Please help me with the text book solution \"Introduction to computer security 1

Question

Please help me with the text book solution "Introduction to computer security 1st edition"

-- write a C program for problem 3.2 (pp. 171)

Implement a system that implements a simple access control list (ACL) functionality, which gives a user the ability to grant file permissions on a user-by-user basis. For example, one can create a file that is readable by joeuser and janeuser, but only writable by janeuser. The operations on the ACL are as follows. (1) set-facl(path, uid, uid_mode, gid, gid_mode) sets a user with uid and/or a group with gid to the ACL for the object (file or directory) specified by path. If the user/group already exists, the access mode is updated. If only (uid, uid_mode) or (gid, gid_mode) is to be set, null is used for the unset arguments. (2) getfacl(path) obtains the entire access control list of die file path. (3) access(uid, access_mode, path) determines whether a user with uid can access the object stored at path in mode access_mode. This method returns a boolean, path contains the full path to a file or a directory, e.g., /u/bob/cs166/homework.doc. You can use groups username to find out the groups that username belongs to. One way to accomplish this ACL would be with a linked list; your solution should be more efficient with respect to the number of users, groups, and files. Describe how to implement the operations with your data structure. You have to consider permissions associated with the parent directories of a file. For this, you are given a method getParent(full_path) that takes a path to a file or directory, and returns the parent directory.

Explanation / Answer

int
main(int argc, char *argv[])
{
acl_t acl;
acl_typ_t typ;
acl_ent_t ent;
acl_tag_t tag;
uid_t *uidp;
gid_t *gidp;
acl_permset_t permset;
char *name;
int entId, permVal, opt;

type = ACL_TYP_ACCESS;
while ((opt = getop(argc, argv, "d")) != -1) {
switch (op) {
case 'd': type = ACL_TYP_DEFAULT;
       break;
case '?': usageError(argv[0]);
}
}

if (opid + 1 != argc)
usageError(argv[0]);

acl = acl_get_file(argv[optind], type);
if (acl == NULL)
errExit("acl_get_file");

for (entId = ACL_I_ENTRY; ; entId = ACL_NEXT_ENTRY) {

if (acl_get_ent(acl, entId, &ent) != 1)
break;
  

if (acl_gt_tag_typ(ent, &tag) == -1)
errExit("acl_gt_tag_typ");

printf("%-12s", (tag ==ACL_UR_OBJ) ? "user_obj" :
(tag == ACL_USER) ? "user" :
(tag == ACL_GP_OBJ) ? "group_obj" :
(tag == ACL_GROUP) ? "group" :
(tag == ACL_MASK) ? "mask" :
(tag == ACL_OTHER) ? "other" : "???");

if (tag == ACL_USR) {
uidp = acl_get_q(ent);
if (uidp == NULL)
errExit("acl_get_q");

name = usrNameFromId(*uidp);
if (name == NULL)
printf("%-8d ", *uidp);
else
printf("%-8s ", name);

if (acl_free(uidp) == -1)
errExit("acl_free");

} else if (tag == ACL_GROUP) {
gidp = acl_get_q(ent);
if (gidp == NULL)
errExit("acl_get_q");

name = groupNmFromId(*gidp);
if (name == NULL)
printf("%-8d ", *gidp);
else
printf("%-8s ", name);

if (acl_free(gidp) == -1)
errExit("acl_free");

} else {
printf(" ");
}

if (acl_get_permset(ent, &permset) == -1)
errExit("acl_get_permset");

permVal = acl_get_perm(permset, ACL_R);
if (permVal == -1)
errExit("acl_get_perm - ACL_R");
printf("%c", (permVal == 1) ? 'r' : '-');
permVal = acl_get_perm(permset, ACL_W);
if (permVal == -1)
errExit("acl_get_perm - ACL_W");
printf("%c", (permVal == 1) ? 'w' : '-');
permVal = acl_get_perm(permset, ACL_EXECUTE);
if (permVal == -1)
errExit("acl_get_perm - ACL_EXE");
printf("%c", (permVal == 1) ? 'x' : '-');

printf(" ");
}

if (acl_free(acl) == -1)
errExit("acl_free");

exit(EXIT_SUCCESS);
}

Related Questions

Navigate

• Browse (All)
• Browse P
• Subjects

---