9 Uint VFS_int_CheckACLs(tVFS_ACL *ACLs, int Num, int bDeny, Uint Perms, tUID UID, tGID GID);
12 tVFS_ACL gVFS_ACL_EveryoneRWX = { VFS_GROUP_ANY, {0,VFS_PERM_ALL} };
13 tVFS_ACL gVFS_ACL_EveryoneRW = { VFS_GROUP_ANY, {0,VFS_PERM_ALL^VFS_PERM_EXEC} };
14 tVFS_ACL gVFS_ACL_EveryoneRX = { VFS_GROUP_ANY, {0,VFS_PERM_READ|VFS_PERM_EXEC} };
15 tVFS_ACL gVFS_ACL_EveryoneRO = { VFS_GROUP_ANY, {0,VFS_PERM_READ} };
18 Uint VFS_int_CheckACLs(tVFS_ACL *ACLs, int Num, int bDeny, Uint Perms, tUID UID, tGID GID)
20 for(int i = 0; i < Num; i ++ )
23 continue; // Ignore ALLOWs
24 // Check if the entry applies to this case
25 if(ACLs[i].Ent.ID != VFS_ACLENT_ALL)
27 if(!ACLs[i].Ent.Group) {
28 if(ACLs[i].Ent.ID != UID) continue;
31 if(ACLs[i].Ent.ID != GID) continue;
35 //Log("Deny %x", Node->ACLs[i].Perms);
37 if(bDeny && (ACLs[i].Perm.Perms & Perms) != 0 )
39 return ACLs[i].Perm.Perms & Perms;
41 if(!bDeny && (ACLs[i].Perm.Perms & Perms) == Perms)
43 return 0; //(~ACLs[i].Perm.Perms) & Perms;
46 return bDeny ? 0 : Perms;
50 * \fn int VFS_CheckACL(tVFS_Node *Node, Uint Permissions)
51 * \brief Checks the permissions on a file
53 int VFS_CheckACL(tVFS_Node *Node, Uint Permissions)
56 int uid = Threads_GetUID();
57 int gid = Threads_GetGID();
59 // Root can do anything
60 if(uid == 0) return 1;
62 // Root only file?, fast return
63 if( Node->NumACLs == 0 ) {
64 Log("VFS_CheckACL - %p inaccesable, NumACLs = 0, uid=%i", Node, uid);
68 // Check Deny Permissions
69 rv = VFS_int_CheckACLs(Node->ACLs, Node->NumACLs, 1, Permissions, uid, gid);
71 Log("VFS_CheckACL - %p inaccesable, %x denied", Node, rv);
73 rv = VFS_int_CheckACLs(Node->ACLs, Node->NumACLs, 0, Permissions, uid, gid);
75 Log("VFS_CheckACL - %p inaccesable, %x not allowed", Node, rv);
82 * \fn int VFS_GetACL(int FD, tVFS_ACL *Dest)
84 int VFS_GetACL(int FD, tVFS_ACL *Dest)
87 tVFS_Handle *h = VFS_GetHandle(FD);
94 // Root can do anything
95 if(Dest->Ent.Group == 0 && Dest->Ent.ID == 0) {
97 Dest->Perm.Perms = VFS_PERM_ALL;
101 // Root only file?, fast return
102 if( h->Node->NumACLs == 0 ) {
104 Dest->Perm.Perms = 0;
108 // Check Deny Permissions
109 for(i=0;i<h->Node->NumACLs;i++)
111 if(h->Node->ACLs[i].Ent.Group != Dest->Ent.Group) continue;
112 if(h->Node->ACLs[i].Ent.ID != Dest->Ent.ID) continue;
114 Dest->Perm.Inv = h->Node->ACLs[i].Perm.Inv;
115 Dest->Perm.Perms = h->Node->ACLs[i].Perm.Perms;
121 Dest->Perm.Perms = 0;
126 * \fn tVFS_ACL *VFS_UnixToAcessACL(Uint Mode, Uint Owner, Uint Group)
127 * \brief Converts UNIX permissions to three Acess ACL entries
129 tVFS_ACL *VFS_UnixToAcessACL(Uint Mode, Uint Owner, Uint Group)
131 tVFS_ACL *ret = malloc(sizeof(tVFS_ACL)*3);
134 if(!ret) return NULL;
137 ret[0].Ent.Group = 0; ret[0].Ent.ID = Owner;
138 ret[0].Perm.Inv = 0; ret[0].Perm.Perms = 0;
139 if(Mode & 0400) ret[0].Perm.Perms |= VFS_PERM_READ;
140 if(Mode & 0200) ret[0].Perm.Perms |= VFS_PERM_WRITE;
141 if(Mode & 0100) ret[0].Perm.Perms |= VFS_PERM_EXEC;
144 ret[1].Ent.Group = 1; ret[1].Ent.ID = Group;
145 ret[1].Perm.Inv = 0; ret[1].Perm.Perms = 0;
146 if(Mode & 0040) ret[1].Perm.Perms |= VFS_PERM_READ;
147 if(Mode & 0020) ret[1].Perm.Perms |= VFS_PERM_WRITE;
148 if(Mode & 0010) ret[1].Perm.Perms |= VFS_PERM_EXEC;
151 ret[2].Ent.Group = 1; ret[2].Ent.ID = VFS_ACLENT_ALL;
152 ret[2].Perm.Inv = 0; ret[2].Perm.Perms = 0;
153 if(Mode & 0004) ret[2].Perm.Perms |= VFS_PERM_READ;
154 if(Mode & 0002) ret[2].Perm.Perms |= VFS_PERM_WRITE;
155 if(Mode & 0001) ret[2].Perm.Perms |= VFS_PERM_EXEC;
163 EXPORTV(gVFS_ACL_EveryoneRWX);
164 EXPORTV(gVFS_ACL_EveryoneRW);
165 EXPORTV(gVFS_ACL_EveryoneRX);
167 EXPORT(VFS_UnixToAcessACL);