/* Unix SMB/Netbios implementation. VFS module to get and set Tru64 acls Copyright (C) Michael Adam 2006,2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ #include "includes.h" /* prototypes for private functions first - for clarity */ static struct smb_acl_t *tru64_acl_to_smb_acl(const struct acl *tru64_acl); static bool tru64_ace_to_smb_ace(acl_entry_t tru64_ace, struct smb_acl_entry *smb_ace); static acl_t smb_acl_to_tru64_acl(const SMB_ACL_T smb_acl); static acl_tag_t smb_tag_to_tru64(SMB_ACL_TAG_T smb_tag); static SMB_ACL_TAG_T tru64_tag_to_smb(acl_tag_t tru64_tag); static acl_perm_t smb_permset_to_tru64(SMB_ACL_PERM_T smb_permset); static SMB_ACL_PERM_T tru64_permset_to_smb(const acl_perm_t tru64_permset); /* public functions - the api */ SMB_ACL_T tru64acl_sys_acl_get_file(vfs_handle_struct *handle, const char *path_p, SMB_ACL_TYPE_T type) { struct smb_acl_t *result; acl_type_t the_acl_type; acl_t tru64_acl; DEBUG(10, ("Hi! This is tru64acl_sys_acl_get_file.\n")); switch(type) { case SMB_ACL_TYPE_ACCESS: the_acl_type = ACL_TYPE_ACCESS; break; case SMB_ACL_TYPE_DEFAULT: the_acl_type = ACL_TYPE_DEFAULT; break; default: errno = EINVAL; return NULL; } tru64_acl = acl_get_file((char *)path_p, the_acl_type); if (tru64_acl == NULL) { return NULL; } result = tru64_acl_to_smb_acl(tru64_acl); acl_free(tru64_acl); return result; } SMB_ACL_T tru64acl_sys_acl_get_fd(vfs_handle_struct *handle, files_struct *fsp) { struct smb_acl_t *result; acl_t tru64_acl = acl_get_fd(fsp->fh->fd, ACL_TYPE_ACCESS); if (tru64_acl == NULL) { return NULL; } result = tru64_acl_to_smb_acl(tru64_acl); acl_free(tru64_acl); return result; } int tru64acl_sys_acl_set_file(vfs_handle_struct *handle, const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T theacl) { int res; acl_type_t the_acl_type; acl_t tru64_acl; DEBUG(10, ("tru64acl_sys_acl_set_file called with name %s, type %d\n", name, type)); switch(type) { case SMB_ACL_TYPE_ACCESS: DEBUGADD(10, ("got acl type ACL_TYPE_ACCESS\n")); the_acl_type = ACL_TYPE_ACCESS; break; case SMB_ACL_TYPE_DEFAULT: DEBUGADD(10, ("got acl type ACL_TYPE_DEFAULT\n")); the_acl_type = ACL_TYPE_DEFAULT; break; default: DEBUGADD(10, ("invalid acl type\n")); errno = EINVAL; goto fail; } tru64_acl = smb_acl_to_tru64_acl(theacl); if (tru64_acl == NULL) { DEBUG(10, ("smb_acl_to_tru64_acl failed!\n")); goto fail; } DEBUG(10, ("got tru64 acl...\n")); res = acl_set_file((char *)name, the_acl_type, tru64_acl); acl_free(tru64_acl); if (res != 0) { DEBUG(10, ("acl_set_file failed: %s\n", strerror(errno))); goto fail; } return res; fail: DEBUG(1, ("tru64acl_sys_acl_set_file failed!\n")); return -1; } int tru64acl_sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp, SMB_ACL_T theacl) { int res; acl_t tru64_acl = smb_acl_to_tru64_acl(theacl); if (tru64_acl == NULL) { return -1; } res = acl_set_fd(fsp->fh->fd, ACL_TYPE_ACCESS, tru64_acl); acl_free(tru64_acl); return res; } int tru64acl_sys_acl_delete_def_file(vfs_handle_struct *handle, const char *path) { return acl_delete_def_file((char *)path); } /* private functions */ static struct smb_acl_t *tru64_acl_to_smb_acl(const struct acl *tru64_acl) { struct smb_acl_t *result; acl_entry_t entry; DEBUG(10, ("Hi! This is tru64_acl_to_smb_acl.\n")); if ((result = SMB_MALLOC_P(struct smb_acl_t)) == NULL) { DEBUG(0, ("SMB_MALLOC_P failed in tru64_acl_to_smb_acl\n")); errno = ENOMEM; goto fail; } ZERO_STRUCTP(result); if (acl_first_entry((struct acl *)tru64_acl) != 0) { DEBUG(10, ("acl_first_entry failed: %s\n", strerror(errno))); goto fail; } while ((entry = acl_get_entry((struct acl *)tru64_acl)) != NULL) { result = SMB_REALLOC(result, sizeof(struct smb_acl_t) + (sizeof(struct smb_acl_entry) * (result->count + 1))); if (result == NULL) { DEBUG(0, ("SMB_REALLOC failed in tru64_acl_to_smb_acl\n")); errno = ENOMEM; goto fail; } /* XYZ */ if (!tru64_ace_to_smb_ace(entry, &result->acl[result->count])) { SAFE_FREE(result); goto fail; } result->count += 1; } return result; fail: if (result != NULL) { SAFE_FREE(result); } DEBUG(1, ("tru64_acl_to_smb_acl failed!\n")); return NULL; } static bool tru64_ace_to_smb_ace(acl_entry_t tru64_ace, struct smb_acl_entry *smb_ace) { acl_tag_t tru64_tag; acl_permset_t permset; SMB_ACL_TAG_T smb_tag_type; SMB_ACL_PERM_T smb_permset; void *qualifier; if (acl_get_tag_type(tru64_ace, &tru64_tag) != 0) { DEBUG(0, ("acl_get_tag_type failed: %s\n", strerror(errno))); return False; } /* On could set the tag type directly to save a function call, * but I like this better... */ smb_tag_type = tru64_tag_to_smb(tru64_tag); if (smb_tag_type == 0) { DEBUG(3, ("invalid tag type given: %d\n", tru64_tag)); return False; } if (sys_acl_set_tag_type(smb_ace, smb_tag_type) != 0) { DEBUG(3, ("sys_acl_set_tag_type failed: %s\n", strerror(errno))); return False; } qualifier = acl_get_qualifier(tru64_ace); if (qualifier != NULL) { if (sys_acl_set_qualifier(smb_ace, qualifier) != 0) { DEBUG(3, ("sys_acl_set_qualifier failed\n")); return False; } } if (acl_get_permset(tru64_ace, &permset) != 0) { DEBUG(3, ("acl_get_permset failed: %s\n", strerror(errno))); return False; } smb_permset = tru64_permset_to_smb(*permset); if (sys_acl_set_permset(smb_ace, &smb_permset) != 0) { DEBUG(3, ("sys_acl_set_permset failed: %s\n", strerror(errno))); return False; } return True; } static acl_t smb_acl_to_tru64_acl(const SMB_ACL_T smb_acl) { acl_t result; acl_entry_t tru64_entry; int i; char *acl_text; ssize_t acl_text_len; /* The tru64 acl_init function takes a size_t value * instead of a count of entries (as with posix). * the size parameter "Specifies the size of the working * storage in bytes" (according to the man page). * But it is unclear to me, how this size is to be * calculated. * * It should not matter, since acl_create_entry enlarges * the working storage at need. ... */ DEBUG(10, ("Hi! This is smb_acl_to_tru64_acl.\n")); result = acl_init(1); if (result == NULL) { DEBUG(3, ("acl_init failed!\n")); goto fail; } DEBUGADD(10, ("parsing acl entries...\n")); for (i = 0; i < smb_acl->count; i++) { /* XYZ - maybe eliminate this direct access? */ const struct smb_acl_entry *smb_entry = &smb_acl->acl[i]; acl_tag_t tru64_tag; acl_perm_t tru64_permset; tru64_tag = smb_tag_to_tru64(smb_entry->a_type); if (tru64_tag == -1) { DEBUG(3, ("smb_tag_to_tru64 failed!\n")); goto fail; } if (tru64_tag == ACL_MASK) { DEBUGADD(10, (" - acl type ACL_MASK: not implemented on Tru64 ==> skipping\n")); continue; } tru64_entry = acl_create_entry(&result); if (tru64_entry == NULL) { DEBUG(3, ("acl_create_entry failed: %s\n", strerror(errno))); goto fail; } if (acl_set_tag_type(tru64_entry, tru64_tag) != 0) { DEBUG(3, ("acl_set_tag_type(%d) failed: %s\n", strerror(errno))); goto fail; } switch (smb_entry->a_type) { case SMB_ACL_USER: if (acl_set_qualifier(tru64_entry, (int *)&smb_entry->uid) != 0) { DEBUG(3, ("acl_set_qualifier failed: %s\n", strerror(errno))); goto fail; } DEBUGADD(10, (" - setting uid to %d\n", smb_entry->uid)); break; case SMB_ACL_GROUP: if (acl_set_qualifier(tru64_entry, (int *)&smb_entry->gid) != 0) { DEBUG(3, ("acl_set_qualifier failed: %s\n", strerror(errno))); goto fail; } DEBUGADD(10, (" - setting gid to %d\n", smb_entry->gid)); break; default: break; } tru64_permset = smb_permset_to_tru64(smb_entry->a_perm); if (tru64_permset == -1) { DEBUG(3, ("smb_permset_to_tru64 failed!\n")); goto fail; } DEBUGADD(10, (" - setting perms to %0d\n", tru64_permset)); if (acl_set_permset(tru64_entry, &tru64_permset) != 0) { DEBUG(3, ("acl_set_permset failed: %s\n", strerror(errno))); goto fail; } } /* for */ DEBUGADD(10, ("done parsing acl entries\n")); tru64_entry = NULL; if (acl_valid(result, &tru64_entry) != 0) { DEBUG(1, ("smb_acl_to_tru64_acl: ACL is invalid (%s)\n", strerror(errno))); if (tru64_entry != NULL) { DEBUGADD(1, ("the acl contains duplicate entries\n")); } goto fail; } DEBUGADD(10, ("acl is valid\n")); acl_text = acl_to_text(result, &acl_text_len); if (acl_text == NULL) { DEBUG(3, ("acl_to_text failed: %s\n", strerror(errno))); goto fail; } DEBUG(1, ("acl_text: %s\n", acl_text)); free(acl_text); return result; fail: if (result != NULL) { acl_free(result); } DEBUG(1, ("smb_acl_to_tru64_acl failed!\n")); return NULL; } static acl_tag_t smb_tag_to_tru64(SMB_ACL_TAG_T smb_tag) { acl_tag_t result; switch (smb_tag) { case SMB_ACL_USER: result = ACL_USER; DEBUGADD(10, ("got acl type ACL_USER\n")); break; case SMB_ACL_USER_OBJ: result = ACL_USER_OBJ; DEBUGADD(10, ("got acl type ACL_USER_OBJ\n")); break; case SMB_ACL_GROUP: result = ACL_GROUP; DEBUGADD(10, ("got acl type ACL_GROUP\n")); break; case SMB_ACL_GROUP_OBJ: result = ACL_GROUP_OBJ; DEBUGADD(10, ("got acl type ACL_GROUP_OBJ\n")); break; case SMB_ACL_OTHER: result = ACL_OTHER; DEBUGADD(10, ("got acl type ACL_OTHER\n")); break; case SMB_ACL_MASK: result = ACL_MASK; DEBUGADD(10, ("got acl type ACL_MASK\n")); break; default: DEBUG(1, ("Unknown tag type %d\n", smb_tag)); result = -1; } return result; } static SMB_ACL_TAG_T tru64_tag_to_smb(acl_tag_t tru64_tag) { SMB_ACL_TAG_T smb_tag_type; switch(tru64_tag) { case ACL_USER: smb_tag_type = SMB_ACL_USER; DEBUGADD(10, ("got smb acl tag type SMB_ACL_USER\n")); break; case ACL_USER_OBJ: smb_tag_type = SMB_ACL_USER_OBJ; DEBUGADD(10, ("got smb acl tag type SMB_ACL_USER_OBJ\n")); break; case ACL_GROUP: smb_tag_type = SMB_ACL_GROUP; DEBUGADD(10, ("got smb acl tag type SMB_ACL_GROUP\n")); break; case ACL_GROUP_OBJ: smb_tag_type = SMB_ACL_GROUP_OBJ; DEBUGADD(10, ("got smb acl tag type SMB_ACL_GROUP_OBJ\n")); break; case ACL_OTHER: smb_tag_type = SMB_ACL_OTHER; DEBUGADD(10, ("got smb acl tag type SMB_ACL_OTHER\n")); break; case ACL_MASK: smb_tag_type = SMB_ACL_MASK; DEBUGADD(10, ("got smb acl tag type SMB_ACL_MASK\n")); break; default: DEBUG(0, ("Unknown tag type %d\n", (unsigned int)tru64_tag)); smb_tag_type = 0; } return smb_tag_type; } static acl_perm_t smb_permset_to_tru64(SMB_ACL_PERM_T smb_permset) { /* originally, I thought that acl_clear_perm was the * proper way to reset the permset to 0. but without * initializing it to 0, acl_clear_perm fails. * so probably, acl_clear_perm is not necessary here... ?! */ acl_perm_t tru64_permset = 0; if (acl_clear_perm(&tru64_permset) != 0) { DEBUG(5, ("acl_clear_perm failed: %s\n", strerror(errno))); return -1; } /* according to original lib/sysacls.c, acl_add_perm is * broken on tru64 ... */ tru64_permset |= ((smb_permset & SMB_ACL_READ) ? ACL_READ : 0); tru64_permset |= ((smb_permset & SMB_ACL_WRITE) ? ACL_WRITE : 0); tru64_permset |= ((smb_permset & SMB_ACL_EXECUTE) ? ACL_EXECUTE : 0); return tru64_permset; } static SMB_ACL_PERM_T tru64_permset_to_smb(const acl_perm_t tru64_permset) { SMB_ACL_PERM_T smb_permset = 0; smb_permset |= ((tru64_permset & ACL_READ) ? SMB_ACL_READ : 0); smb_permset |= ((tru64_permset & ACL_WRITE) ? SMB_ACL_WRITE : 0); smb_permset |= ((tru64_permset & ACL_EXECUTE) ? SMB_ACL_EXECUTE : 0); return smb_permset; } /* VFS operations structure */ static vfs_op_tuple tru64acl_op_tuples[] = { /* Disk operations */ {SMB_VFS_OP(tru64acl_sys_acl_get_file), SMB_VFS_OP_SYS_ACL_GET_FILE, SMB_VFS_LAYER_TRANSPARENT}, {SMB_VFS_OP(tru64acl_sys_acl_get_fd), SMB_VFS_OP_SYS_ACL_GET_FD, SMB_VFS_LAYER_TRANSPARENT}, {SMB_VFS_OP(tru64acl_sys_acl_set_file), SMB_VFS_OP_SYS_ACL_SET_FILE, SMB_VFS_LAYER_TRANSPARENT}, {SMB_VFS_OP(tru64acl_sys_acl_set_fd), SMB_VFS_OP_SYS_ACL_SET_FD, SMB_VFS_LAYER_TRANSPARENT}, {SMB_VFS_OP(tru64acl_sys_acl_delete_def_file), SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, SMB_VFS_LAYER_TRANSPARENT}, {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP} }; NTSTATUS vfs_tru64acl_init(void); NTSTATUS vfs_tru64acl_init(void) { return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "tru64acl", tru64acl_op_tuples); } /* ENTE */