/*
Copyright (c) 2008, 2009, 2010 Frank Lahm <franklahm@gmail.com>
+ Copyright (c) 2011 Laura Mueller <laura-mueller@uni-duesseldorf.de>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
#endif
#ifdef HAVE_POSIX_ACLS
#include <sys/acl.h>
+#endif
+#ifdef HAVE_ACL_LIBACL_H
#include <acl/libacl.h>
#endif
#include <atalk/acl.h>
#include <atalk/bstrlib.h>
#include <atalk/bstradd.h>
+#include <atalk/unix.h>
+#include <atalk/netatalk_conf.h>
#include "directory.h"
#include "desktop.h"
#define MAP_MASK 31
#define IS_DIR 32
+/* bit flags for set_acl() and map_aces_darwin_to_posix() */
+#define HAS_DEFAULT_ACL 0x01
+#define HAS_EXT_DEFAULT_ACL 0x02
+
/********************************************************
* Solaris funcs
********************************************************/
* returns the result as a Darwin allowed rights ACE.
* This must honor trivial ACEs which are a mode_t mapping.
*
+ * @param obj (r) handle
* @param path (r) path to filesystem object
- * @param sb (r) struct stat of path
- * @param result (w) resulting Darwin allow ACE
+ * @param sb (rw) struct stat of path
+ * @param ma (rw) UARights struct
+ * @param rights_out (w) mapped Darwin ACL rights
*
* @returns 0 or -1 on error
*/
-static int solaris_acl_rights(const char *path,
- const struct stat *sb,
- uint32_t *result)
+static int solaris_acl_rights(const AFPObj *obj,
+ const char *path,
+ struct stat *sb,
+ struct maccess *ma,
+ uint32_t *rights_out)
{
EC_INIT;
int i, ace_count, checkgroup;
if its a trivial ACE_EVERYONE ACE
THEN
process ACE */
- if (((who == uuid) && !(flags & (ACE_TRIVIAL|ACE_IDENTIFIER_GROUP)))
+ if (((who == obj->uid) && !(flags & (ACE_TRIVIAL|ACE_IDENTIFIER_GROUP)))
||
- ((flags & ACE_IDENTIFIER_GROUP) && !(flags & ACE_GROUP) && gmem(who))
+ ((flags & ACE_IDENTIFIER_GROUP) && !(flags & ACE_GROUP) && gmem(who, obj->ngroups, obj->groups))
||
- ((flags & ACE_OWNER) && (uuid == sb->st_uid))
+ ((flags & ACE_OWNER) && (obj->uid == sb->st_uid))
||
- ((flags & ACE_GROUP) && gmem(sb->st_gid))
+ ((flags & ACE_GROUP) && !(obj->uid == sb->st_uid) && gmem(sb->st_gid, obj->ngroups, obj->groups))
||
- (flags & ACE_EVERYONE)
+ (flags & ACE_EVERYONE && !(obj->uid == sb->st_uid) && !gmem(sb->st_gid, obj->ngroups, obj->groups))
) {
/* Found an applicable ACE */
if (type == ACE_ACCESS_ALLOWED_ACE_TYPE)
darwin_rights |= nfsv4_to_darwin_rights[i].to;
}
- *result |= darwin_rights;
+ LOG(log_maxdebug, logtype_afpd, "rights: 0x%08x", darwin_rights);
+
+ if (rights_out)
+ *rights_out = darwin_rights;
+
+ if (ma && obj->options.flags & OPTION_ACL2MACCESS) {
+ if (darwin_rights & DARWIN_ACE_READ_DATA)
+ ma->ma_user |= AR_UREAD;
+ if (darwin_rights & DARWIN_ACE_WRITE_DATA)
+ ma->ma_user |= AR_UWRITE;
+ if (darwin_rights & (DARWIN_ACE_EXECUTE | DARWIN_ACE_SEARCH))
+ ma->ma_user |= AR_USEARCH;
+ }
+
+ if (sb && obj->options.flags & OPTION_ACL2MODE) {
+ if (darwin_rights & DARWIN_ACE_READ_DATA)
+ sb->st_mode |= S_IRUSR;
+ if (darwin_rights & DARWIN_ACE_WRITE_DATA)
+ sb->st_mode |= S_IWUSR;
+ if (darwin_rights & (DARWIN_ACE_EXECUTE | DARWIN_ACE_SEARCH))
+ sb->st_mode |= S_IXUSR;
+ }
EC_CLEANUP:
if (aces) free(aces);
/* uid/gid first */
EC_ZERO(getnamefromuuid(darwin_aces->darwin_ace_uuid, &name, &uuidtype));
switch (uuidtype) {
- case UUID_LOCAL:
- free(name);
- name = NULL;
- darwin_aces++;
- continue;
case UUID_USER:
EC_NULL_LOG(pwd = getpwnam(name));
nfsv4_aces->a_who = pwd->pw_uid;
nfsv4_aces->a_who = (uid_t)(grp->gr_gid);
nfsv4_ace_flags |= ACE_IDENTIFIER_GROUP;
break;
+ default:
+ LOG(log_error, logtype_afpd, "map_aces_darwin_to_solaris: unkown uuidtype");
+ EC_FAIL;
}
free(name);
name = NULL;
nfsv4_ace_rights |= darwin_to_nfsv4_rights[i].to;
}
- LOG(log_debug9, logtype_afpd, "map_aces_darwin_to_solaris: ACE flags: Darwin:%08x -> NFSv4:%04x", darwin_ace_flags, nfsv4_ace_flags);
- LOG(log_debug9, logtype_afpd, "map_aces_darwin_to_solaris: ACE rights: Darwin:%08x -> NFSv4:%08x", darwin_ace_rights, nfsv4_ace_rights);
+ LOG(log_debug9, logtype_afpd,
+ "map_aces_darwin_to_solaris: ACE flags: Darwin:%08x -> NFSv4:%04x",
+ darwin_ace_flags, nfsv4_ace_flags);
+ LOG(log_debug9, logtype_afpd,
+ "map_aces_darwin_to_solaris: ACE rights: Darwin:%08x -> NFSv4:%08x",
+ darwin_ace_rights, nfsv4_ace_rights);
nfsv4_aces->a_flags = nfsv4_ace_flags;
nfsv4_aces->a_access_mask = nfsv4_ace_rights;
EC_ZERO_LOG(acl_get_permset(e, &permset));
+#ifdef HAVE_ACL_GET_PERM_NP
+ if (acl_get_perm_np(permset, ACL_READ))
+#else
if (acl_get_perm(permset, ACL_READ))
+#endif
rights = DARWIN_ACE_READ_DATA
| DARWIN_ACE_READ_EXTATTRIBUTES
| DARWIN_ACE_READ_ATTRIBUTES
| DARWIN_ACE_READ_SECURITY;
+#ifdef HAVE_ACL_GET_PERM_NP
+ if (acl_get_perm_np(permset, ACL_WRITE)) {
+#else
if (acl_get_perm(permset, ACL_WRITE)) {
+#endif
rights |= DARWIN_ACE_WRITE_DATA
| DARWIN_ACE_APPEND_DATA
| DARWIN_ACE_WRITE_EXTATTRIBUTES
if (is_dir)
rights |= DARWIN_ACE_DELETE_CHILD;
}
+#ifdef HAVE_ACL_GET_PERM_NP
+ if (acl_get_perm_np(permset, ACL_EXECUTE))
+#else
if (acl_get_perm(permset, ACL_EXECUTE))
+#endif
rights |= DARWIN_ACE_EXECUTE;
EC_CLEANUP:
*
* @returns 0 or -1 on error
*/
-static int posix_acl_rights(const char *path,
+
+static int posix_acl_rights(const AFPObj *obj,
+ const char *path,
const struct stat *sb,
uint32_t *result)
{
EC_INIT;
- int havemask = 0;
int entry_id = ACL_FIRST_ENTRY;
- uint32_t rights = 0, maskrights = 0;
+ uint32_t rights = 0; /* rights which do not depend on ACL_MASK */
+ uint32_t acl_rights = 0; /* rights which are subject to limitations imposed by ACL_MASK */
+ uint32_t mask_rights = 0xffffffff;
uid_t *uid = NULL;
gid_t *gid = NULL;
acl_t acl = NULL;
acl_entry_t e;
acl_tag_t tag;
- EC_NULL_LOG(acl = acl_get_file(path, ACL_TYPE_ACCESS));
+ EC_NULL_LOGSTR(acl = acl_get_file(path, ACL_TYPE_ACCESS),
+ "acl_get_file(\"%s\"): %s", fullpathname(path), strerror(errno));
- /* itereate through all ACEs to get the mask */
- while (!havemask && acl_get_entry(acl, entry_id, &e) == 1) {
- entry_id = ACL_NEXT_ENTRY;
- EC_ZERO_LOG(acl_get_tag_type(e, &tag));
- switch (tag) {
- case ACL_MASK:
- maskrights = posix_permset_to_darwin_rights(e, S_ISDIR(sb->st_mode));
- LOG(log_maxdebug, logtype_afpd, "maskrights: 0x%08x", maskrights);
- havemask = 1;
- break;
- default:
- continue;
- }
- }
-
- /* itereate through all ACEs */
- entry_id = ACL_FIRST_ENTRY;
+ /* Iterate through all ACEs. If we apply mask_rights later there is no need to iterate twice. */
while (acl_get_entry(acl, entry_id, &e) == 1) {
entry_id = ACL_NEXT_ENTRY;
EC_ZERO_LOG(acl_get_tag_type(e, &tag));
+
switch (tag) {
- case ACL_USER:
- EC_NULL_LOG(uid = (uid_t *)acl_get_qualifier(e));
- if (*uid == uuid) {
- LOG(log_maxdebug, logtype_afpd, "ACL_USER: %u", *uid);
- rights |= posix_permset_to_darwin_rights(e, S_ISDIR(sb->st_mode));
- }
- acl_free(uid);
- uid = NULL;
- break;
- case ACL_USER_OBJ:
- if (sb->st_uid == uuid) {
- LOG(log_maxdebug, logtype_afpd, "ACL_USER_OBJ: %u", sb->st_uid);
- rights |= posix_permset_to_darwin_rights(e, S_ISDIR(sb->st_mode));
- }
- break;
- case ACL_GROUP:
- EC_NULL_LOG(gid = (gid_t *)acl_get_qualifier(e));
- if (gmem(*gid)) {
- LOG(log_maxdebug, logtype_afpd, "ACL_GROUP: %u", *gid);
- rights |= (posix_permset_to_darwin_rights(e, S_ISDIR(sb->st_mode)) & maskrights);
- }
- acl_free(gid);
- gid = NULL;
- break;
- case ACL_GROUP_OBJ:
- if (gmem(sb->st_gid)) {
- LOG(log_maxdebug, logtype_afpd, "ACL_GROUP_OBJ: %u", sb->st_gid);
- rights |= posix_permset_to_darwin_rights(e, S_ISDIR(sb->st_mode));
- }
- break;
- case ACL_OTHER:
- LOG(log_maxdebug, logtype_afpd, "ACL_OTHER");
- rights |= posix_permset_to_darwin_rights(e, S_ISDIR(sb->st_mode));
- break;
- default:
- continue;
+ case ACL_USER_OBJ:
+ if (sb->st_uid == obj->uid) {
+ LOG(log_maxdebug, logtype_afpd, "ACL_USER_OBJ: %u", sb->st_uid);
+ rights |= posix_permset_to_darwin_rights(e, S_ISDIR(sb->st_mode));
+ }
+ break;
+
+ case ACL_USER:
+ EC_NULL_LOG(uid = (uid_t *)acl_get_qualifier(e));
+
+ if (*uid == obj->uid) {
+ LOG(log_maxdebug, logtype_afpd, "ACL_USER: %u", *uid);
+ acl_rights |= posix_permset_to_darwin_rights(e, S_ISDIR(sb->st_mode));
+ }
+ acl_free(uid);
+ uid = NULL;
+ break;
+
+ case ACL_GROUP_OBJ:
+ if (!(sb->st_uid == obj->uid) && gmem(sb->st_gid, obj->ngroups, obj->groups)) {
+ LOG(log_maxdebug, logtype_afpd, "ACL_GROUP_OBJ: %u", sb->st_gid);
+ acl_rights |= posix_permset_to_darwin_rights(e, S_ISDIR(sb->st_mode));
+ }
+ break;
+
+ case ACL_GROUP:
+ EC_NULL_LOG(gid = (gid_t *)acl_get_qualifier(e));
+
+ if (gmem(*gid, obj->ngroups, obj->groups)) {
+ LOG(log_maxdebug, logtype_afpd, "ACL_GROUP: %u", *gid);
+ acl_rights |= posix_permset_to_darwin_rights(e, S_ISDIR(sb->st_mode));
+ }
+ acl_free(gid);
+ gid = NULL;
+ break;
+
+ case ACL_MASK:
+ mask_rights = posix_permset_to_darwin_rights(e, S_ISDIR(sb->st_mode));
+ LOG(log_maxdebug, logtype_afpd, "maskrights: 0x%08x", mask_rights);
+ break;
+
+ case ACL_OTHER:
+ if (!(sb->st_uid == obj->uid) && !gmem(sb->st_gid, obj->ngroups, obj->groups)) {
+ LOG(log_maxdebug, logtype_afpd, "ACL_OTHER");
+ rights |= posix_permset_to_darwin_rights(e, S_ISDIR(sb->st_mode));
+ }
+ break;
+
+ default:
+ continue;
}
} /* while */
+ /* apply the mask and collect the rights */
+ rights |= (acl_rights & mask_rights);
+
*result |= rights;
EC_CLEANUP:
EC_EXIT;
}
+/*!
+ * Helper function for posix_acls_to_uaperms() to convert Posix ACL permissions
+ * into access rights needed to fill ua_permissions of a FPUnixPrivs structure.
+ *
+ * @param entry (r) Posix ACL entry
+ *
+ * @returns access rights
+ */
+static u_char acl_permset_to_uarights(acl_entry_t entry) {
+ acl_permset_t permset;
+ u_char rights = 0;
+
+ if (acl_get_permset(entry, &permset) == -1)
+ return rights;
+
+#ifdef HAVE_ACL_GET_PERM_NP
+ if (acl_get_perm_np(permset, ACL_READ))
+#else
+ if (acl_get_perm(permset, ACL_READ))
+#endif
+ rights |= AR_UREAD;
+
+#ifdef HAVE_ACL_GET_PERM_NP
+ if (acl_get_perm_np(permset, ACL_WRITE))
+#else
+ if (acl_get_perm(permset, ACL_WRITE))
+#endif
+ rights |= AR_UWRITE;
+
+#ifdef HAVE_ACL_GET_PERM_NP
+ if (acl_get_perm_np(permset, ACL_EXECUTE))
+#else
+ if (acl_get_perm(permset, ACL_EXECUTE))
+#endif
+ rights |= AR_USEARCH;
+
+ return rights;
+}
+
+/*!
+ * Update FPUnixPrivs for a file-system object on a volume supporting ACLs
+ *
+ * Checks permissions granted by ACLS for a user to one fs-object and
+ * updates user and group permissions in given struct maccess. As OS X
+ * doesn't conform to Posix 1003.1e Draft 17 it expects proper group
+ * permissions in st_mode of struct stat even if the fs-object has an
+ * ACL_MASK entry, st_mode gets modified to properly reflect group
+ * permissions.
+ *
+ * @param path (r) path to filesystem object
+ * @param sb (rw) struct stat of path
+ * @param maccess (rw) struct maccess of path
+ *
+ * @returns 0 or -1 on error
+ */
+static int posix_acls_to_uaperms(const AFPObj *obj, const char *path, struct stat *sb, struct maccess *ma) {
+ EC_INIT;
+
+ int entry_id = ACL_FIRST_ENTRY;
+ acl_entry_t entry;
+ acl_tag_t tag;
+ acl_t acl = NULL;
+ uid_t *uid;
+ gid_t *gid;
+ uid_t whoami = geteuid();
+
+ u_char group_rights = 0x00;
+ u_char acl_rights = 0x00;
+ u_char mask = 0xff;
+
+ EC_NULL_LOG(acl = acl_get_file(path, ACL_TYPE_ACCESS));
+
+ /* iterate through all ACEs */
+ while (acl_get_entry(acl, entry_id, &entry) == 1) {
+ entry_id = ACL_NEXT_ENTRY;
+ EC_ZERO_LOG(acl_get_tag_type(entry, &tag));
+
+ switch (tag) {
+ case ACL_USER:
+ EC_NULL_LOG(uid = (uid_t *)acl_get_qualifier(entry));
+
+ if (*uid == obj->uid && !(whoami == sb->st_uid)) {
+ LOG(log_maxdebug, logtype_afpd, "ACL_USER: %u", *uid);
+ acl_rights |= acl_permset_to_uarights(entry);
+ }
+ acl_free(uid);
+ break;
+
+ case ACL_GROUP_OBJ:
+ group_rights = acl_permset_to_uarights(entry);
+ LOG(log_maxdebug, logtype_afpd, "ACL_GROUP_OBJ: %u", sb->st_gid);
+
+ if (gmem(sb->st_gid, obj->ngroups, obj->groups) && !(whoami == sb->st_uid))
+ acl_rights |= group_rights;
+ break;
+
+ case ACL_GROUP:
+ EC_NULL_LOG(gid = (gid_t *)acl_get_qualifier(entry));
+
+ if (gmem(*gid, obj->ngroups, obj->groups) && !(whoami == sb->st_uid)) {
+ LOG(log_maxdebug, logtype_afpd, "ACL_GROUP: %u", *gid);
+ acl_rights |= acl_permset_to_uarights(entry);
+ }
+ acl_free(gid);
+ break;
+
+ case ACL_MASK:
+ mask = acl_permset_to_uarights(entry);
+ LOG(log_maxdebug, logtype_afpd, "ACL_MASK: 0x%02x", mask);
+ break;
+
+ default:
+ break;
+ }
+ }
+
+ if (obj->options.flags & OPTION_ACL2MACCESS) {
+ /* apply the mask and adjust user and group permissions */
+ ma->ma_user |= (acl_rights & mask);
+ ma->ma_group = (group_rights & mask);
+ }
+
+ if (obj->options.flags & OPTION_ACL2MODE) {
+ /* update st_mode to properly reflect group permissions */
+ sb->st_mode &= ~S_IRWXG;
+ if (ma->ma_group & AR_USEARCH)
+ sb->st_mode |= S_IXGRP;
+ if (ma->ma_group & AR_UWRITE)
+ sb->st_mode |= S_IWGRP;
+ if (ma->ma_group & AR_UREAD)
+ sb->st_mode |= S_IRGRP;
+ }
+
+EC_CLEANUP:
+ if (acl) acl_free(acl);
+
+ EC_EXIT;
+}
+
+#if 0
/*!
* Add entries of one acl to another acl
*
EC_CLEANUP:
EC_EXIT;
}
+#endif
/*!
* Map Darwin ACE rights to POSIX 1e perm
if (darwin_ace_rights & DARWIN_ACE_READ_DATA)
perm |= ACL_READ;
- if (darwin_ace_rights & (DARWIN_ACE_WRITE_DATA | (DARWIN_ACE_DELETE_CHILD & is_dir)))
+ if (darwin_ace_rights & (DARWIN_ACE_WRITE_DATA | (is_dir ? DARWIN_ACE_DELETE_CHILD : 0)))
perm |= ACL_WRITE;
if (darwin_ace_rights & DARWIN_ACE_EXECUTE)
EC_ZERO_LOG(acl_add_perm(permset, perm));
EC_ZERO_LOG(acl_set_permset(e, permset));
}
-
+
EC_CLEANUP:
if (eid) acl_free(eid);
* - we throw away DARWIN_ACE_FLAGS_LIMIT_INHERIT (can't be mapped), thus the ACL will
* not be limited
*
- * @param darwin_aces (r) pointer to darwin_aces buffer
- * @param def_aclp (rw) directories: pointer to an initialized acl_t with the default acl
- * files: *def_aclp will be NULL
- * @param acc_aclp (rw) pointer to an initialized acl_t with the access acl
- * @param ace_count (r) number of ACEs in darwin_aces buffer
+ * @param darwin_aces (r) pointer to darwin_aces buffer
+ * @param def_aclp (rw) directories: pointer to an initialized acl_t with
+ the default acl files: *def_aclp will be NULL
+ * @param acc_aclp (rw) pointer to an initialized acl_t with the access acl
+ * @param ace_count (r) number of ACEs in darwin_aces buffer
+ * @param default_acl_flags (rw) flags to indicate if the object has a basic default
+ * acl or an extended default acl.
*
- * @returns 0 on success storing the result in aclp, -1 on error.
+ * @returns 0 on success storing the result in aclp, -1 on error. default_acl_flags
+ * is set to HAS_DEFAULT_ACL|HAS_EXT_DEFAULT_ACL in case there is at least one
+ * extended default ace. Otherwise default_acl_flags is left unchanged.
*/
static int map_aces_darwin_to_posix(const darwin_ace_t *darwin_aces,
acl_t *def_aclp,
acl_t *acc_aclp,
- int ace_count)
+ int ace_count,
+ uint32_t *default_acl_flags)
{
EC_INIT;
char *name = NULL;
/* uid/gid */
EC_ZERO_LOG(getnamefromuuid(darwin_aces->darwin_ace_uuid, &name, &uuidtype));
switch (uuidtype) {
- case UUID_LOCAL:
- free(name);
- name = NULL;
- continue;
case UUID_USER:
EC_NULL_LOG(pwd = getpwnam(name));
tag = ACL_USER;
id = (uid_t)(grp->gr_gid);
LOG(log_debug, logtype_afpd, "map_ace: name: %s, gid: %u", name, id);
break;
+ default:
+ continue;
}
free(name);
name = NULL;
}
/* add it as default ace */
EC_ZERO_LOG(posix_acl_add_perm(def_aclp, tag, id, perm));
-
+ *default_acl_flags = (HAS_DEFAULT_ACL|HAS_EXT_DEFAULT_ACL);
if (! (darwin_ace_flags & DARWIN_ACE_FLAGS_ONLY_INHERIT))
/* if it not a "inherit only" ace, it must be added as access aces too */
EC_INIT;
int mapped_aces = 0;
int dirflag;
- uint32_t *darwin_ace_count = (u_int32_t *)rbuf;
+ char *darwin_ace_count = rbuf;
#ifdef HAVE_SOLARIS_ACLS
int ace_count = 0;
ace_t *aces = NULL;
LOG(log_debug, logtype_afpd, "get_and_map_acl: mapped %d ACEs", mapped_aces);
- *darwin_ace_count = htonl(mapped_aces);
*rbuflen += sizeof(darwin_acl_header_t) + (mapped_aces * sizeof(darwin_ace_t));
+ mapped_aces = htonl(mapped_aces);
+ memcpy(darwin_ace_count, &mapped_aces, sizeof(uint32_t));
EC_STATUS(0);
}
LOG(log_debug7, logtype_afpd, "set_acl: copied %d trivial ACEs", trivial_ace_count);
- /* Ressourcefork first.
- Note: for dirs we set the same ACL on the .AppleDouble/.Parent _file_. This
- might be strange for ACE_DELETE_CHILD and for inheritance flags. */
+ /* Ressourcefork first */
if ((ret = (vol->vfs->vfs_acl(vol, name, ACE_SETACL, new_aces_count, new_aces))) != 0) {
- LOG(log_error, logtype_afpd, "set_acl: error setting acl: %s", strerror(errno));
- if (errno == (EACCES | EPERM))
+ LOG(log_debug, logtype_afpd, "set_acl: error setting acl: %s", strerror(errno));
+ switch (errno) {
+ case EACCES:
+ case EPERM:
EC_STATUS(AFPERR_ACCESS);
- else if (errno == ENOENT)
- EC_STATUS(AFPERR_NOITEM);
- else
+ break;
+ case ENOENT:
+ EC_STATUS(AFP_OK);
+ break;
+ default:
EC_STATUS(AFPERR_MISC);
+ break;
+ }
goto EC_CLEANUP;
}
if ((ret = (acl(name, ACE_SETACL, new_aces_count, new_aces))) != 0) {
#endif /* HAVE_SOLARIS_ACLS */
#ifdef HAVE_POSIX_ACLS
+#ifndef HAVE_ACL_FROM_MODE
+static acl_t acl_from_mode(mode_t mode)
+{
+ acl_t acl;
+ acl_entry_t entry;
+ acl_permset_t permset;
+
+ if (!(acl = acl_init(3)))
+ return NULL;
+
+ if (acl_create_entry(&acl, &entry) != 0)
+ goto error;
+ acl_set_tag_type(entry, ACL_USER_OBJ);
+ acl_get_permset(entry, &permset);
+ acl_clear_perms(permset);
+ if (mode & S_IRUSR)
+ acl_add_perm(permset, ACL_READ);
+ if (mode & S_IWUSR)
+ acl_add_perm(permset, ACL_WRITE);
+ if (mode & S_IXUSR)
+ acl_add_perm(permset, ACL_EXECUTE);
+ acl_set_permset(entry, permset);
+
+ if (acl_create_entry(&acl, &entry) != 0)
+ goto error;
+ acl_set_tag_type(entry, ACL_GROUP_OBJ);
+ acl_get_permset(entry, &permset);
+ acl_clear_perms(permset);
+ if (mode & S_IRGRP)
+ acl_add_perm(permset, ACL_READ);
+ if (mode & S_IWGRP)
+ acl_add_perm(permset, ACL_WRITE);
+ if (mode & S_IXGRP)
+ acl_add_perm(permset, ACL_EXECUTE);
+ acl_set_permset(entry, permset);
+
+ if (acl_create_entry(&acl, &entry) != 0)
+ goto error;
+ acl_set_tag_type(entry, ACL_OTHER);
+ acl_get_permset(entry, &permset);
+ acl_clear_perms(permset);
+ if (mode & S_IROTH)
+ acl_add_perm(permset, ACL_READ);
+ if (mode & S_IWOTH)
+ acl_add_perm(permset, ACL_WRITE);
+ if (mode & S_IXOTH)
+ acl_add_perm(permset, ACL_EXECUTE);
+ acl_set_permset(entry, permset);
+
+ return acl;
+
+error:
+ acl_free(acl);
+ return NULL;
+}
+#endif
+
static int set_acl(const struct vol *vol,
const char *name,
int inherit _U_,
uint32_t ace_count)
{
EC_INIT;
- acl_t def_acl = NULL;
- acl_t acc_acl = NULL;
+ struct stat st;
+ acl_t default_acl = NULL;
+ acl_t access_acl = NULL;
+ acl_entry_t entry;
+ acl_tag_t tag;
+ int entry_id = ACL_FIRST_ENTRY;
+ /* flags to indicate if the object has a minimal default acl and/or an extended
+ * default acl.
+ */
+ uint32_t default_acl_flags = 0;
LOG(log_maxdebug, logtype_afpd, "set_acl: BEGIN");
- struct stat st;
- EC_ZERO_LOG_ERR(lstat(name, &st), AFPERR_NOOBJ);
+ EC_NULL_LOG_ERR(access_acl = acl_get_file(name, ACL_TYPE_ACCESS), AFPERR_MISC);
- /* seed default ACL with access ACL */
- if (S_ISDIR(st.st_mode))
- EC_NULL_LOG_ERR(def_acl = acl_get_file(name, ACL_TYPE_ACCESS), AFPERR_MISC);
+ /* Iterate through acl and remove all extended acl entries. */
+ while (acl_get_entry(access_acl, entry_id, &entry) == 1) {
+ entry_id = ACL_NEXT_ENTRY;
+ EC_ZERO_LOG(acl_get_tag_type(entry, &tag));
- /* for files def_acl will be NULL */
+ if ((tag == ACL_USER) || (tag == ACL_GROUP) || (tag == ACL_MASK)) {
+ EC_ZERO_LOG_ERR(acl_delete_entry(access_acl, entry), AFPERR_MISC);
+ }
+ } /* while */
- /* create access acl from mode */
- EC_NULL_LOG_ERR(acc_acl = acl_from_mode(st.st_mode), AFPERR_MISC);
+ /* In case we are acting on a directory prepare a default acl. For files default_acl will be NULL.
+ * If the directory already has a default acl it will be preserved.
+ */
+ EC_ZERO_LOG_ERR(lstat(name, &st), AFPERR_NOOBJ);
+ if (S_ISDIR(st.st_mode)) {
+ default_acl = acl_get_file(name, ACL_TYPE_DEFAULT);
+
+ if (default_acl) {
+ /* If default_acl is not empty then the dir has a default acl. */
+ if (acl_get_entry(default_acl, ACL_FIRST_ENTRY, &entry) == 1)
+ default_acl_flags = HAS_DEFAULT_ACL;
+
+ acl_free(default_acl);
+ }
+ default_acl = acl_dup(access_acl);
+ }
/* adds the clients aces */
- EC_ZERO_ERR(map_aces_darwin_to_posix(daces, &def_acl, &acc_acl, ace_count), AFPERR_MISC);
+ EC_ZERO_ERR(map_aces_darwin_to_posix(daces, &default_acl, &access_acl, ace_count, &default_acl_flags), AFPERR_MISC);
/* calcuate ACL mask */
- EC_ZERO_LOG_ERR(acl_calc_mask(&acc_acl), AFPERR_MISC);
+ EC_ZERO_LOG_ERR(acl_calc_mask(&access_acl), AFPERR_MISC);
/* is it ok? */
- EC_ZERO_LOG_ERR(acl_valid(acc_acl), AFPERR_MISC);
+ EC_ZERO_LOG_ERR(acl_valid(access_acl), AFPERR_MISC);
/* set it */
- EC_ZERO_LOG_ERR(acl_set_file(name, ACL_TYPE_ACCESS, acc_acl), AFPERR_MISC);
- EC_ZERO_LOG_ERR(vol->vfs->vfs_acl(vol, name, ACL_TYPE_ACCESS, 0, acc_acl), AFPERR_MISC);
-
- if (def_acl) {
- EC_ZERO_LOG_ERR(acl_set_file(name, ACL_TYPE_DEFAULT, def_acl), AFPERR_MISC);
- EC_ZERO_LOG_ERR(vol->vfs->vfs_acl(vol, name, ACL_TYPE_DEFAULT, 0, def_acl), AFPERR_MISC);
+ EC_ZERO_LOG_ERR(acl_set_file(name, ACL_TYPE_ACCESS, access_acl), AFPERR_MISC);
+ EC_ZERO_LOG_ERR(vol->vfs->vfs_acl(vol, name, ACL_TYPE_ACCESS, 0, access_acl), AFPERR_MISC);
+
+ if (default_acl) {
+ /* If the dir has an extended default acl it's ACL_MASK must be updated.*/
+ if (default_acl_flags & HAS_EXT_DEFAULT_ACL)
+ EC_ZERO_LOG_ERR(acl_calc_mask(&default_acl), AFPERR_MISC);
+
+ if (default_acl_flags) {
+ EC_ZERO_LOG_ERR(acl_valid(default_acl), AFPERR_MISC);
+ EC_ZERO_LOG_ERR(acl_set_file(name, ACL_TYPE_DEFAULT, default_acl), AFPERR_MISC);
+ EC_ZERO_LOG_ERR(vol->vfs->vfs_acl(vol, name, ACL_TYPE_DEFAULT, 0, default_acl), AFPERR_MISC);
+ }
}
EC_CLEANUP:
- acl_free(acc_acl);
- acl_free(def_acl);
+ if (access_acl) acl_free(access_acl);
+ if (default_acl) acl_free(default_acl);
LOG(log_maxdebug, logtype_afpd, "set_acl: END");
EC_EXIT;
* Note: this gets called frequently and is a good place for optimizations !
*
* @param vol (r) volume
- * @param dir (r) directory
+ * @param dir (rw) directory
* @param path (r) path to filesystem object
* @param uuid (r) UUID of user
* @param requested_rights (r) requested Darwin ACE
*
* @returns AFP result code
*/
-static int check_acl_access(const struct vol *vol,
- const struct dir *dir,
+static int check_acl_access(const AFPObj *obj,
+ const struct vol *vol,
+ struct dir *dir,
const char *path,
const uuidp_t uuid,
uint32_t requested_rights)
int ret;
uint32_t allowed_rights = 0;
char *username = NULL;
- uuidtype_t uuidtype;
struct stat st;
bstring parent = NULL;
+ int is_dir;
- LOG(log_maxdebug, logtype_afpd, "check_access: Request: 0x%08x", requested_rights);
+ LOG(log_maxdebug, logtype_afpd, "check_acl_access(dir: \"%s\", path: \"%s\", curdir: \"%s\", 0x%08x)",
+ cfrombstr(dir->d_fullpath), path, getcwdpath(), requested_rights);
- /* Get uid or gid from UUID */
- EC_ZERO_LOG_ERR(getnamefromuuid(uuid, &username, &uuidtype), AFPERR_PARAM);
- EC_ZERO_LOG_ERR(lstat(path, &st), AFPERR_PARAM);
+ AFP_ASSERT(vol);
+ /* This check is not used anymore, as OS X Server seems to be ignoring too */
+#if 0
+ /* Get uid or gid from UUID */
+ EC_ZERO_ERR(getnamefromuuid(uuid, &username, &uuidtype), AFPERR_PARAM);
switch (uuidtype) {
case UUID_USER:
break;
case UUID_GROUP:
- LOG(log_warning, logtype_afpd, "check_access: afp_access not supported for groups");
+ LOG(log_warning, logtype_afpd, "check_acl_access: afp_access not supported for groups");
EC_STATUS(AFPERR_MISC);
goto EC_CLEANUP;
-
- case UUID_LOCAL:
- LOG(log_warning, logtype_afpd, "check_access: local UUID");
+ default:
EC_STATUS(AFPERR_MISC);
goto EC_CLEANUP;
}
+#endif
+
+ EC_ZERO_LOG_ERR(ostat(path, &st, vol_syml_opt(vol)), AFPERR_PARAM);
+ is_dir = !strcmp(path, ".");
+
+ if (is_dir && (curdir->d_rights_cache != 0xffffffff)) {
+ /* its a dir and the cache value is valid */
+ allowed_rights = curdir->d_rights_cache;
+ LOG(log_debug, logtype_afpd, "check_access: allowed rights from dircache: 0x%08x", allowed_rights);
+ } else {
#ifdef HAVE_SOLARIS_ACLS
- EC_ZERO_LOG(solaris_acl_rights(path, &st, &allowed_rights));
+ EC_ZERO_LOG(solaris_acl_rights(obj, path, &st, NULL, &allowed_rights));
#endif
#ifdef HAVE_POSIX_ACLS
- EC_ZERO_LOG(posix_acl_rights(path, &st, &allowed_rights));
+ EC_ZERO_LOG(posix_acl_rights(obj, path, &st, &allowed_rights));
#endif
+ /*
+ * The DARWIN_ACE_DELETE right might implicitly result from write acces to the parent
+ * directory. As it seems the 10.6 AFP client is puzzled when this right is not
+ * allowed where a delete would succeed because the parent dir gives write perms.
+ * So we check the parent dir for write access and set the right accordingly.
+ * Currentyl acl2ownermode calls us with dir = NULL, because it doesn't make sense
+ * there to do this extra check -- afaict.
+ */
+ if (vol && dir && (requested_rights & DARWIN_ACE_DELETE)) {
+ int i;
+ uint32_t parent_rights = 0;
+
+ if (curdir->d_did == DIRDID_ROOT_PARENT) {
+ /* use volume path */
+ EC_NULL_LOG_ERR(parent = bfromcstr(vol->v_path), AFPERR_MISC);
+ } else {
+ /* build path for parent */
+ EC_NULL_LOG_ERR(parent = bstrcpy(curdir->d_fullpath), AFPERR_MISC);
+ EC_ZERO_LOG_ERR(bconchar(parent, '/'), AFPERR_MISC);
+ EC_ZERO_LOG_ERR(bcatcstr(parent, path), AFPERR_MISC);
+ EC_NEG1_LOG_ERR(i = bstrrchr(parent, '/'), AFPERR_MISC);
+ EC_ZERO_LOG_ERR(binsertch(parent, i, 1, 0), AFPERR_MISC);
+ }
- LOG(log_debug, logtype_afpd, "allowed rights: 0x%08x", allowed_rights);
-
- /*
- * The DARWIN_ACE_DELETE right might implicitly result from write acces to the parent
- * directory. As it seems the 10.6 AFP client is puzzled when this right is not
- * allowed where a delete would succeed because the parent dir gives write perms.
- * So we check the parent dir for write access and set the right accordingly.
- * Currentyl acl2ownermode calls us with dir = NULL, because it doesn't make sense
- * there to do this extra check -- afaict.
- */
- if (vol && dir && (requested_rights & DARWIN_ACE_DELETE)) {
- int i;
- uint32_t parent_rights = 0;
-
- if (dir->d_did == DIRDID_ROOT_PARENT) {
- /* use volume path */
- EC_NULL_LOG_ERR(parent = bfromcstr(vol->v_path), AFPERR_MISC);
- } else {
- /* build path for parent */
- EC_NULL_LOG_ERR(parent = bstrcpy(dir->d_fullpath), AFPERR_MISC);
- EC_ZERO_LOG_ERR(bconchar(parent, '/'), AFPERR_MISC);
- EC_ZERO_LOG_ERR(bcatcstr(parent, path), AFPERR_MISC);
- EC_NEG1_LOG_ERR(i = bstrrchr(parent, '/'), AFPERR_MISC);
- EC_ZERO_LOG_ERR(binsertch(parent, i, 1, 0), AFPERR_MISC);
- }
-
- LOG(log_debug, logtype_afpd,"parent: %s", cfrombstr(parent));
- EC_ZERO_LOG_ERR(lstat(cfrombstr(parent), &st), AFPERR_MISC);
+ LOG(log_debug, logtype_afpd,"parent: %s", cfrombstr(parent));
+ EC_ZERO_LOG_ERR(lstat(cfrombstr(parent), &st), AFPERR_MISC);
#ifdef HAVE_SOLARIS_ACLS
- EC_ZERO_LOG(solaris_acl_rights(cfrombstr(parent), &st, &parent_rights));
+ EC_ZERO_LOG(solaris_acl_rights(obj, cfrombstr(parent), &st, NULL, &parent_rights));
#endif
#ifdef HAVE_POSIX_ACLS
- EC_ZERO_LOG(posix_acl_rights(path, &st, &allowed_rights));
+ EC_ZERO_LOG(posix_acl_rights(obj, path, &st, &parent_rights));
#endif
- if (parent_rights & (DARWIN_ACE_WRITE_DATA | DARWIN_ACE_DELETE_CHILD))
- allowed_rights |= DARWIN_ACE_DELETE; /* man, that was a lot of work! */
+ if (parent_rights & (DARWIN_ACE_WRITE_DATA | DARWIN_ACE_DELETE_CHILD))
+ allowed_rights |= DARWIN_ACE_DELETE; /* man, that was a lot of work! */
+ }
+
+ if (is_dir) {
+ /* Without DARWIN_ACE_DELETE set OS X 10.6 refuses to rename subdirectories in a
+ * directory.
+ */
+ if (allowed_rights & DARWIN_ACE_ADD_SUBDIRECTORY)
+ allowed_rights |= DARWIN_ACE_DELETE;
+
+ curdir->d_rights_cache = allowed_rights;
+ }
+ LOG(log_debug, logtype_afpd, "allowed rights: 0x%08x", allowed_rights);
}
if ((requested_rights & allowed_rights) != requested_rights) {
return AFPERR_NOOBJ;
}
- ret = check_acl_access(vol, dir, s_path->u_name, uuid, darwin_ace_rights);
+ ret = check_acl_access(obj, vol, dir, s_path->u_name, uuid, darwin_ace_rights);
return ret;
}
LOG(log_debug, logtype_afpd, "afp_getacl: client requested files owner user UUID");
if (NULL == (pw = getpwuid(s_path->st.st_uid))) {
LOG(log_debug, logtype_afpd, "afp_getacl: local uid: %u", s_path->st.st_uid);
- localuuid_from_id(rbuf, UUID_USER, s_path->st.st_uid);
+ localuuid_from_id((unsigned char *)rbuf, UUID_USER, s_path->st.st_uid);
} else {
LOG(log_debug, logtype_afpd, "afp_getacl: got uid: %d, name: %s", s_path->st.st_uid, pw->pw_name);
- if ((ret = getuuidfromname(pw->pw_name, UUID_USER, rbuf)) != 0)
+ if ((ret = getuuidfromname(pw->pw_name, UUID_USER, (unsigned char *)rbuf)) != 0)
return AFPERR_MISC;
}
rbuf += UUID_BINSIZE;
LOG(log_debug, logtype_afpd, "afp_getacl: client requested files owner group UUID");
if (NULL == (gr = getgrgid(s_path->st.st_gid))) {
LOG(log_debug, logtype_afpd, "afp_getacl: local gid: %u", s_path->st.st_gid);
- localuuid_from_id(rbuf, UUID_GROUP, s_path->st.st_gid);
+ localuuid_from_id((unsigned char *)rbuf, UUID_GROUP, s_path->st.st_gid);
} else {
LOG(log_debug, logtype_afpd, "afp_getacl: got gid: %d, name: %s", s_path->st.st_gid, gr->gr_name);
- if ((ret = getuuidfromname(gr->gr_name, UUID_GROUP, rbuf)) != 0)
+ if ((ret = getuuidfromname(gr->gr_name, UUID_GROUP, (unsigned char *)rbuf)) != 0)
return AFPERR_MISC;
}
rbuf += UUID_BINSIZE;
* This is the magic function that makes ACLs usable by calculating
* the access granted by ACEs to the logged in user.
*/
-int acltoownermode(char *path, struct stat *st, struct maccess *ma)
+int acltoownermode(const AFPObj *obj, const struct vol *vol, char *path, struct stat *st, struct maccess *ma)
{
EC_INIT;
- uint32_t rights = 0;
- if ( ! (AFPobj->options.flags & OPTION_ACL2MACCESS)
- || (current_vol == NULL)
- || ! (current_vol->v_flags & AFPVOL_ACLS))
+ if ( ! (obj->options.flags & (OPTION_ACL2MACCESS | OPTION_ACL2MODE))
+ || ! (vol->v_flags & AFPVOL_ACLS))
return 0;
LOG(log_maxdebug, logtype_afpd, "acltoownermode(\"%s/%s\", 0x%02x)",
getcwdpath(), path, ma->ma_user);
#ifdef HAVE_SOLARIS_ACLS
- EC_ZERO_LOG(solaris_acl_rights(path, st, &rights));
+ EC_ZERO_LOG(solaris_acl_rights(obj, path, st, ma, NULL));
#endif
+
#ifdef HAVE_POSIX_ACLS
- EC_ZERO_LOG(posix_acl_rights(path, st, &rights));
+ EC_ZERO_LOG(posix_acls_to_uaperms(obj, path, st, ma));
#endif
- LOG(log_maxdebug, logtype_afpd, "rights: 0x%08x", rights);
-
- if (rights & DARWIN_ACE_READ_DATA)
- ma->ma_user |= AR_UREAD;
- if (rights & DARWIN_ACE_WRITE_DATA)
- ma->ma_user |= AR_UWRITE;
- if (rights & (DARWIN_ACE_EXECUTE | DARWIN_ACE_SEARCH))
- ma->ma_user |= AR_USEARCH;
-
- LOG(log_maxdebug, logtype_afpd, "resulting user maccess: 0x%02x", ma->ma_user);
+ LOG(log_maxdebug, logtype_afpd, "resulting user maccess: 0x%02x group maccess: 0x%02x", ma->ma_user, ma->ma_group);
EC_CLEANUP:
EC_EXIT;
}
-
-/*!
- * Check whether a volume supports ACLs
- *
- * @param vol (r) volume
- *
- * @returns 0 if not, 1 if yes
- */
-int check_vol_acl_support(const struct vol *vol)
-{
- int ret = 1;
-
-#ifdef HAVE_SOLARIS_ACLS
- ace_t *aces = NULL;
- if (get_nfsv4_acl(vol->v_path, &aces) == -1)
- ret = 0;
-#endif
-#ifdef HAVE_POSIX_ACLS
- acl_t acl = NULL;
- if ((acl = acl_get_file(vol->v_path, ACL_TYPE_ACCESS)) == NULL)
- ret = 0;
-#endif
-
-#ifdef HAVE_SOLARIS_ACLS
- if (aces) free(aces);
-#endif
-#ifdef HAVE_POSIX_ACLS
- if (acl) acl_free(acl);
-#endif /* HAVE_POSIX_ACLS */
-
- LOG(log_debug, logtype_afpd, "Volume \"%s\" ACL support: %s",
- vol->v_path, ret ? "yes" : "no");
- return ret;
-}
projects / netatalk.git / blobdiff