From e122b0d9096580ea5bfa3d46ab340af26b9a9830 Mon Sep 17 00:00:00 2001
From: Frank Lahm <franklahm@googlemail.com>
Date: Wed, 27 Oct 2010 16:00:18 +0200
Subject: [PATCH] Provide a way do diable UUID support (nouuid in afpd.conf)
 and commit 1st try to add posix 1e acl support to addir_inherit_acl before
 completly removing it because its not necessary

---
 etc/afpd/acls.c        | 99 +++++++++++++++++-------------------------
 etc/afpd/acls.h        |  4 +-
 etc/afpd/afp_config.c  |  6 +--
 etc/afpd/afp_options.c |  3 ++
 etc/afpd/directory.c   |  9 ++--
 5 files changed, 54 insertions(+), 67 deletions(-)

diff --git a/etc/afpd/acls.c b/etc/afpd/acls.c
index 89738835..a8a4da73 100644
--- a/etc/afpd/acls.c
+++ b/etc/afpd/acls.c
@@ -948,7 +948,7 @@ static int set_acl(const struct vol *vol,
     LOG(log_maxdebug, logtype_afpd, "set_acl: BEGIN");
 
     struct stat st;
-    EC_ZERO_LOG_ERR(stat(name, &st), AFPERR_NOOBJ);
+    EC_ZERO_LOG_ERR(lstat(name, &st), AFPERR_NOOBJ);
 
     /* seed default ACL with access ACL */
     if (S_ISDIR(st.st_mode))
@@ -1382,78 +1382,61 @@ EC_CLEANUP:
   We then inherit any explicit ACE from "." to ".AppleDouble" and ".AppleDouble/.Parent".
   FIXME: add to VFS layer ?
 */
-#ifdef HAVE_SOLARIS_ACLS
-void addir_inherit_acl(const struct vol *vol)
+int createdir_inherit_acl(const struct vol *vol)
 {
+    EC_INIT;
+#ifdef HAVE_SOLARIS_ACLS
     ace_t *diraces = NULL, *adaces = NULL, *combinedaces = NULL;
     int diracecount, adacecount;
-
+#endif
+#ifdef HAVE_POSIX_ACLS
+    acl_t def_acl = NULL;
+    acl_t acc_acl = NULL;
+#endif
     LOG(log_debug9, logtype_afpd, "addir_inherit_acl: BEGIN");
 
     /* Check if ACLs are enabled for the volume */
     if (vol->v_flags & AFPVOL_ACLS) {
-
-        if ((diracecount = get_nfsv4_acl(".", &diraces)) <= 0)
-            goto cleanup;
-        /* Remove any trivial ACE from "." */
-        if ((diracecount = strip_trivial_aces(&diraces, diracecount)) <= 0)
-            goto cleanup;
-
-        /*
-          Inherit to ".AppleDouble"
-        */
-
-        if ((adacecount = get_nfsv4_acl(".AppleDouble", &adaces)) <= 0)
-            goto cleanup;
-        /* Remove any non-trivial ACE from ".AppleDouble" */
-        if ((adacecount = strip_nontrivial_aces(&adaces, adacecount)) <= 0)
-            goto cleanup;
-
-        /* Combine ACEs */
-        if ((combinedaces = concat_aces(diraces, diracecount, adaces, adacecount)) == NULL)
-            goto cleanup;
-
-        /* Now set new acl */
-        if ((acl(".AppleDouble", ACE_SETACL, diracecount + adacecount, combinedaces)) != 0)
-            LOG(log_error, logtype_afpd, "addir_inherit_acl: acl: %s", strerror(errno));
-
+#ifdef HAVE_SOLARIS_ACLS
+        /* Get directory ACL */
+        EC_NEG1_LOG(diracecount = get_nfsv4_acl(".", &diraces));
+        EC_NEG1_LOG(diracecount = strip_trivial_aces(&diraces, diracecount));
+
+        /* Inherit to .AppleDouble directory */
+        EC_NEG1_LOG(adacecount = get_nfsv4_acl(".AppleDouble", &adaces));
+        EC_NEG1_LOG(adacecount = strip_nontrivial_aces(&adaces, adacecount));
+        EC_NULL_LOG(combinedaces = concat_aces(diraces, diracecount, adaces, adacecount));
+        EC_ZERO_LOG(acl(".AppleDouble", ACE_SETACL, diracecount + adacecount, combinedaces));
         free(adaces);
         adaces = NULL;
         free(combinedaces);
         combinedaces = NULL;
 
-        /*
-          Inherit to ".AppleDouble/.Parent"
-        */
-
-        if ((adacecount = get_nfsv4_acl(".AppleDouble/.Parent", &adaces)) <= 0)
-            goto cleanup;
-        if ((adacecount = strip_nontrivial_aces(&adaces, adacecount)) <= 0)
-            goto cleanup;
-
-        /* Combine ACEs */
-        if ((combinedaces = concat_aces(diraces, diracecount, adaces, adacecount)) == NULL)
-            goto cleanup;
-
-        /* Now set new acl */
-        if ((acl(".AppleDouble/.Parent", ACE_SETACL, diracecount + adacecount, combinedaces)) != 0)
-            LOG(log_error, logtype_afpd, "addir_inherit_acl: acl: %s", strerror(errno));
-
-
+        /* Inherit to ".AppleDouble/.Parent" */
+        EC_NEG1_LOG(adacecount = get_nfsv4_acl(".AppleDouble/.Parent", &adaces));
+        EC_NEG1_LOG(adacecount = strip_nontrivial_aces(&adaces, adacecount));
+        EC_NULL_LOG(combinedaces = concat_aces(diraces, diracecount, adaces, adacecount));
+        EC_ZERO_LOG(acl(".AppleDouble/.Parent",
+                        ACE_SETACL,
+                        diracecount + adacecount,
+                        combinedaces));
+#endif
+#ifdef HAVE_POSIX_ACLS
+#endif
     }
 
-cleanup:
     LOG(log_debug9, logtype_afpd, "addir_inherit_acl: END");
 
-    free(diraces);
-    free(adaces);
-    free(combinedaces);
-}
-#endif /* HAVE_SOLARIS_ACLS */
-
+EC_CLEANUP:
+#ifdef HAVE_SOLARIS_ACLS
+    if (diraces) free(diraces);
+    if (adaces) free(adaces);
+    if (combinedaces) free(combinedaces);
+#endif
 #ifdef HAVE_POSIX_ACLS
-void addir_inherit_acl(const struct vol *vol)
-{
-    return;
+    acl_free(acc_acl);
+    acl_free(def_acl);
+#endif
+    EC_EXIT;
 }
-#endif /* HAVE_POSIX_ACLS */
+
diff --git a/etc/afpd/acls.h b/etc/afpd/acls.h
index 3acf0acb..8b467ee5 100644
--- a/etc/afpd/acls.h
+++ b/etc/afpd/acls.h
@@ -111,6 +111,8 @@ int afp_setacl (AFPObj *obj, char *ibuf, size_t ibuflen, char *rbuf,  size_t *rb
 
 /* Parse afp_ldap.conf */
 extern int acl_ldap_readconfig(char *name);
-extern int acltoownermode(char *path, struct stat *st,uid_t uid, struct maccess *ma);
 
+/* Misc funcs */
+extern int acltoownermode(char *path, struct stat *st,uid_t uid, struct maccess *ma);
+extern int createdir_inherit_acl(const struct vol *vol);
 #endif
diff --git a/etc/afpd/afp_config.c b/etc/afpd/afp_config.c
index 12a3b494..c737023d 100644
--- a/etc/afpd/afp_config.c
+++ b/etc/afpd/afp_config.c
@@ -587,9 +587,9 @@ AFPConfig *configinit(struct afp_options *cmdline)
 
 #ifdef HAVE_ACLS
 	/* Enable UUID support if LDAP config is complete */
-        if (ldap_config_valid) {
-            LOG(log_info, logtype_afpd, "Enabling UUID support");
-            options.flags |= OPTION_UUID;
+        if (!ldap_config_valid) {
+            LOG(log_info, logtype_afpd, "Disabling UUID support");
+            options.flags &= ~OPTION_UUID;
         }
 #endif /* HAVE_ACLS */
 
diff --git a/etc/afpd/afp_options.c b/etc/afpd/afp_options.c
index cc823997..e8fe6c82 100644
--- a/etc/afpd/afp_options.c
+++ b/etc/afpd/afp_options.c
@@ -200,6 +200,7 @@ void afp_options_init(struct afp_options *options)
 #endif
     options->dircachesize = DEFAULT_MAX_DIRCACHE_SIZE;
     options->flags |= OPTION_ACL2MACCESS;
+    options->flags |= OPTION_UUID; /* gets disabled if LDAP isn't configured */
 }
 
 /* parse an afpd.conf line. i'm doing it this way because it's
@@ -247,6 +248,8 @@ int afp_options_parseline(char *buf, struct afp_options *options)
         options->flags |= OPTION_ANNOUNCESSH;
     if (strstr(buf, " -noacl2maccess"))
         options->flags &= ~OPTION_ACL2MACCESS;
+    if (strstr(buf, " -nouuid"))
+        options->flags &= ~OPTION_UUID
 
     /* passwd bits */
     if (strstr(buf, " -nosavepassword"))
diff --git a/etc/afpd/directory.c b/etc/afpd/directory.c
index ee4553df..be6a3cad 100644
--- a/etc/afpd/directory.c
+++ b/etc/afpd/directory.c
@@ -41,10 +41,6 @@
 #include "mangle.h"
 #include "hash.h"
 
-#ifdef HAVE_ACLS
-extern void addir_inherit_acl(const struct vol *vol);
-#endif
-
 /*
  * FIXMEs, loose ends after the dircache rewrite:
  * o merge dircache_search_by_name and dir_add ??
@@ -2144,7 +2140,10 @@ int afp_createdir(AFPObj *obj, char *ibuf, size_t ibuflen _U_, char *rbuf, size_
 createdir_done:
 #ifdef HAVE_ACLS
     /* FIXME: are we really inside the created dir? */
-    addir_inherit_acl(vol);
+    if (createdir_inherit_acl(vol) != 0) {
+        LOG(log_error, logtype_afpd, "Error inhereting ACL to .AppleDouble directory");
+        return AFPERR_MISC;
+    }
 #endif /* HAVE_ACLS */
 
     memcpy( rbuf, &dir->d_did, sizeof( u_int32_t ));
-- 
2.39.2