* @param path (r) path to filesystem object
* @param sb (r) struct stat of path
* @param pwd (r) struct passwd of user
- * @param result (w) resulting Darwin allow ACE
+ * @param result (rw) resulting Darwin allow ACE
*
* @returns 0 or -1 on error
*/
uint32_t *result)
{
EC_INIT;
+ int havemask = 0;
int entry_id = ACL_FIRST_ENTRY;
uint32_t rights = 0, maskrights = 0;
uid_t *uid = NULL;
EC_NULL_LOG(acl = acl_get_file(path, ACL_TYPE_ACCESS));
/* itereate through all ACEs to get the mask */
- while (acl_get_entry(acl, entry_id, &e) == 1) {
+ while (!havemask && acl_get_entry(acl, entry_id, &e) == 1) {
entry_id = ACL_NEXT_ENTRY;
+ EC_ZERO_LOG(acl_get_tag_type(e, &tag));
switch (tag) {
case ACL_MASK:
maskrights = posix_permset_to_darwin_rights(e, S_ISDIR(sb->st_mode));
- continue;
+ LOG(log_maxdebug, logtype_afpd, "maskrights: 0x%08x", maskrights);
+ havemask = 1;
+ break;
default:
continue;
}
switch (tag) {
case ACL_USER:
EC_NULL_LOG(uid = (uid_t *)acl_get_qualifier(e));
- if (*uid == pwd->pw_uid)
+ if (*uid == pwd->pw_uid) {
+ LOG(log_maxdebug, logtype_afpd, "ACL_USER: %u", *uid);
rights |= posix_permset_to_darwin_rights(e, S_ISDIR(sb->st_mode));
+ }
acl_free(uid);
uid = NULL;
break;
case ACL_USER_OBJ:
- if (sb->st_uid == pwd->pw_uid)
+ if (sb->st_uid == pwd->pw_uid) {
+ LOG(log_maxdebug, logtype_afpd, "ACL_USER_OBJ: %u", sb->st_uid);
rights |= posix_permset_to_darwin_rights(e, S_ISDIR(sb->st_mode));
+ }
break;
case ACL_GROUP:
EC_NULL_LOG(gid = (gid_t *)acl_get_qualifier(e));
- if (gmem(*gid))
+ if (gmem(*gid)) {
+ LOG(log_maxdebug, logtype_afpd, "ACL_GROUP: %u", *gid);
rights |= (posix_permset_to_darwin_rights(e, S_ISDIR(sb->st_mode)) & maskrights);
+ }
acl_free(gid);
gid = NULL;
break;
case ACL_GROUP_OBJ:
- if (gmem(sb->st_gid))
+ if (gmem(sb->st_gid)) {
+ LOG(log_maxdebug, logtype_afpd, "ACL_GROUP_OBJ: %u", sb->st_gid);
rights |= posix_permset_to_darwin_rights(e, S_ISDIR(sb->st_mode));
+ }
+ break;
case ACL_OTHER:
+ LOG(log_maxdebug, logtype_afpd, "ACL_OTHER");
rights |= posix_permset_to_darwin_rights(e, S_ISDIR(sb->st_mode));
break;
-
default:
continue;
}
struct afp_options options;
AFPConfig *config=NULL, *first = NULL;
-#ifdef HAVE_LDAP
- /* Parse afp_ldap.conf first so we can set the uuid option */
- acl_ldap_readconfig(_PATH_ACL_LDAPCONF);
-#endif /* HAVE_LDAP */
-
/* if config file doesn't exist, load defaults */
if ((fp = fopen(cmdline->configfile, "r")) == NULL)
{
}
}
+#ifdef HAVE_LDAP
+ /* Parse afp_ldap.conf */
+ acl_ldap_readconfig(_PATH_ACL_LDAPCONF);
+#endif /* HAVE_LDAP */
+
LOG(log_debug, logtype_afpd, "Finished parsing Config File");
fclose(fp);
#endif
options->dircachesize = DEFAULT_MAX_DIRCACHE_SIZE;
options->flags |= OPTION_ACL2MACCESS;
- options->flags |= OPTION_UUID; /* gets disabled if LDAP isn't configured */
+ options->flags |= OPTION_UUID;
}
/* parse an afpd.conf line. i'm doing it this way because it's
options->flags |= OPTION_ANNOUNCESSH;
if (strstr(buf, " -noacl2maccess"))
options->flags &= ~OPTION_ACL2MACCESS;
- if (strstr(buf, " -nouuid"))
- options->flags &= ~OPTION_UUID;
/* passwd bits */
if (strstr(buf, " -nosavepassword"))
options[VOLOPT_ROOTPREEXEC].i_value = 1;
else if (strcasecmp(p, "upriv") == 0)
options[VOLOPT_FLAGS].i_value |= AFPVOL_UNIX_PRIV;
- else if (strcasecmp(p, "acls") == 0)
- options[VOLOPT_FLAGS].i_value |= AFPVOL_ACLS;
else if (strcasecmp(p, "nodev") == 0)
options[VOLOPT_FLAGS].i_value |= AFPVOL_NODEV;
else if (strcasecmp(p, "caseinsensitive") == 0)
/* os X start at 1 and use network order ie. 1 2 3 */
volume->v_vid = ++lastvid;
volume->v_vid = htons(volume->v_vid);
+#ifdef HAVE_ACLS
+ volume->v_flags |= AFPVOL_ACLS;
+#endif
/* handle options */
if (options) {
- /* should we casefold? */
volume->v_casefold = options[VOLOPT_CASEFOLD].i_value;
-
- /* shift in some flags */
- volume->v_flags = options[VOLOPT_FLAGS].i_value;
+ volume->v_flags |= options[VOLOPT_FLAGS].i_value;
if (options[VOLOPT_EA_VFS].i_value)
volume->v_vfs_ea = options[VOLOPT_EA_VFS].i_value;