9 tVFS_ACL gVFS_ACL_EveryoneRWX = { {1,-1}, {0,VFS_PERM_ALL} };
10 tVFS_ACL gVFS_ACL_EveryoneRW = { {1,-1}, {0,VFS_PERM_ALL^VFS_PERM_EXECUTE} };
11 tVFS_ACL gVFS_ACL_EveryoneRX = { {1,-1}, {0,VFS_PERM_READ|VFS_PERM_EXECUTE} };
12 tVFS_ACL gVFS_ACL_EveryoneRO = { {1,-1}, {0,VFS_PERM_READ} };
15 Uint VFS_int_CheckACLs(tVFS_ACL *ACLs, int Num, int bDeny, Uint Perms, tUID UID, tGID GID)
18 for(i = 0; i < Num; i ++ )
21 continue; // Ignore ALLOWs
22 // Check if the entry applies to this case
23 if(ACLs[i].Ent.ID != 0x7FFFFFFF)
25 if(!ACLs[i].Ent.Group) {
26 if(ACLs[i].Ent.ID != UID) continue;
29 if(ACLs[i].Ent.ID != GID) continue;
33 //Log("Deny %x", Node->ACLs[i].Perms);
35 if(bDeny && (ACLs[i].Perm.Perms & Perms) != 0 )
37 return ACLs[i].Perm.Perms & Perms;
39 if(!bDeny && (ACLs[i].Perm.Perms & Perms) == Perms)
41 return 0; //(~ACLs[i].Perm.Perms) & Perms;
44 return bDeny ? 0 : Perms;
48 * \fn int VFS_CheckACL(tVFS_Node *Node, Uint Permissions)
49 * \brief Checks the permissions on a file
51 int VFS_CheckACL(tVFS_Node *Node, Uint Permissions)
54 int uid = Threads_GetUID();
55 int gid = Threads_GetGID();
57 // Root can do anything
58 if(uid == 0) return 1;
60 // Root only file?, fast return
61 if( Node->NumACLs == 0 ) {
62 Log("VFS_CheckACL - %p inaccesable, NumACLs = 0, uid=%i", Node, uid);
66 // Check Deny Permissions
67 rv = VFS_int_CheckACLs(Node->ACLs, Node->NumACLs, 1, Permissions, uid, gid);
69 Log("VFS_CheckACL - %p inaccesable, %x denied", Node, rv);
71 rv = VFS_int_CheckACLs(Node->ACLs, Node->NumACLs, 0, Permissions, uid, gid);
73 Log("VFS_CheckACL - %p inaccesable, %x not allowed", Node, rv);
80 * \fn int VFS_GetACL(int FD, tVFS_ACL *Dest)
82 int VFS_GetACL(int FD, tVFS_ACL *Dest)
85 tVFS_Handle *h = VFS_GetHandle(FD);
92 // Root can do anything
93 if(Dest->Ent.Group == 0 && Dest->Ent.ID == 0) {
95 Dest->Perm.Perms = -1;
99 // Root only file?, fast return
100 if( h->Node->NumACLs == 0 ) {
102 Dest->Perm.Perms = 0;
106 // Check Deny Permissions
107 for(i=0;i<h->Node->NumACLs;i++)
109 if(h->Node->ACLs[i].Ent.Group != Dest->Ent.Group) continue;
110 if(h->Node->ACLs[i].Ent.ID != Dest->Ent.ID) continue;
112 Dest->Perm.Inv = h->Node->ACLs[i].Perm.Inv;
113 Dest->Perm.Perms = h->Node->ACLs[i].Perm.Perms;
119 Dest->Perm.Perms = 0;
124 * \fn tVFS_ACL *VFS_UnixToAcessACL(Uint Mode, Uint Owner, Uint Group)
125 * \brief Converts UNIX permissions to three Acess ACL entries
127 tVFS_ACL *VFS_UnixToAcessACL(Uint Mode, Uint Owner, Uint Group)
129 tVFS_ACL *ret = malloc(sizeof(tVFS_ACL)*3);
132 if(!ret) return NULL;
135 ret[0].Ent.Group = 0; ret[0].Ent.ID = Owner;
136 ret[0].Perm.Inv = 0; ret[0].Perm.Perms = 0;
137 if(Mode & 0400) ret[0].Perm.Perms |= VFS_PERM_READ;
138 if(Mode & 0200) ret[0].Perm.Perms |= VFS_PERM_WRITE;
139 if(Mode & 0100) ret[0].Perm.Perms |= VFS_PERM_EXECUTE;
142 ret[1].Ent.Group = 1; ret[1].Ent.ID = Group;
143 ret[1].Perm.Inv = 0; ret[1].Perm.Perms = 0;
144 if(Mode & 0040) ret[1].Perm.Perms |= VFS_PERM_READ;
145 if(Mode & 0020) ret[1].Perm.Perms |= VFS_PERM_WRITE;
146 if(Mode & 0010) ret[1].Perm.Perms |= VFS_PERM_EXECUTE;
149 ret[2].Ent.Group = 1; ret[2].Ent.ID = -1;
150 ret[2].Perm.Inv = 0; ret[2].Perm.Perms = 0;
151 if(Mode & 0004) ret[2].Perm.Perms |= VFS_PERM_READ;
152 if(Mode & 0002) ret[2].Perm.Perms |= VFS_PERM_WRITE;
153 if(Mode & 0001) ret[2].Perm.Perms |= VFS_PERM_EXECUTE;
161 EXPORTV(gVFS_ACL_EveryoneRWX);
162 EXPORTV(gVFS_ACL_EveryoneRW);
163 EXPORTV(gVFS_ACL_EveryoneRX);
165 EXPORT(VFS_UnixToAcessACL);