From de3f7ef8c282a7c164cef425b5b713a3ae8be1d4 Mon Sep 17 00:00:00 2001 From: Frank Lahm Date: Fri, 11 Jun 2010 08:07:45 +0200 Subject: [PATCH] POSIX ACLs support: compiles again --- bin/misc/Makefile.am | 11 ++- bin/misc/uuidtest.c | 4 +- config/Makefile.am | 2 +- configure.in | 150 +++++++++++++++++++++++++++++-------- etc/afpd/Makefile.am | 2 +- etc/afpd/acl_mappings.h | 5 ++ etc/afpd/acls.c | 74 ++++++++++++------ etc/afpd/acls.h | 7 +- etc/afpd/afp_config.c | 10 +-- etc/afpd/afp_options.c | 2 + etc/afpd/auth.c | 10 +-- etc/afpd/directory.c | 18 ++--- etc/afpd/globals.h | 1 + etc/afpd/switch.c | 2 +- etc/afpd/unix.c | 11 +-- include/atalk/acl.h | 12 ++- include/atalk/ea.h | 2 +- include/atalk/ldapconfig.h | 6 +- libatalk/Makefile.am | 12 ++- libatalk/acl/Makefile.am | 4 +- libatalk/acl/ldap_config.c | 4 +- libatalk/vfs/Makefile.am | 5 +- libatalk/vfs/acl.c | 18 ++++- libatalk/vfs/vfs.c | 6 +- macros/summary.m4 | 2 +- 25 files changed, 260 insertions(+), 120 deletions(-) diff --git a/bin/misc/Makefile.am b/bin/misc/Makefile.am index 9b55ee36..e12e782d 100644 --- a/bin/misc/Makefile.am +++ b/bin/misc/Makefile.am @@ -1,16 +1,15 @@ # Makefile.am for bin/misc -bin_PROGRAMS = netacnv +pkgconfdir = @PKGCONFDIR@ +bin_PROGRAMS = +noinst_PROGRAMS = netacnv netacnv_SOURCES = netacnv.c netacnv_LDADD = $(top_builddir)/libatalk/libatalk.la -pkgconfdir = @PKGCONFDIR@ -if USE_NFSv4_ACLS +if HAVE_ACLS bin_PROGRAMS += afpldaptest - afpldaptest_SOURCES = uuidtest.c +afpldaptest_CFLAGS = -D_PATH_ACL_LDAPCONF=\"$(pkgconfdir)/afp_ldap.conf\" afpldaptest_LDADD = $(top_builddir)/libatalk/libatalk.la - -AM_CFLAGS = -D_PATH_ACL_LDAPCONF=\"$(pkgconfdir)/afp_ldap.conf\" endif diff --git a/bin/misc/uuidtest.c b/bin/misc/uuidtest.c index a4c700c5..826d3d91 100644 --- a/bin/misc/uuidtest.c +++ b/bin/misc/uuidtest.c @@ -17,7 +17,7 @@ #include "config.h" #endif /* HAVE_CONFIG_H */ -#ifdef HAVE_NFSv4_ACLS +#ifdef HAVE_ACLS #include #include @@ -138,4 +138,4 @@ int main( int argc, char **argv) return 0; } -#endif /* HAVE_NFSv4_ACLS */ +#endif /* HAVE_ACLS */ diff --git a/config/Makefile.am b/config/Makefile.am index 349b29cd..c05bdd0f 100644 --- a/config/Makefile.am +++ b/config/Makefile.am @@ -7,7 +7,7 @@ GENFILES = afpd.conf AppleVolumes.default TMPLFILES = afpd.conf.tmpl AppleVolumes.default.tmpl CONFFILES = AppleVolumes.system netatalk.conf -if USE_NFSv4_ACLS +if HAVE_ACLS CONFFILES += afp_ldap.conf endif diff --git a/configure.in b/configure.in index 939bb2c4..b7123436 100644 --- a/configure.in +++ b/configure.in @@ -1026,41 +1026,125 @@ AC_ARG_ENABLE(overwrite, AC_MSG_RESULT([$OVERWRITE_CONFIG]) dnl --------------------- check for ACL support -neta_cv_nfsv4acl="no" -AC_MSG_CHECKING([if NFSv4 ACL Support should be enabled]) -AC_ARG_ENABLE(nfsv4acls, - [ --enable-nfsv4acls enable NFSv4 ACL Support],[ - if test x"$enableval" = x"yes"; then - AC_MSG_RESULT([yes]) - neta_cv_nfsv4acl="yes" - else - AC_MSG_RESULT([no]) - fi],[ - AC_MSG_RESULT([no]) - ] -) -if test x$neta_cv_nfsv4acl = xyes; then - AC_CHECK_HEADER([ldap.h],,[ - AC_MSG_ERROR([ACL Support need the LDAP client headers not found.]) - neta_cv_nfsv4acl=no - ] - ) - AC_CHECK_LIB(ldap,ldap_init,neta_cv_nfsv4acl=yes,neta_cv_nfsv4acl=no) +AC_MSG_CHECKING(whether to support ACLs) +AC_ARG_WITH(acl-support, + [AS_HELP_STRING([--with-acl-support], + [Include ACL support (default=auto)])], + [ case "$withval" in + yes|no) + with_acl_support="$withval" + ;; + *) + with_acl_support=auto + ;; + esac ], + [with_acl_support=auto]) +AC_MSG_RESULT($with_acl_support) + +if test x"$with_acl_support" = x"no"; then + AC_MSG_RESULT(Disabling ACL support) + AC_DEFINE(HAVE_NO_ACLS,1,[Whether no ACLs support should be built in]) +else + with_acl_support=yes + AC_MSG_NOTICE([ACL support requires LDAP support, checking whether that's available]) + AC_CHECK_HEADER([ldap.h],, + [AC_MSG_ERROR([ACL Support prerequisite LDAP client headers not found.]) + with_acl_support=no]) + + AC_CHECK_LIB(ldap, ldap_init,, + [AC_MSG_ERROR([ACL Support prerequisite LDAP client libs not found.]) + with_acl_support=no]) fi -if test x$neta_cv_nfsv4acl = xyes; then - AC_CHECK_HEADER([sys/acl.h],[ - AC_DEFINE([HAVE_NFSv4_ACLS], 1, [Enable ACL code]) - AC_MSG_NOTICE([Enabling ACL support]) - ], - neta_cv_nfsv4acl=no - ) + +if test x"$with_acl_support" = x"yes" ; then + AC_MSG_NOTICE(checking whether ACL support is available:) + case "$host_os" in + *sysv5*) + AC_MSG_NOTICE(Using UnixWare ACLs) + AC_DEFINE(HAVE_UNIXWARE_ACLS,1,[Whether UnixWare ACLs are available]) + ;; + *solaris*) + AC_MSG_NOTICE(Using solaris ACLs) + AC_DEFINE(HAVE_SOLARIS_ACLS,1,[Whether solaris ACLs are available]) + ACL_LIBS="$ACL_LIBS -lsec" + ;; + *hpux*) + AC_MSG_NOTICE(Using HPUX ACLs) + AC_DEFINE(HAVE_HPUX_ACLS,1,[Whether HPUX ACLs are available]) + ;; + *irix*) + AC_MSG_NOTICE(Using IRIX ACLs) + AC_DEFINE(HAVE_IRIX_ACLS,1,[Whether IRIX ACLs are available]) + ;; + *aix*) + AC_MSG_NOTICE(Using AIX ACLs) + AC_DEFINE(HAVE_AIX_ACLS,1,[Whether AIX ACLs are available]) + ;; + *osf*) + AC_MSG_NOTICE(Using Tru64 ACLs) + AC_DEFINE(HAVE_TRU64_ACLS,1,[Whether Tru64 ACLs are available]) + ACL_LIBS="$ACL_LIBS -lpacl" + ;; + *darwin*) + AC_MSG_NOTICE(ACLs on Darwin currently not supported) + AC_DEFINE(HAVE_NO_ACLS,1,[Whether no ACLs support is available]) + ;; + *) + AC_CHECK_LIB(acl,acl_get_file,[ACL_LIBS="$ACL_LIBS -lacl"]) + case "$host_os" in + *linux*) + AC_CHECK_LIB(attr,getxattr,[ACL_LIBS="$ACL_LIBS -lattr"]) + ;; + esac + AC_CACHE_CHECK([for POSIX ACL support],netatalk_cv_HAVE_POSIX_ACLS,[ + acl_LIBS=$LIBS + LIBS="$LIBS $ACL_LIBS" + AC_TRY_LINK([ + #include + #include + ],[ + acl_t acl; + int entry_id; + acl_entry_t *entry_p; + return acl_get_entry(acl, entry_id, entry_p); + ], + [netatalk_cv_HAVE_POSIX_ACLS=yes], + [netatalk_cv_HAVE_POSIX_ACLS=no + with_acl_support=no]) + LIBS=$acl_LIBS + ]) + if test x"$netatalk_cv_HAVE_POSIX_ACLS" = x"yes"; then + AC_MSG_NOTICE(Using POSIX ACLs) + AC_DEFINE(HAVE_POSIX_ACLS,1,[Whether POSIX ACLs are available]) + AC_CACHE_CHECK([for acl_get_perm_np],netatalk_cv_HAVE_ACL_GET_PERM_NP,[ + acl_LIBS=$LIBS + LIBS="$LIBS $ACL_LIBS" + AC_TRY_LINK([ + #include + #include + ],[ + acl_permset_t permset_d; + acl_perm_t perm; + return acl_get_perm_np(permset_d, perm); + ], + [samba_cv_HAVE_ACL_GET_PERM_NP=yes], + [samba_cv_HAVE_ACL_GET_PERM_NP=no]) + LIBS=$acl_LIBS + ]) + if test x"netatalk_cv_HAVE_ACL_GET_PERM_NP" = x"yes"; then + AC_DEFINE(HAVE_ACL_GET_PERM_NP,1,[Whether acl_get_perm_np() is available]) + fi + else + AC_MSG_NOTICE(ACL support is not avaliable) + AC_DEFINE(HAVE_NO_ACLS,1,[Whether no ACLs support is available]) + fi + ;; + esac fi -if test x$neta_cv_nfsv4acl = xyes; then - LIBATALK_ACLS="acl/libacl.la" -else - LIBATALK_ACLS="" + +if test x"$with_acl_support" = x"yes" ; then + AC_DEFINE(HAVE_ACLS,1,[Whether ACLs support is available]) fi -AC_SUBST(LIBATALK_ACLS) dnl --------------------- check for Extended Attributes support neta_cv_eas="ad" @@ -1206,7 +1290,7 @@ AM_CONDITIONAL(COMPILE_TIMELORD, test x$compile_timelord = xyes) AM_CONDITIONAL(COMPILE_A2BOOT, test x$compile_a2boot = xyes) AM_CONDITIONAL(HAVE_LIBGCRYPT, test x$neta_cv_have_libgcrypt = xyes) AM_CONDITIONAL(HAVE_OPENSSL, test x$neta_cv_have_openssl = xyes) -AM_CONDITIONAL(USE_NFSv4_ACLS, test x$neta_cv_nfsv4acl = xyes) +AM_CONDITIONAL(HAVE_ACLS, test x"$with_acl_support" = x"yes") AM_CONDITIONAL(USE_DHX, test x$neta_cv_compile_dhx = xyes) AM_CONDITIONAL(USE_DHX2, test x$neta_cv_compile_dhx2 = xyes) AM_CONDITIONAL(USE_RANDNUM, test x$neta_cv_have_openssl = xyes) diff --git a/etc/afpd/Makefile.am b/etc/afpd/Makefile.am index f4d04f1a..e1c5415e 100644 --- a/etc/afpd/Makefile.am +++ b/etc/afpd/Makefile.am @@ -11,7 +11,7 @@ afpd_SOURCES = unix.c ofork.c main.c switch.c auth.c volume.c directory.c \ afp_config.c nfsquota.c quota.c uam.c afs.c uid.c afp_util.c \ catsearch.c afprun.c hash.c extattrs.c dircache.c -if USE_NFSv4_ACLS +if HAVE_ACLS afpd_SOURCES += acls.c endif diff --git a/etc/afpd/acl_mappings.h b/etc/afpd/acl_mappings.h index d1ddbc13..9bab0d76 100644 --- a/etc/afpd/acl_mappings.h +++ b/etc/afpd/acl_mappings.h @@ -16,7 +16,10 @@ #ifndef ACL_MAPPINGS #define ACL_MAPPINGS +#ifdef HAVE_SOLARIS_ACLS #include +#endif + #include "acls.h" /* @@ -28,6 +31,7 @@ struct ace_rights_map { u_int32_t to; }; +#ifdef HAVE_SOLARIS_ACLS struct ace_rights_map nfsv4_to_darwin_rights[] = { {ACE_READ_DATA, DARWIN_ACE_READ_DATA}, {ACE_WRITE_DATA, DARWIN_ACE_WRITE_DATA}, @@ -89,5 +93,6 @@ struct darwin_to_nfsv4_flags_map darwin_to_nfsv4_flags[] = { {DARWIN_ACE_FLAGS_INHERITED, ACE_INHERITED_ACE}, {0,0} }; +#endif /* HAVE_SOLARIS_ACLS */ #endif /* ACL_MAPPINGS */ diff --git a/etc/afpd/acls.c b/etc/afpd/acls.c index fd6f3ab4..27a16e7e 100644 --- a/etc/afpd/acls.c +++ b/etc/afpd/acls.c @@ -1,6 +1,6 @@ /* - $Id: acls.c,v 1.9 2010-03-08 19:49:59 franklahm Exp $ Copyright (c) 2008,2009 Frank Lahm + Copyright (c) 2010 Frank Lahm This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -55,7 +55,7 @@ Takes a users name, uid and primary gid and checks if user is member of any group Returns -1 if no or error, 0 if yes */ -static int check_group(char *name, uid_t uid, gid_t pgid, gid_t path_gid) +static int check_group(char *name, uid_t uid _U_, gid_t pgid, gid_t path_gid) { int i; struct group *grp; @@ -79,6 +79,11 @@ static int check_group(char *name, uid_t uid, gid_t pgid, gid_t path_gid) return -1; } +/******************************************************** + * Solaris funcs + ********************************************************/ + +#ifdef HAVE_SOLARIS_ACLS /* Remove any trivial ACE "in-place". Returns no of non-trivial ACEs */ @@ -352,9 +357,6 @@ int map_aces_darwin_to_solaris(darwin_ace_t *darwin_aces, ace_t *nfsv4_aces, int return mapped_aces; } -/******************************************************** - * 2nd level funcs - ********************************************************/ /* Map between ACL styles (SOLARIS_2_DARWIN, DARWIN_2_SOLARIS). Reads from 'aces' buffer, writes to 'rbuf' buffer. @@ -385,20 +387,18 @@ static int map_acl(int type, ace_t *nfsv4_aces, darwin_ace_t *buf, int ace_count LOG(log_debug9, logtype_afpd, "map_acl: END"); return mapped_aces; } - -/******************************************************** - * 1st level funcs - ********************************************************/ - +#endif /* HAVE_SOLARIS_ACLS */ /* Get ACL from object omitting trivial ACEs. Map to Darwin ACL style and store Darwin ACL at rbuf. Add length of ACL written to rbuf to *rbuflen. Returns 0 on success, -1 on error. */ static int get_and_map_acl(char *name, char *rbuf, size_t *rbuflen) { - int ace_count, mapped_aces, err; - ace_t *aces; + int ace_count = 0, mapped_aces = 0, err; uint32_t *darwin_ace_count = (u_int32_t *)rbuf; +#ifdef HAVE_SOLARIS_ACLS + ace_t *aces; +#endif LOG(log_debug9, logtype_afpd, "get_and_map_acl: BEGIN"); @@ -407,6 +407,7 @@ static int get_and_map_acl(char *name, char *rbuf, size_t *rbuflen) *rbuf = 0; rbuf += 4; +#ifdef HAVE_SOLARIS_ACLS if ( (ace_count = get_nfsv4_acl(name, &aces)) == -1) { LOG(log_error, logtype_afpd, "get_and_map_acl: couldnt get ACL"); return -1; @@ -416,21 +417,25 @@ static int get_and_map_acl(char *name, char *rbuf, size_t *rbuflen) err = -1; goto cleanup; } +#endif /* HAVE_SOLARIS_ACLS */ + LOG(log_debug, logtype_afpd, "get_and_map_acl: mapped %d ACEs", mapped_aces); err = 0; *darwin_ace_count = htonl(mapped_aces); *rbuflen += sizeof(darwin_acl_header_t) + (mapped_aces * sizeof(darwin_ace_t)); +#ifdef HAVE_SOLARIS_ACLS cleanup: - free(aces); + free(aces); +#endif LOG(log_debug9, logtype_afpd, "get_and_map_acl: END"); return err; } /* Removes all non-trivial ACLs from object. Returns full AFPERR code. */ -static int remove_acl_vfs(const struct vol *vol,const char *path, int dir) +static int remove_acl(const struct vol *vol,const char *path, int dir) { int ret; @@ -438,7 +443,7 @@ static int remove_acl_vfs(const struct vol *vol,const char *path, int dir) if ((ret = vol->vfs->vfs_remove_acl(vol, path, dir)) != AFP_OK) return ret; /* now the data fork or dir */ - return (remove_acl(path)); + return (remove_acl_vfs(path)); } /* @@ -449,7 +454,8 @@ static int remove_acl_vfs(const struct vol *vol,const char *path, int dir) We will store inherited ACEs first, which is Darwins canonical order. - returns AFPerror code */ -static int set_acl_vfs(const struct vol *vol, char *name, int inherit, char *ibuf) +#ifdef HAVE_SOLARIS_ACLS +static int set_acl(const struct vol *vol, char *name, int inherit, char *ibuf) { int ret, i, nfsv4_ace_count, tocopy_aces_count = 0, new_aces_count = 0, trivial_ace_count = 0; ace_t *old_aces, *new_aces = NULL; @@ -551,11 +557,20 @@ cleanup: LOG(log_debug9, logtype_afpd, "set_acl: END"); return ret; } +#endif /* HAVE_SOLARIS_ACLS */ + +#ifdef HAVE_POSIX_ACLS +static int set_acl(const struct vol *vol, char *name, int inherit, char *ibuf) +{ + return AFP_OK; +} +#endif /* HAVE_POSIX_ACLS */ /* Checks if a given UUID has requested_rights(type darwin_ace_rights) for path. Note: this gets called frequently and is a good place for optimizations ! */ +#ifdef HAVE_SOLARIS_ACLS static int check_acl_access(const char *path, const uuidp_t uuid, uint32_t requested_darwin_rights) { int ret, i, ace_count, dir, checkgroup; @@ -713,6 +728,14 @@ exit: #endif return ret; } +#endif /* HAVE_SOLARIS_ACLS */ + +#ifdef HAVE_POSIX_ACLS +static int check_acl_access(const char *path, const uuidp_t uuid, uint32_t requested_darwin_rights) +{ + return AFP_OK; +} +#endif /* HAVE_POSIX_ACLS */ /******************************************************** * Interface @@ -929,7 +952,7 @@ int afp_setacl(AFPObj *obj, char *ibuf, size_t ibuflen _U_, char *rbuf _U_, size /* Remove ACL ? */ if (bitmap & kFileSec_REMOVEACL) { LOG(log_debug, logtype_afpd, "afp_setacl: Remove ACL request."); - if ((ret = remove_acl_vfs(vol, s_path->u_name, S_ISDIR(s_path->st.st_mode))) != AFP_OK) + if ((ret = remove_acl(vol, s_path->u_name, S_ISDIR(s_path->st.st_mode))) != AFP_OK) LOG(log_error, logtype_afpd, "afp_setacl: error from remove_acl"); } @@ -939,9 +962,9 @@ int afp_setacl(AFPObj *obj, char *ibuf, size_t ibuflen _U_, char *rbuf _U_, size /* Check if its our job to preserve inherited ACEs */ if (bitmap & kFileSec_Inherit) - ret = set_acl_vfs(vol, s_path->u_name, 1, ibuf); + ret = set_acl(vol, s_path->u_name, 1, ibuf); else - ret = set_acl_vfs(vol, s_path->u_name, 0, ibuf); + ret = set_acl(vol, s_path->u_name, 0, ibuf); if (ret == 0) ret = AFP_OK; else @@ -959,9 +982,9 @@ void acltoownermode(char *path, struct stat *st, uid_t uid, struct maccess *ma) { struct passwd *pw; uuid_t uuid; - int dir, r_ok, w_ok, x_ok; + int r_ok, w_ok, x_ok; - if ( ! (AFPobj->options.flags & OPTION_UUID)) + if ( ! (AFPobj->options.flags & OPTION_UUID) || (AFPobj->options.flags & OPTION_ACL2OS9MODE)) return; LOG(log_maxdebug, logtype_afpd, "acltoownermode('%s')", path); @@ -998,6 +1021,7 @@ void acltoownermode(char *path, struct stat *st, uid_t uid, struct maccess *ma) We then inherit any explicit ACE from "." to ".AppleDouble" and ".AppleDouble/.Parent". FIXME: add to VFS layer ? */ +#ifdef HAVE_SOLARIS_ACLS void addir_inherit_acl(const struct vol *vol) { ace_t *diraces = NULL, *adaces = NULL, *combinedaces = NULL; @@ -1064,3 +1088,11 @@ cleanup: free(adaces); free(combinedaces); } +#endif /* HAVE_SOLARIS_ACLS */ + +#ifdef HAVE_POSIX_ACLS +void addir_inherit_acl(const struct vol *vol) +{ + return; +} +#endif /* HAVE_POSIX_ACLS */ diff --git a/etc/afpd/acls.h b/etc/afpd/acls.h index a1b1e52d..4965c56b 100644 --- a/etc/afpd/acls.h +++ b/etc/afpd/acls.h @@ -1,5 +1,4 @@ /* - $Id: acls.h,v 1.3 2009-11-20 17:45:47 franklahm Exp $ Copyright (c) 2008,2009 Frank Lahm This program is free software; you can redistribute it and/or modify @@ -16,7 +15,10 @@ #ifndef AFPD_ACLS_H #define AFPD_ACLS_H +#ifdef HAVE_SOLARIS_ACLS #include +#endif + #include /* for uuid_t */ /* @@ -32,8 +34,10 @@ * the wire! We will ignore and spoil em. */ +#ifdef HAVE_SOLARIS_ACLS /* Some stuff for the handling of NFSv4 ACLs */ #define ACE_TRIVIAL (ACE_OWNER | ACE_GROUP | ACE_EVERYONE) +#endif /* HAVE_SOLARIS_ACLS */ /* FPGet|Set Bitmap */ enum { @@ -107,5 +111,6 @@ int afp_setacl (AFPObj *obj, char *ibuf, size_t ibuflen, char *rbuf, size_t *rb /* Parse afp_ldap.conf */ extern int acl_ldap_readconfig(char *name); +extern void acltoownermode(char *path, struct stat *st,uid_t uid, struct maccess *ma); #endif diff --git a/etc/afpd/afp_config.c b/etc/afpd/afp_config.c index 6381479d..13dc62e6 100644 --- a/etc/afpd/afp_config.c +++ b/etc/afpd/afp_config.c @@ -48,7 +48,7 @@ char *strchr (), *strrchr (); #ifdef USE_SRVLOC #include #endif /* USE_SRVLOC */ -#ifdef HAVE_NFSv4_ACLS +#ifdef HAVE_ACLS #include #endif @@ -543,12 +543,12 @@ AFPConfig *configinit(struct afp_options *cmdline) struct afp_options options; AFPConfig *config=NULL, *first = NULL; -#ifdef HAVE_NFSv4_ACLS +#ifdef HAVE_ACLS /* Parse afp_ldap.conf first so we can set the uuid option */ LOG(log_debug, logtype_afpd, "Start parsing afp_ldap.conf"); acl_ldap_readconfig(_PATH_ACL_LDAPCONF); LOG(log_debug, logtype_afpd, "Finished parsing afp_ldap.conf"); -#endif +#endif /* HAVE_ACLS */ /* if config file doesn't exist, load defaults */ if ((fp = fopen(cmdline->configfile, "r")) == NULL) @@ -585,11 +585,11 @@ AFPConfig *configinit(struct afp_options *cmdline) if (!afp_options_parseline(p, &options)) continue; -#ifdef HAVE_NFSv4_ACLS +#ifdef HAVE_ACLS /* Enable UUID support if LDAP config is complete */ if (ldap_config_valid) options.flags |= OPTION_UUID; -#endif +#endif /* HAVE_ACLS */ /* this should really get a head and a tail to simplify things. */ if (!first) { diff --git a/etc/afpd/afp_options.c b/etc/afpd/afp_options.c index 1bc1ebe1..cc7c4241 100644 --- a/etc/afpd/afp_options.c +++ b/etc/afpd/afp_options.c @@ -238,6 +238,8 @@ int afp_options_parseline(char *buf, struct afp_options *options) options->flags |= OPTION_CUSTOMICON; if (strstr(buf, " -advertise_ssh")) options->flags |= OPTION_ANNOUNCESSH; + if (strstr(buf, " -acl2os9mode")) + options->flags |= OPTION_ACL2OS9MODE; /* passwd bits */ if (strstr(buf, " -nosavepassword")) diff --git a/etc/afpd/auth.c b/etc/afpd/auth.c index 429b3536..13fade67 100644 --- a/etc/afpd/auth.c +++ b/etc/afpd/auth.c @@ -48,7 +48,7 @@ extern void afp_get_cmdline( int *ac, char ***av ); #include "status.h" #include "fork.h" #include "extattrs.h" -#ifdef HAVE_NFSv4_ACLS +#ifdef HAVE_ACLS #include "acls.h" #endif @@ -210,11 +210,11 @@ static int set_auth_switch(int expired) afp_switch = postauth_switch; switch (afp_version) { case 32: -#ifdef HAVE_NFSv4_ACLS +#ifdef HAVE_ACLS uam_afpserver_action(AFP_GETACL, UAM_AFPSERVER_POSTAUTH, afp_getacl, NULL); uam_afpserver_action(AFP_SETACL, UAM_AFPSERVER_POSTAUTH, afp_setacl, NULL); uam_afpserver_action(AFP_ACCESS, UAM_AFPSERVER_POSTAUTH, afp_access, NULL); -#endif +#endif /* HAVE_ACLS */ uam_afpserver_action(AFP_GETEXTATTR, UAM_AFPSERVER_POSTAUTH, afp_getextattr, NULL); uam_afpserver_action(AFP_SETEXTATTR, UAM_AFPSERVER_POSTAUTH, afp_setextattr, NULL); uam_afpserver_action(AFP_REMOVEATTR, UAM_AFPSERVER_POSTAUTH, afp_remextattr, NULL); @@ -999,7 +999,7 @@ int afp_getuserinfo(AFPObj *obj _U_, char *ibuf, size_t ibuflen _U_, char *rbuf, *rbuflen += sizeof(id); } -#ifdef HAVE_NFSv4_ACLS +#ifdef HAVE_ACLS if (bitmap & USERIBIT_UUID) { int ret; uuid_t uuid; @@ -1021,7 +1021,7 @@ int afp_getuserinfo(AFPObj *obj _U_, char *ibuf, size_t ibuflen _U_, char *rbuf, rbuf += UUID_BINSIZE; *rbuflen += UUID_BINSIZE; } -#endif +#endif /* HAVE_ACLS */ LOG(log_debug, logtype_afpd, "END afp_getuserinfo:"); return AFP_OK; diff --git a/etc/afpd/directory.c b/etc/afpd/directory.c index 03bb0146..90c014c8 100644 --- a/etc/afpd/directory.c +++ b/etc/afpd/directory.c @@ -43,7 +43,7 @@ #include "mangle.h" #include "hash.h" -#ifdef HAVE_NFSv4_ACLS +#ifdef HAVE_ACLS extern void addir_inherit_acl(const struct vol *vol); #endif @@ -2132,10 +2132,10 @@ int afp_createdir(AFPObj *obj, char *ibuf, size_t ibuflen _U_, char *rbuf, size_ ad_close_metadata( &ad); createdir_done: -#ifdef HAVE_NFSv4_ACLS +#ifdef HAVE_ACLS /* FIXME: are we really inside the created dir? */ addir_inherit_acl(vol); -#endif +#endif /* HAVE_ACLS */ memcpy( rbuf, &dir->d_did, sizeof( u_int32_t )); *rbuflen = sizeof( u_int32_t ); @@ -2330,7 +2330,7 @@ int afp_mapid(AFPObj *obj, char *ibuf, size_t ibuflen _U_, char *rbuf, size_t *r name = NULL; } break; -#ifdef HAVE_NFSv4_ACLS +#ifdef HAVE_ACLS case 5 : /* UUID -> username */ case 6 : /* UUID -> groupname */ if ((afp_version < 32) || !(obj->options.flags & OPTION_UUID )) @@ -2364,7 +2364,7 @@ int afp_mapid(AFPObj *obj, char *ibuf, size_t ibuflen _U_, char *rbuf, size_t *r *rbuflen = 2 * sizeof( id ); } break; -#endif +#endif /* HAVE_ACLS */ default : return( AFPERR_PARAM ); } @@ -2418,7 +2418,7 @@ int afp_mapname(AFPObj *obj _U_, char *ibuf, size_t ibuflen _U_, char *rbuf, siz case 4 : len = (unsigned char) *ibuf++; break; -#ifdef HAVE_NFSv4_ACLS +#ifdef HAVE_ACLS case 5 : /* username -> UUID */ case 6 : /* groupname -> UUID */ if ((afp_version < 32) || !(obj->options.flags & OPTION_UUID )) @@ -2427,7 +2427,7 @@ int afp_mapname(AFPObj *obj _U_, char *ibuf, size_t ibuflen _U_, char *rbuf, siz len = ntohs(ulen); ibuf += 2; break; -#endif +#endif /* HAVE_ACLS */ default : return( AFPERR_PARAM ); } @@ -2461,7 +2461,7 @@ int afp_mapname(AFPObj *obj _U_, char *ibuf, size_t ibuflen _U_, char *rbuf, siz memcpy( rbuf, &id, sizeof( id )); *rbuflen = sizeof( id ); break; -#ifdef HAVE_NFSv4_ACLS +#ifdef HAVE_ACLS case 5 : /* username -> UUID */ LOG(log_debug, logtype_afpd, "afp_mapname: name: %s",ibuf); if (0 != getuuidfromname(ibuf, UUID_USER, rbuf)) @@ -2474,7 +2474,7 @@ int afp_mapname(AFPObj *obj _U_, char *ibuf, size_t ibuflen _U_, char *rbuf, siz return AFPERR_NOITEM; *rbuflen = UUID_BINSIZE; break; -#endif +#endif /* HAVE_ACLS */ } } return( AFP_OK ); diff --git a/etc/afpd/globals.h b/etc/afpd/globals.h index 6ad480c2..d2f86136 100644 --- a/etc/afpd/globals.h +++ b/etc/afpd/globals.h @@ -35,6 +35,7 @@ #define OPTION_NOSLP (1 << 5) #define OPTION_ANNOUNCESSH (1 << 6) #define OPTION_UUID (1 << 7) +#define OPTION_ACL2OS9MODE (1 << 8) #ifdef FORCE_UIDGID /* set up a structure for this */ diff --git a/etc/afpd/switch.c b/etc/afpd/switch.c index 2e2c69e0..54acae07 100644 --- a/etc/afpd/switch.c +++ b/etc/afpd/switch.c @@ -46,7 +46,7 @@ #include "filedir.h" #include "status.h" #include "misc.h" -#ifdef HAVE_NFSv4_ACLS +#ifdef HAVE_ACLS #include "acls.h" #endif diff --git a/etc/afpd/unix.c b/etc/afpd/unix.c index 57491a71..2822221e 100644 --- a/etc/afpd/unix.c +++ b/etc/afpd/unix.c @@ -44,12 +44,10 @@ char *strchr (), *strrchr (); #include "volume.h" #include "unix.h" #include "fork.h" - -#ifdef HAVE_NFSv4_ACLS -extern void acltoownermode(char *path, struct stat *st,uid_t uid, struct maccess *ma); +#ifdef HAVE_ACLS +#include "acls.h" #endif - /* * Get the free space on a partition. */ @@ -172,9 +170,8 @@ mode_t mode; * dir parameter is used by AFS */ void accessmode(char *path, struct maccess *ma, struct dir *dir _U_, struct stat *st) - { -struct stat sb; + struct stat sb; ma->ma_user = ma->ma_owner = ma->ma_world = ma->ma_group = 0; if (!st) { @@ -183,7 +180,7 @@ struct stat sb; st = &sb; } utommode( st, ma ); -#ifdef HAVE_NFSv4_ACLS +#ifdef HAVE_ACLS /* 10.5 Finder looks at OS 9 mode, so we must do some mapping */ acltoownermode( path, st, uuid, ma); #endif diff --git a/include/atalk/acl.h b/include/atalk/acl.h index edb39159..6b48e552 100644 --- a/include/atalk/acl.h +++ b/include/atalk/acl.h @@ -1,5 +1,4 @@ /* - $Id: acl.h,v 1.1 2009-10-14 15:04:01 franklahm Exp $ Copyright (c) 2009 Frank Lahm This program is free software; you can redistribute it and/or modify @@ -20,15 +19,14 @@ #include "config.h" #endif /* HAVE_CONFIG_H */ -#ifdef HAVE_NFSv4_ACLS +#ifdef HAVE_SOLARIS_ACLS #include -#endif /* HAVE_NFSv4_ACLS */ +#endif /* HAVE_SOLARIS_ACLS */ -/* Solaris NFSv4 ACL stuff */ -#ifdef HAVE_NFSv4_ACLS +#ifdef HAVE_SOLARIS_ACLS extern int get_nfsv4_acl(const char *name, ace_t **retAces); -extern int remove_acl(const char *name); -#endif /* HAVE_NFSv4_ACLS */ +#endif /* HAVE_SOLARIS_ACLS */ +extern int remove_acl_vfs(const char *name); #endif /* ATALK_ACL_H */ diff --git a/include/atalk/ea.h b/include/atalk/ea.h index 00d987de..c0165a1a 100644 --- a/include/atalk/ea.h +++ b/include/atalk/ea.h @@ -20,7 +20,7 @@ #include #endif -#ifdef HAVE_NFSv4_ACLS +#ifdef HAVE_SOLARIS_ACLS #include #endif diff --git a/include/atalk/ldapconfig.h b/include/atalk/ldapconfig.h index 2fb2ca29..70f9f628 100644 --- a/include/atalk/ldapconfig.h +++ b/include/atalk/ldapconfig.h @@ -1,4 +1,4 @@ -#ifdef HAVE_NFSv4_ACLS +#ifdef HAVE_ACLS #ifndef LDAPCONFIG_H #define LDAPCONFIG_H @@ -37,6 +37,6 @@ extern struct ldap_pref ldap_prefs[]; extern struct pref_array prefs_array[]; extern int ldap_config_valid; -#endif +#endif /* LDAPCONFIG_H */ -#endif +#endif /* HAVE_ACLS */ diff --git a/libatalk/Makefile.am b/libatalk/Makefile.am index 3ce5c240..e51940e3 100644 --- a/libatalk/Makefile.am +++ b/libatalk/Makefile.am @@ -1,7 +1,7 @@ # Makefile.am for libatalk/ -SUBDIRS = acl adouble asp atp bstring compat cnid dsi nbp netddp tdb util unicode vfs +SUBDIRS = adouble asp atp bstring compat cnid dsi nbp netddp tdb util unicode vfs lib_LTLIBRARIES = libatalk.la @@ -19,7 +19,7 @@ libatalk_la_LIBADD = \ util/libutil.la \ tdb/libtdb.la \ unicode/libunicode.la \ - vfs/libvfs.la @LIBATALK_ACLS@ + vfs/libvfs.la libatalk_la_DEPENDENCIES = \ adouble/libadouble.la \ @@ -33,7 +33,13 @@ libatalk_la_DEPENDENCIES = \ util/libutil.la \ tdb/libtdb.la \ unicode/libunicode.la \ - vfs/libvfs.la @LIBATALK_ACLS@ + vfs/libvfs.la + +if HAVE_ACLS +SUBDIRS += acl +libatalk_la_DEPENDENCIES += acl/libacl.la +libatalk_la_LIBADD += acl/libacl.la +endif libatalk_la_LDFLAGS = -static diff --git a/libatalk/acl/Makefile.am b/libatalk/acl/Makefile.am index 9e9e63ad..d9c81990 100644 --- a/libatalk/acl/Makefile.am +++ b/libatalk/acl/Makefile.am @@ -2,8 +2,7 @@ noinst_HEADERS = aclldap.h cache.h -if USE_NFSv4_ACLS - +if HAVE_ACLS noinst_LTLIBRARIES = libacl.la libacl_la_SOURCES = \ ldap.c \ @@ -11,6 +10,5 @@ libacl_la_SOURCES = \ cache.c \ ldap_config.c libacl_la_LDFLAGS = -lldap - endif diff --git a/libatalk/acl/ldap_config.c b/libatalk/acl/ldap_config.c index c302751b..b7c160c1 100644 --- a/libatalk/acl/ldap_config.c +++ b/libatalk/acl/ldap_config.c @@ -17,7 +17,7 @@ #include "config.h" #endif /* HAVE_CONFIG_H */ -#ifdef HAVE_NFSv4_ACLS +#ifdef HAVE_ACLS #include #include @@ -145,4 +145,4 @@ int acl_ldap_readconfig(char *name) fclose(f); return 0; } -#endif +#endif /* HAVE_ACLS */ diff --git a/libatalk/vfs/Makefile.am b/libatalk/vfs/Makefile.am index d48caa31..9b8d1437 100644 --- a/libatalk/vfs/Makefile.am +++ b/libatalk/vfs/Makefile.am @@ -1,10 +1,9 @@ - -# Makefile.am for libatalk/adouble/ +# Makefile.am for libatalk/vfs/ noinst_LTLIBRARIES = libvfs.la libvfs_la_SOURCES = vfs.c unix.c ea.c sys_ea.c ea_sys.c -if USE_NFSv4_ACLS +if HAVE_ACLS libvfs_la_SOURCES += acl.c endif diff --git a/libatalk/vfs/acl.c b/libatalk/vfs/acl.c index d1973594..8bc84ba8 100644 --- a/libatalk/vfs/acl.c +++ b/libatalk/vfs/acl.c @@ -1,6 +1,6 @@ /* - $Id: acl.c,v 1.2 2009-11-26 18:17:12 franklahm Exp $ Copyright (c) 2009 Frank Lahm + Copyright (c) 2010 Frank Lahm This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -21,12 +21,17 @@ #include #include #include + +#ifdef HAVE_SOLARIS_ACLS #include +#endif #include #include #include +#ifdef HAVE_SOLARIS_ACLS + /* Get ACL. Allocates storage as needed. Caller must free. * Returns no of ACEs or -1 on error. */ int get_nfsv4_acl(const char *name, ace_t **retAces) @@ -60,7 +65,7 @@ int get_nfsv4_acl(const char *name, ace_t **retAces) } /* Removes all non-trivial ACLs from object. Returns full AFPERR code. */ -int remove_acl(const char *name) +int remove_acl_vfs(const char *name) { int ret,i, ace_count, trivial_aces, new_aces_count; ace_t *old_aces = NULL; @@ -112,3 +117,12 @@ exit: LOG(log_debug9, logtype_afpd, "remove_acl: END"); return ret; } + +#endif /* HAVE_SOLARIS_ACLS */ + +#ifdef HAVE_POSIX_ACLS +int remove_acl_vfs(const char *name) +{ + return AFP_OK; +} +#endif /* HAVE_POSIX_ACLS */ diff --git a/libatalk/vfs/vfs.c b/libatalk/vfs/vfs.c index dadedc5b..181b8373 100644 --- a/libatalk/vfs/vfs.c +++ b/libatalk/vfs/vfs.c @@ -320,7 +320,7 @@ static int RF_renamefile_adouble(VFS_FUNC_ARGS_RENAMEFILE) return 0; } -#ifdef HAVE_NFSv4_ACLS +#ifdef HAVE_SOLARIS_ACLS static int RF_solaris_acl(VFS_FUNC_ARGS_ACL) { static char buf[ MAXPATHLEN + 1]; @@ -977,7 +977,7 @@ static struct vfs_ops netatalk_ea_sys = { * Tertiary VFS modules for ACLs */ -#ifdef HAVE_NFSv4_ACLS +#ifdef HAVE_SOLARIS_ACLS static struct vfs_ops netatalk_solaris_acl_adouble = { /* validupath: */ NULL, /* rf_chown: */ NULL, @@ -1027,7 +1027,7 @@ void initvol_vfs(struct vol *vol) } /* ACLs */ -#ifdef HAVE_NFSv4_ACLS +#ifdef HAVE_SOLARIS_ACLS vol->vfs_modules[2] = &netatalk_solaris_acl_adouble; #endif } diff --git a/macros/summary.m4 b/macros/summary.m4 index 78ffb3ea..a14d22f5 100644 --- a/macros/summary.m4 +++ b/macros/summary.m4 @@ -61,7 +61,7 @@ dnl fi AC_MSG_RESULT([ dropbox kludge: $netatalk_cv_dropkludge]) AC_MSG_RESULT([ force volume uid/gid: $netatalk_cv_force_uidgid]) AC_MSG_RESULT([ Apple 2 boot support: $compile_a2boot]) - AC_MSG_RESULT([ ACL support: $neta_cv_nfsv4acl]) + AC_MSG_RESULT([ ACL support: $with_acl_support]) if test x"$use_pam_so" = x"yes" -a x"$netatalk_cv_install_pam" = x"no"; then AC_MSG_RESULT([]) AC_MSG_WARN([ PAM support was configured for your system, but the netatalk PAM configuration file]) -- 2.39.2