2 Copyright (c) 2008, 2009, 2010 Frank Lahm <franklahm@gmail.com>
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; either version 2 of the License, or
7 (at your option) any later version.
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
17 #endif /* HAVE_CONFIG_H */
26 #ifdef HAVE_SOLARIS_ACLS
29 #ifdef HAVE_POSIX_ACLS
31 #include <acl/libacl.h>
34 #include <atalk/errchk.h>
35 #include <atalk/adouble.h>
36 #include <atalk/vfs.h>
37 #include <atalk/afp.h>
38 #include <atalk/util.h>
39 #include <atalk/cnid.h>
40 #include <atalk/logger.h>
41 #include <atalk/uuid.h>
42 #include <atalk/acl.h>
44 #include "directory.h"
50 #include "acl_mappings.h"
53 #define SOLARIS_2_DARWIN 1
54 #define DARWIN_2_SOLARIS 2
55 #define POSIX_DEFAULT_2_DARWIN 3
56 #define POSIX_ACCESS_2_DARWIN 4
57 #define DARWIN_2_POSIX 5
62 /********************************************************
63 * Basic and helper funcs
64 ********************************************************/
67 Takes a users name, uid and primary gid and checks if user is member of any group
68 Returns -1 if no or error, 0 if yes
70 static int check_group(char *name, uid_t uid _U_, gid_t pgid, gid_t path_gid)
79 EC_NULL(grp = getgrgid(path_gid));
82 while (grp->gr_mem[i] != NULL) {
83 if ( (strcmp(grp->gr_mem[i], name)) == 0 ) {
84 LOG(log_debug, logtype_afpd, "check_group: requested user:%s is member of: %s", name, grp->gr_name);
95 /********************************************************
97 ********************************************************/
99 #ifdef HAVE_SOLARIS_ACLS
101 Remove any trivial ACE "in-place". Returns no of non-trivial ACEs
103 static int strip_trivial_aces(ace_t **saces, int sacecount)
108 ace_t *aces = *saces;
111 /* Count non-trivial ACEs */
112 for (i=0; i < sacecount; ) {
113 if ( ! (aces[i].a_flags & (ACE_OWNER | ACE_GROUP | ACE_EVERYONE)))
117 /* malloc buffer for new ACL */
118 EC_NULL_LOG(new_aces = malloc(nontrivaces * sizeof(ace_t)));
120 /* Copy non-trivial ACEs */
121 for (i=0, j=0; i < sacecount; ) {
122 if ( ! (aces[i].a_flags & (ACE_OWNER | ACE_GROUP | ACE_EVERYONE))) {
123 memcpy(&new_aces[j], &aces[i], sizeof(ace_t));
132 LOG(log_debug7, logtype_afpd, "strip_trivial_aces: non-trivial ACEs: %d", nontrivaces);
140 Remove non-trivial ACEs "in-place". Returns no of trivial ACEs.
142 static int strip_nontrivial_aces(ace_t **saces, int sacecount)
147 ace_t *aces = *saces;
150 /* Count trivial ACEs */
151 for (i=0; i < sacecount; ) {
152 if ((aces[i].a_flags & (ACE_OWNER | ACE_GROUP | ACE_EVERYONE)))
156 /* malloc buffer for new ACL */
157 EC_NULL_LOG(new_aces = malloc(trivaces * sizeof(ace_t)));
159 /* Copy trivial ACEs */
160 for (i=0, j=0; i < sacecount; ) {
161 if ((aces[i].a_flags & (ACE_OWNER | ACE_GROUP | ACE_EVERYONE))) {
162 memcpy(&new_aces[j], &aces[i], sizeof(ace_t));
171 LOG(log_debug7, logtype_afpd, "strip_nontrivial_aces: trivial ACEs: %d", trivaces);
181 static ace_t *concat_aces(ace_t *aces1, int ace1count, ace_t *aces2, int ace2count)
187 /* malloc buffer for new ACL */
188 EC_NULL_LOG(new_aces = malloc((ace1count + ace2count) * sizeof(ace_t)));
190 /* Copy ACEs from buf1 */
191 for (i=0; i < ace1count; ) {
192 memcpy(&new_aces[i], &aces1[i], sizeof(ace_t));
198 /* Copy ACEs from buf2 */
199 for (i=0; i < ace2count; ) {
200 memcpy(&new_aces[j], &aces2[i], sizeof(ace_t));
211 Maps ACE array from Solaris to Darwin. Darwin ACEs are stored in network byte order.
212 Return numer of mapped ACEs or -1 on error.
213 All errors while mapping (e.g. getting UUIDs from LDAP) are fatal.
215 static int map_aces_solaris_to_darwin(ace_t *aces, darwin_ace_t *darwin_aces, int ace_count)
221 struct passwd *pwd = NULL;
222 struct group *grp = NULL;
224 LOG(log_debug7, logtype_afpd, "map_aces_solaris_to_darwin: parsing %d ACES", ace_count);
227 LOG(log_debug7, logtype_afpd, "map_aces_solaris_to_darwin: parsing ACE No. %d", ace_count + 1);
228 /* if its a ACE resulting from nfsv4 mode mapping, discard it */
229 if (aces->a_flags & (ACE_OWNER | ACE_GROUP | ACE_EVERYONE)) {
230 LOG(log_debug, logtype_afpd, "map_aces_solaris_to_darwin: trivial ACE");
235 if ( ! (aces->a_flags & ACE_IDENTIFIER_GROUP) ) {
237 LOG(log_debug, logtype_afpd, "map_aces_solaris_to_darwin: found user ACE with uid: %d", aces->a_who);
239 EC_NULL_LOG(pwd = getpwuid(aces->a_who));
240 LOG(log_debug, logtype_afpd, "map_aces_solaris_to_darwin: uid: %d -> name: %s", aces->a_who, pwd->pw_name);
242 EC_ZERO_LOG(getuuidfromname(pwd->pw_name, UUID_USER, darwin_aces->darwin_ace_uuid));
244 /* its a group ace */
245 LOG(log_debug, logtype_afpd, "map_aces_solaris_to_darwin: found group ACE with gid: %d", aces->a_who);
247 EC_NULL_LOG(grp = getgrgid(aces->a_who));
248 LOG(log_debug, logtype_afpd, "map_aces_solaris_to_darwin: gid: %d -> name: %s", aces->a_who, grp->gr_name);
249 EC_ZERO_LOG(getuuidfromname(grp->gr_name, UUID_GROUP, darwin_aces->darwin_ace_uuid));
253 if (aces->a_type == ACE_ACCESS_ALLOWED_ACE_TYPE)
254 flags = DARWIN_ACE_FLAGS_PERMIT;
255 else if (aces->a_type == ACE_ACCESS_DENIED_ACE_TYPE)
256 flags = DARWIN_ACE_FLAGS_DENY;
257 else { /* unsupported type */
261 for(i=0; nfsv4_to_darwin_flags[i].from != 0; i++) {
262 if (aces->a_flags & nfsv4_to_darwin_flags[i].from)
263 flags |= nfsv4_to_darwin_flags[i].to;
265 darwin_aces->darwin_ace_flags = htonl(flags);
269 for (i=0; nfsv4_to_darwin_rights[i].from != 0; i++) {
270 if (aces->a_access_mask & nfsv4_to_darwin_rights[i].from)
271 rights |= nfsv4_to_darwin_rights[i].to;
273 darwin_aces->darwin_ace_rights = htonl(rights);
286 Maps ACE array from Darwin to Solaris. Darwin ACEs are expected in network byte order.
287 Return numer of mapped ACEs or -1 on error.
288 All errors while mapping (e.g. getting UUIDs from LDAP) are fatal.
290 int map_aces_darwin_to_solaris(darwin_ace_t *darwin_aces, ace_t *nfsv4_aces, int ace_count)
293 int i, mapped_aces = 0;
294 uint32_t darwin_ace_flags;
295 uint32_t darwin_ace_rights;
296 uint16_t nfsv4_ace_flags;
297 uint32_t nfsv4_ace_rights;
305 nfsv4_ace_rights = 0;
308 EC_ZERO(getnamefromuuid(darwin_aces->darwin_ace_uuid, &name, &uuidtype));
310 if (uuidtype == UUID_USER) {
311 EC_NULL_LOG(pwd = getpwnam(name));
312 nfsv4_aces->a_who = pwd->pw_uid;
313 } else { /* hopefully UUID_GROUP*/
314 EC_NULL_LOG(grp = getgrnam(name));
315 nfsv4_aces->a_who = (uid_t)(grp->gr_gid);
316 nfsv4_ace_flags |= ACE_IDENTIFIER_GROUP;
321 /* now type: allow/deny */
322 darwin_ace_flags = ntohl(darwin_aces->darwin_ace_flags);
323 if (darwin_ace_flags & DARWIN_ACE_FLAGS_PERMIT)
324 nfsv4_aces->a_type = ACE_ACCESS_ALLOWED_ACE_TYPE;
325 else if (darwin_ace_flags & DARWIN_ACE_FLAGS_DENY)
326 nfsv4_aces->a_type = ACE_ACCESS_DENIED_ACE_TYPE;
327 else { /* unsupported type */
332 for(i=0; darwin_to_nfsv4_flags[i].from != 0; i++) {
333 if (darwin_ace_flags & darwin_to_nfsv4_flags[i].from)
334 nfsv4_ace_flags |= darwin_to_nfsv4_flags[i].to;
338 darwin_ace_rights = ntohl(darwin_aces->darwin_ace_rights);
339 for (i=0; darwin_to_nfsv4_rights[i].from != 0; i++) {
340 if (darwin_ace_rights & darwin_to_nfsv4_rights[i].from)
341 nfsv4_ace_rights |= darwin_to_nfsv4_rights[i].to;
344 LOG(log_debug9, logtype_afpd, "map_aces_darwin_to_solaris: ACE flags: Darwin:%08x -> NFSv4:%04x", darwin_ace_flags, nfsv4_ace_flags);
345 LOG(log_debug9, logtype_afpd, "map_aces_darwin_to_solaris: ACE rights: Darwin:%08x -> NFSv4:%08x", darwin_ace_rights, nfsv4_ace_rights);
347 nfsv4_aces->a_flags = nfsv4_ace_flags;
348 nfsv4_aces->a_access_mask = nfsv4_ace_rights;
361 #endif /* HAVE_SOLARIS_ACLS */
363 #ifdef HAVE_POSIX_ACLS
364 static int posix_ace_set_mode(acl_entry_t entry, uint32_t darwin_ace_rights, int is_dir)
367 acl_permset_t permset;
369 if ((ret = acl_get_permset(entry, &permset)) != 0) {
372 if ((ret = acl_clear_perms(permset)) != 0) {
375 if ((darwin_ace_rights & DARWIN_ACE_READ_DATA)
376 && ((ret = acl_add_perm(permset, ACL_READ)) != 0)) {
379 if ((darwin_ace_rights & (DARWIN_ACE_WRITE_DATA | (DARWIN_ACE_DELETE_CHILD & is_dir)))
380 && ((ret = acl_add_perm(permset, ACL_WRITE)) != 0)) {
383 if ((darwin_ace_rights & DARWIN_ACE_EXECUTE)
384 && ((ret = acl_add_perm(permset, ACL_EXECUTE)) != 0)) {
387 return acl_set_permset(entry, permset);
391 * Map Darwin ACL to POSIX ACL.
393 * aclp must point to a acl_init'ed acl_t or an acl_t that can eg contain default ACEs.
395 * @param darwin_aces (r) pointer to darwin_aces buffer
396 * @param aclp (rw) pointer to an initialized acl_t
397 * @param is_dir (r) 1 for directories, 0 for files
398 * @param ace_count (r) number of ACEs in darwin_aces buffer
400 * @returns 0 on success storing the result in aclp, -1 on error.
402 static int map_acl_darwin_to_posix(const darwin_ace_t *darwin_aces,
413 uint32_t darwin_ace_flags;
415 while (ace_count--) {
416 /* type: allow/deny, posix only has allow */
417 darwin_ace_flags = ntohl(darwin_aces->darwin_ace_flags);
418 if ( ! (darwin_ace_flags & DARWIN_ACE_FLAGS_PERMIT)) {
423 /* POSIX ACLs don't have all the inherit stuff */
425 && (darwin_ace_flags & (DARWIN_ACE_FLAGS_FILE_INHERIT
426 | DARWIN_ACE_FLAGS_DIRECTORY_INHERIT))) {
433 EC_ZERO_LOG(acl_create_entry(aclp, &e));
436 EC_ZERO_LOG(getnamefromuuid(darwin_aces->darwin_ace_uuid, &name, &uuidtype));
437 if (uuidtype == UUID_USER) {
438 EC_NULL_LOG(pwd = getpwnam(name));
441 } else { /* hopefully UUID_GROUP*/
442 EC_NULL_LOG(getgrnam(name));
444 id = (uid_t)(grp->gr_gid);
449 EC_ZERO_LOG(acl_set_tag_type(e, tag));
450 EC_ZERO_LOG(acl_set_qualifier(e, &id));
451 posix_ace_set_mode(e, ntohl(darwin_aces->darwin_ace_rights), is_dir);
456 EC_ZERO_LOG(acl_valid(*aclp));
466 * Map ACEs from POSIX to Darwin.
467 * type is either POSIX_DEFAULT_2_DARWIN or POSIX_ACCESS_2_DARWIN, cf. acl_get_file.
468 * Return number of mapped ACES, -1 on error.
470 static int map_acl_posix_to_darwin(int type, const acl_t acl, darwin_ace_t *darwin_aces)
475 int entry_id = ACL_FIRST_ENTRY;
478 acl_permset_t permset, mask;
481 struct passwd *pwd = NULL;
482 struct group *grp = NULL;
485 darwin_ace_t *saved_darwin_aces = darwin_aces;
487 LOG(log_maxdebug, logtype_afpd, "map_aces_posix_to_darwin(%s)",
488 (type & MAP_MASK) == POSIX_DEFAULT_2_DARWIN ?
489 "POSIX_DEFAULT_2_DARWIN" : "POSIX_ACCESS_2_DARWIN");
491 /* itereate through all ACEs */
492 while (acl_get_entry(acl, entry_id, &e) == 1) {
493 entry_id = ACL_NEXT_ENTRY;
496 EC_ZERO_LOG(acl_get_tag_type(e, &tag));
498 /* we return user and group ACE */
501 EC_NULL_LOG(uid = (uid_t *)acl_get_qualifier(e));
502 EC_NULL_LOG(pwd = getpwuid(*uid));
503 LOG(log_debug, logtype_afpd, "map_aces_posix_to_darwin: uid: %d -> name: %s",
505 EC_ZERO_LOG(getuuidfromname(pwd->pw_name, UUID_USER, darwin_aces->darwin_ace_uuid));
511 EC_NULL_LOG(gid = (gid_t *)acl_get_qualifier(e));
512 EC_NULL_LOG(grp = getgrgid(*gid));
513 LOG(log_debug, logtype_afpd, "map_aces_posix_to_darwin: gid: %d -> name: %s",
515 EC_ZERO_LOG(getuuidfromname(grp->gr_name, UUID_GROUP, darwin_aces->darwin_ace_uuid));
520 /* store mask so we can apply it later in a second loop */
522 EC_ZERO_LOG(acl_get_permset(e, &mask));
531 flags = DARWIN_ACE_FLAGS_PERMIT;
532 if ((type & MAP_MASK) == POSIX_DEFAULT_2_DARWIN)
533 flags |= DARWIN_ACE_FLAGS_FILE_INHERIT
534 | DARWIN_ACE_FLAGS_DIRECTORY_INHERIT
535 | DARWIN_ACE_FLAGS_ONLY_INHERIT;
536 darwin_aces->darwin_ace_flags = htonl(flags);
539 EC_ZERO_LOG(acl_get_permset(e, &permset));
542 if (acl_get_perm(permset, ACL_READ))
543 rights = DARWIN_ACE_READ_DATA
544 | DARWIN_ACE_READ_EXTATTRIBUTES
545 | DARWIN_ACE_READ_ATTRIBUTES
546 | DARWIN_ACE_READ_SECURITY;
547 if (acl_get_perm(permset, ACL_WRITE)) {
548 rights |= DARWIN_ACE_WRITE_DATA
549 | DARWIN_ACE_APPEND_DATA
550 | DARWIN_ACE_WRITE_EXTATTRIBUTES
551 | DARWIN_ACE_WRITE_ATTRIBUTES;
552 if ((type & ~MAP_MASK) == IS_DIR)
553 rights |= DARWIN_ACE_DELETE;
555 if (acl_get_perm(permset, ACL_EXECUTE))
556 rights |= DARWIN_ACE_EXECUTE;
558 darwin_aces->darwin_ace_rights = htonl(rights);
565 /* Loop through the mapped ACE buffer once again, applying the mask */
566 /* Map the mask to Darwin ACE rights first */
568 if (acl_get_perm(mask, ACL_READ))
569 rights = DARWIN_ACE_READ_DATA
570 | DARWIN_ACE_READ_EXTATTRIBUTES
571 | DARWIN_ACE_READ_ATTRIBUTES
572 | DARWIN_ACE_READ_SECURITY;
573 if (acl_get_perm(mask, ACL_WRITE)) {
574 rights |= DARWIN_ACE_WRITE_DATA
575 | DARWIN_ACE_APPEND_DATA
576 | DARWIN_ACE_WRITE_EXTATTRIBUTES
577 | DARWIN_ACE_WRITE_ATTRIBUTES;
578 if ((type & ~MAP_MASK) == IS_DIR)
579 rights |= DARWIN_ACE_DELETE;
581 if (acl_get_perm(mask, ACL_EXECUTE))
582 rights |= DARWIN_ACE_EXECUTE;
583 for (int i = mapped_aces; i > 0; i--) {
584 saved_darwin_aces->darwin_ace_rights &= htonl(rights);
591 if (uid) acl_free(uid);
592 if (gid) acl_free(gid);
598 * Multiplex ACL mapping (SOLARIS_2_DARWIN, DARWIN_2_SOLARIS, POSIX_2_DARWIN, DARWIN_2_POSIX).
599 * Reads from 'aces' buffer, writes to 'rbuf' buffer.
600 * Caller must provide buffer.
601 * Darwin ACEs are read and written in network byte order.
602 * Needs to know how many ACEs are in the ACL (ace_count) for Solaris ACLs.
603 * Ignores trivial ACEs.
604 * Return no of mapped ACEs or -1 on error.
606 static int map_acl(int type, const void *acl, darwin_ace_t *buf, int ace_count)
610 LOG(log_debug9, logtype_afpd, "map_acl: BEGIN");
612 switch (type & MAP_MASK) {
614 #ifdef HAVE_SOLARIS_ACLS
615 case SOLARIS_2_DARWIN:
616 mapped_aces = map_aces_solaris_to_darwin( acl, buf, ace_count);
619 case DARWIN_2_SOLARIS:
620 mapped_aces = map_aces_darwin_to_solaris( buf, acl, ace_count);
622 #endif /* HAVE_SOLARIS_ACLS */
624 #ifdef HAVE_POSIX_ACLS
625 case POSIX_DEFAULT_2_DARWIN:
626 mapped_aces = map_acl_posix_to_darwin(type, (const acl_t)acl, buf);
629 case POSIX_ACCESS_2_DARWIN:
630 mapped_aces = map_acl_posix_to_darwin(type, (const acl_t)acl, buf);
635 #endif /* HAVE_POSIX_ACLS */
642 LOG(log_debug9, logtype_afpd, "map_acl: END");
646 /* Get ACL from object omitting trivial ACEs. Map to Darwin ACL style and
647 store Darwin ACL at rbuf. Add length of ACL written to rbuf to *rbuflen.
648 Returns 0 on success, -1 on error. */
649 static int get_and_map_acl(char *name, char *rbuf, size_t *rbuflen)
654 uint32_t *darwin_ace_count = (u_int32_t *)rbuf;
655 #ifdef HAVE_SOLARIS_ACLS
659 #ifdef HAVE_POSIX_ACLS
662 LOG(log_debug9, logtype_afpd, "get_and_map_acl: BEGIN");
664 /* Skip length and flags */
669 #ifdef HAVE_SOLARIS_ACLS
670 EC_NEG1(ace_count = get_nfsv4_acl(name, &aces));
671 EC_NEG1(mapped_aces = map_acl(SOLARIS_2_DARWIN, aces, (darwin_ace_t *)rbuf, ace_count));
672 #endif /* HAVE_SOLARIS_ACLS */
674 #ifdef HAVE_POSIX_ACLS
675 acl_t defacl = NULL , accacl = NULL;
677 /* stat to check if its a dir */
678 EC_ZERO_LOG(stat(name, &st));
680 /* if its a dir, check for default acl too */
682 if (S_ISDIR(st.st_mode)) {
684 EC_NULL_LOG(defacl = acl_get_file(name, ACL_TYPE_DEFAULT));
685 EC_NEG1(mapped_aces = map_acl(POSIX_DEFAULT_2_DARWIN | dirflag,
687 (darwin_ace_t *)rbuf,
691 EC_NULL_LOG(accacl = acl_get_file(name, ACL_TYPE_ACCESS));
694 EC_NEG1(tmp = map_acl(POSIX_ACCESS_2_DARWIN | dirflag,
696 (darwin_ace_t *)(rbuf + mapped_aces * sizeof(darwin_ace_t)),
699 #endif /* HAVE_POSIX_ACLS */
701 LOG(log_debug, logtype_afpd, "get_and_map_acl: mapped %d ACEs", mapped_aces);
703 *darwin_ace_count = htonl(mapped_aces);
704 *rbuflen += sizeof(darwin_acl_header_t) + (mapped_aces * sizeof(darwin_ace_t));
709 #ifdef HAVE_SOLARIS_ACLS
710 if (aces) free(aces);
712 #ifdef HAVE_POSIX_ACLS
713 if (defacl) acl_free(defacl);
714 if (accacl) acl_free(accacl);
715 #endif /* HAVE_POSIX_ACLS */
717 LOG(log_debug9, logtype_afpd, "get_and_map_acl: END");
722 /* Removes all non-trivial ACLs from object. Returns full AFPERR code. */
723 static int remove_acl(const struct vol *vol,const char *path, int dir)
727 #ifdef HAVE_SOLARIS_ACLS
728 /* Ressource etc. first */
729 if ((ret = vol->vfs->vfs_remove_acl(vol, path, dir)) != AFP_OK)
731 /* now the data fork or dir */
732 ret = remove_acl_vfs(path);
739 - the client sends a complete list of ACEs, not only new ones. So we dont need to do
740 any combination business (one exception being 'kFileSec_Inherit': see next)
741 - client might request that we add inherited ACEs via 'kFileSec_Inherit'.
742 We will store inherited ACEs first, which is Darwins canonical order.
743 - returns AFPerror code
745 #ifdef HAVE_SOLARIS_ACLS
746 static int set_acl(const struct vol *vol, char *name, int inherit, char *ibuf)
749 int i, nfsv4_ace_count;
750 int tocopy_aces_count = 0, new_aces_count = 0, trivial_ace_count = 0;
751 ace_t *old_aces, *new_aces = NULL;
755 LOG(log_debug9, logtype_afpd, "set_acl: BEGIN");
757 /* Get no of ACEs the client put on the wire */
758 ace_count = htonl(*((uint32_t *)ibuf));
759 ibuf += 8; /* skip ACL flags (see acls.h) */
762 /* inherited + trivial ACEs */
763 flags = ACE_INHERITED_ACE | ACE_OWNER | ACE_GROUP | ACE_EVERYONE;
765 /* only trivial ACEs */
766 flags = ACE_OWNER | ACE_GROUP | ACE_EVERYONE;
768 /* Get existing ACL and count ACEs which have to be copied */
769 if ((nfsv4_ace_count = get_nfsv4_acl(name, &old_aces)) == -1)
771 for ( i=0; i < nfsv4_ace_count; i++) {
772 if (old_aces[i].a_flags & flags)
776 /* Now malloc buffer exactly sized to fit all new ACEs */
777 if (EC_NULL_CUSTOM(new_aces = malloc((ace_count + tocopy_aces_count) * sizeof(ace_t)))) {
778 LOG(log_error, logtype_afpd, "set_acl: malloc %s", strerror(errno));
779 EC_STATUS(AFPERR_MISC);
783 /* Start building new ACL */
785 /* Copy local inherited ACEs. Therefore we have 'Darwin canonical order' (see chmod there):
786 inherited ACEs first. */
788 for (i=0; i < nfsv4_ace_count; i++) {
789 if (old_aces[i].a_flags & ACE_INHERITED_ACE) {
790 memcpy(&new_aces[new_aces_count], &old_aces[i], sizeof(ace_t));
795 LOG(log_debug7, logtype_afpd, "set_acl: copied %d inherited ACEs", new_aces_count);
797 /* Now the ACEs from the client */
798 if (EC_NEG1_CUSTOM(map_acl(DARWIN_2_SOLARIS,
799 &new_aces[new_aces_count],
800 (darwin_ace_t *)ibuf,
802 EC_STATUS(AFPERR_PARAM);
805 new_aces_count += ace_count;
806 LOG(log_debug7, logtype_afpd, "set_acl: mapped %d ACEs from client", ace_count);
808 /* Now copy the trivial ACEs */
809 for (i=0; i < nfsv4_ace_count; i++) {
810 if (old_aces[i].a_flags & (ACE_OWNER | ACE_GROUP | ACE_EVERYONE)) {
811 memcpy(&new_aces[new_aces_count], &old_aces[i], sizeof(ace_t));
816 LOG(log_debug7, logtype_afpd, "set_acl: copied %d trivial ACEs", trivial_ace_count);
818 /* Ressourcefork first.
819 Note: for dirs we set the same ACL on the .AppleDouble/.Parent _file_. This
820 might be strange for ACE_DELETE_CHILD and for inheritance flags. */
821 if (EC_ZERO_CUSTOM(vol->vfs->vfs_acl(vol, name, ACE_SETACL, new_aces_count, new_aces))) {
822 LOG(log_error, logtype_afpd, "set_acl: error setting acl: %s", strerror(errno));
823 if (errno == (EACCES | EPERM))
824 EC_STATUS(AFPERR_ACCESS);
825 else if (errno == ENOENT)
826 EC_STATUS(AFPERR_NOITEM);
828 EC_STATUS(AFPERR_MISC);
831 if (EC_ZERO_CUSTOM(acl(name, ACE_SETACL, new_aces_count, new_aces))) {
832 LOG(log_error, logtype_afpd, "set_acl: error setting acl: %s", strerror(errno));
833 if (errno == (EACCES | EPERM))
834 EC_STATUS(AFPERR_ACCESS);
835 else if (errno == ENOENT)
836 EC_STATUS(AFPERR_NOITEM);
838 EC_STATUS(AFPERR_MISC);
845 if (old_aces) free(old_aces);
846 if (new_aces) free(new_aces);
848 LOG(log_debug9, logtype_afpd, "set_acl: END");
851 #endif /* HAVE_SOLARIS_ACLS */
853 #ifdef HAVE_POSIX_ACLS
854 static int set_acl(const struct vol *vol, char *name, int inherit, char *ibuf)
859 LOG(log_maxdebug, logtype_afpd, "set_acl: BEGIN");
861 /* Get no of ACEs the client put on the wire */
862 uint32_t ace_count = htonl(*((uint32_t *)ibuf));
863 ibuf += 8; /* skip ACL flags (see acls.h) */
867 /* get default ACEs */
869 EC_ZERO_LOG_ERR(stat(name, &st), AFPERR_NOOBJ);
870 if (S_ISDIR(st.st_mode)) {
872 EC_NULL_LOG_ERR(acl = acl_get_file(name, ACL_TYPE_DEFAULT), AFPERR_MISC);
875 EC_NULL_LOG_ERR(acl = acl_init(0), AFPERR_MISC);
878 EC_ZERO_LOG(map_acl_darwin_to_posix((darwin_ace_t *)ibuf, &acl, is_dir, ace_count));
885 LOG(log_maxdebug, logtype_afpd, "set_acl: END: %u", ret);
888 #endif /* HAVE_POSIX_ACLS */
891 Checks if a given UUID has requested_rights(type darwin_ace_rights) for path.
892 Note: this gets called frequently and is a good place for optimizations !
894 #ifdef HAVE_SOLARIS_ACLS
895 static int check_acl_access(const char *path, const uuidp_t uuid, uint32_t requested_darwin_rights)
897 int ret, i, ace_count, dir, checkgroup;
898 char *username = NULL; /* might be group too */
902 uint32_t requested_rights = 0, allowed_rights = 0, denied_rights = 0;
906 int check_user_trivace = 0, check_group_trivace = 0;
913 LOG(log_debug9, logtype_afpd, "check_access: BEGIN. Request: %08x", requested_darwin_rights);
915 /* Get uid or gid from UUID */
916 if ( (getnamefromuuid(uuid, &username, &uuidtype)) != 0) {
917 LOG(log_error, logtype_afpd, "check_access: error getting name from UUID");
922 if ((lstat(path, &st)) != 0) {
923 LOG(log_error, logtype_afpd, "check_access: stat: %s", strerror(errno));
927 dir = S_ISDIR(st.st_mode);
929 if (uuidtype == UUID_USER) {
930 pwd = getpwnam(username);
932 LOG(log_error, logtype_afpd, "check_access: getpwnam: %s", strerror(errno));
939 /* If user is file/dir owner we must check the user trivial ACE */
940 if (uid == st.st_uid) {
941 LOG(log_debug, logtype_afpd, "check_access: user: %s is files owner. Must check trivial user ACE", username);
942 check_user_trivace = 1;
945 /* Now check if requested user is files owning group. If yes we must check the group trivial ACE */
946 if ( (check_group(username, uid, pgid, st.st_gid)) == 0) {
947 LOG(log_debug, logtype_afpd, "check_access: user: %s is in group: %d. Must check trivial group ACE", username, st.st_gid);
948 check_group_trivace = 1;
950 } else { /* hopefully UUID_GROUP*/
951 LOG(log_error, logtype_afpd, "check_access: afp_access for UUID of groups not supported!");
953 grp = getgrnam(username);
955 LOG(log_error, logtype_afpd, "check_access: getgrnam: %s", strerror(errno));
958 if (st.st_gid == grp->gr_gid )
959 check_group_trivace = 1;
963 /* Map requested rights to Solaris style. */
964 for (i=0; darwin_to_nfsv4_rights[i].from != 0; i++) {
965 if (requested_darwin_rights & darwin_to_nfsv4_rights[i].from)
966 requested_rights |= darwin_to_nfsv4_rights[i].to;
969 /* Get ACL from file/dir */
970 if ( (ace_count = get_nfsv4_acl(path, &aces)) == -1) {
971 LOG(log_error, logtype_afpd, "check_access: error getting ACEs");
975 if (ace_count == 0) {
976 LOG(log_debug, logtype_afpd, "check_access: 0 ACEs from get_nfsv4_acl");
981 /* Now check requested rights */
984 do { /* Loop through ACEs */
986 flags = aces[i].a_flags;
987 type = aces[i].a_type;
988 rights = aces[i].a_access_mask;
990 if (flags & ACE_INHERIT_ONLY_ACE)
993 /* Check if its a group ACE and set checkgroup to 1 if yes */
995 if ( (flags & ACE_IDENTIFIER_GROUP) && !(flags & ACE_GROUP) ) {
996 if ( (check_group(username, uid, pgid, who)) == 0)
1002 /* Now the tricky part: decide if ACE effects our user. I'll explain:
1003 if its a dedicated (non trivial) ACE for the user
1005 if its a ACE for a group we're member of
1007 if its a trivial ACE_OWNER ACE and requested UUID is the owner
1009 if its a trivial ACE_GROUP ACE and requested UUID is group
1011 if its a trivial ACE_EVERYONE ACE
1015 ( (who == uid) && !(flags & (ACE_TRIVIAL|ACE_IDENTIFIER_GROUP)) ) ||
1017 ( (flags & ACE_OWNER) && check_user_trivace ) ||
1018 ( (flags & ACE_GROUP) && check_group_trivace ) ||
1019 ( flags & ACE_EVERYONE )
1021 /* Found an applicable ACE */
1022 if (type == ACE_ACCESS_ALLOWED_ACE_TYPE)
1023 allowed_rights |= rights;
1024 else if (type == ACE_ACCESS_DENIED_ACE_TYPE)
1025 /* Only or to denied rights if not previously allowed !! */
1026 denied_rights |= ((!allowed_rights) & rights);
1028 } while (++i < ace_count);
1031 /* Darwin likes to ask for "delete_child" on dir,
1032 "write_data" is actually the same, so we add that for dirs */
1033 if (dir && (allowed_rights & ACE_WRITE_DATA))
1034 allowed_rights |= ACE_DELETE_CHILD;
1036 if (requested_rights & denied_rights) {
1037 LOG(log_debug, logtype_afpd, "check_access: some requested right was denied:");
1038 ret = AFPERR_ACCESS;
1039 } else if ((requested_rights & allowed_rights) != requested_rights) {
1040 LOG(log_debug, logtype_afpd, "check_access: some requested right wasn't allowed:");
1041 ret = AFPERR_ACCESS;
1043 LOG(log_debug, logtype_afpd, "check_access: all requested rights are allowed:");
1047 LOG(log_debug, logtype_afpd, "check_access: Requested rights: %08x, allowed_rights: %08x, denied_rights: %08x, Result: %d",
1048 requested_rights, allowed_rights, denied_rights, ret);
1054 LOG(log_debug9, logtype_afpd, "check_access: END");
1058 #endif /* HAVE_SOLARIS_ACLS */
1060 #ifdef HAVE_POSIX_ACLS
1061 static int check_acl_access(const char *path, const uuidp_t uuid, uint32_t requested_darwin_rights)
1064 * FIXME: for OS X >= 10.6 it seems fp_access isn't called anymore, instead
1065 * the client just tries to perform any action, relying on the server
1066 * to enforce permission (which the OS does for us), returning appropiate
1067 * error codes in case the action failed.
1068 * So to summarize: I think it's safe to not implement this function and
1069 * just always return AFP_OK.
1073 #endif /* HAVE_POSIX_ACLS */
1075 /********************************************************
1077 ********************************************************/
1079 int afp_access(AFPObj *obj, char *ibuf, size_t ibuflen _U_, char *rbuf _U_, size_t *rbuflen)
1084 uint32_t did, darwin_ace_rights;
1086 struct path *s_path;
1089 LOG(log_debug9, logtype_afpd, "afp_access: BEGIN");
1094 memcpy(&vid, ibuf, sizeof( vid ));
1095 ibuf += sizeof(vid);
1096 if (NULL == ( vol = getvolbyvid( vid ))) {
1097 LOG(log_error, logtype_afpd, "afp_access: error getting volid:%d", vid);
1098 return AFPERR_NOOBJ;
1101 memcpy(&did, ibuf, sizeof( did ));
1102 ibuf += sizeof( did );
1103 if (NULL == ( dir = dirlookup( vol, did ))) {
1104 LOG(log_error, logtype_afpd, "afp_access: error getting did:%d", did);
1111 /* Store UUID address */
1112 uuid = (uuidp_t)ibuf;
1113 ibuf += UUID_BINSIZE;
1115 /* Store ACE rights */
1116 memcpy(&darwin_ace_rights, ibuf, 4);
1117 darwin_ace_rights = ntohl(darwin_ace_rights);
1120 /* get full path and handle file/dir subtleties in netatalk code*/
1121 if (NULL == ( s_path = cname( vol, dir, &ibuf ))) {
1122 LOG(log_error, logtype_afpd, "afp_getacl: cname got an error!");
1123 return AFPERR_NOOBJ;
1125 if (!s_path->st_valid)
1126 of_statdir(vol, s_path);
1127 if ( s_path->st_errno != 0 ) {
1128 LOG(log_error, logtype_afpd, "afp_getacl: cant stat");
1129 return AFPERR_NOOBJ;
1132 ret = check_acl_access(s_path->u_name, uuid, darwin_ace_rights);
1134 LOG(log_debug9, logtype_afpd, "afp_access: END");
1138 int afp_getacl(AFPObj *obj, char *ibuf, size_t ibuflen _U_, char *rbuf _U_, size_t *rbuflen)
1144 uint16_t vid, bitmap;
1145 struct path *s_path;
1149 LOG(log_debug9, logtype_afpd, "afp_getacl: BEGIN");
1153 memcpy(&vid, ibuf, sizeof( vid ));
1154 ibuf += sizeof(vid);
1155 if (NULL == ( vol = getvolbyvid( vid ))) {
1156 LOG(log_error, logtype_afpd, "afp_getacl: error getting volid:%d", vid);
1157 return AFPERR_NOOBJ;
1160 memcpy(&did, ibuf, sizeof( did ));
1161 ibuf += sizeof( did );
1162 if (NULL == ( dir = dirlookup( vol, did ))) {
1163 LOG(log_error, logtype_afpd, "afp_getacl: error getting did:%d", did);
1167 memcpy(&bitmap, ibuf, sizeof( bitmap ));
1168 memcpy(rbuf, ibuf, sizeof( bitmap ));
1169 bitmap = ntohs( bitmap );
1170 ibuf += sizeof( bitmap );
1171 rbuf += sizeof( bitmap );
1172 *rbuflen += sizeof( bitmap );
1174 /* skip maxreplysize */
1177 /* get full path and handle file/dir subtleties in netatalk code*/
1178 if (NULL == ( s_path = cname( vol, dir, &ibuf ))) {
1179 LOG(log_error, logtype_afpd, "afp_getacl: cname got an error!");
1180 return AFPERR_NOOBJ;
1182 if (!s_path->st_valid)
1183 of_statdir(vol, s_path);
1184 if ( s_path->st_errno != 0 ) {
1185 LOG(log_error, logtype_afpd, "afp_getacl: cant stat");
1186 return AFPERR_NOOBJ;
1189 /* Shall we return owner UUID ? */
1190 if (bitmap & kFileSec_UUID) {
1191 LOG(log_debug, logtype_afpd, "afp_getacl: client requested files owner user UUID");
1192 if (NULL == (pw = getpwuid(s_path->st.st_uid)))
1194 LOG(log_debug, logtype_afpd, "afp_getacl: got uid: %d, name: %s", s_path->st.st_uid, pw->pw_name);
1195 if ((ret = getuuidfromname(pw->pw_name, UUID_USER, rbuf)) != 0)
1197 rbuf += UUID_BINSIZE;
1198 *rbuflen += UUID_BINSIZE;
1201 /* Shall we return group UUID ? */
1202 if (bitmap & kFileSec_GRPUUID) {
1203 LOG(log_debug, logtype_afpd, "afp_getacl: client requested files owner group UUID");
1204 if (NULL == (gr = getgrgid(s_path->st.st_gid)))
1206 LOG(log_debug, logtype_afpd, "afp_getacl: got gid: %d, name: %s", s_path->st.st_gid, gr->gr_name);
1207 if ((ret = getuuidfromname(gr->gr_name, UUID_GROUP, rbuf)) != 0)
1209 rbuf += UUID_BINSIZE;
1210 *rbuflen += UUID_BINSIZE;
1213 /* Shall we return ACL ? */
1214 if (bitmap & kFileSec_ACL) {
1215 LOG(log_debug, logtype_afpd, "afp_getacl: client requested files ACL");
1216 get_and_map_acl(s_path->u_name, rbuf, rbuflen);
1219 LOG(log_debug9, logtype_afpd, "afp_getacl: END");
1223 int afp_setacl(AFPObj *obj, char *ibuf, size_t ibuflen _U_, char *rbuf _U_, size_t *rbuflen)
1229 uint16_t vid, bitmap;
1230 struct path *s_path;
1232 LOG(log_debug9, logtype_afpd, "afp_setacl: BEGIN");
1236 memcpy(&vid, ibuf, sizeof( vid ));
1237 ibuf += sizeof(vid);
1238 if (NULL == ( vol = getvolbyvid( vid ))) {
1239 LOG(log_error, logtype_afpd, "afp_setacl: error getting volid:%d", vid);
1240 return AFPERR_NOOBJ;
1243 memcpy(&did, ibuf, sizeof( did ));
1244 ibuf += sizeof( did );
1245 if (NULL == ( dir = dirlookup( vol, did ))) {
1246 LOG(log_error, logtype_afpd, "afp_setacl: error getting did:%d", did);
1250 memcpy(&bitmap, ibuf, sizeof( bitmap ));
1251 bitmap = ntohs( bitmap );
1252 ibuf += sizeof( bitmap );
1254 /* get full path and handle file/dir subtleties in netatalk code*/
1255 if (NULL == ( s_path = cname( vol, dir, &ibuf ))) {
1256 LOG(log_error, logtype_afpd, "afp_setacl: cname got an error!");
1257 return AFPERR_NOOBJ;
1259 if (!s_path->st_valid)
1260 of_statdir(vol, s_path);
1261 if ( s_path->st_errno != 0 ) {
1262 LOG(log_error, logtype_afpd, "afp_setacl: cant stat");
1263 return AFPERR_NOOBJ;
1265 LOG(log_debug, logtype_afpd, "afp_setacl: unixname: %s", s_path->u_name);
1268 if ((unsigned long)ibuf & 1)
1271 /* Start processing request */
1273 /* Change owner: dont even try */
1274 if (bitmap & kFileSec_UUID) {
1275 LOG(log_debug, logtype_afpd, "afp_setacl: change owner request. discarded.");
1276 ret = AFPERR_ACCESS;
1277 ibuf += UUID_BINSIZE;
1280 /* Change group: certain changes might be allowed, so try it. FIXME: not implemented yet. */
1281 if (bitmap & kFileSec_UUID) {
1282 LOG(log_debug, logtype_afpd, "afp_setacl: change group request. not supported this time.");
1284 ibuf += UUID_BINSIZE;
1288 if (bitmap & kFileSec_REMOVEACL) {
1289 LOG(log_debug, logtype_afpd, "afp_setacl: Remove ACL request.");
1290 if ((ret = remove_acl(vol, s_path->u_name, S_ISDIR(s_path->st.st_mode))) != AFP_OK)
1291 LOG(log_error, logtype_afpd, "afp_setacl: error from remove_acl");
1295 if (bitmap & kFileSec_ACL) {
1296 LOG(log_debug, logtype_afpd, "afp_setacl: Change ACL request.");
1298 /* Check if its our job to preserve inherited ACEs */
1299 if (bitmap & kFileSec_Inherit)
1300 ret = set_acl(vol, s_path->u_name, 1, ibuf);
1302 ret = set_acl(vol, s_path->u_name, 0, ibuf);
1306 LOG(log_warning, logtype_afpd, "afp_setacl(\"%s/%s\"): error",
1307 getcwdpath(), s_path->u_name);
1312 LOG(log_debug9, logtype_afpd, "afp_setacl: END");
1317 unix.c/accessmode calls this: map ACL to OS 9 mode
1319 void acltoownermode(char *path, struct stat *st, uid_t uid, struct maccess *ma)
1323 int r_ok, w_ok, x_ok;
1325 if ( ! (AFPobj->options.flags & OPTION_UUID) || ! (AFPobj->options.flags & OPTION_ACL2OS9MODE))
1328 LOG(log_maxdebug, logtype_afpd, "acltoownermode('%s')", path);
1330 if ((pw = getpwuid(uid)) == NULL) {
1331 LOG(log_error, logtype_afpd, "acltoownermode: %s", strerror(errno));
1335 /* We need the UUID for check_acl_access */
1336 if ((getuuidfromname(pw->pw_name, UUID_USER, uuid)) != 0)
1339 /* These work for files and dirs */
1340 r_ok = check_acl_access(path, uuid, DARWIN_ACE_READ_DATA);
1341 w_ok = check_acl_access(path, uuid, (DARWIN_ACE_WRITE_DATA|DARWIN_ACE_APPEND_DATA));
1342 x_ok = check_acl_access(path, uuid, DARWIN_ACE_EXECUTE);
1344 LOG(log_debug7, logtype_afpd, "acltoownermode: ma_user before: %04o",ma->ma_user);
1346 ma->ma_user |= AR_UREAD;
1348 ma->ma_user |= AR_UWRITE;
1350 ma->ma_user |= AR_USEARCH;
1351 LOG(log_debug7, logtype_afpd, "acltoownermode: ma_user after: %04o", ma->ma_user);
1357 We're being called at the end of afp_createdir. We're (hopefully) inside dir
1358 and ".AppleDouble" and ".AppleDouble/.Parent" should have already been created.
1359 We then inherit any explicit ACE from "." to ".AppleDouble" and ".AppleDouble/.Parent".
1360 FIXME: add to VFS layer ?
1362 #ifdef HAVE_SOLARIS_ACLS
1363 void addir_inherit_acl(const struct vol *vol)
1365 ace_t *diraces = NULL, *adaces = NULL, *combinedaces = NULL;
1366 int diracecount, adacecount;
1368 LOG(log_debug9, logtype_afpd, "addir_inherit_acl: BEGIN");
1370 /* Check if ACLs are enabled for the volume */
1371 if (vol->v_flags & AFPVOL_ACLS) {
1373 if ((diracecount = get_nfsv4_acl(".", &diraces)) <= 0)
1375 /* Remove any trivial ACE from "." */
1376 if ((diracecount = strip_trivial_aces(&diraces, diracecount)) <= 0)
1380 Inherit to ".AppleDouble"
1383 if ((adacecount = get_nfsv4_acl(".AppleDouble", &adaces)) <= 0)
1385 /* Remove any non-trivial ACE from ".AppleDouble" */
1386 if ((adacecount = strip_nontrivial_aces(&adaces, adacecount)) <= 0)
1390 if ((combinedaces = concat_aces(diraces, diracecount, adaces, adacecount)) == NULL)
1393 /* Now set new acl */
1394 if ((acl(".AppleDouble", ACE_SETACL, diracecount + adacecount, combinedaces)) != 0)
1395 LOG(log_error, logtype_afpd, "addir_inherit_acl: acl: %s", strerror(errno));
1400 combinedaces = NULL;
1403 Inherit to ".AppleDouble/.Parent"
1406 if ((adacecount = get_nfsv4_acl(".AppleDouble/.Parent", &adaces)) <= 0)
1408 if ((adacecount = strip_nontrivial_aces(&adaces, adacecount)) <= 0)
1412 if ((combinedaces = concat_aces(diraces, diracecount, adaces, adacecount)) == NULL)
1415 /* Now set new acl */
1416 if ((acl(".AppleDouble/.Parent", ACE_SETACL, diracecount + adacecount, combinedaces)) != 0)
1417 LOG(log_error, logtype_afpd, "addir_inherit_acl: acl: %s", strerror(errno));
1423 LOG(log_debug9, logtype_afpd, "addir_inherit_acl: END");
1429 #endif /* HAVE_SOLARIS_ACLS */
1431 #ifdef HAVE_POSIX_ACLS
1432 void addir_inherit_acl(const struct vol *vol)
1436 #endif /* HAVE_POSIX_ACLS */