From 1633aa342734017ff317e48f4c122831bb92d1d9 Mon Sep 17 00:00:00 2001 From: rufustfirefly Date: Tue, 4 Sep 2001 13:52:45 +0000 Subject: [PATCH] "veto files" patch (Edmund Lam) --- doc/README.veto | 66 ++++++++++++++++++++++++++++++++++++++++++++ etc/afpd/directory.c | 10 ++++++- etc/afpd/enumerate.c | 6 +++- etc/afpd/file.c | 6 +++- etc/afpd/filedir.c | 46 +++++++++++++++++++++++++++++- etc/afpd/volume.c | 19 +++++++++---- etc/afpd/volume.h | 3 +- 7 files changed, 146 insertions(+), 10 deletions(-) create mode 100644 doc/README.veto diff --git a/doc/README.veto b/doc/README.veto new file mode 100644 index 00000000..7c08f00b --- /dev/null +++ b/doc/README.veto @@ -0,0 +1,66 @@ +Veto Options Patch for Netatalk +=============================== + + The patch at the below address adds a function similar to Samba's +"veto files" option to Netatalk. It is not derived from Samba is anyway +so GPL'ing Netatalk wasn't a factor. :-) + +http://ariel.ucs.unimelb.edu.au/~epl/netatalk/veto/netatalk-veto.diff + + For those people who do not use Samba, it allows the server to hide +files which the user could otherwise access. Hopefully, if this patch +works, clients will not be able to see any veto'ed files/directories. +Nor will they be able to create, rename or move files/directories +matching the veto'ed filespecs (on the Unix side). + + For example, if you use Samba and Netatalk, you would commonly have +the following line in Samba's configuration files. That line hides the +files on the filesystem which Netatalk/Mac client creates, but the +Mac-user never sees. By hiding it, users cannot fiddle with these +directories and nor will they confuse themselves by files appear in +Windows which doesn't appear under Macs. + +veto files = /.AppleDouble/.AppleDesktop/Network Trash Folder/TheVolumeSettingsFolder/ + + Likewise, Windows often create some "special" files which you may +wish to hide from mac users. Hence, the following line might be useful. + +veto:recycled/desktop.ini/Folder.htt/Folder Settings/ + + The option as implemented is case sensitive, so YMMV. + +Limitations and other notes +=========================== +- This patch may have a memory leak as a result of strdup()'ing v_veto, + but not freeing it anywhere. I'm not sure if this is a practical + problem, as presumably v_veto should be free()'ed when the user + disconnects. Upon which the fork()'ed ``afpd'' will die and its + memory resources reclaimed by the operating system. +- This patch does not deal with wildcards at all. Once I've worked out + a good design and algorithm, I might add it. It currently fulfills + all my requirements. But if there is a demand for wildcard support, + I'd be happy to spend additional time on this problem. Until then, I + want to make sure that the rest of the code is correct. +- In theory, (with the veto option of veto:foobar/) it would be able to + create a filename named ":66oobar" on the unix side which will then + appear to the mac client as "foobar". Due to other code in Netatalk + (not related to this patch), this won't actually work. However, there + is no fundamental reason why the mac client would not be able to + read files which seemingly matched the veto filespec (from the mac). + +How was the patch made +====================== +I did things in the following steps. +1) I added per-volume support for the "veto:string" option to + ``volume.{c,h}''. +2) I determined that the veto option was functionally most similar to + the "validupath()" function. Therefore, after every "validupath()" + call, I added a "veto_file()". +3) I placed the "veto_file()" function in the ``etc/afpd/filedir.c'' + source file. It could also be in any of the other files, but I + figured that filedir.c was the best spot. The "veto_file()" function + takes the "veto_str" parameter directly from value "string" in point + 1) above. +4) Inside "veto_file()", uncomment the DEBUG code if you want. + + If you want more information, contact me at . diff --git a/etc/afpd/directory.c b/etc/afpd/directory.c index b51f7296..9db18bb1 100644 --- a/etc/afpd/directory.c +++ b/etc/afpd/directory.c @@ -1,5 +1,5 @@ /* - * $Id: directory.c,v 1.16 2001-08-15 01:37:34 srittau Exp $ + * $Id: directory.c,v 1.17 2001-09-04 13:52:45 rufustfirefly Exp $ * * Copyright (c) 1990,1993 Regents of The University of Michigan. * All Rights Reserved. See COPYRIGHT. @@ -936,6 +936,10 @@ int getdirparams(const struct vol *vol, if (!validupath(vol, de->d_name)) continue; + /* check for vetoed filenames */ + if (veto_file(vol->v_veto, de->d_name)) + continue; + /* now check against too long a filename */ if (strlen(utompath(vol, de->d_name)) > MACFILELEN) continue; @@ -1409,6 +1413,10 @@ int afp_createdir(obj, ibuf, ibuflen, rbuf, rbuflen ) if (!validupath(vol, upath)) return AFPERR_EXIST; + /* check for vetoed filenames */ + if (veto_file(vol->v_veto, upath)) + return AFPERR_EXIST; + #ifdef FORCE_UIDGID save_uidgid ( &uidgid ); set_uidgid ( vol ); diff --git a/etc/afpd/enumerate.c b/etc/afpd/enumerate.c index b67672e1..667b37be 100644 --- a/etc/afpd/enumerate.c +++ b/etc/afpd/enumerate.c @@ -1,5 +1,5 @@ /* - * $Id: enumerate.c,v 1.8 2001-08-27 15:26:16 uhees Exp $ + * $Id: enumerate.c,v 1.9 2001-09-04 13:52:45 rufustfirefly Exp $ * * Copyright (c) 1990,1993 Regents of The University of Michigan. * All Rights Reserved. See COPYRIGHT. @@ -230,6 +230,10 @@ int afp_enumerate(obj, ibuf, ibuflen, rbuf, rbuflen ) if (!(validupath(vol, de->d_name))) continue; + /* check for vetoed filenames */ + if (veto_file(vol->v_veto, de->d_name)) + continue; + /* now check against too big a file */ if (strlen(utompath(vol, de->d_name)) > MACFILELEN) continue; diff --git a/etc/afpd/file.c b/etc/afpd/file.c index d25c50f6..a2afbab4 100644 --- a/etc/afpd/file.c +++ b/etc/afpd/file.c @@ -1,5 +1,5 @@ /* - * $Id: file.c,v 1.27 2001-08-27 15:26:16 uhees Exp $ + * $Id: file.c,v 1.28 2001-09-04 13:52:45 rufustfirefly Exp $ * * Copyright (c) 1990,1993 Regents of The University of Michigan. * All Rights Reserved. See COPYRIGHT. @@ -406,6 +406,10 @@ int afp_createfile(obj, ibuf, ibuflen, rbuf, rbuflen ) if (!validupath(vol, upath)) return AFPERR_EXIST; + /* check for vetoed filenames */ + if (veto_file(vol->v_veto, upath)) + return AFPERR_EXIST; + if ((of = of_findname(vol, curdir, path))) { adp = of->of_ad; } else { diff --git a/etc/afpd/filedir.c b/etc/afpd/filedir.c index a1b9c1ad..7573af5e 100644 --- a/etc/afpd/filedir.c +++ b/etc/afpd/filedir.c @@ -1,5 +1,5 @@ /* - * $Id: filedir.c,v 1.12 2001-08-15 01:37:34 srittau Exp $ + * $Id: filedir.c,v 1.13 2001-09-04 13:52:45 rufustfirefly Exp $ * * Copyright (c) 1990,1993 Regents of The University of Michigan. * All Rights Reserved. See COPYRIGHT. @@ -377,6 +377,10 @@ int afp_rename(obj, ibuf, ibuflen, rbuf, rbuflen ) if (!validupath(vol, newpath)) return AFPERR_EXIST; + /* check for vetoed filenames */ + if (veto_file(vol->v_veto, newpath)) + return AFPERR_EXIST; + /* the strdiacasecmp deals with case-insensitive, case preserving filesystems */ if (stat( newpath, &st ) == 0 && strdiacasecmp(path, ibuf)) @@ -667,6 +671,10 @@ int afp_moveandrename(obj, ibuf, ibuflen, rbuf, rbuflen ) if (!validupath(vol, upath)) return AFPERR_EXIST; + /* check for vetoed filenames */ + if (veto_file(vol->v_veto, upath)) + return AFPERR_EXIST; + /* source == destination. we just silently accept this. */ if (curdir == sdir) { if (strcmp(oldname, newname) == 0) @@ -718,3 +726,39 @@ int afp_moveandrename(obj, ibuf, ibuflen, rbuf, rbuflen ) return( rc ); } +int veto_file(const char*veto_str, const char*path) +/* given a veto_str like "abc/zxc/" and path "abc", return 1 + * veto_str should be '/' delimited + * if path matches any one of the veto_str elements exactly, then 1 is returned + * otherwise, 0 is returned. + */ +{ + int i; /* index to veto_str */ + int j; /* index to path */ + + if ((veto_str == NULL) || (path == NULL)) + return 0; +/* +#ifdef DEBUG + syslog(LOG_DEBUG, "veto_file \"%s\", \"%s\"", veto_str, path); +#endif +*/ + for(i=0, j=0; veto_str[i] != '\0'; i++) { + if (veto_str[i] == '/') { + if ((j>0) && (path[j] == '\0')) + return 1; + j = 0; + } else { + if (veto_str[i] != path[j]) { + while ((veto_str[i] != '/') + && (veto_str[i] != '\0')) + i++; + j = 0; + continue; + } + j++; + } + } + return 0; +} + diff --git a/etc/afpd/volume.c b/etc/afpd/volume.c index 4de618c5..8f37e390 100644 --- a/etc/afpd/volume.c +++ b/etc/afpd/volume.c @@ -1,5 +1,5 @@ /* - * $Id: volume.c,v 1.11 2001-08-18 13:20:30 uhees Exp $ + * $Id: volume.c,v 1.12 2001-09-04 13:52:45 rufustfirefly Exp $ * * Copyright (c) 1990,1993 Regents of The University of Michigan. * All Rights Reserved. See COPYRIGHT. @@ -86,13 +86,14 @@ static struct extmap *extmap = NULL, *defextmap = NULL; ~u -> make u illegal only as the first part of a double-byte character. */ +#define VOLOPT_VETO 10 /* list of veto filespec */ #ifdef FORCE_UIDGID -#define VOLOPT_FORCEUID 10 /* force uid for username x */ -#define VOLOPT_FORCEGID 11 /* force gid for group x */ -#define VOLOPT_MAX 11 +#define VOLOPT_FORCEUID 11 /* force uid for username x */ +#define VOLOPT_FORCEGID 12 /* force gid for group x */ +#define VOLOPT_MAX 12 #else /* normally, there are only 9 possible options */ -#define VOLOPT_MAX 9 +#define VOLOPT_MAX 10 #endif /* FORCE_UIDGID */ #define VOLOPT_NUM (VOLOPT_MAX + 1) @@ -301,6 +302,11 @@ static void volset(struct vol_option *options, char *volname, int vlen, free(options[VOLOPT_CODEPAGE].c_value); options[VOLOPT_CODEPAGE].c_value = get_codepage_path(nlspath, val + 1); + } else if (optionok(tmp, "veto:", val)) { + if (options[VOLOPT_VETO].c_value) + free(options[VOLOPT_VETO].c_value); + options[VOLOPT_VETO].c_value = strdup(val + 1); + } else if (optionok(tmp, "casefold:", val)) { if (strcasecmp(val + 1, "tolower") == 0) options[VOLOPT_CASEFOLD].i_value = AFPVOL_UMLOWER; @@ -458,6 +464,9 @@ static int creatvol(const char *path, char *name, struct vol_option *options) if (options[VOLOPT_PASSWORD].c_value) volume->v_password = strdup(options[VOLOPT_PASSWORD].c_value); + if (options[VOLOPT_VETO].c_value) + volume->v_veto = strdup(options[VOLOPT_VETO].c_value); + #ifdef CNID_DB if (options[VOLOPT_DBPATH].c_value) volume->v_dbpath = strdup(options[VOLOPT_DBPATH].c_value); diff --git a/etc/afpd/volume.h b/etc/afpd/volume.h index 3ad6acec..692413e0 100644 --- a/etc/afpd/volume.h +++ b/etc/afpd/volume.h @@ -1,5 +1,5 @@ /* - * $Id: volume.h,v 1.6 2001-08-14 14:00:10 rufustfirefly Exp $ + * $Id: volume.h,v 1.7 2001-09-04 13:52:45 rufustfirefly Exp $ * * Copyright (c) 1990,1994 Regents of The University of Michigan. * All Rights Reserved. See COPYRIGHT. @@ -49,6 +49,7 @@ struct vol { int v_nfs, v_casefold; struct codepage *v_mtoupage, *v_utompage, *v_badumap; char *v_password; + char *v_veto; #ifdef CNID_DB void *v_db; char *v_dbpath; -- 2.39.2