pwd = getpwnam(name);
if (!pwd) {
LOG(log_error, logtype_afpd, "map_aces_darwin_to_solaris: getpwnam: %s", strerror(errno));
+ free(name);
return -1;
}
nfsv4_aces->a_who = pwd->pw_uid;
grp = getgrnam(name);
if (!grp) {
LOG(log_error, logtype_afpd, "map_aces_darwin_to_solaris: getgrnam: %s", strerror(errno));
+ free(name);
return -1;
}
nfsv4_aces->a_who = (uid_t)(grp->gr_gid);
/* Removes all non-trivial ACLs from object. Returns full AFPERR code. */
static int remove_acl(const struct vol *vol,const char *path, int dir)
{
- int ret;
+ int ret = AFP_OK;
+#ifdef HAVE_SOLARIS_ACLS
/* Ressource etc. first */
if ((ret = vol->vfs->vfs_remove_acl(vol, path, dir)) != AFP_OK)
return ret;
/* now the data fork or dir */
- return (remove_acl_vfs(path));
+ ret = remove_acl_vfs(path);
+#endif
+ return ret;
}
/*
static int check_acl_access(const char *path, const uuidp_t uuid, uint32_t requested_darwin_rights)
{
int ret, i, ace_count, dir, checkgroup;
- char *username; /* might be group too */
+ char *username = NULL; /* might be group too */
uuidtype_t uuidtype;
uid_t uid;
gid_t pgid;
ret = AFPERR_MISC;
goto exit;
}
+ if (ace_count == 0) {
+ LOG(log_debug, logtype_afpd, "check_access: 0 ACEs from get_nfsv4_acl");
+ ret = AFPERR_MISC;
+ goto exit;
+ }
+
/* Now check requested rights */
ret = AFPERR_ACCESS;
i = 0;
#ifdef HAVE_POSIX_ACLS
static int check_acl_access(const char *path, const uuidp_t uuid, uint32_t requested_darwin_rights)
{
+ /*
+ * FIXME: for OS X >= 10.6 it seems fp_access isn't called anymore, instead
+ * the client just tries to perform any action, relying on the server
+ * to enforce permission (which the OS does for us), returning appropiate
+ * error codes in case the action failed.
+ * So to summarize: I think it's safe to not implement this function and
+ * just always return AFP_OK.
+ */
return AFP_OK;
}
#endif /* HAVE_POSIX_ACLS */
ret = set_acl(vol, s_path->u_name, 0, ibuf);
if (ret == 0)
ret = AFP_OK;
- else
+ else {
+ LOG(log_warning, logtype_afpd, "afp_setacl(\"%s/%s\"): error",
+ getcwdpath(), s_path->u_name);
ret = AFPERR_MISC;
+ }
}
LOG(log_debug9, logtype_afpd, "afp_setacl: END");
void acltoownermode(char *path, struct stat *st, uid_t uid, struct maccess *ma)
{
struct passwd *pw;
- uuid_t uuid;
+ atalk_uuid_t uuid;
int r_ok, w_ok, x_ok;
if ( ! (AFPobj->options.flags & OPTION_UUID) || ! (AFPobj->options.flags & OPTION_ACL2OS9MODE))