From 0293259eaa6fd49f69bc6f0181c9145158c4e67f Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 6 Dec 2000 02:32:48 +0000 Subject: Make smbd/posix_acls.c use abstract interface. include/smb_acls.h lib/sysacls.c: Added as interface definitions. Jeremy. (This used to be commit 8359375bba5b3ae24956f66b066dedf11d3583df) --- source3/lib/sysacls.c | 110 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 110 insertions(+) create mode 100644 source3/lib/sysacls.c (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c new file mode 100644 index 0000000000..50d9757acd --- /dev/null +++ b/source3/lib/sysacls.c @@ -0,0 +1,110 @@ +/* + Unix SMB/Netbios implementation. + Version 2.2. + Samba system utilities for ACL support. + Copyright (C) Jeremy Allison 2000. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +extern int DEBUGLEVEL; + +/* + This file wraps all differing system ACL interfaces into a consistent + one based on the POSIX interface. It also returns the correct errors + for older UNIX systems that don't support ACLs. + + The interfaces that each ACL implementation must support are as follows : + + int sys_acl_get_entry( SMB_ACL_T acl, int entry_id, SMB_ACL_ENTRY_T *entry_p) + int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p) + int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p + void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d) + SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type) + SMB_ACL_T sys_acl_get_fd(int fd) + int sys_acl_free( void *obj_p) + +*/ + +#if defined(HAVE_POSIX_ACLS) + +/* Identity mapping - easy. */ + +int sys_acl_get_entry( SMB_ACL_T acl, int entry_id, SMB_ACL_ENTRY_T *entry_p) +{ + return acl_get_entry( acl, entry_id, entry_p); +} + +int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p) +{ + return acl_get_tag_type( entry_d, tag_type_p); +} + +int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p) +{ + return acl_get_permset( entry_d, permset_p); +} + +void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d) +{ + return acl_get_qualifier( entry_d); +} + +SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type) +{ + sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type) +} + +SMB_ACL_T sys_acl_get_fd(int fd) +{ + return acl_get_fd(fd); +} + +int sys_acl_free( void *obj_p) +{ + return acl_free(obj_p); +} + +#elif defined(HAVE_SOLARIS_ACLS) + +#elif defined(HAVE_IRIX_ACLS) + +#else /* No ACLs. */ +int sys_acl_get_entry( SMB_ACL_T acl, int entry_id, SMB_ACL_ENTRY_T *entry_p) +{ +} + +int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p) +{ +} + +int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p) +{ +} + +void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d) +{ +} + +SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type) +{ +} + +int sys_acl_free( void *obj_p) +{ +} +#endif /* No ACLs. */ -- cgit From 70922b9bbe412dc43397ecfd3feeb01169ed0b96 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 6 Dec 2000 23:24:31 +0000 Subject: Cause smbd to use the new posix_acls code, not the old unix_acls code. Currently does exactly the same thing (returns ACLs the same way). This code is written to try and get a POSIX ACL via the abstract sys_XX interface, then fall back to providing a UNIX based ACL if the calls fail. Seems to work. Next step is to add a --with-posix-acls to configure.in and then check on a POSIX ACL system that a complex ACL is returned correctly as an NT ACL. Note that the ACL set (a more complex problem) is not addressed yet. Jeremy. (This used to be commit 4339e20202a876dbadc07980b731f711463b7299) --- source3/lib/sysacls.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index 50d9757acd..da62479cd8 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -84,27 +84,39 @@ int sys_acl_free( void *obj_p) #elif defined(HAVE_IRIX_ACLS) #else /* No ACLs. */ + int sys_acl_get_entry( SMB_ACL_T acl, int entry_id, SMB_ACL_ENTRY_T *entry_p) { + return -1; } int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p) { + return -1; } int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p) { + return -1; } void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d) { + return NULL; } SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type) { + return (SMB_ACL_T)NULL; +} + +SMB_ACL_T sys_acl_get_fd(int fd) +{ + return (SMB_ACL_T)NULL; } int sys_acl_free( void *obj_p) { + return -1; } #endif /* No ACLs. */ -- cgit From 423227d7ca87a6a4b9412e9ecbc3d6dd073818b1 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 7 Dec 2000 05:38:01 +0000 Subject: Working code to read POSIX ACLs on a Linux system using the bestbits ACL patch from http://acl.bestbits.at/. configure support needs more work (just assumes correct headers at the moment). ACL writing needs adding. Jeremy. (This used to be commit 6ae63e502e6adf3666a34aa87860c74e106fdb84) --- source3/lib/sysacls.c | 51 +++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 49 insertions(+), 2 deletions(-) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index da62479cd8..22fbaee26f 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -37,7 +37,14 @@ extern int DEBUGLEVEL; SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type) SMB_ACL_T sys_acl_get_fd(int fd) int sys_acl_free( void *obj_p) - + int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset); + int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm); + char *sys_acl_to_text( SMB_ACL_T acl, ssize_t *plen) + + This next one is not POSIX complient - but we *have* to have it ! + More POSIX braindamage. + + int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) */ #if defined(HAVE_POSIX_ACLS) @@ -66,7 +73,7 @@ void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d) SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type) { - sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type) + return sys_acl_get_file( path_p, type); } SMB_ACL_T sys_acl_get_fd(int fd) @@ -79,6 +86,26 @@ int sys_acl_free( void *obj_p) return acl_free(obj_p); } +int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset) +{ + return acl_clear_perms(permset); +} + +int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) +{ + return acl_add_perm(permset, perm); +} + +int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) +{ + return acl_get_perm(permset, perm); +} + +char *sys_acl_to_text( SMB_ACL_T acl, ssize_t *plen) +{ + return acl_to_text( acl, plen); +} + #elif defined(HAVE_SOLARIS_ACLS) #elif defined(HAVE_IRIX_ACLS) @@ -119,4 +146,24 @@ int sys_acl_free( void *obj_p) { return -1; } + +int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset) +{ + return -1; +} + +int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) +{ + return -1; +} + +int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) +{ + return (permset & perm) ? 1 : 0; +} + +char *sys_acl_to_text( SMB_ACL_T acl, ssize_t *plen) +{ + return NULL; +} #endif /* No ACLs. */ -- cgit From c31211167bc2b98f51f8f3cc70bb410250b427aa Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 7 Dec 2000 06:23:01 +0000 Subject: Added better configure test for POSIX ACLs. Fixed stupid typo in sysacls.c Jeremy. (This used to be commit da6ae57501e3cb971e82eac5bb05efcd9cf443ae) --- source3/lib/sysacls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index 22fbaee26f..2412fb7b0e 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -73,7 +73,7 @@ void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d) SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type) { - return sys_acl_get_file( path_p, type); + return acl_get_file( path_p, type); } SMB_ACL_T sys_acl_get_fd(int fd) -- cgit From 624431c98b78185bf402562d4194a98d86a60bcc Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Thu, 14 Dec 2000 05:38:05 +0000 Subject: Renamed parameters and variables called acl to the_acl as it conflicts with a Solaris system call. (This used to be commit 5e547ddcb526be5562db9213c5b36e505e735a2e) --- source3/lib/sysacls.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index 2412fb7b0e..e2cf535d3e 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -51,9 +51,9 @@ extern int DEBUGLEVEL; /* Identity mapping - easy. */ -int sys_acl_get_entry( SMB_ACL_T acl, int entry_id, SMB_ACL_ENTRY_T *entry_p) +int sys_acl_get_entry( SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p) { - return acl_get_entry( acl, entry_id, entry_p); + return acl_get_entry( the_acl, entry_id, entry_p); } int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p) @@ -101,9 +101,9 @@ int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) return acl_get_perm(permset, perm); } -char *sys_acl_to_text( SMB_ACL_T acl, ssize_t *plen) +char *sys_acl_to_text( SMB_ACL_T the_acl, ssize_t *plen) { - return acl_to_text( acl, plen); + return acl_to_text( the_acl, plen); } #elif defined(HAVE_SOLARIS_ACLS) @@ -112,7 +112,7 @@ char *sys_acl_to_text( SMB_ACL_T acl, ssize_t *plen) #else /* No ACLs. */ -int sys_acl_get_entry( SMB_ACL_T acl, int entry_id, SMB_ACL_ENTRY_T *entry_p) +int sys_acl_get_entry( SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p) { return -1; } @@ -162,7 +162,7 @@ int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) return (permset & perm) ? 1 : 0; } -char *sys_acl_to_text( SMB_ACL_T acl, ssize_t *plen) +char *sys_acl_to_text( SMB_ACL_T the_acl, ssize_t *plen) { return NULL; } -- cgit From ed7ecca3aa12afab6feb5cf176a84a76994c9194 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 19 Dec 2000 18:41:51 +0000 Subject: Split the one sys_acl_free call into sys_acl_free_TYPE calls, to allow easier wrapping of non-POSIX ACL interfaces. Jeremy. (This used to be commit 1a31b4eb082b23d60e3d9040b3c0110eef1f9385) --- source3/lib/sysacls.c | 43 ++++++++++++++++++++++++++++++++----------- 1 file changed, 32 insertions(+), 11 deletions(-) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index e2cf535d3e..6f26ff8007 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -36,7 +36,6 @@ extern int DEBUGLEVEL; void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d) SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type) SMB_ACL_T sys_acl_get_fd(int fd) - int sys_acl_free( void *obj_p) int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset); int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm); char *sys_acl_to_text( SMB_ACL_T acl, ssize_t *plen) @@ -45,6 +44,18 @@ extern int DEBUGLEVEL; More POSIX braindamage. int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) + + The generic POSIX free is the following call. We split this into + several different free functions as we may need to add tag info + to structures when emulating the POSIX interface. + + int sys_acl_free( void *obj_p) + + The calls we actually use are : + + int sys_acl_free_text(char *text) - free acl_to_text + int sys_acl_free_acl(SMB_ACL_T posix_acl) + */ #if defined(HAVE_POSIX_ACLS) @@ -81,11 +92,6 @@ SMB_ACL_T sys_acl_get_fd(int fd) return acl_get_fd(fd); } -int sys_acl_free( void *obj_p) -{ - return acl_free(obj_p); -} - int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset) { return acl_clear_perms(permset); @@ -106,6 +112,16 @@ char *sys_acl_to_text( SMB_ACL_T the_acl, ssize_t *plen) return acl_to_text( the_acl, plen); } +int sys_acl_free_text(char *text) +{ + return acl_free(text); +} + +int sys_acl_free_acl(SMB_ACL_T the_acl) +{ + return acl_free(the_acl); +} + #elif defined(HAVE_SOLARIS_ACLS) #elif defined(HAVE_IRIX_ACLS) @@ -142,11 +158,6 @@ SMB_ACL_T sys_acl_get_fd(int fd) return (SMB_ACL_T)NULL; } -int sys_acl_free( void *obj_p) -{ - return -1; -} - int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset) { return -1; @@ -166,4 +177,14 @@ char *sys_acl_to_text( SMB_ACL_T the_acl, ssize_t *plen) { return NULL; } + +int sys_acl_free_text(char *text) +{ + return -1; +} + +int sys_acl_free_acl(SMB_ACL_T the_acl) +{ + return -1; +} #endif /* No ACLs. */ -- cgit From d7c7283463a82ba8fd40d190c6231e398f57d466 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 11 Jan 2001 22:37:59 +0000 Subject: First compiling version of code that sets NT ACLs as POSIX ACLs. Now the debugging starts.... :-). Jeremy. (This used to be commit 2300ac79f5eba84225288a87129b4df5bd471466) --- source3/lib/sysacls.c | 92 +++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 90 insertions(+), 2 deletions(-) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index 6f26ff8007..84989de417 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -30,7 +30,7 @@ extern int DEBUGLEVEL; The interfaces that each ACL implementation must support are as follows : - int sys_acl_get_entry( SMB_ACL_T acl, int entry_id, SMB_ACL_ENTRY_T *entry_p) + int sys_acl_get_entry( SMB_ACL_T theacl, int entry_id, SMB_ACL_ENTRY_T *entry_p) int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p) int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d) @@ -38,7 +38,15 @@ extern int DEBUGLEVEL; SMB_ACL_T sys_acl_get_fd(int fd) int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset); int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm); - char *sys_acl_to_text( SMB_ACL_T acl, ssize_t *plen) + char *sys_acl_to_text( SMB_ACL_T theacl, ssize_t *plen) + SMB_ACL_T sys_acl_init( int count) + int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry) + int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype) + int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual) + int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset) + int sys_acl_valid( SMB_ACL_T theacl ) + int sys_acl_set_file( char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) + int sys_acl_set_fd( int fd, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) This next one is not POSIX complient - but we *have* to have it ! More POSIX braindamage. @@ -112,6 +120,46 @@ char *sys_acl_to_text( SMB_ACL_T the_acl, ssize_t *plen) return acl_to_text( the_acl, plen); } +SMB_ACL_T sys_acl_init( int count) +{ + return acl_init(count); +} + +int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry) +{ + return acl_create_entry(pacl, pentry); +} + +int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype) +{ + return acl_set_tag_type(entry, tagtype); +} + +int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual) +{ + return acl_set_qualifier(entry, qual); +} + +int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset) +{ + return acl_set_permset(entry, permset); +} + +int sys_acl_valid( SMB_ACL_T theacl ) +{ + return acl_valid(thacl); +} + +int sys_acl_set_file( char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) +{ + return acl_set_file(name, acltype, theacl); +} + +int sys_acl_set_fd( int fd, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) +{ + return acl_set_fd(fd, acltype, theacl); +} + int sys_acl_free_text(char *text) { return acl_free(text); @@ -183,6 +231,46 @@ int sys_acl_free_text(char *text) return -1; } +SMB_ACL_T sys_acl_init( int count) +{ + return NULL; +} + +int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry) +{ + return -1; +} + +int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype) +{ + return -1; +} + +int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual) +{ + return -1; +} + +int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset) +{ + return -1; +} + +int sys_acl_valid( SMB_ACL_T theacl ) +{ + return -1; +} + +int sys_acl_set_file( char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) +{ + return -1; +} + +int sys_acl_set_fd( int fd, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) +{ + return -1; +} + int sys_acl_free_acl(SMB_ACL_T the_acl) { return -1; -- cgit From cffc311b8a897641166728f27464ba7d37a2092c Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 11 Jan 2001 23:41:33 +0000 Subject: Fixed typo with acl_set_fd() not needing an ACL_TYPE_T parameter. Ensure HAVE_NO_ACLS is set in configure if ACL support not selected. Jeremy (This used to be commit 523c91935621ec2d200a79385046694806f7c837) --- source3/lib/sysacls.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index 84989de417..f665c780cf 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -46,7 +46,7 @@ extern int DEBUGLEVEL; int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset) int sys_acl_valid( SMB_ACL_T theacl ) int sys_acl_set_file( char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) - int sys_acl_set_fd( int fd, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) + int sys_acl_set_fd( int fd, SMB_ACL_T theacl) This next one is not POSIX complient - but we *have* to have it ! More POSIX braindamage. @@ -147,7 +147,7 @@ int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset) int sys_acl_valid( SMB_ACL_T theacl ) { - return acl_valid(thacl); + return acl_valid(theacl); } int sys_acl_set_file( char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) @@ -155,9 +155,9 @@ int sys_acl_set_file( char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) return acl_set_file(name, acltype, theacl); } -int sys_acl_set_fd( int fd, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) +int sys_acl_set_fd( int fd, SMB_ACL_T theacl) { - return acl_set_fd(fd, acltype, theacl); + return acl_set_fd(fd, theacl); } int sys_acl_free_text(char *text) @@ -266,7 +266,7 @@ int sys_acl_set_file( char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) return -1; } -int sys_acl_set_fd( int fd, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) +int sys_acl_set_fd( int fd, SMB_ACL_T theacl) { return -1; } -- cgit From ddfac242e3c6b16b93a6fabf73f837cd5ffe216a Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 15 Feb 2001 19:56:10 +0000 Subject: Patch to add UnixWare ACLs from Michael Davidson . With some small modifications, this code may also work on Solaris, as they are derived from the same SVR4 codebase. When the Samba Solaris box is up and running again I will test this. Jeremy. (This used to be commit f8db87b0978be981448eafd57163703e3aeec2cb) --- source3/lib/sysacls.c | 559 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 559 insertions(+) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index f665c780cf..cd48214348 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -170,6 +170,565 @@ int sys_acl_free_acl(SMB_ACL_T the_acl) return acl_free(the_acl); } +#elif defined(HAVE_UNIXWARE_ACLS) + +/* + * Donated by Michael Davidson for UnixWare. + * As this is generic SVR4.x code, it may also work for Solaris ! + */ + +#define INITIAL_ACL_SIZE 16 +#ifndef SETACL +#define SETACL ACL_SET +#endif + +#ifndef GETACL +#define GETACL ACL_GET +#endif + +#ifndef GETACLCNT +#define GETACLCNT ACL_CNT +#endif + +#ifndef HAVE__FACL +/* + * until official facl() support shows up in UW 7.1.2 + */ +int facl(int fd, int cmd, int nentries, struct acl *aclbufp) +{ + return syscall(188, fd, cmd, nentries, aclbufp); +} +#endif + + +int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p) +{ + if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) { + errno = EINVAL; + return -1; + } + + if (entry_p == NULL) { + errno = EINVAL; + return -1; + } + + if (entry_id == SMB_ACL_FIRST_ENTRY) { + acl_d->next = 0; + } + + if (acl_d->next < 0) { + errno = EINVAL; + return -1; + } + + if (acl_d->next >= acl_d->count) { + return 0; + } + + *entry_p = &acl_d->acl[acl_d->next++]; + + return 1; +} + +int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p) +{ + *type_p = entry_d->a_type; + + return 0; +} + +int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p) +{ + *permset_p = &entry_d->a_perm; + + return 0; +} + +void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d) +{ + if (entry_d->a_type != SMB_ACL_USER + && entry_d->a_type != SMB_ACL_GROUP) { + errno = EINVAL; + return NULL; + } + + return &entry_d->a_id; +} + +SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type) +{ + SMB_ACL_T acl_d; + int count; /* # of ACL entries allocated */ + int naccess; /* # of access ACL entries */ + int ndefault; /* # of default ACL entries */ + + if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) { + errno = EINVAL; + return NULL; + } + + count = INITIAL_ACL_SIZE; + if ((acl_d = sys_acl_init(count)) == NULL) { + return NULL; + } + + while ((count = acl(path_p, GETACL, count, &acl_d->acl[0])) < 0 + && errno == ENOSPC) { + + if ((count = acl(path_p, GETACLCNT, 0, NULL)) < 0) { + return NULL; + } + + sys_acl_free_acl(acl_d); + + if ((acl_d = sys_acl_init(count)) == NULL) { + return NULL; + } + } + + if (count < 0) { + return NULL; + } + + /* + * calculate the number of access and default ACL entries + * + * Note: we assume that the acl() system call returned a + * well formed ACL which is sorted so that all of the + * access ACL entries preceed any default ACL entries + */ + for (naccess = 0; naccess < count; naccess++) { + if (acl_d->acl[naccess].a_type & ACL_DEFAULT) + break; + } + ndefault = count - naccess; + + /* + * if the caller wants the default ACL we have to copy + * the entries down to the start of the acl[] buffer + * and mask out the ACL_DEFAULT flag from the type field + */ + if (type == SMB_ACL_TYPE_DEFAULT) { + int i, j; + + for (i = 0, j = naccess; i < ndefault; i++, j++) { + acl_d->acl[i] = acl_d->acl[j]; + acl_d->acl[i].a_type &= ~ACL_DEFAULT; + } + + acl_d->count = ndefault; + } else { + acl_d->count = naccess; + } + + return acl_d; +} + +SMB_ACL_T sys_acl_get_fd(int fd) +{ + SMB_ACL_T acl_d; + int count; /* # of ACL entries allocated */ + int naccess; /* # of access ACL entries */ + + count = INITIAL_ACL_SIZE; + if ((acl_d = sys_acl_init(count)) == NULL) { + return NULL; + } + + while ((count = facl(fd, GETACL, count, &acl_d->acl[0])) < 0 + && errno == ENOSPC) { + + if ((count = facl(fd, GETACLCNT, 0, NULL)) < 0) { + return NULL; + } + + sys_acl_free_acl(acl_d); + + if ((acl_d = sys_acl_init(count)) == NULL) { + return NULL; + } + } + + if (count < 0) { + return NULL; + } + + /* + * calculate the number of access ACL entries + */ + for (naccess = 0; naccess < count; naccess++) { + if (acl_d->acl[naccess].a_type & ACL_DEFAULT) + break; + } + + acl_d->count = naccess; + + return acl_d; +} + +int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d) +{ + *permset_d = 0; + + return 0; +} + +int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm) +{ + if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE + && perm != SMB_ACL_EXECUTE) { + errno = EINVAL; + return -1; + } + + if (permset_d == NULL) { + errno = EINVAL; + return -1; + } + + *permset_d |= perm; + + return 0; +} + +int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm) +{ + return *permset_d & perm; +} + +char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p) +{ + int i; + int len, maxlen; + char *text; + + /* + * use an initial estimate of 20 bytes per ACL entry + * when allocating memory for the text representation + * of the ACL + */ + len = 0; + maxlen = 20 * acl_d->count; + if ((text = malloc(maxlen)) == NULL) { + errno = ENOMEM; + return NULL; + } + + for (i = 0; i < acl_d->count; i++) { + struct acl *ap = &acl_d->acl[i]; + struct passwd *pw; + struct group *gr; + char tagbuf[12]; + char idbuf[12]; + char *tag; + char *id = ""; + char perms[4]; + int nbytes; + + switch (ap->a_type) { + /* + * for debugging purposes it's probably more + * useful to dump unknown tag types rather + * than just returning an error + */ + default: + snprintf(tagbuf, sizeof tagbuf, "0x%x", + ap->a_type); + tag = tagbuf; + snprintf(idbuf, sizeof idbuf, "%ld", + (long)ap->a_id); + id = idbuf; + break; + + case SMB_ACL_USER: + if ((pw = getpwuid(ap->a_id)) == NULL) { + snprintf(idbuf, sizeof idbuf, "%ld", + (long)ap->a_id); + id = idbuf; + } else { + id = pw->pw_name; + } + case SMB_ACL_USER_OBJ: + tag = "user"; + break; + + case SMB_ACL_GROUP: + if ((gr = getgrgid(ap->a_id)) == NULL) { + snprintf(idbuf, sizeof idbuf, "%ld", + (long)ap->a_id); + id = idbuf; + } else { + id = gr->gr_name; + } + case SMB_ACL_GROUP_OBJ: + tag = "group"; + break; + + case SMB_ACL_OTHER: + tag = "other"; + break; + + case SMB_ACL_MASK: + tag = "mask"; + break; + + } + + perms[0] = (ap->a_perm & S_IRUSR) ? 'r' : '-'; + perms[1] = (ap->a_perm & S_IWUSR) ? 'w' : '-'; + perms[2] = (ap->a_perm & S_IXUSR) ? 'x' : '-'; + perms[3] = '\0'; + + /* : : rwx \n \0 */ + nbytes = strlen(tag) + 1 + strlen(id) + 1 + 3 + 1 + 1; + + if ((len + nbytes) > maxlen) { + /* + * allocate enough additional memory for this + * entry and an estimate of another 20 bytes + * for each entry still to be processed + */ + maxlen += nbytes + 20 * (acl_d->count - i); + + if ((text = realloc(text, maxlen)) == NULL) { + errno = ENOMEM; + return NULL; + } + } + + snprintf(&text[len], nbytes, "%s:%s:%s\n", tag, id, perms); + len += nbytes - 1; + } + + if (len_p) + *len_p = len; + + return text; +} + +SMB_ACL_T sys_acl_init(int count) +{ + SMB_ACL_T a; + + if (count < 0) { + errno = EINVAL; + return NULL; + } + + /* + * note that since the definition of the structure pointed + * to by the SMB_ACL_T includes the first element of the + * acl[] array, this actually allocates an ACL with room + * for (count+1) entries + */ + if ((a = malloc(sizeof(*a) + count * sizeof(struct acl))) == NULL) { + errno = ENOMEM; + return NULL; + } + + a->size = count + 1; + a->count = 0; + a->next = -1; + + return a; +} + + +int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p) +{ + SMB_ACL_T acl_d; + SMB_ACL_ENTRY_T entry_d; + + if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) { + errno = EINVAL; + return -1; + } + + if (acl_d->count >= acl_d->size) { + errno = ENOSPC; + return -1; + } + + entry_d = &acl_d->acl[acl_d->count++]; + entry_d->a_type = 0; + entry_d->a_id = -1; + entry_d->a_perm = 0; + *entry_p = entry_d; + + return 0; +} + +int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type) +{ + switch (tag_type) { + case SMB_ACL_USER: + case SMB_ACL_USER_OBJ: + case SMB_ACL_GROUP: + case SMB_ACL_GROUP_OBJ: + case SMB_ACL_OTHER: + case SMB_ACL_MASK: + entry_d->a_type = tag_type; + break; + default: + errno = EINVAL; + return -1; + } + + return 0; +} + +int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p) +{ + if (entry_d->a_type != SMB_ACL_GROUP + && entry_d->a_type != SMB_ACL_USER) { + errno = EINVAL; + return -1; + } + + entry_d->a_id = *((id_t *)qual_p); + + return 0; +} + +int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d) +{ + if (*permset_d & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) { + return EINVAL; + } + + entry_d->a_perm = *permset_d; + + return 0; +} + +int sys_acl_valid(SMB_ACL_T acl_d) +{ + if (aclsort(acl_d->count, 0, acl_d->acl) != 0) { + errno = EINVAL; + return -1; + } + + return 0; +} + +int sys_acl_set_file(char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d) +{ + struct stat s; + struct acl *acl_p; + int acl_count; + struct acl *acl_buf = NULL; + int ret; + + if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) { + errno = EINVAL; + return -1; + } + + if (stat(name, &s) != 0) { + return -1; + } + + acl_p = &acl_d->acl[0]; + acl_count = acl_d->count; + + /* + * if it's a directory there is extra work to do + * since the acl() system call will replace both + * the access ACLs and the default ACLs (if any) + */ + if (S_ISDIR(s.st_mode)) { + SMB_ACL_T acc_acl; + SMB_ACL_T def_acl; + SMB_ACL_T tmp_acl; + int i; + + if (type == SMB_ACL_TYPE_ACCESS) { + acc_acl = acl_d; + def_acl = + tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_DEFAULT); + + } else { + def_acl = acl_d; + acc_acl = + tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_ACCESS); + } + + if (tmp_acl == NULL) { + return -1; + } + + /* + * allocate a temporary buffer for the complete ACL + */ + acl_count = acc_acl->count + def_acl->count; + acl_p = + acl_buf = malloc(acl_count * sizeof(acl_buf[0])); + + if (acl_buf == NULL) { + sys_acl_free_acl(tmp_acl); + errno = ENOMEM; + return -1; + } + + /* + * copy the access control and default entries into the buffer + */ + memcpy(&acl_buf[0], &acc_acl->acl[0], + acc_acl->count * sizeof(acl_buf[0])); + + memcpy(&acl_buf[acc_acl->count], &def_acl->acl[0], + def_acl->count * sizeof(acl_buf[0])); + + /* + * set the ACL_DEFAULT flag on the default entries + */ + for (i = acc_acl->count; i < acl_count; i++) { + acl_buf[i].a_type |= ACL_DEFAULT; + } + + sys_acl_free_acl(tmp_acl); + + } else if (type != SMB_ACL_TYPE_ACCESS) { + errno = EINVAL; + return -1; + } + + if (aclsort(acl_count, 0, acl_p) != 0) { + errno = EINVAL; + ret = -1; + } else { + ret = acl(name, SETACL, acl_count, acl_p); + } + + if (acl_buf) { + free(acl_buf); + } + + return ret; +} + +int sys_acl_set_fd(int fd, SMB_ACL_T acl_d) +{ + if (aclsort(acl_d->count, 0, acl_d->acl) != 0) { + errno = EINVAL; + return -1; + } + + return facl(fd, SETACL, acl_d->count, &acl_d->acl[0]); +} + +int sys_acl_free_text(char *text) +{ + free(text); + return 0; +} + +int sys_acl_free_acl(SMB_ACL_T acl_d) +{ + free(acl_d); + return 0; +} #elif defined(HAVE_SOLARIS_ACLS) #elif defined(HAVE_IRIX_ACLS) -- cgit From fd46817f0b20c633c80dee70a29cf7478e2dfd68 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 16 Feb 2001 19:21:18 +0000 Subject: Excise snprintf -> slprintf. srv_samr.c: duplicate gid fix. srv_spoolss_nt.c: Merge of JF's work. uid.c: Fix for returning names when a PDC. Jeremy. (This used to be commit d938ad6963a2dd4eda930d508600ec1902dc2b16) --- source3/lib/sysacls.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index cd48214348..640684ffca 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -194,7 +194,7 @@ int sys_acl_free_acl(SMB_ACL_T the_acl) /* * until official facl() support shows up in UW 7.1.2 */ -int facl(int fd, int cmd, int nentries, struct acl *aclbufp) + int facl(int fd, int cmd, int nentries, struct acl *aclbufp) { return syscall(188, fd, cmd, nentries, aclbufp); } @@ -433,17 +433,17 @@ char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p) * than just returning an error */ default: - snprintf(tagbuf, sizeof tagbuf, "0x%x", + slprintf(tagbuf, sizeof(tagbuf)-1, "0x%x", ap->a_type); tag = tagbuf; - snprintf(idbuf, sizeof idbuf, "%ld", + slprintf(idbuf, sizeof(idbuf)-1, "%ld", (long)ap->a_id); id = idbuf; break; case SMB_ACL_USER: if ((pw = getpwuid(ap->a_id)) == NULL) { - snprintf(idbuf, sizeof idbuf, "%ld", + slprintf(idbuf, sizeof(idbuf)-1, "%ld", (long)ap->a_id); id = idbuf; } else { @@ -455,7 +455,7 @@ char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p) case SMB_ACL_GROUP: if ((gr = getgrgid(ap->a_id)) == NULL) { - snprintf(idbuf, sizeof idbuf, "%ld", + slprintf(idbuf, sizeof(idbuf)-1, "%ld", (long)ap->a_id); id = idbuf; } else { @@ -497,7 +497,7 @@ char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p) } } - snprintf(&text[len], nbytes, "%s:%s:%s\n", tag, id, perms); + slprintf(&text[len], nbytes-1, "%s:%s:%s\n", tag, id, perms); len += nbytes - 1; } -- cgit From f93bb0801ccd66a6a3709ad98afb3758ffd0c1d4 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sun, 25 Feb 2001 00:24:54 +0000 Subject: rpc_client/cli_netlogon.c: Fixed incorrect printf. Added Solaris ACL support. Jeremy. (This used to be commit f0d11b6997cc46a0210adef8cf572cf8b7e2467a) --- source3/lib/sysacls.c | 536 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 536 insertions(+) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index 640684ffca..94f0a10d46 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -731,6 +731,542 @@ int sys_acl_free_acl(SMB_ACL_T acl_d) } #elif defined(HAVE_SOLARIS_ACLS) +/* + * Code donated by Toomas Soome . + * Based on the implementation by Michael Davidson for UnixWare. + */ + +#define INITIAL_ACL_SIZE 16 + +int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p) +{ + if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) { + errno = EINVAL; + return -1; + } + + if (entry_p == NULL) { + errno = EINVAL; + return -1; + } + + if (entry_id == SMB_ACL_FIRST_ENTRY) { + acl_d->next = 0; + } + + if (acl_d->next < 0) { + errno = EINVAL; + return -1; + } + + if (acl_d->next >= acl_d->count) { + return 0; + } + + *entry_p = &acl_d->acl[acl_d->next++]; + + return 1; +} + +int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p) +{ + *type_p = entry_d->a_type; + + return 0; +} + +int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p) +{ + *permset_p = &entry_d->a_perm; + + return 0; +} + +void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d) +{ + if (entry_d->a_type != SMB_ACL_USER + && entry_d->a_type != SMB_ACL_GROUP) { + errno = EINVAL; + return NULL; + } + + return &entry_d->a_id; +} + +SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type) +{ + SMB_ACL_T acl_d; + int count; /* # of ACL entries allocated */ + int naccess; /* # of access ACL entries */ + int ndefault; /* # of default ACL entries */ + + if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) { + errno = EINVAL; + return NULL; + } + + count = INITIAL_ACL_SIZE; + if ((acl_d = sys_acl_init(count)) == NULL) { + return NULL; + } + + while ((count = acl(path_p, GETACL, count, &acl_d->acl[0])) < 0 + && errno == ENOSPC) { + + if ((count = acl(path_p, GETACLCNT, 0, NULL)) < 0) { + return NULL; + } + + sys_acl_free_acl(acl_d); + + if ((acl_d = sys_acl_init(count)) == NULL) { + return NULL; + } + } + + if (count < 0) { + return NULL; + } + + /* + * calculate the number of access and default ACL entries + * + * Note: we assume that the acl() system call returned a + * well formed ACL which is sorted so that all of the + * access ACL entries preceed any default ACL entries + */ + for (naccess = 0; naccess < count; naccess++) { + if (acl_d->acl[naccess].a_type & ACL_DEFAULT) + break; + } + ndefault = count - naccess; + + /* + * if the caller wants the default ACL we have to copy + * the entries down to the start of the acl[] buffer + * and mask out the ACL_DEFAULT flag from the type field + */ + if (type == SMB_ACL_TYPE_DEFAULT) { + int i, j; + + for (i = 0, j = naccess; i < ndefault; i++, j++) { + acl_d->acl[i] = acl_d->acl[j]; + acl_d->acl[i].a_type &= ~ACL_DEFAULT; + } + + acl_d->count = ndefault; + } else { + acl_d->count = naccess; + } + + return acl_d; +} + +SMB_ACL_T sys_acl_get_fd(int fd) +{ + SMB_ACL_T acl_d; + int count; /* # of ACL entries allocated */ + int naccess; /* # of access ACL entries */ + + count = INITIAL_ACL_SIZE; + if ((acl_d = sys_acl_init(count)) == NULL) { + return NULL; + } + + while ((count = facl(fd, GETACL, count, &acl_d->acl[0])) < 0 + && errno == ENOSPC) { + + if ((count = facl(fd, GETACLCNT, 0, NULL)) < 0) { + return NULL; + } + + sys_acl_free_acl(acl_d); + + if ((acl_d = sys_acl_init(count)) == NULL) { + return NULL; + } + } + + if (count < 0) { + return NULL; + } + + /* + * calculate the number of access ACL entries + */ + for (naccess = 0; naccess < count; naccess++) { + if (acl_d->acl[naccess].a_type & ACL_DEFAULT) + break; + } + + acl_d->count = naccess; + + return acl_d; +} + +int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d) +{ + *permset_d = 0; + + return 0; +} + +int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm) +{ + if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE + && perm != SMB_ACL_EXECUTE) { + errno = EINVAL; + return -1; + } + + if (permset_d == NULL) { + errno = EINVAL; + return -1; + } + + *permset_d |= perm; + + return 0; +} + +int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm) +{ + return *permset_d & perm; +} + +char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p) +{ + int i; + int len, maxlen; + char *text; + + /* + * use an initial estimate of 20 bytes per ACL entry + * when allocating memory for the text representation + * of the ACL + */ + len = 0; + maxlen = 20 * acl_d->count; + if ((text = malloc(maxlen)) == NULL) { + errno = ENOMEM; + return NULL; + } + + for (i = 0; i < acl_d->count; i++) { + struct acl *ap = &acl_d->acl[i]; + struct passwd *pw; + struct group *gr; + char tagbuf[12]; + char idbuf[12]; + char *tag; + char *id = ""; + char perms[4]; + int nbytes; + + switch (ap->a_type) { + /* + * for debugging purposes it's probably more + * useful to dump unknown tag types rather + * than just returning an error + */ + default: + slprintf(tagbuf, sizeof(tagbuf)-1, "0x%x", + ap->a_type); + tag = tagbuf; + slprintf(idbuf, sizeof(idbuf)-1, "%ld", + (long)ap->a_id); + id = idbuf; + break; + + case SMB_ACL_USER: + if ((pw = getpwuid(ap->a_id)) == NULL) { + slprintf(idbuf, sizeof(idbuf)-1, "%ld", + (long)ap->a_id); + id = idbuf; + } else { + id = pw->pw_name; + } + case SMB_ACL_USER_OBJ: + tag = "user"; + break; + + case SMB_ACL_GROUP: + if ((gr = getgrgid(ap->a_id)) == NULL) { + slprintf(idbuf, sizeof(idbuf)-1, "%ld", + (long)ap->a_id); + id = idbuf; + } else { + id = gr->gr_name; + } + case SMB_ACL_GROUP_OBJ: + tag = "group"; + break; + + case SMB_ACL_OTHER: + tag = "other"; + break; + + case SMB_ACL_MASK: + tag = "mask"; + break; + + } + + perms[0] = (ap->a_perm & SMB_ACL_READ) ? 'r' : '-'; + perms[1] = (ap->a_perm & SMB_ACL_WRITE) ? 'w' : '-'; + perms[2] = (ap->a_perm & SMB_ACL_EXECUTE) ? 'x' : '-'; + perms[3] = '\0'; + + /* : : rwx \n \0 */ + nbytes = strlen(tag) + 1 + strlen(id) + 1 + 3 + 1 + 1; + + if ((len + nbytes) > maxlen) { + /* + * allocate enough additional memory for this + * entry and an estimate of another 20 bytes + * for each entry still to be processed + */ + maxlen += nbytes + 20 * (acl_d->count - i); + + if ((text = realloc(text, maxlen)) == NULL) { + errno = ENOMEM; + return NULL; + } + } + + slprintf(&text[len], nbytes-1, "%s:%s:%s\n", tag, id, perms); + len += nbytes - 1; + } + + if (len_p) + *len_p = len; + + return text; +} + +SMB_ACL_T sys_acl_init(int count) +{ + SMB_ACL_T a; + + if (count < 0) { + errno = EINVAL; + return NULL; + } + + /* + * note that since the definition of the structure pointed + * to by the SMB_ACL_T includes the first element of the + * acl[] array, this actually allocates an ACL with room + * for (count+1) entries + */ + if ((a = malloc(sizeof(*a) + count * sizeof(struct acl))) == NULL) { + errno = ENOMEM; + return NULL; + } + + a->size = count + 1; + a->count = 0; + a->next = -1; + + return a; +} + + +int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p) +{ + SMB_ACL_T acl_d; + SMB_ACL_ENTRY_T entry_d; + + if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) { + errno = EINVAL; + return -1; + } + + if (acl_d->count >= acl_d->size) { + errno = ENOSPC; + return -1; + } + + entry_d = &acl_d->acl[acl_d->count++]; + entry_d->a_type = 0; + entry_d->a_id = -1; + entry_d->a_perm = 0; + *entry_p = entry_d; + + return 0; +} + +int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type) +{ + switch (tag_type) { + case SMB_ACL_USER: + case SMB_ACL_USER_OBJ: + case SMB_ACL_GROUP: + case SMB_ACL_GROUP_OBJ: + case SMB_ACL_OTHER: + case SMB_ACL_MASK: + entry_d->a_type = tag_type; + break; + default: + errno = EINVAL; + return -1; + } + + return 0; +} + +int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p) +{ + if (entry_d->a_type != SMB_ACL_GROUP + && entry_d->a_type != SMB_ACL_USER) { + errno = EINVAL; + return -1; + } + + entry_d->a_id = *((id_t *)qual_p); + + return 0; +} + +int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d) +{ + if (*permset_d & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) { + return EINVAL; + } + + entry_d->a_perm = *permset_d; + + return 0; +} + +int sys_acl_valid(SMB_ACL_T acl_d) +{ + if (aclsort(acl_d->count, 0, acl_d->acl) != 0) { + errno = EINVAL; + return -1; + } + + return 0; +} + +int sys_acl_set_file(char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d) +{ + struct stat s; + struct acl *acl_p; + int acl_count; + struct acl *acl_buf = NULL; + int ret; + + if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) { + errno = EINVAL; + return -1; + } + + if (stat(name, &s) != 0) { + return -1; + } + + acl_p = &acl_d->acl[0]; + acl_count = acl_d->count; + + /* + * if it's a directory there is extra work to do + * since the acl() system call will replace both + * the access ACLs and the default ACLs (if any) + */ + if (S_ISDIR(s.st_mode)) { + SMB_ACL_T acc_acl; + SMB_ACL_T def_acl; + SMB_ACL_T tmp_acl; + int i; + + if (type == SMB_ACL_TYPE_ACCESS) { + acc_acl = acl_d; + def_acl = + tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_DEFAULT); + + } else { + def_acl = acl_d; + acc_acl = + tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_ACCESS); + } + + if (tmp_acl == NULL) { + return -1; + } + + /* + * allocate a temporary buffer for the complete ACL + */ + acl_count = acc_acl->count + def_acl->count; + acl_p = + acl_buf = malloc(acl_count * sizeof(acl_buf[0])); + + if (acl_buf == NULL) { + sys_acl_free_acl(tmp_acl); + errno = ENOMEM; + return -1; + } + + /* + * copy the access control and default entries into the buffer + */ + memcpy(&acl_buf[0], &acc_acl->acl[0], + acc_acl->count * sizeof(acl_buf[0])); + + memcpy(&acl_buf[acc_acl->count], &def_acl->acl[0], + def_acl->count * sizeof(acl_buf[0])); + + /* + * set the ACL_DEFAULT flag on the default entries + */ + for (i = acc_acl->count; i < acl_count; i++) { + acl_buf[i].a_type |= ACL_DEFAULT; + } + + sys_acl_free_acl(tmp_acl); + + } else if (type != SMB_ACL_TYPE_ACCESS) { + errno = EINVAL; + return -1; + } + + if (aclsort(acl_count, 0, acl_p) != 0) { + errno = EINVAL; + ret = -1; + } else { + ret = acl(name, SETACL, acl_count, acl_p); + } + + if (acl_buf) { + free(acl_buf); + } + + return ret; +} + +int sys_acl_set_fd(int fd, SMB_ACL_T acl_d) +{ + if (aclsort(acl_d->count, 0, acl_d->acl) != 0) { + errno = EINVAL; + return -1; + } + + return facl(fd, SETACL, acl_d->count, &acl_d->acl[0]); +} + +int sys_acl_free_text(char *text) +{ + free(text); + return 0; +} + +int sys_acl_free_acl(SMB_ACL_T acl_d) +{ + free(acl_d); + return 0; +} + #elif defined(HAVE_IRIX_ACLS) #else /* No ACLs. */ -- cgit From 5161c61bc7d2e3c8ee370bdedd755580445a2107 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 1 Mar 2001 05:21:19 +0000 Subject: Fixed a couple of getpwXX calls that were not going through the sys_getpwXX cache. Jeremy. (This used to be commit a648935ae93f781aedba8f89b0071a24e42f4543) --- source3/lib/sysacls.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index 94f0a10d46..8045fc000c 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -442,7 +442,7 @@ char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p) break; case SMB_ACL_USER: - if ((pw = getpwuid(ap->a_id)) == NULL) { + if ((pw = sys_getpwuid(ap->a_id)) == NULL) { slprintf(idbuf, sizeof(idbuf)-1, "%ld", (long)ap->a_id); id = idbuf; @@ -979,7 +979,7 @@ char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p) break; case SMB_ACL_USER: - if ((pw = getpwuid(ap->a_id)) == NULL) { + if ((pw = sys_getpwuid(ap->a_id)) == NULL) { slprintf(idbuf, sizeof(idbuf)-1, "%ld", (long)ap->a_id); id = idbuf; -- cgit From 8adfb4757cd42a6a0cd62929a8d24d3b1e40574a Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 22 Mar 2001 01:26:37 +0000 Subject: New POSIX ACL mapping code. Works with UNIX permissions, now for testing with real ACLs... Jeremy. (This used to be commit 852b9e15ac245a593460cfff3f629d0333372e41) --- source3/lib/sysacls.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index 8045fc000c..c8b32cdf49 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -1273,101 +1273,121 @@ int sys_acl_free_acl(SMB_ACL_T acl_d) int sys_acl_get_entry( SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p) { + errno = ENOSYS; return -1; } int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p) { + errno = ENOSYS; return -1; } int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p) { + errno = ENOSYS; return -1; } void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d) { + errno = ENOSYS; return NULL; } SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type) { + errno = ENOSYS; return (SMB_ACL_T)NULL; } SMB_ACL_T sys_acl_get_fd(int fd) { + errno = ENOSYS; return (SMB_ACL_T)NULL; } int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset) { + errno = ENOSYS; return -1; } int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) { + errno = ENOSYS; return -1; } int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) { + errno = ENOSYS; return (permset & perm) ? 1 : 0; } char *sys_acl_to_text( SMB_ACL_T the_acl, ssize_t *plen) { + errno = ENOSYS; return NULL; } int sys_acl_free_text(char *text) { + errno = ENOSYS; return -1; } SMB_ACL_T sys_acl_init( int count) { + errno = ENOSYS; return NULL; } int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry) { + errno = ENOSYS; return -1; } int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype) { + errno = ENOSYS; return -1; } int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual) { + errno = ENOSYS; return -1; } int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset) { + errno = ENOSYS; return -1; } int sys_acl_valid( SMB_ACL_T theacl ) { + errno = ENOSYS; return -1; } int sys_acl_set_file( char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) { + errno = ENOSYS; return -1; } int sys_acl_set_fd( int fd, SMB_ACL_T theacl) { + errno = ENOSYS; return -1; } int sys_acl_free_acl(SMB_ACL_T the_acl) { + errno = ENOSYS; return -1; } #endif /* No ACLs. */ -- cgit From 6c0c14a7425b76da349fbaf1defe3d4efa250764 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 2 Apr 2001 23:05:25 +0000 Subject: IRIX ACLs from Herb. Jeremy. (This used to be commit 2f2365e93833e5f08dc14ab0022dd9f6f0d028ad) --- source3/lib/sysacls.c | 244 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 244 insertions(+) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index c8b32cdf49..809aa32974 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -729,6 +729,7 @@ int sys_acl_free_acl(SMB_ACL_T acl_d) free(acl_d); return 0; } + #elif defined(HAVE_SOLARIS_ACLS) /* @@ -1269,6 +1270,249 @@ int sys_acl_free_acl(SMB_ACL_T acl_d) #elif defined(HAVE_IRIX_ACLS) +int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p) +{ + if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) { + errno = EINVAL; + return -1; + } + + if (entry_p == NULL) { + errno = EINVAL; + return -1; + } + + if (entry_id == SMB_ACL_FIRST_ENTRY) { + acl_d->next = 0; + } + + if (acl_d->next < 0) { + errno = EINVAL; + return -1; + } + + if (acl_d->next >= acl_d->aclp->acl_cnt) { + return 0; + } + + *entry_p = &acl_d->aclp->acl_entry[acl_d->next++]; + + return 1; +} + +int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p) +{ + *type_p = entry_d->ae_tag; + + return 0; +} + +int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p) +{ + *permset_p = entry_d; + + return 0; +} + +void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d) +{ + if (entry_d->ae_tag != SMB_ACL_USER + && entry_d->ae_tag != SMB_ACL_GROUP) { + errno = EINVAL; + return NULL; + } + + return &entry_d->ae_id; +} + +SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type) +{ + SMB_ACL_T a; + + if ((a = malloc(sizeof(*a))) == NULL) { + errno = ENOMEM; + return NULL; + } + if ((a->aclp = acl_get_file(path_p, type)) == NULL) { + free(a); + return NULL; + } + a->next = -1; + a->freeaclp = True; + return a; +} + +SMB_ACL_T sys_acl_get_fd(int fd) +{ + SMB_ACL_T a; + + if ((a = malloc(sizeof(*a))) == NULL) { + errno = ENOMEM; + return NULL; + } + if ((a->aclp = acl_get_fd(fd)) == NULL) { + free(a); + return NULL; + } + a->next = -1; + a->freeaclp = True; + return a; +} + +int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d) +{ + permset_d->ae_perm = 0; + + return 0; +} + +int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm) +{ + if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE + && perm != SMB_ACL_EXECUTE) { + errno = EINVAL; + return -1; + } + + if (permset_d == NULL) { + errno = EINVAL; + return -1; + } + + permset_d->ae_perm |= perm; + + return 0; +} + +int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm) +{ + return permset_d->ae_perm & perm; +} + +char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p) +{ + return acl_to_text(acl_d->aclp, len_p); +} + +SMB_ACL_T sys_acl_init(int count) +{ + SMB_ACL_T a; + + if (count < 0) { + errno = EINVAL; + return NULL; + } + + if ((a = malloc(sizeof(*a) + sizeof(struct acl))) == NULL) { + errno = ENOMEM; + return NULL; + } + + a->next = -1; + a->freeaclp = False; + a->aclp = (struct acl *)(&a->aclp + sizeof(struct acl *)); + a->aclp->acl_cnt = 0; + + return a; +} + + +int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p) +{ + SMB_ACL_T acl_d; + SMB_ACL_ENTRY_T entry_d; + + if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) { + errno = EINVAL; + return -1; + } + + if (acl_d->aclp->acl_cnt >= ACL_MAX_ENTRIES) { + errno = ENOSPC; + return -1; + } + + entry_d = &acl_d->aclp->acl_entry[acl_d->aclp->acl_cnt++]; + entry_d->ae_tag = 0; + entry_d->ae_id = 0; + entry_d->ae_perm = 0; + *entry_p = entry_d; + + return 0; +} + +int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type) +{ + switch (tag_type) { + case SMB_ACL_USER: + case SMB_ACL_USER_OBJ: + case SMB_ACL_GROUP: + case SMB_ACL_GROUP_OBJ: + case SMB_ACL_OTHER: + case SMB_ACL_MASK: + entry_d->ae_tag = tag_type; + break; + default: + errno = EINVAL; + return -1; + } + + return 0; +} + +int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p) +{ + if (entry_d->ae_tag != SMB_ACL_GROUP + && entry_d->ae_tag != SMB_ACL_USER) { + errno = EINVAL; + return -1; + } + + entry_d->ae_id = *((id_t *)qual_p); + + return 0; +} + +int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d) +{ + if (permset_d->ae_perm & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) { + return EINVAL; + } + + entry_d->ae_perm = permset_d->ae_perm; + + return 0; +} + +int sys_acl_valid(SMB_ACL_T acl_d) +{ + return acl_valid(acl_d->aclp); +} + +int sys_acl_set_file(char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d) +{ + return acl_set_file(name, type, acl_d->aclp); +} + +int sys_acl_set_fd(int fd, SMB_ACL_T acl_d) +{ + return acl_set_fd(fd, acl_d->aclp); +} + +int sys_acl_free_text(char *text) +{ + return acl_free(text); +} + +int sys_acl_free_acl(SMB_ACL_T acl_d) +{ + if (acl_d->freeaclp) { + acl_free(acl_d->aclp); + } + acl_free(acl_d); + return 0; +} + #else /* No ACLs. */ int sys_acl_get_entry( SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p) -- cgit From a6d201a8d7307f8a6342ee131917d6245ab41993 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 3 Apr 2001 00:40:01 +0000 Subject: Added XFS ACLs on Linux. Code from John Trostel . Jeremy. (This used to be commit 0865366f6b1070a8db3d8421c37c8072b36b96e3) --- source3/lib/sysacls.c | 214 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 214 insertions(+) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index 809aa32974..a01667ce36 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -1513,6 +1513,220 @@ int sys_acl_free_acl(SMB_ACL_T acl_d) return 0; } +#elif defined(HAVE_XFS_ACLS) +/* For Linux SGI/XFS Filesystems + * contributed by J Trostel, Connex + * */ + +/* based on the implementation for Solaris by Toomas Soome.. which is + * based on the implementation by Micheal Davidson for Unixware... + * + * Linux XFS is a 'work-in-progress' + * This interface may change... + * You've been warned ;-> */ + +/* First, do the identity mapping */ + +int sys_acl_get_entry( SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p) +{ + if( acl_get_entry( the_acl, entry_id, entry_p) >= 0) { + return 1; + } + else { + return -1; + } +} + +SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type) +{ + return acl_get_file( path_p, type); +} + +SMB_ACL_T sys_acl_get_fd(int fd) +{ + return acl_get_fd(fd); +} + +char *sys_acl_to_text( SMB_ACL_T the_acl, ssize_t *plen) +{ + return acl_to_text( the_acl, plen); +} + +int sys_acl_valid( SMB_ACL_T theacl ) +{ + return acl_valid(theacl); +} + +int sys_acl_set_file( char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) +{ + return acl_set_file(name, acltype, theacl); +} + +int sys_acl_set_fd( int fd, SMB_ACL_T theacl) +{ + return acl_set_fd(fd, theacl); +} + +/* Now the functions I need to define for XFS */ + +int sys_acl_create_entry( SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p) +{ + acl_t acl, newacl; + acl_entry_t ace; + int cnt; + + acl = *acl_p; + ace = *entry_p; + + if((*acl_p == NULL) || (ace == NULL)){ + errno = EINVAL; + return -1; + } + + cnt = acl->acl_cnt; + if( (cnt + 1) > ACL_MAX_ENTRIES ){ + errno = ENOSPC; + return -1; + } + + newacl = (acl_t)malloc(sizeof(struct acl)); + if(newacl == NULL){ + errno = ENOMEM; + return -1; + } + + *newacl = *acl; + newacl->acl_entry[cnt] = *ace; + newacl->acl_cnt = cnt + 1; + + acl_free(*acl_p); + *acl_p = newacl; + *entry_p = &newacl->acl_entry[cnt]; + return 0; +} + + +int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p) +{ + *tag_type_p = entry_d->ae_tag; + return 0; +} + +int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p) +{ + *permset_p = &entry_d->ae_perm; + return 0; +} + +void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d) +{ + if (entry_d->ae_tag != SMB_ACL_USER + && entry_d->ae_tag != SMB_ACL_GROUP) { + errno = EINVAL; + return NULL; + } + return &entry_d->ae_id; +} + +int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset) +{ + *permset = 0; + return 0; +} + +int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) +{ + return (*permset & perm); +} + +int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) +{ + +// TO DO: Add in ALL possible permissions here +// TO DO: Include extended ones!! + + if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE && perm != SMB_ACL_EXECUTE) { + errno = EINVAL; + return -1; + } + + if(permset == NULL) { + errno = EINVAL; + return -1; + } + + *permset |= perm; + + return 0; +} + +SMB_ACL_T sys_acl_init( int count) +{ + SMB_ACL_T a; + if((count > ACL_MAX_ENTRIES) || (count < 0)) { + errno = EINVAL; + return NULL; + } + else { + a = (struct acl *)malloc(sizeof(struct acl)); // where is this memory freed? + a->acl_cnt = 0; + return a; + } +} + +int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type) +{ + + switch (tag_type) { + case SMB_ACL_USER: + case SMB_ACL_USER_OBJ: + case SMB_ACL_GROUP: + case SMB_ACL_GROUP_OBJ: + case SMB_ACL_OTHER: + case SMB_ACL_MASK: + entry_d->ae_tag = tag_type; + break; + default: + errno = EINVAL; + return -1; + } + return 0; +} + +int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry_d, void *qual_p) +{ + if(entry_d->ae_tag != SMB_ACL_GROUP && + entry_d->ae_tag != SMB_ACL_USER) { + errno = EINVAL; + return -1; + } + + entry_d->ae_id = *((uid_t *)qual_p); + + return 0; +} + +int sys_acl_set_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d) +{ +// TO DO: expand to extended permissions eventually! + + if(*permset_d & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) { + return EINVAL; + } + + return 0; +} + +int sys_acl_free_text(char *text) +{ + return acl_free(text); +} + +int sys_acl_free_acl(SMB_ACL_T the_acl) +{ + return acl_free(the_acl); +} + #else /* No ACLs. */ int sys_acl_get_entry( SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p) -- cgit From 45646e88188b5d175f7755bc64f186cd59ed4c80 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 5 Apr 2001 20:52:02 +0000 Subject: Fix from Michael Davidson to merge Solaris and UnixWare ACLs. Jeremy. (This used to be commit ffa800e980bfed3d82ec7b0a037085c4558f8f0f) --- source3/lib/sysacls.c | 623 +++++--------------------------------------------- 1 file changed, 58 insertions(+), 565 deletions(-) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index a01667ce36..b0ba2075ab 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -170,34 +170,38 @@ int sys_acl_free_acl(SMB_ACL_T the_acl) return acl_free(the_acl); } -#elif defined(HAVE_UNIXWARE_ACLS) +#elif defined(HAVE_UNIXWARE_ACLS) || defined(HAVE_SOLARIS_ACLS) /* - * Donated by Michael Davidson for UnixWare. - * As this is generic SVR4.x code, it may also work for Solaris ! + * Donated by Michael Davidson for UnixWare / OpenUNIX. + * Modified by Toomas Soome for Solaris. */ -#define INITIAL_ACL_SIZE 16 -#ifndef SETACL -#define SETACL ACL_SET -#endif +/* + * Note that while this code implements sufficient functionality + * to support the sys_acl_* interfaces it does not provide all + * of the semantics of the POSIX ACL interfaces. + * + * In particular, an ACL entry descriptor (SMB_ACL_ENTRY_T) returned + * from a call to sys_acl_get_entry() should not be assumed to be + * valid after calling any of the following functions, which may + * reorder the entries in the ACL. + * + * sys_acl_valid() + * sys_acl_set_file() + * sys_acl_set_fd() + */ -#ifndef GETACL -#define GETACL ACL_GET -#endif +/* + * The only difference between Solaris and UnixWare / OpenUNIX is + * that the #defines for the ACL operations have different names + */ +#if defined(HAVE_UNIXWARE_ACLS) -#ifndef GETACLCNT +#define SETACL ACL_SET +#define GETACL ACL_GET #define GETACLCNT ACL_CNT -#endif -#ifndef HAVE__FACL -/* - * until official facl() support shows up in UW 7.1.2 - */ - int facl(int fd, int cmd, int nentries, struct acl *aclbufp) -{ - return syscall(188, fd, cmd, nentries, aclbufp); -} #endif @@ -256,6 +260,20 @@ void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d) return &entry_d->a_id; } +/* + * There is no way of knowing what size the ACL returned by + * GETACL will be unless you first call GETACLCNT which means + * making an additional system call. + * + * In the hope of avoiding the cost of the additional system + * call in most cases, we initially allocate enough space for + * an ACL with INITIAL_ACL_SIZE entries. If this turns out to + * be too small then we use GETACLCNT to find out the actual + * size, reallocate the ACL buffer, and then call GETACL again. + */ + +#define INITIAL_ACL_SIZE 16 + SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type) { SMB_ACL_T acl_d; @@ -273,6 +291,14 @@ SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type) return NULL; } + /* + * If there isn't enough space for the ACL entries we use + * GETACLCNT to determine the actual number of ACL entries + * reallocate and try again. This is in a loop because it + * is possible that someone else could modify the ACL and + * increase the number of entries between the call to + * GETACLCNT and the call to GETACL. + */ while ((count = acl(path_p, GETACL, count, &acl_d->acl[0])) < 0 && errno == ENOSPC) { @@ -475,561 +501,27 @@ char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p) } - perms[0] = (ap->a_perm & S_IRUSR) ? 'r' : '-'; - perms[1] = (ap->a_perm & S_IWUSR) ? 'w' : '-'; - perms[2] = (ap->a_perm & S_IXUSR) ? 'x' : '-'; + perms[0] = (ap->a_perm & SMB_ACL_READ) ? 'r' : '-'; + perms[1] = (ap->a_perm & SMB_ACL_WRITE) ? 'w' : '-'; + perms[2] = (ap->a_perm & SMB_ACL_EXECUTE) ? 'x' : '-'; perms[3] = '\0'; /* : : rwx \n \0 */ nbytes = strlen(tag) + 1 + strlen(id) + 1 + 3 + 1 + 1; - if ((len + nbytes) > maxlen) { - /* - * allocate enough additional memory for this - * entry and an estimate of another 20 bytes - * for each entry still to be processed - */ - maxlen += nbytes + 20 * (acl_d->count - i); - - if ((text = realloc(text, maxlen)) == NULL) { - errno = ENOMEM; - return NULL; - } - } - - slprintf(&text[len], nbytes-1, "%s:%s:%s\n", tag, id, perms); - len += nbytes - 1; - } - - if (len_p) - *len_p = len; - - return text; -} - -SMB_ACL_T sys_acl_init(int count) -{ - SMB_ACL_T a; - - if (count < 0) { - errno = EINVAL; - return NULL; - } - - /* - * note that since the definition of the structure pointed - * to by the SMB_ACL_T includes the first element of the - * acl[] array, this actually allocates an ACL with room - * for (count+1) entries - */ - if ((a = malloc(sizeof(*a) + count * sizeof(struct acl))) == NULL) { - errno = ENOMEM; - return NULL; - } - - a->size = count + 1; - a->count = 0; - a->next = -1; - - return a; -} - - -int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p) -{ - SMB_ACL_T acl_d; - SMB_ACL_ENTRY_T entry_d; - - if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) { - errno = EINVAL; - return -1; - } - - if (acl_d->count >= acl_d->size) { - errno = ENOSPC; - return -1; - } - - entry_d = &acl_d->acl[acl_d->count++]; - entry_d->a_type = 0; - entry_d->a_id = -1; - entry_d->a_perm = 0; - *entry_p = entry_d; - - return 0; -} - -int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type) -{ - switch (tag_type) { - case SMB_ACL_USER: - case SMB_ACL_USER_OBJ: - case SMB_ACL_GROUP: - case SMB_ACL_GROUP_OBJ: - case SMB_ACL_OTHER: - case SMB_ACL_MASK: - entry_d->a_type = tag_type; - break; - default: - errno = EINVAL; - return -1; - } - - return 0; -} - -int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p) -{ - if (entry_d->a_type != SMB_ACL_GROUP - && entry_d->a_type != SMB_ACL_USER) { - errno = EINVAL; - return -1; - } - - entry_d->a_id = *((id_t *)qual_p); - - return 0; -} - -int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d) -{ - if (*permset_d & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) { - return EINVAL; - } - - entry_d->a_perm = *permset_d; - - return 0; -} - -int sys_acl_valid(SMB_ACL_T acl_d) -{ - if (aclsort(acl_d->count, 0, acl_d->acl) != 0) { - errno = EINVAL; - return -1; - } - - return 0; -} - -int sys_acl_set_file(char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d) -{ - struct stat s; - struct acl *acl_p; - int acl_count; - struct acl *acl_buf = NULL; - int ret; - - if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) { - errno = EINVAL; - return -1; - } - - if (stat(name, &s) != 0) { - return -1; - } - - acl_p = &acl_d->acl[0]; - acl_count = acl_d->count; - - /* - * if it's a directory there is extra work to do - * since the acl() system call will replace both - * the access ACLs and the default ACLs (if any) - */ - if (S_ISDIR(s.st_mode)) { - SMB_ACL_T acc_acl; - SMB_ACL_T def_acl; - SMB_ACL_T tmp_acl; - int i; - - if (type == SMB_ACL_TYPE_ACCESS) { - acc_acl = acl_d; - def_acl = - tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_DEFAULT); - - } else { - def_acl = acl_d; - acc_acl = - tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_ACCESS); - } - - if (tmp_acl == NULL) { - return -1; - } - - /* - * allocate a temporary buffer for the complete ACL - */ - acl_count = acc_acl->count + def_acl->count; - acl_p = - acl_buf = malloc(acl_count * sizeof(acl_buf[0])); - - if (acl_buf == NULL) { - sys_acl_free_acl(tmp_acl); - errno = ENOMEM; - return -1; - } - - /* - * copy the access control and default entries into the buffer - */ - memcpy(&acl_buf[0], &acc_acl->acl[0], - acc_acl->count * sizeof(acl_buf[0])); - - memcpy(&acl_buf[acc_acl->count], &def_acl->acl[0], - def_acl->count * sizeof(acl_buf[0])); - /* - * set the ACL_DEFAULT flag on the default entries + * If this entry would overflow the buffer + * allocate enough additional memory for this + * entry and an estimate of another 20 bytes + * for each entry still to be processed */ - for (i = acc_acl->count; i < acl_count; i++) { - acl_buf[i].a_type |= ACL_DEFAULT; - } - - sys_acl_free_acl(tmp_acl); - - } else if (type != SMB_ACL_TYPE_ACCESS) { - errno = EINVAL; - return -1; - } - - if (aclsort(acl_count, 0, acl_p) != 0) { - errno = EINVAL; - ret = -1; - } else { - ret = acl(name, SETACL, acl_count, acl_p); - } - - if (acl_buf) { - free(acl_buf); - } - - return ret; -} - -int sys_acl_set_fd(int fd, SMB_ACL_T acl_d) -{ - if (aclsort(acl_d->count, 0, acl_d->acl) != 0) { - errno = EINVAL; - return -1; - } + if ((len + nbytes) > maxlen) { + char *oldtext = text; - return facl(fd, SETACL, acl_d->count, &acl_d->acl[0]); -} - -int sys_acl_free_text(char *text) -{ - free(text); - return 0; -} - -int sys_acl_free_acl(SMB_ACL_T acl_d) -{ - free(acl_d); - return 0; -} - -#elif defined(HAVE_SOLARIS_ACLS) - -/* - * Code donated by Toomas Soome . - * Based on the implementation by Michael Davidson for UnixWare. - */ - -#define INITIAL_ACL_SIZE 16 - -int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p) -{ - if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) { - errno = EINVAL; - return -1; - } - - if (entry_p == NULL) { - errno = EINVAL; - return -1; - } - - if (entry_id == SMB_ACL_FIRST_ENTRY) { - acl_d->next = 0; - } - - if (acl_d->next < 0) { - errno = EINVAL; - return -1; - } - - if (acl_d->next >= acl_d->count) { - return 0; - } - - *entry_p = &acl_d->acl[acl_d->next++]; - - return 1; -} - -int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p) -{ - *type_p = entry_d->a_type; - - return 0; -} - -int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p) -{ - *permset_p = &entry_d->a_perm; - - return 0; -} - -void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d) -{ - if (entry_d->a_type != SMB_ACL_USER - && entry_d->a_type != SMB_ACL_GROUP) { - errno = EINVAL; - return NULL; - } - - return &entry_d->a_id; -} - -SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type) -{ - SMB_ACL_T acl_d; - int count; /* # of ACL entries allocated */ - int naccess; /* # of access ACL entries */ - int ndefault; /* # of default ACL entries */ - - if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) { - errno = EINVAL; - return NULL; - } - - count = INITIAL_ACL_SIZE; - if ((acl_d = sys_acl_init(count)) == NULL) { - return NULL; - } - - while ((count = acl(path_p, GETACL, count, &acl_d->acl[0])) < 0 - && errno == ENOSPC) { - - if ((count = acl(path_p, GETACLCNT, 0, NULL)) < 0) { - return NULL; - } - - sys_acl_free_acl(acl_d); - - if ((acl_d = sys_acl_init(count)) == NULL) { - return NULL; - } - } - - if (count < 0) { - return NULL; - } - - /* - * calculate the number of access and default ACL entries - * - * Note: we assume that the acl() system call returned a - * well formed ACL which is sorted so that all of the - * access ACL entries preceed any default ACL entries - */ - for (naccess = 0; naccess < count; naccess++) { - if (acl_d->acl[naccess].a_type & ACL_DEFAULT) - break; - } - ndefault = count - naccess; - - /* - * if the caller wants the default ACL we have to copy - * the entries down to the start of the acl[] buffer - * and mask out the ACL_DEFAULT flag from the type field - */ - if (type == SMB_ACL_TYPE_DEFAULT) { - int i, j; - - for (i = 0, j = naccess; i < ndefault; i++, j++) { - acl_d->acl[i] = acl_d->acl[j]; - acl_d->acl[i].a_type &= ~ACL_DEFAULT; - } - - acl_d->count = ndefault; - } else { - acl_d->count = naccess; - } - - return acl_d; -} - -SMB_ACL_T sys_acl_get_fd(int fd) -{ - SMB_ACL_T acl_d; - int count; /* # of ACL entries allocated */ - int naccess; /* # of access ACL entries */ - - count = INITIAL_ACL_SIZE; - if ((acl_d = sys_acl_init(count)) == NULL) { - return NULL; - } - - while ((count = facl(fd, GETACL, count, &acl_d->acl[0])) < 0 - && errno == ENOSPC) { - - if ((count = facl(fd, GETACLCNT, 0, NULL)) < 0) { - return NULL; - } - - sys_acl_free_acl(acl_d); - - if ((acl_d = sys_acl_init(count)) == NULL) { - return NULL; - } - } - - if (count < 0) { - return NULL; - } - - /* - * calculate the number of access ACL entries - */ - for (naccess = 0; naccess < count; naccess++) { - if (acl_d->acl[naccess].a_type & ACL_DEFAULT) - break; - } - - acl_d->count = naccess; - - return acl_d; -} - -int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d) -{ - *permset_d = 0; - - return 0; -} - -int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm) -{ - if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE - && perm != SMB_ACL_EXECUTE) { - errno = EINVAL; - return -1; - } - - if (permset_d == NULL) { - errno = EINVAL; - return -1; - } - - *permset_d |= perm; - - return 0; -} - -int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm) -{ - return *permset_d & perm; -} - -char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p) -{ - int i; - int len, maxlen; - char *text; - - /* - * use an initial estimate of 20 bytes per ACL entry - * when allocating memory for the text representation - * of the ACL - */ - len = 0; - maxlen = 20 * acl_d->count; - if ((text = malloc(maxlen)) == NULL) { - errno = ENOMEM; - return NULL; - } - - for (i = 0; i < acl_d->count; i++) { - struct acl *ap = &acl_d->acl[i]; - struct passwd *pw; - struct group *gr; - char tagbuf[12]; - char idbuf[12]; - char *tag; - char *id = ""; - char perms[4]; - int nbytes; - - switch (ap->a_type) { - /* - * for debugging purposes it's probably more - * useful to dump unknown tag types rather - * than just returning an error - */ - default: - slprintf(tagbuf, sizeof(tagbuf)-1, "0x%x", - ap->a_type); - tag = tagbuf; - slprintf(idbuf, sizeof(idbuf)-1, "%ld", - (long)ap->a_id); - id = idbuf; - break; - - case SMB_ACL_USER: - if ((pw = sys_getpwuid(ap->a_id)) == NULL) { - slprintf(idbuf, sizeof(idbuf)-1, "%ld", - (long)ap->a_id); - id = idbuf; - } else { - id = pw->pw_name; - } - case SMB_ACL_USER_OBJ: - tag = "user"; - break; - - case SMB_ACL_GROUP: - if ((gr = getgrgid(ap->a_id)) == NULL) { - slprintf(idbuf, sizeof(idbuf)-1, "%ld", - (long)ap->a_id); - id = idbuf; - } else { - id = gr->gr_name; - } - case SMB_ACL_GROUP_OBJ: - tag = "group"; - break; - - case SMB_ACL_OTHER: - tag = "other"; - break; - - case SMB_ACL_MASK: - tag = "mask"; - break; - - } - - perms[0] = (ap->a_perm & SMB_ACL_READ) ? 'r' : '-'; - perms[1] = (ap->a_perm & SMB_ACL_WRITE) ? 'w' : '-'; - perms[2] = (ap->a_perm & SMB_ACL_EXECUTE) ? 'x' : '-'; - perms[3] = '\0'; - - /* : : rwx \n \0 */ - nbytes = strlen(tag) + 1 + strlen(id) + 1 + 3 + 1 + 1; - - if ((len + nbytes) > maxlen) { - /* - * allocate enough additional memory for this - * entry and an estimate of another 20 bytes - * for each entry still to be processed - */ maxlen += nbytes + 20 * (acl_d->count - i); - if ((text = realloc(text, maxlen)) == NULL) { + if ((text = realloc(oldtext, maxlen)) == NULL) { + free(oldtext); errno = ENOMEM; return NULL; } @@ -1727,6 +1219,7 @@ int sys_acl_free_acl(SMB_ACL_T the_acl) return acl_free(the_acl); } +>>>>>>> 1.15 #else /* No ACLs. */ int sys_acl_get_entry( SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p) -- cgit From 91e97f90919fdc3bd2d26a5809cc3d037dbe4b22 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 11 Apr 2001 02:02:45 +0000 Subject: Changed the order of -kPIC and -kpic. Added patch from Michael Davidson for Solaris/Unixware ACLS. Jeremy. (This used to be commit 144a2906810e8d4414d627835eb80f60bd1d88a4) --- source3/lib/sysacls.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index b0ba2075ab..778f467c12 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -302,18 +302,19 @@ SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type) while ((count = acl(path_p, GETACL, count, &acl_d->acl[0])) < 0 && errno == ENOSPC) { + sys_acl_free_acl(acl_d); + if ((count = acl(path_p, GETACLCNT, 0, NULL)) < 0) { return NULL; } - sys_acl_free_acl(acl_d); - if ((acl_d = sys_acl_init(count)) == NULL) { return NULL; } } if (count < 0) { + sys_acl_free_acl(acl_d); return NULL; } @@ -365,18 +366,19 @@ SMB_ACL_T sys_acl_get_fd(int fd) while ((count = facl(fd, GETACL, count, &acl_d->acl[0])) < 0 && errno == ENOSPC) { + sys_acl_free_acl(acl_d); + if ((count = facl(fd, GETACLCNT, 0, NULL)) < 0) { return NULL; } - sys_acl_free_acl(acl_d); - if ((acl_d = sys_acl_init(count)) == NULL) { return NULL; } } if (count < 0) { + sys_acl_free_acl(acl_d); return NULL; } -- cgit From 6578fd874283ee97c2896bcf7257db7f3e37c2ec Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 11 Apr 2001 23:19:08 +0000 Subject: To stop people complaining about the mktemp call, move it into lib/util.c. Thanks to Andrew for all this code. Fixed extra line in lib/sysacls.c that broke XFS ACL code. Jeremy. (This used to be commit 9b32b8a8cfc8ddb93c14d5581f433d2e93f89ed2) --- source3/lib/sysacls.c | 1 - 1 file changed, 1 deletion(-) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index 778f467c12..59f8e2e043 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -1221,7 +1221,6 @@ int sys_acl_free_acl(SMB_ACL_T the_acl) return acl_free(the_acl); } ->>>>>>> 1.15 #else /* No ACLs. */ int sys_acl_get_entry( SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p) -- cgit From e5691d44a8e4551abe6290b8994f6fc8568e5759 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 12 Apr 2001 05:32:27 +0000 Subject: Merged John's changes. Jeremy. (This used to be commit add847778bf458238bf2a1b14ab71b8cdfd7aec0) --- source3/lib/sysacls.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index 59f8e2e043..2963049572 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -636,7 +636,7 @@ int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d) int sys_acl_valid(SMB_ACL_T acl_d) { - if (aclsort(acl_d->count, 0, acl_d->acl) != 0) { + if (aclsort(acl_d->count, 1, acl_d->acl) != 0) { errno = EINVAL; return -1; } @@ -726,7 +726,7 @@ int sys_acl_set_file(char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d) return -1; } - if (aclsort(acl_count, 0, acl_p) != 0) { + if (aclsort(acl_count, 1, acl_p) != 0) { errno = EINVAL; ret = -1; } else { @@ -742,7 +742,7 @@ int sys_acl_set_file(char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d) int sys_acl_set_fd(int fd, SMB_ACL_T acl_d) { - if (aclsort(acl_d->count, 0, acl_d->acl) != 0) { + if (aclsort(acl_d->count, 1, acl_d->acl) != 0) { errno = EINVAL; return -1; } -- cgit From 9444e9d9f350961b594a1acbe7a7652d97faec0a Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 13 Apr 2001 21:11:57 +0000 Subject: Michael Davidson pointed out that acl_get_qualifier can potentially return a malloced area so added sys_acl_free_qualifier() calls to all supported ACL interfaces to code with this (only Linux needs actual free call). Jeremy. (This used to be commit 5870e6019b82d2088b99acdc0f84e9e4847a1fa5) --- source3/lib/sysacls.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index 2963049572..02018a52b3 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -63,6 +63,7 @@ extern int DEBUGLEVEL; int sys_acl_free_text(char *text) - free acl_to_text int sys_acl_free_acl(SMB_ACL_T posix_acl) + int sys_acl_free_qualifier(SMB_ACL_T posix_acl) */ @@ -170,6 +171,11 @@ int sys_acl_free_acl(SMB_ACL_T the_acl) return acl_free(the_acl); } +int sys_acl_free_qualifier(void *qual) +{ + return acl_free(qual); +} + #elif defined(HAVE_UNIXWARE_ACLS) || defined(HAVE_SOLARIS_ACLS) /* @@ -762,6 +768,11 @@ int sys_acl_free_acl(SMB_ACL_T acl_d) return 0; } +int sys_acl_free_qualifier(void *qual) +{ + return 0; +} + #elif defined(HAVE_IRIX_ACLS) int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p) @@ -1007,6 +1018,11 @@ int sys_acl_free_acl(SMB_ACL_T acl_d) return 0; } +int sys_acl_free_qualifier(void *qual) +{ + return 0; +} + #elif defined(HAVE_XFS_ACLS) /* For Linux SGI/XFS Filesystems * contributed by J Trostel, Connex @@ -1221,6 +1237,11 @@ int sys_acl_free_acl(SMB_ACL_T the_acl) return acl_free(the_acl); } +int sys_acl_free_qualifier(void *qual) +{ + return 0; +} + #else /* No ACLs. */ int sys_acl_get_entry( SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p) @@ -1342,4 +1363,11 @@ int sys_acl_free_acl(SMB_ACL_T the_acl) errno = ENOSYS; return -1; } + +int sys_acl_free_qualifier(void *qual) +{ + errno = ENOSYS; + return -1; +} + #endif /* No ACLs. */ -- cgit From ed449b8ca7697d64ab3cfe8289287dd18566c91e Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 14 Apr 2001 19:46:28 +0000 Subject: Added POSIX_ACL support for *BSD. Patch from jedgar@fxp.org. Changed a bit to use AC_TRY_LINK to ensure functions are available for link instead of AC_TRY_COMPILE. Jeremy. (This used to be commit c23628746342b6afa28cb34b0b4eaa61189ad390) --- source3/lib/sysacls.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index 02018a52b3..ba015e8f8d 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -113,7 +113,16 @@ int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) { +#if defined(HAVE_ACL_GET_PERM_NP) + /* + * Required for TrustedBSD-based ACL implementations where + * non-POSIX.1e functions are denoted by a _np (non-portable) + * suffix. + */ + return acl_get_perm_np(permset, perm); +#else return acl_get_perm(permset, perm); +#endif } char *sys_acl_to_text( SMB_ACL_T the_acl, ssize_t *plen) -- cgit From 8a1c2e02984edd17e6ab0d5088a80c4dd5f9b933 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 17 Apr 2001 05:41:07 +0000 Subject: AIX ACLs donated by IBM. Merge Andrew's fnmatch fix for WfW. Jeremy. (This used to be commit 1d4438f07745df3d02ed8ab3ef048e20016816b6) --- source3/lib/sysacls.c | 887 +++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 883 insertions(+), 4 deletions(-) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index ba015e8f8d..d1b6e58b40 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -1161,8 +1161,8 @@ int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) { -// TO DO: Add in ALL possible permissions here -// TO DO: Include extended ones!! + /* TO DO: Add in ALL possible permissions here */ + /* TO DO: Include extended ones!! */ if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE && perm != SMB_ACL_EXECUTE) { errno = EINVAL; @@ -1187,7 +1187,7 @@ SMB_ACL_T sys_acl_init( int count) return NULL; } else { - a = (struct acl *)malloc(sizeof(struct acl)); // where is this memory freed? + a = (struct acl *)malloc(sizeof(struct acl)); /* where is this memory freed? */ a->acl_cnt = 0; return a; } @@ -1227,7 +1227,7 @@ int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry_d, void *qual_p) int sys_acl_set_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d) { -// TO DO: expand to extended permissions eventually! + /* TO DO: expand to extended permissions eventually! */ if(*permset_d & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) { return EINVAL; @@ -1251,6 +1251,885 @@ int sys_acl_free_qualifier(void *qual) return 0; } +#elif defined(HAVE_AIX_ACLS) + +/* Donated by Medha Date, mdate@austin.ibm.com, for IBM */ + +int sys_acl_get_entry( SMB_ACL_T theacl, int entry_id, SMB_ACL_ENTRY_T *entry_p) +{ + struct acl_entry_link *link; + struct new_acl_entry *entry; + int keep_going; + + DEBUG(10,("This is the count: %d\n",theacl->count)); + + /* Check if count was previously set to -1. * + * If it was, that means we reached the end * + * of the acl last time. */ + if(theacl->count == -1) + return(0); + + link = theacl; + /* To get to the next acl, traverse linked list until index * + * of acl matches the count we are keeping. This count is * + * incremented each time we return an acl entry. */ + + for(keep_going = 0; keep_going < theacl->count; keep_going++) + link = link->nextp; + + entry = *entry_p = link->entryp; + + DEBUG(10,("*entry_p is %d\n",entry_p)); + DEBUG(10,("*entry_p->ace_access is %d\n",entry->ace_access)); + + /* Increment count */ + theacl->count++; + if(link->nextp == NULL) + theacl->count = -1; + + return(1); +} + +int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p) +{ + /* Initialize tag type */ + + *tag_type_p = -1; + DEBUG(10,("the tagtype is %d\n",entry_d->ace_id->id_type)); + + /* Depending on what type of entry we have, * + * return tag type. */ + switch(entry_d->ace_id->id_type) { + case ACEID_USER: + *tag_type_p = SMB_ACL_USER; + break; + case ACEID_GROUP: + *tag_type_p = SMB_ACL_GROUP; + break; + + case SMB_ACL_USER_OBJ: + case SMB_ACL_GROUP_OBJ: + case SMB_ACL_OTHER: + *tag_type_p = entry_d->ace_id->id_type; + break; + + default: + return(-1); + } + + return(0); +} + +int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p) +{ + DEBUG(10,("Starting AIX sys_acl_get_permset\n")); + *permset_p = &entry_d->ace_access; + DEBUG(10,("**permset_p is %d\n",**permset_p)); + if(!(**permset_p & S_IXUSR) && + !(**permset_p & S_IWUSR) && + !(**permset_p & S_IRUSR) && + (**permset_p != 0)) + return(-1); + + DEBUG(10,("Ending AIX sys_acl_get_permset\n")); + return(0); +} + +void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d) +{ + return(entry_d->ace_id->id_data); +} + +SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type) +{ + struct acl *file_acl = (struct acl *)NULL; + struct acl_entry *acl_entry; + struct new_acl_entry *new_acl_entry; + struct ace_id *idp; + struct acl_entry_link *acl_entry_link; + struct acl_entry_link *acl_entry_link_head; + int i; + int rc = 0; + uid_t user_id; + + /* Get the acl using statacl */ + + DEBUG(10,("Entering sys_acl_get_file\n")); + DEBUG(10,("path_p is %s\n",path_p)); + + file_acl = (struct acl *)malloc(BUFSIZ); + + if(file_acl == NULL) { + errno=ENOMEM; + DEBUG(0,("Error in AIX sys_acl_get_file: %d\n",errno)); + return(NULL); + } + + memset(file_acl,0,BUFSIZ); + + rc = statacl((char *)path_p,0,file_acl,BUFSIZ); + if(rc == -1) { + DEBUG(0,("statacl returned %d with errno %d\n",rc,errno)); + free(file_acl); + return(NULL); + } + + DEBUG(10,("Got facl and returned it\n")); + + /* Point to the first acl entry in the acl */ + acl_entry = file_acl->acl_ext; + + /* Begin setting up the head of the linked list * + * that will be used for the storing the acl * + * in a way that is useful for the posix_acls.c * + * code. */ + + acl_entry_link_head = acl_entry_link = sys_acl_init(0); + if(acl_entry_link_head == NULL) + return(NULL); + + acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof(struct new_acl_entry)); + if(acl_entry_link->entryp == NULL) { + free(file_acl); + errno = ENOMEM; + DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno)); + return(NULL); + } + + DEBUG(10,("acl_entry is %d\n",acl_entry)); + DEBUG(10,("acl_last(file_acl) id %d\n",acl_last(file_acl))); + + /* Check if the extended acl bit is on. * + * If it isn't, do not show the * + * contents of the acl since AIX intends * + * the extended info to remain unused */ + + if(file_acl->acl_mode & S_IXACL){ + /* while we are not pointing to the very end */ + while(acl_entry < acl_last(file_acl)) { + /* before we malloc anything, make sure this is */ + /* a valid acl entry and one that we want to map */ + idp = id_nxt(acl_entry->ace_id); + if((acl_entry->ace_type == ACC_SPECIFY || + (acl_entry->ace_type == ACC_PERMIT)) && (idp != id_last(acl_entry))) { + acl_entry = acl_nxt(acl_entry); + continue; + } + + idp = acl_entry->ace_id; + + /* Check if this is the first entry in the linked list. * + * The first entry needs to keep prevp pointing to NULL * + * and already has entryp allocated. */ + + if(acl_entry_link_head->count != 0) { + acl_entry_link->nextp = (struct acl_entry_link *) + malloc(sizeof(struct acl_entry_link)); + + if(acl_entry_link->nextp == NULL) { + free(file_acl); + errno = ENOMEM; + DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno)); + return(NULL); + } + + acl_entry_link->nextp->prevp = acl_entry_link; + acl_entry_link = acl_entry_link->nextp; + acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof(struct new_acl_entry)); + if(acl_entry_link->entryp == NULL) { + free(file_acl); + errno = ENOMEM; + DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno)); + return(NULL); + } + acl_entry_link->nextp = NULL; + } + + acl_entry_link->entryp->ace_len = acl_entry->ace_len; + + /* Don't really need this since all types are going * + * to be specified but, it's better than leaving it 0 */ + + acl_entry_link->entryp->ace_type = acl_entry->ace_type; + + acl_entry_link->entryp->ace_access = acl_entry->ace_access; + + memcpy(acl_entry_link->entryp->ace_id,idp,sizeof(struct ace_id)); + + /* The access in the acl entries must be left shifted by * + * three bites, because they will ultimately be compared * + * to S_IRUSR, S_IWUSR, and S_IXUSR. */ + + switch(acl_entry->ace_type){ + case ACC_PERMIT: + case ACC_SPECIFY: + acl_entry_link->entryp->ace_access = acl_entry->ace_access; + acl_entry_link->entryp->ace_access <<= 6; + acl_entry_link_head->count++; + break; + case ACC_DENY: + /* Since there is no way to return a DENY acl entry * + * change to PERMIT and then shift. */ + DEBUG(10,("acl_entry->ace_access is %d\n",acl_entry->ace_access)); + acl_entry_link->entryp->ace_access = ~acl_entry->ace_access & 7; + DEBUG(10,("acl_entry_link->entryp->ace_access is %d\n",acl_entry_link->entryp->ace_access)); + acl_entry_link->entryp->ace_access <<= 6; + acl_entry_link_head->count++; + break; + default: + return(0); + } + + DEBUG(10,("acl_entry = %d\n",acl_entry)); + DEBUG(10,("The ace_type is %d\n",acl_entry->ace_type)); + + acl_entry = acl_nxt(acl_entry); + } + } /* end of if enabled */ + + /* Since owner, group, other acl entries are not * + * part of the acl entries in an acl, they must * + * be dummied up to become part of the list. */ + + for( i = 1; i < 4; i++) { + DEBUG(10,("i is %d\n",i)); + if(acl_entry_link_head->count != 0) { + acl_entry_link->nextp = (struct acl_entry_link *)malloc(sizeof(struct acl_entry_link)); + if(acl_entry_link->nextp == NULL) { + free(file_acl); + errno = ENOMEM; + DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno)); + return(NULL); + } + + acl_entry_link->nextp->prevp = acl_entry_link; + acl_entry_link = acl_entry_link->nextp; + acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof(struct new_acl_entry)); + if(acl_entry_link->entryp == NULL) { + free(file_acl); + errno = ENOMEM; + DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno)); + return(NULL); + } + } + + acl_entry_link->nextp = NULL; + + new_acl_entry = acl_entry_link->entryp; + idp = new_acl_entry->ace_id; + + new_acl_entry->ace_len = sizeof(struct acl_entry); + new_acl_entry->ace_type = ACC_PERMIT; + idp->id_len = sizeof(struct ace_id); + DEBUG(10,("idp->id_len = %d\n",idp->id_len)); + memset(idp->id_data,0,sizeof(uid_t)); + + switch(i) { + case 2: + new_acl_entry->ace_access = file_acl->g_access << 6; + idp->id_type = SMB_ACL_GROUP_OBJ; + break; + + case 3: + new_acl_entry->ace_access = file_acl->o_access << 6; + idp->id_type = SMB_ACL_OTHER; + break; + + case 1: + new_acl_entry->ace_access = file_acl->u_access << 6; + idp->id_type = SMB_ACL_USER_OBJ; + break; + + default: + return(NULL); + + } + + acl_entry_link_head->count++; + DEBUG(10,("new_acl_entry->ace_access = %d\n",new_acl_entry->ace_access)); + } + + acl_entry_link_head->count = 0; + free(file_acl); + + return(acl_entry_link_head); +} + +SMB_ACL_T sys_acl_get_fd(int fd) +{ + struct acl *file_acl = (struct acl *)NULL; + struct acl_entry *acl_entry; + struct new_acl_entry *new_acl_entry; + struct ace_id *idp; + struct acl_entry_link *acl_entry_link; + struct acl_entry_link *acl_entry_link_head; + int i; + int rc = 0; + uid_t user_id; + + /* Get the acl using fstatacl */ + + DEBUG(10,("Entering sys_acl_get_fd\n")); + DEBUG(10,("fd is %d\n",fd)); + file_acl = (struct acl *)malloc(BUFSIZ); + + if(file_acl == NULL) { + errno=ENOMEM; + DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno)); + return(NULL); + } + + memset(file_acl,0,BUFSIZ); + + rc = fstatacl(fd,0,file_acl,BUFSIZ); + if(rc == -1) { + DEBUG(0,("The fstatacl call returned %d with errno %d\n",rc,errno)); + free(file_acl); + return(NULL); + } + + DEBUG(10,("Got facl and returned it\n")); + + /* Point to the first acl entry in the acl */ + + acl_entry = file_acl->acl_ext; + /* Begin setting up the head of the linked list * + * that will be used for the storing the acl * + * in a way that is useful for the posix_acls.c * + * code. */ + + acl_entry_link_head = acl_entry_link = sys_acl_init(0); + if(acl_entry_link_head == NULL){ + free(file_acl); + return(NULL); + } + + acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof(struct new_acl_entry)); + + if(acl_entry_link->entryp == NULL) { + errno = ENOMEM; + DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno)); + free(file_acl); + return(NULL); + } + + DEBUG(10,("acl_entry is %d\n",acl_entry)); + DEBUG(10,("acl_last(file_acl) id %d\n",acl_last(file_acl))); + + /* Check if the extended acl bit is on. * + * If it isn't, do not show the * + * contents of the acl since AIX intends * + * the extended info to remain unused */ + + if(file_acl->acl_mode & S_IXACL){ + /* while we are not pointing to the very end */ + while(acl_entry < acl_last(file_acl)) { + /* before we malloc anything, make sure this is */ + /* a valid acl entry and one that we want to map */ + + idp = id_nxt(acl_entry->ace_id); + if((acl_entry->ace_type == ACC_SPECIFY || + (acl_entry->ace_type == ACC_PERMIT)) && (idp != id_last(acl_entry))) { + acl_entry = acl_nxt(acl_entry); + continue; + } + + idp = acl_entry->ace_id; + + /* Check if this is the first entry in the linked list. * + * The first entry needs to keep prevp pointing to NULL * + * and already has entryp allocated. */ + + if(acl_entry_link_head->count != 0) { + acl_entry_link->nextp = (struct acl_entry_link *)malloc(sizeof(struct acl_entry_link)); + if(acl_entry_link->nextp == NULL) { + errno = ENOMEM; + DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno)); + free(file_acl); + return(NULL); + } + acl_entry_link->nextp->prevp = acl_entry_link; + acl_entry_link = acl_entry_link->nextp; + acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof(struct new_acl_entry)); + if(acl_entry_link->entryp == NULL) { + errno = ENOMEM; + DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno)); + free(file_acl); + return(NULL); + } + + acl_entry_link->nextp = NULL; + } + + acl_entry_link->entryp->ace_len = acl_entry->ace_len; + + /* Don't really need this since all types are going * + * to be specified but, it's better than leaving it 0 */ + + acl_entry_link->entryp->ace_type = acl_entry->ace_type; + acl_entry_link->entryp->ace_access = acl_entry->ace_access; + + memcpy(acl_entry_link->entryp->ace_id, idp, sizeof(struct ace_id)); + + /* The access in the acl entries must be left shifted by * + * three bites, because they will ultimately be compared * + * to S_IRUSR, S_IWUSR, and S_IXUSR. */ + + switch(acl_entry->ace_type){ + case ACC_PERMIT: + case ACC_SPECIFY: + acl_entry_link->entryp->ace_access = acl_entry->ace_access; + acl_entry_link->entryp->ace_access <<= 6; + acl_entry_link_head->count++; + break; + case ACC_DENY: + /* Since there is no way to return a DENY acl entry * + * change to PERMIT and then shift. */ + DEBUG(10,("acl_entry->ace_access is %d\n",acl_entry->ace_access)); + acl_entry_link->entryp->ace_access = ~acl_entry->ace_access & 7; + DEBUG(10,("acl_entry_link->entryp->ace_access is %d\n",acl_entry_link->entryp->ace_access)); + acl_entry_link->entryp->ace_access <<= 6; + acl_entry_link_head->count++; + break; + default: + return(0); + } + + DEBUG(10,("acl_entry = %d\n",acl_entry)); + DEBUG(10,("The ace_type is %d\n",acl_entry->ace_type)); + + acl_entry = acl_nxt(acl_entry); + } + } /* end of if enabled */ + + /* Since owner, group, other acl entries are not * + * part of the acl entries in an acl, they must * + * be dummied up to become part of the list. */ + + for( i = 1; i < 4; i++) { + DEBUG(10,("i is %d\n",i)); + if(acl_entry_link_head->count != 0){ + acl_entry_link->nextp = (struct acl_entry_link *)malloc(sizeof(struct acl_entry_link)); + if(acl_entry_link->nextp == NULL) { + errno = ENOMEM; + DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno)); + free(file_acl); + return(NULL); + } + + acl_entry_link->nextp->prevp = acl_entry_link; + acl_entry_link = acl_entry_link->nextp; + acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof(struct new_acl_entry)); + + if(acl_entry_link->entryp == NULL) { + free(file_acl); + errno = ENOMEM; + DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno)); + return(NULL); + } + } + + acl_entry_link->nextp = NULL; + + new_acl_entry = acl_entry_link->entryp; + idp = new_acl_entry->ace_id; + + new_acl_entry->ace_len = sizeof(struct acl_entry); + new_acl_entry->ace_type = ACC_PERMIT; + idp->id_len = sizeof(struct ace_id); + DEBUG(10,("idp->id_len = %d\n",idp->id_len)); + memset(idp->id_data,0,sizeof(uid_t)); + + switch(i) { + case 2: + new_acl_entry->ace_access = file_acl->g_access << 6; + idp->id_type = SMB_ACL_GROUP_OBJ; + break; + + case 3: + new_acl_entry->ace_access = file_acl->o_access << 6; + idp->id_type = SMB_ACL_OTHER; + break; + + case 1: + new_acl_entry->ace_access = file_acl->u_access << 6; + idp->id_type = SMB_ACL_USER_OBJ; + break; + + default: + return(NULL); + } + + acl_entry_link_head->count++; + DEBUG(10,("new_acl_entry->ace_access = %d\n",new_acl_entry->ace_access)); + } + + acl_entry_link_head->count = 0; + free(file_acl); + + return(acl_entry_link_head); +} + +int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset) +{ + *permset = *permset & ~0777; + return(0); +} + +int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) +{ + if((perm != 0) && + (perm & (S_IXUSR | S_IWUSR | S_IRUSR)) == 0) + return(-1); + + *permset |= perm; + DEBUG(10,("This is the permset now: %d\n",*permset)); + return(0); +} + +char *sys_acl_to_text( SMB_ACL_T theacl, ssize_t *plen) +{ + return(NULL); +} + +SMB_ACL_T sys_acl_init( int count) +{ + struct acl_entry_link *theacl = NULL; + + DEBUG(10,("Entering sys_acl_init\n")); + + theacl = (struct acl_entry_link *)malloc(sizeof(struct acl_entry_link)); + if(theacl == NULL) { + errno = ENOMEM; + DEBUG(0,("Error in sys_acl_init is %d\n",errno)); + return(NULL); + } + + theacl->count = 0; + theacl->nextp = NULL; + theacl->prevp = NULL; + theacl->entryp = NULL; + DEBUG(10,("Exiting sys_acl_init\n")); + return(theacl); +} + +int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry) +{ + struct acl_entry_link *theacl; + struct acl_entry_link *acl_entryp; + struct acl_entry_link *temp_entry; + int counting; + + DEBUG(10,("Entering the sys_acl_create_entry\n")); + + theacl = acl_entryp = *pacl; + + /* Get to the end of the acl before adding entry */ + + for(counting=0; counting < theacl->count; counting++){ + DEBUG(10,("The acl_entryp is %d\n",acl_entryp)); + temp_entry = acl_entryp; + acl_entryp = acl_entryp->nextp; + } + + if(theacl->count != 0){ + temp_entry->nextp = acl_entryp = (struct acl_entry_link *)malloc(sizeof(struct acl_entry_link)); + if(acl_entryp == NULL) { + errno = ENOMEM; + DEBUG(0,("Error in sys_acl_create_entry is %d\n",errno)); + return(-1); + } + + DEBUG(10,("The acl_entryp is %d\n",acl_entryp)); + acl_entryp->prevp = temp_entry; + DEBUG(10,("The acl_entryp->prevp is %d\n",acl_entryp->prevp)); + } + + *pentry = acl_entryp->entryp = (struct new_acl_entry *)malloc(sizeof(struct new_acl_entry)); + if(*pentry == NULL) { + errno = ENOMEM; + DEBUG(0,("Error in sys_acl_create_entry is %d\n",errno)); + return(-1); + } + + memset(*pentry,0,sizeof(struct new_acl_entry)); + acl_entryp->entryp->ace_len = sizeof(struct acl_entry); + acl_entryp->entryp->ace_type = ACC_PERMIT; + acl_entryp->entryp->ace_id->id_len = sizeof(struct ace_id); + acl_entryp->nextp = NULL; + theacl->count++; + DEBUG(10,("Exiting sys_acl_create_entry\n")); + return(0); +} + +int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype) +{ + DEBUG(10,("Starting AIX sys_acl_set_tag_type\n")); + entry->ace_id->id_type = tagtype; + DEBUG(10,("The tag type is %d\n",entry->ace_id->id_type)); + DEBUG(10,("Ending AIX sys_acl_set_tag_type\n")); +} + +int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual) +{ + DEBUG(10,("Starting AIX sys_acl_set_qualifier\n")); + memcpy(entry->ace_id->id_data,qual,sizeof(uid_t)); + DEBUG(10,("Ending AIX sys_acl_set_qualifier\n")); + return(0); +} + +int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset) +{ + DEBUG(10,("Starting AIX sys_acl_set_permset\n")); + if(!(*permset & S_IXUSR) && + !(*permset & S_IWUSR) && + !(*permset & S_IRUSR) && + (*permset != 0)) + return(-1); + + entry->ace_access = *permset; + DEBUG(10,("entry->ace_access = %d\n",entry->ace_access)); + DEBUG(10,("Ending AIX sys_acl_set_permset\n")); + return(0); +} + +int sys_acl_valid( SMB_ACL_T theacl ) +{ + int user_obj = 0; + int group_obj = 0; + int other_obj = 0; + struct acl_entry_link *acl_entry; + + for(acl_entry=theacl; acl_entry != NULL; acl_entry = acl_entry->nextp) { + user_obj += (acl_entry->entryp->ace_id->id_type == SMB_ACL_USER_OBJ); + group_obj += (acl_entry->entryp->ace_id->id_type == SMB_ACL_GROUP_OBJ); + other_obj += (acl_entry->entryp->ace_id->id_type == SMB_ACL_OTHER); + } + + DEBUG(10,("user_obj=%d, group_obj=%d, other_obj=%d\n",user_obj,group_obj,other_obj)); + + if(user_obj != 1 || group_obj != 1 || other_obj != 1) + return(-1); + + return(0); +} + +int sys_acl_set_file( char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) +{ + struct acl_entry_link *acl_entry_link = NULL; + struct acl *file_acl = NULL; + struct acl *file_acl_temp = NULL; + struct acl_entry *acl_entry = NULL; + struct ace_id *ace_id = NULL; + uint id_type; + uint ace_access; + uint user_id; + uint acl_length; + uint rc; + + DEBUG(10,("Entering sys_acl_set_file\n")); + DEBUG(10,("File name is %s\n",name)); + + /* AIX has no default ACL */ + if(acltype == SMB_ACL_TYPE_DEFAULT) + return(0); + + acl_length = BUFSIZ; + file_acl = (struct acl *)malloc(BUFSIZ); + + if(file_acl == NULL) { + errno = ENOMEM; + DEBUG(0,("Error in sys_acl_set_file is %d\n",errno)); + return(-1); + } + + memset(file_acl,0,BUFSIZ); + + file_acl->acl_len = ACL_SIZ; + file_acl->acl_mode = S_IXACL; + + for(acl_entry_link=theacl; acl_entry_link != NULL; acl_entry_link = acl_entry_link->nextp) { + acl_entry_link->entryp->ace_access >>= 6; + id_type = acl_entry_link->entryp->ace_id->id_type; + + switch(id_type) { + case SMB_ACL_USER_OBJ: + file_acl->u_access = acl_entry_link->entryp->ace_access; + continue; + case SMB_ACL_GROUP_OBJ: + file_acl->g_access = acl_entry_link->entryp->ace_access; + continue; + case SMB_ACL_OTHER: + file_acl->o_access = acl_entry_link->entryp->ace_access; + continue; + case SMB_ACL_MASK: + continue; + } + + if((file_acl->acl_len + sizeof(struct acl_entry)) > acl_length) { + acl_length += sizeof(struct acl_entry); + file_acl_temp = (struct acl *)malloc(acl_length); + if(file_acl_temp == NULL) { + free(file_acl); + errno = ENOMEM; + DEBUG(0,("Error in sys_acl_set_file is %d\n",errno)); + return(-1); + } + + memcpy(file_acl_temp,file_acl,file_acl->acl_len); + free(file_acl); + file_acl = file_acl_temp; + } + + acl_entry = (struct acl_entry *)((char *)file_acl + file_acl->acl_len); + file_acl->acl_len += sizeof(struct acl_entry); + acl_entry->ace_len = acl_entry_link->entryp->ace_len; + acl_entry->ace_access = acl_entry_link->entryp->ace_access; + + /* In order to use this, we'll need to wait until we can get denies */ + /* if(!acl_entry->ace_access && acl_entry->ace_type == ACC_PERMIT) + acl_entry->ace_type = ACC_SPECIFY; */ + + acl_entry->ace_type = ACC_SPECIFY; + + ace_id = acl_entry->ace_id; + + ace_id->id_type = acl_entry_link->entryp->ace_id->id_type; + DEBUG(10,("The id type is %d\n",ace_id->id_type)); + ace_id->id_len = acl_entry_link->entryp->ace_id->id_len; + memcpy(&user_id, acl_entry_link->entryp->ace_id->id_data, sizeof(uid_t)); + memcpy(acl_entry->ace_id->id_data, &user_id, sizeof(uid_t)); + } + + rc = chacl(name,file_acl,file_acl->acl_len); + DEBUG(10,("errno is %d\n",errno)); + DEBUG(10,("return code is %d\n",rc)); + free(file_acl); + DEBUG(10,("Exiting the sys_acl_set_file\n")); + return(rc); +} + +int sys_acl_set_fd( int fd, SMB_ACL_T theacl) +{ + struct acl_entry_link *acl_entry_link = NULL; + struct acl *file_acl = NULL; + struct acl *file_acl_temp = NULL; + struct acl_entry *acl_entry = NULL; + struct ace_id *ace_id = NULL; + uint id_type; + uint user_id; + uint acl_length; + uint rc; + + DEBUG(10,("Entering sys_acl_set_fd\n")); + acl_length = BUFSIZ; + file_acl = (struct acl *)malloc(BUFSIZ); + + if(file_acl == NULL) { + errno = ENOMEM; + DEBUG(0,("Error in sys_acl_set_fd is %d\n",errno)); + return(-1); + } + + memset(file_acl,0,BUFSIZ); + + file_acl->acl_len = ACL_SIZ; + file_acl->acl_mode = S_IXACL; + + for(acl_entry_link=theacl; acl_entry_link != NULL; acl_entry_link = acl_entry_link->nextp) { + acl_entry_link->entryp->ace_access >>= 6; + id_type = acl_entry_link->entryp->ace_id->id_type; + DEBUG(10,("The id_type is %d\n",id_type)); + + switch(id_type) { + case SMB_ACL_USER_OBJ: + file_acl->u_access = acl_entry_link->entryp->ace_access; + continue; + case SMB_ACL_GROUP_OBJ: + file_acl->g_access = acl_entry_link->entryp->ace_access; + continue; + case SMB_ACL_OTHER: + file_acl->o_access = acl_entry_link->entryp->ace_access; + continue; + case SMB_ACL_MASK: + continue; + } + + if((file_acl->acl_len + sizeof(struct acl_entry)) > acl_length) { + acl_length += sizeof(struct acl_entry); + file_acl_temp = (struct acl *)malloc(acl_length); + if(file_acl_temp == NULL) { + free(file_acl); + errno = ENOMEM; + DEBUG(0,("Error in sys_acl_set_fd is %d\n",errno)); + return(-1); + } + + memcpy(file_acl_temp,file_acl,file_acl->acl_len); + free(file_acl); + file_acl = file_acl_temp; + } + + acl_entry = (struct acl_entry *)((char *)file_acl + file_acl->acl_len); + file_acl->acl_len += sizeof(struct acl_entry); + acl_entry->ace_len = acl_entry_link->entryp->ace_len; + acl_entry->ace_access = acl_entry_link->entryp->ace_access; + + /* In order to use this, we'll need to wait until we can get denies */ + /* if(!acl_entry->ace_access && acl_entry->ace_type == ACC_PERMIT) + acl_entry->ace_type = ACC_SPECIFY; */ + + acl_entry->ace_type = ACC_SPECIFY; + + ace_id = acl_entry->ace_id; + + ace_id->id_type = acl_entry_link->entryp->ace_id->id_type; + DEBUG(10,("The id type is %d\n",ace_id->id_type)); + ace_id->id_len = acl_entry_link->entryp->ace_id->id_len; + memcpy(&user_id, acl_entry_link->entryp->ace_id->id_data, sizeof(uid_t)); + memcpy(ace_id->id_data, &user_id, sizeof(uid_t)); + } + + rc = fchacl(fd,file_acl,file_acl->acl_len); + DEBUG(10,("errno is %d\n",errno)); + DEBUG(10,("return code is %d\n",rc)); + free(file_acl); + DEBUG(10,("Exiting sys_acl_set_fd\n")); + return(rc); +} + +int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) +{ + return(*permset & perm); +} + +int sys_acl_free_text(char *text) +{ + return(0); +} + +int sys_acl_free_acl(SMB_ACL_T posix_acl) +{ + struct acl_entry_link *acl_entry_link; + + for(acl_entry_link = posix_acl->nextp; acl_entry_link->nextp != NULL; acl_entry_link = acl_entry_link->nextp) { + free(acl_entry_link->prevp->entryp); + free(acl_entry_link->prevp); + } + + free(acl_entry_link->prevp->entryp); + free(acl_entry_link->prevp); + free(acl_entry_link->entryp); + free(acl_entry_link); + + return(0); +} + +int sys_acl_free_qualifier(void *qual) +{ + return(0); +} + #else /* No ACLs. */ int sys_acl_get_entry( SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p) -- cgit From a80a96b74514b3bf800a8a22da11076568363cab Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 8 Jun 2001 19:29:57 +0000 Subject: Added sys_acl_delete_def_file() - needed as part of NT ACL editing fix. Will add changes for other supported ACL systems shortly (Herb, I may need help with the IRIX one). Jeremy. (This used to be commit a8532b193d1fe123155a69dd70e433f8fc312bfc) --- source3/lib/sysacls.c | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index d1b6e58b40..cc0c70aa3e 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -45,8 +45,9 @@ extern int DEBUGLEVEL; int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual) int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset) int sys_acl_valid( SMB_ACL_T theacl ) - int sys_acl_set_file( char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) + int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) int sys_acl_set_fd( int fd, SMB_ACL_T theacl) + int sys_acl_delete_def_file(const char *path) This next one is not POSIX complient - but we *have* to have it ! More POSIX braindamage. @@ -160,7 +161,7 @@ int sys_acl_valid( SMB_ACL_T theacl ) return acl_valid(theacl); } -int sys_acl_set_file( char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) +int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) { return acl_set_file(name, acltype, theacl); } @@ -170,6 +171,11 @@ int sys_acl_set_fd( int fd, SMB_ACL_T theacl) return acl_set_fd(fd, theacl); } +int sys_acl_delete_def_file(const char *name) +{ + return acl_delete_def_file(name); +} + int sys_acl_free_text(char *text) { return acl_free(text); @@ -659,7 +665,7 @@ int sys_acl_valid(SMB_ACL_T acl_d) return 0; } -int sys_acl_set_file(char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d) +int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d) { struct stat s; struct acl *acl_p; @@ -1003,7 +1009,7 @@ int sys_acl_valid(SMB_ACL_T acl_d) return acl_valid(acl_d->aclp); } -int sys_acl_set_file(char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d) +int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d) { return acl_set_file(name, type, acl_d->aclp); } @@ -1076,7 +1082,7 @@ int sys_acl_valid( SMB_ACL_T theacl ) return acl_valid(theacl); } -int sys_acl_set_file( char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) +int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) { return acl_set_file(name, acltype, theacl); } @@ -1914,7 +1920,7 @@ int sys_acl_valid( SMB_ACL_T theacl ) return(0); } -int sys_acl_set_file( char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) +int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) { struct acl_entry_link *acl_entry_link = NULL; struct acl *file_acl = NULL; @@ -2234,7 +2240,7 @@ int sys_acl_valid( SMB_ACL_T theacl ) return -1; } -int sys_acl_set_file( char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) +int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) { errno = ENOSYS; return -1; @@ -2246,6 +2252,12 @@ int sys_acl_set_fd( int fd, SMB_ACL_T theacl) return -1; } +int sys_acl_delete_def_file(const char *name) +{ + errno = ENOSYS; + return -1; +} + int sys_acl_free_acl(SMB_ACL_T the_acl) { errno = ENOSYS; -- cgit From b7fb885b81ccc01b2c1370ae9a078d073b07982e Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 8 Jun 2001 19:55:47 +0000 Subject: Added sys_acl_delete_def_file for UnixWare and Solaris from Michael Davidson . Jeremy. (This used to be commit 5668512ffa608810be0622832c9dbc7a2fda5a8f) --- source3/lib/sysacls.c | 75 ++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 56 insertions(+), 19 deletions(-) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index cc0c70aa3e..0079c1323a 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -655,15 +655,38 @@ int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d) return 0; } -int sys_acl_valid(SMB_ACL_T acl_d) +/* + * sort the ACL and check it for validity + * + * if it's a minimal ACL with only 4 entries then we + * need to recalculate the mask permissions to make + * sure that they are the same as the GROUP_OBJ + * permissions as required by the UnixWare acl() system call. + * + * (note: since POSIX allows minimal ACLs which only contain + * 3 entries - ie there is no mask entry - we should, in theory, + * check for this and add a mask entry if necessary - however + * we "know" that the caller of this interface always specifies + * a mask so, in practice "this never happens" (tm) - if it *does* + * happen aclsort() will fail and return an error and someone will + * have to fix it ...) + */ + +static int acl_sort(SMB_ACL_T acl_d) { - if (aclsort(acl_d->count, 1, acl_d->acl) != 0) { + int fixmask = (acl_d->count <= 4); + + if (aclsort(acl_d->count, fixmask, acl_d->acl) != 0) { errno = EINVAL; return -1; } - return 0; } + +int sys_acl_valid(SMB_ACL_T acl_d) +{ + return acl_sort(acl_d); +} int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d) { @@ -678,7 +701,7 @@ int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d) return -1; } - if (stat(name, &s) != 0) { + if (acl_sort(acl_d) != 0) { return -1; } @@ -690,6 +713,9 @@ int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d) * since the acl() system call will replace both * the access ACLs and the default ACLs (if any) */ + if (stat(name, &s) != 0) { + return -1; + } if (S_ISDIR(s.st_mode)) { SMB_ACL_T acc_acl; SMB_ACL_T def_acl; @@ -698,13 +724,11 @@ int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d) if (type == SMB_ACL_TYPE_ACCESS) { acc_acl = acl_d; - def_acl = - tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_DEFAULT); + def_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_DEFAULT); } else { def_acl = acl_d; - acc_acl = - tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_ACCESS); + acc_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_ACCESS); } if (tmp_acl == NULL) { @@ -714,9 +738,8 @@ int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d) /* * allocate a temporary buffer for the complete ACL */ - acl_count = acc_acl->count + def_acl->count; - acl_p = - acl_buf = malloc(acl_count * sizeof(acl_buf[0])); + acl_count = acc_acl->count + def_acl->count; + acl_p = acl_buf = malloc(acl_count * sizeof(acl_buf[0])); if (acl_buf == NULL) { sys_acl_free_acl(tmp_acl); @@ -747,12 +770,7 @@ int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d) return -1; } - if (aclsort(acl_count, 1, acl_p) != 0) { - errno = EINVAL; - ret = -1; - } else { - ret = acl(name, SETACL, acl_count, acl_p); - } + ret = acl(name, SETACL, acl_count, acl_p); if (acl_buf) { free(acl_buf); @@ -763,14 +781,33 @@ int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d) int sys_acl_set_fd(int fd, SMB_ACL_T acl_d) { - if (aclsort(acl_d->count, 1, acl_d->acl) != 0) { - errno = EINVAL; + if (acl_sort(acl_d) { return -1; } return facl(fd, SETACL, acl_d->count, &acl_d->acl[0]); } +int sys_acl_delete_def_file(const char *path) +{ + SMB_ACL_T acl_d; + int ret; + + /* + * fetching the access ACL and rewriting it has + * the effect of deleting the default ACL + */ + if ((acl_d = sys_acl_get_file(path, SMB_ACL_TYPE_ACCESS)) == NULL) { + return -1; + } + + ret = acl(path, SETACL, acl_d->count, acl_d->acl); + + sys_acl_free_acl(acl_d); + + return ret; +} + int sys_acl_free_text(char *text) { free(text); -- cgit From 96686f8f55e5d9ef16ad522e9d0af7ed2f42c3c9 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 8 Jun 2001 19:56:15 +0000 Subject: AIX has no default acls. Jeremy. (This used to be commit 5853f1dc423a25276dafe7f3d284db534bfb41ff) --- source3/lib/sysacls.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index 0079c1323a..bbc92bbfd4 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -2141,6 +2141,12 @@ int sys_acl_set_fd( int fd, SMB_ACL_T theacl) return(rc); } +int sys_acl_delete_def_file(const char *name) +{ + /* AIX has no default ACL */ + return 0; +} + int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) { return(*permset & perm); -- cgit From c7b67c26e2e6d0ba3e881a729bf91e8ba1d9bde7 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 8 Jun 2001 21:27:46 +0000 Subject: Herb's IRIX fix for deleting default ACLs. Jeremy. (This used to be commit 81b5a628d1471f71964b21817b9bec1ac80585c4) --- source3/lib/sysacls.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index bbc92bbfd4..ecf62f6e0e 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -1056,6 +1056,11 @@ int sys_acl_set_fd(int fd, SMB_ACL_T acl_d) return acl_set_fd(fd, acl_d->aclp); } +int sys_acl_delete_def_file(const char *name) +{ + return acl_delete_def_file(name); +} + int sys_acl_free_text(char *text) { return acl_free(text); -- cgit From da9963e66bd0e262f40ece33a137ba3bc64a1a24 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 9 Jun 2001 03:10:27 +0000 Subject: Fixed typo in Solaris and UnixWare ACLs. Jeremy. (This used to be commit bd750def132d9a787728dc35c68df9166a15fbd7) --- source3/lib/sysacls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index ecf62f6e0e..ccae211942 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -781,7 +781,7 @@ int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d) int sys_acl_set_fd(int fd, SMB_ACL_T acl_d) { - if (acl_sort(acl_d) { + if (acl_sort(acl_d) != 0) { return -1; } -- cgit From 809c0258780cc75cd456518571891fc30998d30d Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 18 Jun 2001 20:27:35 +0000 Subject: Added patches to remove Linux specific XFS ACLs. These are now handled by the generic Linux ACL code. rpc_server/srv_samr_nt.c: Don't delete a policy handle before it's created. Jeremy. (This used to be commit db5b82e53a7061c4764d39ceb3df82e706aad42f) --- source3/lib/sysacls.c | 219 -------------------------------------------------- 1 file changed, 219 deletions(-) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index ccae211942..0770a8856a 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -1080,225 +1080,6 @@ int sys_acl_free_qualifier(void *qual) return 0; } -#elif defined(HAVE_XFS_ACLS) -/* For Linux SGI/XFS Filesystems - * contributed by J Trostel, Connex - * */ - -/* based on the implementation for Solaris by Toomas Soome.. which is - * based on the implementation by Micheal Davidson for Unixware... - * - * Linux XFS is a 'work-in-progress' - * This interface may change... - * You've been warned ;-> */ - -/* First, do the identity mapping */ - -int sys_acl_get_entry( SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p) -{ - if( acl_get_entry( the_acl, entry_id, entry_p) >= 0) { - return 1; - } - else { - return -1; - } -} - -SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type) -{ - return acl_get_file( path_p, type); -} - -SMB_ACL_T sys_acl_get_fd(int fd) -{ - return acl_get_fd(fd); -} - -char *sys_acl_to_text( SMB_ACL_T the_acl, ssize_t *plen) -{ - return acl_to_text( the_acl, plen); -} - -int sys_acl_valid( SMB_ACL_T theacl ) -{ - return acl_valid(theacl); -} - -int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) -{ - return acl_set_file(name, acltype, theacl); -} - -int sys_acl_set_fd( int fd, SMB_ACL_T theacl) -{ - return acl_set_fd(fd, theacl); -} - -/* Now the functions I need to define for XFS */ - -int sys_acl_create_entry( SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p) -{ - acl_t acl, newacl; - acl_entry_t ace; - int cnt; - - acl = *acl_p; - ace = *entry_p; - - if((*acl_p == NULL) || (ace == NULL)){ - errno = EINVAL; - return -1; - } - - cnt = acl->acl_cnt; - if( (cnt + 1) > ACL_MAX_ENTRIES ){ - errno = ENOSPC; - return -1; - } - - newacl = (acl_t)malloc(sizeof(struct acl)); - if(newacl == NULL){ - errno = ENOMEM; - return -1; - } - - *newacl = *acl; - newacl->acl_entry[cnt] = *ace; - newacl->acl_cnt = cnt + 1; - - acl_free(*acl_p); - *acl_p = newacl; - *entry_p = &newacl->acl_entry[cnt]; - return 0; -} - - -int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p) -{ - *tag_type_p = entry_d->ae_tag; - return 0; -} - -int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p) -{ - *permset_p = &entry_d->ae_perm; - return 0; -} - -void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d) -{ - if (entry_d->ae_tag != SMB_ACL_USER - && entry_d->ae_tag != SMB_ACL_GROUP) { - errno = EINVAL; - return NULL; - } - return &entry_d->ae_id; -} - -int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset) -{ - *permset = 0; - return 0; -} - -int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) -{ - return (*permset & perm); -} - -int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) -{ - - /* TO DO: Add in ALL possible permissions here */ - /* TO DO: Include extended ones!! */ - - if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE && perm != SMB_ACL_EXECUTE) { - errno = EINVAL; - return -1; - } - - if(permset == NULL) { - errno = EINVAL; - return -1; - } - - *permset |= perm; - - return 0; -} - -SMB_ACL_T sys_acl_init( int count) -{ - SMB_ACL_T a; - if((count > ACL_MAX_ENTRIES) || (count < 0)) { - errno = EINVAL; - return NULL; - } - else { - a = (struct acl *)malloc(sizeof(struct acl)); /* where is this memory freed? */ - a->acl_cnt = 0; - return a; - } -} - -int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type) -{ - - switch (tag_type) { - case SMB_ACL_USER: - case SMB_ACL_USER_OBJ: - case SMB_ACL_GROUP: - case SMB_ACL_GROUP_OBJ: - case SMB_ACL_OTHER: - case SMB_ACL_MASK: - entry_d->ae_tag = tag_type; - break; - default: - errno = EINVAL; - return -1; - } - return 0; -} - -int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry_d, void *qual_p) -{ - if(entry_d->ae_tag != SMB_ACL_GROUP && - entry_d->ae_tag != SMB_ACL_USER) { - errno = EINVAL; - return -1; - } - - entry_d->ae_id = *((uid_t *)qual_p); - - return 0; -} - -int sys_acl_set_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d) -{ - /* TO DO: expand to extended permissions eventually! */ - - if(*permset_d & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) { - return EINVAL; - } - - return 0; -} - -int sys_acl_free_text(char *text) -{ - return acl_free(text); -} - -int sys_acl_free_acl(SMB_ACL_T the_acl) -{ - return acl_free(the_acl); -} - -int sys_acl_free_qualifier(void *qual) -{ - return 0; -} - #elif defined(HAVE_AIX_ACLS) /* Donated by Medha Date, mdate@austin.ibm.com, for IBM */ -- cgit From 87fbb7092b8f8b2f0db0f361c3d625e19de57cd9 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 4 Jul 2001 07:15:53 +0000 Subject: The big character set handling changeover! This commit gets rid of all our old codepage handling and replaces it with iconv. All internal strings in Samba are now in "unix" charset, which may be multi-byte. See internals.doc and my posting to samba-technical for a more complete explanation. (This used to be commit debb471267960e56005a741817ebd227ecfc512a) --- source3/lib/sysacls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index 0770a8856a..bdf18b52fc 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -161,7 +161,7 @@ int sys_acl_valid( SMB_ACL_T theacl ) return acl_valid(theacl); } -int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) +int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) { return acl_set_file(name, acltype, theacl); } -- cgit From 08138a32446404e64c6738c8f3653c727d113c03 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 26 Jul 2001 21:16:39 +0000 Subject: Fix from Michael Davidson for DEC OSF/1 ACLs (ie. Digital UNIX). Jeremy. (This used to be commit 324ba0512ec84bb173c72be3dfd2447e0dc30e26) --- source3/lib/sysacls.c | 158 ++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 152 insertions(+), 6 deletions(-) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index bdf18b52fc..b1347b80e9 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -64,7 +64,7 @@ extern int DEBUGLEVEL; int sys_acl_free_text(char *text) - free acl_to_text int sys_acl_free_acl(SMB_ACL_T posix_acl) - int sys_acl_free_qualifier(SMB_ACL_T posix_acl) + int sys_acl_free_qualifier(void *qualifier, SMB_ACL_TAG_T tagtype) */ @@ -186,11 +186,157 @@ int sys_acl_free_acl(SMB_ACL_T the_acl) return acl_free(the_acl); } -int sys_acl_free_qualifier(void *qual) +int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype) { return acl_free(qual); } +#elif defined(HAVE_DRAFT13_POSIX_ACLS) + +int sys_acl_get_entry( SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p) +{ + SMB_ACL_ENTRY_T entry; + + if (entry_id == SMB_ACL_FIRST_ENTRY && acl_first_entry(the_acl) != 0) { + return -1; + } + + errno = 0; + if ((entry = acl_get_entry(the_acl)) != NULL) { + *entry_p = entry; + return 1; + } + + return errno ? -1 : 0; +} + +int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p) +{ + return acl_get_tag_type( entry_d, tag_type_p); +} + +int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p) +{ + return acl_get_permset( entry_d, permset_p); +} + +void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d) +{ + return acl_get_qualifier( entry_d); +} + +SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type) +{ + return acl_get_file((char *)path_p, type); +} + +SMB_ACL_T sys_acl_get_fd(int fd) +{ + return acl_get_fd(fd, ACL_TYPE_ACCESS); +} + +int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset) +{ + return acl_clear_perm(permset); +} + +int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) +{ + return acl_add_perm(permset, perm); +} + +int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) +{ +#if defined(HAVE_ACL_GET_PERM_NP) + return acl_get_perm_np(permset, perm); +#else + /* + * if we don't have an acl_get_perm() interface + * this will probably work for most implementations + */ + return *permset & perm; +#endif +} + +char *sys_acl_to_text( SMB_ACL_T the_acl, ssize_t *plen) +{ + return acl_to_text( the_acl, plen); +} + +SMB_ACL_T sys_acl_init( int count) +{ + return acl_init(count); +} + +int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry) +{ + SMB_ACL_ENTRY_T entry; + + if ((entry = acl_create_entry(pacl)) == NULL) { + return -1; + } + + *pentry = entry; + return 0; +} + +int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype) +{ + return acl_set_tag_type(entry, tagtype); +} + +int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual) +{ + return acl_set_qualifier(entry, qual); +} + +int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset) +{ + return acl_set_permset(entry, permset); +} + +int sys_acl_valid( SMB_ACL_T theacl ) +{ + acl_entry_t entry; + + return acl_valid(theacl, &entry); +} + +int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) +{ + return acl_set_file((char *)name, acltype, theacl); +} + +int sys_acl_set_fd( int fd, SMB_ACL_T theacl) +{ + return acl_set_fd(fd, ACL_TYPE_ACCESS, theacl); +} + +int sys_acl_delete_def_file(const char *name) +{ + return acl_delete_def_file((char *)name); +} + +int sys_acl_free_text(char *text) +{ + /* + * (void) cast and explicit return 0 are for DEC UNIX + * which just #defines acl_free_text() to be free() + */ + (void) acl_free_text(text); + return 0; +} + +int sys_acl_free_acl(SMB_ACL_T the_acl) +{ + return acl_free(the_acl); +} + +int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype) +{ + return acl_free_qualifier(qual, tagtype); +} + #elif defined(HAVE_UNIXWARE_ACLS) || defined(HAVE_SOLARIS_ACLS) /* @@ -820,7 +966,7 @@ int sys_acl_free_acl(SMB_ACL_T acl_d) return 0; } -int sys_acl_free_qualifier(void *qual) +int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype) { return 0; } @@ -1075,7 +1221,7 @@ int sys_acl_free_acl(SMB_ACL_T acl_d) return 0; } -int sys_acl_free_qualifier(void *qual) +int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype) { return 0; } @@ -1960,7 +2106,7 @@ int sys_acl_free_acl(SMB_ACL_T posix_acl) return(0); } -int sys_acl_free_qualifier(void *qual) +int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype) { return(0); } @@ -2093,7 +2239,7 @@ int sys_acl_free_acl(SMB_ACL_T the_acl) return -1; } -int sys_acl_free_qualifier(void *qual) +int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype) { errno = ENOSYS; return -1; -- cgit From 2f844bf447a98b802daa4b8d552ea4530e7f6108 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Wed, 8 Aug 2001 16:54:16 +0000 Subject: Change all realloc() statements to Realloc() (ecxept for tdb.c) changed some code to exploit the fact that Realloc(NULL, size) == malloc(size) fixed some possible mem leaks, or seg faults. thanks to andreas moroder (mallocs not checked in client/client.c, client/smbumount.c) (This used to be commit 7f33c01688b825ab2fa9bbb2730bff4f2fa352be) --- source3/lib/sysacls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index b1347b80e9..98f0617d44 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -689,7 +689,7 @@ char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p) maxlen += nbytes + 20 * (acl_d->count - i); - if ((text = realloc(oldtext, maxlen)) == NULL) { + if ((text = Realloc(oldtext, maxlen)) == NULL) { free(oldtext); errno = ENOMEM; return NULL; -- cgit From 16afd6d2bcb1aa2241919f0c7a6cc953cba8b2e6 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 10 Aug 2001 20:48:25 +0000 Subject: Added Mike Davidsons Tru64 ACL patch. Jeremy. (This used to be commit 8c5e5f8c84cab4273ca28d6b5f543dd5d5b464fb) --- source3/lib/sysacls.c | 36 +++++++++++++++++++++++------------- 1 file changed, 23 insertions(+), 13 deletions(-) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index 98f0617d44..424e705755 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -191,8 +191,17 @@ int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype) return acl_free(qual); } -#elif defined(HAVE_DRAFT13_POSIX_ACLS) - +#elif defined(HAVE_TRU64_ACLS) +/* + * The interface to DEC/Compaq Tru64 UNIX ACLs + * is based on Draft 13 of the POSIX spec which is + * slightly different from the Draft 16 interface. + * + * Also, some of the permset manipulation functions + * such as acl_clear_perm() and acl_add_perm() appear + * to be broken on Tru64 so we have to manipulate + * the permission bits in the permset directly. + */ int sys_acl_get_entry( SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p) { SMB_ACL_ENTRY_T entry; @@ -237,25 +246,26 @@ SMB_ACL_T sys_acl_get_fd(int fd) int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset) { - return acl_clear_perm(permset); + *permset = 0; /* acl_clear_perm() is broken on Tru64 */ + + return 0; } int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) { - return acl_add_perm(permset, perm); + if (perm & ~(SMB_ACL_READ | SMB_ACL_WRITE | SMB_ACL_EXECUTE)) { + errno = EINVAL; + return -1; + } + + *permset |= perm; /* acl_add_perm() is broken on Tru64 */ + + return 0; } int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) { -#if defined(HAVE_ACL_GET_PERM_NP) - return acl_get_perm_np(permset, perm); -#else - /* - * if we don't have an acl_get_perm() interface - * this will probably work for most implementations - */ - return *permset & perm; -#endif + return *permset & perm; /* Tru64 doesn't have acl_get_perm() */ } char *sys_acl_to_text( SMB_ACL_T the_acl, ssize_t *plen) -- cgit From 484a7c0341fe033fe26fe1e6b597ed1c456c39d4 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 17 Sep 2001 02:19:44 +0000 Subject: move to SAFE_FREE() (This used to be commit 60e907b7e8e1c008463a88ed2b076344278986ef) --- source3/lib/sysacls.c | 68 +++++++++++++++++++++++++-------------------------- 1 file changed, 33 insertions(+), 35 deletions(-) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index 424e705755..1c840d84ca 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -700,7 +700,7 @@ char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p) maxlen += nbytes + 20 * (acl_d->count - i); if ((text = Realloc(oldtext, maxlen)) == NULL) { - free(oldtext); + SAFE_FREE(oldtext); errno = ENOMEM; return NULL; } @@ -928,9 +928,7 @@ int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d) ret = acl(name, SETACL, acl_count, acl_p); - if (acl_buf) { - free(acl_buf); - } + SAFE_FREE(acl_buf); return ret; } @@ -966,13 +964,13 @@ int sys_acl_delete_def_file(const char *path) int sys_acl_free_text(char *text) { - free(text); + SAFE_FREE(text); return 0; } int sys_acl_free_acl(SMB_ACL_T acl_d) { - free(acl_d); + SAFE_FREE(acl_d); return 0; } @@ -1047,7 +1045,7 @@ SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type) return NULL; } if ((a->aclp = acl_get_file(path_p, type)) == NULL) { - free(a); + SAFE_FREE(a); return NULL; } a->next = -1; @@ -1064,7 +1062,7 @@ SMB_ACL_T sys_acl_get_fd(int fd) return NULL; } if ((a->aclp = acl_get_fd(fd)) == NULL) { - free(a); + SAFE_FREE(a); return NULL; } a->next = -1; @@ -1355,7 +1353,7 @@ SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type) rc = statacl((char *)path_p,0,file_acl,BUFSIZ); if(rc == -1) { DEBUG(0,("statacl returned %d with errno %d\n",rc,errno)); - free(file_acl); + SAFE_FREE(file_acl); return(NULL); } @@ -1375,7 +1373,7 @@ SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type) acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof(struct new_acl_entry)); if(acl_entry_link->entryp == NULL) { - free(file_acl); + SAFE_FREE(file_acl); errno = ENOMEM; DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno)); return(NULL); @@ -1412,7 +1410,7 @@ SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type) malloc(sizeof(struct acl_entry_link)); if(acl_entry_link->nextp == NULL) { - free(file_acl); + SAFE_FREE(file_acl); errno = ENOMEM; DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno)); return(NULL); @@ -1422,7 +1420,7 @@ SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type) acl_entry_link = acl_entry_link->nextp; acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof(struct new_acl_entry)); if(acl_entry_link->entryp == NULL) { - free(file_acl); + SAFE_FREE(file_acl); errno = ENOMEM; DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno)); return(NULL); @@ -1481,7 +1479,7 @@ SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type) if(acl_entry_link_head->count != 0) { acl_entry_link->nextp = (struct acl_entry_link *)malloc(sizeof(struct acl_entry_link)); if(acl_entry_link->nextp == NULL) { - free(file_acl); + SAFE_FREE(file_acl); errno = ENOMEM; DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno)); return(NULL); @@ -1491,7 +1489,7 @@ SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type) acl_entry_link = acl_entry_link->nextp; acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof(struct new_acl_entry)); if(acl_entry_link->entryp == NULL) { - free(file_acl); + SAFE_FREE(file_acl); errno = ENOMEM; DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno)); return(NULL); @@ -1535,7 +1533,7 @@ SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type) } acl_entry_link_head->count = 0; - free(file_acl); + SAFE_FREE(file_acl); return(acl_entry_link_head); } @@ -1569,7 +1567,7 @@ SMB_ACL_T sys_acl_get_fd(int fd) rc = fstatacl(fd,0,file_acl,BUFSIZ); if(rc == -1) { DEBUG(0,("The fstatacl call returned %d with errno %d\n",rc,errno)); - free(file_acl); + SAFE_FREE(file_acl); return(NULL); } @@ -1585,7 +1583,7 @@ SMB_ACL_T sys_acl_get_fd(int fd) acl_entry_link_head = acl_entry_link = sys_acl_init(0); if(acl_entry_link_head == NULL){ - free(file_acl); + SAFE_FREE(file_acl); return(NULL); } @@ -1594,7 +1592,7 @@ SMB_ACL_T sys_acl_get_fd(int fd) if(acl_entry_link->entryp == NULL) { errno = ENOMEM; DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno)); - free(file_acl); + SAFE_FREE(file_acl); return(NULL); } @@ -1630,7 +1628,7 @@ SMB_ACL_T sys_acl_get_fd(int fd) if(acl_entry_link->nextp == NULL) { errno = ENOMEM; DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno)); - free(file_acl); + SAFE_FREE(file_acl); return(NULL); } acl_entry_link->nextp->prevp = acl_entry_link; @@ -1639,7 +1637,7 @@ SMB_ACL_T sys_acl_get_fd(int fd) if(acl_entry_link->entryp == NULL) { errno = ENOMEM; DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno)); - free(file_acl); + SAFE_FREE(file_acl); return(NULL); } @@ -1698,7 +1696,7 @@ SMB_ACL_T sys_acl_get_fd(int fd) if(acl_entry_link->nextp == NULL) { errno = ENOMEM; DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno)); - free(file_acl); + SAFE_FREE(file_acl); return(NULL); } @@ -1707,7 +1705,7 @@ SMB_ACL_T sys_acl_get_fd(int fd) acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof(struct new_acl_entry)); if(acl_entry_link->entryp == NULL) { - free(file_acl); + SAFE_FREE(file_acl); errno = ENOMEM; DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno)); return(NULL); @@ -1750,7 +1748,7 @@ SMB_ACL_T sys_acl_get_fd(int fd) } acl_entry_link_head->count = 0; - free(file_acl); + SAFE_FREE(file_acl); return(acl_entry_link_head); } @@ -1955,14 +1953,14 @@ int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl acl_length += sizeof(struct acl_entry); file_acl_temp = (struct acl *)malloc(acl_length); if(file_acl_temp == NULL) { - free(file_acl); + SAFE_FREE(file_acl); errno = ENOMEM; DEBUG(0,("Error in sys_acl_set_file is %d\n",errno)); return(-1); } memcpy(file_acl_temp,file_acl,file_acl->acl_len); - free(file_acl); + SAFE_FREE(file_acl); file_acl = file_acl_temp; } @@ -1989,7 +1987,7 @@ int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl rc = chacl(name,file_acl,file_acl->acl_len); DEBUG(10,("errno is %d\n",errno)); DEBUG(10,("return code is %d\n",rc)); - free(file_acl); + SAFE_FREE(file_acl); DEBUG(10,("Exiting the sys_acl_set_file\n")); return(rc); } @@ -2044,14 +2042,14 @@ int sys_acl_set_fd( int fd, SMB_ACL_T theacl) acl_length += sizeof(struct acl_entry); file_acl_temp = (struct acl *)malloc(acl_length); if(file_acl_temp == NULL) { - free(file_acl); + SAFE_FREE(file_acl); errno = ENOMEM; DEBUG(0,("Error in sys_acl_set_fd is %d\n",errno)); return(-1); } memcpy(file_acl_temp,file_acl,file_acl->acl_len); - free(file_acl); + SAFE_FREE(file_acl); file_acl = file_acl_temp; } @@ -2078,7 +2076,7 @@ int sys_acl_set_fd( int fd, SMB_ACL_T theacl) rc = fchacl(fd,file_acl,file_acl->acl_len); DEBUG(10,("errno is %d\n",errno)); DEBUG(10,("return code is %d\n",rc)); - free(file_acl); + SAFE_FREE(file_acl); DEBUG(10,("Exiting sys_acl_set_fd\n")); return(rc); } @@ -2104,14 +2102,14 @@ int sys_acl_free_acl(SMB_ACL_T posix_acl) struct acl_entry_link *acl_entry_link; for(acl_entry_link = posix_acl->nextp; acl_entry_link->nextp != NULL; acl_entry_link = acl_entry_link->nextp) { - free(acl_entry_link->prevp->entryp); - free(acl_entry_link->prevp); + SAFE_FREE(acl_entry_link->prevp->entryp); + SAFE_FREE(acl_entry_link->prevp); } - free(acl_entry_link->prevp->entryp); - free(acl_entry_link->prevp); - free(acl_entry_link->entryp); - free(acl_entry_link); + SAFE_FREE(acl_entry_link->prevp->entryp); + SAFE_FREE(acl_entry_link->prevp); + SAFE_FREE(acl_entry_link->entryp); + SAFE_FREE(acl_entry_link); return(0); } -- cgit From dc1fc3ee8ec2199bc73bb5d7ec711c6800f61d65 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 2 Oct 2001 04:29:50 +0000 Subject: Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header. (This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e) --- source3/lib/sysacls.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index 1c840d84ca..c618fbe0e8 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -21,8 +21,6 @@ #include "includes.h" -extern int DEBUGLEVEL; - /* This file wraps all differing system ACL interfaces into a consistent one based on the POSIX interface. It also returns the correct errors -- cgit From ce1b141ec0ae3004f9ef94bbfd26ecf4510d6b4a Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 15 Dec 2001 02:40:16 +0000 Subject: Added HPUX ACL code. Jeremy. (This used to be commit 6d03184f8c039ad81de47b5f3bde7dac5b2815ad) --- source3/lib/sysacls.c | 957 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 957 insertions(+) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index c618fbe0e8..b14b99b80d 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -977,6 +977,963 @@ int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype) return 0; } +#elif defined(HAVE_HPUX_ACLS) +#include + +/* + * Based on the Solaris/SCO code - with modifications. + */ + +/* + * Note that while this code implements sufficient functionality + * to support the sys_acl_* interfaces it does not provide all + * of the semantics of the POSIX ACL interfaces. + * + * In particular, an ACL entry descriptor (SMB_ACL_ENTRY_T) returned + * from a call to sys_acl_get_entry() should not be assumed to be + * valid after calling any of the following functions, which may + * reorder the entries in the ACL. + * + * sys_acl_valid() + * sys_acl_set_file() + * sys_acl_set_fd() + */ + +/* This checks if the POSIX ACL system call is defined */ +/* which basically corresponds to whether JFS 3.3 or */ +/* higher is installed. If acl() was called when it */ +/* isn't defined, it causes the process to core dump */ +/* so it is important to check this and avoid acl() */ +/* calls if it isn't there. */ + +static BOOL hpux_acl_call_presence(void) +{ + + shl_t handle = NULL; + void *value; + int ret_val=0; + static BOOL already_checked=0; + + if(already_checked) + return True; + + + ret_val = shl_findsym(&handle, "acl", TYPE_PROCEDURE, &value); + + if(ret_val != 0) { + DEBUG(5, ("hpux_acl_call_presence: shl_findsym() returned %d, errno = %d, error %s\n", + ret_val, errno, strerror(errno))); + DEBUG(5,("hpux_acl_call_presence: acl() system call is not present. Check if you have JFS 3.3 and above?\n")); + return False; + } + + DEBUG(10,("hpux_acl_call_presence: acl() system call is present. We have JFS 3.3 or above \n")); + + already_checked = True; + return True; +} + +int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p) +{ + if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) { + errno = EINVAL; + return -1; + } + + if (entry_p == NULL) { + errno = EINVAL; + return -1; + } + + if (entry_id == SMB_ACL_FIRST_ENTRY) { + acl_d->next = 0; + } + + if (acl_d->next < 0) { + errno = EINVAL; + return -1; + } + + if (acl_d->next >= acl_d->count) { + return 0; + } + + *entry_p = &acl_d->acl[acl_d->next++]; + + return 1; +} + +int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p) +{ + *type_p = entry_d->a_type; + + return 0; +} + +int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p) +{ + *permset_p = &entry_d->a_perm; + + return 0; +} + +void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d) +{ + if (entry_d->a_type != SMB_ACL_USER + && entry_d->a_type != SMB_ACL_GROUP) { + errno = EINVAL; + return NULL; + } + + return &entry_d->a_id; +} + +/* + * There is no way of knowing what size the ACL returned by + * ACL_GET will be unless you first call ACL_CNT which means + * making an additional system call. + * + * In the hope of avoiding the cost of the additional system + * call in most cases, we initially allocate enough space for + * an ACL with INITIAL_ACL_SIZE entries. If this turns out to + * be too small then we use ACL_CNT to find out the actual + * size, reallocate the ACL buffer, and then call ACL_GET again. + */ + +#define INITIAL_ACL_SIZE 16 + +SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type) +{ + SMB_ACL_T acl_d; + int count; /* # of ACL entries allocated */ + int naccess; /* # of access ACL entries */ + int ndefault; /* # of default ACL entries */ + + if(hpux_acl_call_presence() == False) { + /* Looks like we don't have the acl() system call on HPUX. + * May be the system doesn't have the latest version of JFS. + */ + return NULL; + } + + if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) { + errno = EINVAL; + return NULL; + } + + count = INITIAL_ACL_SIZE; + if ((acl_d = sys_acl_init(count)) == NULL) { + return NULL; + } + + /* + * If there isn't enough space for the ACL entries we use + * ACL_CNT to determine the actual number of ACL entries + * reallocate and try again. This is in a loop because it + * is possible that someone else could modify the ACL and + * increase the number of entries between the call to + * ACL_CNT and the call to ACL_GET. + */ + while ((count = acl(path_p, ACL_GET, count, &acl_d->acl[0])) < 0 && errno == ENOSPC) { + + sys_acl_free_acl(acl_d); + + if ((count = acl(path_p, ACL_CNT, 0, NULL)) < 0) { + return NULL; + } + + if ((acl_d = sys_acl_init(count)) == NULL) { + return NULL; + } + } + + if (count < 0) { + sys_acl_free_acl(acl_d); + return NULL; + } + + /* + * calculate the number of access and default ACL entries + * + * Note: we assume that the acl() system call returned a + * well formed ACL which is sorted so that all of the + * access ACL entries preceed any default ACL entries + */ + for (naccess = 0; naccess < count; naccess++) { + if (acl_d->acl[naccess].a_type & ACL_DEFAULT) + break; + } + ndefault = count - naccess; + + /* + * if the caller wants the default ACL we have to copy + * the entries down to the start of the acl[] buffer + * and mask out the ACL_DEFAULT flag from the type field + */ + if (type == SMB_ACL_TYPE_DEFAULT) { + int i, j; + + for (i = 0, j = naccess; i < ndefault; i++, j++) { + acl_d->acl[i] = acl_d->acl[j]; + acl_d->acl[i].a_type &= ~ACL_DEFAULT; + } + + acl_d->count = ndefault; + } else { + acl_d->count = naccess; + } + + return acl_d; +} + +SMB_ACL_T sys_acl_get_fd(int fd) +{ + /* + * HPUX doesn't have the facl call. Fake it using the path.... JRA. + */ + + files_struct *fsp = file_find_fd(fd); + + if (fsp == NULL) { + errno = EBADF; + return NULL; + } + + /* + * We know we're in the same conn context. So we + * can use the relative path. + */ + + return sys_acl_get_file(dos_to_unix(fsp->fsp_name,False), SMB_ACL_TYPE_ACCESS); +} + +int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d) +{ + *permset_d = 0; + + return 0; +} + +int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm) +{ + if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE + && perm != SMB_ACL_EXECUTE) { + errno = EINVAL; + return -1; + } + + if (permset_d == NULL) { + errno = EINVAL; + return -1; + } + + *permset_d |= perm; + + return 0; +} + +int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm) +{ + return *permset_d & perm; +} + +char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p) +{ + int i; + int len, maxlen; + char *text; + + /* + * use an initial estimate of 20 bytes per ACL entry + * when allocating memory for the text representation + * of the ACL + */ + len = 0; + maxlen = 20 * acl_d->count; + if ((text = malloc(maxlen)) == NULL) { + errno = ENOMEM; + return NULL; + } + + for (i = 0; i < acl_d->count; i++) { + struct acl *ap = &acl_d->acl[i]; + struct passwd *pw; + struct group *gr; + char tagbuf[12]; + char idbuf[12]; + char *tag; + char *id = ""; + char perms[4]; + int nbytes; + + switch (ap->a_type) { + /* + * for debugging purposes it's probably more + * useful to dump unknown tag types rather + * than just returning an error + */ + default: + slprintf(tagbuf, sizeof(tagbuf)-1, "0x%x", + ap->a_type); + tag = tagbuf; + slprintf(idbuf, sizeof(idbuf)-1, "%ld", + (long)ap->a_id); + id = idbuf; + break; + + case SMB_ACL_USER: + if ((pw = sys_getpwuid(ap->a_id)) == NULL) { + slprintf(idbuf, sizeof(idbuf)-1, "%ld", + (long)ap->a_id); + id = idbuf; + } else { + id = pw->pw_name; + } + case SMB_ACL_USER_OBJ: + tag = "user"; + break; + + case SMB_ACL_GROUP: + if ((gr = getgrgid(ap->a_id)) == NULL) { + slprintf(idbuf, sizeof(idbuf)-1, "%ld", + (long)ap->a_id); + id = idbuf; + } else { + id = gr->gr_name; + } + case SMB_ACL_GROUP_OBJ: + tag = "group"; + break; + + case SMB_ACL_OTHER: + tag = "other"; + break; + + case SMB_ACL_MASK: + tag = "mask"; + break; + + } + + perms[0] = (ap->a_perm & SMB_ACL_READ) ? 'r' : '-'; + perms[1] = (ap->a_perm & SMB_ACL_WRITE) ? 'w' : '-'; + perms[2] = (ap->a_perm & SMB_ACL_EXECUTE) ? 'x' : '-'; + perms[3] = '\0'; + + /* : : rwx \n \0 */ + nbytes = strlen(tag) + 1 + strlen(id) + 1 + 3 + 1 + 1; + + /* + * If this entry would overflow the buffer + * allocate enough additional memory for this + * entry and an estimate of another 20 bytes + * for each entry still to be processed + */ + if ((len + nbytes) > maxlen) { + char *oldtext = text; + + maxlen += nbytes + 20 * (acl_d->count - i); + + if ((text = Realloc(oldtext, maxlen)) == NULL) { + free(oldtext); + errno = ENOMEM; + return NULL; + } + } + + slprintf(&text[len], nbytes-1, "%s:%s:%s\n", tag, id, perms); + len += nbytes - 1; + } + + if (len_p) + *len_p = len; + + return text; +} + +SMB_ACL_T sys_acl_init(int count) +{ + SMB_ACL_T a; + + if (count < 0) { + errno = EINVAL; + return NULL; + } + + /* + * note that since the definition of the structure pointed + * to by the SMB_ACL_T includes the first element of the + * acl[] array, this actually allocates an ACL with room + * for (count+1) entries + */ + if ((a = malloc(sizeof(*a) + count * sizeof(struct acl))) == NULL) { + errno = ENOMEM; + return NULL; + } + + a->size = count + 1; + a->count = 0; + a->next = -1; + + return a; +} + + +int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p) +{ + SMB_ACL_T acl_d; + SMB_ACL_ENTRY_T entry_d; + + if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) { + errno = EINVAL; + return -1; + } + + if (acl_d->count >= acl_d->size) { + errno = ENOSPC; + return -1; + } + + entry_d = &acl_d->acl[acl_d->count++]; + entry_d->a_type = 0; + entry_d->a_id = -1; + entry_d->a_perm = 0; + *entry_p = entry_d; + + return 0; +} + +int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type) +{ + switch (tag_type) { + case SMB_ACL_USER: + case SMB_ACL_USER_OBJ: + case SMB_ACL_GROUP: + case SMB_ACL_GROUP_OBJ: + case SMB_ACL_OTHER: + case SMB_ACL_MASK: + entry_d->a_type = tag_type; + break; + default: + errno = EINVAL; + return -1; + } + + return 0; +} + +int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p) +{ + if (entry_d->a_type != SMB_ACL_GROUP + && entry_d->a_type != SMB_ACL_USER) { + errno = EINVAL; + return -1; + } + + entry_d->a_id = *((id_t *)qual_p); + + return 0; +} + +int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d) +{ + if (*permset_d & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) { + return EINVAL; + } + + entry_d->a_perm = *permset_d; + + return 0; +} + +/* Structure to capture the count for each type of ACE. */ + +struct hpux_acl_types { + int n_user; + int n_def_user; + int n_user_obj; + int n_def_user_obj; + + int n_group; + int n_def_group; + int n_group_obj; + int n_def_group_obj; + + int n_other; + int n_other_obj; + int n_def_other_obj; + + int n_class_obj; + int n_def_class_obj; + + int n_illegal_obj; +}; + +/* count_obj: + * Counts the different number of objects in a given array of ACL + * structures. + * Inputs: + * + * acl_count - Count of ACLs in the array of ACL strucutres. + * aclp - Array of ACL structures. + * acl_type_count - Pointer to acl_types structure. Should already be + * allocated. + * Output: + * + * acl_type_count - This structure is filled up with counts of various + * acl types. + */ + +static int hpux_count_obj(int acl_count, struct acl *aclp, struct hpux_acl_types *acl_type_count) +{ + int i; + + memset(acl_type_count, 0, sizeof(struct hpux_acl_types)); + + for(i=0;in_user++; + break; + case USER_OBJ: + acl_type_count->n_user_obj++; + break; + case DEF_USER_OBJ: + acl_type_count->n_def_user_obj++; + break; + case GROUP: + acl_type_count->n_group++; + break; + case GROUP_OBJ: + acl_type_count->n_group_obj++; + break; + case DEF_GROUP_OBJ: + acl_type_count->n_def_group_obj++; + break; + case OTHER_OBJ: + acl_type_count->n_other_obj++; + break; + case DEF_OTHER_OBJ: + acl_type_count->n_def_other_obj++; + break; + case CLASS_OBJ: + acl_type_count->n_class_obj++; + break; + case DEF_CLASS_OBJ: + acl_type_count->n_def_class_obj++; + break; + case DEF_USER: + acl_type_count->n_def_user++; + break; + case DEF_GROUP: + acl_type_count->n_def_group++; + break; + default: + acl_type_count->n_illegal_obj++; + break; + } + } +} + +/* swap_acl_entries: Swaps two ACL entries. + * + * Inputs: aclp0, aclp1 - ACL entries to be swapped. + */ + +static void hpux_swap_acl_entries(struct acl *aclp0, struct acl *aclp1) +{ + struct acl temp_acl; + + temp_acl.a_type = aclp0->a_type; + temp_acl.a_id = aclp0->a_id; + temp_acl.a_perm = aclp0->a_perm; + + aclp0->a_type = aclp1->a_type; + aclp0->a_id = aclp1->a_id; + aclp0->a_perm = aclp1->a_perm; + + aclp1->a_type = temp_acl.a_type; + aclp1->a_id = temp_acl.a_id; + aclp1->a_perm = temp_acl.a_perm; +} + +/* prohibited_duplicate_type + * Identifies if given ACL type can have duplicate entries or + * not. + * + * Inputs: acl_type - ACL Type. + * + * Outputs: + * + * Return.. + * + * True - If the ACL type matches any of the prohibited types. + * False - If the ACL type doesn't match any of the prohibited types. + */ + +static BOOL hpux_prohibited_duplicate_type(int acl_type) +{ + switch(acl_type) { + case USER: + case GROUP: + case DEF_USER: + case DEF_GROUP: + return True; + default: + return False; + } +} + +/* get_needed_class_perm + * Returns the permissions of a ACL structure only if the ACL + * type matches one of the pre-determined types for computing + * CLASS_OBJ permissions. + * + * Inputs: aclp - Pointer to ACL structure. + */ + +static int hpux_get_needed_class_perm(struct acl *aclp) +{ + switch(aclp->a_type) { + case USER: + case GROUP_OBJ: + case GROUP: + case DEF_USER_OBJ: + case DEF_USER: + case DEF_GROUP_OBJ: + case DEF_GROUP: + case DEF_CLASS_OBJ: + case DEF_OTHER_OBJ: + return aclp->a_perm; + default: + return 0; + } +} + +/* acl_sort for HPUX. + * Sorts the array of ACL structures as per the description in + * aclsort man page. Refer to aclsort man page for more details + * + * Inputs: + * + * acl_count - Count of ACLs in the array of ACL structures. + * calclass - If this is not zero, then we compute the CLASS_OBJ + * permissions. + * aclp - Array of ACL structures. + * + * Outputs: + * + * aclp - Sorted array of ACL structures. + * + * Outputs: + * + * Returns 0 for success -1 for failure. Prints a message to the Samba + * debug log in case of failure. + */ + +static int hpux_acl_sort(int acl_count, int calclass, struct acl *aclp) +{ +#if !defined(HAVE_HPUX_ACLSORT) + /* + * The aclsort() system call is availabe on the latest HPUX General + * Patch Bundles. So for HPUX, we developed our version of acl_sort + * function. Because, we don't want to update to a new + * HPUX GR bundle just for aclsort() call. + */ + + struct hpux_acl_types acl_obj_count; + int n_class_obj_perm = 0; + int i, j; + + if(!acl_count) { + DEBUG(10,("Zero acl count passed. Returning Success\n")); + return 0; + } + + if(aclp == NULL) { + DEBUG(0,("Null ACL pointer in hpux_acl_sort. Returning Failure. \n")); + return -1; + } + + /* Count different types of ACLs in the ACLs array */ + + hpux_count_obj(acl_count, aclp, &acl_obj_count); + + /* There should be only one entry each of type USER_OBJ, GROUP_OBJ, + * CLASS_OBJ and OTHER_OBJ + */ + + if( (acl_obj_count.n_user_obj != 1) || + (acl_obj_count.n_group_obj != 1) || + (acl_obj_count.n_class_obj != 1) || + (acl_obj_count.n_other_obj != 1) + ) { + DEBUG(0,("hpux_acl_sort: More than one entry or no entries for \ +USER OBJ or GROUP_OBJ or OTHER_OBJ or CLASS_OBJ\n")); + return -1; + } + + /* If any of the default objects are present, there should be only + * one of them each. + */ + + if( (acl_obj_count.n_def_user_obj > 1) || (acl_obj_count.n_def_group_obj > 1) || + (acl_obj_count.n_def_other_obj > 1) || (acl_obj_count.n_def_class_obj > 1) ) { + DEBUG(0,("hpux_acl_sort: More than one entry for DEF_CLASS_OBJ \ +or DEF_USER_OBJ or DEF_GROUP_OBJ or DEF_OTHER_OBJ\n")); + return -1; + } + + /* We now have proper number of OBJ and DEF_OBJ entries. Now sort the acl + * structures. + * + * Sorting crieteria - First sort by ACL type. If there are multiple entries of + * same ACL type, sort by ACL id. + * + * I am using the trival kind of sorting method here because, performance isn't + * really effected by the ACLs feature. More over there aren't going to be more + * than 17 entries on HPUX. + */ + + for(i=0; i aclp[j].a_type ) { + /* ACL entries out of order, swap them */ + + hpux_swap_acl_entries((aclp+i), (aclp+j)); + + } else if ( aclp[i].a_type == aclp[j].a_type ) { + + /* ACL entries of same type, sort by id */ + + if(aclp[i].a_id > aclp[j].a_id) { + hpux_swap_acl_entries((aclp+i), (aclp+j)); + } else if (aclp[i].a_id == aclp[j].a_id) { + /* We have a duplicate entry. */ + if(hpux_prohibited_duplicate_type(aclp[i].a_type)) { + DEBUG(0, ("hpux_acl_sort: Duplicate entry: Type(hex): %x Id: %d\n", + aclp[i].a_type, aclp[i].a_id)); + return -1; + } + } + + } + } + } + + /* set the class obj permissions to the computed one. */ + if(calclass) { + int n_class_obj_index = -1; + + for(i=0;icount <= 4); + + if (hpux_acl_sort(acl_d->count, fixmask, acl_d->acl) != 0) { + errno = EINVAL; + return -1; + } + return 0; +} + +int sys_acl_valid(SMB_ACL_T acl_d) +{ + return acl_sort(acl_d); +} + +int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d) +{ + struct stat s; + struct acl *acl_p; + int acl_count; + struct acl *acl_buf = NULL; + int ret; + + if(hpux_acl_call_presence() == False) { + /* Looks like we don't have the acl() system call on HPUX. + * May be the system doesn't have the latest version of JFS. + */ + errno=ENOSYS; + return -1; + } + + if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) { + errno = EINVAL; + return -1; + } + + if (acl_sort(acl_d) != 0) { + return -1; + } + + acl_p = &acl_d->acl[0]; + acl_count = acl_d->count; + + /* + * if it's a directory there is extra work to do + * since the acl() system call will replace both + * the access ACLs and the default ACLs (if any) + */ + if (stat(name, &s) != 0) { + return -1; + } + if (S_ISDIR(s.st_mode)) { + SMB_ACL_T acc_acl; + SMB_ACL_T def_acl; + SMB_ACL_T tmp_acl; + int i; + + if (type == SMB_ACL_TYPE_ACCESS) { + acc_acl = acl_d; + def_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_DEFAULT); + + } else { + def_acl = acl_d; + acc_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_ACCESS); + } + + if (tmp_acl == NULL) { + return -1; + } + + /* + * allocate a temporary buffer for the complete ACL + */ + acl_count = acc_acl->count + def_acl->count; + acl_p = acl_buf = malloc(acl_count * sizeof(acl_buf[0])); + + if (acl_buf == NULL) { + sys_acl_free_acl(tmp_acl); + errno = ENOMEM; + return -1; + } + + /* + * copy the access control and default entries into the buffer + */ + memcpy(&acl_buf[0], &acc_acl->acl[0], + acc_acl->count * sizeof(acl_buf[0])); + + memcpy(&acl_buf[acc_acl->count], &def_acl->acl[0], + def_acl->count * sizeof(acl_buf[0])); + + /* + * set the ACL_DEFAULT flag on the default entries + */ + for (i = acc_acl->count; i < acl_count; i++) { + acl_buf[i].a_type |= ACL_DEFAULT; + } + + sys_acl_free_acl(tmp_acl); + + } else if (type != SMB_ACL_TYPE_ACCESS) { + errno = EINVAL; + return -1; + } + + ret = acl(name, ACL_SET, acl_count, acl_p); + + if (acl_buf) { + free(acl_buf); + } + + return ret; +} + +int sys_acl_set_fd(int fd, SMB_ACL_T acl_d) +{ + /* + * HPUX doesn't have the facl call. Fake it using the path.... JRA. + */ + + files_struct *fsp = file_find_fd(fd); + + if (fsp == NULL) { + errno = EBADF; + return NULL; + } + + if (acl_sort(acl_d) != 0) { + return -1; + } + + /* + * We know we're in the same conn context. So we + * can use the relative path. + */ + + return sys_acl_set_file(dos_to_unix(fsp->fsp_name,False), SMB_ACL_TYPE_ACCESS, acl_d); +} + +int sys_acl_delete_def_file(const char *path) +{ + SMB_ACL_T acl_d; + int ret; + + /* + * fetching the access ACL and rewriting it has + * the effect of deleting the default ACL + */ + if ((acl_d = sys_acl_get_file(path, SMB_ACL_TYPE_ACCESS)) == NULL) { + return -1; + } + + ret = acl(path, ACL_SET, acl_d->count, acl_d->acl); + + sys_acl_free_acl(acl_d); + + return ret; +} + +int sys_acl_free_text(char *text) +{ + free(text); + return 0; +} + +int sys_acl_free_acl(SMB_ACL_T acl_d) +{ + free(acl_d); + return 0; +} + +int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype) +{ + return 0; +} + #elif defined(HAVE_IRIX_ACLS) int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p) -- cgit From cd68afe31256ad60748b34f7318a180cfc2127cc Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Wed, 30 Jan 2002 06:08:46 +0000 Subject: Removed version number from file header. Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa) --- source3/lib/sysacls.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index b14b99b80d..db3e2bb67d 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -1,6 +1,5 @@ /* - Unix SMB/Netbios implementation. - Version 2.2. + Unix SMB/CIFS implementation. Samba system utilities for ACL support. Copyright (C) Jeremy Allison 2000. -- cgit From a2b95edf7f2f9c0778dbfecf482e8baa7eb32b87 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 4 Mar 2002 18:06:54 +0000 Subject: dos2unix not used in HEAD anymore. Jeremy. (This used to be commit d2af6382b4de232299529c30f2a7a39ea9b38507) --- source3/lib/sysacls.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index db3e2bb67d..22245992f5 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -1203,7 +1203,7 @@ SMB_ACL_T sys_acl_get_fd(int fd) * can use the relative path. */ - return sys_acl_get_file(dos_to_unix(fsp->fsp_name,False), SMB_ACL_TYPE_ACCESS); + return sys_acl_get_file(fsp->fsp_name, SMB_ACL_TYPE_ACCESS); } int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d) @@ -1893,7 +1893,7 @@ int sys_acl_set_fd(int fd, SMB_ACL_T acl_d) * can use the relative path. */ - return sys_acl_set_file(dos_to_unix(fsp->fsp_name,False), SMB_ACL_TYPE_ACCESS, acl_d); + return sys_acl_set_file(fsp->fsp_name, SMB_ACL_TYPE_ACCESS, acl_d); } int sys_acl_delete_def_file(const char *path) -- cgit From e90b65284812aaa5ff9e9935ce9bbad7791cbbcd Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 15 Jul 2002 10:35:28 +0000 Subject: updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce) --- source3/lib/sysacls.c | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index 22245992f5..00d06e4a5a 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -644,13 +644,7 @@ char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p) break; case SMB_ACL_USER: - if ((pw = sys_getpwuid(ap->a_id)) == NULL) { - slprintf(idbuf, sizeof(idbuf)-1, "%ld", - (long)ap->a_id); - id = idbuf; - } else { - id = pw->pw_name; - } + id = uidtoname(ap->a_id); case SMB_ACL_USER_OBJ: tag = "user"; break; @@ -1281,13 +1275,7 @@ char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p) break; case SMB_ACL_USER: - if ((pw = sys_getpwuid(ap->a_id)) == NULL) { - slprintf(idbuf, sizeof(idbuf)-1, "%ld", - (long)ap->a_id); - id = idbuf; - } else { - id = pw->pw_name; - } + id = uidtoname(ap->a_id); case SMB_ACL_USER_OBJ: tag = "user"; break; -- cgit From ecd1b0fffd414b7b6e28a741e9367eb92dd031d4 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 12 Nov 2004 02:16:00 +0000 Subject: r3693: Correctly detect errno for no acl/ea support. Jeremy (This used to be commit 089a76f611187e2ba4c3363b657905d04576109e) --- source3/lib/sysacls.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index 00d06e4a5a..9b5bef00e8 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -3196,3 +3196,23 @@ int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype) } #endif /* No ACLs. */ + +/************************************************************************ + Deliberately outside the ACL defines. Return 1 if this is a "no acls" + errno, 0 if not. +************************************************************************/ + +int no_acl_syscall_error(int err) +{ +#if defined(ENOSYS) + if (err == ENOSYS) { + return 1; + } +#endif +#if defined(ENOTSUP) + if (err == ENOTSUP) { + return 1; + } +#endif + return 0; +} -- cgit From b46913fb95d59f3ec8e7e71da758cd16cda05f2c Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 20 Dec 2004 21:14:28 +0000 Subject: r4291: More *alloc fixes inspired by Albert Chin (china@thewrittenword.com). Jeremy (This used to be commit efc1b688cf9b1a17f1a6bf46d481280ed8bd0c46) --- source3/lib/sysacls.c | 61 +++++++++++++++++++++++++-------------------------- 1 file changed, 30 insertions(+), 31 deletions(-) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index 9b5bef00e8..f5801af8c5 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -612,7 +612,7 @@ char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p) */ len = 0; maxlen = 20 * acl_d->count; - if ((text = malloc(maxlen)) == NULL) { + if ((text = SMB_MALLOC(maxlen)) == NULL) { errno = ENOMEM; return NULL; } @@ -690,7 +690,7 @@ char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p) maxlen += nbytes + 20 * (acl_d->count - i); - if ((text = Realloc(oldtext, maxlen)) == NULL) { + if ((text = SMB_REALLOC(oldtext, maxlen)) == NULL) { SAFE_FREE(oldtext); errno = ENOMEM; return NULL; @@ -722,7 +722,7 @@ SMB_ACL_T sys_acl_init(int count) * acl[] array, this actually allocates an ACL with room * for (count+1) entries */ - if ((a = malloc(sizeof(*a) + count * sizeof(struct acl))) == NULL) { + if ((a = SMB_MALLOC(sizeof(*a) + count * sizeof(struct acl))) == NULL) { errno = ENOMEM; return NULL; } @@ -886,7 +886,7 @@ int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d) * allocate a temporary buffer for the complete ACL */ acl_count = acc_acl->count + def_acl->count; - acl_p = acl_buf = malloc(acl_count * sizeof(acl_buf[0])); + acl_p = acl_buf = SMB_MALLOC_ARRAY(struct acl, acl_count); if (acl_buf == NULL) { sys_acl_free_acl(tmp_acl); @@ -1243,7 +1243,7 @@ char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p) */ len = 0; maxlen = 20 * acl_d->count; - if ((text = malloc(maxlen)) == NULL) { + if ((text = SMB_MALLOC(maxlen)) == NULL) { errno = ENOMEM; return NULL; } @@ -1321,7 +1321,7 @@ char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p) maxlen += nbytes + 20 * (acl_d->count - i); - if ((text = Realloc(oldtext, maxlen)) == NULL) { + if ((text = SMB_REALLOC(oldtext, maxlen)) == NULL) { free(oldtext); errno = ENOMEM; return NULL; @@ -1353,7 +1353,7 @@ SMB_ACL_T sys_acl_init(int count) * acl[] array, this actually allocates an ACL with room * for (count+1) entries */ - if ((a = malloc(sizeof(*a) + count * sizeof(struct acl))) == NULL) { + if ((a = SMB_MALLOC(sizeof(*a) + count * sizeof(struct acl))) == NULL) { errno = ENOMEM; return NULL; } @@ -1819,7 +1819,7 @@ int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d) * allocate a temporary buffer for the complete ACL */ acl_count = acc_acl->count + def_acl->count; - acl_p = acl_buf = malloc(acl_count * sizeof(acl_buf[0])); + acl_p = acl_buf = SMB_MALLOC_ARRAY(struct acl, acl_count); if (acl_buf == NULL) { sys_acl_free_acl(tmp_acl); @@ -1982,7 +1982,7 @@ SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type) { SMB_ACL_T a; - if ((a = malloc(sizeof(*a))) == NULL) { + if ((a = SMB_MALLOC_P(SMB_ACL_T)) == NULL) { errno = ENOMEM; return NULL; } @@ -1999,7 +1999,7 @@ SMB_ACL_T sys_acl_get_fd(int fd) { SMB_ACL_T a; - if ((a = malloc(sizeof(*a))) == NULL) { + if ((a = SMB_MALLOC_P(SMB_ACL_T)) == NULL) { errno = ENOMEM; return NULL; } @@ -2056,7 +2056,7 @@ SMB_ACL_T sys_acl_init(int count) return NULL; } - if ((a = malloc(sizeof(*a) + sizeof(struct acl))) == NULL) { + if ((a = SMB_MALLOC_P(struct acl)) == NULL) { errno = ENOMEM; return NULL; } @@ -2282,7 +2282,7 @@ SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type) DEBUG(10,("Entering sys_acl_get_file\n")); DEBUG(10,("path_p is %s\n",path_p)); - file_acl = (struct acl *)malloc(BUFSIZ); + file_acl = (struct acl *)SMB_MALLOC(BUFSIZ); if(file_acl == NULL) { errno=ENOMEM; @@ -2313,7 +2313,7 @@ SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type) if(acl_entry_link_head == NULL) return(NULL); - acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof(struct new_acl_entry)); + acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry); if(acl_entry_link->entryp == NULL) { SAFE_FREE(file_acl); errno = ENOMEM; @@ -2348,8 +2348,7 @@ SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type) * and already has entryp allocated. */ if(acl_entry_link_head->count != 0) { - acl_entry_link->nextp = (struct acl_entry_link *) - malloc(sizeof(struct acl_entry_link)); + acl_entry_link->nextp = SMB_MALLOC_P(struct acl_entry_link); if(acl_entry_link->nextp == NULL) { SAFE_FREE(file_acl); @@ -2360,7 +2359,7 @@ SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type) acl_entry_link->nextp->prevp = acl_entry_link; acl_entry_link = acl_entry_link->nextp; - acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof(struct new_acl_entry)); + acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry); if(acl_entry_link->entryp == NULL) { SAFE_FREE(file_acl); errno = ENOMEM; @@ -2419,7 +2418,7 @@ SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type) for( i = 1; i < 4; i++) { DEBUG(10,("i is %d\n",i)); if(acl_entry_link_head->count != 0) { - acl_entry_link->nextp = (struct acl_entry_link *)malloc(sizeof(struct acl_entry_link)); + acl_entry_link->nextp = SMB_MALLOC_P(struct acl_entry_link); if(acl_entry_link->nextp == NULL) { SAFE_FREE(file_acl); errno = ENOMEM; @@ -2429,7 +2428,7 @@ SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type) acl_entry_link->nextp->prevp = acl_entry_link; acl_entry_link = acl_entry_link->nextp; - acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof(struct new_acl_entry)); + acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry); if(acl_entry_link->entryp == NULL) { SAFE_FREE(file_acl); errno = ENOMEM; @@ -2496,7 +2495,7 @@ SMB_ACL_T sys_acl_get_fd(int fd) DEBUG(10,("Entering sys_acl_get_fd\n")); DEBUG(10,("fd is %d\n",fd)); - file_acl = (struct acl *)malloc(BUFSIZ); + file_acl = (struct acl *)SMB_MALLOC(BUFSIZ); if(file_acl == NULL) { errno=ENOMEM; @@ -2529,7 +2528,7 @@ SMB_ACL_T sys_acl_get_fd(int fd) return(NULL); } - acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof(struct new_acl_entry)); + acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry); if(acl_entry_link->entryp == NULL) { errno = ENOMEM; @@ -2566,7 +2565,7 @@ SMB_ACL_T sys_acl_get_fd(int fd) * and already has entryp allocated. */ if(acl_entry_link_head->count != 0) { - acl_entry_link->nextp = (struct acl_entry_link *)malloc(sizeof(struct acl_entry_link)); + acl_entry_link->nextp = SMB_MALLOC_P(struct acl_entry_link); if(acl_entry_link->nextp == NULL) { errno = ENOMEM; DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno)); @@ -2575,7 +2574,7 @@ SMB_ACL_T sys_acl_get_fd(int fd) } acl_entry_link->nextp->prevp = acl_entry_link; acl_entry_link = acl_entry_link->nextp; - acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof(struct new_acl_entry)); + acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry); if(acl_entry_link->entryp == NULL) { errno = ENOMEM; DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno)); @@ -2634,7 +2633,7 @@ SMB_ACL_T sys_acl_get_fd(int fd) for( i = 1; i < 4; i++) { DEBUG(10,("i is %d\n",i)); if(acl_entry_link_head->count != 0){ - acl_entry_link->nextp = (struct acl_entry_link *)malloc(sizeof(struct acl_entry_link)); + acl_entry_link->nextp = SMB_MALLOC_P(struct acl_entry_link); if(acl_entry_link->nextp == NULL) { errno = ENOMEM; DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno)); @@ -2644,7 +2643,7 @@ SMB_ACL_T sys_acl_get_fd(int fd) acl_entry_link->nextp->prevp = acl_entry_link; acl_entry_link = acl_entry_link->nextp; - acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof(struct new_acl_entry)); + acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry); if(acl_entry_link->entryp == NULL) { SAFE_FREE(file_acl); @@ -2723,7 +2722,7 @@ SMB_ACL_T sys_acl_init( int count) DEBUG(10,("Entering sys_acl_init\n")); - theacl = (struct acl_entry_link *)malloc(sizeof(struct acl_entry_link)); + theacl = SMB_MALLOC_P(struct acl_entry_link); if(theacl == NULL) { errno = ENOMEM; DEBUG(0,("Error in sys_acl_init is %d\n",errno)); @@ -2758,7 +2757,7 @@ int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry) } if(theacl->count != 0){ - temp_entry->nextp = acl_entryp = (struct acl_entry_link *)malloc(sizeof(struct acl_entry_link)); + temp_entry->nextp = acl_entryp = SMB_MALLOC_P(struct acl_entry_link); if(acl_entryp == NULL) { errno = ENOMEM; DEBUG(0,("Error in sys_acl_create_entry is %d\n",errno)); @@ -2770,7 +2769,7 @@ int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry) DEBUG(10,("The acl_entryp->prevp is %d\n",acl_entryp->prevp)); } - *pentry = acl_entryp->entryp = (struct new_acl_entry *)malloc(sizeof(struct new_acl_entry)); + *pentry = acl_entryp->entryp = SMB_MALLOC_P(struct new_acl_entry); if(*pentry == NULL) { errno = ENOMEM; DEBUG(0,("Error in sys_acl_create_entry is %d\n",errno)); @@ -2860,7 +2859,7 @@ int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl return(0); acl_length = BUFSIZ; - file_acl = (struct acl *)malloc(BUFSIZ); + file_acl = (struct acl *)SMB_MALLOC(BUFSIZ); if(file_acl == NULL) { errno = ENOMEM; @@ -2893,7 +2892,7 @@ int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl if((file_acl->acl_len + sizeof(struct acl_entry)) > acl_length) { acl_length += sizeof(struct acl_entry); - file_acl_temp = (struct acl *)malloc(acl_length); + file_acl_temp = (struct acl *)SMB_MALLOC(acl_length); if(file_acl_temp == NULL) { SAFE_FREE(file_acl); errno = ENOMEM; @@ -2948,7 +2947,7 @@ int sys_acl_set_fd( int fd, SMB_ACL_T theacl) DEBUG(10,("Entering sys_acl_set_fd\n")); acl_length = BUFSIZ; - file_acl = (struct acl *)malloc(BUFSIZ); + file_acl = (struct acl *)SMB_MALLOC(BUFSIZ); if(file_acl == NULL) { errno = ENOMEM; @@ -2982,7 +2981,7 @@ int sys_acl_set_fd( int fd, SMB_ACL_T theacl) if((file_acl->acl_len + sizeof(struct acl_entry)) > acl_length) { acl_length += sizeof(struct acl_entry); - file_acl_temp = (struct acl *)malloc(acl_length); + file_acl_temp = (struct acl *)SMB_MALLOC(acl_length); if(file_acl_temp == NULL) { SAFE_FREE(file_acl); errno = ENOMEM; -- cgit From 99f0355eb5fbc20e37a312977c97b5d378fff2bf Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 21 Dec 2004 04:34:14 +0000 Subject: r4305: Fix from Albert Chin (china@thewrittenword.com) to fix the earlier malloc changes. Jeremy. (This used to be commit da7ef2517162740bc61a81ae814d48348aa513d5) --- source3/lib/sysacls.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index f5801af8c5..4484810884 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -722,7 +722,7 @@ SMB_ACL_T sys_acl_init(int count) * acl[] array, this actually allocates an ACL with room * for (count+1) entries */ - if ((a = SMB_MALLOC(sizeof(*a) + count * sizeof(struct acl))) == NULL) { + if ((a = SMB_MALLOC(sizeof(struct SMB_ACL_T) + count * sizeof(struct acl))) == NULL) { errno = ENOMEM; return NULL; } @@ -1353,7 +1353,7 @@ SMB_ACL_T sys_acl_init(int count) * acl[] array, this actually allocates an ACL with room * for (count+1) entries */ - if ((a = SMB_MALLOC(sizeof(*a) + count * sizeof(struct acl))) == NULL) { + if ((a = SMB_MALLOC(sizeof(struct SMB_ACL_T) + count * sizeof(struct acl))) == NULL) { errno = ENOMEM; return NULL; } @@ -1982,7 +1982,7 @@ SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type) { SMB_ACL_T a; - if ((a = SMB_MALLOC_P(SMB_ACL_T)) == NULL) { + if ((a = SMB_MALLOC_P(struct SMB_ACL_T)) == NULL) { errno = ENOMEM; return NULL; } @@ -1999,7 +1999,7 @@ SMB_ACL_T sys_acl_get_fd(int fd) { SMB_ACL_T a; - if ((a = SMB_MALLOC_P(SMB_ACL_T)) == NULL) { + if ((a = SMB_MALLOC_P(struct SMB_ACL_T)) == NULL) { errno = ENOMEM; return NULL; } @@ -2056,7 +2056,7 @@ SMB_ACL_T sys_acl_init(int count) return NULL; } - if ((a = SMB_MALLOC_P(struct acl)) == NULL) { + if ((a = SMB_MALLOC(sizeof(struct SMB_ACL_T) + sizeof(struct acl))) == NULL) { errno = ENOMEM; return NULL; } -- cgit From f4c9a4bc44ecf870e836e2af663f068b4f74d4cb Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 14 Mar 2005 20:03:32 +0000 Subject: r5789: Patch from William Jojo - AIX has no default ACLs. Bug #2445. Jeremy. (This used to be commit c9b5e32650ef957841d488416922b948804474e2) --- source3/lib/sysacls.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index 4484810884..e7bd288f6e 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -20,6 +20,9 @@ #include "includes.h" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_ACLS + /* This file wraps all differing system ACL interfaces into a consistent one based on the POSIX interface. It also returns the correct errors @@ -2277,6 +2280,10 @@ SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type) int rc = 0; uid_t user_id; + /* AIX has no DEFAULT */ + if ( type == SMB_ACL_TYPE_DEFAULT ) + return NULL; + /* Get the acl using statacl */ DEBUG(10,("Entering sys_acl_get_file\n")); -- cgit From 894358a8f3e338b339b6c37233edef794b312087 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 7 Mar 2006 06:31:04 +0000 Subject: r13915: Fixed a very interesting class of realloc() bugs found by Coverity. realloc can return NULL in one of two cases - (1) the realloc failed, (2) realloc succeeded but the new size requested was zero, in which case this is identical to a free() call. The error paths dealing with these two cases should be different, but mostly weren't. Secondly the standard idiom for dealing with realloc when you know the new size is non-zero is the following : tmp = realloc(p, size); if (!tmp) { SAFE_FREE(p); return error; } else { p = tmp; } However, there were *many* *many* places in Samba where we were using the old (broken) idiom of : p = realloc(p, size) if (!p) { return error; } which will leak the memory pointed to by p on realloc fail. This commit (hopefully) fixes all these cases by moving to a standard idiom of : p = SMB_REALLOC(p, size) if (!p) { return error; } Where if the realloc returns null due to the realloc failing or size == 0 we *guarentee* that the storage pointed to by p has been freed. This allows me to remove a lot of code that was dealing with the standard (more verbose) method that required a tmp pointer. This is almost always what you want. When a realloc fails you never usually want the old memory, you want to free it and get into your error processing asap. For the 11 remaining cases where we really do need to keep the old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR, which can be used as follows : tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size); if (!tmp) { SAFE_FREE(p); return error; } else { p = tmp; } SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the pointer p, even on size == 0 or realloc fail. All this is done by a hidden extra argument to Realloc(), BOOL free_old_on_error which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR macros (and their array counterparts). It remains to be seen what this will do to our Coverity bug count :-). Jeremy. (This used to be commit 1d710d06a214f3f1740e80e0bffd6aab44aac2b0) --- source3/lib/sysacls.c | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index e7bd288f6e..61975264fd 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -689,12 +689,8 @@ char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p) * for each entry still to be processed */ if ((len + nbytes) > maxlen) { - char *oldtext = text; - maxlen += nbytes + 20 * (acl_d->count - i); - - if ((text = SMB_REALLOC(oldtext, maxlen)) == NULL) { - SAFE_FREE(oldtext); + if ((text = SMB_REALLOC(text, maxlen)) == NULL) { errno = ENOMEM; return NULL; } @@ -1320,11 +1316,8 @@ char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p) * for each entry still to be processed */ if ((len + nbytes) > maxlen) { - char *oldtext = text; - maxlen += nbytes + 20 * (acl_d->count - i); - - if ((text = SMB_REALLOC(oldtext, maxlen)) == NULL) { + if ((text = SMB_REALLOC(text, maxlen)) == NULL) { free(oldtext); errno = ENOMEM; return NULL; -- cgit From 26443e8c0b78f58f6ae176efe9336030ad9f6b8a Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 10 May 2006 06:35:01 +0000 Subject: r15525: fix compile error on HP-UX reported by Ryan Novosielski (This used to be commit e439660f916050291107f699e32ba2872ba95fcf) --- source3/lib/sysacls.c | 1 - 1 file changed, 1 deletion(-) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index 61975264fd..36baf96016 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -1318,7 +1318,6 @@ char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p) if ((len + nbytes) > maxlen) { maxlen += nbytes + 20 * (acl_d->count - i); if ((text = SMB_REALLOC(text, maxlen)) == NULL) { - free(oldtext); errno = ENOMEM; return NULL; } -- cgit From ba72b0242e29e7cc97f02af27290806a07305350 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Fri, 21 Jul 2006 15:51:34 +0000 Subject: r17179: Merge the vl-posixacls tmp branch into mainline. It modularizes our interface into the special posix API used on the system. Without this patch the specific API flavor is determined at compile time, something which severely limits usability on systems with more than one file system. Our first targets are AIX with its JFS and JFS2 APIs, at a later stage also GPFS. But it's certainly not limited to IBM stuff, this abstraction is also necessary for anything that copes with NFSv4 ACLs. For this we will check in handling very soon. Major contributions can be found in the copyright notices as well as the checkin log of the vl-posixacls branch. The final merge to 3_0 post-3.0.23 was done by Peter Somogyi (This used to be commit ca0c73f281a2a65a988094a46bb3e46a94011a53) --- source3/lib/sysacls.c | 3261 +++++-------------------------------------------- 1 file changed, 323 insertions(+), 2938 deletions(-) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index 36baf96016..e8c33c2c95 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -2,6 +2,8 @@ Unix SMB/CIFS implementation. Samba system utilities for ACL support. Copyright (C) Jeremy Allison 2000. + Copyright (C) Volker Lendecke 2006 + Copyright (C) Michael Adam 2006 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -23,337 +25,6 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_ACLS -/* - This file wraps all differing system ACL interfaces into a consistent - one based on the POSIX interface. It also returns the correct errors - for older UNIX systems that don't support ACLs. - - The interfaces that each ACL implementation must support are as follows : - - int sys_acl_get_entry( SMB_ACL_T theacl, int entry_id, SMB_ACL_ENTRY_T *entry_p) - int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p) - int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p - void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d) - SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type) - SMB_ACL_T sys_acl_get_fd(int fd) - int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset); - int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm); - char *sys_acl_to_text( SMB_ACL_T theacl, ssize_t *plen) - SMB_ACL_T sys_acl_init( int count) - int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry) - int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype) - int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual) - int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset) - int sys_acl_valid( SMB_ACL_T theacl ) - int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) - int sys_acl_set_fd( int fd, SMB_ACL_T theacl) - int sys_acl_delete_def_file(const char *path) - - This next one is not POSIX complient - but we *have* to have it ! - More POSIX braindamage. - - int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) - - The generic POSIX free is the following call. We split this into - several different free functions as we may need to add tag info - to structures when emulating the POSIX interface. - - int sys_acl_free( void *obj_p) - - The calls we actually use are : - - int sys_acl_free_text(char *text) - free acl_to_text - int sys_acl_free_acl(SMB_ACL_T posix_acl) - int sys_acl_free_qualifier(void *qualifier, SMB_ACL_TAG_T tagtype) - -*/ - -#if defined(HAVE_POSIX_ACLS) - -/* Identity mapping - easy. */ - -int sys_acl_get_entry( SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p) -{ - return acl_get_entry( the_acl, entry_id, entry_p); -} - -int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p) -{ - return acl_get_tag_type( entry_d, tag_type_p); -} - -int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p) -{ - return acl_get_permset( entry_d, permset_p); -} - -void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d) -{ - return acl_get_qualifier( entry_d); -} - -SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type) -{ - return acl_get_file( path_p, type); -} - -SMB_ACL_T sys_acl_get_fd(int fd) -{ - return acl_get_fd(fd); -} - -int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset) -{ - return acl_clear_perms(permset); -} - -int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) -{ - return acl_add_perm(permset, perm); -} - -int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) -{ -#if defined(HAVE_ACL_GET_PERM_NP) - /* - * Required for TrustedBSD-based ACL implementations where - * non-POSIX.1e functions are denoted by a _np (non-portable) - * suffix. - */ - return acl_get_perm_np(permset, perm); -#else - return acl_get_perm(permset, perm); -#endif -} - -char *sys_acl_to_text( SMB_ACL_T the_acl, ssize_t *plen) -{ - return acl_to_text( the_acl, plen); -} - -SMB_ACL_T sys_acl_init( int count) -{ - return acl_init(count); -} - -int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry) -{ - return acl_create_entry(pacl, pentry); -} - -int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype) -{ - return acl_set_tag_type(entry, tagtype); -} - -int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual) -{ - return acl_set_qualifier(entry, qual); -} - -int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset) -{ - return acl_set_permset(entry, permset); -} - -int sys_acl_valid( SMB_ACL_T theacl ) -{ - return acl_valid(theacl); -} - -int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) -{ - return acl_set_file(name, acltype, theacl); -} - -int sys_acl_set_fd( int fd, SMB_ACL_T theacl) -{ - return acl_set_fd(fd, theacl); -} - -int sys_acl_delete_def_file(const char *name) -{ - return acl_delete_def_file(name); -} - -int sys_acl_free_text(char *text) -{ - return acl_free(text); -} - -int sys_acl_free_acl(SMB_ACL_T the_acl) -{ - return acl_free(the_acl); -} - -int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype) -{ - return acl_free(qual); -} - -#elif defined(HAVE_TRU64_ACLS) -/* - * The interface to DEC/Compaq Tru64 UNIX ACLs - * is based on Draft 13 of the POSIX spec which is - * slightly different from the Draft 16 interface. - * - * Also, some of the permset manipulation functions - * such as acl_clear_perm() and acl_add_perm() appear - * to be broken on Tru64 so we have to manipulate - * the permission bits in the permset directly. - */ -int sys_acl_get_entry( SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p) -{ - SMB_ACL_ENTRY_T entry; - - if (entry_id == SMB_ACL_FIRST_ENTRY && acl_first_entry(the_acl) != 0) { - return -1; - } - - errno = 0; - if ((entry = acl_get_entry(the_acl)) != NULL) { - *entry_p = entry; - return 1; - } - - return errno ? -1 : 0; -} - -int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p) -{ - return acl_get_tag_type( entry_d, tag_type_p); -} - -int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p) -{ - return acl_get_permset( entry_d, permset_p); -} - -void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d) -{ - return acl_get_qualifier( entry_d); -} - -SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type) -{ - return acl_get_file((char *)path_p, type); -} - -SMB_ACL_T sys_acl_get_fd(int fd) -{ - return acl_get_fd(fd, ACL_TYPE_ACCESS); -} - -int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset) -{ - *permset = 0; /* acl_clear_perm() is broken on Tru64 */ - - return 0; -} - -int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) -{ - if (perm & ~(SMB_ACL_READ | SMB_ACL_WRITE | SMB_ACL_EXECUTE)) { - errno = EINVAL; - return -1; - } - - *permset |= perm; /* acl_add_perm() is broken on Tru64 */ - - return 0; -} - -int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) -{ - return *permset & perm; /* Tru64 doesn't have acl_get_perm() */ -} - -char *sys_acl_to_text( SMB_ACL_T the_acl, ssize_t *plen) -{ - return acl_to_text( the_acl, plen); -} - -SMB_ACL_T sys_acl_init( int count) -{ - return acl_init(count); -} - -int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry) -{ - SMB_ACL_ENTRY_T entry; - - if ((entry = acl_create_entry(pacl)) == NULL) { - return -1; - } - - *pentry = entry; - return 0; -} - -int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype) -{ - return acl_set_tag_type(entry, tagtype); -} - -int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual) -{ - return acl_set_qualifier(entry, qual); -} - -int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset) -{ - return acl_set_permset(entry, permset); -} - -int sys_acl_valid( SMB_ACL_T theacl ) -{ - acl_entry_t entry; - - return acl_valid(theacl, &entry); -} - -int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) -{ - return acl_set_file((char *)name, acltype, theacl); -} - -int sys_acl_set_fd( int fd, SMB_ACL_T theacl) -{ - return acl_set_fd(fd, ACL_TYPE_ACCESS, theacl); -} - -int sys_acl_delete_def_file(const char *name) -{ - return acl_delete_def_file((char *)name); -} - -int sys_acl_free_text(char *text) -{ - /* - * (void) cast and explicit return 0 are for DEC UNIX - * which just #defines acl_free_text() to be free() - */ - (void) acl_free_text(text); - return 0; -} - -int sys_acl_free_acl(SMB_ACL_T the_acl) -{ - return acl_free(the_acl); -} - -int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype) -{ - return acl_free_qualifier(qual, tagtype); -} - -#elif defined(HAVE_UNIXWARE_ACLS) || defined(HAVE_SOLARIS_ACLS) - -/* - * Donated by Michael Davidson for UnixWare / OpenUNIX. - * Modified by Toomas Soome for Solaris. - */ - /* * Note that while this code implements sufficient functionality * to support the sys_acl_* interfaces it does not provide all @@ -369,19 +40,6 @@ int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype) * sys_acl_set_fd() */ -/* - * The only difference between Solaris and UnixWare / OpenUNIX is - * that the #defines for the ACL operations have different names - */ -#if defined(HAVE_UNIXWARE_ACLS) - -#define SETACL ACL_SET -#define GETACL ACL_GET -#define GETACLCNT ACL_CNT - -#endif - - int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p) { if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) { @@ -428,2772 +86,499 @@ int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p) void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d) { - if (entry_d->a_type != SMB_ACL_USER - && entry_d->a_type != SMB_ACL_GROUP) { - errno = EINVAL; - return NULL; - } - - return &entry_d->a_id; -} - -/* - * There is no way of knowing what size the ACL returned by - * GETACL will be unless you first call GETACLCNT which means - * making an additional system call. - * - * In the hope of avoiding the cost of the additional system - * call in most cases, we initially allocate enough space for - * an ACL with INITIAL_ACL_SIZE entries. If this turns out to - * be too small then we use GETACLCNT to find out the actual - * size, reallocate the ACL buffer, and then call GETACL again. - */ - -#define INITIAL_ACL_SIZE 16 - -SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type) -{ - SMB_ACL_T acl_d; - int count; /* # of ACL entries allocated */ - int naccess; /* # of access ACL entries */ - int ndefault; /* # of default ACL entries */ - - if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) { - errno = EINVAL; - return NULL; - } - - count = INITIAL_ACL_SIZE; - if ((acl_d = sys_acl_init(count)) == NULL) { - return NULL; - } - - /* - * If there isn't enough space for the ACL entries we use - * GETACLCNT to determine the actual number of ACL entries - * reallocate and try again. This is in a loop because it - * is possible that someone else could modify the ACL and - * increase the number of entries between the call to - * GETACLCNT and the call to GETACL. - */ - while ((count = acl(path_p, GETACL, count, &acl_d->acl[0])) < 0 - && errno == ENOSPC) { - - sys_acl_free_acl(acl_d); - - if ((count = acl(path_p, GETACLCNT, 0, NULL)) < 0) { - return NULL; - } - - if ((acl_d = sys_acl_init(count)) == NULL) { - return NULL; - } - } - - if (count < 0) { - sys_acl_free_acl(acl_d); - return NULL; - } - - /* - * calculate the number of access and default ACL entries - * - * Note: we assume that the acl() system call returned a - * well formed ACL which is sorted so that all of the - * access ACL entries preceed any default ACL entries - */ - for (naccess = 0; naccess < count; naccess++) { - if (acl_d->acl[naccess].a_type & ACL_DEFAULT) - break; - } - ndefault = count - naccess; - - /* - * if the caller wants the default ACL we have to copy - * the entries down to the start of the acl[] buffer - * and mask out the ACL_DEFAULT flag from the type field - */ - if (type == SMB_ACL_TYPE_DEFAULT) { - int i, j; - - for (i = 0, j = naccess; i < ndefault; i++, j++) { - acl_d->acl[i] = acl_d->acl[j]; - acl_d->acl[i].a_type &= ~ACL_DEFAULT; - } - - acl_d->count = ndefault; - } else { - acl_d->count = naccess; - } - - return acl_d; -} - -SMB_ACL_T sys_acl_get_fd(int fd) -{ - SMB_ACL_T acl_d; - int count; /* # of ACL entries allocated */ - int naccess; /* # of access ACL entries */ - - count = INITIAL_ACL_SIZE; - if ((acl_d = sys_acl_init(count)) == NULL) { - return NULL; - } - - while ((count = facl(fd, GETACL, count, &acl_d->acl[0])) < 0 - && errno == ENOSPC) { - - sys_acl_free_acl(acl_d); - - if ((count = facl(fd, GETACLCNT, 0, NULL)) < 0) { - return NULL; + if (entry_d->a_type == SMB_ACL_USER) { + return &entry_d->uid; } - if ((acl_d = sys_acl_init(count)) == NULL) { - return NULL; - } + if (entry_d->a_type == SMB_ACL_GROUP) { + return &entry_d->gid; } - if (count < 0) { - sys_acl_free_acl(acl_d); + errno = EINVAL; return NULL; - } - - /* - * calculate the number of access ACL entries - */ - for (naccess = 0; naccess < count; naccess++) { - if (acl_d->acl[naccess].a_type & ACL_DEFAULT) - break; - } - - acl_d->count = naccess; - - return acl_d; } int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d) { *permset_d = 0; - return 0; -} - -int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm) -{ - if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE - && perm != SMB_ACL_EXECUTE) { - errno = EINVAL; - return -1; - } - - if (permset_d == NULL) { - errno = EINVAL; - return -1; - } - - *permset_d |= perm; - - return 0; -} - -int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm) -{ - return *permset_d & perm; -} - -char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p) -{ - int i; - int len, maxlen; - char *text; - - /* - * use an initial estimate of 20 bytes per ACL entry - * when allocating memory for the text representation - * of the ACL - */ - len = 0; - maxlen = 20 * acl_d->count; - if ((text = SMB_MALLOC(maxlen)) == NULL) { - errno = ENOMEM; - return NULL; - } - - for (i = 0; i < acl_d->count; i++) { - struct acl *ap = &acl_d->acl[i]; - struct passwd *pw; - struct group *gr; - char tagbuf[12]; - char idbuf[12]; - char *tag; - char *id = ""; - char perms[4]; - int nbytes; - - switch (ap->a_type) { - /* - * for debugging purposes it's probably more - * useful to dump unknown tag types rather - * than just returning an error - */ - default: - slprintf(tagbuf, sizeof(tagbuf)-1, "0x%x", - ap->a_type); - tag = tagbuf; - slprintf(idbuf, sizeof(idbuf)-1, "%ld", - (long)ap->a_id); - id = idbuf; - break; - - case SMB_ACL_USER: - id = uidtoname(ap->a_id); - case SMB_ACL_USER_OBJ: - tag = "user"; - break; - - case SMB_ACL_GROUP: - if ((gr = getgrgid(ap->a_id)) == NULL) { - slprintf(idbuf, sizeof(idbuf)-1, "%ld", - (long)ap->a_id); - id = idbuf; - } else { - id = gr->gr_name; - } - case SMB_ACL_GROUP_OBJ: - tag = "group"; - break; - - case SMB_ACL_OTHER: - tag = "other"; - break; - - case SMB_ACL_MASK: - tag = "mask"; - break; - - } - - perms[0] = (ap->a_perm & SMB_ACL_READ) ? 'r' : '-'; - perms[1] = (ap->a_perm & SMB_ACL_WRITE) ? 'w' : '-'; - perms[2] = (ap->a_perm & SMB_ACL_EXECUTE) ? 'x' : '-'; - perms[3] = '\0'; - - /* : : rwx \n \0 */ - nbytes = strlen(tag) + 1 + strlen(id) + 1 + 3 + 1 + 1; - - /* - * If this entry would overflow the buffer - * allocate enough additional memory for this - * entry and an estimate of another 20 bytes - * for each entry still to be processed - */ - if ((len + nbytes) > maxlen) { - maxlen += nbytes + 20 * (acl_d->count - i); - if ((text = SMB_REALLOC(text, maxlen)) == NULL) { - errno = ENOMEM; - return NULL; - } - } - - slprintf(&text[len], nbytes-1, "%s:%s:%s\n", tag, id, perms); - len += nbytes - 1; - } - - if (len_p) - *len_p = len; - - return text; -} - -SMB_ACL_T sys_acl_init(int count) -{ - SMB_ACL_T a; - - if (count < 0) { - errno = EINVAL; - return NULL; - } - - /* - * note that since the definition of the structure pointed - * to by the SMB_ACL_T includes the first element of the - * acl[] array, this actually allocates an ACL with room - * for (count+1) entries - */ - if ((a = SMB_MALLOC(sizeof(struct SMB_ACL_T) + count * sizeof(struct acl))) == NULL) { - errno = ENOMEM; - return NULL; - } - - a->size = count + 1; - a->count = 0; - a->next = -1; - - return a; -} - - -int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p) -{ - SMB_ACL_T acl_d; - SMB_ACL_ENTRY_T entry_d; - - if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) { - errno = EINVAL; - return -1; - } - - if (acl_d->count >= acl_d->size) { - errno = ENOSPC; - return -1; - } - - entry_d = &acl_d->acl[acl_d->count++]; - entry_d->a_type = 0; - entry_d->a_id = -1; - entry_d->a_perm = 0; - *entry_p = entry_d; - - return 0; -} - -int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type) -{ - switch (tag_type) { - case SMB_ACL_USER: - case SMB_ACL_USER_OBJ: - case SMB_ACL_GROUP: - case SMB_ACL_GROUP_OBJ: - case SMB_ACL_OTHER: - case SMB_ACL_MASK: - entry_d->a_type = tag_type; - break; - default: - errno = EINVAL; - return -1; - } - - return 0; -} - -int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p) -{ - if (entry_d->a_type != SMB_ACL_GROUP - && entry_d->a_type != SMB_ACL_USER) { - errno = EINVAL; - return -1; - } - - entry_d->a_id = *((id_t *)qual_p); - - return 0; -} - -int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d) -{ - if (*permset_d & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) { - return EINVAL; - } - - entry_d->a_perm = *permset_d; - - return 0; -} - -/* - * sort the ACL and check it for validity - * - * if it's a minimal ACL with only 4 entries then we - * need to recalculate the mask permissions to make - * sure that they are the same as the GROUP_OBJ - * permissions as required by the UnixWare acl() system call. - * - * (note: since POSIX allows minimal ACLs which only contain - * 3 entries - ie there is no mask entry - we should, in theory, - * check for this and add a mask entry if necessary - however - * we "know" that the caller of this interface always specifies - * a mask so, in practice "this never happens" (tm) - if it *does* - * happen aclsort() will fail and return an error and someone will - * have to fix it ...) - */ - -static int acl_sort(SMB_ACL_T acl_d) -{ - int fixmask = (acl_d->count <= 4); - - if (aclsort(acl_d->count, fixmask, acl_d->acl) != 0) { - errno = EINVAL; - return -1; - } - return 0; -} - -int sys_acl_valid(SMB_ACL_T acl_d) -{ - return acl_sort(acl_d); -} - -int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d) -{ - struct stat s; - struct acl *acl_p; - int acl_count; - struct acl *acl_buf = NULL; - int ret; - - if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) { - errno = EINVAL; - return -1; - } - - if (acl_sort(acl_d) != 0) { - return -1; - } - - acl_p = &acl_d->acl[0]; - acl_count = acl_d->count; - - /* - * if it's a directory there is extra work to do - * since the acl() system call will replace both - * the access ACLs and the default ACLs (if any) - */ - if (stat(name, &s) != 0) { - return -1; - } - if (S_ISDIR(s.st_mode)) { - SMB_ACL_T acc_acl; - SMB_ACL_T def_acl; - SMB_ACL_T tmp_acl; - int i; - - if (type == SMB_ACL_TYPE_ACCESS) { - acc_acl = acl_d; - def_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_DEFAULT); - - } else { - def_acl = acl_d; - acc_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_ACCESS); - } - - if (tmp_acl == NULL) { - return -1; - } - - /* - * allocate a temporary buffer for the complete ACL - */ - acl_count = acc_acl->count + def_acl->count; - acl_p = acl_buf = SMB_MALLOC_ARRAY(struct acl, acl_count); - - if (acl_buf == NULL) { - sys_acl_free_acl(tmp_acl); - errno = ENOMEM; - return -1; - } - - /* - * copy the access control and default entries into the buffer - */ - memcpy(&acl_buf[0], &acc_acl->acl[0], - acc_acl->count * sizeof(acl_buf[0])); - - memcpy(&acl_buf[acc_acl->count], &def_acl->acl[0], - def_acl->count * sizeof(acl_buf[0])); - - /* - * set the ACL_DEFAULT flag on the default entries - */ - for (i = acc_acl->count; i < acl_count; i++) { - acl_buf[i].a_type |= ACL_DEFAULT; - } - - sys_acl_free_acl(tmp_acl); - - } else if (type != SMB_ACL_TYPE_ACCESS) { - errno = EINVAL; - return -1; - } - - ret = acl(name, SETACL, acl_count, acl_p); - - SAFE_FREE(acl_buf); - - return ret; -} - -int sys_acl_set_fd(int fd, SMB_ACL_T acl_d) -{ - if (acl_sort(acl_d) != 0) { - return -1; - } - - return facl(fd, SETACL, acl_d->count, &acl_d->acl[0]); -} - -int sys_acl_delete_def_file(const char *path) -{ - SMB_ACL_T acl_d; - int ret; - - /* - * fetching the access ACL and rewriting it has - * the effect of deleting the default ACL - */ - if ((acl_d = sys_acl_get_file(path, SMB_ACL_TYPE_ACCESS)) == NULL) { - return -1; - } - - ret = acl(path, SETACL, acl_d->count, acl_d->acl); - - sys_acl_free_acl(acl_d); - - return ret; -} - -int sys_acl_free_text(char *text) -{ - SAFE_FREE(text); - return 0; -} - -int sys_acl_free_acl(SMB_ACL_T acl_d) -{ - SAFE_FREE(acl_d); - return 0; -} - -int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype) -{ - return 0; -} - -#elif defined(HAVE_HPUX_ACLS) -#include - -/* - * Based on the Solaris/SCO code - with modifications. - */ - -/* - * Note that while this code implements sufficient functionality - * to support the sys_acl_* interfaces it does not provide all - * of the semantics of the POSIX ACL interfaces. - * - * In particular, an ACL entry descriptor (SMB_ACL_ENTRY_T) returned - * from a call to sys_acl_get_entry() should not be assumed to be - * valid after calling any of the following functions, which may - * reorder the entries in the ACL. - * - * sys_acl_valid() - * sys_acl_set_file() - * sys_acl_set_fd() - */ - -/* This checks if the POSIX ACL system call is defined */ -/* which basically corresponds to whether JFS 3.3 or */ -/* higher is installed. If acl() was called when it */ -/* isn't defined, it causes the process to core dump */ -/* so it is important to check this and avoid acl() */ -/* calls if it isn't there. */ - -static BOOL hpux_acl_call_presence(void) -{ - - shl_t handle = NULL; - void *value; - int ret_val=0; - static BOOL already_checked=0; - - if(already_checked) - return True; - - - ret_val = shl_findsym(&handle, "acl", TYPE_PROCEDURE, &value); - - if(ret_val != 0) { - DEBUG(5, ("hpux_acl_call_presence: shl_findsym() returned %d, errno = %d, error %s\n", - ret_val, errno, strerror(errno))); - DEBUG(5,("hpux_acl_call_presence: acl() system call is not present. Check if you have JFS 3.3 and above?\n")); - return False; - } - - DEBUG(10,("hpux_acl_call_presence: acl() system call is present. We have JFS 3.3 or above \n")); - - already_checked = True; - return True; -} - -int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p) -{ - if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) { - errno = EINVAL; - return -1; - } - - if (entry_p == NULL) { - errno = EINVAL; - return -1; - } - - if (entry_id == SMB_ACL_FIRST_ENTRY) { - acl_d->next = 0; - } - - if (acl_d->next < 0) { - errno = EINVAL; - return -1; - } - - if (acl_d->next >= acl_d->count) { - return 0; - } - - *entry_p = &acl_d->acl[acl_d->next++]; - - return 1; -} - -int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p) -{ - *type_p = entry_d->a_type; - - return 0; -} - -int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p) -{ - *permset_p = &entry_d->a_perm; - - return 0; -} - -void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d) -{ - if (entry_d->a_type != SMB_ACL_USER - && entry_d->a_type != SMB_ACL_GROUP) { - errno = EINVAL; - return NULL; - } - - return &entry_d->a_id; -} - -/* - * There is no way of knowing what size the ACL returned by - * ACL_GET will be unless you first call ACL_CNT which means - * making an additional system call. - * - * In the hope of avoiding the cost of the additional system - * call in most cases, we initially allocate enough space for - * an ACL with INITIAL_ACL_SIZE entries. If this turns out to - * be too small then we use ACL_CNT to find out the actual - * size, reallocate the ACL buffer, and then call ACL_GET again. - */ - -#define INITIAL_ACL_SIZE 16 - -SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type) -{ - SMB_ACL_T acl_d; - int count; /* # of ACL entries allocated */ - int naccess; /* # of access ACL entries */ - int ndefault; /* # of default ACL entries */ - - if(hpux_acl_call_presence() == False) { - /* Looks like we don't have the acl() system call on HPUX. - * May be the system doesn't have the latest version of JFS. - */ - return NULL; - } - - if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) { - errno = EINVAL; - return NULL; - } - - count = INITIAL_ACL_SIZE; - if ((acl_d = sys_acl_init(count)) == NULL) { - return NULL; - } - - /* - * If there isn't enough space for the ACL entries we use - * ACL_CNT to determine the actual number of ACL entries - * reallocate and try again. This is in a loop because it - * is possible that someone else could modify the ACL and - * increase the number of entries between the call to - * ACL_CNT and the call to ACL_GET. - */ - while ((count = acl(path_p, ACL_GET, count, &acl_d->acl[0])) < 0 && errno == ENOSPC) { - - sys_acl_free_acl(acl_d); - - if ((count = acl(path_p, ACL_CNT, 0, NULL)) < 0) { - return NULL; - } - - if ((acl_d = sys_acl_init(count)) == NULL) { - return NULL; - } - } - - if (count < 0) { - sys_acl_free_acl(acl_d); - return NULL; - } - - /* - * calculate the number of access and default ACL entries - * - * Note: we assume that the acl() system call returned a - * well formed ACL which is sorted so that all of the - * access ACL entries preceed any default ACL entries - */ - for (naccess = 0; naccess < count; naccess++) { - if (acl_d->acl[naccess].a_type & ACL_DEFAULT) - break; - } - ndefault = count - naccess; - - /* - * if the caller wants the default ACL we have to copy - * the entries down to the start of the acl[] buffer - * and mask out the ACL_DEFAULT flag from the type field - */ - if (type == SMB_ACL_TYPE_DEFAULT) { - int i, j; - - for (i = 0, j = naccess; i < ndefault; i++, j++) { - acl_d->acl[i] = acl_d->acl[j]; - acl_d->acl[i].a_type &= ~ACL_DEFAULT; - } - - acl_d->count = ndefault; - } else { - acl_d->count = naccess; - } - - return acl_d; -} - -SMB_ACL_T sys_acl_get_fd(int fd) -{ - /* - * HPUX doesn't have the facl call. Fake it using the path.... JRA. - */ - - files_struct *fsp = file_find_fd(fd); - - if (fsp == NULL) { - errno = EBADF; - return NULL; - } - - /* - * We know we're in the same conn context. So we - * can use the relative path. - */ - - return sys_acl_get_file(fsp->fsp_name, SMB_ACL_TYPE_ACCESS); -} - -int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d) -{ - *permset_d = 0; - - return 0; -} - -int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm) -{ - if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE - && perm != SMB_ACL_EXECUTE) { - errno = EINVAL; - return -1; - } - - if (permset_d == NULL) { - errno = EINVAL; - return -1; - } - - *permset_d |= perm; - - return 0; -} - -int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm) -{ - return *permset_d & perm; -} - -char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p) -{ - int i; - int len, maxlen; - char *text; - - /* - * use an initial estimate of 20 bytes per ACL entry - * when allocating memory for the text representation - * of the ACL - */ - len = 0; - maxlen = 20 * acl_d->count; - if ((text = SMB_MALLOC(maxlen)) == NULL) { - errno = ENOMEM; - return NULL; - } - - for (i = 0; i < acl_d->count; i++) { - struct acl *ap = &acl_d->acl[i]; - struct passwd *pw; - struct group *gr; - char tagbuf[12]; - char idbuf[12]; - char *tag; - char *id = ""; - char perms[4]; - int nbytes; - - switch (ap->a_type) { - /* - * for debugging purposes it's probably more - * useful to dump unknown tag types rather - * than just returning an error - */ - default: - slprintf(tagbuf, sizeof(tagbuf)-1, "0x%x", - ap->a_type); - tag = tagbuf; - slprintf(idbuf, sizeof(idbuf)-1, "%ld", - (long)ap->a_id); - id = idbuf; - break; - - case SMB_ACL_USER: - id = uidtoname(ap->a_id); - case SMB_ACL_USER_OBJ: - tag = "user"; - break; - - case SMB_ACL_GROUP: - if ((gr = getgrgid(ap->a_id)) == NULL) { - slprintf(idbuf, sizeof(idbuf)-1, "%ld", - (long)ap->a_id); - id = idbuf; - } else { - id = gr->gr_name; - } - case SMB_ACL_GROUP_OBJ: - tag = "group"; - break; - - case SMB_ACL_OTHER: - tag = "other"; - break; - - case SMB_ACL_MASK: - tag = "mask"; - break; - - } - - perms[0] = (ap->a_perm & SMB_ACL_READ) ? 'r' : '-'; - perms[1] = (ap->a_perm & SMB_ACL_WRITE) ? 'w' : '-'; - perms[2] = (ap->a_perm & SMB_ACL_EXECUTE) ? 'x' : '-'; - perms[3] = '\0'; - - /* : : rwx \n \0 */ - nbytes = strlen(tag) + 1 + strlen(id) + 1 + 3 + 1 + 1; - - /* - * If this entry would overflow the buffer - * allocate enough additional memory for this - * entry and an estimate of another 20 bytes - * for each entry still to be processed - */ - if ((len + nbytes) > maxlen) { - maxlen += nbytes + 20 * (acl_d->count - i); - if ((text = SMB_REALLOC(text, maxlen)) == NULL) { - errno = ENOMEM; - return NULL; - } - } - - slprintf(&text[len], nbytes-1, "%s:%s:%s\n", tag, id, perms); - len += nbytes - 1; - } - - if (len_p) - *len_p = len; - - return text; -} - -SMB_ACL_T sys_acl_init(int count) -{ - SMB_ACL_T a; - - if (count < 0) { - errno = EINVAL; - return NULL; - } - - /* - * note that since the definition of the structure pointed - * to by the SMB_ACL_T includes the first element of the - * acl[] array, this actually allocates an ACL with room - * for (count+1) entries - */ - if ((a = SMB_MALLOC(sizeof(struct SMB_ACL_T) + count * sizeof(struct acl))) == NULL) { - errno = ENOMEM; - return NULL; - } - - a->size = count + 1; - a->count = 0; - a->next = -1; - - return a; -} - - -int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p) -{ - SMB_ACL_T acl_d; - SMB_ACL_ENTRY_T entry_d; - - if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) { - errno = EINVAL; - return -1; - } - - if (acl_d->count >= acl_d->size) { - errno = ENOSPC; - return -1; - } - - entry_d = &acl_d->acl[acl_d->count++]; - entry_d->a_type = 0; - entry_d->a_id = -1; - entry_d->a_perm = 0; - *entry_p = entry_d; - - return 0; -} - -int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type) -{ - switch (tag_type) { - case SMB_ACL_USER: - case SMB_ACL_USER_OBJ: - case SMB_ACL_GROUP: - case SMB_ACL_GROUP_OBJ: - case SMB_ACL_OTHER: - case SMB_ACL_MASK: - entry_d->a_type = tag_type; - break; - default: - errno = EINVAL; - return -1; - } - - return 0; -} - -int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p) -{ - if (entry_d->a_type != SMB_ACL_GROUP - && entry_d->a_type != SMB_ACL_USER) { - errno = EINVAL; - return -1; - } - - entry_d->a_id = *((id_t *)qual_p); - - return 0; -} - -int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d) -{ - if (*permset_d & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) { - return EINVAL; - } - - entry_d->a_perm = *permset_d; - - return 0; -} - -/* Structure to capture the count for each type of ACE. */ - -struct hpux_acl_types { - int n_user; - int n_def_user; - int n_user_obj; - int n_def_user_obj; - - int n_group; - int n_def_group; - int n_group_obj; - int n_def_group_obj; - - int n_other; - int n_other_obj; - int n_def_other_obj; - - int n_class_obj; - int n_def_class_obj; - - int n_illegal_obj; -}; - -/* count_obj: - * Counts the different number of objects in a given array of ACL - * structures. - * Inputs: - * - * acl_count - Count of ACLs in the array of ACL strucutres. - * aclp - Array of ACL structures. - * acl_type_count - Pointer to acl_types structure. Should already be - * allocated. - * Output: - * - * acl_type_count - This structure is filled up with counts of various - * acl types. - */ - -static int hpux_count_obj(int acl_count, struct acl *aclp, struct hpux_acl_types *acl_type_count) -{ - int i; - - memset(acl_type_count, 0, sizeof(struct hpux_acl_types)); - - for(i=0;in_user++; - break; - case USER_OBJ: - acl_type_count->n_user_obj++; - break; - case DEF_USER_OBJ: - acl_type_count->n_def_user_obj++; - break; - case GROUP: - acl_type_count->n_group++; - break; - case GROUP_OBJ: - acl_type_count->n_group_obj++; - break; - case DEF_GROUP_OBJ: - acl_type_count->n_def_group_obj++; - break; - case OTHER_OBJ: - acl_type_count->n_other_obj++; - break; - case DEF_OTHER_OBJ: - acl_type_count->n_def_other_obj++; - break; - case CLASS_OBJ: - acl_type_count->n_class_obj++; - break; - case DEF_CLASS_OBJ: - acl_type_count->n_def_class_obj++; - break; - case DEF_USER: - acl_type_count->n_def_user++; - break; - case DEF_GROUP: - acl_type_count->n_def_group++; - break; - default: - acl_type_count->n_illegal_obj++; - break; - } - } -} - -/* swap_acl_entries: Swaps two ACL entries. - * - * Inputs: aclp0, aclp1 - ACL entries to be swapped. - */ - -static void hpux_swap_acl_entries(struct acl *aclp0, struct acl *aclp1) -{ - struct acl temp_acl; - - temp_acl.a_type = aclp0->a_type; - temp_acl.a_id = aclp0->a_id; - temp_acl.a_perm = aclp0->a_perm; - - aclp0->a_type = aclp1->a_type; - aclp0->a_id = aclp1->a_id; - aclp0->a_perm = aclp1->a_perm; - - aclp1->a_type = temp_acl.a_type; - aclp1->a_id = temp_acl.a_id; - aclp1->a_perm = temp_acl.a_perm; -} - -/* prohibited_duplicate_type - * Identifies if given ACL type can have duplicate entries or - * not. - * - * Inputs: acl_type - ACL Type. - * - * Outputs: - * - * Return.. - * - * True - If the ACL type matches any of the prohibited types. - * False - If the ACL type doesn't match any of the prohibited types. - */ - -static BOOL hpux_prohibited_duplicate_type(int acl_type) -{ - switch(acl_type) { - case USER: - case GROUP: - case DEF_USER: - case DEF_GROUP: - return True; - default: - return False; - } -} - -/* get_needed_class_perm - * Returns the permissions of a ACL structure only if the ACL - * type matches one of the pre-determined types for computing - * CLASS_OBJ permissions. - * - * Inputs: aclp - Pointer to ACL structure. - */ - -static int hpux_get_needed_class_perm(struct acl *aclp) -{ - switch(aclp->a_type) { - case USER: - case GROUP_OBJ: - case GROUP: - case DEF_USER_OBJ: - case DEF_USER: - case DEF_GROUP_OBJ: - case DEF_GROUP: - case DEF_CLASS_OBJ: - case DEF_OTHER_OBJ: - return aclp->a_perm; - default: - return 0; - } -} - -/* acl_sort for HPUX. - * Sorts the array of ACL structures as per the description in - * aclsort man page. Refer to aclsort man page for more details - * - * Inputs: - * - * acl_count - Count of ACLs in the array of ACL structures. - * calclass - If this is not zero, then we compute the CLASS_OBJ - * permissions. - * aclp - Array of ACL structures. - * - * Outputs: - * - * aclp - Sorted array of ACL structures. - * - * Outputs: - * - * Returns 0 for success -1 for failure. Prints a message to the Samba - * debug log in case of failure. - */ - -static int hpux_acl_sort(int acl_count, int calclass, struct acl *aclp) -{ -#if !defined(HAVE_HPUX_ACLSORT) - /* - * The aclsort() system call is availabe on the latest HPUX General - * Patch Bundles. So for HPUX, we developed our version of acl_sort - * function. Because, we don't want to update to a new - * HPUX GR bundle just for aclsort() call. - */ - - struct hpux_acl_types acl_obj_count; - int n_class_obj_perm = 0; - int i, j; - - if(!acl_count) { - DEBUG(10,("Zero acl count passed. Returning Success\n")); - return 0; - } - - if(aclp == NULL) { - DEBUG(0,("Null ACL pointer in hpux_acl_sort. Returning Failure. \n")); - return -1; - } - - /* Count different types of ACLs in the ACLs array */ - - hpux_count_obj(acl_count, aclp, &acl_obj_count); - - /* There should be only one entry each of type USER_OBJ, GROUP_OBJ, - * CLASS_OBJ and OTHER_OBJ - */ - - if( (acl_obj_count.n_user_obj != 1) || - (acl_obj_count.n_group_obj != 1) || - (acl_obj_count.n_class_obj != 1) || - (acl_obj_count.n_other_obj != 1) - ) { - DEBUG(0,("hpux_acl_sort: More than one entry or no entries for \ -USER OBJ or GROUP_OBJ or OTHER_OBJ or CLASS_OBJ\n")); - return -1; - } - - /* If any of the default objects are present, there should be only - * one of them each. - */ - - if( (acl_obj_count.n_def_user_obj > 1) || (acl_obj_count.n_def_group_obj > 1) || - (acl_obj_count.n_def_other_obj > 1) || (acl_obj_count.n_def_class_obj > 1) ) { - DEBUG(0,("hpux_acl_sort: More than one entry for DEF_CLASS_OBJ \ -or DEF_USER_OBJ or DEF_GROUP_OBJ or DEF_OTHER_OBJ\n")); - return -1; - } - - /* We now have proper number of OBJ and DEF_OBJ entries. Now sort the acl - * structures. - * - * Sorting crieteria - First sort by ACL type. If there are multiple entries of - * same ACL type, sort by ACL id. - * - * I am using the trival kind of sorting method here because, performance isn't - * really effected by the ACLs feature. More over there aren't going to be more - * than 17 entries on HPUX. - */ - - for(i=0; i aclp[j].a_type ) { - /* ACL entries out of order, swap them */ - - hpux_swap_acl_entries((aclp+i), (aclp+j)); - - } else if ( aclp[i].a_type == aclp[j].a_type ) { - - /* ACL entries of same type, sort by id */ - - if(aclp[i].a_id > aclp[j].a_id) { - hpux_swap_acl_entries((aclp+i), (aclp+j)); - } else if (aclp[i].a_id == aclp[j].a_id) { - /* We have a duplicate entry. */ - if(hpux_prohibited_duplicate_type(aclp[i].a_type)) { - DEBUG(0, ("hpux_acl_sort: Duplicate entry: Type(hex): %x Id: %d\n", - aclp[i].a_type, aclp[i].a_id)); - return -1; - } - } - - } - } - } - - /* set the class obj permissions to the computed one. */ - if(calclass) { - int n_class_obj_index = -1; - - for(i=0;icount <= 4); - - if (hpux_acl_sort(acl_d->count, fixmask, acl_d->acl) != 0) { - errno = EINVAL; - return -1; - } - return 0; -} - -int sys_acl_valid(SMB_ACL_T acl_d) -{ - return acl_sort(acl_d); -} - -int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d) -{ - struct stat s; - struct acl *acl_p; - int acl_count; - struct acl *acl_buf = NULL; - int ret; - - if(hpux_acl_call_presence() == False) { - /* Looks like we don't have the acl() system call on HPUX. - * May be the system doesn't have the latest version of JFS. - */ - errno=ENOSYS; - return -1; - } - - if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) { - errno = EINVAL; - return -1; - } - - if (acl_sort(acl_d) != 0) { - return -1; - } - - acl_p = &acl_d->acl[0]; - acl_count = acl_d->count; - - /* - * if it's a directory there is extra work to do - * since the acl() system call will replace both - * the access ACLs and the default ACLs (if any) - */ - if (stat(name, &s) != 0) { - return -1; - } - if (S_ISDIR(s.st_mode)) { - SMB_ACL_T acc_acl; - SMB_ACL_T def_acl; - SMB_ACL_T tmp_acl; - int i; - - if (type == SMB_ACL_TYPE_ACCESS) { - acc_acl = acl_d; - def_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_DEFAULT); - - } else { - def_acl = acl_d; - acc_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_ACCESS); - } - - if (tmp_acl == NULL) { - return -1; - } - - /* - * allocate a temporary buffer for the complete ACL - */ - acl_count = acc_acl->count + def_acl->count; - acl_p = acl_buf = SMB_MALLOC_ARRAY(struct acl, acl_count); - - if (acl_buf == NULL) { - sys_acl_free_acl(tmp_acl); - errno = ENOMEM; - return -1; - } - - /* - * copy the access control and default entries into the buffer - */ - memcpy(&acl_buf[0], &acc_acl->acl[0], - acc_acl->count * sizeof(acl_buf[0])); - - memcpy(&acl_buf[acc_acl->count], &def_acl->acl[0], - def_acl->count * sizeof(acl_buf[0])); - - /* - * set the ACL_DEFAULT flag on the default entries - */ - for (i = acc_acl->count; i < acl_count; i++) { - acl_buf[i].a_type |= ACL_DEFAULT; - } - - sys_acl_free_acl(tmp_acl); - - } else if (type != SMB_ACL_TYPE_ACCESS) { - errno = EINVAL; - return -1; - } - - ret = acl(name, ACL_SET, acl_count, acl_p); - - if (acl_buf) { - free(acl_buf); - } - - return ret; -} - -int sys_acl_set_fd(int fd, SMB_ACL_T acl_d) -{ - /* - * HPUX doesn't have the facl call. Fake it using the path.... JRA. - */ - - files_struct *fsp = file_find_fd(fd); - - if (fsp == NULL) { - errno = EBADF; - return NULL; - } - - if (acl_sort(acl_d) != 0) { - return -1; - } - - /* - * We know we're in the same conn context. So we - * can use the relative path. - */ - - return sys_acl_set_file(fsp->fsp_name, SMB_ACL_TYPE_ACCESS, acl_d); -} - -int sys_acl_delete_def_file(const char *path) -{ - SMB_ACL_T acl_d; - int ret; - - /* - * fetching the access ACL and rewriting it has - * the effect of deleting the default ACL - */ - if ((acl_d = sys_acl_get_file(path, SMB_ACL_TYPE_ACCESS)) == NULL) { - return -1; - } - - ret = acl(path, ACL_SET, acl_d->count, acl_d->acl); - - sys_acl_free_acl(acl_d); - - return ret; -} - -int sys_acl_free_text(char *text) -{ - free(text); - return 0; -} - -int sys_acl_free_acl(SMB_ACL_T acl_d) -{ - free(acl_d); - return 0; -} - -int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype) -{ - return 0; -} - -#elif defined(HAVE_IRIX_ACLS) - -int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p) -{ - if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) { - errno = EINVAL; - return -1; - } - - if (entry_p == NULL) { - errno = EINVAL; - return -1; - } - - if (entry_id == SMB_ACL_FIRST_ENTRY) { - acl_d->next = 0; - } - - if (acl_d->next < 0) { - errno = EINVAL; - return -1; - } - - if (acl_d->next >= acl_d->aclp->acl_cnt) { - return 0; - } - - *entry_p = &acl_d->aclp->acl_entry[acl_d->next++]; - - return 1; -} - -int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p) -{ - *type_p = entry_d->ae_tag; - - return 0; -} - -int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p) -{ - *permset_p = entry_d; - - return 0; -} - -void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d) -{ - if (entry_d->ae_tag != SMB_ACL_USER - && entry_d->ae_tag != SMB_ACL_GROUP) { - errno = EINVAL; - return NULL; - } - - return &entry_d->ae_id; -} - -SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type) -{ - SMB_ACL_T a; - - if ((a = SMB_MALLOC_P(struct SMB_ACL_T)) == NULL) { - errno = ENOMEM; - return NULL; - } - if ((a->aclp = acl_get_file(path_p, type)) == NULL) { - SAFE_FREE(a); - return NULL; - } - a->next = -1; - a->freeaclp = True; - return a; -} - -SMB_ACL_T sys_acl_get_fd(int fd) -{ - SMB_ACL_T a; - - if ((a = SMB_MALLOC_P(struct SMB_ACL_T)) == NULL) { - errno = ENOMEM; - return NULL; - } - if ((a->aclp = acl_get_fd(fd)) == NULL) { - SAFE_FREE(a); - return NULL; - } - a->next = -1; - a->freeaclp = True; - return a; -} - -int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d) -{ - permset_d->ae_perm = 0; - - return 0; -} - -int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm) -{ - if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE - && perm != SMB_ACL_EXECUTE) { - errno = EINVAL; - return -1; - } - - if (permset_d == NULL) { - errno = EINVAL; - return -1; - } - - permset_d->ae_perm |= perm; - - return 0; -} - -int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm) -{ - return permset_d->ae_perm & perm; -} - -char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p) -{ - return acl_to_text(acl_d->aclp, len_p); -} - -SMB_ACL_T sys_acl_init(int count) -{ - SMB_ACL_T a; - - if (count < 0) { - errno = EINVAL; - return NULL; - } - - if ((a = SMB_MALLOC(sizeof(struct SMB_ACL_T) + sizeof(struct acl))) == NULL) { - errno = ENOMEM; - return NULL; - } - - a->next = -1; - a->freeaclp = False; - a->aclp = (struct acl *)(&a->aclp + sizeof(struct acl *)); - a->aclp->acl_cnt = 0; - - return a; -} - - -int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p) -{ - SMB_ACL_T acl_d; - SMB_ACL_ENTRY_T entry_d; - - if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) { - errno = EINVAL; - return -1; - } - - if (acl_d->aclp->acl_cnt >= ACL_MAX_ENTRIES) { - errno = ENOSPC; - return -1; - } - - entry_d = &acl_d->aclp->acl_entry[acl_d->aclp->acl_cnt++]; - entry_d->ae_tag = 0; - entry_d->ae_id = 0; - entry_d->ae_perm = 0; - *entry_p = entry_d; - - return 0; -} - -int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type) -{ - switch (tag_type) { - case SMB_ACL_USER: - case SMB_ACL_USER_OBJ: - case SMB_ACL_GROUP: - case SMB_ACL_GROUP_OBJ: - case SMB_ACL_OTHER: - case SMB_ACL_MASK: - entry_d->ae_tag = tag_type; - break; - default: - errno = EINVAL; - return -1; - } - - return 0; -} - -int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p) -{ - if (entry_d->ae_tag != SMB_ACL_GROUP - && entry_d->ae_tag != SMB_ACL_USER) { - errno = EINVAL; - return -1; - } - - entry_d->ae_id = *((id_t *)qual_p); - - return 0; -} - -int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d) -{ - if (permset_d->ae_perm & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) { - return EINVAL; - } - - entry_d->ae_perm = permset_d->ae_perm; - - return 0; -} - -int sys_acl_valid(SMB_ACL_T acl_d) -{ - return acl_valid(acl_d->aclp); -} - -int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d) -{ - return acl_set_file(name, type, acl_d->aclp); -} - -int sys_acl_set_fd(int fd, SMB_ACL_T acl_d) -{ - return acl_set_fd(fd, acl_d->aclp); -} - -int sys_acl_delete_def_file(const char *name) -{ - return acl_delete_def_file(name); -} - -int sys_acl_free_text(char *text) -{ - return acl_free(text); -} - -int sys_acl_free_acl(SMB_ACL_T acl_d) -{ - if (acl_d->freeaclp) { - acl_free(acl_d->aclp); - } - acl_free(acl_d); - return 0; -} - -int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype) -{ - return 0; -} - -#elif defined(HAVE_AIX_ACLS) - -/* Donated by Medha Date, mdate@austin.ibm.com, for IBM */ - -int sys_acl_get_entry( SMB_ACL_T theacl, int entry_id, SMB_ACL_ENTRY_T *entry_p) -{ - struct acl_entry_link *link; - struct new_acl_entry *entry; - int keep_going; - - DEBUG(10,("This is the count: %d\n",theacl->count)); - - /* Check if count was previously set to -1. * - * If it was, that means we reached the end * - * of the acl last time. */ - if(theacl->count == -1) - return(0); - - link = theacl; - /* To get to the next acl, traverse linked list until index * - * of acl matches the count we are keeping. This count is * - * incremented each time we return an acl entry. */ - - for(keep_going = 0; keep_going < theacl->count; keep_going++) - link = link->nextp; - - entry = *entry_p = link->entryp; - - DEBUG(10,("*entry_p is %d\n",entry_p)); - DEBUG(10,("*entry_p->ace_access is %d\n",entry->ace_access)); - - /* Increment count */ - theacl->count++; - if(link->nextp == NULL) - theacl->count = -1; - - return(1); -} - -int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p) -{ - /* Initialize tag type */ - - *tag_type_p = -1; - DEBUG(10,("the tagtype is %d\n",entry_d->ace_id->id_type)); - - /* Depending on what type of entry we have, * - * return tag type. */ - switch(entry_d->ace_id->id_type) { - case ACEID_USER: - *tag_type_p = SMB_ACL_USER; - break; - case ACEID_GROUP: - *tag_type_p = SMB_ACL_GROUP; - break; - - case SMB_ACL_USER_OBJ: - case SMB_ACL_GROUP_OBJ: - case SMB_ACL_OTHER: - *tag_type_p = entry_d->ace_id->id_type; - break; - - default: - return(-1); - } - - return(0); -} - -int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p) -{ - DEBUG(10,("Starting AIX sys_acl_get_permset\n")); - *permset_p = &entry_d->ace_access; - DEBUG(10,("**permset_p is %d\n",**permset_p)); - if(!(**permset_p & S_IXUSR) && - !(**permset_p & S_IWUSR) && - !(**permset_p & S_IRUSR) && - (**permset_p != 0)) - return(-1); - - DEBUG(10,("Ending AIX sys_acl_get_permset\n")); - return(0); -} - -void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d) -{ - return(entry_d->ace_id->id_data); -} - -SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type) -{ - struct acl *file_acl = (struct acl *)NULL; - struct acl_entry *acl_entry; - struct new_acl_entry *new_acl_entry; - struct ace_id *idp; - struct acl_entry_link *acl_entry_link; - struct acl_entry_link *acl_entry_link_head; - int i; - int rc = 0; - uid_t user_id; - - /* AIX has no DEFAULT */ - if ( type == SMB_ACL_TYPE_DEFAULT ) - return NULL; - - /* Get the acl using statacl */ - - DEBUG(10,("Entering sys_acl_get_file\n")); - DEBUG(10,("path_p is %s\n",path_p)); - - file_acl = (struct acl *)SMB_MALLOC(BUFSIZ); - - if(file_acl == NULL) { - errno=ENOMEM; - DEBUG(0,("Error in AIX sys_acl_get_file: %d\n",errno)); - return(NULL); - } - - memset(file_acl,0,BUFSIZ); - - rc = statacl((char *)path_p,0,file_acl,BUFSIZ); - if(rc == -1) { - DEBUG(0,("statacl returned %d with errno %d\n",rc,errno)); - SAFE_FREE(file_acl); - return(NULL); - } - - DEBUG(10,("Got facl and returned it\n")); - - /* Point to the first acl entry in the acl */ - acl_entry = file_acl->acl_ext; - - /* Begin setting up the head of the linked list * - * that will be used for the storing the acl * - * in a way that is useful for the posix_acls.c * - * code. */ - - acl_entry_link_head = acl_entry_link = sys_acl_init(0); - if(acl_entry_link_head == NULL) - return(NULL); - - acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry); - if(acl_entry_link->entryp == NULL) { - SAFE_FREE(file_acl); - errno = ENOMEM; - DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno)); - return(NULL); - } - - DEBUG(10,("acl_entry is %d\n",acl_entry)); - DEBUG(10,("acl_last(file_acl) id %d\n",acl_last(file_acl))); - - /* Check if the extended acl bit is on. * - * If it isn't, do not show the * - * contents of the acl since AIX intends * - * the extended info to remain unused */ - - if(file_acl->acl_mode & S_IXACL){ - /* while we are not pointing to the very end */ - while(acl_entry < acl_last(file_acl)) { - /* before we malloc anything, make sure this is */ - /* a valid acl entry and one that we want to map */ - idp = id_nxt(acl_entry->ace_id); - if((acl_entry->ace_type == ACC_SPECIFY || - (acl_entry->ace_type == ACC_PERMIT)) && (idp != id_last(acl_entry))) { - acl_entry = acl_nxt(acl_entry); - continue; - } - - idp = acl_entry->ace_id; - - /* Check if this is the first entry in the linked list. * - * The first entry needs to keep prevp pointing to NULL * - * and already has entryp allocated. */ - - if(acl_entry_link_head->count != 0) { - acl_entry_link->nextp = SMB_MALLOC_P(struct acl_entry_link); - - if(acl_entry_link->nextp == NULL) { - SAFE_FREE(file_acl); - errno = ENOMEM; - DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno)); - return(NULL); - } - - acl_entry_link->nextp->prevp = acl_entry_link; - acl_entry_link = acl_entry_link->nextp; - acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry); - if(acl_entry_link->entryp == NULL) { - SAFE_FREE(file_acl); - errno = ENOMEM; - DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno)); - return(NULL); - } - acl_entry_link->nextp = NULL; - } - - acl_entry_link->entryp->ace_len = acl_entry->ace_len; - - /* Don't really need this since all types are going * - * to be specified but, it's better than leaving it 0 */ - - acl_entry_link->entryp->ace_type = acl_entry->ace_type; - - acl_entry_link->entryp->ace_access = acl_entry->ace_access; - - memcpy(acl_entry_link->entryp->ace_id,idp,sizeof(struct ace_id)); - - /* The access in the acl entries must be left shifted by * - * three bites, because they will ultimately be compared * - * to S_IRUSR, S_IWUSR, and S_IXUSR. */ - - switch(acl_entry->ace_type){ - case ACC_PERMIT: - case ACC_SPECIFY: - acl_entry_link->entryp->ace_access = acl_entry->ace_access; - acl_entry_link->entryp->ace_access <<= 6; - acl_entry_link_head->count++; - break; - case ACC_DENY: - /* Since there is no way to return a DENY acl entry * - * change to PERMIT and then shift. */ - DEBUG(10,("acl_entry->ace_access is %d\n",acl_entry->ace_access)); - acl_entry_link->entryp->ace_access = ~acl_entry->ace_access & 7; - DEBUG(10,("acl_entry_link->entryp->ace_access is %d\n",acl_entry_link->entryp->ace_access)); - acl_entry_link->entryp->ace_access <<= 6; - acl_entry_link_head->count++; - break; - default: - return(0); - } - - DEBUG(10,("acl_entry = %d\n",acl_entry)); - DEBUG(10,("The ace_type is %d\n",acl_entry->ace_type)); - - acl_entry = acl_nxt(acl_entry); - } - } /* end of if enabled */ - - /* Since owner, group, other acl entries are not * - * part of the acl entries in an acl, they must * - * be dummied up to become part of the list. */ - - for( i = 1; i < 4; i++) { - DEBUG(10,("i is %d\n",i)); - if(acl_entry_link_head->count != 0) { - acl_entry_link->nextp = SMB_MALLOC_P(struct acl_entry_link); - if(acl_entry_link->nextp == NULL) { - SAFE_FREE(file_acl); - errno = ENOMEM; - DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno)); - return(NULL); - } - - acl_entry_link->nextp->prevp = acl_entry_link; - acl_entry_link = acl_entry_link->nextp; - acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry); - if(acl_entry_link->entryp == NULL) { - SAFE_FREE(file_acl); - errno = ENOMEM; - DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno)); - return(NULL); - } - } - - acl_entry_link->nextp = NULL; - - new_acl_entry = acl_entry_link->entryp; - idp = new_acl_entry->ace_id; - - new_acl_entry->ace_len = sizeof(struct acl_entry); - new_acl_entry->ace_type = ACC_PERMIT; - idp->id_len = sizeof(struct ace_id); - DEBUG(10,("idp->id_len = %d\n",idp->id_len)); - memset(idp->id_data,0,sizeof(uid_t)); - - switch(i) { - case 2: - new_acl_entry->ace_access = file_acl->g_access << 6; - idp->id_type = SMB_ACL_GROUP_OBJ; - break; - - case 3: - new_acl_entry->ace_access = file_acl->o_access << 6; - idp->id_type = SMB_ACL_OTHER; - break; - - case 1: - new_acl_entry->ace_access = file_acl->u_access << 6; - idp->id_type = SMB_ACL_USER_OBJ; - break; - - default: - return(NULL); - - } - - acl_entry_link_head->count++; - DEBUG(10,("new_acl_entry->ace_access = %d\n",new_acl_entry->ace_access)); - } - - acl_entry_link_head->count = 0; - SAFE_FREE(file_acl); - - return(acl_entry_link_head); -} - -SMB_ACL_T sys_acl_get_fd(int fd) -{ - struct acl *file_acl = (struct acl *)NULL; - struct acl_entry *acl_entry; - struct new_acl_entry *new_acl_entry; - struct ace_id *idp; - struct acl_entry_link *acl_entry_link; - struct acl_entry_link *acl_entry_link_head; - int i; - int rc = 0; - uid_t user_id; - - /* Get the acl using fstatacl */ - - DEBUG(10,("Entering sys_acl_get_fd\n")); - DEBUG(10,("fd is %d\n",fd)); - file_acl = (struct acl *)SMB_MALLOC(BUFSIZ); - - if(file_acl == NULL) { - errno=ENOMEM; - DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno)); - return(NULL); - } - - memset(file_acl,0,BUFSIZ); - - rc = fstatacl(fd,0,file_acl,BUFSIZ); - if(rc == -1) { - DEBUG(0,("The fstatacl call returned %d with errno %d\n",rc,errno)); - SAFE_FREE(file_acl); - return(NULL); - } - - DEBUG(10,("Got facl and returned it\n")); - - /* Point to the first acl entry in the acl */ - - acl_entry = file_acl->acl_ext; - /* Begin setting up the head of the linked list * - * that will be used for the storing the acl * - * in a way that is useful for the posix_acls.c * - * code. */ - - acl_entry_link_head = acl_entry_link = sys_acl_init(0); - if(acl_entry_link_head == NULL){ - SAFE_FREE(file_acl); - return(NULL); - } - - acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry); - - if(acl_entry_link->entryp == NULL) { - errno = ENOMEM; - DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno)); - SAFE_FREE(file_acl); - return(NULL); - } - - DEBUG(10,("acl_entry is %d\n",acl_entry)); - DEBUG(10,("acl_last(file_acl) id %d\n",acl_last(file_acl))); - - /* Check if the extended acl bit is on. * - * If it isn't, do not show the * - * contents of the acl since AIX intends * - * the extended info to remain unused */ - - if(file_acl->acl_mode & S_IXACL){ - /* while we are not pointing to the very end */ - while(acl_entry < acl_last(file_acl)) { - /* before we malloc anything, make sure this is */ - /* a valid acl entry and one that we want to map */ - - idp = id_nxt(acl_entry->ace_id); - if((acl_entry->ace_type == ACC_SPECIFY || - (acl_entry->ace_type == ACC_PERMIT)) && (idp != id_last(acl_entry))) { - acl_entry = acl_nxt(acl_entry); - continue; - } - - idp = acl_entry->ace_id; - - /* Check if this is the first entry in the linked list. * - * The first entry needs to keep prevp pointing to NULL * - * and already has entryp allocated. */ - - if(acl_entry_link_head->count != 0) { - acl_entry_link->nextp = SMB_MALLOC_P(struct acl_entry_link); - if(acl_entry_link->nextp == NULL) { - errno = ENOMEM; - DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno)); - SAFE_FREE(file_acl); - return(NULL); - } - acl_entry_link->nextp->prevp = acl_entry_link; - acl_entry_link = acl_entry_link->nextp; - acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry); - if(acl_entry_link->entryp == NULL) { - errno = ENOMEM; - DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno)); - SAFE_FREE(file_acl); - return(NULL); - } - - acl_entry_link->nextp = NULL; - } - - acl_entry_link->entryp->ace_len = acl_entry->ace_len; - - /* Don't really need this since all types are going * - * to be specified but, it's better than leaving it 0 */ - - acl_entry_link->entryp->ace_type = acl_entry->ace_type; - acl_entry_link->entryp->ace_access = acl_entry->ace_access; - - memcpy(acl_entry_link->entryp->ace_id, idp, sizeof(struct ace_id)); - - /* The access in the acl entries must be left shifted by * - * three bites, because they will ultimately be compared * - * to S_IRUSR, S_IWUSR, and S_IXUSR. */ - - switch(acl_entry->ace_type){ - case ACC_PERMIT: - case ACC_SPECIFY: - acl_entry_link->entryp->ace_access = acl_entry->ace_access; - acl_entry_link->entryp->ace_access <<= 6; - acl_entry_link_head->count++; - break; - case ACC_DENY: - /* Since there is no way to return a DENY acl entry * - * change to PERMIT and then shift. */ - DEBUG(10,("acl_entry->ace_access is %d\n",acl_entry->ace_access)); - acl_entry_link->entryp->ace_access = ~acl_entry->ace_access & 7; - DEBUG(10,("acl_entry_link->entryp->ace_access is %d\n",acl_entry_link->entryp->ace_access)); - acl_entry_link->entryp->ace_access <<= 6; - acl_entry_link_head->count++; - break; - default: - return(0); - } - - DEBUG(10,("acl_entry = %d\n",acl_entry)); - DEBUG(10,("The ace_type is %d\n",acl_entry->ace_type)); - - acl_entry = acl_nxt(acl_entry); - } - } /* end of if enabled */ - - /* Since owner, group, other acl entries are not * - * part of the acl entries in an acl, they must * - * be dummied up to become part of the list. */ - - for( i = 1; i < 4; i++) { - DEBUG(10,("i is %d\n",i)); - if(acl_entry_link_head->count != 0){ - acl_entry_link->nextp = SMB_MALLOC_P(struct acl_entry_link); - if(acl_entry_link->nextp == NULL) { - errno = ENOMEM; - DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno)); - SAFE_FREE(file_acl); - return(NULL); - } - - acl_entry_link->nextp->prevp = acl_entry_link; - acl_entry_link = acl_entry_link->nextp; - acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry); - - if(acl_entry_link->entryp == NULL) { - SAFE_FREE(file_acl); - errno = ENOMEM; - DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno)); - return(NULL); - } - } - - acl_entry_link->nextp = NULL; - - new_acl_entry = acl_entry_link->entryp; - idp = new_acl_entry->ace_id; - - new_acl_entry->ace_len = sizeof(struct acl_entry); - new_acl_entry->ace_type = ACC_PERMIT; - idp->id_len = sizeof(struct ace_id); - DEBUG(10,("idp->id_len = %d\n",idp->id_len)); - memset(idp->id_data,0,sizeof(uid_t)); - - switch(i) { - case 2: - new_acl_entry->ace_access = file_acl->g_access << 6; - idp->id_type = SMB_ACL_GROUP_OBJ; - break; - - case 3: - new_acl_entry->ace_access = file_acl->o_access << 6; - idp->id_type = SMB_ACL_OTHER; - break; - - case 1: - new_acl_entry->ace_access = file_acl->u_access << 6; - idp->id_type = SMB_ACL_USER_OBJ; - break; - - default: - return(NULL); + return 0; +} + +int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm) +{ + if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE + && perm != SMB_ACL_EXECUTE) { + errno = EINVAL; + return -1; } - acl_entry_link_head->count++; - DEBUG(10,("new_acl_entry->ace_access = %d\n",new_acl_entry->ace_access)); + if (permset_d == NULL) { + errno = EINVAL; + return -1; } - acl_entry_link_head->count = 0; - SAFE_FREE(file_acl); + *permset_d |= perm; - return(acl_entry_link_head); + return 0; } -int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset) +int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm) { - *permset = *permset & ~0777; - return(0); + return *permset_d & perm; } -int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) +char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p) { - if((perm != 0) && - (perm & (S_IXUSR | S_IWUSR | S_IRUSR)) == 0) - return(-1); + int i; + int len, maxlen; + char *text; - *permset |= perm; - DEBUG(10,("This is the permset now: %d\n",*permset)); - return(0); -} + /* + * use an initial estimate of 20 bytes per ACL entry + * when allocating memory for the text representation + * of the ACL + */ + len = 0; + maxlen = 20 * acl_d->count; + if ((text = SMB_MALLOC(maxlen)) == NULL) { + errno = ENOMEM; + return NULL; + } -char *sys_acl_to_text( SMB_ACL_T theacl, ssize_t *plen) -{ - return(NULL); -} + for (i = 0; i < acl_d->count; i++) { + struct smb_acl_entry *ap = &acl_d->acl[i]; + struct group *gr; + char tagbuf[12]; + char idbuf[12]; + const char *tag; + const char *id = ""; + char perms[4]; + int nbytes; -SMB_ACL_T sys_acl_init( int count) -{ - struct acl_entry_link *theacl = NULL; + switch (ap->a_type) { + /* + * for debugging purposes it's probably more + * useful to dump unknown tag types rather + * than just returning an error + */ + default: + slprintf(tagbuf, sizeof(tagbuf)-1, "0x%x", + ap->a_type); + tag = tagbuf; + break; - DEBUG(10,("Entering sys_acl_init\n")); + case SMB_ACL_USER: + id = uidtoname(ap->uid); + case SMB_ACL_USER_OBJ: + tag = "user"; + break; - theacl = SMB_MALLOC_P(struct acl_entry_link); - if(theacl == NULL) { - errno = ENOMEM; - DEBUG(0,("Error in sys_acl_init is %d\n",errno)); - return(NULL); + case SMB_ACL_GROUP: + if ((gr = getgrgid(ap->gid)) == NULL) { + slprintf(idbuf, sizeof(idbuf)-1, "%ld", + (long)ap->gid); + id = idbuf; + } else { + id = gr->gr_name; } + case SMB_ACL_GROUP_OBJ: + tag = "group"; + break; - theacl->count = 0; - theacl->nextp = NULL; - theacl->prevp = NULL; - theacl->entryp = NULL; - DEBUG(10,("Exiting sys_acl_init\n")); - return(theacl); -} - -int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry) -{ - struct acl_entry_link *theacl; - struct acl_entry_link *acl_entryp; - struct acl_entry_link *temp_entry; - int counting; + case SMB_ACL_OTHER: + tag = "other"; + break; - DEBUG(10,("Entering the sys_acl_create_entry\n")); + case SMB_ACL_MASK: + tag = "mask"; + break; - theacl = acl_entryp = *pacl; + } - /* Get to the end of the acl before adding entry */ + perms[0] = (ap->a_perm & SMB_ACL_READ) ? 'r' : '-'; + perms[1] = (ap->a_perm & SMB_ACL_WRITE) ? 'w' : '-'; + perms[2] = (ap->a_perm & SMB_ACL_EXECUTE) ? 'x' : '-'; + perms[3] = '\0'; - for(counting=0; counting < theacl->count; counting++){ - DEBUG(10,("The acl_entryp is %d\n",acl_entryp)); - temp_entry = acl_entryp; - acl_entryp = acl_entryp->nextp; - } + /* : : rwx \n \0 */ + nbytes = strlen(tag) + 1 + strlen(id) + 1 + 3 + 1 + 1; - if(theacl->count != 0){ - temp_entry->nextp = acl_entryp = SMB_MALLOC_P(struct acl_entry_link); - if(acl_entryp == NULL) { + /* + * If this entry would overflow the buffer + * allocate enough additional memory for this + * entry and an estimate of another 20 bytes + * for each entry still to be processed + */ + if ((len + nbytes) > maxlen) { + maxlen += nbytes + 20 * (acl_d->count - i); + if ((text = SMB_REALLOC(text, maxlen)) == NULL) { errno = ENOMEM; - DEBUG(0,("Error in sys_acl_create_entry is %d\n",errno)); - return(-1); + return NULL; } - - DEBUG(10,("The acl_entryp is %d\n",acl_entryp)); - acl_entryp->prevp = temp_entry; - DEBUG(10,("The acl_entryp->prevp is %d\n",acl_entryp->prevp)); } - *pentry = acl_entryp->entryp = SMB_MALLOC_P(struct new_acl_entry); - if(*pentry == NULL) { - errno = ENOMEM; - DEBUG(0,("Error in sys_acl_create_entry is %d\n",errno)); - return(-1); + slprintf(&text[len], nbytes-1, "%s:%s:%s\n", tag, id, perms); + len += nbytes - 1; } - memset(*pentry,0,sizeof(struct new_acl_entry)); - acl_entryp->entryp->ace_len = sizeof(struct acl_entry); - acl_entryp->entryp->ace_type = ACC_PERMIT; - acl_entryp->entryp->ace_id->id_len = sizeof(struct ace_id); - acl_entryp->nextp = NULL; - theacl->count++; - DEBUG(10,("Exiting sys_acl_create_entry\n")); - return(0); -} - -int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype) -{ - DEBUG(10,("Starting AIX sys_acl_set_tag_type\n")); - entry->ace_id->id_type = tagtype; - DEBUG(10,("The tag type is %d\n",entry->ace_id->id_type)); - DEBUG(10,("Ending AIX sys_acl_set_tag_type\n")); -} + if (len_p) + *len_p = len; -int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual) -{ - DEBUG(10,("Starting AIX sys_acl_set_qualifier\n")); - memcpy(entry->ace_id->id_data,qual,sizeof(uid_t)); - DEBUG(10,("Ending AIX sys_acl_set_qualifier\n")); - return(0); + return text; } -int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset) +SMB_ACL_T sys_acl_init(int count) { - DEBUG(10,("Starting AIX sys_acl_set_permset\n")); - if(!(*permset & S_IXUSR) && - !(*permset & S_IWUSR) && - !(*permset & S_IRUSR) && - (*permset != 0)) - return(-1); - - entry->ace_access = *permset; - DEBUG(10,("entry->ace_access = %d\n",entry->ace_access)); - DEBUG(10,("Ending AIX sys_acl_set_permset\n")); - return(0); -} + SMB_ACL_T a; -int sys_acl_valid( SMB_ACL_T theacl ) -{ - int user_obj = 0; - int group_obj = 0; - int other_obj = 0; - struct acl_entry_link *acl_entry; - - for(acl_entry=theacl; acl_entry != NULL; acl_entry = acl_entry->nextp) { - user_obj += (acl_entry->entryp->ace_id->id_type == SMB_ACL_USER_OBJ); - group_obj += (acl_entry->entryp->ace_id->id_type == SMB_ACL_GROUP_OBJ); - other_obj += (acl_entry->entryp->ace_id->id_type == SMB_ACL_OTHER); + if (count < 0) { + errno = EINVAL; + return NULL; } - DEBUG(10,("user_obj=%d, group_obj=%d, other_obj=%d\n",user_obj,group_obj,other_obj)); + /* + * note that since the definition of the structure pointed + * to by the SMB_ACL_T includes the first element of the + * acl[] array, this actually allocates an ACL with room + * for (count+1) entries + */ + if ((a = SMB_MALLOC(sizeof(struct smb_acl_t) + + count * sizeof(struct smb_acl_entry))) == NULL) { + errno = ENOMEM; + return NULL; + } - if(user_obj != 1 || group_obj != 1 || other_obj != 1) - return(-1); + a->size = count + 1; + a->count = 0; + a->next = -1; - return(0); + return a; } -int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) +int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p) { - struct acl_entry_link *acl_entry_link = NULL; - struct acl *file_acl = NULL; - struct acl *file_acl_temp = NULL; - struct acl_entry *acl_entry = NULL; - struct ace_id *ace_id = NULL; - uint id_type; - uint ace_access; - uint user_id; - uint acl_length; - uint rc; - - DEBUG(10,("Entering sys_acl_set_file\n")); - DEBUG(10,("File name is %s\n",name)); - - /* AIX has no default ACL */ - if(acltype == SMB_ACL_TYPE_DEFAULT) - return(0); - - acl_length = BUFSIZ; - file_acl = (struct acl *)SMB_MALLOC(BUFSIZ); + SMB_ACL_T acl_d; + SMB_ACL_ENTRY_T entry_d; - if(file_acl == NULL) { - errno = ENOMEM; - DEBUG(0,("Error in sys_acl_set_file is %d\n",errno)); - return(-1); + if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) { + errno = EINVAL; + return -1; } - memset(file_acl,0,BUFSIZ); + if (acl_d->count >= acl_d->size) { + errno = ENOSPC; + return -1; + } - file_acl->acl_len = ACL_SIZ; - file_acl->acl_mode = S_IXACL; + entry_d = &acl_d->acl[acl_d->count++]; + entry_d->a_type = 0; + entry_d->uid = -1; + entry_d->gid = -1; + entry_d->a_perm = 0; + *entry_p = entry_d; - for(acl_entry_link=theacl; acl_entry_link != NULL; acl_entry_link = acl_entry_link->nextp) { - acl_entry_link->entryp->ace_access >>= 6; - id_type = acl_entry_link->entryp->ace_id->id_type; + return 0; +} - switch(id_type) { +int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type) +{ + switch (tag_type) { + case SMB_ACL_USER: case SMB_ACL_USER_OBJ: - file_acl->u_access = acl_entry_link->entryp->ace_access; - continue; + case SMB_ACL_GROUP: case SMB_ACL_GROUP_OBJ: - file_acl->g_access = acl_entry_link->entryp->ace_access; - continue; case SMB_ACL_OTHER: - file_acl->o_access = acl_entry_link->entryp->ace_access; - continue; case SMB_ACL_MASK: - continue; - } - - if((file_acl->acl_len + sizeof(struct acl_entry)) > acl_length) { - acl_length += sizeof(struct acl_entry); - file_acl_temp = (struct acl *)SMB_MALLOC(acl_length); - if(file_acl_temp == NULL) { - SAFE_FREE(file_acl); - errno = ENOMEM; - DEBUG(0,("Error in sys_acl_set_file is %d\n",errno)); - return(-1); - } - - memcpy(file_acl_temp,file_acl,file_acl->acl_len); - SAFE_FREE(file_acl); - file_acl = file_acl_temp; + entry_d->a_type = tag_type; + break; + default: + errno = EINVAL; + return -1; } - acl_entry = (struct acl_entry *)((char *)file_acl + file_acl->acl_len); - file_acl->acl_len += sizeof(struct acl_entry); - acl_entry->ace_len = acl_entry_link->entryp->ace_len; - acl_entry->ace_access = acl_entry_link->entryp->ace_access; - - /* In order to use this, we'll need to wait until we can get denies */ - /* if(!acl_entry->ace_access && acl_entry->ace_type == ACC_PERMIT) - acl_entry->ace_type = ACC_SPECIFY; */ + return 0; +} - acl_entry->ace_type = ACC_SPECIFY; - - ace_id = acl_entry->ace_id; - - ace_id->id_type = acl_entry_link->entryp->ace_id->id_type; - DEBUG(10,("The id type is %d\n",ace_id->id_type)); - ace_id->id_len = acl_entry_link->entryp->ace_id->id_len; - memcpy(&user_id, acl_entry_link->entryp->ace_id->id_data, sizeof(uid_t)); - memcpy(acl_entry->ace_id->id_data, &user_id, sizeof(uid_t)); +int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p) +{ + if (entry_d->a_type == SMB_ACL_USER) { + entry_d->uid = *((uid_t *)qual_p); + return 0; + } + if (entry_d->a_type == SMB_ACL_GROUP) { + entry_d->gid = *((gid_t *)qual_p); + return 0; } - rc = chacl(name,file_acl,file_acl->acl_len); - DEBUG(10,("errno is %d\n",errno)); - DEBUG(10,("return code is %d\n",rc)); - SAFE_FREE(file_acl); - DEBUG(10,("Exiting the sys_acl_set_file\n")); - return(rc); + errno = EINVAL; + return -1; } -int sys_acl_set_fd( int fd, SMB_ACL_T theacl) +int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d) { - struct acl_entry_link *acl_entry_link = NULL; - struct acl *file_acl = NULL; - struct acl *file_acl_temp = NULL; - struct acl_entry *acl_entry = NULL; - struct ace_id *ace_id = NULL; - uint id_type; - uint user_id; - uint acl_length; - uint rc; - - DEBUG(10,("Entering sys_acl_set_fd\n")); - acl_length = BUFSIZ; - file_acl = (struct acl *)SMB_MALLOC(BUFSIZ); - - if(file_acl == NULL) { - errno = ENOMEM; - DEBUG(0,("Error in sys_acl_set_fd is %d\n",errno)); - return(-1); + if (*permset_d & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) { + errno = EINVAL; + return -1; } - memset(file_acl,0,BUFSIZ); + entry_d->a_perm = *permset_d; - file_acl->acl_len = ACL_SIZ; - file_acl->acl_mode = S_IXACL; + return 0; +} - for(acl_entry_link=theacl; acl_entry_link != NULL; acl_entry_link = acl_entry_link->nextp) { - acl_entry_link->entryp->ace_access >>= 6; - id_type = acl_entry_link->entryp->ace_id->id_type; - DEBUG(10,("The id_type is %d\n",id_type)); +int sys_acl_free_text(char *text) +{ + SAFE_FREE(text); + return 0; +} - switch(id_type) { - case SMB_ACL_USER_OBJ: - file_acl->u_access = acl_entry_link->entryp->ace_access; - continue; - case SMB_ACL_GROUP_OBJ: - file_acl->g_access = acl_entry_link->entryp->ace_access; - continue; - case SMB_ACL_OTHER: - file_acl->o_access = acl_entry_link->entryp->ace_access; - continue; - case SMB_ACL_MASK: - continue; - } +int sys_acl_free_acl(SMB_ACL_T acl_d) +{ + SAFE_FREE(acl_d); + return 0; +} - if((file_acl->acl_len + sizeof(struct acl_entry)) > acl_length) { - acl_length += sizeof(struct acl_entry); - file_acl_temp = (struct acl *)SMB_MALLOC(acl_length); - if(file_acl_temp == NULL) { - SAFE_FREE(file_acl); - errno = ENOMEM; - DEBUG(0,("Error in sys_acl_set_fd is %d\n",errno)); - return(-1); - } - - memcpy(file_acl_temp,file_acl,file_acl->acl_len); - SAFE_FREE(file_acl); - file_acl = file_acl_temp; - } +int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype) +{ + return 0; +} + +int sys_acl_valid(SMB_ACL_T acl_d) +{ + errno = EINVAL; + return -1; +} - acl_entry = (struct acl_entry *)((char *)file_acl + file_acl->acl_len); - file_acl->acl_len += sizeof(struct acl_entry); - acl_entry->ace_len = acl_entry_link->entryp->ace_len; - acl_entry->ace_access = acl_entry_link->entryp->ace_access; +/* + * acl_get_file, acl_get_fd, acl_set_file, acl_set_fd and + * sys_acl_delete_def_file are to be redirected to the default + * statically-bound acl vfs module, but they are replacable. + */ - /* In order to use this, we'll need to wait until we can get denies */ - /* if(!acl_entry->ace_access && acl_entry->ace_type == ACC_PERMIT) - acl_entry->ace_type = ACC_SPECIFY; */ +#if defined(HAVE_POSIX_ACLS) - acl_entry->ace_type = ACC_SPECIFY; +SMB_ACL_T sys_acl_get_file(vfs_handle_struct *handle, + const char *path_p, SMB_ACL_TYPE_T type) +{ + return posixacl_sys_acl_get_file(handle, path_p, type); +} - ace_id = acl_entry->ace_id; +SMB_ACL_T sys_acl_get_fd(vfs_handle_struct *handle, files_struct *fsp, int fd) +{ + return posixacl_sys_acl_get_fd(handle, fsp, fd); +} - ace_id->id_type = acl_entry_link->entryp->ace_id->id_type; - DEBUG(10,("The id type is %d\n",ace_id->id_type)); - ace_id->id_len = acl_entry_link->entryp->ace_id->id_len; - memcpy(&user_id, acl_entry_link->entryp->ace_id->id_data, sizeof(uid_t)); - memcpy(ace_id->id_data, &user_id, sizeof(uid_t)); - } +int sys_acl_set_file(vfs_handle_struct *handle, + const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d) +{ + return posixacl_sys_acl_set_file(handle, name, type, acl_d); +} - rc = fchacl(fd,file_acl,file_acl->acl_len); - DEBUG(10,("errno is %d\n",errno)); - DEBUG(10,("return code is %d\n",rc)); - SAFE_FREE(file_acl); - DEBUG(10,("Exiting sys_acl_set_fd\n")); - return(rc); +int sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp, + int fd, SMB_ACL_T acl_d) +{ + return posixacl_sys_acl_set_fd(handle, fsp, fd, acl_d); } -int sys_acl_delete_def_file(const char *name) +int sys_acl_delete_def_file(vfs_handle_struct *handle, + const char *path) { - /* AIX has no default ACL */ - return 0; + return posixacl_sys_acl_delete_def_file(handle, path); } -int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) +#elif defined(HAVE_AIX_ACLS) + +SMB_ACL_T sys_acl_get_file(vfs_handle_struct *handle, + const char *path_p, SMB_ACL_TYPE_T type) { - return(*permset & perm); + return aixacl_sys_acl_get_file(handle, path_p, type); } -int sys_acl_free_text(char *text) +SMB_ACL_T sys_acl_get_fd(vfs_handle_struct *handle, files_struct *fsp, int fd) +{ + return aixacl_sys_acl_get_fd(handle, fsp, fd); +} + +int sys_acl_set_file(vfs_handle_struct *handle, + const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d) { - return(0); + return aixacl_sys_acl_set_file(handle, name, type, acl_d); } -int sys_acl_free_acl(SMB_ACL_T posix_acl) +int sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp, + int fd, SMB_ACL_T acl_d) { - struct acl_entry_link *acl_entry_link; + return aixacl_sys_acl_set_fd(handle, fsp, fd, acl_d); +} - for(acl_entry_link = posix_acl->nextp; acl_entry_link->nextp != NULL; acl_entry_link = acl_entry_link->nextp) { - SAFE_FREE(acl_entry_link->prevp->entryp); - SAFE_FREE(acl_entry_link->prevp); - } +int sys_acl_delete_def_file(vfs_handle_struct *handle, + const char *path) +{ + return aixacl_sys_acl_delete_def_file(handle, path); +} - SAFE_FREE(acl_entry_link->prevp->entryp); - SAFE_FREE(acl_entry_link->prevp); - SAFE_FREE(acl_entry_link->entryp); - SAFE_FREE(acl_entry_link); +#elif defined(HAVE_TRU64_ACLS) - return(0); +SMB_ACL_T sys_acl_get_file(vfs_handle_struct *handle, + const char *path_p, SMB_ACL_TYPE_T type) +{ + return tru64acl_sys_acl_get_file(handle, path_p, type); } -int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype) +SMB_ACL_T sys_acl_get_fd(vfs_handle_struct *handle, files_struct *fsp, int fd) { - return(0); + return tru64acl_sys_acl_get_fd(handle, fsp, fd); } -#else /* No ACLs. */ +int sys_acl_set_file(vfs_handle_struct *handle, + const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d) +{ + return tru64acl_sys_acl_set_file(handle, name, type, acl_d); +} -int sys_acl_get_entry( SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p) +int sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp, + int fd, SMB_ACL_T acl_d) { - errno = ENOSYS; - return -1; + return tru64acl_sys_acl_set_fd(handle, fsp, fd, acl_d); } -int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p) +int sys_acl_delete_def_file(vfs_handle_struct *handle, + const char *path) { - errno = ENOSYS; - return -1; + return tru64acl_sys_acl_delete_def_file(handle, path); } -int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p) +#elif defined(HAVE_SOLARIS_ACLS) || defined(HAVE_UNIXWARE_ACLS) + +SMB_ACL_T sys_acl_get_file(vfs_handle_struct *handle, + const char *path_p, SMB_ACL_TYPE_T type) { - errno = ENOSYS; - return -1; + return solarisacl_sys_acl_get_file(handle, path_p, type); } -void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d) +SMB_ACL_T sys_acl_get_fd(vfs_handle_struct *handle, files_struct *fsp, int fd) { - errno = ENOSYS; - return NULL; + return solarisacl_sys_acl_get_fd(handle, fsp, fd); } -SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type) +int sys_acl_set_file(vfs_handle_struct *handle, + const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d) { - errno = ENOSYS; - return (SMB_ACL_T)NULL; + return solarisacl_sys_acl_set_file(handle, name, type, acl_d); } -SMB_ACL_T sys_acl_get_fd(int fd) +int sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp, + int fd, SMB_ACL_T acl_d) { - errno = ENOSYS; - return (SMB_ACL_T)NULL; + return solarisacl_sys_acl_set_fd(handle, fsp, fd, acl_d); } -int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset) +int sys_acl_delete_def_file(vfs_handle_struct *handle, + const char *path) { - errno = ENOSYS; - return -1; + return solarisacl_sys_acl_delete_def_file(handle, path); } -int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) +#elif defined(HAVE_HPUX_ACLS) + +SMB_ACL_T sys_acl_get_file(vfs_handle_struct *handle, + const char *path_p, SMB_ACL_TYPE_T type) { - errno = ENOSYS; - return -1; + return hpuxacl_sys_acl_get_file(handle, path_p, type); } -int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) +SMB_ACL_T sys_acl_get_fd(vfs_handle_struct *handle, files_struct *fsp, int fd) { - errno = ENOSYS; - return (permset & perm) ? 1 : 0; + return hpuxacl_sys_acl_get_fd(handle, fsp, fd); } -char *sys_acl_to_text( SMB_ACL_T the_acl, ssize_t *plen) +int sys_acl_set_file(vfs_handle_struct *handle, + const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d) { - errno = ENOSYS; - return NULL; + return hpuxacl_sys_acl_set_file(handle, name, type, acl_d); } -int sys_acl_free_text(char *text) +int sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp, + int fd, SMB_ACL_T acl_d) { - errno = ENOSYS; - return -1; + return hpuxacl_sys_acl_set_fd(handle, fsp, fd, acl_d); } -SMB_ACL_T sys_acl_init( int count) +int sys_acl_delete_def_file(vfs_handle_struct *handle, + const char *path) { - errno = ENOSYS; - return NULL; + return hpuxacl_sys_acl_delete_def_file(handle, path); } -int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry) +#elif defined(HAVE_IRIX_ACLS) + +SMB_ACL_T sys_acl_get_file(vfs_handle_struct *handle, + const char *path_p, SMB_ACL_TYPE_T type) { - errno = ENOSYS; - return -1; + return irixacl_sys_acl_get_file(handle, path_p, type); } -int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype) +SMB_ACL_T sys_acl_get_fd(vfs_handle_struct *handle, files_struct *fsp, int fd) { - errno = ENOSYS; - return -1; + return irixacl_sys_acl_get_fd(handle, fsp, fd); } -int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual) +int sys_acl_set_file(vfs_handle_struct *handle, + const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d) { - errno = ENOSYS; - return -1; + return irixacl_sys_acl_set_file(handle, name, type, acl_d); } -int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset) +int sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp, + int fd, SMB_ACL_T acl_d) { - errno = ENOSYS; - return -1; + return irixacl_sys_acl_set_fd(handle, fsp, fd, acl_d); } -int sys_acl_valid( SMB_ACL_T theacl ) +int sys_acl_delete_def_file(vfs_handle_struct *handle, + const char *path) { - errno = ENOSYS; - return -1; + return irixacl_sys_acl_delete_def_file(handle, path); } -int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) +#else /* No ACLs. */ + +SMB_ACL_T sys_acl_get_file(vfs_handle_struct *handle, + const char *path_p, SMB_ACL_TYPE_T type) { - errno = ENOSYS; - return -1; + errno = ENOTSUP; + return NULL; } -int sys_acl_set_fd( int fd, SMB_ACL_T theacl) +SMB_ACL_T sys_acl_get_fd(vfs_handle_struct *handle, files_struct *fsp, int fd) { - errno = ENOSYS; - return -1; + errno = ENOTSUP; + return NULL; } -int sys_acl_delete_def_file(const char *name) +int sys_acl_set_file(vfs_handle_struct *handle, + const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d) { - errno = ENOSYS; + errno = ENOTSUP; return -1; } -int sys_acl_free_acl(SMB_ACL_T the_acl) +int sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp, + int fd, SMB_ACL_T acl_d) { - errno = ENOSYS; + errno = ENOTSUP; return -1; } -int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype) +int sys_acl_delete_def_file(vfs_handle_struct *handle, + const char *path) { - errno = ENOSYS; + errno = ENOTSUP; return -1; } -#endif /* No ACLs. */ +#endif /************************************************************************ Deliberately outside the ACL defines. Return 1 if this is a "no acls" -- cgit From 1cf1e648feed823244731eef5f56bd34e15cb045 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 31 Jul 2006 04:30:55 +0000 Subject: r17334: Some C++ warnings (This used to be commit 8ae7ed1f3cecbb5285313d17b5f9511e2e622f0b) --- source3/lib/sysacls.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index e8c33c2c95..eba5fc44b6 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -141,7 +141,7 @@ char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p) */ len = 0; maxlen = 20 * acl_d->count; - if ((text = SMB_MALLOC(maxlen)) == NULL) { + if ((text = (char *)SMB_MALLOC(maxlen)) == NULL) { errno = ENOMEM; return NULL; } @@ -212,7 +212,7 @@ char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p) */ if ((len + nbytes) > maxlen) { maxlen += nbytes + 20 * (acl_d->count - i); - if ((text = SMB_REALLOC(text, maxlen)) == NULL) { + if ((text = (char *)SMB_REALLOC(text, maxlen)) == NULL) { errno = ENOMEM; return NULL; } @@ -243,8 +243,9 @@ SMB_ACL_T sys_acl_init(int count) * acl[] array, this actually allocates an ACL with room * for (count+1) entries */ - if ((a = SMB_MALLOC(sizeof(struct smb_acl_t) + - count * sizeof(struct smb_acl_entry))) == NULL) { + if ((a = (struct smb_acl_t *)SMB_MALLOC( + sizeof(struct smb_acl_t) + + count * sizeof(struct smb_acl_entry))) == NULL) { errno = ENOMEM; return NULL; } -- cgit From 25a685b71ad4e6584b41641fcbee1a972714a27a Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 24 Aug 2006 19:56:20 +0000 Subject: r17804: Fix a enum/int mixup found by the IRIX compiler. Volker (This used to be commit 3a1cf623765cd8b6615ad317d25cebc379c762a2) --- source3/lib/sysacls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index eba5fc44b6..00264bf0ce 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -273,7 +273,7 @@ int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p) } entry_d = &acl_d->acl[acl_d->count++]; - entry_d->a_type = 0; + entry_d->a_type = SMB_ACL_TAG_INVALID; entry_d->uid = -1; entry_d->gid = -1; entry_d->a_perm = 0; -- cgit From b540e4dc846b8002e8208183bde4ea0f312d98a8 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 3 Sep 2006 08:16:25 +0000 Subject: r18016: OpenBSD apparently does not have ENOTSUP (This used to be commit 8e087b7e462aaa14e3918cdfe125f8375d4d5fd8) --- source3/lib/sysacls.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index 00264bf0ce..d31c1870c3 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -548,34 +548,54 @@ int sys_acl_delete_def_file(vfs_handle_struct *handle, SMB_ACL_T sys_acl_get_file(vfs_handle_struct *handle, const char *path_p, SMB_ACL_TYPE_T type) { +#ifdef ENOTSUP errno = ENOTSUP; +#else + errno = ENOSYS; +#endif return NULL; } SMB_ACL_T sys_acl_get_fd(vfs_handle_struct *handle, files_struct *fsp, int fd) { +#ifdef ENOTSUP errno = ENOTSUP; +#else + errno = ENOSYS; +#endif return NULL; } int sys_acl_set_file(vfs_handle_struct *handle, const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d) { +#ifdef ENOTSUP errno = ENOTSUP; +#else + errno = ENOSYS; +#endif return -1; } int sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp, int fd, SMB_ACL_T acl_d) { +#ifdef ENOTSUP errno = ENOTSUP; +#else + errno = ENOSYS; +#endif return -1; } int sys_acl_delete_def_file(vfs_handle_struct *handle, const char *path) { +#ifdef ENOTSUP errno = ENOTSUP; +#else + errno = ENOSYS; +#endif return -1; } -- cgit From b93126ea12f057497fd5d97e79e5ebac1bcfe1ef Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 23 Mar 2007 21:50:44 +0000 Subject: r21953: One format fix, clarify a condition that the IBM checker was worried about. Jeremy. (This used to be commit 70eec7b8ae6a4992b43df853dffc21dd91498390) --- source3/lib/sysacls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index d31c1870c3..dcd7640714 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -181,7 +181,7 @@ char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p) id = idbuf; } else { id = gr->gr_name; - } + } case SMB_ACL_GROUP_OBJ: tag = "group"; break; -- cgit From d824b98f80ba186030cbb70b3a1e5daf80469ecd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 9 Jul 2007 19:25:36 +0000 Subject: r23779: Change from v2 or later to v3 or later. Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3) --- source3/lib/sysacls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index dcd7640714..3782e6db06 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -7,7 +7,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, -- cgit From 5e54558c6dea67b56bbfaba5698f3a434d3dffb6 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 00:52:41 +0000 Subject: r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text (This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07) --- source3/lib/sysacls.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index 3782e6db06..3e61f42aa5 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -16,8 +16,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ #include "includes.h" -- cgit From 62e9d503d82d645cf29af643732ad97c0eb8b340 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 7 Jan 2008 23:53:34 +0100 Subject: Remove redundant parameter fd from SMB_VFS_SYS_ACL_GET_FD(). Michael (This used to be commit 42663e8736e1a3dfb57e0aafdcbf5fec880da779) --- source3/lib/sysacls.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index 3e61f42aa5..f23d03f706 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -364,9 +364,9 @@ SMB_ACL_T sys_acl_get_file(vfs_handle_struct *handle, return posixacl_sys_acl_get_file(handle, path_p, type); } -SMB_ACL_T sys_acl_get_fd(vfs_handle_struct *handle, files_struct *fsp, int fd) +SMB_ACL_T sys_acl_get_fd(vfs_handle_struct *handle, files_struct *fsp) { - return posixacl_sys_acl_get_fd(handle, fsp, fd); + return posixacl_sys_acl_get_fd(handle, fsp); } int sys_acl_set_file(vfs_handle_struct *handle, @@ -395,9 +395,9 @@ SMB_ACL_T sys_acl_get_file(vfs_handle_struct *handle, return aixacl_sys_acl_get_file(handle, path_p, type); } -SMB_ACL_T sys_acl_get_fd(vfs_handle_struct *handle, files_struct *fsp, int fd) +SMB_ACL_T sys_acl_get_fd(vfs_handle_struct *handle, files_struct *fsp) { - return aixacl_sys_acl_get_fd(handle, fsp, fd); + return aixacl_sys_acl_get_fd(handle, fsp); } int sys_acl_set_file(vfs_handle_struct *handle, @@ -426,9 +426,9 @@ SMB_ACL_T sys_acl_get_file(vfs_handle_struct *handle, return tru64acl_sys_acl_get_file(handle, path_p, type); } -SMB_ACL_T sys_acl_get_fd(vfs_handle_struct *handle, files_struct *fsp, int fd) +SMB_ACL_T sys_acl_get_fd(vfs_handle_struct *handle, files_struct *fsp) { - return tru64acl_sys_acl_get_fd(handle, fsp, fd); + return tru64acl_sys_acl_get_fd(handle, fsp); } int sys_acl_set_file(vfs_handle_struct *handle, @@ -457,9 +457,9 @@ SMB_ACL_T sys_acl_get_file(vfs_handle_struct *handle, return solarisacl_sys_acl_get_file(handle, path_p, type); } -SMB_ACL_T sys_acl_get_fd(vfs_handle_struct *handle, files_struct *fsp, int fd) +SMB_ACL_T sys_acl_get_fd(vfs_handle_struct *handle, files_struct *fsp) { - return solarisacl_sys_acl_get_fd(handle, fsp, fd); + return solarisacl_sys_acl_get_fd(handle, fsp); } int sys_acl_set_file(vfs_handle_struct *handle, @@ -488,9 +488,9 @@ SMB_ACL_T sys_acl_get_file(vfs_handle_struct *handle, return hpuxacl_sys_acl_get_file(handle, path_p, type); } -SMB_ACL_T sys_acl_get_fd(vfs_handle_struct *handle, files_struct *fsp, int fd) +SMB_ACL_T sys_acl_get_fd(vfs_handle_struct *handle, files_struct *fsp) { - return hpuxacl_sys_acl_get_fd(handle, fsp, fd); + return hpuxacl_sys_acl_get_fd(handle, fsp); } int sys_acl_set_file(vfs_handle_struct *handle, @@ -519,9 +519,9 @@ SMB_ACL_T sys_acl_get_file(vfs_handle_struct *handle, return irixacl_sys_acl_get_file(handle, path_p, type); } -SMB_ACL_T sys_acl_get_fd(vfs_handle_struct *handle, files_struct *fsp, int fd) +SMB_ACL_T sys_acl_get_fd(vfs_handle_struct *handle, files_struct *fsp) { - return irixacl_sys_acl_get_fd(handle, fsp, fd); + return irixacl_sys_acl_get_fd(handle, fsp); } int sys_acl_set_file(vfs_handle_struct *handle, @@ -555,7 +555,7 @@ SMB_ACL_T sys_acl_get_file(vfs_handle_struct *handle, return NULL; } -SMB_ACL_T sys_acl_get_fd(vfs_handle_struct *handle, files_struct *fsp, int fd) +SMB_ACL_T sys_acl_get_fd(vfs_handle_struct *handle, files_struct *fsp) { #ifdef ENOTSUP errno = ENOTSUP; -- cgit From 5921607f2647cec20a6bcebd17c5a0c53449c1ba Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 8 Jan 2008 01:54:19 +0100 Subject: Remove redundant parameter fd from SMB_VFS_SYS_ACL_SET_FD(). Michael (This used to be commit 9296e93588c0e795cae770765050247ac1474a74) --- source3/lib/sysacls.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) (limited to 'source3/lib/sysacls.c') diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index f23d03f706..9c1256ed65 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -3,7 +3,7 @@ Samba system utilities for ACL support. Copyright (C) Jeremy Allison 2000. Copyright (C) Volker Lendecke 2006 - Copyright (C) Michael Adam 2006 + Copyright (C) Michael Adam 2006,2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -376,9 +376,9 @@ int sys_acl_set_file(vfs_handle_struct *handle, } int sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp, - int fd, SMB_ACL_T acl_d) + SMB_ACL_T acl_d) { - return posixacl_sys_acl_set_fd(handle, fsp, fd, acl_d); + return posixacl_sys_acl_set_fd(handle, fsp, acl_d); } int sys_acl_delete_def_file(vfs_handle_struct *handle, @@ -407,9 +407,9 @@ int sys_acl_set_file(vfs_handle_struct *handle, } int sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp, - int fd, SMB_ACL_T acl_d) + SMB_ACL_T acl_d) { - return aixacl_sys_acl_set_fd(handle, fsp, fd, acl_d); + return aixacl_sys_acl_set_fd(handle, fsp, acl_d); } int sys_acl_delete_def_file(vfs_handle_struct *handle, @@ -438,9 +438,9 @@ int sys_acl_set_file(vfs_handle_struct *handle, } int sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp, - int fd, SMB_ACL_T acl_d) + SMB_ACL_T acl_d) { - return tru64acl_sys_acl_set_fd(handle, fsp, fd, acl_d); + return tru64acl_sys_acl_set_fd(handle, fsp, acl_d); } int sys_acl_delete_def_file(vfs_handle_struct *handle, @@ -469,9 +469,9 @@ int sys_acl_set_file(vfs_handle_struct *handle, } int sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp, - int fd, SMB_ACL_T acl_d) + SMB_ACL_T acl_d) { - return solarisacl_sys_acl_set_fd(handle, fsp, fd, acl_d); + return solarisacl_sys_acl_set_fd(handle, fsp, acl_d); } int sys_acl_delete_def_file(vfs_handle_struct *handle, @@ -500,9 +500,9 @@ int sys_acl_set_file(vfs_handle_struct *handle, } int sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp, - int fd, SMB_ACL_T acl_d) + SMB_ACL_T acl_d) { - return hpuxacl_sys_acl_set_fd(handle, fsp, fd, acl_d); + return hpuxacl_sys_acl_set_fd(handle, fsp, acl_d); } int sys_acl_delete_def_file(vfs_handle_struct *handle, @@ -531,9 +531,9 @@ int sys_acl_set_file(vfs_handle_struct *handle, } int sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp, - int fd, SMB_ACL_T acl_d) + SMB_ACL_T acl_d) { - return irixacl_sys_acl_set_fd(handle, fsp, fd, acl_d); + return irixacl_sys_acl_set_fd(handle, fsp, acl_d); } int sys_acl_delete_def_file(vfs_handle_struct *handle, @@ -577,7 +577,7 @@ int sys_acl_set_file(vfs_handle_struct *handle, } int sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp, - int fd, SMB_ACL_T acl_d) + SMB_ACL_T acl_d) { #ifdef ENOTSUP errno = ENOTSUP; -- cgit