X-Git-Url: https://git.ucc.asn.au/?a=blobdiff_plain;f=Kernel%2Fvfs%2Facls.c;h=4a65be690440cad615a1b1c05c47acc494911a5b;hb=156885e938b60fee9d061d989ae7711c9aeea493;hp=9c81c387da96054a6ae8794f256cc1252d6212fd;hpb=6098f7e3a0a3247c9517f9b04be814d16a98a564;p=tpg%2Facess2.git

diff --git a/Kernel/vfs/acls.c b/Kernel/vfs/acls.c
index 9c81c387..4a65be69 100644
--- a/Kernel/vfs/acls.c
+++ b/Kernel/vfs/acls.c
@@ -1,7 +1,7 @@
 /* 
  * Acess Micro VFS
  */
-#include <common.h>
+#include <acess.h>
 #include "vfs.h"
 #include "vfs_int.h"
 
@@ -26,34 +26,46 @@ int VFS_CheckACL(tVFS_Node *Node, Uint Permissions)
 	if(uid == 0)	return 1;
 	
 	// Root only file?, fast return
-	if( Node->NumACLs == 0 )	return 0;
+	if( Node->NumACLs == 0 ) {
+		Log("VFS_CheckACL - %p inaccesable, NumACLs = 0", Node);
+		return 0;
+	}
 	
 	// Check Deny Permissions
 	for(i=0;i<Node->NumACLs;i++)
 	{
 		if(!Node->ACLs[i].Inv)	continue;	// Ignore ALLOWs
-		if(Node->ACLs[i].ID != -1)
+		if(Node->ACLs[i].ID != 0x7FFFFFFF)
 		{
 			if(!Node->ACLs[i].Group && Node->ACLs[i].ID != uid)	continue;
 			if(Node->ACLs[i].Group && Node->ACLs[i].ID != gid)	continue;
 		}
 		
-		if(Node->ACLs[i].Perms & Permissions)	return 0;
+		//Log("Deny %x", Node->ACLs[i].Perms);
+		
+		if(Node->ACLs[i].Perms & Permissions) {
+			Log("VFS_CheckACL - %p inaccesable, %x denied",
+				Node, Node->ACLs[i].Perms & Permissions);
+			return 0;
+		}
 	}
 	
 	// Check for allow permissions
 	for(i=0;i<Node->NumACLs;i++)
 	{
 		if(Node->ACLs[i].Inv)	continue;	// Ignore DENYs
-		if(Node->ACLs[i].ID != -1)
+		if(Node->ACLs[i].ID != 0x7FFFFFFF)
 		{
 			if(!Node->ACLs[i].Group && Node->ACLs[i].ID != uid)	continue;
 			if(Node->ACLs[i].Group && Node->ACLs[i].ID != gid)	continue;
 		}
 		
+		//Log("Allow %x", Node->ACLs[i].Perms);
+		
 		if((Node->ACLs[i].Perms & Permissions) == Permissions)	return 1;
 	}
 	
+	Log("VFS_CheckACL - %p inaccesable, %x not allowed", Node, Permissions);
 	return 0;
 }
 /**
@@ -99,3 +111,47 @@ int VFS_GetACL(int FD, tVFS_ACL *Dest)
 	Dest->Perms = 0;
 	return 0;
 }
+
+/**
+ * \fn tVFS_ACL *VFS_UnixToAcessACL(Uint Mode, Uint Owner, Uint Group)
+ * \brief Converts UNIX permissions to three Acess ACL entries
+ */
+tVFS_ACL *VFS_UnixToAcessACL(Uint Mode, Uint Owner, Uint Group)
+{
+	tVFS_ACL	*ret = malloc(sizeof(tVFS_ACL)*3);
+	
+	// Error Check
+	if(!ret)	return NULL;
+	
+	// Owner
+	ret[0].Group = 0;	ret[0].ID = Owner;
+	ret[0].Inv = 0;		ret[0].Perms = 0;
+	if(Mode & 0400)	ret[0].Perms |= VFS_PERM_READ;
+	if(Mode & 0200)	ret[0].Perms |= VFS_PERM_WRITE;
+	if(Mode & 0100)	ret[0].Perms |= VFS_PERM_EXECUTE;
+	
+	// Group
+	ret[1].Group = 1;	ret[1].ID = Group;
+	ret[1].Inv = 0;		ret[1].Perms = 0;
+	if(Mode & 0040)	ret[1].Perms |= VFS_PERM_READ;
+	if(Mode & 0020)	ret[1].Perms |= VFS_PERM_WRITE;
+	if(Mode & 0010)	ret[1].Perms |= VFS_PERM_EXECUTE;
+	
+	// Global
+	ret[2].Group = 1;	ret[2].ID = Group;
+	ret[2].Inv = 0;		ret[2].Perms = 0;
+	if(Mode & 0004)	ret[2].Perms |= VFS_PERM_READ;
+	if(Mode & 0002)	ret[2].Perms |= VFS_PERM_WRITE;
+	if(Mode & 0001)	ret[2].Perms |= VFS_PERM_EXECUTE;
+	
+	// Return buffer
+	return ret;
+}
+
+// === EXPORTS ===
+// --- Variables ---
+EXPORTV(gVFS_ACL_EveryoneRWX);
+EXPORTV(gVFS_ACL_EveryoneRW);
+EXPORTV(gVFS_ACL_EveryoneRX);
+// --- Functions ---
+EXPORT(VFS_UnixToAcessACL);