2
Copyright (c) 2010 Frank Lahm <franklahm@gmail.com>
4
This program is free software; you can redistribute it and/or modify
5
it under the terms of the GNU General Public License as published by
6
the Free Software Foundation; either version 2 of the License, or
7
(at your option) any later version.
9
This program is distributed in the hope that it will be useful,
10
but WITHOUT ANY WARRANTY; without even the implied warranty of
11
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12
GNU General Public License for more details.
17
#endif /* HAVE_CONFIG_H */
19
#ifdef HAVE_SOLARIS_ACLS
22
#include <sys/types.h>
31
#include <atalk/logger.h>
32
#include <atalk/afp.h>
33
#include <atalk/util.h>
34
#include <atalk/acl.h>
36
/* Get ACL. Allocates storage as needed. Caller must free.
37
* Returns no of ACEs or -1 on error. */
38
int get_nfsv4_acl(const char *name, ace_t **retAces)
45
/* Only call acl() for regular files and directories, otherwise just return 0 */
46
if (lstat(name, &st) != 0) {
47
LOG(log_warning, logtype_afpd, "get_nfsv4_acl(\"%s/%s\"): %s", getcwdpath(), name, strerror(errno));
51
if (S_ISLNK(st.st_mode))
52
/* sorry, no ACLs for symlinks */
55
if ( ! (S_ISREG(st.st_mode) || S_ISDIR(st.st_mode))) {
56
LOG(log_warning, logtype_afpd, "get_nfsv4_acl(\"%s/%s\"): special", getcwdpath(), name);
60
if ((ace_count = acl(name, ACE_GETACLCNT, 0, NULL)) == 0) {
61
LOG(log_warning, logtype_afpd, "get_nfsv4_acl(\"%s/%s\"): 0 ACEs", getcwdpath(), name);
65
if (ace_count == -1) {
66
LOG(log_error, logtype_afpd, "get_nfsv4_acl: acl('%s/%s', ACE_GETACLCNT): ace_count %i, error: %s",
67
getcwdpath(), name, ace_count, strerror(errno));
71
aces = malloc(ace_count * sizeof(ace_t));
73
LOG(log_error, logtype_afpd, "get_nfsv4_acl: malloc error");
77
if ( (acl(name, ACE_GETACL, ace_count, aces)) == -1 ) {
78
LOG(log_error, logtype_afpd, "get_nfsv4_acl: acl(ACE_GETACL) error");
83
LOG(log_debug9, logtype_afpd, "get_nfsv4_acl: file: %s -> No. of ACEs: %d", name, ace_count);
92
ace_t *concat_aces(ace_t *aces1, int ace1count, ace_t *aces2, int ace2count)
97
/* malloc buffer for new ACL */
98
if ((new_aces = malloc((ace1count + ace2count) * sizeof(ace_t))) == NULL) {
99
LOG(log_error, logtype_afpd, "combine_aces: malloc %s", strerror(errno));
103
/* Copy ACEs from buf1 */
104
for (i=0; i < ace1count; ) {
105
memcpy(&new_aces[i], &aces1[i], sizeof(ace_t));
111
/* Copy ACEs from buf2 */
112
for (i=0; i < ace2count; ) {
113
memcpy(&new_aces[j], &aces2[i], sizeof(ace_t));
121
Remove any trivial ACE "in-place". Returns no of non-trivial ACEs
123
int strip_trivial_aces(ace_t **saces, int sacecount)
127
ace_t *aces = *saces;
130
if (aces == NULL || sacecount <= 0)
133
/* Count non-trivial ACEs */
134
for (i=0; i < sacecount; ) {
135
if ( ! (aces[i].a_flags & (ACE_OWNER | ACE_GROUP | ACE_EVERYONE)))
139
/* malloc buffer for new ACL */
140
if ((new_aces = malloc(nontrivaces * sizeof(ace_t))) == NULL) {
141
LOG(log_error, logtype_afpd, "strip_trivial_aces: malloc %s", strerror(errno));
145
/* Copy non-trivial ACEs */
146
for (i=0, j=0; i < sacecount; ) {
147
if ( ! (aces[i].a_flags & (ACE_OWNER | ACE_GROUP | ACE_EVERYONE))) {
148
memcpy(&new_aces[j], &aces[i], sizeof(ace_t));
157
LOG(log_debug7, logtype_afpd, "strip_trivial_aces: non-trivial ACEs: %d", nontrivaces);
163
Remove non-trivial ACEs "in-place". Returns no of trivial ACEs.
165
int strip_nontrivial_aces(ace_t **saces, int sacecount)
169
ace_t *aces = *saces;
172
/* Count trivial ACEs */
173
for (i=0; i < sacecount; ) {
174
if ((aces[i].a_flags & (ACE_OWNER | ACE_GROUP | ACE_EVERYONE)))
178
/* malloc buffer for new ACL */
179
if ((new_aces = malloc(trivaces * sizeof(ace_t))) == NULL) {
180
LOG(log_error, logtype_afpd, "strip_nontrivial_aces: malloc %s", strerror(errno));
184
/* Copy trivial ACEs */
185
for (i=0, j=0; i < sacecount; ) {
186
if ((aces[i].a_flags & (ACE_OWNER | ACE_GROUP | ACE_EVERYONE))) {
187
memcpy(&new_aces[j], &aces[i], sizeof(ace_t));
196
LOG(log_debug7, logtype_afpd, "strip_nontrivial_aces: trivial ACEs: %d", trivaces);
202
* Change mode of file preserving existing explicit ACEs
205
* (1) reads objects ACL (acl1)
206
* (2) removes all trivial ACEs from the ACL by calling strip_trivial_aces(), possibly
207
* leaving 0 ACEs in the ACL if there were only trivial ACEs as mapped from the mode
208
* (3) calls chmod() with mode
209
* (4) reads the changed ACL (acl2) which
210
* a) might still contain explicit ACEs (up to onnv132)
211
* b) will have any explicit ACE removed (starting with onnv145/Openindiana)
212
* (5) strip any explicit ACE from acl2 using strip_nontrivial_aces()
213
* (6) merge acl2 and acl2
214
* (7) set the ACL merged ACL on the object
216
int nfsv4_chmod(char *name, mode_t mode)
220
ace_t *oacl = NULL, *nacl = NULL, *cacl = NULL;
222
LOG(log_debug, logtype_afpd, "nfsv4_chmod(\"%s/%s\", %04o)",
223
getcwdpath(), name, mode);
225
if ((noaces = get_nfsv4_acl(name, &oacl)) == -1) /* (1) */
227
if ((noaces = strip_trivial_aces(&oacl, noaces)) == -1) /* (2) */
233
if (chmod(name, mode) != 0) /* (3) */
236
if ((nnaces = get_nfsv4_acl(name, &nacl)) == -1) /* (4) */
238
if ((nnaces = strip_nontrivial_aces(&nacl, nnaces)) == -1) /* (5) */
241
if ((cacl = concat_aces(oacl, noaces, nacl, nnaces)) == NULL) /* (6) */
244
if ((ret = acl(name, ACE_SETACL, noaces + nnaces, cacl)) != 0) {
245
LOG(log_error, logtype_afpd, "nfsv4_chmod: error setting acl: %s", strerror(errno));
250
if (oacl) free(oacl);
251
if (nacl) free(nacl);
252
if (cacl) free(cacl);
254
LOG(log_debug, logtype_afpd, "nfsv4_chmod(\"%s/%s\", %04o): result: %u",
255
getcwdpath(), name, mode, ret);
260
#endif /* HAVE_SOLARIS_ACLS */