diff options
Diffstat (limited to '')
-rw-r--r-- | lib/isc/fsaccess.c | 103 |
1 files changed, 103 insertions, 0 deletions
diff --git a/lib/isc/fsaccess.c b/lib/isc/fsaccess.c new file mode 100644 index 0000000..54bf38a --- /dev/null +++ b/lib/isc/fsaccess.c @@ -0,0 +1,103 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +/*! \file + * \brief + * This file contains the OS-independent functionality of the API. + */ +#include <stdbool.h> + +#include <isc/fsaccess.h> +#include <isc/print.h> +#include <isc/result.h> +#include <isc/util.h> + +/*! + * Shorthand. Maybe ISC__FSACCESS_PERMISSIONBITS should not even be in + * <isc/fsaccess.h>. Could check consistency with sizeof(isc_fsaccess_t) + * and the number of bits in each function. + */ +#define STEP (ISC__FSACCESS_PERMISSIONBITS) +#define GROUP (STEP) +#define OTHER (STEP * 2) + +void +isc_fsaccess_add(int trustee, int permission, isc_fsaccess_t *access) { + REQUIRE(trustee <= 0x7); + REQUIRE(permission <= 0xFF); + + if ((trustee & ISC_FSACCESS_OWNER) != 0) { + *access |= permission; + } + + if ((trustee & ISC_FSACCESS_GROUP) != 0) { + *access |= (permission << GROUP); + } + + if ((trustee & ISC_FSACCESS_OTHER) != 0) { + *access |= (permission << OTHER); + } +} + +void +isc_fsaccess_remove(int trustee, int permission, isc_fsaccess_t *access) { + REQUIRE(trustee <= 0x7); + REQUIRE(permission <= 0xFF); + + if ((trustee & ISC_FSACCESS_OWNER) != 0) { + *access &= ~permission; + } + + if ((trustee & ISC_FSACCESS_GROUP) != 0) { + *access &= ~(permission << GROUP); + } + + if ((trustee & ISC_FSACCESS_OTHER) != 0) { + *access &= ~(permission << OTHER); + } +} + +static isc_result_t +check_bad_bits(isc_fsaccess_t access, bool is_dir) { + isc_fsaccess_t bits; + + /* + * Check for disallowed user bits. + */ + if (is_dir) { + bits = ISC_FSACCESS_READ | ISC_FSACCESS_WRITE | + ISC_FSACCESS_EXECUTE; + } else { + bits = ISC_FSACCESS_CREATECHILD | ISC_FSACCESS_ACCESSCHILD | + ISC_FSACCESS_DELETECHILD | ISC_FSACCESS_LISTDIRECTORY; + } + + /* + * Set group bad bits. + */ + bits |= bits << STEP; + /* + * Set other bad bits. + */ + bits |= bits << STEP; + + if ((access & bits) != 0) { + if (is_dir) { + return (ISC_R_NOTFILE); + } else { + return (ISC_R_NOTDIRECTORY); + } + } + + return (ISC_R_SUCCESS); +} |