Gecko [ armaneco.co.uk ]

Name	Size	Permission	Date
aes.h	1.05 KB	-rw-r--r--	2025-03-04 13:53
app.h	10.23 KB	-rw-r--r--	2025-03-04 13:53
assertions.h	2.78 KB	-rw-r--r--	2025-03-04 13:53
atomic.h	4.15 KB	-rw-r--r--	2025-03-04 13:53
backtrace.h	3.8 KB	-rw-r--r--	2025-03-04 13:53
base32.h	3.94 KB	-rw-r--r--	2025-03-04 13:53
base64.h	2.39 KB	-rw-r--r--	2025-03-04 13:53
bind9.h	849 B	-rw-r--r--	2025-03-04 13:53
boolean.h	746 B	-rw-r--r--	2025-03-04 13:53
buffer.h	25.69 KB	-rw-r--r--	2025-03-04 13:53
bufferlist.h	1.42 KB	-rw-r--r--	2025-03-04 13:53
commandline.h	1.69 KB	-rw-r--r--	2025-03-04 13:53
condition.h	1.44 KB	-rw-r--r--	2025-03-04 13:53
counter.h	1.88 KB	-rw-r--r--	2025-03-04 13:53
crc64.h	986 B	-rw-r--r--	2025-03-04 13:53
deprecated.h	622 B	-rw-r--r--	2025-03-04 13:53
dir.h	1.96 KB	-rw-r--r--	2025-03-04 13:53
entropy.h	8.76 KB	-rw-r--r--	2025-03-04 13:53
errno.h	658 B	-rw-r--r--	2025-03-04 13:53
errno2result.h	893 B	-rw-r--r--	2025-03-04 13:53
error.h	1.4 KB	-rw-r--r--	2025-03-04 13:53
event.h	2.98 KB	-rw-r--r--	2025-03-04 13:53
eventclass.h	1.35 KB	-rw-r--r--	2025-03-04 13:53
file.h	11.43 KB	-rw-r--r--	2025-03-04 13:53
formatcheck.h	892 B	-rw-r--r--	2025-03-04 13:53
fsaccess.h	7.25 KB	-rw-r--r--	2025-03-04 13:53
hash.h	7.52 KB	-rw-r--r--	2025-03-04 13:53
heap.h	5.14 KB	-rw-r--r--	2025-03-04 13:53
hex.h	2.33 KB	-rw-r--r--	2025-03-04 13:53
hmacmd5.h	1.75 KB	-rw-r--r--	2025-03-04 13:53
hmacsha.h	4.44 KB	-rw-r--r--	2025-03-04 13:53
ht.h	4.29 KB	-rw-r--r--	2025-03-04 13:53
httpd.h	2.26 KB	-rw-r--r--	2025-03-04 13:53
int.h	1.37 KB	-rw-r--r--	2025-03-04 13:53
interfaceiter.h	3.03 KB	-rw-r--r--	2025-03-04 13:53
iterated_hash.h	1.02 KB	-rw-r--r--	2025-03-04 13:53
json.h	1.42 KB	-rw-r--r--	2025-03-04 13:53
keyboard.h	976 B	-rw-r--r--	2025-03-04 13:53
lang.h	636 B	-rw-r--r--	2025-03-04 13:53
lex.h	9.42 KB	-rw-r--r--	2025-03-04 13:53
lfsr.h	2.88 KB	-rw-r--r--	2025-03-04 13:53
lib.h	1.04 KB	-rw-r--r--	2025-03-04 13:53
likely.h	718 B	-rw-r--r--	2025-03-04 13:53
list.h	5.65 KB	-rw-r--r--	2025-03-04 13:53
log.h	28.06 KB	-rw-r--r--	2025-03-04 13:53
magic.h	993 B	-rw-r--r--	2025-03-04 13:53
md5.h	2.34 KB	-rw-r--r--	2025-03-04 13:53
mem.h	20.63 KB	-rw-r--r--	2025-03-04 13:53
meminfo.h	690 B	-rw-r--r--	2025-03-04 13:53
msgcat.h	2.66 KB	-rw-r--r--	2025-03-04 13:53
msgs.h	8.22 KB	-rw-r--r--	2025-03-04 13:53
mutex.h	3.44 KB	-rw-r--r--	2025-03-04 13:53
mutexblock.h	1.34 KB	-rw-r--r--	2025-03-04 13:53
net.h	10.32 KB	-rw-r--r--	2025-03-04 13:53
netaddr.h	4.56 KB	-rw-r--r--	2025-03-04 13:53
netdb.h	862 B	-rw-r--r--	2025-03-04 13:53
netscope.h	947 B	-rw-r--r--	2025-03-04 13:53
offset.h	699 B	-rw-r--r--	2025-03-04 13:53
once.h	981 B	-rw-r--r--	2025-03-04 13:53
ondestroy.h	2.79 KB	-rw-r--r--	2025-03-04 13:53
os.h	670 B	-rw-r--r--	2025-03-04 13:53
parseint.h	1.49 KB	-rw-r--r--	2025-03-04 13:53
platform.h	9.31 KB	-rw-r--r--	2025-03-04 13:53
pool.h	3.42 KB	-rw-r--r--	2025-03-04 13:53
portset.h	3.21 KB	-rw-r--r--	2025-03-04 13:53
print.h	2.49 KB	-rw-r--r--	2025-03-04 13:53
queue.h	4.66 KB	-rw-r--r--	2025-03-04 13:53
quota.h	2.29 KB	-rw-r--r--	2025-03-04 13:53
radix.h	6.37 KB	-rw-r--r--	2025-03-04 13:53
random.h	2.99 KB	-rw-r--r--	2025-03-04 13:53
ratelimiter.h	3.38 KB	-rw-r--r--	2025-03-04 13:53
refcount.h	7.89 KB	-rw-r--r--	2025-03-04 13:53
regex.h	766 B	-rw-r--r--	2025-03-04 13:53
region.h	1.99 KB	-rw-r--r--	2025-03-04 13:53
resource.h	2.8 KB	-rw-r--r--	2025-03-04 13:53
result.h	4.62 KB	-rw-r--r--	2025-03-04 13:53
resultclass.h	1.56 KB	-rw-r--r--	2025-03-04 13:53
rwlock.h	3.6 KB	-rw-r--r--	2025-03-04 13:53
safe.h	1.21 KB	-rw-r--r--	2025-03-04 13:53
serial.h	1.4 KB	-rw-r--r--	2025-03-04 13:53
sha1.h	1.52 KB	-rw-r--r--	2025-03-04 13:53
sha2.h	5.65 KB	-rw-r--r--	2025-03-04 13:53
sockaddr.h	6 KB	-rw-r--r--	2025-03-04 13:53
socket.h	35.81 KB	-rw-r--r--	2025-03-04 13:53
stat.h	805 B	-rw-r--r--	2025-03-04 13:53
stats.h	3.02 KB	-rw-r--r--	2025-03-04 13:53
stdio.h	1.74 KB	-rw-r--r--	2025-03-04 13:53
stdlib.h	703 B	-rw-r--r--	2025-03-04 13:53
stdtime.h	1.3 KB	-rw-r--r--	2025-03-04 13:53
strerror.h	776 B	-rw-r--r--	2025-03-04 13:53
string.h	5.94 KB	-rw-r--r--	2025-03-04 13:53
symtab.h	4.21 KB	-rw-r--r--	2025-03-04 13:53
syslog.h	843 B	-rw-r--r--	2025-03-04 13:53
task.h	21.08 KB	-rw-r--r--	2025-03-04 13:53
taskpool.h	3.61 KB	-rw-r--r--	2025-03-04 13:53
thread.h	1.47 KB	-rw-r--r--	2025-03-04 13:53
time.h	8.66 KB	-rw-r--r--	2025-03-04 13:53
timer.h	10.54 KB	-rw-r--r--	2025-03-04 13:53
tm.h	894 B	-rw-r--r--	2025-03-04 13:53
types.h	5.54 KB	-rw-r--r--	2025-03-04 13:53
util.h	7.49 KB	-rw-r--r--	2025-03-04 13:53
version.h	688 B	-rw-r--r--	2025-03-04 13:53
xml.h	1.07 KB	-rw-r--r--	2025-03-04 13:53

Rename

/*
 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 *
 * See the COPYRIGHT file distributed with this work for additional
 * information regarding copyright ownership.
 */

#ifndef ISC_FSACCESS_H
#define ISC_FSACCESS_H 1

/*! \file isc/fsaccess.h
 * \brief The ISC filesystem access module encapsulates the setting of file
 * and directory access permissions into one API that is meant to be
 * portable to multiple operating systems.
 *
 * The two primary operating system flavors that are initially accommodated
 * are POSIX and Windows NT 4.0 and later.  The Windows NT access model is
 * considerable more flexible than POSIX's model (as much as I am loathe to
 * admit it), and so the ISC API has a higher degree of complexity than would
 * be needed to simply address POSIX's needs.
 *
 * The full breadth of NT's flexibility is not available either, for the
 * present time.  Much of it is to provide compatibility with what Unix
 * programmers are expecting.  This is also due to not yet really needing all
 * of the functionality of an NT system (or, for that matter, a POSIX system)
 * in BIND9, and so resolving how to handle the various incompatibilities has
 * been a purely theoretical exercise with no operational experience to
 * indicate how flawed the thinking may be.
 *
 * Some of the more notable dumbing down of NT for this API includes:
 *
 *\li   Each of FILE_READ_DATA and FILE_READ_EA are set with #ISC_FSACCESS_READ.
 *
 * \li  All of FILE_WRITE_DATA, FILE_WRITE_EA and FILE_APPEND_DATA are
 *     set with #ISC_FSACCESS_WRITE.  FILE_WRITE_ATTRIBUTES is not set
 *     so as to be consistent with Unix, where only the owner of the file
 *     or the superuser can change the attributes/mode of a file.
 *
 * \li  Both of FILE_ADD_FILE and FILE_ADD_SUBDIRECTORY are set with
 *     #ISC_FSACCESS_CREATECHILD.  This is similar to setting the WRITE
 *     permission on a Unix directory.
 *
 * \li  SYNCHRONIZE is always set for files and directories, unless someone
 *     can give me a reason why this is a bad idea.
 *
 * \li  READ_CONTROL and FILE_READ_ATTRIBUTES are always set; this is
 *     consistent with Unix, where any file or directory can be stat()'d
 *     unless the directory path disallows complete access somewhere along
 *     the way.
 *
 * \li  WRITE_DAC is only set for the owner.  This too is consistent with
 *     Unix, and is tighter security than allowing anyone else to be
 *     able to set permissions.
 *
 * \li  DELETE is only set for the owner.  On Unix the ability to delete
 *     a file is controlled by the directory permissions, but it isn't
 *     currently clear to me what happens on NT if the directory has
 *     FILE_DELETE_CHILD set but a file within it does not have DELETE
 *     set.  Always setting DELETE on the file/directory for the owner
 *     gives maximum flexibility to the owner without exposing the
 *     file to deletion by others.
 *
 * \li  WRITE_OWNER is never set.  This too is consistent with Unix,
 *     and is also tighter security than allowing anyone to change the
 *     ownership of the file apart from the superu..ahem, Administrator.
 *
 * \li  Inheritance is set to NO_INHERITANCE.
 *
 * Unix's dumbing down includes:
 *
 * \li  The sticky bit cannot be set.
 *
 * \li  setuid and setgid cannot be set.
 *
 * \li  Only regular files and directories can be set.
 *
 * The rest of this comment discusses a few of the incompatibilities
 * between the two systems that need more thought if this API is to
 * be extended to accommodate them.
 *
 * The Windows standard access right "DELETE" doesn't have a direct
 * equivalent in the Unix world, so it isn't clear what should be done
 * with it.
 *
 * The Unix sticky bit is not supported.  While NT does have a concept
 * of allowing users to create files in a directory but not delete or
 * rename them, it does not have a concept of allowing them to be deleted
 * if they are owned by the user trying to delete/rename.  While it is
 * probable that something could be cobbled together in NT 5 with inheritance,
 * it can't really be done in NT 4 as a single property that you could
 * set on a directory.  You'd need to coordinate something with file creation
 * so that every file created had DELETE set for the owner but noone else.
 *
 * On Unix systems, setting #ISC_FSACCESS_LISTDIRECTORY sets READ.
 * ... setting either #ISC_FSACCESS_CREATECHILD or #ISC_FSACCESS_DELETECHILD
 *      sets WRITE.
 * ... setting #ISC_FSACCESS_ACCESSCHILD sets EXECUTE.
 *
 * On NT systems, setting #ISC_FSACCESS_LISTDIRECTORY sets FILE_LIST_DIRECTORY.
 * ... setting #ISC_FSACCESS_CREATECHILD sets FILE_CREATE_CHILD independently.
 * ... setting #ISC_FSACCESS_DELETECHILD sets FILE_DELETE_CHILD independently.
 * ... setting #ISC_FSACCESS_ACCESSCHILD sets FILE_TRAVERSE.
 *
 * Unresolved:							XXXDCL
 * \li  What NT access right controls the ability to rename a file?
 * \li  How does DELETE work?  If a directory has FILE_DELETE_CHILD but a
 *      file or directory within it does not have DELETE, is that file
 *	or directory deletable?
 * \li  To implement isc_fsaccess_get(), mapping an existing Unix permission
 * 	mode_t back to an isc_fsaccess_t is pretty trivial; however, mapping
 *	an NT DACL could be impossible to do in a responsible way.
 * \li  Similarly, trying to implement the functionality of being able to
 *	say "add group writability to whatever permissions already exist"
 *	could be tricky on NT because of the order-of-entry issue combined
 *	with possibly having one or more matching ACEs already explicitly
 *	granting or denying access.  Because this functionality is
 *	not yet needed by the ISC, no code has been written to try to
 * 	solve this problem.
 */

#include <isc/lang.h>
#include <isc/types.h>

/*
 * Trustees.
 */
#define ISC_FSACCESS_OWNER	0x1 /*%< User account. */
#define ISC_FSACCESS_GROUP	0x2 /*%< Primary group owner. */
#define ISC_FSACCESS_OTHER	0x4 /*%< Not the owner or the group owner. */
#define ISC_FSACCESS_WORLD	0x7 /*%< User, Group, Other. */

/*
 * Types of permission.
 */
#define ISC_FSACCESS_READ		0x00000001 /*%< File only. */
#define ISC_FSACCESS_WRITE		0x00000002 /*%< File only. */
#define ISC_FSACCESS_EXECUTE		0x00000004 /*%< File only. */
#define ISC_FSACCESS_CREATECHILD	0x00000008 /*%< Dir only. */
#define ISC_FSACCESS_DELETECHILD	0x00000010 /*%< Dir only. */
#define ISC_FSACCESS_LISTDIRECTORY	0x00000020 /*%< Dir only. */
#define ISC_FSACCESS_ACCESSCHILD	0x00000040 /*%< Dir only. */

/*%
 * Adding any permission bits beyond 0x200 would mean typedef'ing
 * isc_fsaccess_t as isc_uint64_t, and redefining this value to
 * reflect the new range of permission types, Probably to 21 for
 * maximum flexibility.  The number of bits has to accommodate all of
 * the permission types, and three full sets of them have to fit
 * within an isc_fsaccess_t.
 */
#define ISC__FSACCESS_PERMISSIONBITS 10

ISC_LANG_BEGINDECLS

void
isc_fsaccess_add(int trustee, int permission, isc_fsaccess_t *access);

void
isc_fsaccess_remove(int trustee, int permission, isc_fsaccess_t *access);

isc_result_t
isc_fsaccess_set(const char *path, isc_fsaccess_t access);

ISC_LANG_ENDDECLS

#endif /* ISC_FSACCESS_H */