--- /dev/null
+Veto Options Patch for Netatalk
+===============================
+
+ The patch at the below address adds a function similar to Samba's
+"veto files" option to Netatalk. It is not derived from Samba is anyway
+so GPL'ing Netatalk wasn't a factor. :-)
+
+http://ariel.ucs.unimelb.edu.au/~epl/netatalk/veto/netatalk-veto.diff
+
+ For those people who do not use Samba, it allows the server to hide
+files which the user could otherwise access. Hopefully, if this patch
+works, clients will not be able to see any veto'ed files/directories.
+Nor will they be able to create, rename or move files/directories
+matching the veto'ed filespecs (on the Unix side).
+
+ For example, if you use Samba and Netatalk, you would commonly have
+the following line in Samba's configuration files. That line hides the
+files on the filesystem which Netatalk/Mac client creates, but the
+Mac-user never sees. By hiding it, users cannot fiddle with these
+directories and nor will they confuse themselves by files appear in
+Windows which doesn't appear under Macs.
+
+veto files = /.AppleDouble/.AppleDesktop/Network Trash Folder/TheVolumeSettingsFolder/
+
+ Likewise, Windows often create some "special" files which you may
+wish to hide from mac users. Hence, the following line might be useful.
+
+veto:recycled/desktop.ini/Folder.htt/Folder Settings/
+
+ The option as implemented is case sensitive, so YMMV.
+
+Limitations and other notes
+===========================
+- This patch may have a memory leak as a result of strdup()'ing v_veto,
+ but not freeing it anywhere. I'm not sure if this is a practical
+ problem, as presumably v_veto should be free()'ed when the user
+ disconnects. Upon which the fork()'ed ``afpd'' will die and its
+ memory resources reclaimed by the operating system.
+- This patch does not deal with wildcards at all. Once I've worked out
+ a good design and algorithm, I might add it. It currently fulfills
+ all my requirements. But if there is a demand for wildcard support,
+ I'd be happy to spend additional time on this problem. Until then, I
+ want to make sure that the rest of the code is correct.
+- In theory, (with the veto option of veto:foobar/) it would be able to
+ create a filename named ":66oobar" on the unix side which will then
+ appear to the mac client as "foobar". Due to other code in Netatalk
+ (not related to this patch), this won't actually work. However, there
+ is no fundamental reason why the mac client would not be able to
+ read files which seemingly matched the veto filespec (from the mac).
+
+How was the patch made
+======================
+I did things in the following steps.
+1) I added per-volume support for the "veto:string" option to
+ ``volume.{c,h}''.
+2) I determined that the veto option was functionally most similar to
+ the "validupath()" function. Therefore, after every "validupath()"
+ call, I added a "veto_file()".
+3) I placed the "veto_file()" function in the ``etc/afpd/filedir.c''
+ source file. It could also be in any of the other files, but I
+ figured that filedir.c was the best spot. The "veto_file()" function
+ takes the "veto_str" parameter directly from value "string" in point
+ 1) above.
+4) Inside "veto_file()", uncomment the DEBUG code if you want.
+
+ If you want more information, contact me at <epl@unimelb.edu.au>.
/*
- * $Id: directory.c,v 1.16 2001-08-15 01:37:34 srittau Exp $
+ * $Id: directory.c,v 1.17 2001-09-04 13:52:45 rufustfirefly Exp $
*
* Copyright (c) 1990,1993 Regents of The University of Michigan.
* All Rights Reserved. See COPYRIGHT.
if (!validupath(vol, de->d_name))
continue;
+ /* check for vetoed filenames */
+ if (veto_file(vol->v_veto, de->d_name))
+ continue;
+
/* now check against too long a filename */
if (strlen(utompath(vol, de->d_name)) > MACFILELEN)
continue;
if (!validupath(vol, upath))
return AFPERR_EXIST;
+ /* check for vetoed filenames */
+ if (veto_file(vol->v_veto, upath))
+ return AFPERR_EXIST;
+
#ifdef FORCE_UIDGID
save_uidgid ( &uidgid );
set_uidgid ( vol );
/*
- * $Id: enumerate.c,v 1.8 2001-08-27 15:26:16 uhees Exp $
+ * $Id: enumerate.c,v 1.9 2001-09-04 13:52:45 rufustfirefly Exp $
*
* Copyright (c) 1990,1993 Regents of The University of Michigan.
* All Rights Reserved. See COPYRIGHT.
if (!(validupath(vol, de->d_name)))
continue;
+ /* check for vetoed filenames */
+ if (veto_file(vol->v_veto, de->d_name))
+ continue;
+
/* now check against too big a file */
if (strlen(utompath(vol, de->d_name)) > MACFILELEN)
continue;
/*
- * $Id: file.c,v 1.27 2001-08-27 15:26:16 uhees Exp $
+ * $Id: file.c,v 1.28 2001-09-04 13:52:45 rufustfirefly Exp $
*
* Copyright (c) 1990,1993 Regents of The University of Michigan.
* All Rights Reserved. See COPYRIGHT.
if (!validupath(vol, upath))
return AFPERR_EXIST;
+ /* check for vetoed filenames */
+ if (veto_file(vol->v_veto, upath))
+ return AFPERR_EXIST;
+
if ((of = of_findname(vol, curdir, path))) {
adp = of->of_ad;
} else {
/*
- * $Id: filedir.c,v 1.12 2001-08-15 01:37:34 srittau Exp $
+ * $Id: filedir.c,v 1.13 2001-09-04 13:52:45 rufustfirefly Exp $
*
* Copyright (c) 1990,1993 Regents of The University of Michigan.
* All Rights Reserved. See COPYRIGHT.
if (!validupath(vol, newpath))
return AFPERR_EXIST;
+ /* check for vetoed filenames */
+ if (veto_file(vol->v_veto, newpath))
+ return AFPERR_EXIST;
+
/* the strdiacasecmp deals with case-insensitive, case preserving
filesystems */
if (stat( newpath, &st ) == 0 && strdiacasecmp(path, ibuf))
if (!validupath(vol, upath))
return AFPERR_EXIST;
+ /* check for vetoed filenames */
+ if (veto_file(vol->v_veto, upath))
+ return AFPERR_EXIST;
+
/* source == destination. we just silently accept this. */
if (curdir == sdir) {
if (strcmp(oldname, newname) == 0)
return( rc );
}
+int veto_file(const char*veto_str, const char*path)
+/* given a veto_str like "abc/zxc/" and path "abc", return 1
+ * veto_str should be '/' delimited
+ * if path matches any one of the veto_str elements exactly, then 1 is returned
+ * otherwise, 0 is returned.
+ */
+{
+ int i; /* index to veto_str */
+ int j; /* index to path */
+
+ if ((veto_str == NULL) || (path == NULL))
+ return 0;
+/*
+#ifdef DEBUG
+ syslog(LOG_DEBUG, "veto_file \"%s\", \"%s\"", veto_str, path);
+#endif
+*/
+ for(i=0, j=0; veto_str[i] != '\0'; i++) {
+ if (veto_str[i] == '/') {
+ if ((j>0) && (path[j] == '\0'))
+ return 1;
+ j = 0;
+ } else {
+ if (veto_str[i] != path[j]) {
+ while ((veto_str[i] != '/')
+ && (veto_str[i] != '\0'))
+ i++;
+ j = 0;
+ continue;
+ }
+ j++;
+ }
+ }
+ return 0;
+}
+
/*
- * $Id: volume.c,v 1.11 2001-08-18 13:20:30 uhees Exp $
+ * $Id: volume.c,v 1.12 2001-09-04 13:52:45 rufustfirefly Exp $
*
* Copyright (c) 1990,1993 Regents of The University of Michigan.
* All Rights Reserved. See COPYRIGHT.
~u -> make u illegal only as the first
part of a double-byte character.
*/
+#define VOLOPT_VETO 10 /* list of veto filespec */
#ifdef FORCE_UIDGID
-#define VOLOPT_FORCEUID 10 /* force uid for username x */
-#define VOLOPT_FORCEGID 11 /* force gid for group x */
-#define VOLOPT_MAX 11
+#define VOLOPT_FORCEUID 11 /* force uid for username x */
+#define VOLOPT_FORCEGID 12 /* force gid for group x */
+#define VOLOPT_MAX 12
#else /* normally, there are only 9 possible options */
-#define VOLOPT_MAX 9
+#define VOLOPT_MAX 10
#endif /* FORCE_UIDGID */
#define VOLOPT_NUM (VOLOPT_MAX + 1)
free(options[VOLOPT_CODEPAGE].c_value);
options[VOLOPT_CODEPAGE].c_value = get_codepage_path(nlspath, val + 1);
+ } else if (optionok(tmp, "veto:", val)) {
+ if (options[VOLOPT_VETO].c_value)
+ free(options[VOLOPT_VETO].c_value);
+ options[VOLOPT_VETO].c_value = strdup(val + 1);
+
} else if (optionok(tmp, "casefold:", val)) {
if (strcasecmp(val + 1, "tolower") == 0)
options[VOLOPT_CASEFOLD].i_value = AFPVOL_UMLOWER;
if (options[VOLOPT_PASSWORD].c_value)
volume->v_password = strdup(options[VOLOPT_PASSWORD].c_value);
+ if (options[VOLOPT_VETO].c_value)
+ volume->v_veto = strdup(options[VOLOPT_VETO].c_value);
+
#ifdef CNID_DB
if (options[VOLOPT_DBPATH].c_value)
volume->v_dbpath = strdup(options[VOLOPT_DBPATH].c_value);
/*
- * $Id: volume.h,v 1.6 2001-08-14 14:00:10 rufustfirefly Exp $
+ * $Id: volume.h,v 1.7 2001-09-04 13:52:45 rufustfirefly Exp $
*
* Copyright (c) 1990,1994 Regents of The University of Michigan.
* All Rights Reserved. See COPYRIGHT.
int v_nfs, v_casefold;
struct codepage *v_mtoupage, *v_utompage, *v_badumap;
char *v_password;
+ char *v_veto;
#ifdef CNID_DB
void *v_db;
char *v_dbpath;