9 Uint VFS_int_CheckACLs(tVFS_ACL *ACLs, int Num, int bDeny, Uint Perms, tUID UID, tGID GID);
12 tVFS_ACL gVFS_ACL_EveryoneRWX = { {1,-1}, {0,VFS_PERM_ALL} };
13 tVFS_ACL gVFS_ACL_EveryoneRW = { {1,-1}, {0,VFS_PERM_ALL^VFS_PERM_EXECUTE} };
14 tVFS_ACL gVFS_ACL_EveryoneRX = { {1,-1}, {0,VFS_PERM_READ|VFS_PERM_EXECUTE} };
15 tVFS_ACL gVFS_ACL_EveryoneRO = { {1,-1}, {0,VFS_PERM_READ} };
18 Uint VFS_int_CheckACLs(tVFS_ACL *ACLs, int Num, int bDeny, Uint Perms, tUID UID, tGID GID)
21 for(i = 0; i < Num; i ++ )
24 continue; // Ignore ALLOWs
25 // Check if the entry applies to this case
26 if(ACLs[i].Ent.ID != 0x7FFFFFFF)
28 if(!ACLs[i].Ent.Group) {
29 if(ACLs[i].Ent.ID != UID) continue;
32 if(ACLs[i].Ent.ID != GID) continue;
36 //Log("Deny %x", Node->ACLs[i].Perms);
38 if(bDeny && (ACLs[i].Perm.Perms & Perms) != 0 )
40 return ACLs[i].Perm.Perms & Perms;
42 if(!bDeny && (ACLs[i].Perm.Perms & Perms) == Perms)
44 return 0; //(~ACLs[i].Perm.Perms) & Perms;
47 return bDeny ? 0 : Perms;
51 * \fn int VFS_CheckACL(tVFS_Node *Node, Uint Permissions)
52 * \brief Checks the permissions on a file
54 int VFS_CheckACL(tVFS_Node *Node, Uint Permissions)
57 int uid = Threads_GetUID();
58 int gid = Threads_GetGID();
60 // Root can do anything
61 if(uid == 0) return 1;
63 // Root only file?, fast return
64 if( Node->NumACLs == 0 ) {
65 Log("VFS_CheckACL - %p inaccesable, NumACLs = 0, uid=%i", Node, uid);
69 // Check Deny Permissions
70 rv = VFS_int_CheckACLs(Node->ACLs, Node->NumACLs, 1, Permissions, uid, gid);
72 Log("VFS_CheckACL - %p inaccesable, %x denied", Node, rv);
74 rv = VFS_int_CheckACLs(Node->ACLs, Node->NumACLs, 0, Permissions, uid, gid);
76 Log("VFS_CheckACL - %p inaccesable, %x not allowed", Node, rv);
83 * \fn int VFS_GetACL(int FD, tVFS_ACL *Dest)
85 int VFS_GetACL(int FD, tVFS_ACL *Dest)
88 tVFS_Handle *h = VFS_GetHandle(FD);
95 // Root can do anything
96 if(Dest->Ent.Group == 0 && Dest->Ent.ID == 0) {
98 Dest->Perm.Perms = -1;
102 // Root only file?, fast return
103 if( h->Node->NumACLs == 0 ) {
105 Dest->Perm.Perms = 0;
109 // Check Deny Permissions
110 for(i=0;i<h->Node->NumACLs;i++)
112 if(h->Node->ACLs[i].Ent.Group != Dest->Ent.Group) continue;
113 if(h->Node->ACLs[i].Ent.ID != Dest->Ent.ID) continue;
115 Dest->Perm.Inv = h->Node->ACLs[i].Perm.Inv;
116 Dest->Perm.Perms = h->Node->ACLs[i].Perm.Perms;
122 Dest->Perm.Perms = 0;
127 * \fn tVFS_ACL *VFS_UnixToAcessACL(Uint Mode, Uint Owner, Uint Group)
128 * \brief Converts UNIX permissions to three Acess ACL entries
130 tVFS_ACL *VFS_UnixToAcessACL(Uint Mode, Uint Owner, Uint Group)
132 tVFS_ACL *ret = malloc(sizeof(tVFS_ACL)*3);
135 if(!ret) return NULL;
138 ret[0].Ent.Group = 0; ret[0].Ent.ID = Owner;
139 ret[0].Perm.Inv = 0; ret[0].Perm.Perms = 0;
140 if(Mode & 0400) ret[0].Perm.Perms |= VFS_PERM_READ;
141 if(Mode & 0200) ret[0].Perm.Perms |= VFS_PERM_WRITE;
142 if(Mode & 0100) ret[0].Perm.Perms |= VFS_PERM_EXECUTE;
145 ret[1].Ent.Group = 1; ret[1].Ent.ID = Group;
146 ret[1].Perm.Inv = 0; ret[1].Perm.Perms = 0;
147 if(Mode & 0040) ret[1].Perm.Perms |= VFS_PERM_READ;
148 if(Mode & 0020) ret[1].Perm.Perms |= VFS_PERM_WRITE;
149 if(Mode & 0010) ret[1].Perm.Perms |= VFS_PERM_EXECUTE;
152 ret[2].Ent.Group = 1; ret[2].Ent.ID = -1;
153 ret[2].Perm.Inv = 0; ret[2].Perm.Perms = 0;
154 if(Mode & 0004) ret[2].Perm.Perms |= VFS_PERM_READ;
155 if(Mode & 0002) ret[2].Perm.Perms |= VFS_PERM_WRITE;
156 if(Mode & 0001) ret[2].Perm.Perms |= VFS_PERM_EXECUTE;
164 EXPORTV(gVFS_ACL_EveryoneRWX);
165 EXPORTV(gVFS_ACL_EveryoneRW);
166 EXPORTV(gVFS_ACL_EveryoneRX);
168 EXPORT(VFS_UnixToAcessACL);