X-Git-Url: https://git.ucc.asn.au/?a=blobdiff_plain;f=Kernel%2Fvfs%2Facls.c;h=ab88b9857ec7f48f8e35af93f1c344046c758e11;hb=6e1cf1d50bca85f01b5f802b1a76f090e362bf05;hp=52c802c64c17e028c3cdf12b0ca9937958060b8a;hpb=8bc40333b1401d7616b225945fee53d972c2f418;p=tpg%2Facess2.git diff --git a/Kernel/vfs/acls.c b/Kernel/vfs/acls.c index 52c802c6..ab88b985 100644 --- a/Kernel/vfs/acls.c +++ b/Kernel/vfs/acls.c @@ -1,15 +1,15 @@ /* * Acess Micro VFS */ -#include +#include #include "vfs.h" #include "vfs_int.h" // === GLOBALS === -tVFS_ACL gVFS_ACL_EveryoneRWX = { {0,-1}, {0,VFS_PERM_ALL} }; -tVFS_ACL gVFS_ACL_EveryoneRW = { {0,-1}, {0,VFS_PERM_ALL^VFS_PERM_EXECUTE} }; -tVFS_ACL gVFS_ACL_EveryoneRX = { {0,-1}, {0,VFS_PERM_READ|VFS_PERM_EXECUTE} }; -tVFS_ACL gVFS_ACL_EveryoneRO = { {0,-1}, {0,VFS_PERM_READ} }; +tVFS_ACL gVFS_ACL_EveryoneRWX = { {1,-1}, {0,VFS_PERM_ALL} }; +tVFS_ACL gVFS_ACL_EveryoneRW = { {1,-1}, {0,VFS_PERM_ALL^VFS_PERM_EXECUTE} }; +tVFS_ACL gVFS_ACL_EveryoneRX = { {1,-1}, {0,VFS_PERM_READ|VFS_PERM_EXECUTE} }; +tVFS_ACL gVFS_ACL_EveryoneRO = { {1,-1}, {0,VFS_PERM_READ} }; // === CODE === /** @@ -19,40 +19,139 @@ tVFS_ACL gVFS_ACL_EveryoneRO = { {0,-1}, {0,VFS_PERM_READ} }; int VFS_CheckACL(tVFS_Node *Node, Uint Permissions) { int i; - int uid = Proc_GetUID(); - int gid = Proc_GetGID(); + int uid = Threads_GetUID(); + int gid = Threads_GetGID(); // Root can do anything if(uid == 0) return 1; // Root only file?, fast return - if( Node->NumACLs == 0 ) return 0; + if( Node->NumACLs == 0 ) { + Log("VFS_CheckACL - %p inaccesable, NumACLs = 0, uid=%i", Node, uid); + return 0; + } // Check Deny Permissions for(i=0;iNumACLs;i++) { if(!Node->ACLs[i].Inv) continue; // Ignore ALLOWs - if(Node->ACLs[i].ID != -1) + if(Node->ACLs[i].ID != 0x7FFFFFFF) { if(!Node->ACLs[i].Group && Node->ACLs[i].ID != uid) continue; if(Node->ACLs[i].Group && Node->ACLs[i].ID != gid) continue; } - if(Node->ACLs[i].Perms & Permissions) return 0; + //Log("Deny %x", Node->ACLs[i].Perms); + + if(Node->ACLs[i].Perms & Permissions) { + Log("VFS_CheckACL - %p inaccesable, %x denied", + Node, Node->ACLs[i].Perms & Permissions); + return 0; + } } // Check for allow permissions for(i=0;iNumACLs;i++) { if(Node->ACLs[i].Inv) continue; // Ignore DENYs - if(Node->ACLs[i].ID != -1) + if(Node->ACLs[i].ID != 0x7FFFFFFF) { if(!Node->ACLs[i].Group && Node->ACLs[i].ID != uid) continue; if(Node->ACLs[i].Group && Node->ACLs[i].ID != gid) continue; } + //Log("Allow %x", Node->ACLs[i].Perms); + if((Node->ACLs[i].Perms & Permissions) == Permissions) return 1; } + Log("VFS_CheckACL - %p inaccesable, %x not allowed", Node, Permissions); + return 0; +} +/** + * \fn int VFS_GetACL(int FD, tVFS_ACL *Dest) + */ +int VFS_GetACL(int FD, tVFS_ACL *Dest) +{ + int i; + tVFS_Handle *h = VFS_GetHandle(FD); + + // Error check + if(!h) { + return -1; + } + + // Root can do anything + if(Dest->Group == 0 && Dest->ID == 0) { + Dest->Inv = 0; + Dest->Perms = -1; + return 1; + } + + // Root only file?, fast return + if( h->Node->NumACLs == 0 ) { + Dest->Inv = 0; + Dest->Perms = 0; + return 0; + } + + // Check Deny Permissions + for(i=0;iNode->NumACLs;i++) + { + if(h->Node->ACLs[i].Group != Dest->Group) continue; + if(h->Node->ACLs[i].ID != Dest->ID) continue; + + Dest->Inv = h->Node->ACLs[i].Inv; + Dest->Perms = h->Node->ACLs[i].Perms; + return 1; + } + + + Dest->Inv = 0; + Dest->Perms = 0; return 0; } + +/** + * \fn tVFS_ACL *VFS_UnixToAcessACL(Uint Mode, Uint Owner, Uint Group) + * \brief Converts UNIX permissions to three Acess ACL entries + */ +tVFS_ACL *VFS_UnixToAcessACL(Uint Mode, Uint Owner, Uint Group) +{ + tVFS_ACL *ret = malloc(sizeof(tVFS_ACL)*3); + + // Error Check + if(!ret) return NULL; + + // Owner + ret[0].Group = 0; ret[0].ID = Owner; + ret[0].Inv = 0; ret[0].Perms = 0; + if(Mode & 0400) ret[0].Perms |= VFS_PERM_READ; + if(Mode & 0200) ret[0].Perms |= VFS_PERM_WRITE; + if(Mode & 0100) ret[0].Perms |= VFS_PERM_EXECUTE; + + // Group + ret[1].Group = 1; ret[1].ID = Group; + ret[1].Inv = 0; ret[1].Perms = 0; + if(Mode & 0040) ret[1].Perms |= VFS_PERM_READ; + if(Mode & 0020) ret[1].Perms |= VFS_PERM_WRITE; + if(Mode & 0010) ret[1].Perms |= VFS_PERM_EXECUTE; + + // Global + ret[2].Group = 1; ret[2].ID = -1; + ret[2].Inv = 0; ret[2].Perms = 0; + if(Mode & 0004) ret[2].Perms |= VFS_PERM_READ; + if(Mode & 0002) ret[2].Perms |= VFS_PERM_WRITE; + if(Mode & 0001) ret[2].Perms |= VFS_PERM_EXECUTE; + + // Return buffer + return ret; +} + +// === EXPORTS === +// --- Variables --- +EXPORTV(gVFS_ACL_EveryoneRWX); +EXPORTV(gVFS_ACL_EveryoneRW); +EXPORTV(gVFS_ACL_EveryoneRX); +// --- Functions --- +EXPORT(VFS_UnixToAcessACL);