Create a (for now) undocumented volume option, "umask" which gives us

the ability to have CNID files and directories created with the umask of the
logged in user.

Currently this is only done for '~' shares, but the umask volume option
could be specified for any share.  It could even be extended to things other
than CNID.

diff --git a/NEWS b/NEWS
index b33a48fdea616375c6c242091cce351ee56c3ceb..a5f47fb2d77c92395f0f6cca63554593b70b7cc9 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,9 @@ Changes from 1.5.3
        compile time.
 * NEW: Add the ability to use Concurrent Data Store instead of full
        transactional data store with the CNID DID calculation scheme.
+* NEW: Create .AppleDB directories for '~' shares with the umask of the 
+       user.  This avoids creating wide open directories within users'
+       home directories.
 * FIX: Cleaned up pap man page, eliminating duplicate pap man page (8).
 * FIX: Print out pap status in postscript (%%[..]%%) format for LPRng
        compatibility.

diff --git a/etc/afpd/globals.h b/etc/afpd/globals.h
index 0d93f2eef5189c6f838de33403d461e24ef1aee5..65ab4f77ab641a0a2cd24d1d84e803bf03b1ca82 100644 (file)
--- a/etc/afpd/globals.h
+++ b/etc/afpd/globals.h
@@ -1,5 +1,5 @@
 /*
- * $Id: globals.h,v 1.13 2002-08-30 19:35:16 didg Exp $
+ * $Id: globals.h,v 1.14 2002-08-31 05:35:10 jmarcus Exp $
  *
  * Copyright (c) 1990,1993 Regents of The University of Michigan.
  * All Rights Reserved.  See COPYRIGHT.
@@ -60,6 +60,7 @@ struct afp_options {
     char *uamlist;
     char *authprintdir;
     mode_t umask;
+    mode_t save_mask;
 #ifdef ADMIN_GRP
     gid_t admingid;
 #endif /* ADMIN_GRP */

diff --git a/etc/afpd/volume.c b/etc/afpd/volume.c
index ea939efffa22a4d7f357f49261e4acab4da57706..ed9a34f852185c99f685285d51b6929d84fb4c34 100644 (file)
--- a/etc/afpd/volume.c
+++ b/etc/afpd/volume.c
@@ -1,5 +1,5 @@
 /*
- * $Id: volume.c,v 1.33 2002-08-30 19:32:41 didg Exp $
+ * $Id: volume.c,v 1.34 2002-08-31 05:35:10 jmarcus Exp $
  *
  * Copyright (c) 1990,1993 Regents of The University of Michigan.
  * All Rights Reserved.  See COPYRIGHT.
@@ -109,9 +109,11 @@ m=u -> map both ways
 
 #define VOLOPT_FORCEUID  11  /* force uid for username x */
 #define VOLOPT_FORCEGID  12  /* force gid for group x */
-#define VOLOPT_MAX       12
+#define VOLOPT_UMASK     13
+#define VOLOPT_MAX       13
 #else /* normally, there are only 9 possible options */
-#define VOLOPT_MAX       10
+#define VOLOPT_UMASK     11
+#define VOLOPT_MAX       11
 #endif /* FORCE_UIDGID */
 
 #define VOLOPT_NUM        (VOLOPT_MAX + 1)
@@ -380,6 +382,8 @@ static void volset(struct vol_option *options, char *volname, int vlen,
 
         options[VOLOPT_DBPATH].c_value = strdup(val + 1);
 #endif /* CNID_DB */
+    } else if (optionok(tmp, "umask:", val)) {
+       options[VOLOPT_UMASK].i_value = (int)strtol(val, (char **)NULL, 8);
     } else if (optionok(tmp, "mapchars:",val)) {
         if (options[VOLOPT_MAPCHARS].c_value)
             free(options[VOLOPT_MAPCHARS].c_value);
@@ -492,6 +496,9 @@ static int creatvol(const char *path, char *name, struct vol_option *options)
             volume->v_dbpath = strdup(options[VOLOPT_DBPATH].c_value);
 #endif /* CNID_DB */
 
+       if (options[VOLOPT_UMASK].i_value)
+           volume->v_umask = (mode_t)options[VOLOPT_UMASK].i_value;
+
 #ifdef FORCE_UIDGID
 
         if (options[VOLOPT_FORCEUID].c_value) {
@@ -700,6 +707,10 @@ struct passwd *pwent;
                 strcat( tmp, "/" );
                 strcat( tmp, p );
             }
+           /* Tag a user's home directory with their umask.  Note, this will
+            * be overwritten if the user actually specifies a umask: option
+            * for a '~' volume. */
+           save_options[VOLOPT_UMASK].i_value = obj->options.save_mask;
             /* fall through */
 
         case '/' :
@@ -1197,9 +1208,9 @@ int               ibuflen, *rbuflen;
 
 #ifdef CNID_DB
     if (volume->v_dbpath)
-        volume->v_db = cnid_open (volume->v_dbpath);
+        volume->v_db = cnid_open (volume->v_dbpath, volume->v_umask);
     if (volume->v_db == NULL)
-        volume->v_db = cnid_open (volume->v_path);
+        volume->v_db = cnid_open (volume->v_path, volume->v_umask);
 #endif /* CNID_DB */
 
 #ifndef CNID_DB

diff --git a/etc/afpd/volume.h b/etc/afpd/volume.h
index f63cbd458cc6e15e16af736559db3cecc5f872d0..c000a94177b7158a61af0b07701134e7ca39c924 100644 (file)
--- a/etc/afpd/volume.h
+++ b/etc/afpd/volume.h
@@ -1,5 +1,5 @@
 /*
- * $Id: volume.h,v 1.12 2002-08-20 19:40:45 srittau Exp $
+ * $Id: volume.h,v 1.13 2002-08-31 05:35:10 jmarcus Exp $
  *
  * Copyright (c) 1990,1994 Regents of The University of Michigan.
  * All Rights Reserved.  See COPYRIGHT.
@@ -54,6 +54,7 @@ struct vol {
     void                *v_db;
     char                *v_dbpath;
 #endif /* CNID_DB */
+    mode_t             v_umask;
 #ifdef FORCE_UIDGID
     char                               *v_forceuid;
     char                               *v_forcegid;

diff --git a/include/atalk/cnid.h b/include/atalk/cnid.h
index d112eeef3946565273f85dc764fe3629a4e97e22..1945583d4e692334f70690ceb7cfd0b80c2e9fda 100644 (file)
--- a/include/atalk/cnid.h
+++ b/include/atalk/cnid.h
@@ -23,7 +23,7 @@
 typedef u_int32_t cnid_t;
 
 /* cnid_open.c */
-extern void *cnid_open __P((const char *));
+extern void *cnid_open __P((const char *, mode_t));
 
 /* cnid_close.c */
 extern void cnid_close __P((void *));

diff --git a/libatalk/cnid/cnid_open.c b/libatalk/cnid/cnid_open.c
index 310ebbee09876f74dbb436f5838091207754a55e..1c21d124ed4eb8063f9cbecbca1c6a05bb40025c 100644 (file)
--- a/libatalk/cnid/cnid_open.c
+++ b/libatalk/cnid/cnid_open.c
@@ -1,5 +1,5 @@
 /*
- * $Id: cnid_open.c,v 1.42 2002-08-30 03:12:52 jmarcus Exp $
+ * $Id: cnid_open.c,v 1.43 2002-08-31 05:35:10 jmarcus Exp $
  *
  * Copyright (c) 1999. Adrian Sun (asun@zoology.washington.edu)
  * All Rights Reserved. See COPYRIGHT.
@@ -192,7 +192,7 @@ static int compare_unicode(const DBT *a, const DBT *b)
 #endif /* DB_VERSION_MINOR */
 }
 
-void *cnid_open(const char *dir) {
+void *cnid_open(const char *dir, mode_t mask) {
     struct stat st, rsb, lsb, csb;
 #ifndef CNID_DB_CDB
     struct flock lock;
@@ -228,7 +228,7 @@ void *cnid_open(const char *dir) {
     }
 
     strcpy(path + len, DBHOME);
-    if ((stat(path, &st) < 0) && (ad_mkdir(path, 0777) < 0)) {
+    if ((stat(path, &st) < 0) && (ad_mkdir(path, 0777 & ~mask) < 0)) {
         LOG(log_error, logtype_default, "cnid_open: DBHOME mkdir failed for %s", path);
         goto fail_adouble;
     }
@@ -247,7 +247,7 @@ void *cnid_open(const char *dir) {
      * to the sahe directory. */
     strcat(path, DBLOCKFILE);
     strcpy(db->lock_file, path);
-    if ((db->lockfd = open(path, O_RDWR | O_CREAT, 0666)) > -1) {
+    if ((db->lockfd = open(path, O_RDWR | O_CREAT, 0666 & ~mask)) > -1) {
         lock.l_start = 0;
         lock.l_len = 1;
         while (fcntl(db->lockfd, F_SETLK, &lock) < 0) {
@@ -296,7 +296,7 @@ void *cnid_open(const char *dir) {
 #endif /* CNID_DB_CDB */
 
     /* Open the database environment. */
-    if ((rc = db->dbenv->open(db->dbenv, path, DBOPTIONS, 0666)) != 0) {
+    if ((rc = db->dbenv->open(db->dbenv, path, DBOPTIONS, 0666 & ~mask)) != 0) {
         if (rc == DB_RUNRECOVERY) {
             /* This is the mother of all errors.  We _must_ fail here. */
             LOG(log_error, logtype_default, "cnid_open: CATASTROPHIC ERROR opening database environment %s.  Run db_recovery -c immediately", path);
@@ -306,10 +306,10 @@ void *cnid_open(const char *dir) {
         /* We can't get a full transactional environment, so multi-access
          * is out of the question.  Let's assume a read-only environment,
          * and try to at least get a shared memory pool. */
-        if ((rc = db->dbenv->open(db->dbenv, path, DB_INIT_MPOOL, 0666)) != 0) {
+        if ((rc = db->dbenv->open(db->dbenv, path, DB_INIT_MPOOL, 0666 & ~mask)) != 0) {
             /* Nope, not a MPOOL, either.  Last-ditch effort: we'll try to
              * open the environment with no flags. */
-            if ((rc = db->dbenv->open(db->dbenv, path, 0, 0666)) != 0) {
+            if ((rc = db->dbenv->open(db->dbenv, path, 0, 0666 & ~mask)) != 0) {
                 LOG(log_error, logtype_default, "cnid_open: dbenv->open of %s failed: %s",
                     path, db_strerror(rc));
                 goto fail_lock;
@@ -329,7 +329,7 @@ void *cnid_open(const char *dir) {
 
     /*db->db_didname->set_bt_compare(db->db_didname, &compare_unix);*/
     if ((rc = db->db_didname->open(db->db_didname, DBDIDNAME, NULL,
-                                   DB_HASH, open_flag, 0666))) {
+                                   DB_HASH, open_flag, 0666 & ~mask))) {
         LOG(log_error, logtype_default, "cnid_open: Failed to open did/name database: %s",
             db_strerror(rc));
         goto fail_appinit;
@@ -443,7 +443,7 @@ dbversion_retry:
     }
 
     db->db_macname->set_bt_compare(db->db_macname, &compare_mac);
-    if ((rc = db->db_macname->open(db->db_macname, DBMACNAME, NULL, DB_BTREE, open_flag, 0666)) != 0) {
+    if ((rc = db->db_macname->open(db->db_macname, DBMACNAME, NULL, DB_BTREE, open_flag, 0666 & ~mask)) != 0) {
         LOG(log_error, logtype_default, "cnid_open: Failed to open did/macname database: %s",
             db_strerror(rc));
         db->db_didname->close(db->db_didname, 0);
@@ -460,7 +460,7 @@ dbversion_retry:
     }
 
     db->db_shortname->set_bt_compare(db->db_shortname, &compare_mac);
-    if ((rc = db->db_shortname->open(db->db_shortname, DBSHORTNAME, NULL, DB_BTREE, open_flag, 0666)) != 0) {
+    if ((rc = db->db_shortname->open(db->db_shortname, DBSHORTNAME, NULL, DB_BTREE, open_flag, 0666 & ~mask)) != 0) {
         LOG(log_error, logtype_default, "cnid_open: Failed to open did/shortname database: %s",
             db_strerror(rc));
         db->db_didname->close(db->db_didname, 0);
@@ -479,7 +479,7 @@ dbversion_retry:
     }
 
     db->db_longname->set_bt_compare(db->db_longname, &compare_unicode);
-    if ((rc = db->db_longname->open(db->db_longname, DBLONGNAME, NULL, DB_BTREE, open_flag, 0666)) != 0) {
+    if ((rc = db->db_longname->open(db->db_longname, DBLONGNAME, NULL, DB_BTREE, open_flag, 0666 & ~mask)) != 0) {
         LOG(log_error, logtype_default, "cnid_open: Failed to open did/longname database: %s",
             db_strerror(rc));
         db->db_didname->close(db->db_didname, 0);
@@ -502,7 +502,7 @@ dbversion_retry:
         goto fail_appinit;
     }
 
-    if ((rc = db->db_devino->open(db->db_devino, DBDEVINO, NULL, DB_HASH, open_flag, 0666)) != 0) {
+    if ((rc = db->db_devino->open(db->db_devino, DBDEVINO, NULL, DB_HASH, open_flag, 0666 & ~mask)) != 0) {
         LOG(log_error, logtype_default, "cnid_open: Failed to open devino database: %s",
             db_strerror(rc));
         db->db_didname->close(db->db_didname, 0);
@@ -529,7 +529,7 @@ dbversion_retry:
     }
 
 
-    if ((rc = db->db_cnid->open(db->db_cnid, DBCNID, NULL, DB_HASH, open_flag, 0666)) != 0) {
+    if ((rc = db->db_cnid->open(db->db_cnid, DBCNID, NULL, DB_HASH, open_flag, 0666 & ~mask)) != 0) {
         LOG(log_error, logtype_default, "cnid_open: Failed to open dev/ino database: %s",
             db_strerror(rc));
         db->db_didname->close(db->db_didname, 0);
@@ -557,7 +557,7 @@ dbversion_retry:
         goto fail_appinit;
     }
 
-    if ((rc = db->db_mangle->open(db->db_mangle, DBMANGLE, NULL, DB_HASH, open_flag, 0666)) != 0) {
+    if ((rc = db->db_mangle->open(db->db_mangle, DBMANGLE, NULL, DB_HASH, open_flag, 0666 & ~mask)) != 0) {
         LOG(log_error, logtype_default, "cnid_open: Failed to open mangle database: %s", db_strerror(rc));
         db->db_didname->close(db->db_didname, 0);
         db->db_devino->close(db->db_devino, 0);