Blame - poky/bitbake/lib/bb/acl.py - mdmillerii/openbmc

blob: 0f41b275cf6d8d12a6ec0e2c844a444e52499f59 [file] [log] [blame]

Andrew Geissler	5082cc7	2023-09-11 08:41:39 -0400	[diff] [blame^]	1	#! /usr/bin/env python3
				2	#
				3	# Copyright 2023 by Garmin Ltd. or its subsidiaries
				4	#
				5	# SPDX-License-Identifier: MIT
				6
				7
				8	import sys
				9	import ctypes
				10	import os
				11	import errno
				12	import pwd
				13	import grp
				14
				15	libacl = ctypes.CDLL("libacl.so.1", use_errno=True)
				16
				17
				18	ACL_TYPE_ACCESS = 0x8000
				19	ACL_TYPE_DEFAULT = 0x4000
				20
				21	ACL_FIRST_ENTRY = 0
				22	ACL_NEXT_ENTRY = 1
				23
				24	ACL_UNDEFINED_TAG = 0x00
				25	ACL_USER_OBJ = 0x01
				26	ACL_USER = 0x02
				27	ACL_GROUP_OBJ = 0x04
				28	ACL_GROUP = 0x08
				29	ACL_MASK = 0x10
				30	ACL_OTHER = 0x20
				31
				32	ACL_READ = 0x04
				33	ACL_WRITE = 0x02
				34	ACL_EXECUTE = 0x01
				35
				36	acl_t = ctypes.c_void_p
				37	acl_entry_t = ctypes.c_void_p
				38	acl_permset_t = ctypes.c_void_p
				39	acl_perm_t = ctypes.c_uint
				40
				41	acl_tag_t = ctypes.c_int
				42
				43	libacl.acl_free.argtypes = [acl_t]
				44
				45
				46	def acl_free(acl):
				47	libacl.acl_free(acl)
				48
				49
				50	libacl.acl_get_file.restype = acl_t
				51	libacl.acl_get_file.argtypes = [ctypes.c_char_p, ctypes.c_uint]
				52
				53
				54	def acl_get_file(path, typ):
				55	acl = libacl.acl_get_file(os.fsencode(path), typ)
				56	if acl is None:
				57	err = ctypes.get_errno()
				58	raise OSError(err, os.strerror(err), str(path))
				59
				60	return acl
				61
				62
				63	libacl.acl_get_entry.argtypes = [acl_t, ctypes.c_int, ctypes.c_void_p]
				64
				65
				66	def acl_get_entry(acl, entry_id):
				67	entry = acl_entry_t()
				68	ret = libacl.acl_get_entry(acl, entry_id, ctypes.byref(entry))
				69	if ret < 0:
				70	err = ctypes.get_errno()
				71	raise OSError(err, os.strerror(err))
				72
				73	if ret == 0:
				74	return None
				75
				76	return entry
				77
				78
				79	libacl.acl_get_tag_type.argtypes = [acl_entry_t, ctypes.c_void_p]
				80
				81
				82	def acl_get_tag_type(entry_d):
				83	tag = acl_tag_t()
				84	ret = libacl.acl_get_tag_type(entry_d, ctypes.byref(tag))
				85	if ret < 0:
				86	err = ctypes.get_errno()
				87	raise OSError(err, os.strerror(err))
				88	return tag.value
				89
				90
				91	libacl.acl_get_qualifier.restype = ctypes.c_void_p
				92	libacl.acl_get_qualifier.argtypes = [acl_entry_t]
				93
				94
				95	def acl_get_qualifier(entry_d):
				96	ret = libacl.acl_get_qualifier(entry_d)
				97	if ret is None:
				98	err = ctypes.get_errno()
				99	raise OSError(err, os.strerror(err))
				100	return ctypes.c_void_p(ret)
				101
				102
				103	libacl.acl_get_permset.argtypes = [acl_entry_t, ctypes.c_void_p]
				104
				105
				106	def acl_get_permset(entry_d):
				107	permset = acl_permset_t()
				108	ret = libacl.acl_get_permset(entry_d, ctypes.byref(permset))
				109	if ret < 0:
				110	err = ctypes.get_errno()
				111	raise OSError(err, os.strerror(err))
				112
				113	return permset
				114
				115
				116	libacl.acl_get_perm.argtypes = [acl_permset_t, acl_perm_t]
				117
				118
				119	def acl_get_perm(permset_d, perm):
				120	ret = libacl.acl_get_perm(permset_d, perm)
				121	if ret < 0:
				122	err = ctypes.get_errno()
				123	raise OSError(err, os.strerror(err))
				124	return bool(ret)
				125
				126
				127	class Entry(object):
				128	def __init__(self, tag, qualifier, mode):
				129	self.tag = tag
				130	self.qualifier = qualifier
				131	self.mode = mode
				132
				133	def __str__(self):
				134	typ = ""
				135	qual = ""
				136	if self.tag == ACL_USER:
				137	typ = "user"
				138	qual = pwd.getpwuid(self.qualifier).pw_name
				139	elif self.tag == ACL_GROUP:
				140	typ = "group"
				141	qual = grp.getgrgid(self.qualifier).gr_name
				142	elif self.tag == ACL_USER_OBJ:
				143	typ = "user"
				144	elif self.tag == ACL_GROUP_OBJ:
				145	typ = "group"
				146	elif self.tag == ACL_MASK:
				147	typ = "mask"
				148	elif self.tag == ACL_OTHER:
				149	typ = "other"
				150
				151	r = "r" if self.mode & ACL_READ else "-"
				152	w = "w" if self.mode & ACL_WRITE else "-"
				153	x = "x" if self.mode & ACL_EXECUTE else "-"
				154
				155	return f"{typ}:{qual}:{r}{w}{x}"
				156
				157
				158	class ACL(object):
				159	def __init__(self, acl):
				160	self.acl = acl
				161
				162	def __del__(self):
				163	acl_free(self.acl)
				164
				165	def entries(self):
				166	entry_id = ACL_FIRST_ENTRY
				167	while True:
				168	entry = acl_get_entry(self.acl, entry_id)
				169	if entry is None:
				170	break
				171
				172	permset = acl_get_permset(entry)
				173
				174	mode = 0
				175	for m in (ACL_READ, ACL_WRITE, ACL_EXECUTE):
				176	if acl_get_perm(permset, m):
				177	mode \|= m
				178
				179	qualifier = None
				180	tag = acl_get_tag_type(entry)
				181
				182	if tag == ACL_USER or tag == ACL_GROUP:
				183	qual = acl_get_qualifier(entry)
				184	qualifier = ctypes.cast(qual, ctypes.POINTER(ctypes.c_int))[0]
				185
				186	yield Entry(tag, qualifier, mode)
				187
				188	entry_id = ACL_NEXT_ENTRY
				189
				190	@classmethod
				191	def from_path(cls, path, typ):
				192	acl = acl_get_file(path, typ)
				193	return cls(acl)
				194
				195
				196	def main():
				197	import argparse
				198	import pwd
				199	import grp
				200	from pathlib import Path
				201
				202	parser = argparse.ArgumentParser()
				203	parser.add_argument("path", help="File Path", type=Path)
				204
				205	args = parser.parse_args()
				206
				207	acl = ACL.from_path(args.path, ACL_TYPE_ACCESS)
				208	for entry in acl.entries():
				209	print(str(entry))
				210
				211	return 0
				212
				213
				214	if __name__ == "__main__":
				215	sys.exit(main())