acl_set.3#2 (text+ko) ====
@@ -1,7 +1,9 @@
.\"-
-.\" Copyright (c) 2000 Robert N. M. Watson
+.\" Copyright (c) 2000, 2002 Robert N. M. Watson
.\" All rights reserved.
.\"
+.\" This software was developed by Robert Watson for the TrustedBSD Project.
+.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
@@ -31,7 +33,8 @@
.Sh NAME
.Nm acl_set_fd ,
.Nm acl_set_fd_np ,
-.Nm acl_set_file
+.Nm acl_set_file ,
+.Nm acl_set_link_np
.Nd set an ACL for a file
.Sh LIBRARY
.Lb libc
@@ -39,29 +42,36 @@
.In sys/types.h
.In sys/acl.h
.Ft int
-.Fn acl_set_file "const char *path_p" "acl_type_t type" "acl_t acl"
-.Ft int
.Fn acl_set_fd "int fd" "acl_t acl"
.Ft int
.Fn acl_set_fd_np "int fd" "acl_t acl" "acl_type_t type"
+.Ft int
+.Fn acl_set_file "const char *path_p" "acl_type_t type" "acl_t acl"
+.Ft int
+.Fn acl_set_link_np "const char *path_p" "acl_type_t type" "acl_t acl"
.Sh DESCRIPTION
The
+.Fn acl_set_fd ,
+.Fn acl_set_fd_np ,
.Fn acl_set_file ,
-.Fn acl_set_fd ,
and
-.Fn acl_set_fd_np
+.Fn acl_set_link_np ,
each associate an ACL with an object referred to by
.Va fd
or
.Va path_p .
-All except
.Fn acl_set_fd_np
-are POSIX.1e calls--
+and
+.Fn acl_set_link_np
+are not POSIX.1e calls.
.Fn acl_set_fd
allows only the setting of ACLs of type ACL_TYPE_ACCESS
where as
.Fn acl_set_fd_np
allows the setting of ACLs of any type.
+.Fn acl_set_link_np
+acts on a symlink rather than its target, if the target of the
+path is a symlink.
.Sh IMPLEMENTATION NOTES
.Fx Ns 's
support for POSIX.1e interfaces and features is still under
@@ -125,5 +135,3 @@
and development continues.
.Sh AUTHORS
.An Robert N M Watson
-.Sh BUGS
-These features are not yet fully implemented.
==== //depot/projects/trustedbsd/acl/lib/libc/posix1e/acl_set.c#2 (text+ko) ====
@@ -1,7 +1,9 @@
/*-
- * Copyright (c) 1999, 2000, 2001 Robert N. M. Watson
+ * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
* All rights reserved.
*
+ * This software was developed by Robert Watson for the TrustedBSD Project.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -70,6 +72,28 @@
}
int
+acl_set_link_np(const char *path_p, acl_type_t type, acl_t acl)
+{
+ int error;
+
+ if (acl == NULL || path_p == NULL) {
+ errno = EINVAL;
+ return (-1);
+ }
+ if (_posix1e_acl(acl, type)) {
+ error = _posix1e_acl_sort(acl);
+ if (error) {
+ errno = error;
+ return (-1);
+ }
+ }
+
+ acl->ats_cur_entry = 0;
+
+ return (__acl_set_link(path_p, type, &acl->ats_acl));
+}
+
+int
acl_set_fd(int fd, acl_t acl)
{
int error;
==== //depot/projects/trustedbsd/acl/lib/libc/posix1e/acl_valid.3#2 (text+ko) ====
@@ -1,7 +1,9 @@
.\"-
-.\" Copyright (c) 2000 Robert N. M. Watson
+.\" Copyright (c) 2000, 2002 Robert N. M. Watson
.\" All rights reserved.
.\"
+.\" This software was developed by Robert Watson for the TrustedBSD Project.
+.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
@@ -31,7 +33,8 @@
.Sh NAME
.Nm acl_valid ,
.Nm acl_valid_fd_np ,
-.Nm acl_valid_file_np
+.Nm acl_valid_file_np ,
+.Nm acl_valid_link_np
.Nd validate an ACL
.Sh LIBRARY
.Lb libc
@@ -44,6 +47,8 @@
.Fn acl_valid_fd_np "int fd" "acl_type_t type" "acl_t acl"
.Ft int
.Fn acl_valid_file_np "const char *path_p" "acl_type_t type" "acl_t acl"
+.Ft int
+.Fn acl_valid_link_np "const char *path_p" "acl_type_t type" "acl_t acl"
.Sh DESCRIPTION
These functions check that the ACL referred to by the argument
.Va acl
@@ -51,13 +56,20 @@
.Fn acl_valid ,
checks this validity only with POSIX.1e ACL semantics, and irrespective
of the context in which the ACL is to be used. The non-portable forms,
-.Fn acl_valid_fd_np
+.Fn acl_valid_fd_np ,
+.Fn acl_valid_file_np ,
and
-.Fn acl_valid_file_np ,
+.Fn acl_valid_link_np
allow an ACL to be checked in the context of a specific acl type,
.Va type ,
-and file system object. In environments where additional ACL types are
+and file system object.
+In environments where additional ACL types are
supported than just POSIX.1e, this makes more sense.
+Whereas
+.Fn acl_valid_file_np
+will follow the symlink if the specified path is to a symlink,
+.Fn acl_valid_link_np
+will not.
.Pp
For POSIX.1e semantics, the checks include:
.Bd -literal -offset indent
@@ -140,5 +152,3 @@
and development continues.
.Sh AUTHORS
.An Robert N M Watson
-.Sh BUGS
-These features are not yet fully implemented.
==== //depot/projects/trustedbsd/acl/lib/libc/posix1e/acl_valid.c#2 (text+ko) ====
@@ -1,7 +1,9 @@
/*-
- * Copyright (c) 1999, 2000, 20001 Robert N. M. Watson
+ * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
* All rights reserved.
*
+ * This software was developed by Robert Watson for the TrustedBSD Project.
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -70,7 +72,6 @@
}
}
-
int
acl_valid_file_np(const char *pathp, acl_type_t type, acl_t acl)
{
@@ -91,6 +92,25 @@
return (__acl_aclcheck_file(pathp, type, &acl->ats_acl));
}
+int
+acl_valid_link_np(const char *pathp, acl_type_t type, acl_t acl)
+{
+ int error;
+
+ if (pathp == NULL || acl == NULL) {
+ errno = EINVAL;
+ return (-1);
+ }
+ if (_posix1e_acl(acl, type)) {
+ error = _posix1e_acl_sort(acl);
+ if (error) {
+ errno = error;
+ return (-1);
+ }
+ }
+
+ return (__acl_aclcheck_link(pathp, type, &acl->ats_acl));
+}
int
acl_valid_fd_np(int fd, acl_type_t type, acl_t acl)
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list