2 Copyright (c) 2008, 2009, 2010 Frank Lahm <franklahm@gmail.com>
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; either version 2 of the License, or
7 (at your option) any later version.
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
17 #endif /* HAVE_CONFIG_H */
26 #ifdef HAVE_SOLARIS_ACLS
29 #ifdef HAVE_POSIX_ACLS
31 #include <acl/libacl.h>
34 #include <atalk/errchk.h>
35 #include <atalk/adouble.h>
36 #include <atalk/vfs.h>
37 #include <atalk/afp.h>
38 #include <atalk/util.h>
39 #include <atalk/cnid.h>
40 #include <atalk/logger.h>
41 #include <atalk/uuid.h>
42 #include <atalk/acl.h>
44 #include "directory.h"
50 #include "acl_mappings.h"
53 #define SOLARIS_2_DARWIN 1
54 #define DARWIN_2_SOLARIS 2
55 #define POSIX_DEFAULT_2_DARWIN 3
56 #define POSIX_ACCESS_2_DARWIN 4
57 #define DARWIN_2_POSIX 5
62 /********************************************************
63 * Basic and helper funcs
64 ********************************************************/
67 Takes a users name, uid and primary gid and checks if user is member of any group
68 Returns -1 if no or error, 0 if yes
70 static int check_group(char *name, uid_t uid _U_, gid_t pgid, gid_t path_gid)
79 EC_NULL(grp = getgrgid(path_gid));
82 while (grp->gr_mem[i] != NULL) {
83 if ( (strcmp(grp->gr_mem[i], name)) == 0 ) {
84 LOG(log_debug, logtype_afpd, "check_group: requested user:%s is member of: %s", name, grp->gr_name);
95 /********************************************************
97 ********************************************************/
99 #ifdef HAVE_SOLARIS_ACLS
101 Remove any trivial ACE "in-place". Returns no of non-trivial ACEs
103 static int strip_trivial_aces(ace_t **saces, int sacecount)
108 ace_t *aces = *saces;
111 /* Count non-trivial ACEs */
112 for (i=0; i < sacecount; ) {
113 if ( ! (aces[i].a_flags & (ACE_OWNER | ACE_GROUP | ACE_EVERYONE)))
117 /* malloc buffer for new ACL */
118 EC_NULL_PRINT(new_aces = malloc(nontrivaces * sizeof(ace_t)));
120 /* Copy non-trivial ACEs */
121 for (i=0, j=0; i < sacecount; ) {
122 if ( ! (aces[i].a_flags & (ACE_OWNER | ACE_GROUP | ACE_EVERYONE))) {
123 memcpy(&new_aces[j], &aces[i], sizeof(ace_t));
132 LOG(log_debug7, logtype_afpd, "strip_trivial_aces: non-trivial ACEs: %d", nontrivaces);
140 Remove non-trivial ACEs "in-place". Returns no of trivial ACEs.
142 static int strip_nontrivial_aces(ace_t **saces, int sacecount)
147 ace_t *aces = *saces;
150 /* Count trivial ACEs */
151 for (i=0; i < sacecount; ) {
152 if ((aces[i].a_flags & (ACE_OWNER | ACE_GROUP | ACE_EVERYONE)))
156 /* malloc buffer for new ACL */
157 EC_NULL_PRINT(new_aces = malloc(trivaces * sizeof(ace_t)));
159 /* Copy trivial ACEs */
160 for (i=0, j=0; i < sacecount; ) {
161 if ((aces[i].a_flags & (ACE_OWNER | ACE_GROUP | ACE_EVERYONE))) {
162 memcpy(&new_aces[j], &aces[i], sizeof(ace_t));
171 LOG(log_debug7, logtype_afpd, "strip_nontrivial_aces: trivial ACEs: %d", trivaces);
181 static ace_t *concat_aces(ace_t *aces1, int ace1count, ace_t *aces2, int ace2count)
187 /* malloc buffer for new ACL */
188 EC_NULL_PRINT(new_aces = malloc((ace1count + ace2count) * sizeof(ace_t)));
190 /* Copy ACEs from buf1 */
191 for (i=0; i < ace1count; ) {
192 memcpy(&new_aces[i], &aces1[i], sizeof(ace_t));
198 /* Copy ACEs from buf2 */
199 for (i=0; i < ace2count; ) {
200 memcpy(&new_aces[j], &aces2[i], sizeof(ace_t));
211 Maps ACE array from Solaris to Darwin. Darwin ACEs are stored in network byte order.
212 Return numer of mapped ACEs or -1 on error.
213 All errors while mapping (e.g. getting UUIDs from LDAP) are fatal.
215 static int map_aces_solaris_to_darwin(ace_t *aces, darwin_ace_t *darwin_aces, int ace_count)
221 struct passwd *pwd = NULL;
222 struct group *grp = NULL;
224 LOG(log_debug7, logtype_afpd, "map_aces_solaris_to_darwin: parsing %d ACES", ace_count);
227 LOG(log_debug7, logtype_afpd, "map_aces_solaris_to_darwin: parsing ACE No. %d", ace_count + 1);
228 /* if its a ACE resulting from nfsv4 mode mapping, discard it */
229 if (aces->a_flags & (ACE_OWNER | ACE_GROUP | ACE_EVERYONE)) {
230 LOG(log_debug, logtype_afpd, "map_aces_solaris_to_darwin: trivial ACE");
235 if ( ! (aces->a_flags & ACE_IDENTIFIER_GROUP) ) {
237 LOG(log_debug, logtype_afpd, "map_aces_solaris_to_darwin: found user ACE with uid: %d", aces->a_who);
239 EC_NULL_PRINT(pwd = getpwuid(aces->a_who));
240 LOG(log_debug, logtype_afpd, "map_aces_solaris_to_darwin: uid: %d -> name: %s", aces->a_who, pwd->pw_name);
242 EC_ZERO_PRINT(getuuidfromname(pwd->pw_name, UUID_USER, darwin_aces->darwin_ace_uuid));
244 /* its a group ace */
245 LOG(log_debug, logtype_afpd, "map_aces_solaris_to_darwin: found group ACE with gid: %d", aces->a_who);
247 EC_NULL_PRINT(grp = getgrgid(aces->a_who));
248 LOG(log_debug, logtype_afpd, "map_aces_solaris_to_darwin: gid: %d -> name: %s", aces->a_who, grp->gr_name);
249 EC_ZERO_PRINT(getuuidfromname(grp->gr_name, UUID_GROUP, darwin_aces->darwin_ace_uuid));
253 if (aces->a_type == ACE_ACCESS_ALLOWED_ACE_TYPE)
254 flags = DARWIN_ACE_FLAGS_PERMIT;
255 else if (aces->a_type == ACE_ACCESS_DENIED_ACE_TYPE)
256 flags = DARWIN_ACE_FLAGS_DENY;
257 else { /* unsupported type */
261 for(i=0; nfsv4_to_darwin_flags[i].from != 0; i++) {
262 if (aces->a_flags & nfsv4_to_darwin_flags[i].from)
263 flags |= nfsv4_to_darwin_flags[i].to;
265 darwin_aces->darwin_ace_flags = htonl(flags);
269 for (i=0; nfsv4_to_darwin_rights[i].from != 0; i++) {
270 if (aces->a_access_mask & nfsv4_to_darwin_rights[i].from)
271 rights |= nfsv4_to_darwin_rights[i].to;
273 darwin_aces->darwin_ace_rights = htonl(rights);
286 Maps ACE array from Darwin to Solaris. Darwin ACEs are expected in network byte order.
287 Return numer of mapped ACEs or -1 on error.
288 All errors while mapping (e.g. getting UUIDs from LDAP) are fatal.
290 int map_aces_darwin_to_solaris(darwin_ace_t *darwin_aces, ace_t *nfsv4_aces, int ace_count)
293 int i, mapped_aces = 0;
294 uint32_t darwin_ace_flags;
295 uint32_t darwin_ace_rights;
296 uint16_t nfsv4_ace_flags;
297 uint32_t nfsv4_ace_rights;
305 nfsv4_ace_rights = 0;
308 EC_ZERO(getnamefromuuid(darwin_aces->darwin_ace_uuid, &name, &uuidtype));
310 if (uuidtype == UUID_USER) {
311 EC_NULL_PRINT(pwd = getpwnam(name));
312 nfsv4_aces->a_who = pwd->pw_uid;
313 } else { /* hopefully UUID_GROUP*/
314 EC_NULL_PRINT(grp = getgrnam(name));
315 nfsv4_aces->a_who = (uid_t)(grp->gr_gid);
316 nfsv4_ace_flags |= ACE_IDENTIFIER_GROUP;
321 /* now type: allow/deny */
322 darwin_ace_flags = ntohl(darwin_aces->darwin_ace_flags);
323 if (darwin_ace_flags & DARWIN_ACE_FLAGS_PERMIT)
324 nfsv4_aces->a_type = ACE_ACCESS_ALLOWED_ACE_TYPE;
325 else if (darwin_ace_flags & DARWIN_ACE_FLAGS_DENY)
326 nfsv4_aces->a_type = ACE_ACCESS_DENIED_ACE_TYPE;
327 else { /* unsupported type */
332 for(i=0; darwin_to_nfsv4_flags[i].from != 0; i++) {
333 if (darwin_ace_flags & darwin_to_nfsv4_flags[i].from)
334 nfsv4_ace_flags |= darwin_to_nfsv4_flags[i].to;
338 darwin_ace_rights = ntohl(darwin_aces->darwin_ace_rights);
339 for (i=0; darwin_to_nfsv4_rights[i].from != 0; i++) {
340 if (darwin_ace_rights & darwin_to_nfsv4_rights[i].from)
341 nfsv4_ace_rights |= darwin_to_nfsv4_rights[i].to;
344 LOG(log_debug9, logtype_afpd, "map_aces_darwin_to_solaris: ACE flags: Darwin:%08x -> NFSv4:%04x", darwin_ace_flags, nfsv4_ace_flags);
345 LOG(log_debug9, logtype_afpd, "map_aces_darwin_to_solaris: ACE rights: Darwin:%08x -> NFSv4:%08x", darwin_ace_rights, nfsv4_ace_rights);
347 nfsv4_aces->a_flags = nfsv4_ace_flags;
348 nfsv4_aces->a_access_mask = nfsv4_ace_rights;
361 #endif /* HAVE_SOLARIS_ACLS */
363 #ifdef HAVE_POSIX_ACLS
364 static int posix_ace_set_mode(acl_entry_t entry, uint32_t darwin_ace_rights, int is_dir)
367 acl_permset_t permset;
369 if ((ret = acl_get_permset(entry, &permset)) != 0) {
372 if ((ret = acl_clear_perms(permset)) != 0) {
375 if ((darwin_ace_rights & DARWIN_ACE_READ_DATA)
376 && ((ret = acl_add_perm(permset, ACL_READ)) != 0)) {
379 if ((darwin_ace_rights & (DARWIN_ACE_WRITE_DATA | (DARWIN_ACE_DELETE_CHILD & is_dir)))
380 && ((ret = acl_add_perm(permset, ACL_WRITE)) != 0)) {
383 if ((darwin_ace_rights & DARWIN_ACE_EXECUTE)
384 && ((ret = acl_add_perm(permset, ACL_EXECUTE)) != 0)) {
387 return acl_set_permset(entry, permset);
391 * Map Darwin ACL to POSIX ACL.
393 * aclp must point to a acl_init'ed acl_t or an acl_t that can eg contain default ACEs.
395 * @param darwin_aces (r) pointer to darwin_aces buffer
396 * @param aclp (rw) pointer to an initialized acl_t
397 * @param is_dir (r) 1 for directories, 0 for files
398 * @param ace_count (r) number of ACEs in darwin_aces buffer
400 * @returns 0 on success storing the result in aclp, -1 on error.
402 static int map_acl_darwin_to_posix(const darwin_ace_t *darwin_aces,
413 uint32_t darwin_ace_flags;
415 while (ace_count--) {
416 /* type: allow/deny, posix only has allow */
417 darwin_ace_flags = ntohl(darwin_aces->darwin_ace_flags);
418 if ( ! (darwin_ace_flags & DARWIN_ACE_FLAGS_PERMIT)) {
423 /* POSIX ACLs don't have all the inherit stuff */
425 && (darwin_ace_flags & (DARWIN_ACE_FLAGS_FILE_INHERIT
426 | DARWIN_ACE_FLAGS_DIRECTORY_INHERIT))) {
433 EC_ZERO_PRINT(acl_create_entry(aclp, &e));
436 EC_ZERO_PRINT(getnamefromuuid(darwin_aces->darwin_ace_uuid, &name, &uuidtype));
437 if (uuidtype == UUID_USER) {
438 EC_ZERO_PRINT(pwd = getpwnam(name));
441 } else { /* hopefully UUID_GROUP*/
442 EC_ZERO_PRINT(getgrnam(name));
444 id = (uid_t)(grp->gr_gid);
449 EC_ZERO_PRINT(acl_set_tag_type(e, tag));
450 EC_ZERO_PRINT(acl_set_qualifier(e, &id));
451 posix_ace_set_mode(e, ntohl(darwin_aces->darwin_ace_rights), is_dir);
456 EC_ZERO_PRINT(acl_valid(*aclp));
466 * Map ACEs from POSIX to Darwin.
467 * type is either POSIX_DEFAULT_2_DARWIN or POSIX_ACCESS_2_DARWIN, cf. acl_get_file.
468 * Return number of mapped ACES, -1 on error.
470 static int map_acl_posix_to_darwin(int type, const acl_t acl, darwin_ace_t *darwin_aces)
475 int entry_id = ACL_FIRST_ENTRY;
478 acl_permset_t permset, mask;
481 struct passwd *pwd = NULL;
482 struct group *grp = NULL;
485 darwin_ace_t *saved_darwin_aces = darwin_aces;
487 LOG(log_maxdebug, logtype_afpd, "map_aces_posix_to_darwin(%s)",
488 (type & MAP_MASK) == POSIX_DEFAULT_2_DARWIN ?
489 "POSIX_DEFAULT_2_DARWIN" : "POSIX_ACCESS_2_DARWIN");
491 /* itereate through all ACEs */
492 while (acl_get_entry(acl, entry_id, &e) == 1) {
493 entry_id = ACL_NEXT_ENTRY;
496 EC_ZERO_PRINT(acl_get_tag_type(e, &tag));
498 /* we return user and group ACE */
501 EC_NULL_PRINT(uid = (uid_t *)acl_get_qualifier(e));
502 EC_NULL_PRINT(pwd = getpwuid(*uid));
503 LOG(log_debug, logtype_afpd, "map_aces_posix_to_darwin: uid: %d -> name: %s",
505 EC_ZERO_PRINT(getuuidfromname(pwd->pw_name, UUID_USER, darwin_aces->darwin_ace_uuid));
511 EC_NULL_PRINT(gid = (gid_t *)acl_get_qualifier(e));
512 EC_NULL_PRINT(grp = getgrgid(*gid));
513 LOG(log_debug, logtype_afpd, "map_aces_posix_to_darwin: gid: %d -> name: %s",
515 EC_ZERO_PRINT(getuuidfromname(grp->gr_name, UUID_GROUP, darwin_aces->darwin_ace_uuid));
520 /* store mask so we can apply it later in a second loop */
522 EC_ZERO_PRINT(acl_get_permset(e, &mask));
531 flags = DARWIN_ACE_FLAGS_PERMIT;
532 if ((type & MAP_MASK) == POSIX_DEFAULT_2_DARWIN)
533 flags |= DARWIN_ACE_FLAGS_FILE_INHERIT
534 | DARWIN_ACE_FLAGS_DIRECTORY_INHERIT
535 | DARWIN_ACE_FLAGS_ONLY_INHERIT;
536 darwin_aces->darwin_ace_flags = htonl(flags);
539 EC_ZERO_PRINT(acl_get_permset(e, &permset));
542 if (acl_get_perm(permset, ACL_READ))
543 rights = DARWIN_ACE_READ_DATA
544 | DARWIN_ACE_READ_EXTATTRIBUTES
545 | DARWIN_ACE_READ_ATTRIBUTES
546 | DARWIN_ACE_READ_SECURITY;
547 if (acl_get_perm(permset, ACL_WRITE)) {
548 rights |= DARWIN_ACE_WRITE_DATA
549 | DARWIN_ACE_APPEND_DATA
550 | DARWIN_ACE_WRITE_EXTATTRIBUTES
551 | DARWIN_ACE_WRITE_ATTRIBUTES;
552 if ((type & ~MAP_MASK) == IS_DIR)
553 rights |= DARWIN_ACE_DELETE;
555 if (acl_get_perm(permset, ACL_EXECUTE))
556 rights |= DARWIN_ACE_EXECUTE;
558 darwin_aces->darwin_ace_rights = htonl(rights);
565 /* Loop through the mapped ACE buffer once again, applying the mask */
566 /* Map the mask to Darwin ACE rights first */
568 if (acl_get_perm(mask, ACL_READ))
569 rights = DARWIN_ACE_READ_DATA
570 | DARWIN_ACE_READ_EXTATTRIBUTES
571 | DARWIN_ACE_READ_ATTRIBUTES
572 | DARWIN_ACE_READ_SECURITY;
573 if (acl_get_perm(mask, ACL_WRITE)) {
574 rights |= DARWIN_ACE_WRITE_DATA
575 | DARWIN_ACE_APPEND_DATA
576 | DARWIN_ACE_WRITE_EXTATTRIBUTES
577 | DARWIN_ACE_WRITE_ATTRIBUTES;
578 if ((type & ~MAP_MASK) == IS_DIR)
579 rights |= DARWIN_ACE_DELETE;
581 if (acl_get_perm(mask, ACL_EXECUTE))
582 rights |= DARWIN_ACE_EXECUTE;
583 for (int i = mapped_aces; i > 0; i--) {
584 saved_darwin_aces->darwin_ace_rights &= htonl(rights);
591 if (uid) acl_free(uid);
592 if (gid) acl_free(gid);
598 * Multiplex ACL mapping (SOLARIS_2_DARWIN, DARWIN_2_SOLARIS, POSIX_2_DARWIN, DARWIN_2_POSIX).
599 * Reads from 'aces' buffer, writes to 'rbuf' buffer.
600 * Caller must provide buffer.
601 * Darwin ACEs are read and written in network byte order.
602 * Needs to know how many ACEs are in the ACL (ace_count) for Solaris ACLs.
603 * Ignores trivial ACEs.
604 * Return no of mapped ACEs or -1 on error.
606 static int map_acl(int type, const void *acl, darwin_ace_t *buf, int ace_count)
610 LOG(log_debug9, logtype_afpd, "map_acl: BEGIN");
612 switch (type & MAP_MASK) {
614 #ifdef HAVE_SOLARIS_ACLS
615 case SOLARIS_2_DARWIN:
616 mapped_aces = map_aces_solaris_to_darwin( acl, buf, ace_count);
619 case DARWIN_2_SOLARIS:
620 mapped_aces = map_aces_darwin_to_solaris( buf, acl, ace_count);
622 #endif /* HAVE_SOLARIS_ACLS */
624 #ifdef HAVE_POSIX_ACLS
625 case POSIX_DEFAULT_2_DARWIN:
626 mapped_aces = map_acl_posix_to_darwin(type, (const acl_t)acl, buf);
629 case POSIX_ACCESS_2_DARWIN:
630 mapped_aces = map_acl_posix_to_darwin(type, (const acl_t)acl, buf);
635 #endif /* HAVE_POSIX_ACLS */
642 LOG(log_debug9, logtype_afpd, "map_acl: END");
646 /* Get ACL from object omitting trivial ACEs. Map to Darwin ACL style and
647 store Darwin ACL at rbuf. Add length of ACL written to rbuf to *rbuflen.
648 Returns 0 on success, -1 on error. */
649 static int get_and_map_acl(char *name, char *rbuf, size_t *rbuflen)
654 uint32_t *darwin_ace_count = (u_int32_t *)rbuf;
655 #ifdef HAVE_SOLARIS_ACLS
658 #ifdef HAVE_POSIX_ACLS
661 LOG(log_debug9, logtype_afpd, "get_and_map_acl: BEGIN");
663 /* Skip length and flags */
668 #ifdef HAVE_SOLARIS_ACLS
669 if ( (ace_count = get_nfsv4_acl(name, &aces)) == -1) {
670 LOG(log_error, logtype_afpd, "get_and_map_acl: couldnt get ACL");
674 if ( (mapped_aces = map_acl(SOLARIS_2_DARWIN, aces, (darwin_ace_t *)rbuf, ace_count)) == -1) {
678 #endif /* HAVE_SOLARIS_ACLS */
680 #ifdef HAVE_POSIX_ACLS
681 acl_t defacl = NULL , accacl = NULL;
683 /* stat to check if its a dir */
684 if (stat(name, &st) != 0) {
685 LOG(log_error, logtype_afpd, "get_and_map_acl: stat: %s", strerror(errno));
690 /* if its a dir, check for default acl too */
692 if (S_ISDIR(st.st_mode)) {
694 if ((defacl = acl_get_file(name, ACL_TYPE_DEFAULT)) == NULL) {
695 LOG(log_error, logtype_afpd, "get_and_map_acl: couldnt get default ACL");
699 if ((mapped_aces = map_acl(POSIX_DEFAULT_2_DARWIN | dirflag,
701 (darwin_ace_t *)rbuf,
708 if ((accacl = acl_get_file(name, ACL_TYPE_ACCESS)) == NULL) {
709 LOG(log_error, logtype_afpd, "get_and_map_acl: couldnt get access ACL");
715 if ((tmp = map_acl(POSIX_ACCESS_2_DARWIN | dirflag,
717 (darwin_ace_t *)(rbuf + mapped_aces * sizeof(darwin_ace_t)),
723 #endif /* HAVE_POSIX_ACLS */
725 LOG(log_debug, logtype_afpd, "get_and_map_acl: mapped %d ACEs", mapped_aces);
728 *darwin_ace_count = htonl(mapped_aces);
729 *rbuflen += sizeof(darwin_acl_header_t) + (mapped_aces * sizeof(darwin_ace_t));
732 #ifdef HAVE_SOLARIS_ACLS
735 #ifdef HAVE_POSIX_ACLS
736 if (defacl) acl_free(defacl);
737 if (accacl) acl_free(accacl);
738 #endif /* HAVE_POSIX_ACLS */
740 LOG(log_debug9, logtype_afpd, "get_and_map_acl: END");
744 /* Removes all non-trivial ACLs from object. Returns full AFPERR code. */
745 static int remove_acl(const struct vol *vol,const char *path, int dir)
749 #ifdef HAVE_SOLARIS_ACLS
750 /* Ressource etc. first */
751 if ((ret = vol->vfs->vfs_remove_acl(vol, path, dir)) != AFP_OK)
753 /* now the data fork or dir */
754 ret = remove_acl_vfs(path);
761 - the client sends a complete list of ACEs, not only new ones. So we dont need to do
762 any combination business (one exception being 'kFileSec_Inherit': see next)
763 - client might request that we add inherited ACEs via 'kFileSec_Inherit'.
764 We will store inherited ACEs first, which is Darwins canonical order.
765 - returns AFPerror code
767 #ifdef HAVE_SOLARIS_ACLS
768 static int set_acl(const struct vol *vol, char *name, int inherit, char *ibuf)
770 int ret, i, nfsv4_ace_count;
771 int tocopy_aces_count = 0, new_aces_count = 0, trivial_ace_count = 0;
772 ace_t *old_aces, *new_aces = NULL;
776 LOG(log_debug9, logtype_afpd, "set_acl: BEGIN");
778 /* Get no of ACEs the client put on the wire */
779 ace_count = htonl(*((uint32_t *)ibuf));
780 ibuf += 8; /* skip ACL flags (see acls.h) */
783 /* inherited + trivial ACEs */
784 flags = ACE_INHERITED_ACE | ACE_OWNER | ACE_GROUP | ACE_EVERYONE;
786 /* only trivial ACEs */
787 flags = ACE_OWNER | ACE_GROUP | ACE_EVERYONE;
789 /* Get existing ACL and count ACEs which have to be copied */
790 if ((nfsv4_ace_count = get_nfsv4_acl(name, &old_aces)) == -1)
792 for ( i=0; i < nfsv4_ace_count; i++) {
793 if (old_aces[i].a_flags & flags)
797 /* Now malloc buffer exactly sized to fit all new ACEs */
798 new_aces = malloc( (ace_count + tocopy_aces_count) * sizeof(ace_t) );
799 if (new_aces == NULL) {
800 LOG(log_error, logtype_afpd, "set_acl: malloc %s", strerror(errno));
805 /* Start building new ACL */
807 /* Copy local inherited ACEs. Therefore we have 'Darwin canonical order' (see chmod there):
808 inherited ACEs first. */
810 for (i=0; i < nfsv4_ace_count; i++) {
811 if (old_aces[i].a_flags & ACE_INHERITED_ACE) {
812 memcpy(&new_aces[new_aces_count], &old_aces[i], sizeof(ace_t));
817 LOG(log_debug7, logtype_afpd, "set_acl: copied %d inherited ACEs", new_aces_count);
819 /* Now the ACEs from the client */
820 ret = map_acl(DARWIN_2_SOLARIS, &new_aces[new_aces_count], (darwin_ace_t *)ibuf, ace_count);
825 new_aces_count += ace_count;
826 LOG(log_debug7, logtype_afpd, "set_acl: mapped %d ACEs from client", ace_count);
828 /* Now copy the trivial ACEs */
829 for (i=0; i < nfsv4_ace_count; i++) {
830 if (old_aces[i].a_flags & (ACE_OWNER | ACE_GROUP | ACE_EVERYONE)) {
831 memcpy(&new_aces[new_aces_count], &old_aces[i], sizeof(ace_t));
836 LOG(log_debug7, logtype_afpd, "set_acl: copied %d trivial ACEs", trivial_ace_count);
838 /* Ressourcefork first.
839 Note: for dirs we set the same ACL on the .AppleDouble/.Parent _file_. This
840 might be strange for ACE_DELETE_CHILD and for inheritance flags. */
841 if ( (ret = vol->vfs->vfs_acl(vol, name, ACE_SETACL, new_aces_count, new_aces)) != 0) {
842 LOG(log_error, logtype_afpd, "set_acl: error setting acl: %s", strerror(errno));
843 if (errno == (EACCES | EPERM))
845 else if (errno == ENOENT)
851 if ( (ret = acl(name, ACE_SETACL, new_aces_count, new_aces)) != 0) {
852 LOG(log_error, logtype_afpd, "set_acl: error setting acl: %s", strerror(errno));
853 if (errno == (EACCES | EPERM))
855 else if (errno == ENOENT)
868 LOG(log_debug9, logtype_afpd, "set_acl: END");
871 #endif /* HAVE_SOLARIS_ACLS */
873 #ifdef HAVE_POSIX_ACLS
874 static int set_acl(const struct vol *vol, char *name, int inherit, char *ibuf)
878 LOG(log_maxdebug, logtype_afpd, "set_acl: BEGIN");
880 /* Get no of ACEs the client put on the wire */
881 uint32_t ace_count = htonl(*((uint32_t *)ibuf));
882 ibuf += 8; /* skip ACL flags (see acls.h) */
886 /* get default ACEs */
888 if (stat(name, &st) != 0) {
889 LOG(log_error, logtype_afpd, "set_acl: stat: %s", strerror(errno));
893 if (S_ISDIR(st.st_mode)) {
894 if ((acl = acl_get_file(name, ACL_TYPE_DEFAULT)) == NULL) {
895 LOG(log_error, logtype_afpd, "set_acl: acl_get_file error: %s",
904 if (acl == NULL && (acl = acl_init(0)) == NULL) {
905 LOG(log_error, logtype_afpd, "set_acl: acl_get_file error: %s",
910 /* acl now can take the additional ACEs as requested by the client */
919 LOG(log_maxdebug, logtype_afpd, "set_acl: END: %u", ret);
922 #endif /* HAVE_POSIX_ACLS */
925 Checks if a given UUID has requested_rights(type darwin_ace_rights) for path.
926 Note: this gets called frequently and is a good place for optimizations !
928 #ifdef HAVE_SOLARIS_ACLS
929 static int check_acl_access(const char *path, const uuidp_t uuid, uint32_t requested_darwin_rights)
931 int ret, i, ace_count, dir, checkgroup;
932 char *username = NULL; /* might be group too */
936 uint32_t requested_rights = 0, allowed_rights = 0, denied_rights = 0;
940 int check_user_trivace = 0, check_group_trivace = 0;
947 LOG(log_debug9, logtype_afpd, "check_access: BEGIN. Request: %08x", requested_darwin_rights);
949 /* Get uid or gid from UUID */
950 if ( (getnamefromuuid(uuid, &username, &uuidtype)) != 0) {
951 LOG(log_error, logtype_afpd, "check_access: error getting name from UUID");
956 if ((lstat(path, &st)) != 0) {
957 LOG(log_error, logtype_afpd, "check_access: stat: %s", strerror(errno));
961 dir = S_ISDIR(st.st_mode);
963 if (uuidtype == UUID_USER) {
964 pwd = getpwnam(username);
966 LOG(log_error, logtype_afpd, "check_access: getpwnam: %s", strerror(errno));
973 /* If user is file/dir owner we must check the user trivial ACE */
974 if (uid == st.st_uid) {
975 LOG(log_debug, logtype_afpd, "check_access: user: %s is files owner. Must check trivial user ACE", username);
976 check_user_trivace = 1;
979 /* Now check if requested user is files owning group. If yes we must check the group trivial ACE */
980 if ( (check_group(username, uid, pgid, st.st_gid)) == 0) {
981 LOG(log_debug, logtype_afpd, "check_access: user: %s is in group: %d. Must check trivial group ACE", username, st.st_gid);
982 check_group_trivace = 1;
984 } else { /* hopefully UUID_GROUP*/
985 LOG(log_error, logtype_afpd, "check_access: afp_access for UUID of groups not supported!");
987 grp = getgrnam(username);
989 LOG(log_error, logtype_afpd, "check_access: getgrnam: %s", strerror(errno));
992 if (st.st_gid == grp->gr_gid )
993 check_group_trivace = 1;
997 /* Map requested rights to Solaris style. */
998 for (i=0; darwin_to_nfsv4_rights[i].from != 0; i++) {
999 if (requested_darwin_rights & darwin_to_nfsv4_rights[i].from)
1000 requested_rights |= darwin_to_nfsv4_rights[i].to;
1003 /* Get ACL from file/dir */
1004 if ( (ace_count = get_nfsv4_acl(path, &aces)) == -1) {
1005 LOG(log_error, logtype_afpd, "check_access: error getting ACEs");
1009 if (ace_count == 0) {
1010 LOG(log_debug, logtype_afpd, "check_access: 0 ACEs from get_nfsv4_acl");
1015 /* Now check requested rights */
1016 ret = AFPERR_ACCESS;
1018 do { /* Loop through ACEs */
1019 who = aces[i].a_who;
1020 flags = aces[i].a_flags;
1021 type = aces[i].a_type;
1022 rights = aces[i].a_access_mask;
1024 if (flags & ACE_INHERIT_ONLY_ACE)
1027 /* Check if its a group ACE and set checkgroup to 1 if yes */
1029 if ( (flags & ACE_IDENTIFIER_GROUP) && !(flags & ACE_GROUP) ) {
1030 if ( (check_group(username, uid, pgid, who)) == 0)
1036 /* Now the tricky part: decide if ACE effects our user. I'll explain:
1037 if its a dedicated (non trivial) ACE for the user
1039 if its a ACE for a group we're member of
1041 if its a trivial ACE_OWNER ACE and requested UUID is the owner
1043 if its a trivial ACE_GROUP ACE and requested UUID is group
1045 if its a trivial ACE_EVERYONE ACE
1049 ( (who == uid) && !(flags & (ACE_TRIVIAL|ACE_IDENTIFIER_GROUP)) ) ||
1051 ( (flags & ACE_OWNER) && check_user_trivace ) ||
1052 ( (flags & ACE_GROUP) && check_group_trivace ) ||
1053 ( flags & ACE_EVERYONE )
1055 /* Found an applicable ACE */
1056 if (type == ACE_ACCESS_ALLOWED_ACE_TYPE)
1057 allowed_rights |= rights;
1058 else if (type == ACE_ACCESS_DENIED_ACE_TYPE)
1059 /* Only or to denied rights if not previously allowed !! */
1060 denied_rights |= ((!allowed_rights) & rights);
1062 } while (++i < ace_count);
1065 /* Darwin likes to ask for "delete_child" on dir,
1066 "write_data" is actually the same, so we add that for dirs */
1067 if (dir && (allowed_rights & ACE_WRITE_DATA))
1068 allowed_rights |= ACE_DELETE_CHILD;
1070 if (requested_rights & denied_rights) {
1071 LOG(log_debug, logtype_afpd, "check_access: some requested right was denied:");
1072 ret = AFPERR_ACCESS;
1073 } else if ((requested_rights & allowed_rights) != requested_rights) {
1074 LOG(log_debug, logtype_afpd, "check_access: some requested right wasn't allowed:");
1075 ret = AFPERR_ACCESS;
1077 LOG(log_debug, logtype_afpd, "check_access: all requested rights are allowed:");
1081 LOG(log_debug, logtype_afpd, "check_access: Requested rights: %08x, allowed_rights: %08x, denied_rights: %08x, Result: %d",
1082 requested_rights, allowed_rights, denied_rights, ret);
1088 LOG(log_debug9, logtype_afpd, "check_access: END");
1092 #endif /* HAVE_SOLARIS_ACLS */
1094 #ifdef HAVE_POSIX_ACLS
1095 static int check_acl_access(const char *path, const uuidp_t uuid, uint32_t requested_darwin_rights)
1098 * FIXME: for OS X >= 10.6 it seems fp_access isn't called anymore, instead
1099 * the client just tries to perform any action, relying on the server
1100 * to enforce permission (which the OS does for us), returning appropiate
1101 * error codes in case the action failed.
1102 * So to summarize: I think it's safe to not implement this function and
1103 * just always return AFP_OK.
1107 #endif /* HAVE_POSIX_ACLS */
1109 /********************************************************
1111 ********************************************************/
1113 int afp_access(AFPObj *obj, char *ibuf, size_t ibuflen _U_, char *rbuf _U_, size_t *rbuflen)
1118 uint32_t did, darwin_ace_rights;
1120 struct path *s_path;
1123 LOG(log_debug9, logtype_afpd, "afp_access: BEGIN");
1128 memcpy(&vid, ibuf, sizeof( vid ));
1129 ibuf += sizeof(vid);
1130 if (NULL == ( vol = getvolbyvid( vid ))) {
1131 LOG(log_error, logtype_afpd, "afp_access: error getting volid:%d", vid);
1132 return AFPERR_NOOBJ;
1135 memcpy(&did, ibuf, sizeof( did ));
1136 ibuf += sizeof( did );
1137 if (NULL == ( dir = dirlookup( vol, did ))) {
1138 LOG(log_error, logtype_afpd, "afp_access: error getting did:%d", did);
1145 /* Store UUID address */
1146 uuid = (uuidp_t)ibuf;
1147 ibuf += UUID_BINSIZE;
1149 /* Store ACE rights */
1150 memcpy(&darwin_ace_rights, ibuf, 4);
1151 darwin_ace_rights = ntohl(darwin_ace_rights);
1154 /* get full path and handle file/dir subtleties in netatalk code*/
1155 if (NULL == ( s_path = cname( vol, dir, &ibuf ))) {
1156 LOG(log_error, logtype_afpd, "afp_getacl: cname got an error!");
1157 return AFPERR_NOOBJ;
1159 if (!s_path->st_valid)
1160 of_statdir(vol, s_path);
1161 if ( s_path->st_errno != 0 ) {
1162 LOG(log_error, logtype_afpd, "afp_getacl: cant stat");
1163 return AFPERR_NOOBJ;
1166 ret = check_acl_access(s_path->u_name, uuid, darwin_ace_rights);
1168 LOG(log_debug9, logtype_afpd, "afp_access: END");
1172 int afp_getacl(AFPObj *obj, char *ibuf, size_t ibuflen _U_, char *rbuf _U_, size_t *rbuflen)
1178 uint16_t vid, bitmap;
1179 struct path *s_path;
1183 LOG(log_debug9, logtype_afpd, "afp_getacl: BEGIN");
1187 memcpy(&vid, ibuf, sizeof( vid ));
1188 ibuf += sizeof(vid);
1189 if (NULL == ( vol = getvolbyvid( vid ))) {
1190 LOG(log_error, logtype_afpd, "afp_getacl: error getting volid:%d", vid);
1191 return AFPERR_NOOBJ;
1194 memcpy(&did, ibuf, sizeof( did ));
1195 ibuf += sizeof( did );
1196 if (NULL == ( dir = dirlookup( vol, did ))) {
1197 LOG(log_error, logtype_afpd, "afp_getacl: error getting did:%d", did);
1201 memcpy(&bitmap, ibuf, sizeof( bitmap ));
1202 memcpy(rbuf, ibuf, sizeof( bitmap ));
1203 bitmap = ntohs( bitmap );
1204 ibuf += sizeof( bitmap );
1205 rbuf += sizeof( bitmap );
1206 *rbuflen += sizeof( bitmap );
1208 /* skip maxreplysize */
1211 /* get full path and handle file/dir subtleties in netatalk code*/
1212 if (NULL == ( s_path = cname( vol, dir, &ibuf ))) {
1213 LOG(log_error, logtype_afpd, "afp_getacl: cname got an error!");
1214 return AFPERR_NOOBJ;
1216 if (!s_path->st_valid)
1217 of_statdir(vol, s_path);
1218 if ( s_path->st_errno != 0 ) {
1219 LOG(log_error, logtype_afpd, "afp_getacl: cant stat");
1220 return AFPERR_NOOBJ;
1223 /* Shall we return owner UUID ? */
1224 if (bitmap & kFileSec_UUID) {
1225 LOG(log_debug, logtype_afpd, "afp_getacl: client requested files owner user UUID");
1226 if (NULL == (pw = getpwuid(s_path->st.st_uid)))
1228 LOG(log_debug, logtype_afpd, "afp_getacl: got uid: %d, name: %s", s_path->st.st_uid, pw->pw_name);
1229 if ((ret = getuuidfromname(pw->pw_name, UUID_USER, rbuf)) != 0)
1231 rbuf += UUID_BINSIZE;
1232 *rbuflen += UUID_BINSIZE;
1235 /* Shall we return group UUID ? */
1236 if (bitmap & kFileSec_GRPUUID) {
1237 LOG(log_debug, logtype_afpd, "afp_getacl: client requested files owner group UUID");
1238 if (NULL == (gr = getgrgid(s_path->st.st_gid)))
1240 LOG(log_debug, logtype_afpd, "afp_getacl: got gid: %d, name: %s", s_path->st.st_gid, gr->gr_name);
1241 if ((ret = getuuidfromname(gr->gr_name, UUID_GROUP, rbuf)) != 0)
1243 rbuf += UUID_BINSIZE;
1244 *rbuflen += UUID_BINSIZE;
1247 /* Shall we return ACL ? */
1248 if (bitmap & kFileSec_ACL) {
1249 LOG(log_debug, logtype_afpd, "afp_getacl: client requested files ACL");
1250 get_and_map_acl(s_path->u_name, rbuf, rbuflen);
1253 LOG(log_debug9, logtype_afpd, "afp_getacl: END");
1257 int afp_setacl(AFPObj *obj, char *ibuf, size_t ibuflen _U_, char *rbuf _U_, size_t *rbuflen)
1263 uint16_t vid, bitmap;
1264 struct path *s_path;
1266 LOG(log_debug9, logtype_afpd, "afp_setacl: BEGIN");
1270 memcpy(&vid, ibuf, sizeof( vid ));
1271 ibuf += sizeof(vid);
1272 if (NULL == ( vol = getvolbyvid( vid ))) {
1273 LOG(log_error, logtype_afpd, "afp_setacl: error getting volid:%d", vid);
1274 return AFPERR_NOOBJ;
1277 memcpy(&did, ibuf, sizeof( did ));
1278 ibuf += sizeof( did );
1279 if (NULL == ( dir = dirlookup( vol, did ))) {
1280 LOG(log_error, logtype_afpd, "afp_setacl: error getting did:%d", did);
1284 memcpy(&bitmap, ibuf, sizeof( bitmap ));
1285 bitmap = ntohs( bitmap );
1286 ibuf += sizeof( bitmap );
1288 /* get full path and handle file/dir subtleties in netatalk code*/
1289 if (NULL == ( s_path = cname( vol, dir, &ibuf ))) {
1290 LOG(log_error, logtype_afpd, "afp_setacl: cname got an error!");
1291 return AFPERR_NOOBJ;
1293 if (!s_path->st_valid)
1294 of_statdir(vol, s_path);
1295 if ( s_path->st_errno != 0 ) {
1296 LOG(log_error, logtype_afpd, "afp_setacl: cant stat");
1297 return AFPERR_NOOBJ;
1299 LOG(log_debug, logtype_afpd, "afp_setacl: unixname: %s", s_path->u_name);
1302 if ((unsigned long)ibuf & 1)
1305 /* Start processing request */
1307 /* Change owner: dont even try */
1308 if (bitmap & kFileSec_UUID) {
1309 LOG(log_debug, logtype_afpd, "afp_setacl: change owner request. discarded.");
1310 ret = AFPERR_ACCESS;
1311 ibuf += UUID_BINSIZE;
1314 /* Change group: certain changes might be allowed, so try it. FIXME: not implemented yet. */
1315 if (bitmap & kFileSec_UUID) {
1316 LOG(log_debug, logtype_afpd, "afp_setacl: change group request. not supported this time.");
1318 ibuf += UUID_BINSIZE;
1322 if (bitmap & kFileSec_REMOVEACL) {
1323 LOG(log_debug, logtype_afpd, "afp_setacl: Remove ACL request.");
1324 if ((ret = remove_acl(vol, s_path->u_name, S_ISDIR(s_path->st.st_mode))) != AFP_OK)
1325 LOG(log_error, logtype_afpd, "afp_setacl: error from remove_acl");
1329 if (bitmap & kFileSec_ACL) {
1330 LOG(log_debug, logtype_afpd, "afp_setacl: Change ACL request.");
1332 /* Check if its our job to preserve inherited ACEs */
1333 if (bitmap & kFileSec_Inherit)
1334 ret = set_acl(vol, s_path->u_name, 1, ibuf);
1336 ret = set_acl(vol, s_path->u_name, 0, ibuf);
1340 LOG(log_warning, logtype_afpd, "afp_setacl(\"%s/%s\"): error",
1341 getcwdpath(), s_path->u_name);
1346 LOG(log_debug9, logtype_afpd, "afp_setacl: END");
1351 unix.c/accessmode calls this: map ACL to OS 9 mode
1353 void acltoownermode(char *path, struct stat *st, uid_t uid, struct maccess *ma)
1357 int r_ok, w_ok, x_ok;
1359 if ( ! (AFPobj->options.flags & OPTION_UUID) || ! (AFPobj->options.flags & OPTION_ACL2OS9MODE))
1362 LOG(log_maxdebug, logtype_afpd, "acltoownermode('%s')", path);
1364 if ((pw = getpwuid(uid)) == NULL) {
1365 LOG(log_error, logtype_afpd, "acltoownermode: %s", strerror(errno));
1369 /* We need the UUID for check_acl_access */
1370 if ((getuuidfromname(pw->pw_name, UUID_USER, uuid)) != 0)
1373 /* These work for files and dirs */
1374 r_ok = check_acl_access(path, uuid, DARWIN_ACE_READ_DATA);
1375 w_ok = check_acl_access(path, uuid, (DARWIN_ACE_WRITE_DATA|DARWIN_ACE_APPEND_DATA));
1376 x_ok = check_acl_access(path, uuid, DARWIN_ACE_EXECUTE);
1378 LOG(log_debug7, logtype_afpd, "acltoownermode: ma_user before: %04o",ma->ma_user);
1380 ma->ma_user |= AR_UREAD;
1382 ma->ma_user |= AR_UWRITE;
1384 ma->ma_user |= AR_USEARCH;
1385 LOG(log_debug7, logtype_afpd, "acltoownermode: ma_user after: %04o", ma->ma_user);
1391 We're being called at the end of afp_createdir. We're (hopefully) inside dir
1392 and ".AppleDouble" and ".AppleDouble/.Parent" should have already been created.
1393 We then inherit any explicit ACE from "." to ".AppleDouble" and ".AppleDouble/.Parent".
1394 FIXME: add to VFS layer ?
1396 #ifdef HAVE_SOLARIS_ACLS
1397 void addir_inherit_acl(const struct vol *vol)
1399 ace_t *diraces = NULL, *adaces = NULL, *combinedaces = NULL;
1400 int diracecount, adacecount;
1402 LOG(log_debug9, logtype_afpd, "addir_inherit_acl: BEGIN");
1404 /* Check if ACLs are enabled for the volume */
1405 if (vol->v_flags & AFPVOL_ACLS) {
1407 if ((diracecount = get_nfsv4_acl(".", &diraces)) <= 0)
1409 /* Remove any trivial ACE from "." */
1410 if ((diracecount = strip_trivial_aces(&diraces, diracecount)) <= 0)
1414 Inherit to ".AppleDouble"
1417 if ((adacecount = get_nfsv4_acl(".AppleDouble", &adaces)) <= 0)
1419 /* Remove any non-trivial ACE from ".AppleDouble" */
1420 if ((adacecount = strip_nontrivial_aces(&adaces, adacecount)) <= 0)
1424 if ((combinedaces = concat_aces(diraces, diracecount, adaces, adacecount)) == NULL)
1427 /* Now set new acl */
1428 if ((acl(".AppleDouble", ACE_SETACL, diracecount + adacecount, combinedaces)) != 0)
1429 LOG(log_error, logtype_afpd, "addir_inherit_acl: acl: %s", strerror(errno));
1434 combinedaces = NULL;
1437 Inherit to ".AppleDouble/.Parent"
1440 if ((adacecount = get_nfsv4_acl(".AppleDouble/.Parent", &adaces)) <= 0)
1442 if ((adacecount = strip_nontrivial_aces(&adaces, adacecount)) <= 0)
1446 if ((combinedaces = concat_aces(diraces, diracecount, adaces, adacecount)) == NULL)
1449 /* Now set new acl */
1450 if ((acl(".AppleDouble/.Parent", ACE_SETACL, diracecount + adacecount, combinedaces)) != 0)
1451 LOG(log_error, logtype_afpd, "addir_inherit_acl: acl: %s", strerror(errno));
1457 LOG(log_debug9, logtype_afpd, "addir_inherit_acl: END");
1463 #endif /* HAVE_SOLARIS_ACLS */
1465 #ifdef HAVE_POSIX_ACLS
1466 void addir_inherit_acl(const struct vol *vol)
1470 #endif /* HAVE_POSIX_ACLS */