9ddf063921
* Makefile.in (DLL_OFILES): Add sec_posixacl.o. (SUBLIBS): Add libacl.a (libacl.a): New rule to create libacl.a. * common.din: Export POSIX ACL functions as well as most libacl.a extensions. * fhandler.h (fhander_base::acl_get): New prototype. (fhander_base::acl_set): Ditto. (fhandler_disk_file::acl_get): Ditto. (fhandler_disk_file::acl_set): Ditto. * include/acl/libacl.h: New file. * include/cygwin/version.h: Bump API minor version. * include/sys/acl.h: Drop including cygwin/acl.h. Accommodate throughout Cygwin. Add POSIX ACL definitions. * sec_acl.cc: Include sec_posixacl.h. Replace ILLEGAL_UID and ILLEGAL_GID with ACL_UNDEFINED_ID where sensible. (__aclcheck): New internal acl check function to be used for Solaris and POSIX ACLs. (aclcheck32): Call __aclcheck. (__aclcalcmask): New function to compute ACL_MASK value. (__aclsort): New internal acl sort function to be used for Solaris and POSIX ACLs. (aclsort32): Call __aclsort. (permtostr): Work directly on provided buffer. (__acltotext): New internal acltotext function to be used for Solaris and POSIX ACLs. (acltotext32): Call __acltotext. (__aclfromtext): New internal aclfromtext function to be used for Solaris and POSIX ACLs. (aclfromtext32): Call __aclfromtext. * sec_posixacl.cc: New file implemeting POSIX ACL functions. * sec_posixacl.h: New internal header. Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
328 lines
8.1 KiB
C
328 lines
8.1 KiB
C
/* getfacl.c
|
|
|
|
Copyright 2000, 2001, 2002, 2003, 2004, 2009, 2011, 2014, 2015 Red Hat Inc.
|
|
|
|
Written by Corinna Vinschen <vinschen@redhat.com>
|
|
|
|
This file is part of Cygwin.
|
|
|
|
This software is a copyrighted work licensed under the terms of the
|
|
Cygwin license. Please consult the file "CYGWIN_LICENSE" for
|
|
details. */
|
|
|
|
#include <pwd.h>
|
|
#include <grp.h>
|
|
#include <stdio.h>
|
|
#include <unistd.h>
|
|
#include <getopt.h>
|
|
#include <cygwin/acl.h>
|
|
#include <sys/stat.h>
|
|
#include <cygwin/version.h>
|
|
#include <string.h>
|
|
#include <errno.h>
|
|
|
|
static char *prog_name;
|
|
|
|
char *
|
|
permstr (mode_t perm)
|
|
{
|
|
static char pbuf[4];
|
|
|
|
pbuf[0] = (perm & S_IROTH) ? 'r' : '-';
|
|
pbuf[1] = (perm & S_IWOTH) ? 'w' : '-';
|
|
pbuf[2] = (perm & S_IXOTH) ? 'x' : '-';
|
|
pbuf[3] = '\0';
|
|
return pbuf;
|
|
}
|
|
|
|
const char *
|
|
username (uid_t uid)
|
|
{
|
|
static char ubuf[256];
|
|
struct passwd *pw;
|
|
|
|
if ((pw = getpwuid (uid)))
|
|
strcpy (ubuf, pw->pw_name);
|
|
else
|
|
sprintf (ubuf, "%lu <unknown>", (unsigned long)uid);
|
|
return ubuf;
|
|
}
|
|
|
|
const char *
|
|
groupname (gid_t gid)
|
|
{
|
|
static char gbuf[256];
|
|
struct group *gr;
|
|
|
|
if ((gr = getgrgid (gid)))
|
|
strcpy (gbuf, gr->gr_name);
|
|
else
|
|
sprintf (gbuf, "%lu <unknown>", (unsigned long)gid);
|
|
return gbuf;
|
|
}
|
|
|
|
static void
|
|
usage (FILE * stream)
|
|
{
|
|
fprintf (stream, "Usage: %s [-adn] FILE [FILE2...]\n"
|
|
"\n"
|
|
"Display file and directory access control lists (ACLs).\n"
|
|
"\n"
|
|
" -a, --access display the file access control list only\n"
|
|
" -d, --default display the default access control list only\n"
|
|
" -c, --omit-header do not display the comment header\n"
|
|
" -e, --all-effective print all effective rights\n"
|
|
" -E, --no-effective print no effective rights\n"
|
|
" -n, --numeric print numeric user/group identifiers\n"
|
|
" -V, --version print version and exit\n"
|
|
" -h, --help this help text\n"
|
|
"\n"
|
|
"When multiple files are specified on the command line, a blank\n"
|
|
"line separates the ACLs for each file.\n", prog_name);
|
|
if (stream == stdout)
|
|
{
|
|
fprintf (stream, ""
|
|
"For each argument that is a regular file, special file or\n"
|
|
"directory, getfacl displays the owner, the group, and the ACL.\n"
|
|
"For directories getfacl displays additionally the default ACL.\n"
|
|
"\n"
|
|
"With no options specified, getfacl displays the filename, the\n"
|
|
"owner, the group, the setuid (s), setgid (s), and sticky (t)\n"
|
|
"bits if available, and both the ACL and the default ACL, if it\n"
|
|
"exists.\n"
|
|
"\n"
|
|
"The format for ACL output is as follows:\n"
|
|
" # file: filename\n"
|
|
" # owner: name or uid\n"
|
|
" # group: name or uid\n"
|
|
" # flags: sst\n"
|
|
" user::perm\n"
|
|
" user:name or uid:perm\n"
|
|
" group::perm\n"
|
|
" group:name or gid:perm\n"
|
|
" mask:perm\n"
|
|
" other:perm\n"
|
|
" default:user::perm\n"
|
|
" default:user:name or uid:perm\n"
|
|
" default:group::perm\n"
|
|
" default:group:name or gid:perm\n"
|
|
" default:mask:perm\n"
|
|
" default:other:perm\n"
|
|
"\n");
|
|
}
|
|
}
|
|
|
|
struct option longopts[] = {
|
|
{"access", no_argument, NULL, 'a'},
|
|
{"all", no_argument, NULL, 'a'},
|
|
{"omit-header", no_argument, NULL, 'c'},
|
|
{"all-effective", no_argument, NULL, 'e'},
|
|
{"no-effective", no_argument, NULL, 'E'},
|
|
{"default", no_argument, NULL, 'd'},
|
|
{"dir", no_argument, NULL, 'd'},
|
|
{"help", no_argument, NULL, 'h'},
|
|
{"noname", no_argument, NULL, 'n'}, /* Backward compat */
|
|
{"numeric", no_argument, NULL, 'n'},
|
|
{"version", no_argument, NULL, 'V'},
|
|
{0, no_argument, NULL, 0}
|
|
};
|
|
const char *opts = "acdeEhnV";
|
|
|
|
static void
|
|
print_version ()
|
|
{
|
|
printf ("getfacl (cygwin) %d.%d.%d\n"
|
|
"Get POSIX ACL information\n"
|
|
"Copyright (C) 2000 - %s Red Hat, Inc.\n"
|
|
"This is free software; see the source for copying conditions. There is NO\n"
|
|
"warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n",
|
|
CYGWIN_VERSION_DLL_MAJOR / 1000,
|
|
CYGWIN_VERSION_DLL_MAJOR % 1000,
|
|
CYGWIN_VERSION_DLL_MINOR,
|
|
strrchr (__DATE__, ' ') + 1);
|
|
}
|
|
|
|
int
|
|
main (int argc, char **argv)
|
|
{
|
|
int c;
|
|
int ret = 0;
|
|
int aopt = 0;
|
|
int copt = 0;
|
|
int eopt = 0;
|
|
int dopt = 0;
|
|
int nopt = 0;
|
|
int istty = isatty (fileno (stdout));
|
|
struct stat st;
|
|
aclent_t acls[MAX_ACL_ENTRIES];
|
|
|
|
prog_name = program_invocation_short_name;
|
|
|
|
while ((c = getopt_long (argc, argv, opts, longopts, NULL)) != EOF)
|
|
switch (c)
|
|
{
|
|
case 'a':
|
|
aopt = 1;
|
|
break;
|
|
case 'c':
|
|
copt = 1;
|
|
break;
|
|
case 'd':
|
|
dopt = 1;
|
|
break;
|
|
case 'e':
|
|
eopt = 1;
|
|
break;
|
|
case 'E':
|
|
eopt = -1;
|
|
break;
|
|
case 'h':
|
|
usage (stdout);
|
|
return 0;
|
|
case 'n':
|
|
nopt = 1;
|
|
break;
|
|
case 'V':
|
|
print_version ();
|
|
return 0;
|
|
default:
|
|
fprintf (stderr, "Try `%s --help' for more information.\n", prog_name);
|
|
return 1;
|
|
}
|
|
if (optind > argc - 1)
|
|
{
|
|
usage (stderr);
|
|
return 1;
|
|
}
|
|
for (; optind < argc; ++optind)
|
|
{
|
|
int i, num_acls;
|
|
mode_t mask = S_IRWXO, def_mask = S_IRWXO;
|
|
|
|
if (stat (argv[optind], &st)
|
|
|| (num_acls = acl (argv[optind], GETACL, MAX_ACL_ENTRIES, acls)) < 0)
|
|
{
|
|
fprintf (stderr, "%s: %s: %s\n",
|
|
prog_name, argv[optind], strerror (errno));
|
|
ret = 2;
|
|
continue;
|
|
}
|
|
if (!copt)
|
|
{
|
|
printf ("# file: %s\n", argv[optind]);
|
|
if (nopt)
|
|
{
|
|
printf ("# owner: %lu\n", (unsigned long)st.st_uid);
|
|
printf ("# group: %lu\n", (unsigned long)st.st_gid);
|
|
}
|
|
else
|
|
{
|
|
printf ("# owner: %s\n", username (st.st_uid));
|
|
printf ("# group: %s\n", groupname (st.st_gid));
|
|
}
|
|
if (st.st_mode & (S_ISUID | S_ISGID | S_ISVTX))
|
|
printf ("# flags: %c%c%c\n", (st.st_mode & S_ISUID) ? 's' : '-',
|
|
(st.st_mode & S_ISGID) ? 's' : '-',
|
|
(st.st_mode & S_ISVTX) ? 't' : '-');
|
|
}
|
|
for (i = 0; i < num_acls; ++i)
|
|
{
|
|
if (acls[i].a_type == CLASS_OBJ)
|
|
mask = acls[i].a_perm;
|
|
else if (acls[i].a_type == DEF_CLASS_OBJ)
|
|
def_mask = acls[i].a_perm;
|
|
}
|
|
for (i = 0; i < num_acls; ++i)
|
|
{
|
|
int n = 0;
|
|
int print_effective = 0;
|
|
mode_t effective = acls[i].a_perm;
|
|
|
|
if (acls[i].a_type & ACL_DEFAULT)
|
|
{
|
|
if (aopt)
|
|
continue;
|
|
n += printf ("default:");
|
|
}
|
|
else if (dopt)
|
|
continue;
|
|
switch (acls[i].a_type & ~ACL_DEFAULT)
|
|
{
|
|
case USER_OBJ:
|
|
printf ("user::");
|
|
break;
|
|
case USER:
|
|
if (nopt)
|
|
n += printf ("user:%lu:", (unsigned long)acls[i].a_id);
|
|
else
|
|
n += printf ("user:%s:", username (acls[i].a_id));
|
|
break;
|
|
case GROUP_OBJ:
|
|
n += printf ("group::");
|
|
break;
|
|
case GROUP:
|
|
if (nopt)
|
|
n += printf ("group:%lu:", (unsigned long)acls[i].a_id);
|
|
else
|
|
n += printf ("group:%s:", groupname (acls[i].a_id));
|
|
break;
|
|
case CLASS_OBJ:
|
|
printf ("mask:");
|
|
break;
|
|
case OTHER_OBJ:
|
|
printf ("other:");
|
|
break;
|
|
}
|
|
n += printf ("%s", permstr (acls[i].a_perm));
|
|
switch (acls[i].a_type)
|
|
{
|
|
case USER:
|
|
case GROUP_OBJ:
|
|
effective = acls[i].a_perm & mask;
|
|
print_effective = 1;
|
|
break;
|
|
case GROUP:
|
|
/* Special case SYSTEM and Admins group: The mask only
|
|
applies to them as far as the execute bit is concerned. */
|
|
if (acls[i].a_id == 18 || acls[i].a_id == 544)
|
|
effective = acls[i].a_perm & (mask | S_IROTH | S_IWOTH);
|
|
else
|
|
effective = acls[i].a_perm & mask;
|
|
print_effective = 1;
|
|
break;
|
|
case DEF_USER:
|
|
case DEF_GROUP_OBJ:
|
|
effective = acls[i].a_perm & def_mask;
|
|
print_effective = 1;
|
|
break;
|
|
case DEF_GROUP:
|
|
/* Special case SYSTEM and Admins group: The mask only
|
|
applies to them as far as the execute bit is concerned. */
|
|
if (acls[i].a_id == 18 || acls[i].a_id == 544)
|
|
effective = acls[i].a_perm & (def_mask | S_IROTH | S_IWOTH);
|
|
else
|
|
effective = acls[i].a_perm & def_mask;
|
|
print_effective = 1;
|
|
break;
|
|
}
|
|
if (print_effective && eopt >= 0
|
|
&& (eopt > 0 || effective != acls[i].a_perm))
|
|
{
|
|
if (istty)
|
|
{
|
|
n = 40 - n;
|
|
if (n <= 0)
|
|
n = 1;
|
|
printf ("%*s", n, " ");
|
|
}
|
|
else
|
|
putchar ('\t');
|
|
printf ("#effective:%s", permstr (effective));
|
|
}
|
|
putchar ('\n');
|
|
}
|
|
putchar ('\n');
|
|
}
|
|
return ret;
|
|
}
|