2 Copyright (c) 2008, 2009, 2010 Frank Lahm <franklahm@gmail.com>
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; either version 2 of the License, or
7 (at your option) any later version.
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
17 #endif /* HAVE_CONFIG_H */
26 #ifdef HAVE_SOLARIS_ACLS
29 #ifdef HAVE_POSIX_ACLS
31 #include <acl/libacl.h>
34 #include <atalk/errchk.h>
35 #include <atalk/adouble.h>
36 #include <atalk/vfs.h>
37 #include <atalk/afp.h>
38 #include <atalk/util.h>
39 #include <atalk/cnid.h>
40 #include <atalk/logger.h>
41 #include <atalk/uuid.h>
42 #include <atalk/acl.h>
43 #include <atalk/bstrlib.h>
44 #include <atalk/bstradd.h>
46 #include "directory.h"
52 #include "acl_mappings.h"
55 #define SOLARIS_2_DARWIN 1
56 #define DARWIN_2_SOLARIS 2
57 #define POSIX_DEFAULT_2_DARWIN 3
58 #define POSIX_ACCESS_2_DARWIN 4
59 #define DARWIN_2_POSIX_DEFAULT 5
60 #define DARWIN_2_POSIX_ACCESS 6
65 /********************************************************
67 ********************************************************/
69 #ifdef HAVE_SOLARIS_ACLS
72 * Compile access rights for a user to one file-system object
74 * This combines combines all access rights for a user to one fs-object and
75 * returns the result as a Darwin allowed rights ACE.
76 * This must honor trivial ACEs which are a mode_t mapping.
78 * @param path (r) path to filesystem object
79 * @param sb (r) struct stat of path
80 * @param pwd (r) struct passwd of user
81 * @param result (w) resulting Darwin allow ACE
83 * @returns 0 or -1 on error
85 static int solaris_acl_rights(const char *path,
86 const struct stat *sb,
87 const struct passwd *pwd,
91 int i, ace_count, checkgroup;
95 uint32_t rights, allowed_rights = 0, denied_rights = 0, darwin_rights;
97 /* Get ACL from file/dir */
98 EC_NEG1_LOG(ace_count = get_nfsv4_acl(path, &aces));
100 if (ace_count == 0) {
101 LOG(log_warning, logtype_afpd, "Zero ACEs from get_nfsv4_acl");
105 /* Now check requested rights */
107 do { /* Loop through ACEs */
109 flags = aces[i].a_flags;
110 type = aces[i].a_type;
111 rights = aces[i].a_access_mask;
113 if (flags & ACE_INHERIT_ONLY_ACE)
116 /* Now the tricky part: decide if ACE effects our user. I'll explain:
117 if its a dedicated (non trivial) ACE for the user
119 if its a ACE for a group we're member of
121 if its a trivial ACE_OWNER ACE and requested UUID is the owner
123 if its a trivial ACE_GROUP ACE and requested UUID is group
125 if its a trivial ACE_EVERYONE ACE
128 if (((who == pwd->pw_uid) && !(flags & (ACE_TRIVIAL|ACE_IDENTIFIER_GROUP)))
130 ((flags & ACE_IDENTIFIER_GROUP) && !(flags & ACE_GROUP) && gmem(who))
132 ((flags & ACE_OWNER) && (pwd->pw_uid == sb->st_uid))
134 ((flags & ACE_GROUP) && gmem(sb->st_gid))
136 (flags & ACE_EVERYONE)
138 /* Found an applicable ACE */
139 if (type == ACE_ACCESS_ALLOWED_ACE_TYPE)
140 allowed_rights |= rights;
141 else if (type == ACE_ACCESS_DENIED_ACE_TYPE)
142 /* Only or to denied rights if not previously allowed !! */
143 denied_rights |= ((!allowed_rights) & rights);
145 } while (++i < ace_count);
148 /* Darwin likes to ask for "delete_child" on dir,
149 "write_data" is actually the same, so we add that for dirs */
150 if (S_ISDIR(sb->st_mode) && (allowed_rights & ACE_WRITE_DATA))
151 allowed_rights |= ACE_DELETE_CHILD;
153 /* Remove denied from allowed rights */
154 allowed_rights &= ~denied_rights;
158 for (i=0; nfsv4_to_darwin_rights[i].from != 0; i++) {
159 if (allowed_rights & nfsv4_to_darwin_rights[i].from)
160 darwin_rights |= nfsv4_to_darwin_rights[i].to;
163 *result |= darwin_rights;
166 if (aces) free(aces);
172 Maps ACE array from Solaris to Darwin. Darwin ACEs are stored in network byte order.
173 Return numer of mapped ACEs or -1 on error.
174 All errors while mapping (e.g. getting UUIDs from LDAP) are fatal.
176 static int map_aces_solaris_to_darwin(const ace_t *aces,
177 darwin_ace_t *darwin_aces,
184 struct passwd *pwd = NULL;
185 struct group *grp = NULL;
187 LOG(log_maxdebug, logtype_afpd, "map_aces_solaris_to_darwin: parsing %d ACES", ace_count);
190 LOG(log_maxdebug, logtype_afpd, "ACE No. %d", ace_count + 1);
191 /* if its a ACE resulting from nfsv4 mode mapping, discard it */
192 if (aces->a_flags & (ACE_OWNER | ACE_GROUP | ACE_EVERYONE)) {
193 LOG(log_debug, logtype_afpd, "trivial ACE");
198 if ( ! (aces->a_flags & ACE_IDENTIFIER_GROUP) ) { /* user ace */
199 LOG(log_debug, logtype_afpd, "uid: %d", aces->a_who);
200 EC_NULL_LOG(pwd = getpwuid(aces->a_who));
201 LOG(log_debug, logtype_afpd, "uid: %d -> name: %s", aces->a_who, pwd->pw_name);
202 EC_ZERO_LOG(getuuidfromname(pwd->pw_name,
204 darwin_aces->darwin_ace_uuid));
205 } else { /* group ace */
206 LOG(log_debug, logtype_afpd, "gid: %d", aces->a_who);
207 EC_NULL_LOG(grp = getgrgid(aces->a_who));
208 LOG(log_debug, logtype_afpd, "gid: %d -> name: %s", aces->a_who, grp->gr_name);
209 EC_ZERO_LOG(getuuidfromname(grp->gr_name,
211 darwin_aces->darwin_ace_uuid));
215 if (aces->a_type == ACE_ACCESS_ALLOWED_ACE_TYPE)
216 flags = DARWIN_ACE_FLAGS_PERMIT;
217 else if (aces->a_type == ACE_ACCESS_DENIED_ACE_TYPE)
218 flags = DARWIN_ACE_FLAGS_DENY;
219 else { /* unsupported type */
223 for(i=0; nfsv4_to_darwin_flags[i].from != 0; i++) {
224 if (aces->a_flags & nfsv4_to_darwin_flags[i].from)
225 flags |= nfsv4_to_darwin_flags[i].to;
227 darwin_aces->darwin_ace_flags = htonl(flags);
231 for (i=0; nfsv4_to_darwin_rights[i].from != 0; i++) {
232 if (aces->a_access_mask & nfsv4_to_darwin_rights[i].from)
233 rights |= nfsv4_to_darwin_rights[i].to;
235 darwin_aces->darwin_ace_rights = htonl(rights);
248 Maps ACE array from Darwin to Solaris. Darwin ACEs are expected in network byte order.
249 Return numer of mapped ACEs or -1 on error.
250 All errors while mapping (e.g. getting UUIDs from LDAP) are fatal.
252 static int map_aces_darwin_to_solaris(darwin_ace_t *darwin_aces,
257 int i, mapped_aces = 0;
258 uint32_t darwin_ace_flags;
259 uint32_t darwin_ace_rights;
260 uint16_t nfsv4_ace_flags;
261 uint32_t nfsv4_ace_rights;
269 nfsv4_ace_rights = 0;
272 EC_ZERO(getnamefromuuid(darwin_aces->darwin_ace_uuid, &name, &uuidtype));
280 EC_NULL_LOG(pwd = getpwnam(name));
281 nfsv4_aces->a_who = pwd->pw_uid;
284 EC_NULL_LOG(grp = getgrnam(name));
285 nfsv4_aces->a_who = (uid_t)(grp->gr_gid);
286 nfsv4_ace_flags |= ACE_IDENTIFIER_GROUP;
292 /* now type: allow/deny */
293 darwin_ace_flags = ntohl(darwin_aces->darwin_ace_flags);
294 if (darwin_ace_flags & DARWIN_ACE_FLAGS_PERMIT)
295 nfsv4_aces->a_type = ACE_ACCESS_ALLOWED_ACE_TYPE;
296 else if (darwin_ace_flags & DARWIN_ACE_FLAGS_DENY)
297 nfsv4_aces->a_type = ACE_ACCESS_DENIED_ACE_TYPE;
298 else { /* unsupported type */
303 for(i=0; darwin_to_nfsv4_flags[i].from != 0; i++) {
304 if (darwin_ace_flags & darwin_to_nfsv4_flags[i].from)
305 nfsv4_ace_flags |= darwin_to_nfsv4_flags[i].to;
309 darwin_ace_rights = ntohl(darwin_aces->darwin_ace_rights);
310 for (i=0; darwin_to_nfsv4_rights[i].from != 0; i++) {
311 if (darwin_ace_rights & darwin_to_nfsv4_rights[i].from)
312 nfsv4_ace_rights |= darwin_to_nfsv4_rights[i].to;
315 LOG(log_debug9, logtype_afpd, "map_aces_darwin_to_solaris: ACE flags: Darwin:%08x -> NFSv4:%04x", darwin_ace_flags, nfsv4_ace_flags);
316 LOG(log_debug9, logtype_afpd, "map_aces_darwin_to_solaris: ACE rights: Darwin:%08x -> NFSv4:%08x", darwin_ace_rights, nfsv4_ace_rights);
318 nfsv4_aces->a_flags = nfsv4_ace_flags;
319 nfsv4_aces->a_access_mask = nfsv4_ace_rights;
332 #endif /* HAVE_SOLARIS_ACLS */
334 /********************************************************
336 ********************************************************/
338 #ifdef HAVE_POSIX_ACLS
340 static uint32_t posix_permset_to_darwin_rights(acl_entry_t e, int is_dir)
344 acl_permset_t permset;
346 EC_ZERO_LOG(acl_get_permset(e, &permset));
348 if (acl_get_perm(permset, ACL_READ))
349 rights = DARWIN_ACE_READ_DATA
350 | DARWIN_ACE_READ_EXTATTRIBUTES
351 | DARWIN_ACE_READ_ATTRIBUTES
352 | DARWIN_ACE_READ_SECURITY;
353 if (acl_get_perm(permset, ACL_WRITE)) {
354 rights |= DARWIN_ACE_WRITE_DATA
355 | DARWIN_ACE_APPEND_DATA
356 | DARWIN_ACE_WRITE_EXTATTRIBUTES
357 | DARWIN_ACE_WRITE_ATTRIBUTES;
359 rights |= DARWIN_ACE_DELETE_CHILD;
361 if (acl_get_perm(permset, ACL_EXECUTE))
362 rights |= DARWIN_ACE_EXECUTE;
365 LOG(log_maxdebug, logtype_afpd, "mapped rights: 0x%08x", rights);
370 * Compile access rights for a user to one file-system object
372 * This combines combines all access rights for a user to one fs-object and
373 * returns the result as a Darwin allowed rights ACE.
374 * This must honor trivial ACEs which are a mode_t mapping.
376 * @param path (r) path to filesystem object
377 * @param sb (r) struct stat of path
378 * @param pwd (r) struct passwd of user
379 * @param result (w) resulting Darwin allow ACE
381 * @returns 0 or -1 on error
383 static int posix_acl_rights(const char *path,
384 const struct stat *sb,
385 const struct passwd *pwd,
389 int entry_id = ACL_FIRST_ENTRY;
390 uint32_t rights = 0, maskrights = 0;
397 EC_NULL_LOG(acl = acl_get_file(path, ACL_TYPE_ACCESS));
399 /* itereate through all ACEs to get the mask */
400 while (acl_get_entry(acl, entry_id, &e) == 1) {
401 entry_id = ACL_NEXT_ENTRY;
404 maskrights = posix_permset_to_darwin_rights(e, S_ISDIR(sb->st_mode));
411 /* itereate through all ACEs */
412 entry_id = ACL_FIRST_ENTRY;
413 while (acl_get_entry(acl, entry_id, &e) == 1) {
414 entry_id = ACL_NEXT_ENTRY;
415 EC_ZERO_LOG(acl_get_tag_type(e, &tag));
418 EC_NULL_LOG(uid = (uid_t *)acl_get_qualifier(e));
419 if (*uid == pwd->pw_uid)
420 rights |= posix_permset_to_darwin_rights(e, S_ISDIR(sb->st_mode));
425 if (sb->st_uid == pwd->pw_uid)
426 rights |= posix_permset_to_darwin_rights(e, S_ISDIR(sb->st_mode));
429 EC_NULL_LOG(gid = (gid_t *)acl_get_qualifier(e));
431 rights |= (posix_permset_to_darwin_rights(e, S_ISDIR(sb->st_mode)) & maskrights);
436 if (gmem(sb->st_gid))
437 rights |= posix_permset_to_darwin_rights(e, S_ISDIR(sb->st_mode));
439 rights |= posix_permset_to_darwin_rights(e, S_ISDIR(sb->st_mode));
450 if (acl) acl_free(acl);
451 if (uid) acl_free(uid);
452 if (gid) acl_free(gid);
457 * Add entries of one acl to another acl
459 * @param aclp (rw) destination acl where new aces will be added
460 * @param acl (r) source acl where aces will be copied from
462 * @returns 0 on success, -1 on error
464 static int acl_add_acl(acl_t *aclp, const acl_t acl)
470 for (id = ACL_FIRST_ENTRY; acl_get_entry(acl, id, &se) == 1; id = ACL_NEXT_ENTRY) {
471 EC_ZERO_LOG_ERR(acl_create_entry(aclp, &de), AFPERR_MISC);
472 EC_ZERO_LOG_ERR(acl_copy_entry(de, se), AFPERR_MISC);
480 * Map Darwin ACE rights to POSIX 1e perm
482 * We can only map few rights:
483 * DARWIN_ACE_READ_DATA -> ACL_READ
484 * DARWIN_ACE_WRITE_DATA -> ACL_WRITE
485 * DARWIN_ACE_DELETE_CHILD & (is_dir == 1) -> ACL_WRITE
486 * DARWIN_ACE_EXECUTE -> ACL_EXECUTE
488 * @param entry (rw) result of the mapping
489 * @param is_dir (r) 1 for dirs, 0 for files
491 * @returns mapping result as acl_perm_t, -1 on error
493 static acl_perm_t map_darwin_right_to_posix_permset(uint32_t darwin_ace_rights, int is_dir)
497 if (darwin_ace_rights & DARWIN_ACE_READ_DATA)
500 if (darwin_ace_rights & (DARWIN_ACE_WRITE_DATA | (DARWIN_ACE_DELETE_CHILD & is_dir)))
503 if (darwin_ace_rights & DARWIN_ACE_EXECUTE)
510 * Add a ACL_USER or ACL_GROUP permission to an ACL, extending existing ACEs
512 * Add a permission of "type" for user or group "id" to an ACL. Scan the ACL
513 * for existing permissions for this type/id, if there is one add the perm,
514 * otherwise create a new ACL entry.
515 * perm can be or'ed ACL_READ, ACL_WRITE and ACL_EXECUTE.
517 * @param aclp (rw) pointer to ACL
518 * @param type (r) acl_tag_t of ACL_USER or ACL_GROUP
519 * @param id (r) uid_t uid for ACL_USER, or gid casted to uid_t for ACL_GROUP
520 * @param perm (r) acl_perm_t permissions to add
522 * @returns 0 on success, -1 on failure
524 static int posix_acl_add_perm(acl_t *aclp, acl_tag_t type, uid_t id, acl_perm_t perm)
530 int entry_id = ACL_FIRST_ENTRY;
531 acl_permset_t permset;
534 for ( ; (! found) && acl_get_entry(*aclp, entry_id, &e) == 1; entry_id = ACL_NEXT_ENTRY) {
535 EC_ZERO_LOG(acl_get_tag_type(e, &tag));
536 if (tag != ACL_USER && tag != ACL_GROUP)
538 EC_NULL_LOG(eid = (uid_t *)acl_get_qualifier(e));
539 if ((*eid == id) && (type == tag)) {
540 /* found an ACE for this type/id */
542 EC_ZERO_LOG(acl_get_permset(e, &permset));
543 EC_ZERO_LOG(acl_add_perm(permset, perm));
551 /* there was no existing ACE for this type/id */
552 EC_ZERO_LOG(acl_create_entry(aclp, &e));
553 EC_ZERO_LOG(acl_set_tag_type(e, type));
554 EC_ZERO_LOG(acl_set_qualifier(e, &id));
555 EC_ZERO_LOG(acl_get_permset(e, &permset));
556 EC_ZERO_LOG(acl_clear_perms(permset));
557 EC_ZERO_LOG(acl_add_perm(permset, perm));
558 EC_ZERO_LOG(acl_set_permset(e, permset));
562 if (eid) acl_free(eid);
568 * Map Darwin ACL to POSIX ACL.
570 * aclp must point to a acl_init'ed acl_t or an acl_t that can eg contain default ACEs.
571 * Mapping pecularities:
572 * - we create a default ace (which inherits to files and dirs) if either
573 DARWIN_ACE_FLAGS_FILE_INHERIT or DARWIN_ACE_FLAGS_DIRECTORY_INHERIT is requested
574 * - we throw away DARWIN_ACE_FLAGS_LIMIT_INHERIT (can't be mapped), thus the ACL will
577 * @param darwin_aces (r) pointer to darwin_aces buffer
578 * @param def_aclp (rw) directories: pointer to an initialized acl_t with the default acl
579 * files: *def_aclp will be NULL
580 * @param acc_aclp (rw) pointer to an initialized acl_t with the access acl
581 * @param ace_count (r) number of ACEs in darwin_aces buffer
583 * @returns 0 on success storing the result in aclp, -1 on error.
585 static int map_aces_darwin_to_posix(const darwin_ace_t *darwin_aces,
596 uint32_t darwin_ace_flags, darwin_ace_rights;
600 for ( ; ace_count != 0; ace_count--, darwin_aces++) {
601 /* type: allow/deny, posix only has allow */
602 darwin_ace_flags = ntohl(darwin_aces->darwin_ace_flags);
603 if ( ! (darwin_ace_flags & DARWIN_ACE_FLAGS_PERMIT))
606 darwin_ace_rights = ntohl(darwin_aces->darwin_ace_rights);
607 perm = map_darwin_right_to_posix_permset(darwin_ace_rights, (*def_aclp != NULL));
609 continue; /* dont add empty perm */
611 LOG(log_debug, logtype_afpd, "map_ace: no: %u, flags: %08x, darwin: %08x, posix: %02x",
612 ace_count, darwin_ace_flags, darwin_ace_rights, perm);
615 EC_ZERO_LOG(getnamefromuuid(darwin_aces->darwin_ace_uuid, &name, &uuidtype));
622 EC_NULL_LOG(pwd = getpwnam(name));
625 LOG(log_debug, logtype_afpd, "map_ace: name: %s, uid: %u", name, id);
628 EC_NULL_LOG(grp = getgrnam(name));
630 id = (uid_t)(grp->gr_gid);
631 LOG(log_debug, logtype_afpd, "map_ace: name: %s, gid: %u", name, id);
637 if (darwin_ace_flags & DARWIN_ACE_INHERIT_CONTROL_FLAGS) {
638 if (*def_aclp == NULL) {
639 /* ace request inheritane but we haven't got a default acl pointer */
640 LOG(log_warning, logtype_afpd, "map_acl: unexpected ACE, flags: 0x%04x",
644 /* add it as default ace */
645 EC_ZERO_LOG(posix_acl_add_perm(def_aclp, tag, id, perm));
648 if (! (darwin_ace_flags & DARWIN_ACE_FLAGS_ONLY_INHERIT))
649 /* if it not a "inherit only" ace, it must be added as access aces too */
650 EC_ZERO_LOG(posix_acl_add_perm(acc_aclp, tag, id, perm));
652 EC_ZERO_LOG(posix_acl_add_perm(acc_aclp, tag, id, perm));
664 * Map ACEs from POSIX to Darwin.
665 * type is either POSIX_DEFAULT_2_DARWIN or POSIX_ACCESS_2_DARWIN, cf. acl_get_file.
666 * Return number of mapped ACES, -1 on error.
668 static int map_acl_posix_to_darwin(int type, const acl_t acl, darwin_ace_t *darwin_aces)
672 int entry_id = ACL_FIRST_ENTRY;
677 struct passwd *pwd = NULL;
678 struct group *grp = NULL;
680 uint32_t rights, maskrights = 0;
681 darwin_ace_t *saved_darwin_aces = darwin_aces;
683 LOG(log_maxdebug, logtype_afpd, "map_aces_posix_to_darwin(%s)",
684 (type & MAP_MASK) == POSIX_DEFAULT_2_DARWIN ?
685 "POSIX_DEFAULT_2_DARWIN" : "POSIX_ACCESS_2_DARWIN");
687 /* itereate through all ACEs */
688 while (acl_get_entry(acl, entry_id, &e) == 1) {
689 entry_id = ACL_NEXT_ENTRY;
692 EC_ZERO_LOG(acl_get_tag_type(e, &tag));
694 /* we return user and group ACE */
697 EC_NULL_LOG(uid = (uid_t *)acl_get_qualifier(e));
698 EC_NULL_LOG(pwd = getpwuid(*uid));
699 LOG(log_debug, logtype_afpd, "map_aces_posix_to_darwin: uid: %d -> name: %s",
701 EC_ZERO_LOG(getuuidfromname(pwd->pw_name, UUID_USER, darwin_aces->darwin_ace_uuid));
707 EC_NULL_LOG(gid = (gid_t *)acl_get_qualifier(e));
708 EC_NULL_LOG(grp = getgrgid(*gid));
709 LOG(log_debug, logtype_afpd, "map_aces_posix_to_darwin: gid: %d -> name: %s",
711 EC_ZERO_LOG(getuuidfromname(grp->gr_name, UUID_GROUP, darwin_aces->darwin_ace_uuid));
717 maskrights = posix_permset_to_darwin_rights(e, type & IS_DIR);
725 flags = DARWIN_ACE_FLAGS_PERMIT;
726 if ((type & MAP_MASK) == POSIX_DEFAULT_2_DARWIN)
727 flags |= DARWIN_ACE_FLAGS_FILE_INHERIT
728 | DARWIN_ACE_FLAGS_DIRECTORY_INHERIT
729 | DARWIN_ACE_FLAGS_ONLY_INHERIT;
730 darwin_aces->darwin_ace_flags = htonl(flags);
733 rights = posix_permset_to_darwin_rights(e, type & IS_DIR);
734 darwin_aces->darwin_ace_rights = htonl(rights);
740 /* Loop through the mapped ACE buffer once again, applying the mask */
741 for (int i = mapped_aces; i > 0; i--) {
742 saved_darwin_aces->darwin_ace_rights &= htonl(maskrights);
746 EC_STATUS(mapped_aces);
749 if (uid) acl_free(uid);
750 if (gid) acl_free(gid);
756 * Multiplex ACL mapping (SOLARIS_2_DARWIN, DARWIN_2_SOLARIS, POSIX_2_DARWIN, DARWIN_2_POSIX).
757 * Reads from 'aces' buffer, writes to 'rbuf' buffer.
758 * Caller must provide buffer.
759 * Darwin ACEs are read and written in network byte order.
760 * Needs to know how many ACEs are in the ACL (ace_count) for Solaris ACLs.
761 * Ignores trivial ACEs.
762 * Return no of mapped ACEs or -1 on error.
764 static int map_acl(int type, void *acl, darwin_ace_t *buf, int ace_count)
768 LOG(log_debug9, logtype_afpd, "map_acl: BEGIN");
770 switch (type & MAP_MASK) {
772 #ifdef HAVE_SOLARIS_ACLS
773 case SOLARIS_2_DARWIN:
774 mapped_aces = map_aces_solaris_to_darwin( acl, buf, ace_count);
777 case DARWIN_2_SOLARIS:
778 mapped_aces = map_aces_darwin_to_solaris( buf, acl, ace_count);
780 #endif /* HAVE_SOLARIS_ACLS */
782 #ifdef HAVE_POSIX_ACLS
783 case POSIX_DEFAULT_2_DARWIN:
784 mapped_aces = map_acl_posix_to_darwin(type, (const acl_t)acl, buf);
787 case POSIX_ACCESS_2_DARWIN:
788 mapped_aces = map_acl_posix_to_darwin(type, (const acl_t)acl, buf);
791 case DARWIN_2_POSIX_DEFAULT:
794 case DARWIN_2_POSIX_ACCESS:
796 #endif /* HAVE_POSIX_ACLS */
803 LOG(log_debug9, logtype_afpd, "map_acl: END");
807 /* Get ACL from object omitting trivial ACEs. Map to Darwin ACL style and
808 store Darwin ACL at rbuf. Add length of ACL written to rbuf to *rbuflen.
809 Returns 0 on success, -1 on error. */
810 static int get_and_map_acl(char *name, char *rbuf, size_t *rbuflen)
815 uint32_t *darwin_ace_count = (u_int32_t *)rbuf;
816 #ifdef HAVE_SOLARIS_ACLS
820 #ifdef HAVE_POSIX_ACLS
823 LOG(log_debug9, logtype_afpd, "get_and_map_acl: BEGIN");
825 /* Skip length and flags */
830 #ifdef HAVE_SOLARIS_ACLS
831 EC_NEG1(ace_count = get_nfsv4_acl(name, &aces));
832 EC_NEG1(mapped_aces = map_acl(SOLARIS_2_DARWIN, aces, (darwin_ace_t *)rbuf, ace_count));
833 #endif /* HAVE_SOLARIS_ACLS */
835 #ifdef HAVE_POSIX_ACLS
836 acl_t defacl = NULL , accacl = NULL;
838 /* stat to check if its a dir */
839 EC_ZERO_LOG(lstat(name, &st));
841 /* if its a dir, check for default acl too */
843 if (S_ISDIR(st.st_mode)) {
845 EC_NULL_LOG(defacl = acl_get_file(name, ACL_TYPE_DEFAULT));
846 EC_NEG1(mapped_aces = map_acl(POSIX_DEFAULT_2_DARWIN | dirflag,
848 (darwin_ace_t *)rbuf,
852 EC_NULL_LOG(accacl = acl_get_file(name, ACL_TYPE_ACCESS));
855 EC_NEG1(tmp = map_acl(POSIX_ACCESS_2_DARWIN | dirflag,
857 (darwin_ace_t *)(rbuf + mapped_aces * sizeof(darwin_ace_t)),
860 #endif /* HAVE_POSIX_ACLS */
862 LOG(log_debug, logtype_afpd, "get_and_map_acl: mapped %d ACEs", mapped_aces);
864 *darwin_ace_count = htonl(mapped_aces);
865 *rbuflen += sizeof(darwin_acl_header_t) + (mapped_aces * sizeof(darwin_ace_t));
870 #ifdef HAVE_SOLARIS_ACLS
871 if (aces) free(aces);
873 #ifdef HAVE_POSIX_ACLS
874 if (defacl) acl_free(defacl);
875 if (accacl) acl_free(accacl);
876 #endif /* HAVE_POSIX_ACLS */
878 LOG(log_debug9, logtype_afpd, "get_and_map_acl: END");
883 /* Removes all non-trivial ACLs from object. Returns full AFPERR code. */
884 static int remove_acl(const struct vol *vol,const char *path, int dir)
888 #if (defined HAVE_SOLARIS_ACLS || defined HAVE_POSIX_ACLS)
889 /* Ressource etc. first */
890 if ((ret = vol->vfs->vfs_remove_acl(vol, path, dir)) != AFP_OK)
892 /* now the data fork or dir */
893 ret = remove_acl_vfs(path);
900 - the client sends a complete list of ACEs, not only new ones. So we dont need to do
901 any combination business (one exception being 'kFileSec_Inherit': see next)
902 - client might request that we add inherited ACEs via 'kFileSec_Inherit'.
903 We will store inherited ACEs first, which is Darwins canonical order.
904 - returns AFPerror code
906 #ifdef HAVE_SOLARIS_ACLS
907 static int set_acl(const struct vol *vol,
914 int i, nfsv4_ace_count;
915 int tocopy_aces_count = 0, new_aces_count = 0, trivial_ace_count = 0;
916 ace_t *old_aces, *new_aces = NULL;
919 LOG(log_debug9, logtype_afpd, "set_acl: BEGIN");
922 /* inherited + trivial ACEs */
923 flags = ACE_INHERITED_ACE | ACE_OWNER | ACE_GROUP | ACE_EVERYONE;
925 /* only trivial ACEs */
926 flags = ACE_OWNER | ACE_GROUP | ACE_EVERYONE;
928 /* Get existing ACL and count ACEs which have to be copied */
929 if ((nfsv4_ace_count = get_nfsv4_acl(name, &old_aces)) == -1)
931 for ( i=0; i < nfsv4_ace_count; i++) {
932 if (old_aces[i].a_flags & flags)
936 /* Now malloc buffer exactly sized to fit all new ACEs */
937 if ((new_aces = malloc((ace_count + tocopy_aces_count) * sizeof(ace_t))) == NULL) {
938 LOG(log_error, logtype_afpd, "set_acl: malloc %s", strerror(errno));
939 EC_STATUS(AFPERR_MISC);
943 /* Start building new ACL */
945 /* Copy local inherited ACEs. Therefore we have 'Darwin canonical order' (see chmod there):
946 inherited ACEs first. */
948 for (i=0; i < nfsv4_ace_count; i++) {
949 if (old_aces[i].a_flags & ACE_INHERITED_ACE) {
950 memcpy(&new_aces[new_aces_count], &old_aces[i], sizeof(ace_t));
955 LOG(log_debug7, logtype_afpd, "set_acl: copied %d inherited ACEs", new_aces_count);
957 /* Now the ACEs from the client */
958 if ((ret = (map_acl(DARWIN_2_SOLARIS,
959 &new_aces[new_aces_count],
961 ace_count))) == -1) {
962 EC_STATUS(AFPERR_PARAM);
965 new_aces_count += ret;
966 LOG(log_debug7, logtype_afpd, "set_acl: mapped %d ACEs from client", ret);
968 /* Now copy the trivial ACEs */
969 for (i=0; i < nfsv4_ace_count; i++) {
970 if (old_aces[i].a_flags & (ACE_OWNER | ACE_GROUP | ACE_EVERYONE)) {
971 memcpy(&new_aces[new_aces_count], &old_aces[i], sizeof(ace_t));
976 LOG(log_debug7, logtype_afpd, "set_acl: copied %d trivial ACEs", trivial_ace_count);
978 /* Ressourcefork first.
979 Note: for dirs we set the same ACL on the .AppleDouble/.Parent _file_. This
980 might be strange for ACE_DELETE_CHILD and for inheritance flags. */
981 if ((ret = (vol->vfs->vfs_acl(vol, name, ACE_SETACL, new_aces_count, new_aces))) != 0) {
982 LOG(log_error, logtype_afpd, "set_acl: error setting acl: %s", strerror(errno));
983 if (errno == (EACCES | EPERM))
984 EC_STATUS(AFPERR_ACCESS);
985 else if (errno == ENOENT)
986 EC_STATUS(AFPERR_NOITEM);
988 EC_STATUS(AFPERR_MISC);
991 if ((ret = (acl(name, ACE_SETACL, new_aces_count, new_aces))) != 0) {
992 LOG(log_error, logtype_afpd, "set_acl: error setting acl: %s", strerror(errno));
993 if (errno == (EACCES | EPERM))
994 EC_STATUS(AFPERR_ACCESS);
995 else if (errno == ENOENT)
996 EC_STATUS(AFPERR_NOITEM);
998 EC_STATUS(AFPERR_MISC);
1005 if (old_aces) free(old_aces);
1006 if (new_aces) free(new_aces);
1008 LOG(log_debug9, logtype_afpd, "set_acl: END");
1011 #endif /* HAVE_SOLARIS_ACLS */
1013 #ifdef HAVE_POSIX_ACLS
1014 static int set_acl(const struct vol *vol,
1017 darwin_ace_t *daces,
1021 acl_t def_acl = NULL;
1022 acl_t acc_acl = NULL;
1024 LOG(log_maxdebug, logtype_afpd, "set_acl: BEGIN");
1027 EC_ZERO_LOG_ERR(lstat(name, &st), AFPERR_NOOBJ);
1029 /* seed default ACL with access ACL */
1030 if (S_ISDIR(st.st_mode))
1031 EC_NULL_LOG_ERR(def_acl = acl_get_file(name, ACL_TYPE_ACCESS), AFPERR_MISC);
1033 /* for files def_acl will be NULL */
1035 /* create access acl from mode */
1036 EC_NULL_LOG_ERR(acc_acl = acl_from_mode(st.st_mode), AFPERR_MISC);
1038 /* adds the clients aces */
1039 EC_ZERO_ERR(map_aces_darwin_to_posix(daces, &def_acl, &acc_acl, ace_count), AFPERR_MISC);
1041 /* calcuate ACL mask */
1042 EC_ZERO_LOG_ERR(acl_calc_mask(&acc_acl), AFPERR_MISC);
1045 EC_ZERO_LOG_ERR(acl_valid(acc_acl), AFPERR_MISC);
1048 EC_ZERO_LOG_ERR(acl_set_file(name, ACL_TYPE_ACCESS, acc_acl), AFPERR_MISC);
1049 EC_ZERO_LOG_ERR(vol->vfs->vfs_acl(vol, name, ACL_TYPE_ACCESS, 0, acc_acl), AFPERR_MISC);
1052 EC_ZERO_LOG_ERR(acl_set_file(name, ACL_TYPE_DEFAULT, def_acl), AFPERR_MISC);
1053 EC_ZERO_LOG_ERR(vol->vfs->vfs_acl(vol, name, ACL_TYPE_DEFAULT, 0, def_acl), AFPERR_MISC);
1060 LOG(log_maxdebug, logtype_afpd, "set_acl: END");
1063 #endif /* HAVE_POSIX_ACLS */
1066 * Checks if a given UUID has requested_rights(type darwin_ace_rights) for path.
1068 * Note: this gets called frequently and is a good place for optimizations !
1070 * @param vol (r) volume
1071 * @param dir (r) directory
1072 * @param path (r) path to filesystem object
1073 * @param uuid (r) UUID of user
1074 * @param requested_rights (r) requested Darwin ACE
1076 * @returns AFP result code
1078 static int check_acl_access(const struct vol *vol,
1079 const struct dir *dir,
1082 uint32_t requested_rights)
1085 uint32_t allowed_rights = 0;
1086 char *username = NULL;
1087 uuidtype_t uuidtype;
1090 bstring parent = NULL;
1092 LOG(log_maxdebug, logtype_afpd, "check_access: Request: 0x%08x", requested_rights);
1094 /* Get uid or gid from UUID */
1095 EC_ZERO_LOG_ERR(getnamefromuuid(uuid, &username, &uuidtype), AFPERR_PARAM);
1096 EC_ZERO_LOG_ERR(lstat(path, &st), AFPERR_PARAM);
1102 LOG(log_warning, logtype_afpd, "check_access: afp_access not supported for groups");
1103 EC_STATUS(AFPERR_MISC);
1107 LOG(log_warning, logtype_afpd, "check_access: local UUID");
1108 EC_STATUS(AFPERR_MISC);
1112 EC_NULL_LOG_ERR(pwd = getpwnam(username), AFPERR_MISC);
1114 #ifdef HAVE_SOLARIS_ACLS
1115 EC_ZERO_LOG(solaris_acl_rights(path, &st, pwd, &allowed_rights));
1117 #ifdef HAVE_POSIX_ACLS
1118 EC_ZERO_LOG(posix_acl_rights(path, &st, pwd, &allowed_rights));
1121 LOG(log_debug, logtype_afpd, "allowed rights: 0x%08x", allowed_rights);
1124 * The DARWIN_ACE_DELETE right might implicitly result from write acces to the parent
1125 * directory. As it seems the 10.6 AFP client is puzzled when this right is not
1126 * allowed where a delete would succeed because the parent dir gives write perms.
1127 * So we check the parent dir for write access and set the right accordingly.
1128 * Currentyl acl2ownermode calls us with dir = NULL, because it doesn't make sense
1129 * there to do this extra check -- afaict.
1131 if (vol && dir && (requested_rights & DARWIN_ACE_DELETE)) {
1133 uint32_t parent_rights = 0;
1135 if (dir->d_did == DIRDID_ROOT_PARENT) {
1136 /* use volume path */
1137 EC_NULL_LOG_ERR(parent = bfromcstr(vol->v_path), AFPERR_MISC);
1139 /* build path for parent */
1140 EC_NULL_LOG_ERR(parent = bstrcpy(dir->d_fullpath), AFPERR_MISC);
1141 EC_ZERO_LOG_ERR(bconchar(parent, '/'), AFPERR_MISC);
1142 EC_ZERO_LOG_ERR(bcatcstr(parent, path), AFPERR_MISC);
1143 EC_NEG1_LOG_ERR(i = bstrrchr(parent, '/'), AFPERR_MISC);
1144 EC_ZERO_LOG_ERR(binsertch(parent, i, 1, 0), AFPERR_MISC);
1147 LOG(log_debug, logtype_afpd,"parent: %s", cfrombstr(parent));
1148 EC_ZERO_LOG_ERR(lstat(cfrombstr(parent), &st), AFPERR_MISC);
1150 #ifdef HAVE_SOLARIS_ACLS
1151 EC_ZERO_LOG(solaris_acl_rights(cfrombstr(parent), &st, pwd, &parent_rights));
1153 #ifdef HAVE_POSIX_ACLS
1154 EC_ZERO_LOG(posix_acl_rights(path, &st, pwd, &allowed_rights));
1156 if (parent_rights & (DARWIN_ACE_WRITE_DATA | DARWIN_ACE_DELETE_CHILD))
1157 allowed_rights |= DARWIN_ACE_DELETE; /* man, that was a lot of work! */
1160 if ((requested_rights & allowed_rights) != requested_rights) {
1161 LOG(log_debug, logtype_afpd, "some requested right wasn't allowed: 0x%08x / 0x%08x",
1162 requested_rights, allowed_rights);
1163 EC_STATUS(AFPERR_ACCESS);
1165 LOG(log_debug, logtype_afpd, "all requested rights are allowed: 0x%08x",
1171 if (username) free(username);
1172 if (parent) bdestroy(parent);
1177 /********************************************************
1179 ********************************************************/
1181 int afp_access(AFPObj *obj, char *ibuf, size_t ibuflen _U_, char *rbuf _U_, size_t *rbuflen)
1186 uint32_t did, darwin_ace_rights;
1188 struct path *s_path;
1194 memcpy(&vid, ibuf, sizeof( vid ));
1195 ibuf += sizeof(vid);
1196 if (NULL == ( vol = getvolbyvid( vid ))) {
1197 LOG(log_error, logtype_afpd, "afp_access: error getting volid:%d", vid);
1198 return AFPERR_NOOBJ;
1201 memcpy(&did, ibuf, sizeof( did ));
1202 ibuf += sizeof( did );
1203 if (NULL == ( dir = dirlookup( vol, did ))) {
1204 LOG(log_error, logtype_afpd, "afp_access: error getting did:%d", did);
1211 /* Store UUID address */
1212 uuid = (uuidp_t)ibuf;
1213 ibuf += UUID_BINSIZE;
1215 /* Store ACE rights */
1216 memcpy(&darwin_ace_rights, ibuf, 4);
1217 darwin_ace_rights = ntohl(darwin_ace_rights);
1220 /* get full path and handle file/dir subtleties in netatalk code*/
1221 if (NULL == ( s_path = cname( vol, dir, &ibuf ))) {
1222 LOG(log_error, logtype_afpd, "afp_getacl: cname got an error!");
1223 return AFPERR_NOOBJ;
1225 if (!s_path->st_valid)
1226 of_statdir(vol, s_path);
1227 if ( s_path->st_errno != 0 ) {
1228 LOG(log_error, logtype_afpd, "afp_getacl: cant stat");
1229 return AFPERR_NOOBJ;
1232 ret = check_acl_access(vol, dir, s_path->u_name, uuid, darwin_ace_rights);
1237 int afp_getacl(AFPObj *obj, char *ibuf, size_t ibuflen _U_, char *rbuf _U_, size_t *rbuflen)
1243 uint16_t vid, bitmap;
1244 struct path *s_path;
1248 LOG(log_debug9, logtype_afpd, "afp_getacl: BEGIN");
1252 memcpy(&vid, ibuf, sizeof( vid ));
1253 ibuf += sizeof(vid);
1254 if (NULL == ( vol = getvolbyvid( vid ))) {
1255 LOG(log_error, logtype_afpd, "afp_getacl: error getting volid:%d", vid);
1256 return AFPERR_NOOBJ;
1259 memcpy(&did, ibuf, sizeof( did ));
1260 ibuf += sizeof( did );
1261 if (NULL == ( dir = dirlookup( vol, did ))) {
1262 LOG(log_error, logtype_afpd, "afp_getacl: error getting did:%d", did);
1266 memcpy(&bitmap, ibuf, sizeof( bitmap ));
1267 memcpy(rbuf, ibuf, sizeof( bitmap ));
1268 bitmap = ntohs( bitmap );
1269 ibuf += sizeof( bitmap );
1270 rbuf += sizeof( bitmap );
1271 *rbuflen += sizeof( bitmap );
1273 /* skip maxreplysize */
1276 /* get full path and handle file/dir subtleties in netatalk code*/
1277 if (NULL == ( s_path = cname( vol, dir, &ibuf ))) {
1278 LOG(log_error, logtype_afpd, "afp_getacl: cname got an error!");
1279 return AFPERR_NOOBJ;
1281 if (!s_path->st_valid)
1282 of_statdir(vol, s_path);
1283 if ( s_path->st_errno != 0 ) {
1284 LOG(log_error, logtype_afpd, "afp_getacl: cant stat");
1285 return AFPERR_NOOBJ;
1288 /* Shall we return owner UUID ? */
1289 if (bitmap & kFileSec_UUID) {
1290 LOG(log_debug, logtype_afpd, "afp_getacl: client requested files owner user UUID");
1291 if (NULL == (pw = getpwuid(s_path->st.st_uid)))
1293 LOG(log_debug, logtype_afpd, "afp_getacl: got uid: %d, name: %s", s_path->st.st_uid, pw->pw_name);
1294 if ((ret = getuuidfromname(pw->pw_name, UUID_USER, rbuf)) != 0)
1296 rbuf += UUID_BINSIZE;
1297 *rbuflen += UUID_BINSIZE;
1300 /* Shall we return group UUID ? */
1301 if (bitmap & kFileSec_GRPUUID) {
1302 LOG(log_debug, logtype_afpd, "afp_getacl: client requested files owner group UUID");
1303 if (NULL == (gr = getgrgid(s_path->st.st_gid)))
1305 LOG(log_debug, logtype_afpd, "afp_getacl: got gid: %d, name: %s", s_path->st.st_gid, gr->gr_name);
1306 if ((ret = getuuidfromname(gr->gr_name, UUID_GROUP, rbuf)) != 0)
1308 rbuf += UUID_BINSIZE;
1309 *rbuflen += UUID_BINSIZE;
1312 /* Shall we return ACL ? */
1313 if (bitmap & kFileSec_ACL) {
1314 LOG(log_debug, logtype_afpd, "afp_getacl: client requested files ACL");
1315 if (get_and_map_acl(s_path->u_name, rbuf, rbuflen) != 0) {
1316 LOG(log_error, logtype_afpd, "afp_getacl(\"%s/%s\"): mapping error",
1317 getcwdpath(), s_path->u_name);
1322 LOG(log_debug9, logtype_afpd, "afp_getacl: END");
1326 int afp_setacl(AFPObj *obj, char *ibuf, size_t ibuflen _U_, char *rbuf _U_, size_t *rbuflen)
1332 uint16_t vid, bitmap;
1333 struct path *s_path;
1335 LOG(log_debug9, logtype_afpd, "afp_setacl: BEGIN");
1339 memcpy(&vid, ibuf, sizeof( vid ));
1340 ibuf += sizeof(vid);
1341 if (NULL == ( vol = getvolbyvid( vid ))) {
1342 LOG(log_error, logtype_afpd, "afp_setacl: error getting volid:%d", vid);
1343 return AFPERR_NOOBJ;
1346 memcpy(&did, ibuf, sizeof( did ));
1347 ibuf += sizeof( did );
1348 if (NULL == ( dir = dirlookup( vol, did ))) {
1349 LOG(log_error, logtype_afpd, "afp_setacl: error getting did:%d", did);
1353 memcpy(&bitmap, ibuf, sizeof( bitmap ));
1354 bitmap = ntohs( bitmap );
1355 ibuf += sizeof( bitmap );
1357 /* get full path and handle file/dir subtleties in netatalk code*/
1358 if (NULL == ( s_path = cname( vol, dir, &ibuf ))) {
1359 LOG(log_error, logtype_afpd, "afp_setacl: cname got an error!");
1360 return AFPERR_NOOBJ;
1362 if (!s_path->st_valid)
1363 of_statdir(vol, s_path);
1364 if ( s_path->st_errno != 0 ) {
1365 LOG(log_error, logtype_afpd, "afp_setacl: cant stat");
1366 return AFPERR_NOOBJ;
1368 LOG(log_debug, logtype_afpd, "afp_setacl: unixname: %s", s_path->u_name);
1371 if ((unsigned long)ibuf & 1)
1374 /* Start processing request */
1376 /* Change owner: dont even try */
1377 if (bitmap & kFileSec_UUID) {
1378 LOG(log_note, logtype_afpd, "afp_setacl: change owner request, discarded");
1379 ret = AFPERR_ACCESS;
1380 ibuf += UUID_BINSIZE;
1383 /* Change group: certain changes might be allowed, so try it. FIXME: not implemented yet. */
1384 if (bitmap & kFileSec_UUID) {
1385 LOG(log_note, logtype_afpd, "afp_setacl: change group request, not supported");
1387 ibuf += UUID_BINSIZE;
1391 if (bitmap & kFileSec_REMOVEACL) {
1392 LOG(log_debug, logtype_afpd, "afp_setacl: Remove ACL request.");
1393 if ((ret = remove_acl(vol, s_path->u_name, S_ISDIR(s_path->st.st_mode))) != AFP_OK)
1394 LOG(log_error, logtype_afpd, "afp_setacl: error from remove_acl");
1398 if (bitmap & kFileSec_ACL) {
1399 LOG(log_debug, logtype_afpd, "afp_setacl: Change ACL request.");
1400 /* Get no of ACEs the client put on the wire */
1402 memcpy(&ace_count, ibuf, sizeof(uint32_t));
1403 ace_count = htonl(ace_count);
1404 ibuf += 8; /* skip ACL flags (see acls.h) */
1408 (bitmap & kFileSec_Inherit),
1409 (darwin_ace_t *)ibuf,
1414 LOG(log_warning, logtype_afpd, "afp_setacl(\"%s/%s\"): error",
1415 getcwdpath(), s_path->u_name);
1420 LOG(log_debug9, logtype_afpd, "afp_setacl: END");
1425 * map ACL to user maccess
1427 * This is the magic function that makes ACLs usable by calculating
1428 * the access granted by ACEs to the logged in user.
1430 int acltoownermode(char *path, struct stat *st, uid_t uid, struct maccess *ma)
1434 uint32_t rights = 0;
1436 if ( ! (AFPobj->options.flags & OPTION_ACL2MACCESS)
1437 || (current_vol == NULL)
1438 || ! (current_vol->v_flags & AFPVOL_ACLS))
1441 LOG(log_maxdebug, logtype_afpd, "acltoownermode(\"%s/%s\", 0x%02x)",
1442 getcwdpath(), path, ma->ma_user);
1444 EC_NULL_LOG(pw = getpwuid(uid));
1446 #ifdef HAVE_SOLARIS_ACLS
1447 EC_ZERO_LOG(solaris_acl_rights(path, st, pw, &rights));
1449 #ifdef HAVE_POSIX_ACLS
1450 EC_ZERO_LOG(posix_acl_rights(path, st, pw, &rights));
1453 LOG(log_maxdebug, logtype_afpd, "rights: 0x%08x", rights);
1455 if (rights & DARWIN_ACE_READ_DATA)
1456 ma->ma_user |= AR_UREAD;
1457 if (rights & DARWIN_ACE_WRITE_DATA)
1458 ma->ma_user |= AR_UWRITE;
1459 if (rights & (DARWIN_ACE_EXECUTE | DARWIN_ACE_SEARCH))
1460 ma->ma_user |= AR_USEARCH;
1462 LOG(log_maxdebug, logtype_afpd, "resulting user maccess: 0x%02x", ma->ma_user);