1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 | /* $NetBSD: fsaccess.c,v 1.6 2022/09/23 12:15:33 christos Exp $ */ /* * Copyright (C) Internet Systems Consortium, Inc. ("ISC") * * SPDX-License-Identifier: MPL-2.0 * * This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, you can obtain one at https://mozilla.org/MPL/2.0/. * * See the COPYRIGHT file distributed with this work for additional * information regarding copyright ownership. */ /*! \file * \brief * This file contains the OS-independent functionality of the API. */ #include <stdbool.h> #include <isc/fsaccess.h> #include <isc/print.h> #include <isc/result.h> #include <isc/util.h> /*! * Shorthand. Maybe ISC__FSACCESS_PERMISSIONBITS should not even be in * <isc/fsaccess.h>. Could check consistency with sizeof(isc_fsaccess_t) * and the number of bits in each function. */ #define STEP (ISC__FSACCESS_PERMISSIONBITS) #define GROUP (STEP) #define OTHER (STEP * 2) void isc_fsaccess_add(int trustee, int permission, isc_fsaccess_t *access) { REQUIRE(trustee <= 0x7); REQUIRE(permission <= 0xFF); if ((trustee & ISC_FSACCESS_OWNER) != 0) { *access |= permission; } if ((trustee & ISC_FSACCESS_GROUP) != 0) { *access |= (permission << GROUP); } if ((trustee & ISC_FSACCESS_OTHER) != 0) { *access |= (permission << OTHER); } } void isc_fsaccess_remove(int trustee, int permission, isc_fsaccess_t *access) { REQUIRE(trustee <= 0x7); REQUIRE(permission <= 0xFF); if ((trustee & ISC_FSACCESS_OWNER) != 0) { *access &= ~permission; } if ((trustee & ISC_FSACCESS_GROUP) != 0) { *access &= ~(permission << GROUP); } if ((trustee & ISC_FSACCESS_OTHER) != 0) { *access &= ~(permission << OTHER); } } static isc_result_t check_bad_bits(isc_fsaccess_t access, bool is_dir) { isc_fsaccess_t bits; /* * Check for disallowed user bits. */ if (is_dir) { bits = ISC_FSACCESS_READ | ISC_FSACCESS_WRITE | ISC_FSACCESS_EXECUTE; } else { bits = ISC_FSACCESS_CREATECHILD | ISC_FSACCESS_ACCESSCHILD | ISC_FSACCESS_DELETECHILD | ISC_FSACCESS_LISTDIRECTORY; } /* * Set group bad bits. */ bits |= bits << STEP; /* * Set other bad bits. */ bits |= bits << STEP; if ((access & bits) != 0) { if (is_dir) { return (ISC_R_NOTFILE); } else { return (ISC_R_NOTDIRECTORY); } } return (ISC_R_SUCCESS); } |