Add become_root() capability to nfsv4_chmod()

diff --git a/include/atalk/unix.h b/include/atalk/unix.h
index f6d191ca6000d21f1613cad1a3fd6afb47083786..cc7bf5b08f75bc1612ce0e418c867d97d9380a75 100644 (file)
--- a/include/atalk/unix.h
+++ b/include/atalk/unix.h
@@ -39,4 +39,7 @@ extern int dir_rx_set(mode_t mode);
 extern int stickydirmode(const char *name, const mode_t mode, const int dropbox, const mode_t v_umask);
 extern int unix_rename(int sfd, const char *oldpath, int dfd, const char *newpath);
 extern int copy_file(int sfd, const char *src, const char *dst, mode_t mode);
+extern void become_root(void);
+extern void unbecome_root(void);
+
 #endif  /* ATALK_UNIX_H */

diff --git a/libatalk/acl/unix.c b/libatalk/acl/unix.c
index 9bad9c94ea277ec4d1a7be192ab539aa6c71977d..8defd7d86174aa9e990fd295819feb6956a4be22 100644 (file)
--- a/libatalk/acl/unix.c
+++ b/libatalk/acl/unix.c
@@ -33,6 +33,7 @@
 #include <atalk/afp.h>
 #include <atalk/util.h>
 #include <atalk/acl.h>
+#include <atalk/unix.h>
 
 #ifdef HAVE_SOLARIS_ACLS
 
@@ -47,7 +48,7 @@ int get_nfsv4_acl(const char *name, ace_t **retAces)
     *retAces = NULL;
     /* Only call acl() for regular files and directories, otherwise just return 0 */
     if (lstat(name, &st) != 0) {
-        LOG(log_warning, logtype_afpd, "get_nfsv4_acl(\"%s/%s\"): %s", getcwdpath(), name, strerror(errno));
+        LOG(log_debug, logtype_afpd, "get_nfsv4_acl(\"%s/%s\"): %s", getcwdpath(), name, strerror(errno));
         return -1;
     }
 
@@ -234,8 +235,16 @@ int nfsv4_chmod(char *name, mode_t mode)
     if (chmod(name, mode) != 0) /* (3) */
         goto exit;
 
-    if ((nnaces = get_nfsv4_acl(name, &nacl)) == -1) /* (4) */
-        goto exit;
+    if ((nnaces = get_nfsv4_acl(name, &nacl)) == -1) {/* (4) */
+        if (errno != EACCES)
+            goto exit;
+        become_root();
+        nnaces = get_nfsv4_acl(name, &nacl);
+        unbecome_root();
+        if (nnaces == -1)
+            goto exit;
+    }
+
     if ((nnaces = strip_nontrivial_aces(&nacl, nnaces)) == -1) /* (5) */
         goto exit;
 
@@ -243,8 +252,17 @@ int nfsv4_chmod(char *name, mode_t mode)
         goto exit;
 
     if ((ret = acl(name, ACE_SETACL, noaces + nnaces, cacl)) != 0) {
-        LOG(log_error, logtype_afpd, "nfsv4_chmod: error setting acl: %s", strerror(errno));
-        goto exit;
+        if (errno != EACCES) {
+            LOG(log_error, logtype_afpd, "nfsv4_chmod: error setting acl: %s", strerror(errno));
+            goto exit;
+        }
+        become_root();
+        ret = acl(name, ACE_SETACL, noaces + nnaces, cacl);
+        unbecome_root();
+        if (ret != 0) {
+            LOG(log_error, logtype_afpd, "nfsv4_chmod: error setting acl: %s", strerror(errno));
+            goto exit;
+        }
     }
 
 exit:
@@ -252,7 +270,7 @@ exit:
     if (nacl) free(nacl);
     if (cacl) free(cacl);
 
-    LOG(log_debug, logtype_afpd, "nfsv4_chmod(\"%s/%s\", %04o): result: %u",
+    LOG(log_debug, logtype_afpd, "nfsv4_chmod(\"%s/%s\", %04o): result: %d",
         getcwdpath(), name, mode, ret);
 
     return ret;

diff --git a/libatalk/util/unix.c b/libatalk/util/unix.c
index 0e466307bcd30d6ad13ec3af0c8444be0b26bd45..e4cb21e8c12e95e828afb608430a73c8c034ebf8 100644 (file)
--- a/libatalk/util/unix.c
+++ b/libatalk/util/unix.c
@@ -94,6 +94,22 @@ int daemonize(int nochdir, int noclose)
     return 0;
 }
 
+static uid_t saved_uid = -1;
+
+void become_root(void)
+{
+    saved_uid = geteuid();
+    if (seteuid(0) != 0)
+        AFP_PANIC("Can't seteuid(0)");
+}
+
+void unbecome_root(void)
+{
+    if (saved_uid == -1 || seteuid(saved_uid) < 0)
+        AFP_PANIC("Can't seteuid back");
+    saved_uid = -1;
+}
+
 /*!
  * @brief get cwd in static buffer
  *