X-Git-Url: https://git.ucc.asn.au/?a=blobdiff_plain;f=Kernel%2Fvfs%2Facls.c;h=ab88b9857ec7f48f8e35af93f1c344046c758e11;hb=7177e27ebe90ae180a0c645f319f39c89f07373b;hp=c0225caaacbb3360d2cbd00b01be3bb702d6b5f1;hpb=df7ea67ff0aa02ec50cee1f9635f989bad1bf90d;p=tpg%2Facess2.git diff --git a/Kernel/vfs/acls.c b/Kernel/vfs/acls.c index c0225caa..ab88b985 100644 --- a/Kernel/vfs/acls.c +++ b/Kernel/vfs/acls.c @@ -1,7 +1,7 @@ /* * Acess Micro VFS */ -#include +#include #include "vfs.h" #include "vfs_int.h" @@ -26,34 +26,46 @@ int VFS_CheckACL(tVFS_Node *Node, Uint Permissions) if(uid == 0) return 1; // Root only file?, fast return - if( Node->NumACLs == 0 ) return 0; + if( Node->NumACLs == 0 ) { + Log("VFS_CheckACL - %p inaccesable, NumACLs = 0, uid=%i", Node, uid); + return 0; + } // Check Deny Permissions for(i=0;iNumACLs;i++) { if(!Node->ACLs[i].Inv) continue; // Ignore ALLOWs - if(Node->ACLs[i].ID != -1) + if(Node->ACLs[i].ID != 0x7FFFFFFF) { if(!Node->ACLs[i].Group && Node->ACLs[i].ID != uid) continue; if(Node->ACLs[i].Group && Node->ACLs[i].ID != gid) continue; } - if(Node->ACLs[i].Perms & Permissions) return 0; + //Log("Deny %x", Node->ACLs[i].Perms); + + if(Node->ACLs[i].Perms & Permissions) { + Log("VFS_CheckACL - %p inaccesable, %x denied", + Node, Node->ACLs[i].Perms & Permissions); + return 0; + } } // Check for allow permissions for(i=0;iNumACLs;i++) { if(Node->ACLs[i].Inv) continue; // Ignore DENYs - if(Node->ACLs[i].ID != -1) + if(Node->ACLs[i].ID != 0x7FFFFFFF) { if(!Node->ACLs[i].Group && Node->ACLs[i].ID != uid) continue; if(Node->ACLs[i].Group && Node->ACLs[i].ID != gid) continue; } + //Log("Allow %x", Node->ACLs[i].Perms); + if((Node->ACLs[i].Perms & Permissions) == Permissions) return 1; } + Log("VFS_CheckACL - %p inaccesable, %x not allowed", Node, Permissions); return 0; } /** @@ -64,21 +76,15 @@ int VFS_GetACL(int FD, tVFS_ACL *Dest) int i; tVFS_Handle *h = VFS_GetHandle(FD); - ENTER("ph pDest", h, Dest); - // Error check if(!h) { - LEAVE('i', -1); return -1; } - LOG("h->Node = %p", h->Node); - // Root can do anything if(Dest->Group == 0 && Dest->ID == 0) { Dest->Inv = 0; Dest->Perms = -1; - LEAVE('i', 1); return 1; } @@ -86,7 +92,6 @@ int VFS_GetACL(int FD, tVFS_ACL *Dest) if( h->Node->NumACLs == 0 ) { Dest->Inv = 0; Dest->Perms = 0; - LEAVE('i', 0); return 0; } @@ -98,13 +103,55 @@ int VFS_GetACL(int FD, tVFS_ACL *Dest) Dest->Inv = h->Node->ACLs[i].Inv; Dest->Perms = h->Node->ACLs[i].Perms; - LEAVE('i', 1); return 1; } Dest->Inv = 0; Dest->Perms = 0; - LEAVE('i', 0); return 0; } + +/** + * \fn tVFS_ACL *VFS_UnixToAcessACL(Uint Mode, Uint Owner, Uint Group) + * \brief Converts UNIX permissions to three Acess ACL entries + */ +tVFS_ACL *VFS_UnixToAcessACL(Uint Mode, Uint Owner, Uint Group) +{ + tVFS_ACL *ret = malloc(sizeof(tVFS_ACL)*3); + + // Error Check + if(!ret) return NULL; + + // Owner + ret[0].Group = 0; ret[0].ID = Owner; + ret[0].Inv = 0; ret[0].Perms = 0; + if(Mode & 0400) ret[0].Perms |= VFS_PERM_READ; + if(Mode & 0200) ret[0].Perms |= VFS_PERM_WRITE; + if(Mode & 0100) ret[0].Perms |= VFS_PERM_EXECUTE; + + // Group + ret[1].Group = 1; ret[1].ID = Group; + ret[1].Inv = 0; ret[1].Perms = 0; + if(Mode & 0040) ret[1].Perms |= VFS_PERM_READ; + if(Mode & 0020) ret[1].Perms |= VFS_PERM_WRITE; + if(Mode & 0010) ret[1].Perms |= VFS_PERM_EXECUTE; + + // Global + ret[2].Group = 1; ret[2].ID = -1; + ret[2].Inv = 0; ret[2].Perms = 0; + if(Mode & 0004) ret[2].Perms |= VFS_PERM_READ; + if(Mode & 0002) ret[2].Perms |= VFS_PERM_WRITE; + if(Mode & 0001) ret[2].Perms |= VFS_PERM_EXECUTE; + + // Return buffer + return ret; +} + +// === EXPORTS === +// --- Variables --- +EXPORTV(gVFS_ACL_EveryoneRWX); +EXPORTV(gVFS_ACL_EveryoneRW); +EXPORTV(gVFS_ACL_EveryoneRX); +// --- Functions --- +EXPORT(VFS_UnixToAcessACL);