55
58
if ( ! (S_ISREG(st.st_mode) || S_ISDIR(st.st_mode))) {
56
LOG(log_warning, logtype_afpd, "get_nfsv4_acl(\"%s/%s\"): special", getcwdpath(), name);
59
LOG(log_debug, logtype_afpd, "get_nfsv4_acl(\"%s/%s\"): special", getcwdpath(), name);
60
63
if ((ace_count = acl(name, ACE_GETACLCNT, 0, NULL)) == 0) {
61
LOG(log_warning, logtype_afpd, "get_nfsv4_acl(\"%s/%s\"): 0 ACEs", getcwdpath(), name);
64
LOG(log_debug, logtype_afpd, "get_nfsv4_acl(\"%s/%s\"): 0 ACEs", getcwdpath(), name);
65
68
if (ace_count == -1) {
66
LOG(log_error, logtype_afpd, "get_nfsv4_acl: acl('%s/%s', ACE_GETACLCNT): ace_count %i, error: %s",
69
LOG(log_debug, logtype_afpd, "get_nfsv4_acl: acl('%s/%s', ACE_GETACLCNT): ace_count %i, error: %s",
67
70
getcwdpath(), name, ace_count, strerror(errno));
260
261
#endif /* HAVE_SOLARIS_ACLS */
263
#ifdef HAVE_POSIX_ACLS
265
/* This is a workaround for chmod() on filestystems supporting Posix 1003.1e draft 17
266
* compliant ACLs. For objects with extented ACLs, eg objects with an ACL_MASK entry,
267
* chmod() manipulates ACL_MASK instead of ACL_GROUP_OBJ. As OS X isn't aware of
268
* this behavior calling FPSetFileDirParms may lead to unpredictable results. For
269
* more information see section 23.1.2 of Posix 1003.1e draft 17.
271
* posix_chmod() accepts the same arguments as chmod() and returns 0 in case of
272
* success or -1 in case something went wrong.
275
#define SEARCH_GROUP_OBJ 0x01
276
#define SEARCH_MASK 0x02
278
int posix_chmod(const char *name, mode_t mode) {
280
int entry_id = ACL_FIRST_ENTRY;
282
acl_entry_t group_entry;
285
u_char not_found = (SEARCH_GROUP_OBJ|SEARCH_MASK); /* used as flags */
287
LOG(log_maxdebug, logtype_afpd, "posix_chmod: %s mode: 0x%08x", name, mode);
289
/* Call chmod() first because there might be some special bits to be set which
290
* aren't related to access control.
292
ret = chmod(name, mode);
297
/* Check if the underlying filesystem supports ACLs. */
298
acl = acl_get_file(name, ACL_TYPE_ACCESS);
301
/* There is no need to keep iterating once we have found ACL_GROUP_OBJ and ACL_MASK. */
302
while ((acl_get_entry(acl, entry_id, &entry) == 1) && not_found) {
303
entry_id = ACL_NEXT_ENTRY;
305
ret = acl_get_tag_type(entry, &tag);
308
LOG(log_error, logtype_afpd, "posix_chmod: Failed to get tag type.");
315
not_found &= ~SEARCH_GROUP_OBJ;
319
not_found &= ~SEARCH_MASK;
327
/* The filesystem object has extented ACLs. We have to update ACL_GROUP_OBJ
328
* with the group permissions.
330
acl_permset_t permset;
333
ret = acl_get_permset(group_entry, &permset);
336
LOG(log_error, logtype_afpd, "posix_chmod: Can't get permset.");
339
ret = acl_clear_perms(permset);
353
ret = acl_add_perm(permset, perm);
358
ret = acl_set_permset(group_entry, permset);
361
LOG(log_error, logtype_afpd, "posix_chmod: Can't set permset.");
364
/* also update ACL_MASK */
365
ret = acl_calc_mask(&acl);
368
LOG(log_error, logtype_afpd, "posix_chmod: acl_calc_mask failed.");
371
ret = acl_set_file(name, ACL_TYPE_ACCESS, acl);
377
LOG(log_maxdebug, logtype_afpd, "posix_chmod: %d", ret);
382
* posix_fchmod() accepts the same arguments as fchmod() and returns 0 in case of
383
* success or -1 in case something went wrong.
385
int posix_fchmod(int fd, mode_t mode) {
387
int entry_id = ACL_FIRST_ENTRY;
389
acl_entry_t group_entry;
392
u_char not_found = (SEARCH_GROUP_OBJ|SEARCH_MASK); /* used as flags */
394
/* Call chmod() first because there might be some special bits to be set which
395
* aren't related to access control.
397
ret = fchmod(fd, mode);
402
/* Check if the underlying filesystem supports ACLs. */
403
acl = acl_get_fd(fd);
406
/* There is no need to keep iterating once we have found ACL_GROUP_OBJ and ACL_MASK. */
407
while ((acl_get_entry(acl, entry_id, &entry) == 1) && not_found) {
408
entry_id = ACL_NEXT_ENTRY;
410
ret = acl_get_tag_type(entry, &tag);
413
LOG(log_error, logtype_afpd, "posix_fchmod: Failed to get tag type.");
420
not_found &= ~SEARCH_GROUP_OBJ;
424
not_found &= ~SEARCH_MASK;
432
/* The filesystem object has extented ACLs. We have to update ACL_GROUP_OBJ
433
* with the group permissions.
435
acl_permset_t permset;
438
ret = acl_get_permset(group_entry, &permset);
441
LOG(log_error, logtype_afpd, "posix_fchmod: Can't get permset.");
444
ret = acl_clear_perms(permset);
458
ret = acl_add_perm(permset, perm);
463
ret = acl_set_permset(group_entry, permset);
466
LOG(log_error, logtype_afpd, "posix_fchmod: Can't set permset.");
469
/* also update ACL_MASK */
470
ret = acl_calc_mask(&acl);
473
LOG(log_error, logtype_afpd, "posix_fchmod: acl_calc_mask failed.");
476
ret = acl_set_fd(fd, acl);
485
#endif /* HAVE_POSIX_ACLS */
487
#endif /* HAVE_ACLS */