X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=etc%2Fafpd%2Facls.c;h=d162b994e7af71d09436f0b937d80a2cd2b3bffa;hb=4c691d7ebf0d54b3ee69d54955bcaf2283e98abc;hp=43e91042f10e0ee3850a2d3cc312b7b51ee7a038;hpb=154c130f7a3a407e686eda99a6658773e137b05f;p=netatalk.git diff --git a/etc/afpd/acls.c b/etc/afpd/acls.c index 43e91042..d162b994 100644 --- a/etc/afpd/acls.c +++ b/etc/afpd/acls.c @@ -1,5 +1,6 @@ /* Copyright (c) 2008, 2009, 2010 Frank Lahm + Copyright (c) 2011 Laura Mueller This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -28,6 +29,8 @@ #endif #ifdef HAVE_POSIX_ACLS #include +#endif +#ifdef HAVE_ACL_LIBACL_H #include #endif @@ -42,6 +45,8 @@ #include #include #include +#include +#include #include "directory.h" #include "desktop.h" @@ -63,6 +68,10 @@ #define MAP_MASK 31 #define IS_DIR 32 +/* bit flags for set_acl() and map_aces_darwin_to_posix() */ +#define HAS_DEFAULT_ACL 0x01 +#define HAS_EXT_DEFAULT_ACL 0x02 + /******************************************************** * Solaris funcs ********************************************************/ @@ -76,15 +85,19 @@ * returns the result as a Darwin allowed rights ACE. * This must honor trivial ACEs which are a mode_t mapping. * + * @param obj (r) handle * @param path (r) path to filesystem object - * @param sb (r) struct stat of path - * @param result (w) resulting Darwin allow ACE + * @param sb (rw) struct stat of path + * @param ma (rw) UARights struct + * @param rights_out (w) mapped Darwin ACL rights * * @returns 0 or -1 on error */ -static int solaris_acl_rights(const char *path, - const struct stat *sb, - uint32_t *result) +static int solaris_acl_rights(const AFPObj *obj, + const char *path, + struct stat *sb, + struct maccess *ma, + uint32_t *rights_out) { EC_INIT; int i, ace_count, checkgroup; @@ -122,15 +135,15 @@ static int solaris_acl_rights(const char *path, if its a trivial ACE_EVERYONE ACE THEN process ACE */ - if (((who == uuid) && !(flags & (ACE_TRIVIAL|ACE_IDENTIFIER_GROUP))) + if (((who == obj->uid) && !(flags & (ACE_TRIVIAL|ACE_IDENTIFIER_GROUP))) || - ((flags & ACE_IDENTIFIER_GROUP) && !(flags & ACE_GROUP) && gmem(who)) + ((flags & ACE_IDENTIFIER_GROUP) && !(flags & ACE_GROUP) && gmem(who, obj->ngroups, obj->groups)) || - ((flags & ACE_OWNER) && (uuid == sb->st_uid)) + ((flags & ACE_OWNER) && (obj->uid == sb->st_uid)) || - ((flags & ACE_GROUP) && !(uuid == sb->st_uid) && gmem(sb->st_gid)) + ((flags & ACE_GROUP) && !(obj->uid == sb->st_uid) && gmem(sb->st_gid, obj->ngroups, obj->groups)) || - (flags & ACE_EVERYONE && !(uuid == sb->st_uid) && !gmem(sb->st_gid)) + (flags & ACE_EVERYONE && !(obj->uid == sb->st_uid) && !gmem(sb->st_gid, obj->ngroups, obj->groups)) ) { /* Found an applicable ACE */ if (type == ACE_ACCESS_ALLOWED_ACE_TYPE) @@ -157,7 +170,28 @@ static int solaris_acl_rights(const char *path, darwin_rights |= nfsv4_to_darwin_rights[i].to; } - *result |= darwin_rights; + LOG(log_maxdebug, logtype_afpd, "rights: 0x%08x", darwin_rights); + + if (rights_out) + *rights_out = darwin_rights; + + if (ma && obj->options.flags & OPTION_ACL2MACCESS) { + if (darwin_rights & DARWIN_ACE_READ_DATA) + ma->ma_user |= AR_UREAD; + if (darwin_rights & DARWIN_ACE_WRITE_DATA) + ma->ma_user |= AR_UWRITE; + if (darwin_rights & (DARWIN_ACE_EXECUTE | DARWIN_ACE_SEARCH)) + ma->ma_user |= AR_USEARCH; + } + + if (sb && obj->options.flags & OPTION_ACL2MODE) { + if (darwin_rights & DARWIN_ACE_READ_DATA) + sb->st_mode |= S_IRUSR; + if (darwin_rights & DARWIN_ACE_WRITE_DATA) + sb->st_mode |= S_IWUSR; + if (darwin_rights & (DARWIN_ACE_EXECUTE | DARWIN_ACE_SEARCH)) + sb->st_mode |= S_IXUSR; + } EC_CLEANUP: if (aces) free(aces); @@ -268,11 +302,6 @@ static int map_aces_darwin_to_solaris(darwin_ace_t *darwin_aces, /* uid/gid first */ EC_ZERO(getnamefromuuid(darwin_aces->darwin_ace_uuid, &name, &uuidtype)); switch (uuidtype) { - case UUID_LOCAL: - free(name); - name = NULL; - darwin_aces++; - continue; case UUID_USER: EC_NULL_LOG(pwd = getpwnam(name)); nfsv4_aces->a_who = pwd->pw_uid; @@ -282,6 +311,9 @@ static int map_aces_darwin_to_solaris(darwin_ace_t *darwin_aces, nfsv4_aces->a_who = (uid_t)(grp->gr_gid); nfsv4_ace_flags |= ACE_IDENTIFIER_GROUP; break; + default: + LOG(log_error, logtype_afpd, "map_aces_darwin_to_solaris: unkown uuidtype"); + EC_FAIL; } free(name); name = NULL; @@ -309,8 +341,12 @@ static int map_aces_darwin_to_solaris(darwin_ace_t *darwin_aces, nfsv4_ace_rights |= darwin_to_nfsv4_rights[i].to; } - LOG(log_debug9, logtype_afpd, "map_aces_darwin_to_solaris: ACE flags: Darwin:%08x -> NFSv4:%04x", darwin_ace_flags, nfsv4_ace_flags); - LOG(log_debug9, logtype_afpd, "map_aces_darwin_to_solaris: ACE rights: Darwin:%08x -> NFSv4:%08x", darwin_ace_rights, nfsv4_ace_rights); + LOG(log_debug9, logtype_afpd, + "map_aces_darwin_to_solaris: ACE flags: Darwin:%08x -> NFSv4:%04x", + darwin_ace_flags, nfsv4_ace_flags); + LOG(log_debug9, logtype_afpd, + "map_aces_darwin_to_solaris: ACE rights: Darwin:%08x -> NFSv4:%08x", + darwin_ace_rights, nfsv4_ace_rights); nfsv4_aces->a_flags = nfsv4_ace_flags; nfsv4_aces->a_access_mask = nfsv4_ace_rights; @@ -342,12 +378,20 @@ static uint32_t posix_permset_to_darwin_rights(acl_entry_t e, int is_dir) EC_ZERO_LOG(acl_get_permset(e, &permset)); +#ifdef HAVE_ACL_GET_PERM_NP + if (acl_get_perm_np(permset, ACL_READ)) +#else if (acl_get_perm(permset, ACL_READ)) +#endif rights = DARWIN_ACE_READ_DATA | DARWIN_ACE_READ_EXTATTRIBUTES | DARWIN_ACE_READ_ATTRIBUTES | DARWIN_ACE_READ_SECURITY; +#ifdef HAVE_ACL_GET_PERM_NP + if (acl_get_perm_np(permset, ACL_WRITE)) { +#else if (acl_get_perm(permset, ACL_WRITE)) { +#endif rights |= DARWIN_ACE_WRITE_DATA | DARWIN_ACE_APPEND_DATA | DARWIN_ACE_WRITE_EXTATTRIBUTES @@ -355,7 +399,11 @@ static uint32_t posix_permset_to_darwin_rights(acl_entry_t e, int is_dir) if (is_dir) rights |= DARWIN_ACE_DELETE_CHILD; } +#ifdef HAVE_ACL_GET_PERM_NP + if (acl_get_perm_np(permset, ACL_EXECUTE)) +#else if (acl_get_perm(permset, ACL_EXECUTE)) +#endif rights |= DARWIN_ACE_EXECUTE; EC_CLEANUP: @@ -376,84 +424,88 @@ EC_CLEANUP: * * @returns 0 or -1 on error */ -static int posix_acl_rights(const char *path, + +static int posix_acl_rights(const AFPObj *obj, + const char *path, const struct stat *sb, uint32_t *result) { EC_INIT; - int havemask = 0; int entry_id = ACL_FIRST_ENTRY; - uint32_t rights = 0, maskrights = 0; + uint32_t rights = 0; /* rights which do not depend on ACL_MASK */ + uint32_t acl_rights = 0; /* rights which are subject to limitations imposed by ACL_MASK */ + uint32_t mask_rights = 0xffffffff; uid_t *uid = NULL; gid_t *gid = NULL; acl_t acl = NULL; acl_entry_t e; acl_tag_t tag; - EC_NULL_LOG(acl = acl_get_file(path, ACL_TYPE_ACCESS)); + EC_NULL_LOGSTR(acl = acl_get_file(path, ACL_TYPE_ACCESS), + "acl_get_file(\"%s\"): %s", fullpathname(path), strerror(errno)); - /* itereate through all ACEs to get the mask */ - while (!havemask && acl_get_entry(acl, entry_id, &e) == 1) { - entry_id = ACL_NEXT_ENTRY; - EC_ZERO_LOG(acl_get_tag_type(e, &tag)); - switch (tag) { - case ACL_MASK: - maskrights = posix_permset_to_darwin_rights(e, S_ISDIR(sb->st_mode)); - LOG(log_maxdebug, logtype_afpd, "maskrights: 0x%08x", maskrights); - havemask = 1; - break; - default: - continue; - } - } - - /* itereate through all ACEs */ - entry_id = ACL_FIRST_ENTRY; + /* Iterate through all ACEs. If we apply mask_rights later there is no need to iterate twice. */ while (acl_get_entry(acl, entry_id, &e) == 1) { entry_id = ACL_NEXT_ENTRY; EC_ZERO_LOG(acl_get_tag_type(e, &tag)); + switch (tag) { - case ACL_USER: - EC_NULL_LOG(uid = (uid_t *)acl_get_qualifier(e)); - if (*uid == uuid) { - LOG(log_maxdebug, logtype_afpd, "ACL_USER: %u", *uid); - rights |= posix_permset_to_darwin_rights(e, S_ISDIR(sb->st_mode)); - } - acl_free(uid); - uid = NULL; - break; - case ACL_USER_OBJ: - if (sb->st_uid == uuid) { - LOG(log_maxdebug, logtype_afpd, "ACL_USER_OBJ: %u", sb->st_uid); - rights |= posix_permset_to_darwin_rights(e, S_ISDIR(sb->st_mode)); - } - break; - case ACL_GROUP: - EC_NULL_LOG(gid = (gid_t *)acl_get_qualifier(e)); - if (gmem(*gid)) { - LOG(log_maxdebug, logtype_afpd, "ACL_GROUP: %u", *gid); - rights |= (posix_permset_to_darwin_rights(e, S_ISDIR(sb->st_mode)) & maskrights); - } - acl_free(gid); - gid = NULL; - break; - case ACL_GROUP_OBJ: - if (!(sb->st_uid == uuid) && gmem(sb->st_gid)) { - LOG(log_maxdebug, logtype_afpd, "ACL_GROUP_OBJ: %u", sb->st_gid); - rights |= posix_permset_to_darwin_rights(e, S_ISDIR(sb->st_mode)); - } - break; - case ACL_OTHER: - if (!(sb->st_uid == uuid) && !gmem(sb->st_gid)) { - LOG(log_maxdebug, logtype_afpd, "ACL_OTHER"); - rights |= posix_permset_to_darwin_rights(e, S_ISDIR(sb->st_mode)); - } - break; - default: - continue; + case ACL_USER_OBJ: + if (sb->st_uid == obj->uid) { + LOG(log_maxdebug, logtype_afpd, "ACL_USER_OBJ: %u", sb->st_uid); + rights |= posix_permset_to_darwin_rights(e, S_ISDIR(sb->st_mode)); + } + break; + + case ACL_USER: + EC_NULL_LOG(uid = (uid_t *)acl_get_qualifier(e)); + + if (*uid == obj->uid) { + LOG(log_maxdebug, logtype_afpd, "ACL_USER: %u", *uid); + acl_rights |= posix_permset_to_darwin_rights(e, S_ISDIR(sb->st_mode)); + } + acl_free(uid); + uid = NULL; + break; + + case ACL_GROUP_OBJ: + if (!(sb->st_uid == obj->uid) && gmem(sb->st_gid, obj->ngroups, obj->groups)) { + LOG(log_maxdebug, logtype_afpd, "ACL_GROUP_OBJ: %u", sb->st_gid); + acl_rights |= posix_permset_to_darwin_rights(e, S_ISDIR(sb->st_mode)); + } + break; + + case ACL_GROUP: + EC_NULL_LOG(gid = (gid_t *)acl_get_qualifier(e)); + + if (gmem(*gid, obj->ngroups, obj->groups)) { + LOG(log_maxdebug, logtype_afpd, "ACL_GROUP: %u", *gid); + acl_rights |= posix_permset_to_darwin_rights(e, S_ISDIR(sb->st_mode)); + } + acl_free(gid); + gid = NULL; + break; + + case ACL_MASK: + mask_rights = posix_permset_to_darwin_rights(e, S_ISDIR(sb->st_mode)); + LOG(log_maxdebug, logtype_afpd, "maskrights: 0x%08x", mask_rights); + break; + + case ACL_OTHER: + if (!(sb->st_uid == obj->uid) && !gmem(sb->st_gid, obj->ngroups, obj->groups)) { + LOG(log_maxdebug, logtype_afpd, "ACL_OTHER"); + rights |= posix_permset_to_darwin_rights(e, S_ISDIR(sb->st_mode)); + } + break; + + default: + continue; } } /* while */ + /* apply the mask and collect the rights */ + rights |= (acl_rights & mask_rights); + *result |= rights; EC_CLEANUP: @@ -463,6 +515,146 @@ EC_CLEANUP: EC_EXIT; } +/*! + * Helper function for posix_acls_to_uaperms() to convert Posix ACL permissions + * into access rights needed to fill ua_permissions of a FPUnixPrivs structure. + * + * @param entry (r) Posix ACL entry + * + * @returns access rights + */ +static u_char acl_permset_to_uarights(acl_entry_t entry) { + acl_permset_t permset; + u_char rights = 0; + + if (acl_get_permset(entry, &permset) == -1) + return rights; + +#ifdef HAVE_ACL_GET_PERM_NP + if (acl_get_perm_np(permset, ACL_READ)) +#else + if (acl_get_perm(permset, ACL_READ)) +#endif + rights |= AR_UREAD; + +#ifdef HAVE_ACL_GET_PERM_NP + if (acl_get_perm_np(permset, ACL_WRITE)) +#else + if (acl_get_perm(permset, ACL_WRITE)) +#endif + rights |= AR_UWRITE; + +#ifdef HAVE_ACL_GET_PERM_NP + if (acl_get_perm_np(permset, ACL_EXECUTE)) +#else + if (acl_get_perm(permset, ACL_EXECUTE)) +#endif + rights |= AR_USEARCH; + + return rights; +} + +/*! + * Update FPUnixPrivs for a file-system object on a volume supporting ACLs + * + * Checks permissions granted by ACLS for a user to one fs-object and + * updates user and group permissions in given struct maccess. As OS X + * doesn't conform to Posix 1003.1e Draft 17 it expects proper group + * permissions in st_mode of struct stat even if the fs-object has an + * ACL_MASK entry, st_mode gets modified to properly reflect group + * permissions. + * + * @param path (r) path to filesystem object + * @param sb (rw) struct stat of path + * @param maccess (rw) struct maccess of path + * + * @returns 0 or -1 on error + */ +static int posix_acls_to_uaperms(const AFPObj *obj, const char *path, struct stat *sb, struct maccess *ma) { + EC_INIT; + + int entry_id = ACL_FIRST_ENTRY; + acl_entry_t entry; + acl_tag_t tag; + acl_t acl = NULL; + uid_t *uid; + gid_t *gid; + uid_t whoami = geteuid(); + + u_char group_rights = 0x00; + u_char acl_rights = 0x00; + u_char mask = 0xff; + + EC_NULL_LOG(acl = acl_get_file(path, ACL_TYPE_ACCESS)); + + /* iterate through all ACEs */ + while (acl_get_entry(acl, entry_id, &entry) == 1) { + entry_id = ACL_NEXT_ENTRY; + EC_ZERO_LOG(acl_get_tag_type(entry, &tag)); + + switch (tag) { + case ACL_USER: + EC_NULL_LOG(uid = (uid_t *)acl_get_qualifier(entry)); + + if (*uid == obj->uid && !(whoami == sb->st_uid)) { + LOG(log_maxdebug, logtype_afpd, "ACL_USER: %u", *uid); + acl_rights |= acl_permset_to_uarights(entry); + } + acl_free(uid); + break; + + case ACL_GROUP_OBJ: + group_rights = acl_permset_to_uarights(entry); + LOG(log_maxdebug, logtype_afpd, "ACL_GROUP_OBJ: %u", sb->st_gid); + + if (gmem(sb->st_gid, obj->ngroups, obj->groups) && !(whoami == sb->st_uid)) + acl_rights |= group_rights; + break; + + case ACL_GROUP: + EC_NULL_LOG(gid = (gid_t *)acl_get_qualifier(entry)); + + if (gmem(*gid, obj->ngroups, obj->groups) && !(whoami == sb->st_uid)) { + LOG(log_maxdebug, logtype_afpd, "ACL_GROUP: %u", *gid); + acl_rights |= acl_permset_to_uarights(entry); + } + acl_free(gid); + break; + + case ACL_MASK: + mask = acl_permset_to_uarights(entry); + LOG(log_maxdebug, logtype_afpd, "ACL_MASK: 0x%02x", mask); + break; + + default: + break; + } + } + + if (obj->options.flags & OPTION_ACL2MACCESS) { + /* apply the mask and adjust user and group permissions */ + ma->ma_user |= (acl_rights & mask); + ma->ma_group = (group_rights & mask); + } + + if (obj->options.flags & OPTION_ACL2MODE) { + /* update st_mode to properly reflect group permissions */ + sb->st_mode &= ~S_IRWXG; + if (ma->ma_group & AR_USEARCH) + sb->st_mode |= S_IXGRP; + if (ma->ma_group & AR_UWRITE) + sb->st_mode |= S_IWGRP; + if (ma->ma_group & AR_UREAD) + sb->st_mode |= S_IRGRP; + } + +EC_CLEANUP: + if (acl) acl_free(acl); + + EC_EXIT; +} + +#if 0 /*! * Add entries of one acl to another acl * @@ -485,6 +677,7 @@ static int acl_add_acl(acl_t *aclp, const acl_t acl) EC_CLEANUP: EC_EXIT; } +#endif /*! * Map Darwin ACE rights to POSIX 1e perm @@ -507,7 +700,7 @@ static acl_perm_t map_darwin_right_to_posix_permset(uint32_t darwin_ace_rights, if (darwin_ace_rights & DARWIN_ACE_READ_DATA) perm |= ACL_READ; - if (darwin_ace_rights & (DARWIN_ACE_WRITE_DATA | (DARWIN_ACE_DELETE_CHILD & is_dir))) + if (darwin_ace_rights & (DARWIN_ACE_WRITE_DATA | (is_dir ? DARWIN_ACE_DELETE_CHILD : 0))) perm |= ACL_WRITE; if (darwin_ace_rights & DARWIN_ACE_EXECUTE) @@ -567,7 +760,7 @@ static int posix_acl_add_perm(acl_t *aclp, acl_tag_t type, uid_t id, acl_perm_t EC_ZERO_LOG(acl_add_perm(permset, perm)); EC_ZERO_LOG(acl_set_permset(e, permset)); } - + EC_CLEANUP: if (eid) acl_free(eid); @@ -584,18 +777,23 @@ EC_CLEANUP: * - we throw away DARWIN_ACE_FLAGS_LIMIT_INHERIT (can't be mapped), thus the ACL will * not be limited * - * @param darwin_aces (r) pointer to darwin_aces buffer - * @param def_aclp (rw) directories: pointer to an initialized acl_t with the default acl - * files: *def_aclp will be NULL - * @param acc_aclp (rw) pointer to an initialized acl_t with the access acl - * @param ace_count (r) number of ACEs in darwin_aces buffer + * @param darwin_aces (r) pointer to darwin_aces buffer + * @param def_aclp (rw) directories: pointer to an initialized acl_t with + the default acl files: *def_aclp will be NULL + * @param acc_aclp (rw) pointer to an initialized acl_t with the access acl + * @param ace_count (r) number of ACEs in darwin_aces buffer + * @param default_acl_flags (rw) flags to indicate if the object has a basic default + * acl or an extended default acl. * - * @returns 0 on success storing the result in aclp, -1 on error. + * @returns 0 on success storing the result in aclp, -1 on error. default_acl_flags + * is set to HAS_DEFAULT_ACL|HAS_EXT_DEFAULT_ACL in case there is at least one + * extended default ace. Otherwise default_acl_flags is left unchanged. */ static int map_aces_darwin_to_posix(const darwin_ace_t *darwin_aces, acl_t *def_aclp, acl_t *acc_aclp, - int ace_count) + int ace_count, + uint32_t *default_acl_flags) { EC_INIT; char *name = NULL; @@ -624,10 +822,6 @@ static int map_aces_darwin_to_posix(const darwin_ace_t *darwin_aces, /* uid/gid */ EC_ZERO_LOG(getnamefromuuid(darwin_aces->darwin_ace_uuid, &name, &uuidtype)); switch (uuidtype) { - case UUID_LOCAL: - free(name); - name = NULL; - continue; case UUID_USER: EC_NULL_LOG(pwd = getpwnam(name)); tag = ACL_USER; @@ -640,6 +834,8 @@ static int map_aces_darwin_to_posix(const darwin_ace_t *darwin_aces, id = (uid_t)(grp->gr_gid); LOG(log_debug, logtype_afpd, "map_ace: name: %s, gid: %u", name, id); break; + default: + continue; } free(name); name = NULL; @@ -653,7 +849,7 @@ static int map_aces_darwin_to_posix(const darwin_ace_t *darwin_aces, } /* add it as default ace */ EC_ZERO_LOG(posix_acl_add_perm(def_aclp, tag, id, perm)); - + *default_acl_flags = (HAS_DEFAULT_ACL|HAS_EXT_DEFAULT_ACL); if (! (darwin_ace_flags & DARWIN_ACE_FLAGS_ONLY_INHERIT)) /* if it not a "inherit only" ace, it must be added as access aces too */ @@ -822,7 +1018,7 @@ static int get_and_map_acl(char *name, char *rbuf, size_t *rbuflen) EC_INIT; int mapped_aces = 0; int dirflag; - uint32_t *darwin_ace_count = (u_int32_t *)rbuf; + char *darwin_ace_count = rbuf; #ifdef HAVE_SOLARIS_ACLS int ace_count = 0; ace_t *aces = NULL; @@ -871,8 +1067,9 @@ static int get_and_map_acl(char *name, char *rbuf, size_t *rbuflen) LOG(log_debug, logtype_afpd, "get_and_map_acl: mapped %d ACEs", mapped_aces); - *darwin_ace_count = htonl(mapped_aces); *rbuflen += sizeof(darwin_acl_header_t) + (mapped_aces * sizeof(darwin_ace_t)); + mapped_aces = htonl(mapped_aces); + memcpy(darwin_ace_count, &mapped_aces, sizeof(uint32_t)); EC_STATUS(0); @@ -985,17 +1182,21 @@ static int set_acl(const struct vol *vol, } LOG(log_debug7, logtype_afpd, "set_acl: copied %d trivial ACEs", trivial_ace_count); - /* Ressourcefork first. - Note: for dirs we set the same ACL on the .AppleDouble/.Parent _file_. This - might be strange for ACE_DELETE_CHILD and for inheritance flags. */ + /* Ressourcefork first */ if ((ret = (vol->vfs->vfs_acl(vol, name, ACE_SETACL, new_aces_count, new_aces))) != 0) { - LOG(log_error, logtype_afpd, "set_acl: error setting acl: %s", strerror(errno)); - if (errno == (EACCES | EPERM)) + LOG(log_debug, logtype_afpd, "set_acl: error setting acl: %s", strerror(errno)); + switch (errno) { + case EACCES: + case EPERM: EC_STATUS(AFPERR_ACCESS); - else if (errno == ENOENT) - EC_STATUS(AFPERR_NOITEM); - else + break; + case ENOENT: + EC_STATUS(AFP_OK); + break; + default: EC_STATUS(AFPERR_MISC); + break; + } goto EC_CLEANUP; } if ((ret = (acl(name, ACE_SETACL, new_aces_count, new_aces))) != 0) { @@ -1021,6 +1222,63 @@ EC_CLEANUP: #endif /* HAVE_SOLARIS_ACLS */ #ifdef HAVE_POSIX_ACLS +#ifndef HAVE_ACL_FROM_MODE +static acl_t acl_from_mode(mode_t mode) +{ + acl_t acl; + acl_entry_t entry; + acl_permset_t permset; + + if (!(acl = acl_init(3))) + return NULL; + + if (acl_create_entry(&acl, &entry) != 0) + goto error; + acl_set_tag_type(entry, ACL_USER_OBJ); + acl_get_permset(entry, &permset); + acl_clear_perms(permset); + if (mode & S_IRUSR) + acl_add_perm(permset, ACL_READ); + if (mode & S_IWUSR) + acl_add_perm(permset, ACL_WRITE); + if (mode & S_IXUSR) + acl_add_perm(permset, ACL_EXECUTE); + acl_set_permset(entry, permset); + + if (acl_create_entry(&acl, &entry) != 0) + goto error; + acl_set_tag_type(entry, ACL_GROUP_OBJ); + acl_get_permset(entry, &permset); + acl_clear_perms(permset); + if (mode & S_IRGRP) + acl_add_perm(permset, ACL_READ); + if (mode & S_IWGRP) + acl_add_perm(permset, ACL_WRITE); + if (mode & S_IXGRP) + acl_add_perm(permset, ACL_EXECUTE); + acl_set_permset(entry, permset); + + if (acl_create_entry(&acl, &entry) != 0) + goto error; + acl_set_tag_type(entry, ACL_OTHER); + acl_get_permset(entry, &permset); + acl_clear_perms(permset); + if (mode & S_IROTH) + acl_add_perm(permset, ACL_READ); + if (mode & S_IWOTH) + acl_add_perm(permset, ACL_WRITE); + if (mode & S_IXOTH) + acl_add_perm(permset, ACL_EXECUTE); + acl_set_permset(entry, permset); + + return acl; + +error: + acl_free(acl); + return NULL; +} +#endif + static int set_acl(const struct vol *vol, const char *name, int inherit _U_, @@ -1028,44 +1286,76 @@ static int set_acl(const struct vol *vol, uint32_t ace_count) { EC_INIT; - acl_t def_acl = NULL; - acl_t acc_acl = NULL; + struct stat st; + acl_t default_acl = NULL; + acl_t access_acl = NULL; + acl_entry_t entry; + acl_tag_t tag; + int entry_id = ACL_FIRST_ENTRY; + /* flags to indicate if the object has a minimal default acl and/or an extended + * default acl. + */ + uint32_t default_acl_flags = 0; LOG(log_maxdebug, logtype_afpd, "set_acl: BEGIN"); - struct stat st; - EC_ZERO_LOG_ERR(lstat(name, &st), AFPERR_NOOBJ); + EC_NULL_LOG_ERR(access_acl = acl_get_file(name, ACL_TYPE_ACCESS), AFPERR_MISC); - /* seed default ACL with access ACL */ - if (S_ISDIR(st.st_mode)) - EC_NULL_LOG_ERR(def_acl = acl_get_file(name, ACL_TYPE_ACCESS), AFPERR_MISC); + /* Iterate through acl and remove all extended acl entries. */ + while (acl_get_entry(access_acl, entry_id, &entry) == 1) { + entry_id = ACL_NEXT_ENTRY; + EC_ZERO_LOG(acl_get_tag_type(entry, &tag)); - /* for files def_acl will be NULL */ + if ((tag == ACL_USER) || (tag == ACL_GROUP) || (tag == ACL_MASK)) { + EC_ZERO_LOG_ERR(acl_delete_entry(access_acl, entry), AFPERR_MISC); + } + } /* while */ + + /* In case we are acting on a directory prepare a default acl. For files default_acl will be NULL. + * If the directory already has a default acl it will be preserved. + */ + EC_ZERO_LOG_ERR(lstat(name, &st), AFPERR_NOOBJ); + + if (S_ISDIR(st.st_mode)) { + default_acl = acl_get_file(name, ACL_TYPE_DEFAULT); - /* create access acl from mode */ - EC_NULL_LOG_ERR(acc_acl = acl_from_mode(st.st_mode), AFPERR_MISC); + if (default_acl) { + /* If default_acl is not empty then the dir has a default acl. */ + if (acl_get_entry(default_acl, ACL_FIRST_ENTRY, &entry) == 1) + default_acl_flags = HAS_DEFAULT_ACL; + acl_free(default_acl); + } + default_acl = acl_dup(access_acl); + } /* adds the clients aces */ - EC_ZERO_ERR(map_aces_darwin_to_posix(daces, &def_acl, &acc_acl, ace_count), AFPERR_MISC); + EC_ZERO_ERR(map_aces_darwin_to_posix(daces, &default_acl, &access_acl, ace_count, &default_acl_flags), AFPERR_MISC); /* calcuate ACL mask */ - EC_ZERO_LOG_ERR(acl_calc_mask(&acc_acl), AFPERR_MISC); + EC_ZERO_LOG_ERR(acl_calc_mask(&access_acl), AFPERR_MISC); /* is it ok? */ - EC_ZERO_LOG_ERR(acl_valid(acc_acl), AFPERR_MISC); + EC_ZERO_LOG_ERR(acl_valid(access_acl), AFPERR_MISC); /* set it */ - EC_ZERO_LOG_ERR(acl_set_file(name, ACL_TYPE_ACCESS, acc_acl), AFPERR_MISC); - EC_ZERO_LOG_ERR(vol->vfs->vfs_acl(vol, name, ACL_TYPE_ACCESS, 0, acc_acl), AFPERR_MISC); - - if (def_acl) { - EC_ZERO_LOG_ERR(acl_set_file(name, ACL_TYPE_DEFAULT, def_acl), AFPERR_MISC); - EC_ZERO_LOG_ERR(vol->vfs->vfs_acl(vol, name, ACL_TYPE_DEFAULT, 0, def_acl), AFPERR_MISC); + EC_ZERO_LOG_ERR(acl_set_file(name, ACL_TYPE_ACCESS, access_acl), AFPERR_MISC); + EC_ZERO_LOG_ERR(vol->vfs->vfs_acl(vol, name, ACL_TYPE_ACCESS, 0, access_acl), AFPERR_MISC); + + if (default_acl) { + /* If the dir has an extended default acl it's ACL_MASK must be updated.*/ + if (default_acl_flags & HAS_EXT_DEFAULT_ACL) + EC_ZERO_LOG_ERR(acl_calc_mask(&default_acl), AFPERR_MISC); + + if (default_acl_flags) { + EC_ZERO_LOG_ERR(acl_valid(default_acl), AFPERR_MISC); + EC_ZERO_LOG_ERR(acl_set_file(name, ACL_TYPE_DEFAULT, default_acl), AFPERR_MISC); + EC_ZERO_LOG_ERR(vol->vfs->vfs_acl(vol, name, ACL_TYPE_DEFAULT, 0, default_acl), AFPERR_MISC); + } } EC_CLEANUP: - acl_free(acc_acl); - acl_free(def_acl); + if (access_acl) acl_free(access_acl); + if (default_acl) acl_free(default_acl); LOG(log_maxdebug, logtype_afpd, "set_acl: END"); EC_EXIT; @@ -1078,15 +1368,16 @@ EC_CLEANUP: * Note: this gets called frequently and is a good place for optimizations ! * * @param vol (r) volume - * @param dir (r) directory + * @param dir (rw) directory * @param path (r) path to filesystem object * @param uuid (r) UUID of user * @param requested_rights (r) requested Darwin ACE * * @returns AFP result code */ -static int check_acl_access(const struct vol *vol, - const struct dir *dir, +static int check_acl_access(const AFPObj *obj, + const struct vol *vol, + struct dir *dir, const char *path, const uuidp_t uuid, uint32_t requested_rights) @@ -1094,74 +1385,94 @@ static int check_acl_access(const struct vol *vol, int ret; uint32_t allowed_rights = 0; char *username = NULL; - uuidtype_t uuidtype; struct stat st; bstring parent = NULL; + int is_dir; - LOG(log_maxdebug, logtype_afpd, "check_access: Request: 0x%08x", requested_rights); + LOG(log_maxdebug, logtype_afpd, "check_acl_access(dir: \"%s\", path: \"%s\", curdir: \"%s\", 0x%08x)", + cfrombstr(dir->d_fullpath), path, getcwdpath(), requested_rights); - /* Get uid or gid from UUID */ - EC_ZERO_LOG_ERR(getnamefromuuid(uuid, &username, &uuidtype), AFPERR_PARAM); - EC_ZERO_LOG_ERR(lstat(path, &st), AFPERR_PARAM); + AFP_ASSERT(vol); + /* This check is not used anymore, as OS X Server seems to be ignoring too */ +#if 0 + /* Get uid or gid from UUID */ + EC_ZERO_ERR(getnamefromuuid(uuid, &username, &uuidtype), AFPERR_PARAM); switch (uuidtype) { case UUID_USER: break; case UUID_GROUP: - LOG(log_warning, logtype_afpd, "check_access: afp_access not supported for groups"); + LOG(log_warning, logtype_afpd, "check_acl_access: afp_access not supported for groups"); EC_STATUS(AFPERR_MISC); goto EC_CLEANUP; - - case UUID_LOCAL: - LOG(log_warning, logtype_afpd, "check_access: local UUID"); + default: EC_STATUS(AFPERR_MISC); goto EC_CLEANUP; } +#endif + EC_ZERO_LOG_ERR(ostat(path, &st, vol_syml_opt(vol)), AFPERR_PARAM); + + is_dir = !strcmp(path, "."); + + if (is_dir && (curdir->d_rights_cache != 0xffffffff)) { + /* its a dir and the cache value is valid */ + allowed_rights = curdir->d_rights_cache; + LOG(log_debug, logtype_afpd, "check_access: allowed rights from dircache: 0x%08x", allowed_rights); + } else { #ifdef HAVE_SOLARIS_ACLS - EC_ZERO_LOG(solaris_acl_rights(path, &st, &allowed_rights)); + EC_ZERO_LOG(solaris_acl_rights(obj, path, &st, NULL, &allowed_rights)); #endif #ifdef HAVE_POSIX_ACLS - EC_ZERO_LOG(posix_acl_rights(path, &st, &allowed_rights)); + EC_ZERO_LOG(posix_acl_rights(obj, path, &st, &allowed_rights)); #endif + /* + * The DARWIN_ACE_DELETE right might implicitly result from write acces to the parent + * directory. As it seems the 10.6 AFP client is puzzled when this right is not + * allowed where a delete would succeed because the parent dir gives write perms. + * So we check the parent dir for write access and set the right accordingly. + * Currentyl acl2ownermode calls us with dir = NULL, because it doesn't make sense + * there to do this extra check -- afaict. + */ + if (vol && dir && (requested_rights & DARWIN_ACE_DELETE)) { + int i; + uint32_t parent_rights = 0; + + if (curdir->d_did == DIRDID_ROOT_PARENT) { + /* use volume path */ + EC_NULL_LOG_ERR(parent = bfromcstr(vol->v_path), AFPERR_MISC); + } else { + /* build path for parent */ + EC_NULL_LOG_ERR(parent = bstrcpy(curdir->d_fullpath), AFPERR_MISC); + EC_ZERO_LOG_ERR(bconchar(parent, '/'), AFPERR_MISC); + EC_ZERO_LOG_ERR(bcatcstr(parent, path), AFPERR_MISC); + EC_NEG1_LOG_ERR(i = bstrrchr(parent, '/'), AFPERR_MISC); + EC_ZERO_LOG_ERR(binsertch(parent, i, 1, 0), AFPERR_MISC); + } - LOG(log_debug, logtype_afpd, "allowed rights: 0x%08x", allowed_rights); - - /* - * The DARWIN_ACE_DELETE right might implicitly result from write acces to the parent - * directory. As it seems the 10.6 AFP client is puzzled when this right is not - * allowed where a delete would succeed because the parent dir gives write perms. - * So we check the parent dir for write access and set the right accordingly. - * Currentyl acl2ownermode calls us with dir = NULL, because it doesn't make sense - * there to do this extra check -- afaict. - */ - if (vol && dir && (requested_rights & DARWIN_ACE_DELETE)) { - int i; - uint32_t parent_rights = 0; - - if (dir->d_did == DIRDID_ROOT_PARENT) { - /* use volume path */ - EC_NULL_LOG_ERR(parent = bfromcstr(vol->v_path), AFPERR_MISC); - } else { - /* build path for parent */ - EC_NULL_LOG_ERR(parent = bstrcpy(dir->d_fullpath), AFPERR_MISC); - EC_ZERO_LOG_ERR(bconchar(parent, '/'), AFPERR_MISC); - EC_ZERO_LOG_ERR(bcatcstr(parent, path), AFPERR_MISC); - EC_NEG1_LOG_ERR(i = bstrrchr(parent, '/'), AFPERR_MISC); - EC_ZERO_LOG_ERR(binsertch(parent, i, 1, 0), AFPERR_MISC); - } - - LOG(log_debug, logtype_afpd,"parent: %s", cfrombstr(parent)); - EC_ZERO_LOG_ERR(lstat(cfrombstr(parent), &st), AFPERR_MISC); + LOG(log_debug, logtype_afpd,"parent: %s", cfrombstr(parent)); + EC_ZERO_LOG_ERR(lstat(cfrombstr(parent), &st), AFPERR_MISC); #ifdef HAVE_SOLARIS_ACLS - EC_ZERO_LOG(solaris_acl_rights(cfrombstr(parent), &st, &parent_rights)); + EC_ZERO_LOG(solaris_acl_rights(obj, cfrombstr(parent), &st, NULL, &parent_rights)); #endif #ifdef HAVE_POSIX_ACLS - EC_ZERO_LOG(posix_acl_rights(path, &st, &allowed_rights)); + EC_ZERO_LOG(posix_acl_rights(obj, path, &st, &parent_rights)); #endif - if (parent_rights & (DARWIN_ACE_WRITE_DATA | DARWIN_ACE_DELETE_CHILD)) - allowed_rights |= DARWIN_ACE_DELETE; /* man, that was a lot of work! */ + if (parent_rights & (DARWIN_ACE_WRITE_DATA | DARWIN_ACE_DELETE_CHILD)) + allowed_rights |= DARWIN_ACE_DELETE; /* man, that was a lot of work! */ + } + + if (is_dir) { + /* Without DARWIN_ACE_DELETE set OS X 10.6 refuses to rename subdirectories in a + * directory. + */ + if (allowed_rights & DARWIN_ACE_ADD_SUBDIRECTORY) + allowed_rights |= DARWIN_ACE_DELETE; + + curdir->d_rights_cache = allowed_rights; + } + LOG(log_debug, logtype_afpd, "allowed rights: 0x%08x", allowed_rights); } if ((requested_rights & allowed_rights) != requested_rights) { @@ -1236,7 +1547,7 @@ int afp_access(AFPObj *obj, char *ibuf, size_t ibuflen _U_, char *rbuf _U_, size return AFPERR_NOOBJ; } - ret = check_acl_access(vol, dir, s_path->u_name, uuid, darwin_ace_rights); + ret = check_acl_access(obj, vol, dir, s_path->u_name, uuid, darwin_ace_rights); return ret; } @@ -1297,10 +1608,10 @@ int afp_getacl(AFPObj *obj, char *ibuf, size_t ibuflen _U_, char *rbuf _U_, size LOG(log_debug, logtype_afpd, "afp_getacl: client requested files owner user UUID"); if (NULL == (pw = getpwuid(s_path->st.st_uid))) { LOG(log_debug, logtype_afpd, "afp_getacl: local uid: %u", s_path->st.st_uid); - localuuid_from_id(rbuf, UUID_USER, s_path->st.st_uid); + localuuid_from_id((unsigned char *)rbuf, UUID_USER, s_path->st.st_uid); } else { LOG(log_debug, logtype_afpd, "afp_getacl: got uid: %d, name: %s", s_path->st.st_uid, pw->pw_name); - if ((ret = getuuidfromname(pw->pw_name, UUID_USER, rbuf)) != 0) + if ((ret = getuuidfromname(pw->pw_name, UUID_USER, (unsigned char *)rbuf)) != 0) return AFPERR_MISC; } rbuf += UUID_BINSIZE; @@ -1312,10 +1623,10 @@ int afp_getacl(AFPObj *obj, char *ibuf, size_t ibuflen _U_, char *rbuf _U_, size LOG(log_debug, logtype_afpd, "afp_getacl: client requested files owner group UUID"); if (NULL == (gr = getgrgid(s_path->st.st_gid))) { LOG(log_debug, logtype_afpd, "afp_getacl: local gid: %u", s_path->st.st_gid); - localuuid_from_id(rbuf, UUID_GROUP, s_path->st.st_gid); + localuuid_from_id((unsigned char *)rbuf, UUID_GROUP, s_path->st.st_gid); } else { LOG(log_debug, logtype_afpd, "afp_getacl: got gid: %d, name: %s", s_path->st.st_gid, gr->gr_name); - if ((ret = getuuidfromname(gr->gr_name, UUID_GROUP, rbuf)) != 0) + if ((ret = getuuidfromname(gr->gr_name, UUID_GROUP, (unsigned char *)rbuf)) != 0) return AFPERR_MISC; } rbuf += UUID_BINSIZE; @@ -1444,71 +1755,27 @@ int afp_setacl(AFPObj *obj, char *ibuf, size_t ibuflen _U_, char *rbuf _U_, size * This is the magic function that makes ACLs usable by calculating * the access granted by ACEs to the logged in user. */ -int acltoownermode(char *path, struct stat *st, struct maccess *ma) +int acltoownermode(const AFPObj *obj, const struct vol *vol, char *path, struct stat *st, struct maccess *ma) { EC_INIT; - uint32_t rights = 0; - if ( ! (AFPobj->options.flags & OPTION_ACL2MACCESS) - || (current_vol == NULL) - || ! (current_vol->v_flags & AFPVOL_ACLS)) + if ( ! (obj->options.flags & (OPTION_ACL2MACCESS | OPTION_ACL2MODE)) + || ! (vol->v_flags & AFPVOL_ACLS)) return 0; LOG(log_maxdebug, logtype_afpd, "acltoownermode(\"%s/%s\", 0x%02x)", getcwdpath(), path, ma->ma_user); #ifdef HAVE_SOLARIS_ACLS - EC_ZERO_LOG(solaris_acl_rights(path, st, &rights)); + EC_ZERO_LOG(solaris_acl_rights(obj, path, st, ma, NULL)); #endif + #ifdef HAVE_POSIX_ACLS - EC_ZERO_LOG(posix_acl_rights(path, st, &rights)); + EC_ZERO_LOG(posix_acls_to_uaperms(obj, path, st, ma)); #endif - LOG(log_maxdebug, logtype_afpd, "rights: 0x%08x", rights); - - if (rights & DARWIN_ACE_READ_DATA) - ma->ma_user |= AR_UREAD; - if (rights & DARWIN_ACE_WRITE_DATA) - ma->ma_user |= AR_UWRITE; - if (rights & (DARWIN_ACE_EXECUTE | DARWIN_ACE_SEARCH)) - ma->ma_user |= AR_USEARCH; - - LOG(log_maxdebug, logtype_afpd, "resulting user maccess: 0x%02x", ma->ma_user); + LOG(log_maxdebug, logtype_afpd, "resulting user maccess: 0x%02x group maccess: 0x%02x", ma->ma_user, ma->ma_group); EC_CLEANUP: EC_EXIT; } - -/*! - * Check whether a volume supports ACLs - * - * @param vol (r) volume - * - * @returns 0 if not, 1 if yes - */ -int check_vol_acl_support(const struct vol *vol) -{ - int ret = 1; - -#ifdef HAVE_SOLARIS_ACLS - ace_t *aces = NULL; - if (get_nfsv4_acl(vol->v_path, &aces) == -1) - ret = 0; -#endif -#ifdef HAVE_POSIX_ACLS - acl_t acl = NULL; - if ((acl = acl_get_file(vol->v_path, ACL_TYPE_ACCESS)) == NULL) - ret = 0; -#endif - -#ifdef HAVE_SOLARIS_ACLS - if (aces) free(aces); -#endif -#ifdef HAVE_POSIX_ACLS - if (acl) acl_free(acl); -#endif /* HAVE_POSIX_ACLS */ - - LOG(log_debug, logtype_afpd, "Volume \"%s\" ACL support: %s", - vol->v_path, ret ? "yes" : "no"); - return ret; -}