diff --git a/iceoryx2-bb/posix/Cargo.toml b/iceoryx2-bb/posix/Cargo.toml index b37be6df0..28aced46d 100644 --- a/iceoryx2-bb/posix/Cargo.toml +++ b/iceoryx2-bb/posix/Cargo.toml @@ -10,9 +10,6 @@ repository = { workspace = true } rust-version = { workspace = true } version = { workspace = true } -[features] -acl = ["iceoryx2-pal-posix/acl"] - [dependencies] iceoryx2-bb-container = { workspace = true } iceoryx2-bb-system-types = { workspace = true } diff --git a/iceoryx2-bb/posix/src/access_control_list.rs b/iceoryx2-bb/posix/src/access_control_list.rs deleted file mode 100644 index 0af18cd11..000000000 --- a/iceoryx2-bb/posix/src/access_control_list.rs +++ /dev/null @@ -1,790 +0,0 @@ -// Copyright (c) 2023 Contributors to the Eclipse Foundation -// -// See the NOTICE file(s) distributed with this work for additional -// information regarding copyright ownership. -// -// This program and the accompanying materials are made available under the -// terms of the Apache Software License 2.0 which is available at -// https://www.apache.org/licenses/LICENSE-2.0, or the MIT license -// which is available at https://opensource.org/licenses/MIT. -// -// SPDX-License-Identifier: Apache-2.0 OR MIT - -//! Access Control Lists provide the ability to set more fine grained permissions to files and -//! directories then the POSIX user, group, others model. -//! -//! # Example -//! -//! ## Apply ACLs to some file -//! -//! ```no_run -//! use iceoryx2_bb_posix::file::*; -//! use iceoryx2_bb_posix::access_control_list::*; -//! use iceoryx2_bb_posix::user::*; -//! use iceoryx2_bb_posix::group::*; -//! use iceoryx2_bb_posix::file_descriptor::FileDescriptorBased; -//! use iceoryx2_bb_system_types::file_path::FilePath; -//! use iceoryx2_bb_container::semantic_string::SemanticString; -//! -//! let file_name = FilePath::new(b"/tmp/test_file").unwrap(); -//! let some_file = FileBuilder::new(&file_name) -//! .creation_mode(CreationMode::PurgeAndCreate) -//! .permission(Permission::OWNER_ALL) -//! .create() -//! .expect("failed to create file"); -//! -//! let mut acl = AccessControlList::new().expect("failed to create acl"); -//! acl.set(Acl::OwningUser, AclPermission::ReadWriteExecute); -//! acl.set(Acl::MaxAccessRightsForNonOwners, AclPermission::ReadExecute); -//! acl.add_user("testuser1".as_user().unwrap().uid(), AclPermission::ReadExecute ) -//! .expect("failed to add user"); -//! acl.add_group("testgroup1".as_group().unwrap().gid(), AclPermission::Read) -//! .expect("failed to add group"); -//! -//! acl.apply_to_file_descriptor(unsafe { some_file.file_descriptor().native_handle() }) -//! .expect("failed to apply acl"); -//! -//! some_file.remove_self().expect("failed to cleanup file"); -//! ``` -//! -//! ## Readout ACLs from some file -//! -//! ```no_run -//! use iceoryx2_bb_posix::file::*; -//! use iceoryx2_bb_posix::access_control_list::*; -//! use iceoryx2_bb_posix::file_descriptor::FileDescriptorBased; -//! use iceoryx2_bb_system_types::file_path::FilePath; -//! use iceoryx2_bb_container::semantic_string::SemanticString; -//! -//! let file_name = FilePath::new(b"/tmp/some_file").unwrap(); -//! let some_file = FileBuilder::new(&file_name) -//! .creation_mode(CreationMode::PurgeAndCreate) -//! .create() -//! .expect("failed to open file"); -//! -//! let acl = AccessControlList::from_file_descriptor(unsafe {some_file.file_descriptor().native_handle() }) -//! .expect("failed to create acl"); -//! println!("The ACLs as string: {}", acl.as_string().unwrap()); -//! -//! let acl_entries = acl.get().expect("failed to get acl entries"); -//! for entry in acl_entries { -//! println!("tag {:?}, id {:?}, permission {:?}", entry.tag(), entry.id(), -//! entry.permission()); -//! } -//! ``` - -use iceoryx2_bb_container::byte_string::*; -use iceoryx2_bb_elementary::{enum_gen, scope_guard::ScopeGuardBuilder}; -use iceoryx2_bb_log::{fail, fatal_panic}; -use iceoryx2_pal_posix::posix::errno::Errno; -use iceoryx2_pal_posix::*; -use std::fmt::Debug; - -use crate::{config::ACL_LIST_CAPACITY, handle_errno}; - -pub const ACL_STRING_SIZE: usize = 4096; -pub type AclString = FixedSizeByteString; - -#[derive(Debug, Clone, Copy, Eq, Hash, PartialEq)] -pub enum AccessControlListCreationError { - InsufficientMemory, - UnknownError(i32), -} - -#[derive(Debug, Clone, Copy, Eq, Hash, PartialEq)] -pub enum AccessControlListCreationFromFdError { - InvalidFileDescriptor, - InsufficientMemory, - NotSupportedByFileSystem, - UnknownError(i32), -} - -enum_gen! { - AccessControlListAcquireError - entry: - InsufficientMemory, - InvalidValue, - UnknownError(i32) -} - -#[derive(Debug, Clone, Copy, Eq, Hash, PartialEq)] -pub enum AccessControlListSetError { - UnknownError(i32), -} - -#[derive(Debug, Clone, Copy, Eq, Hash, PartialEq)] -pub enum AccessControlListApplyError { - InsufficientPermissions, - ReadOnlyFileSystem, - ContainsInvalidValues, - InvalidFileDescriptor, - ListTooBig, - NoSpaceLeft, - NotSupportedByFileSystem, - UnknownError(i32), -} - -enum_gen! { - /// The AccessControlListError enum is a generalization when one doesn't require the fine-grained error - /// handling enums. One can forward AccessControlListError as more generic return value when a method - /// returns a AccessControlList***Error. - /// On a higher level it is again convertable to [`crate::Error`]. - AccessControlListError - generalization: - FailedToCreate <= AccessControlListCreationError; AccessControlListCreationFromFdError, - FailedToAcquire <= AccessControlListAcquireError, - FailedToApply <= AccessControlListSetError; AccessControlListApplyError -} - -impl From for AccessControlListCreationError { - fn from(v: AccessControlListSetError) -> Self { - let AccessControlListSetError::UnknownError(k) = v; - AccessControlListCreationError::UnknownError(k) - } -} - -/// Trait which allows to convert a type into an [`AccessControlList`]. Is used for instance to -/// convert text ACL representations stored in strings to convert into ACLs. -pub trait AccessControlListExt { - /// converts type into an [`AccessControlList`] - fn as_acl(&self) -> Result; -} - -impl AccessControlListExt for AclString { - fn as_acl(&self) -> Result { - AccessControlList::from_string(self) - } -} - -/// Represents and ACL tag. Used in [`Entry`] to define the type of entry. -#[derive(Debug, Clone, Copy, Eq, Hash, PartialEq)] -#[repr(i32)] -pub enum AclTag { - OwningUser = posix::ACL_USER_OBJ as _, - OwningGroup = posix::ACL_GROUP_OBJ as _, - Other = posix::ACL_OTHER as _, - MaxAccessRightsForNonOwners = posix::ACL_MASK as _, - User = posix::ACL_USER as _, - Group = posix::ACL_GROUP as _, - Undefined = posix::ACL_UNDEFINED_TAG as _, -} - -/// Defines a ACL setting which can be set with [`AccessControlList::set()`]. -#[derive(Debug, Clone, Copy, Eq, Hash, PartialEq)] -#[repr(i32)] -pub enum Acl { - /// Sets the permissions for the owning user - OwningUser = posix::ACL_USER_OBJ as _, - /// Sets the permissions for the owning group - OwningGroup = posix::ACL_GROUP_OBJ as _, - /// Sets the permissions for others - Other = posix::ACL_OTHER as _, - /// Defines the maximum of access rights which non owners can have - MaxAccessRightsForNonOwners = posix::ACL_MASK as _, -} - -/// Represents and ACL permission entry. -#[derive(Debug, Clone, Copy, Eq, Hash, PartialEq)] -#[repr(u32)] -pub enum AclPermission { - None, - Read = posix::ACL_READ, - Write = posix::ACL_WRITE, - Execute = posix::ACL_EXECUTE, - ReadWrite = posix::ACL_READ | posix::ACL_WRITE, - ReadExecute = posix::ACL_READ | posix::ACL_EXECUTE, - WriteExecute = posix::ACL_WRITE | posix::ACL_EXECUTE, - ReadWriteExecute = posix::ACL_READ | posix::ACL_WRITE | posix::ACL_EXECUTE, -} - -trait AclHandle { - fn get_handle(&self) -> &posix::acl_entry_t; -} - -trait InternalEntry: Debug + AclHandle { - fn tag_type(&self) -> AclTag { - let mut tag_type: posix::acl_tag_t = unsafe { std::mem::zeroed() }; - - if unsafe { posix::acl_get_tag_type(*self.get_handle(), &mut tag_type) } != 0 { - fatal_panic!(from self, "This should never happen! An invalid entry handle was provided while acquiring ACL entry tag type."); - } - - match tag_type { - posix::ACL_USER => AclTag::User, - posix::ACL_GROUP => AclTag::Group, - posix::ACL_USER_OBJ => AclTag::OwningUser, - posix::ACL_GROUP_OBJ => AclTag::OwningGroup, - posix::ACL_OTHER => AclTag::Other, - posix::ACL_MASK => AclTag::MaxAccessRightsForNonOwners, - _ => AclTag::Undefined, - } - } -} - -#[derive(Debug)] -struct InternalMutEntry { - handle: posix::acl_entry_t, -} - -impl AclHandle for InternalMutEntry { - fn get_handle(&self) -> &posix::acl_entry_t { - &self.handle - } -} -impl InternalEntry for InternalMutEntry {} - -impl InternalMutEntry { - fn create( - acl: &mut AccessControlList, - ) -> Result { - let mut new_entry = InternalMutEntry { - handle: 0 as posix::acl_entry_t, - }; - - if unsafe { posix::acl_create_entry(&mut acl.handle, &mut new_entry.handle) } == 0 { - return Ok(new_entry); - } - - let msg = "Unable to create entry"; - handle_errno!( AccessControlListCreationError, from new_entry, - Errno::ENOMEM => (InsufficientMemory, "{} due to insufficient memory.", msg), - v => (UnknownError(v as i32), "{} since an unknown error occurred ({}),", msg, v) - ); - } - - fn set_tag(&mut self, tag: posix::acl_tag_t) -> Result<(), AccessControlListSetError> { - if unsafe { posix::acl_set_tag_type(self.handle, tag) } == 0 { - return Ok(()); - } - - handle_errno!( AccessControlListSetError, from self, - v => (UnknownError(v as i32), "Unable to set tag {:?} since an unknown error occurred ({}),", tag, v) - ); - } - - fn set_qualifier(&mut self, id: u32) -> Result<(), AccessControlListSetError> { - let id_ptr: *const u32 = &id; - if unsafe { posix::acl_set_qualifier(self.handle, id_ptr as *const posix::void) } == 0 { - return Ok(()); - } - - handle_errno!( AccessControlListSetError, from self, - v => (UnknownError(v as i32), "Unable to set uid/gid {} since an unknown error occurred ({}),", id, v) - ); - } - - fn clear_permissions( - &mut self, - permission_set: &posix::acl_permset_t, - ) -> Result<(), AccessControlListSetError> { - match unsafe { posix::acl_clear_perms(*permission_set) } == 0 { - true => Ok(()), - false => { - let error_code = Errno::get(); - fail!(from self, with AccessControlListSetError::UnknownError(error_code as i32), - "Unable to clear permissions due to an unknown error ({}).", error_code); - } - } - } - - fn set_permission( - &mut self, - permission: AclPermission, - ) -> Result<(), AccessControlListSetError> { - let mut permission_set: posix::acl_permset_t = unsafe { std::mem::zeroed() }; - match unsafe { posix::acl_get_permset(self.handle, &mut permission_set) } { - 0 => { - self.clear_permissions(&permission_set)?; - - match permission { - AclPermission::None => (), - AclPermission::Read => { - self.add_permission(&permission_set, posix::ACL_READ)?; - } - AclPermission::Write => { - self.add_permission(&permission_set, posix::ACL_WRITE)?; - } - AclPermission::Execute => { - self.add_permission(&permission_set, posix::ACL_EXECUTE)?; - } - AclPermission::ReadWrite => { - self.add_permission(&permission_set, posix::ACL_READ)?; - self.add_permission(&permission_set, posix::ACL_WRITE)?; - } - AclPermission::ReadExecute => { - self.add_permission(&permission_set, posix::ACL_READ)?; - self.add_permission(&permission_set, posix::ACL_EXECUTE)?; - } - AclPermission::WriteExecute => { - self.add_permission(&permission_set, posix::ACL_WRITE)?; - self.add_permission(&permission_set, posix::ACL_EXECUTE)?; - } - AclPermission::ReadWriteExecute => { - self.add_permission(&permission_set, posix::ACL_READ)?; - self.add_permission(&permission_set, posix::ACL_WRITE)?; - self.add_permission(&permission_set, posix::ACL_EXECUTE)?; - } - } - } - _ => { - fatal_panic!(from self, "This should never happen! Unable to acquire permission set."); - } - } - - Ok(()) - } - - fn add_permission( - &mut self, - permission_set: &posix::acl_permset_t, - permission: posix::acl_perm_t, - ) -> Result<(), AccessControlListSetError> { - let value = match permission { - posix::ACL_READ => "ACL_READ", - posix::ACL_WRITE => "ACL_WRITE", - posix::ACL_EXECUTE => "ACL_EXECUTE", - _ => return Ok(()), - }; - - if unsafe { posix::acl_add_perm(*permission_set, permission) } == 0 { - return Ok(()); - } - - let error_code = Errno::get(); - fail!(from self, with AccessControlListSetError::UnknownError(error_code as i32), - "Unable to set permission to {} due to an unknown error ({}).", value, error_code); - } -} - -impl Drop for InternalMutEntry { - fn drop(&mut self) { - if self.handle != 0 as posix::acl_entry_t { - unsafe { - posix::acl_free(self.handle as *mut posix::void); - } - } - } -} - -#[repr(i32)] -enum EntryType { - First = posix::ACL_FIRST_ENTRY, - Next = posix::ACL_NEXT_ENTRY, -} - -#[derive(Debug)] -struct InternalConstEntry<'a> { - handle: posix::acl_entry_t, - parent: &'a AccessControlList, -} - -impl AclHandle for InternalConstEntry<'_> { - fn get_handle(&self) -> &posix::acl_entry_t { - &self.handle - } -} -impl InternalEntry for InternalConstEntry<'_> {} - -impl<'a> InternalConstEntry<'a> { - fn create(acl: &AccessControlList, entry_type: EntryType) -> Option { - let mut new_entry = InternalConstEntry { - handle: 0 as posix::acl_entry_t, - parent: acl, - }; - - let get_entry_result = unsafe { - posix::acl_get_entry(acl.handle, entry_type as posix::int, &mut new_entry.handle) - }; - - match get_entry_result { - 0 => None, - 1 => Some(new_entry), - _ => { - fatal_panic!(from acl, "This should never happen! An invalid handle was provided while acquiring ACL entries."); - } - } - } - - fn qualifier(&self) -> Result { - let qualifier = unsafe { posix::acl_get_qualifier(self.handle) }; - - if qualifier.is_null() { - let msg = "Unable to acquire qualifier from entry"; - handle_errno!( AccessControlListAcquireError, from self, - Errno::EINVAL => (InvalidValue, "{} since the entry tag type does not support qualifiers.", msg), - Errno::ENOMEM => (InsufficientMemory, "{} due to insufficient memory.", msg), - v => (UnknownError(v as i32), "{} since an unknown error occurred ({}).", msg, v) - ); - } - - let qualifier_value = unsafe { *(qualifier as *const u32) }; - - if unsafe { posix::acl_free(qualifier) } == -1 { - fatal_panic!(from self.parent, "This should never happen! Unable to release previously acquired memory for entry qualifier."); - } - - Ok(qualifier_value) - } - - fn permission(&self) -> AclPermission { - let mut permission_set: posix::acl_permset_t = 0 as posix::acl_permset_t; - if unsafe { posix::acl_get_permset(self.handle, &mut permission_set) } != 0 { - fatal_panic!(from self.parent, "This should never happen! Unable to acquire permission set."); - } - - let has_read = self.get_perm(&permission_set, posix::ACL_READ); - let has_write = self.get_perm(&permission_set, posix::ACL_WRITE); - let has_exec = self.get_perm(&permission_set, posix::ACL_EXECUTE); - - if has_read && has_write && has_exec { - AclPermission::ReadWriteExecute - } else if has_read && has_write && !has_exec { - AclPermission::ReadWrite - } else if has_read && !has_write && has_exec { - AclPermission::ReadExecute - } else if !has_read && has_write && has_exec { - AclPermission::WriteExecute - } else if has_read && !has_write && !has_exec { - AclPermission::Read - } else if !has_read && has_write && !has_exec { - AclPermission::Write - } else if !has_read && !has_write && has_exec { - AclPermission::Execute - } else { - AclPermission::None - } - } - - fn get_perm(&self, permission_set: &posix::acl_permset_t, permission: posix::uint) -> bool { - let get_result = unsafe { posix::acl_get_perm(*permission_set, permission) }; - - match get_result { - 0 => false, - 1 => true, - _ => { - fatal_panic!(from self.parent, "This should never happen! Unable to verify permission"); - } - } - } -} - -/// Represents and Entry of an [`AccessControlList`]. -#[derive(Debug)] -pub struct Entry { - tag: AclTag, - id: Option, - permission: AclPermission, -} - -impl Entry { - /// The type of entry - pub fn tag(&self) -> AclTag { - self.tag - } - - /// The id of the entry. If the entry is of type [`AclTag::User`] or [`AclTag::OwningUser`] - /// it represents the user id. If the type is [`AclTag::Group`] or [`AclTag::OwningGroup`] - /// it represents the group id. - /// In any other case it returns [`None`]. - pub fn id(&self) -> Option { - self.id - } - - /// Returns the permission of the entry. - pub fn permission(&self) -> AclPermission { - self.permission - } -} - -/// Access Control Lists provide the ability to set more fine grained permissions to files and -/// directories then the POSIX user, group, others model. -#[derive(Debug)] -pub struct AccessControlList { - handle: posix::acl_t, - entries: Vec, -} - -impl Drop for AccessControlList { - fn drop(&mut self) { - if self.handle != 0 as posix::acl_t { - unsafe { posix::acl_free(self.handle as *mut posix::void) }; - } - } -} - -impl AccessControlList { - /// Creates a new empty AccessControlList - pub fn new() -> Result { - let mut new_acl = AccessControlList { - handle: 0 as posix::acl_t, - entries: vec![], - }; - new_acl.handle = unsafe { posix::acl_init(ACL_LIST_CAPACITY as i32) }; - - match new_acl.handle as _ { - 0 => handle_errno!(AccessControlListCreationError, from new_acl, - Errno::ENOMEM => (InsufficientMemory, "Unable to create due to insufficient memory."), - v => (UnknownError(v as i32), "Unable to create since an unknown error occurred ({}).", v) - ), - _ => { - new_acl.add_entry( - AclTag::OwningUser as posix::acl_tag_t, - None, - AclPermission::ReadWriteExecute, - )?; - new_acl.add_entry( - AclTag::OwningGroup as posix::acl_tag_t, - None, - AclPermission::Read, - )?; - new_acl.add_entry(AclTag::Other as posix::acl_tag_t, None, AclPermission::None)?; - new_acl.add_entry( - AclTag::MaxAccessRightsForNonOwners as posix::acl_tag_t, - None, - AclPermission::ReadWriteExecute, - )?; - Ok(new_acl) - } - } - } - - /// Acquires an AccessControlList from a given file descriptor. - /// - /// ```no_run - /// use iceoryx2_bb_posix::file::*; - /// use iceoryx2_bb_posix::access_control_list::*; - /// use iceoryx2_bb_posix::file_descriptor::FileDescriptorBased; - /// use iceoryx2_bb_system_types::file_path::FilePath; - /// use iceoryx2_bb_container::semantic_string::SemanticString; - /// - /// let file_name = FilePath::new(b"/tmp/some_file").unwrap(); - /// let some_file = FileBuilder::new(&file_name) - /// .creation_mode(CreationMode::PurgeAndCreate) - /// .create() - /// .expect("failed to open file"); - /// - /// let acl = AccessControlList::from_file_descriptor(unsafe{some_file.file_descriptor().native_handle()}) - /// .expect("failed to create acl"); - /// ``` - pub fn from_file_descriptor( - fd: i32, - ) -> Result { - let mut new_acl = AccessControlList { - handle: 0 as posix::acl_t, - entries: vec![], - }; - - new_acl.handle = unsafe { posix::acl_get_fd(fd) }; - - if new_acl.handle != 0 as posix::acl_t { - return Ok(new_acl); - } - - let msg = "Unable to extract ACLs from file-descriptor"; - handle_errno!(AccessControlListCreationFromFdError, from new_acl, - Errno::EBADF => (InvalidFileDescriptor, "{} {} due to an invalid file-descriptor.", msg, fd), - Errno::ENOMEM => (InsufficientMemory, "{} {} due to insufficient memory.", msg, fd), - Errno::ENOTSUP => (NotSupportedByFileSystem, "{} {} since it is not supported by the file-system.", msg, fd), - v => (UnknownError(v as i32), "{} {} since an unknown error occurred ({}).", msg, fd, v) - ); - } - - /// Creates an acl from a string. The string must follow the ACL syntax and must consist only - /// of ASCII characters. See [`AccessControlList::as_string()`] for an example. - pub fn from_string( - value: &AclString, - ) -> Result { - let mut new_acl = AccessControlList { - handle: 0 as posix::acl_t, - entries: vec![], - }; - - let msg = "Unable to create ACL from text"; - new_acl.handle = unsafe { posix::acl_from_text(value.as_c_str()) }; - if new_acl.handle != 0 as posix::acl_t { - return Ok(new_acl); - } - - handle_errno!( AccessControlListAcquireError, from new_acl, - Errno::EINVAL => (InvalidValue, "{} \"{}\" since the text cannot be translated.", msg, value), - Errno::ENOMEM => (InsufficientMemory, "{} \"{}\" due to insufficient memory.", msg, value), - v => (UnknownError(v as i32), "{} \"{}\" since an unknown error occurred ({}).", msg, value, v) - ); - } - - /// Returns the current AccessControlList as string. Can be used to construct a new - /// AccessControlList with [`AccessControlList::from_string()`]. - /// - /// ```ignore - /// use iceoryx2_bb_posix::access_control_list::*; - /// use iceoryx2_bb_posix::user::*; - /// use iceoryx2_bb_posix::group::*; - /// - /// let mut acl = AccessControlList::new().expect("failed to create acl"); - /// acl.add_user("testuser2".as_user().unwrap().uid(), AclPermission::ReadExecute ) - /// .expect("failed to add user"); - /// acl.add_group("testgroup2".as_group().unwrap().gid(), AclPermission::Read) - /// .expect("failed to add group"); - /// - /// let acl_string = acl.as_string().unwrap(); - /// - /// let acl_from_string = AccessControlList::from_string(&acl_string).unwrap(); - /// ``` - // - pub fn as_string(&self) -> Result { - let msg = "Unable to convert acl to string"; - let acl_value = ScopeGuardBuilder::new(std::ptr::null::()) - .on_init(|v| { - *v = unsafe { posix::acl_to_text(self.handle, std::ptr::null_mut::()) }; - match !(*v).is_null() { - true => Ok(()), - false => { - handle_errno!(AccessControlListAcquireError, from self, - Errno::ENOMEM => (InsufficientMemory, "{} due to insufficient memory.", msg), - v => (UnknownError(v as i32), "{} since an unknown error occurred ({}).",msg, v) - ); - } - } - }) - .on_drop(|v| match unsafe { posix::acl_free(*v as *mut posix::void) } { - 0 => (), - _ => { - fatal_panic!(from self, "{} since a fatal failure occured while cleaning up acquired acl text. Memory Leak?", msg); - } - }) - .create()?; - - Ok( - fail!(from self, when unsafe { AclString::from_c_str(*acl_value.get() as *mut posix::char) }, - with AccessControlListAcquireError::InvalidValue, - "{} since the acl text length exceeds the maximum supported AclString capacity of ({}).", - msg, ACL_STRING_SIZE), - ) - } - - /// Returns all entries of an AccessControlList. - pub fn get(&self) -> Result, AccessControlListAcquireError> { - let mut entries: Vec = vec![]; - - let mut entry_type = EntryType::First; - loop { - match InternalConstEntry::create(self, entry_type) { - Some(v) => { - let tag_type = v.tag_type(); - entries.push(Entry { - tag: tag_type, - permission: v.permission(), - id: if tag_type == AclTag::User || tag_type == AclTag::Group { - Some(v.qualifier()?) - } else { - None - }, - }); - } - None => { - return Ok(entries); - } - } - entry_type = EntryType::Next; - } - } - - /// Sets an ACL setting defined in [`Acl`]. - /// - /// ```ignore - /// use iceoryx2_bb_posix::access_control_list::*; - /// - /// let mut acl = AccessControlList::new().expect("failed to create acl"); - /// acl.set(Acl::OwningUser, AclPermission::ReadWrite).unwrap(); - /// ``` - pub fn set( - &mut self, - setting: Acl, - permission: AclPermission, - ) -> Result<(), AccessControlListCreationError> { - for entry in &mut self.entries { - if entry.tag_type() as i32 == setting as i32 { - entry.set_permission(permission)?; - return Ok(()); - } - } - - self.add_entry(setting as _, None, permission)?; - Ok(()) - } - - /// Adds a new user to the AccessControlList with a specified permission. - /// - /// ```ignore - /// use iceoryx2_bb_posix::access_control_list::*; - /// use iceoryx2_bb_posix::user::*; - /// - /// let mut acl = AccessControlList::new().expect("failed to create acl"); - /// acl.add_user("testuser1".as_user().unwrap().uid(), AclPermission::ReadExecute ) - /// .expect("failed to add user"); - /// ``` - pub fn add_user( - &mut self, - uid: u32, - permission: AclPermission, - ) -> Result<(), AccessControlListCreationError> { - self.add_entry(AclTag::User as posix::acl_tag_t, Some(uid), permission) - } - - /// Adds a new user to the AccessControlList with a specified permission. - /// - /// ```ignore - /// use iceoryx2_bb_posix::access_control_list::*; - /// use iceoryx2_bb_posix::group::*; - /// - /// let mut acl = AccessControlList::new().expect("failed to create acl"); - /// acl.add_group("testgroup2".as_group().unwrap().gid(), AclPermission::ReadExecute ) - /// .expect("failed to add group"); - /// ``` - pub fn add_group( - &mut self, - gid: u32, - permission: AclPermission, - ) -> Result<(), AccessControlListCreationError> { - self.add_entry(AclTag::Group as posix::acl_tag_t, Some(gid), permission) - } - - /// Applies the AccessControlList to a file descriptor. - pub fn apply_to_file_descriptor(&self, fd: i32) -> Result<(), AccessControlListApplyError> { - if unsafe { posix::acl_valid(self.handle) } == -1 { - fail!(from self, with AccessControlListApplyError::ContainsInvalidValues, "Unable to apply the AccessControlList to file-descriptor {} since it contains invalid values.", fd); - } - - if unsafe { posix::acl_set_fd(fd, self.handle) } == 0 { - return Ok(()); - } - - let msg = "Unable to apply the AccessControlList to file-descriptor"; - handle_errno!(AccessControlListApplyError, from self, - Errno::EBADF => (InvalidFileDescriptor, "{} {} due to an invalid file-descriptor.", msg, fd), - Errno::EINVAL => (ListTooBig, "{} {} since it contains more entries than the file can obtain.", msg, fd), - Errno::ENOSPC => (NoSpaceLeft, "{} {} since there is no space left on the target device.", msg, fd), - Errno::ENOTSUP => (NotSupportedByFileSystem, "{} {} since it is not supported by the file-system.", msg, fd), - Errno::EPERM => (InsufficientPermissions, "{} {} due to insufficient permissions.", msg, fd), - Errno::EROFS => (ReadOnlyFileSystem, "{} {} since the file-system is read-only.", msg, fd), - v => (UnknownError(v as i32), "{} {} since an unknown error occurred ({}).", msg, fd, v) - ); - } - - fn add_entry( - &mut self, - tag: posix::acl_tag_t, - id: Option, - permission: AclPermission, - ) -> Result<(), AccessControlListCreationError> { - let mut new_entry = InternalMutEntry::create(self)?; - new_entry.set_tag(tag)?; - if id.is_some() { - new_entry.set_qualifier(id.unwrap())?; - } - new_entry.set_permission(permission)?; - self.entries.push(new_entry); - - Ok(()) - } -} diff --git a/iceoryx2-bb/posix/src/file_descriptor.rs b/iceoryx2-bb/posix/src/file_descriptor.rs index affc03582..bc37c2c34 100644 --- a/iceoryx2-bb/posix/src/file_descriptor.rs +++ b/iceoryx2-bb/posix/src/file_descriptor.rs @@ -46,8 +46,6 @@ //! use iceoryx2_bb_container::semantic_string::SemanticString; //! use iceoryx2_bb_posix::file_descriptor::*; //! use iceoryx2_bb_posix::file::*; -//! #[cfg(feature = "acl")] -//! use iceoryx2_bb_posix::access_control_list::*; //! use iceoryx2_bb_posix::ownership::*; //! use iceoryx2_bb_posix::user::UserExt; //! use iceoryx2_bb_posix::group::GroupExt; @@ -67,21 +65,10 @@ //! //! // set new permissions //! file.set_permission(Permission::ALL); -//! -//! // set some new ACLs -//! #[cfg(feature = "acl")] -//! { -//! let mut acl = file.access_control_list().expect("failed to get acl"); -//! acl.add_user("testUser2".as_user().unwrap().uid(), AclPermission::Read) -//! .expect("failed to add user"); -//! file.set_access_control_list(&acl); -//! } //! ``` use std::fmt::Debug; -#[cfg(feature = "acl")] -use crate::access_control_list::*; use crate::config::EINTR_REPETITIONS; use crate::file::*; use crate::metadata::Metadata; @@ -307,21 +294,4 @@ pub trait FileDescriptorManagement: FileDescriptorBased + Debug + Sized { "Unable to acquire attributes to create Metadata."), )) } - - /// Returns the current access control list - #[cfg(feature = "acl")] - fn access_control_list( - &self, - ) -> Result { - AccessControlList::from_file_descriptor(unsafe { self.file_descriptor().native_handle() }) - } - - /// Sets a new access control list - #[cfg(feature = "acl")] - fn set_access_control_list( - &self, - acl: &AccessControlList, - ) -> Result<(), AccessControlListApplyError> { - acl.apply_to_file_descriptor(unsafe { self.file_descriptor().native_handle() }) - } } diff --git a/iceoryx2-bb/posix/src/lib.rs b/iceoryx2-bb/posix/src/lib.rs index 50c0e1583..793d96184 100644 --- a/iceoryx2-bb/posix/src/lib.rs +++ b/iceoryx2-bb/posix/src/lib.rs @@ -12,8 +12,6 @@ //! Abstraction of POSIX constructs with a safe API -#[cfg(feature = "acl")] -use access_control_list::AccessControlListError; use barrier::BarrierCreationError; use clock::ClockError; use directory::DirectoryError; @@ -32,8 +30,6 @@ use thread::ThreadError; use unix_datagram_socket::UnixDatagramError; use user::UserError; -#[cfg(feature = "acl")] -pub mod access_control_list; pub mod access_mode; pub mod adaptive_wait; pub mod barrier; @@ -76,29 +72,6 @@ pub mod unique_system_id; pub mod unix_datagram_socket; pub mod user; -#[cfg(feature = "acl")] -enum_gen! {Error - generalization: - AccessControlList <= AccessControlListError, - Barrier <= BarrierCreationError, - Clock <= ClockError, - Directory <= DirectoryError, - File <= FileError, - FileLock <= FileLockError, - Group <= GroupError, - MemoryLock <= MemoryLockError, - Mutex <= MutexError, - Process <= ProcessError, - ReadWriteMutex <= ReadWriteMutexError, - Semaphore <= SemaphoreError, - SharedMemory <= SharedMemoryCreationError, - Signal <= SignalError, - Thread <= ThreadError, - User <= UserError, - UnixDatagramSocket <= UnixDatagramError -} - -#[cfg(not(feature = "acl"))] enum_gen! {Error generalization: Barrier <= BarrierCreationError, diff --git a/iceoryx2-bb/posix/tests/access_control_list_tests.rs b/iceoryx2-bb/posix/tests/access_control_list_tests.rs deleted file mode 100644 index fe7f4721e..000000000 --- a/iceoryx2-bb/posix/tests/access_control_list_tests.rs +++ /dev/null @@ -1,151 +0,0 @@ -// Copyright (c) 2023 Contributors to the Eclipse Foundation -// -// See the NOTICE file(s) distributed with this work for additional -// information regarding copyright ownership. -// -// This program and the accompanying materials are made available under the -// terms of the Apache Software License 2.0 which is available at -// https://www.apache.org/licenses/LICENSE-2.0, or the MIT license -// which is available at https://opensource.org/licenses/MIT. -// -// SPDX-License-Identifier: Apache-2.0 OR MIT - -#[cfg(feature = "acl")] -mod tests { - use iceoryx2_bb_posix::access_control_list::*; - use iceoryx2_bb_posix::config::TEST_DIRECTORY; - use iceoryx2_bb_posix::directory::*; - use iceoryx2_bb_posix::file::*; - use iceoryx2_bb_posix::file_descriptor::FileDescriptorBased; - use iceoryx2_bb_posix::group::*; - use iceoryx2_bb_posix::user::*; - use iceoryx2_bb_system_types::file_name::FileName; - use iceoryx2_bb_system_types::file_path::FilePath; - use iceoryx2_bb_testing::assert_that; - use iceoryx2_bb_testing::test_requires; - use iceoryx2_pal_posix::*; - - // TODO: [#40] - #[ignore] - #[test] - fn access_control_list_string_conversion_works() { - test_requires!(posix::POSIX_SUPPORT_ACL); - - let mut sut = AccessControlList::new().unwrap(); - sut.add_user(0, AclPermission::Execute).unwrap(); - sut.add_group(0, AclPermission::WriteExecute).unwrap(); - - let sut_string = sut.as_string().unwrap(); - let new_sut = AccessControlList::from_string(&sut_string).unwrap(); - - assert_that!(sut.as_string().unwrap(), eq new_sut.as_string().unwrap()); - - let entries = sut.get().unwrap(); - let new_entries = new_sut.get().unwrap(); - - assert_that!(entries, len 6); - let new_entries_len = new_entries.len(); - assert_that!(entries, len new_entries_len); - - for i in 0..6 { - assert_that!(entries[i].id(), eq new_entries[i].id()); - assert_that!(entries[i].permission(), eq new_entries[i].permission()); - assert_that!(entries[i].tag(), eq new_entries[i].tag()); - } - } - - #[test] - fn access_control_list_apply_to_file_works() { - test_requires!(posix::POSIX_SUPPORT_ACL); - - Directory::create(&TEST_DIRECTORY, Permission::OWNER_ALL).unwrap(); - let file_path = FilePath::from_path_and_file(&TEST_DIRECTORY, unsafe { - &FileName::new_unchecked(b"access_control_list_test") - }) - .unwrap(); - - let file = FileBuilder::new(&file_path) - .creation_mode(CreationMode::PurgeAndCreate) - .create() - .unwrap(); - - let mut sut = AccessControlList::new().unwrap(); - sut.set(Acl::OwningUser, AclPermission::ReadExecute) - .unwrap(); - sut.set(Acl::OwningGroup, AclPermission::Execute).unwrap(); - sut.set(Acl::Other, AclPermission::None).unwrap(); - sut.set( - Acl::MaxAccessRightsForNonOwners, - AclPermission::ReadWriteExecute, - ) - .unwrap(); - - // apply basic settings - sut.apply_to_file_descriptor(unsafe { file.file_descriptor().native_handle() }) - .unwrap(); - - // // acquire acl from fd and extend it - let mut sut = AccessControlList::from_file_descriptor(unsafe { - file.file_descriptor().native_handle() - }) - .unwrap(); - - let testuser1_uid = "testuser1".as_user().unwrap().uid(); - let testuser2_uid = "testuser2".as_user().unwrap().uid(); - let testgroup1_gid = "testgroup1".as_group().unwrap().gid(); - let testgroup2_gid = "testgroup2".as_group().unwrap().gid(); - - sut.add_user(testuser1_uid, AclPermission::Read).unwrap(); - sut.add_user(testuser2_uid, AclPermission::Write).unwrap(); - sut.add_group(testgroup1_gid, AclPermission::ReadWrite) - .unwrap(); - sut.add_group(testgroup2_gid, AclPermission::WriteExecute) - .unwrap(); - sut.apply_to_file_descriptor(unsafe { file.file_descriptor().native_handle() }) - .unwrap(); - - let sut = AccessControlList::from_file_descriptor(unsafe { - file.file_descriptor().native_handle() - }) - .unwrap(); - let entries = sut.get().unwrap(); - - for entry in entries { - match entry.tag() { - AclTag::OwningUser => { - assert_that!(entry.permission(), eq AclPermission::ReadExecute) - } - AclTag::OwningGroup => { - assert_that!(entry.permission(), eq AclPermission::Execute) - } - AclTag::Other => { - assert_that!(entry.permission(), eq AclPermission::None) - } - AclTag::MaxAccessRightsForNonOwners => { - assert_that!(entry.permission(), eq AclPermission::ReadWriteExecute) - } - AclTag::User => { - if entry.id() == Some(testuser1_uid) { - assert_that!(entry.permission(), eq AclPermission::Read); - } else if entry.id() == Some(testuser2_uid) { - assert_that!(entry.permission(), eq AclPermission::Write); - } else { - assert_that!(true, eq false); - } - } - AclTag::Group => { - if entry.id() == Some(testgroup1_gid) { - assert_that!(entry.permission(), eq AclPermission::ReadWrite); - } else if entry.id() == Some(testgroup2_gid) { - assert_that!(entry.permission(), eq AclPermission::WriteExecute); - } else { - assert_that!(true, eq false); - } - } - _ => { - assert_that!(true, eq false); - } - } - } - } -} diff --git a/iceoryx2-bb/posix/tests/file_descriptor_tests.rs b/iceoryx2-bb/posix/tests/file_descriptor_tests.rs index a9f2bd4c1..477ea6c40 100644 --- a/iceoryx2-bb/posix/tests/file_descriptor_tests.rs +++ b/iceoryx2-bb/posix/tests/file_descriptor_tests.rs @@ -12,8 +12,6 @@ use iceoryx2_bb_container::semantic_string::SemanticString; use iceoryx2_bb_elementary::math::ToB64; -#[cfg(feature = "acl")] -use iceoryx2_bb_posix::access_control_list::*; use iceoryx2_bb_posix::config::*; use iceoryx2_bb_posix::file::*; use iceoryx2_bb_posix::file_descriptor::*; @@ -26,8 +24,6 @@ use iceoryx2_bb_system_types::file_path::FilePath; use iceoryx2_bb_testing::assert_that; use iceoryx2_bb_testing::test_requires; use iceoryx2_pal_posix::posix::{POSIX_SUPPORT_PERMISSIONS, POSIX_SUPPORT_USERS_AND_GROUPS}; -#[cfg(feature = "acl")] -use iceoryx2_pal_posix::*; #[test] fn file_descriptor_smaller_zero_is_invalid() { @@ -144,36 +140,6 @@ mod file_descriptor_management { test(Permission::OWNER_ALL | Permission::GROUP_ALL | Permission::OTHERS_ALL); } - #[cfg(feature = "acl")] - #[test] - fn access_control_list_handling_works() { - test_requires!(posix::POSIX_SUPPORT_ACL); - - let sut = Sut::sut(); - - let mut acl = sut.access_control_list().unwrap(); - let testuser1_id = "testuser1".as_user().unwrap().uid(); - acl.add_user(testuser1_id, AclPermission::ReadWriteExecute) - .unwrap(); - acl.set( - Acl::MaxAccessRightsForNonOwners, - AclPermission::ReadWriteExecute, - ) - .unwrap(); - sut.set_access_control_list(&acl).unwrap(); - - let acl_entries = sut.access_control_list().unwrap().get().unwrap(); - for entry in acl_entries { - if entry.tag() == AclTag::User && entry.id() == Some(testuser1_id) { - assert_that!(entry.permission(), eq AclPermission::ReadWriteExecute); - return; - } - } - - // entry not found and test failed - assert_that!(false, eq true); - } - #[instantiate_tests()] mod file {} diff --git a/iceoryx2-pal/posix/Cargo.toml b/iceoryx2-pal/posix/Cargo.toml index 50beaa35d..128bbeaaf 100644 --- a/iceoryx2-pal/posix/Cargo.toml +++ b/iceoryx2-pal/posix/Cargo.toml @@ -14,9 +14,6 @@ version = { workspace = true } cc = { workspace = true } bindgen = { workspace = true } -[features] -acl = [] - [dependencies] iceoryx2-pal-concurrency-sync = { workspace = true } iceoryx2-pal-configuration = { workspace = true } diff --git a/iceoryx2-pal/posix/build.rs b/iceoryx2-pal/posix/build.rs index e57ffd96a..585e4c193 100644 --- a/iceoryx2-pal/posix/build.rs +++ b/iceoryx2-pal/posix/build.rs @@ -21,8 +21,6 @@ fn main() { #[cfg(any(target_os = "linux", target_os = "freebsd"))] println!("cargo:rustc-link-lib=pthread"); - #[cfg(all(target_os = "linux", feature = "acl"))] - println!("cargo:rustc-link-lib=acl"); println!("cargo:rerun-if-changed=src/c/posix.h"); let bindings = if std::env::var("DOCS_RS").is_ok() { @@ -35,7 +33,6 @@ fn main() { .generate() .expect("Unable to generate bindings") } else { - #[cfg(not(feature = "acl"))] { bindgen::Builder::default() .header("src/c/posix.h") @@ -45,17 +42,6 @@ fn main() { .generate() .expect("Unable to generate bindings") } - - #[cfg(feature = "acl")] - { - bindgen::Builder::default() - .header("src/c/posix.h") - .blocklist_type("max_align_t") - .parse_callbacks(Box::new(CargoCallbacks::new())) - .clang_arg("-D IOX2_ACL_SUPPORT") - .generate() - .expect("Unable to generate bindings") - } }; let out_path = PathBuf::from(env::var("OUT_DIR").unwrap()); diff --git a/iceoryx2-pal/posix/src/c/posix.h b/iceoryx2-pal/posix/src/c/posix.h index 70ac96162..77326e1f5 100644 --- a/iceoryx2-pal/posix/src/c/posix.h +++ b/iceoryx2-pal/posix/src/c/posix.h @@ -16,9 +16,6 @@ #ifdef __FreeBSD__ #include #include -#if defined(IOX2_ACL_SUPPORT) && !defined(IOX2_DOCS_RS_SUPPORT) -#include -#endif #include #include #include @@ -31,9 +28,6 @@ #endif #ifdef __linux__ -#if defined(IOX2_ACL_SUPPORT) && !defined(IOX2_DOCS_RS_SUPPORT) -#include -#endif #include #endif @@ -64,89 +58,6 @@ #include #include -#if defined(IOX2_DOCS_RS_SUPPORT) && defined(IOX2_ACL_SUPPORT) -/////////////////////////////// -// stub libacl.h implementation -/////////////////////////////// - -typedef int acl_tag_t; -typedef unsigned int acl_perm_t; -typedef int acl_type_t; -typedef int acl_t; -typedef int acl_entry_t; -typedef int acl_permset_t; - -#define ACL_EXECUTE 0x01 -#define ACL_WRITE 0x02 -#define ACL_READ 0x04 - -#define ACL_UNDEFINED_TAG 0 -#define ACL_USER_OBJ 1 -#define ACL_USER 2 -#define ACL_GROUP_OBJ 3 -#define ACL_GROUP 4 -#define ACL_MASK 5 -#define ACL_OTHER 6 - -#define ACL_FIRST_ENTRY 7 -#define ACL_NEXT_ENTRY 8 - -int acl_get_perm(acl_permset_t, acl_perm_t) { - return 0; -} -acl_t acl_init(int) { - return 0; -} -int acl_free(void*) { - return 0; -} -int acl_valid(acl_t) { - return 0; -} -int acl_create_entry(acl_t*, acl_entry_t*) { - return 0; -} -int acl_get_entry(acl_t, int, acl_entry_t*) { - return 0; -} -int acl_add_perm(acl_permset_t, acl_perm_t) { - return 0; -} -int acl_clear_perms(acl_permset_t) { - return 0; -} -int acl_get_permset(acl_entry_t, acl_permset_t*) { - return 0; -} -int acl_set_permset(acl_entry_t, acl_permset_t) { - return 0; -} -void* acl_get_qualifier(acl_entry_t) { - return NULL; -} -int acl_set_qualifier(acl_entry_t, const void*) { - return 0; -} -int acl_get_tag_type(acl_entry_t, acl_tag_t*) { - return 0; -} -int acl_set_tag_type(acl_entry_t, acl_tag_t) { - return 0; -} -acl_t acl_get_fd(int) { - return 0; -} -int acl_set_fd(int, acl_t) { - return 0; -} -char* acl_to_text(acl_t, ssize_t*) { - return NULL; -} -acl_t acl_from_text(const char*) { - return 0; -} -#endif - #if !(defined(_WIN64) || defined(_WIN32)) struct iox2_sigaction { size_t iox2_sa_handler; diff --git a/iceoryx2-pal/posix/src/freebsd/acl.rs b/iceoryx2-pal/posix/src/freebsd/acl.rs deleted file mode 100644 index b2b0f3326..000000000 --- a/iceoryx2-pal/posix/src/freebsd/acl.rs +++ /dev/null @@ -1,110 +0,0 @@ -// Copyright (c) 2023 Contributors to the Eclipse Foundation -// -// See the NOTICE file(s) distributed with this work for additional -// information regarding copyright ownership. -// -// This program and the accompanying materials are made available under the -// terms of the Apache Software License 2.0 which is available at -// https://www.apache.org/licenses/LICENSE-2.0, or the MIT license -// which is available at https://opensource.org/licenses/MIT. -// -// SPDX-License-Identifier: Apache-2.0 OR MIT - -#![allow(non_camel_case_types)] -#![allow(clippy::missing_safety_doc)] - -use crate::posix::types::*; - -pub const ACL_READ: acl_perm_t = crate::internal::ACL_READ; -pub const ACL_WRITE: acl_perm_t = crate::internal::ACL_WRITE; -pub const ACL_EXECUTE: acl_perm_t = crate::internal::ACL_EXECUTE; - -pub const ACL_UNDEFINED_TAG: acl_tag_t = crate::internal::ACL_UNDEFINED_TAG as _; -pub const ACL_USER_OBJ: acl_tag_t = crate::internal::ACL_USER_OBJ as _; -pub const ACL_USER: acl_tag_t = crate::internal::ACL_USER as _; -pub const ACL_GROUP_OBJ: acl_tag_t = crate::internal::ACL_GROUP_OBJ as _; -pub const ACL_GROUP: acl_tag_t = crate::internal::ACL_GROUP as _; -pub const ACL_MASK: acl_tag_t = crate::internal::ACL_MASK as _; -pub const ACL_OTHER: acl_tag_t = crate::internal::ACL_OTHER as _; - -pub const ACL_FIRST_ENTRY: int = crate::internal::ACL_FIRST_ENTRY as _; -pub const ACL_NEXT_ENTRY: int = crate::internal::ACL_NEXT_ENTRY as _; - -pub type acl_t = crate::internal::acl_t; -pub type acl_permset_t = crate::internal::acl_permset_t; -pub type acl_entry_t = crate::internal::acl_entry_t; -pub type acl_type_t = crate::internal::acl_type_t; -pub type acl_tag_t = crate::internal::acl_tag_t; -pub type acl_perm_t = crate::internal::acl_perm_t; - -pub unsafe fn acl_get_perm(permset: acl_permset_t, perm: acl_perm_t) -> int { - crate::internal::acl_get_perm_np(permset, perm) -} - -pub unsafe fn acl_init(count: int) -> acl_t { - crate::internal::acl_init(count) -} - -pub unsafe fn acl_free(data: *mut void) -> int { - crate::internal::acl_free(data) -} - -pub unsafe fn acl_valid(acl: acl_t) -> int { - crate::internal::acl_valid(acl) -} - -pub unsafe fn acl_create_entry(acl: *mut acl_t, entry: *mut acl_entry_t) -> int { - crate::internal::acl_create_entry(acl, entry) -} - -pub unsafe fn acl_get_entry(acl: acl_t, entry_id: int, entry: *mut acl_entry_t) -> int { - crate::internal::acl_get_entry(acl, entry_id, entry) -} - -pub unsafe fn acl_add_perm(permset: acl_permset_t, perm: acl_perm_t) -> int { - crate::internal::acl_add_perm(permset, perm) -} - -pub unsafe fn acl_clear_perms(permset: acl_permset_t) -> int { - crate::internal::acl_clear_perms(permset) -} - -pub unsafe fn acl_get_permset(entry: acl_entry_t, permset: *mut acl_permset_t) -> int { - crate::internal::acl_get_permset(entry, permset) -} - -pub unsafe fn acl_set_permset(entry: acl_entry_t, permset: acl_permset_t) -> int { - crate::internal::acl_set_permset(entry, permset) -} - -pub unsafe fn acl_get_qualifier(entry: acl_entry_t) -> *mut void { - crate::internal::acl_get_qualifier(entry) -} - -pub unsafe fn acl_set_qualifier(entry: acl_entry_t, tag_qualifier: *const void) -> int { - crate::internal::acl_set_qualifier(entry, tag_qualifier) -} - -pub unsafe fn acl_get_tag_type(entry: acl_entry_t, acl_tag_type: *mut acl_tag_t) -> int { - crate::internal::acl_get_tag_type(entry, acl_tag_type) -} - -pub unsafe fn acl_set_tag_type(entry: acl_entry_t, acl_tag_type: acl_tag_t) -> int { - crate::internal::acl_set_tag_type(entry, acl_tag_type) -} - -pub unsafe fn acl_get_fd(fd: int) -> acl_t { - crate::internal::acl_get_fd(fd) -} - -pub unsafe fn acl_set_fd(fd: int, acl: acl_t) -> int { - crate::internal::acl_set_fd(fd, acl) -} - -pub unsafe fn acl_to_text(acl: acl_t, len_p: *mut ssize_t) -> *const c_char { - crate::internal::acl_to_text(acl, len_p) -} - -pub unsafe fn acl_from_text(buf_p: *const c_char) -> acl_t { - crate::internal::acl_from_text(buf_p) -} diff --git a/iceoryx2-pal/posix/src/freebsd/mod.rs b/iceoryx2-pal/posix/src/freebsd/mod.rs index 85c6248f3..2a3d5dd38 100644 --- a/iceoryx2-pal/posix/src/freebsd/mod.rs +++ b/iceoryx2-pal/posix/src/freebsd/mod.rs @@ -10,8 +10,6 @@ // // SPDX-License-Identifier: Apache-2.0 OR MIT -#[cfg(feature = "acl")] -pub mod acl; pub mod constants; pub mod dirent; pub mod errno; @@ -37,8 +35,6 @@ pub mod time; pub mod types; pub mod unistd; -#[cfg(feature = "acl")] -pub use crate::freebsd::acl::*; pub use crate::freebsd::constants::*; pub use crate::freebsd::dirent::*; pub use crate::freebsd::errno::*; diff --git a/iceoryx2-pal/posix/src/linux/acl.rs b/iceoryx2-pal/posix/src/linux/acl.rs deleted file mode 100644 index c73664f07..000000000 --- a/iceoryx2-pal/posix/src/linux/acl.rs +++ /dev/null @@ -1,110 +0,0 @@ -// Copyright (c) 2023 Contributors to the Eclipse Foundation -// -// See the NOTICE file(s) distributed with this work for additional -// information regarding copyright ownership. -// -// This program and the accompanying materials are made available under the -// terms of the Apache Software License 2.0 which is available at -// https://www.apache.org/licenses/LICENSE-2.0, or the MIT license -// which is available at https://opensource.org/licenses/MIT. -// -// SPDX-License-Identifier: Apache-2.0 OR MIT - -#![allow(non_camel_case_types)] -#![allow(clippy::missing_safety_doc)] - -use crate::posix::types::*; - -pub const ACL_READ: acl_perm_t = crate::internal::ACL_READ; -pub const ACL_WRITE: acl_perm_t = crate::internal::ACL_WRITE; -pub const ACL_EXECUTE: acl_perm_t = crate::internal::ACL_EXECUTE; - -pub const ACL_UNDEFINED_TAG: acl_tag_t = crate::internal::ACL_UNDEFINED_TAG as _; -pub const ACL_USER_OBJ: acl_tag_t = crate::internal::ACL_USER_OBJ as _; -pub const ACL_USER: acl_tag_t = crate::internal::ACL_USER as _; -pub const ACL_GROUP_OBJ: acl_tag_t = crate::internal::ACL_GROUP_OBJ as _; -pub const ACL_GROUP: acl_tag_t = crate::internal::ACL_GROUP as _; -pub const ACL_MASK: acl_tag_t = crate::internal::ACL_MASK as _; -pub const ACL_OTHER: acl_tag_t = crate::internal::ACL_OTHER as _; - -pub const ACL_FIRST_ENTRY: int = crate::internal::ACL_FIRST_ENTRY as _; -pub const ACL_NEXT_ENTRY: int = crate::internal::ACL_NEXT_ENTRY as _; - -pub type acl_t = crate::internal::acl_t; -pub type acl_permset_t = crate::internal::acl_permset_t; -pub type acl_entry_t = crate::internal::acl_entry_t; -pub type acl_type_t = crate::internal::acl_type_t; -pub type acl_tag_t = crate::internal::acl_tag_t; -pub type acl_perm_t = crate::internal::acl_perm_t; - -pub unsafe fn acl_get_perm(permset: acl_permset_t, perm: acl_perm_t) -> int { - crate::internal::acl_get_perm(permset, perm) -} - -pub unsafe fn acl_init(count: int) -> acl_t { - crate::internal::acl_init(count) -} - -pub unsafe fn acl_free(data: *mut void) -> int { - crate::internal::acl_free(data) -} - -pub unsafe fn acl_valid(acl: acl_t) -> int { - crate::internal::acl_valid(acl) -} - -pub unsafe fn acl_create_entry(acl: *mut acl_t, entry: *mut acl_entry_t) -> int { - crate::internal::acl_create_entry(acl, entry) -} - -pub unsafe fn acl_get_entry(acl: acl_t, entry_id: int, entry: *mut acl_entry_t) -> int { - crate::internal::acl_get_entry(acl, entry_id, entry) -} - -pub unsafe fn acl_add_perm(permset: acl_permset_t, perm: acl_perm_t) -> int { - crate::internal::acl_add_perm(permset, perm) -} - -pub unsafe fn acl_clear_perms(permset: acl_permset_t) -> int { - crate::internal::acl_clear_perms(permset) -} - -pub unsafe fn acl_get_permset(entry: acl_entry_t, permset: *mut acl_permset_t) -> int { - crate::internal::acl_get_permset(entry, permset) -} - -pub unsafe fn acl_set_permset(entry: acl_entry_t, permset: acl_permset_t) -> int { - crate::internal::acl_set_permset(entry, permset) -} - -pub unsafe fn acl_get_qualifier(entry: acl_entry_t) -> *mut void { - crate::internal::acl_get_qualifier(entry) -} - -pub unsafe fn acl_set_qualifier(entry: acl_entry_t, tag_qualifier: *const void) -> int { - crate::internal::acl_set_qualifier(entry, tag_qualifier) -} - -pub unsafe fn acl_get_tag_type(entry: acl_entry_t, acl_tag_type: *mut acl_tag_t) -> int { - crate::internal::acl_get_tag_type(entry, acl_tag_type) -} - -pub unsafe fn acl_set_tag_type(entry: acl_entry_t, acl_tag_type: acl_tag_t) -> int { - crate::internal::acl_set_tag_type(entry, acl_tag_type) -} - -pub unsafe fn acl_get_fd(fd: int) -> acl_t { - crate::internal::acl_get_fd(fd) -} - -pub unsafe fn acl_set_fd(fd: int, acl: acl_t) -> int { - crate::internal::acl_set_fd(fd, acl) -} - -pub unsafe fn acl_to_text(acl: acl_t, len_p: *mut ssize_t) -> *const c_char { - crate::internal::acl_to_text(acl, len_p) -} - -pub unsafe fn acl_from_text(buf_p: *const c_char) -> acl_t { - crate::internal::acl_from_text(buf_p) -} diff --git a/iceoryx2-pal/posix/src/linux/mod.rs b/iceoryx2-pal/posix/src/linux/mod.rs index 1fa0831c9..bcb8a061e 100644 --- a/iceoryx2-pal/posix/src/linux/mod.rs +++ b/iceoryx2-pal/posix/src/linux/mod.rs @@ -10,8 +10,6 @@ // // SPDX-License-Identifier: Apache-2.0 OR MIT -#[cfg(feature = "acl")] -pub mod acl; pub mod constants; pub mod dirent; pub mod errno; @@ -36,8 +34,6 @@ pub mod time; pub mod types; pub mod unistd; -#[cfg(feature = "acl")] -pub use crate::linux::acl::*; pub use crate::linux::constants::*; pub use crate::linux::dirent::*; pub use crate::linux::errno::*; diff --git a/iceoryx2-pal/posix/src/macos/acl.rs b/iceoryx2-pal/posix/src/macos/acl.rs deleted file mode 100644 index 95ad701a7..000000000 --- a/iceoryx2-pal/posix/src/macos/acl.rs +++ /dev/null @@ -1,110 +0,0 @@ -// Copyright (c) 2023 Contributors to the Eclipse Foundation -// -// See the NOTICE file(s) distributed with this work for additional -// information regarding copyright ownership. -// -// This program and the accompanying materials are made available under the -// terms of the Apache Software License 2.0 which is available at -// https://www.apache.org/licenses/LICENSE-2.0, or the MIT license -// which is available at https://opensource.org/licenses/MIT. -// -// SPDX-License-Identifier: Apache-2.0 OR MIT - -#![allow(non_camel_case_types)] -#![allow(clippy::missing_safety_doc)] - -use crate::posix::types::*; - -pub const ACL_READ: acl_perm_t = 1; -pub const ACL_WRITE: acl_perm_t = 2; -pub const ACL_EXECUTE: acl_perm_t = 4; - -pub const ACL_UNDEFINED_TAG: acl_tag_t = 1; -pub const ACL_USER_OBJ: acl_tag_t = 2; -pub const ACL_USER: acl_tag_t = 4; -pub const ACL_GROUP_OBJ: acl_tag_t = 8; -pub const ACL_GROUP: acl_tag_t = 16; -pub const ACL_MASK: acl_tag_t = 32; -pub const ACL_OTHER: acl_tag_t = 64; - -pub const ACL_FIRST_ENTRY: int = 128; -pub const ACL_NEXT_ENTRY: int = 256; - -pub type acl_t = usize; -pub type acl_permset_t = usize; -pub type acl_entry_t = usize; -pub type acl_type_t = usize; -pub type acl_tag_t = usize; -pub type acl_perm_t = u32; - -pub unsafe fn acl_get_perm(_permset: acl_permset_t, _perm: acl_perm_t) -> int { - -1 -} - -pub unsafe fn acl_init(_count: int) -> acl_t { - 0 -} - -pub unsafe fn acl_free(_data: *mut void) -> int { - -1 -} - -pub unsafe fn acl_valid(_acl: acl_t) -> int { - -1 -} - -pub unsafe fn acl_create_entry(_acl: *mut acl_t, _entry: *mut acl_entry_t) -> int { - -1 -} - -pub unsafe fn acl_get_entry(_acl: acl_t, _entry_id: int, _entry: *mut acl_entry_t) -> int { - -1 -} - -pub unsafe fn acl_add_perm(_permset: acl_permset_t, _perm: acl_perm_t) -> int { - -1 -} - -pub unsafe fn acl_clear_perms(_permset: acl_permset_t) -> int { - -1 -} - -pub unsafe fn acl_get_permset(_entry: acl_entry_t, _permset: *mut acl_permset_t) -> int { - -1 -} - -pub unsafe fn acl_set_permset(_entry: acl_entry_t, _permset: acl_permset_t) -> int { - -1 -} - -pub unsafe fn acl_get_qualifier(_entry: acl_entry_t) -> *mut void { - core::ptr::null_mut::() -} - -pub unsafe fn acl_set_qualifier(_entry: acl_entry_t, _tag_qualifier: *const void) -> int { - -1 -} - -pub unsafe fn acl_get_tag_type(_entry: acl_entry_t, _acl_tag_type: *mut acl_tag_t) -> int { - -1 -} - -pub unsafe fn acl_set_tag_type(_entry: acl_entry_t, _acl_tag_type: acl_tag_t) -> int { - -1 -} - -pub unsafe fn acl_get_fd(_fd: int) -> acl_t { - 0 -} - -pub unsafe fn acl_set_fd(_fd: int, _acl: acl_t) -> int { - -1 -} - -pub unsafe fn acl_to_text(_acl: acl_t, _len_p: *mut ssize_t) -> *const c_char { - core::ptr::null::() -} - -pub unsafe fn acl_from_text(_buf_p: *const c_char) -> acl_t { - 0 -} diff --git a/iceoryx2-pal/posix/src/macos/mod.rs b/iceoryx2-pal/posix/src/macos/mod.rs index 0501a1e49..534ed2568 100644 --- a/iceoryx2-pal/posix/src/macos/mod.rs +++ b/iceoryx2-pal/posix/src/macos/mod.rs @@ -10,8 +10,6 @@ // // SPDX-License-Identifier: Apache-2.0 OR MIT -#[cfg(feature = "acl")] -pub mod acl; pub mod constants; pub mod dirent; pub mod errno; @@ -37,8 +35,6 @@ pub mod time; pub mod types; pub mod unistd; -#[cfg(feature = "acl")] -pub use crate::macos::acl::*; pub use crate::macos::constants::*; pub use crate::macos::dirent::*; pub use crate::macos::errno::*; diff --git a/iceoryx2-pal/posix/src/windows/acl.rs b/iceoryx2-pal/posix/src/windows/acl.rs deleted file mode 100644 index 6120ab632..000000000 --- a/iceoryx2-pal/posix/src/windows/acl.rs +++ /dev/null @@ -1,114 +0,0 @@ -// Copyright (c) 2023 Contributors to the Eclipse Foundation -// -// See the NOTICE file(s) distributed with this work for additional -// information regarding copyright ownership. -// -// This program and the accompanying materials are made available under the -// terms of the Apache Software License 2.0 which is available at -// https://www.apache.org/licenses/LICENSE-2.0, or the MIT license -// which is available at https://opensource.org/licenses/MIT. -// -// SPDX-License-Identifier: Apache-2.0 OR MIT - -#![allow(non_camel_case_types)] -#![allow(clippy::missing_safety_doc)] -#![allow(unused_variables)] - -use crate::posix::types::*; - -pub const ACL_READ: acl_perm_t = 1; -pub const ACL_WRITE: acl_perm_t = 2; -pub const ACL_EXECUTE: acl_perm_t = 4; - -pub const ACL_UNDEFINED_TAG: acl_tag_t = 0; -pub const ACL_USER_OBJ: acl_tag_t = 1; -pub const ACL_USER: acl_tag_t = 2; -pub const ACL_GROUP_OBJ: acl_tag_t = 4; -pub const ACL_GROUP: acl_tag_t = 8; -pub const ACL_MASK: acl_tag_t = 16; -pub const ACL_OTHER: acl_tag_t = 32; - -pub const ACL_FIRST_ENTRY: int = 0; -pub const ACL_NEXT_ENTRY: int = 1; - -pub type acl_t = u64; -pub type acl_permset_t = u64; -pub type acl_entry_t = u64; - -pub struct acl_type_t {} -impl Struct for acl_type_t {} - -pub type acl_tag_t = u64; -pub type acl_perm_t = u32; - -pub unsafe fn acl_get_perm(permset: acl_permset_t, perm: acl_perm_t) -> int { - -1 -} - -pub unsafe fn acl_init(count: int) -> acl_t { - acl_t::MAX -} - -pub unsafe fn acl_free(data: *mut void) -> int { - -1 -} - -pub unsafe fn acl_valid(acl: acl_t) -> int { - -1 -} - -pub unsafe fn acl_create_entry(acl: *mut acl_t, entry: *mut acl_entry_t) -> int { - -1 -} - -pub unsafe fn acl_get_entry(acl: acl_t, entry_id: int, entry: *mut acl_entry_t) -> int { - -1 -} - -pub unsafe fn acl_add_perm(permset: acl_permset_t, perm: acl_perm_t) -> int { - -1 -} - -pub unsafe fn acl_clear_perms(permset: acl_permset_t) -> int { - -1 -} - -pub unsafe fn acl_get_permset(entry: acl_entry_t, permset: *mut acl_permset_t) -> int { - -1 -} - -pub unsafe fn acl_set_permset(entry: acl_entry_t, permset: acl_permset_t) -> int { - -1 -} - -pub unsafe fn acl_get_qualifier(entry: acl_entry_t) -> *mut void { - core::ptr::null_mut::() -} - -pub unsafe fn acl_set_qualifier(entry: acl_entry_t, tag_qualifier: *const void) -> int { - -1 -} - -pub unsafe fn acl_get_tag_type(entry: acl_entry_t, acl_tag_type: *mut acl_tag_t) -> int { - -1 -} - -pub unsafe fn acl_set_tag_type(entry: acl_entry_t, acl_tag_type: acl_tag_t) -> int { - -1 -} - -pub unsafe fn acl_get_fd(fd: int) -> acl_t { - acl_t::MAX -} - -pub unsafe fn acl_set_fd(fd: int, acl: acl_t) -> int { - -1 -} - -pub unsafe fn acl_to_text(acl: acl_t, len_p: *mut ssize_t) -> *const c_char { - core::ptr::null::() -} - -pub unsafe fn acl_from_text(buf_p: *const c_char) -> acl_t { - acl_t::MAX -} diff --git a/iceoryx2-pal/posix/src/windows/mod.rs b/iceoryx2-pal/posix/src/windows/mod.rs index 58fc74868..2682458f9 100644 --- a/iceoryx2-pal/posix/src/windows/mod.rs +++ b/iceoryx2-pal/posix/src/windows/mod.rs @@ -10,8 +10,6 @@ // // SPDX-License-Identifier: Apache-2.0 OR MIT -#[cfg(feature = "acl")] -pub mod acl; pub mod constants; pub mod dirent; pub mod errno; @@ -43,8 +41,6 @@ pub mod win32_handle_translator; pub mod win32_security_attributes; mod win32_udp_port_to_uds_name; -#[cfg(feature = "acl")] -pub use crate::windows::acl::*; pub use crate::windows::constants::*; pub use crate::windows::dirent::*; pub use crate::windows::errno::*;