1: /*
2: * Unix SMB/CIFS implementation.
3: * Based on the Samba ACL support code.
4: * Copyright (C) Jeremy Allison 2000.
5: * Copyright (C) 2007-2008 Wayne Davison
6: *
7: * The permission functions have been changed to get/set all bits via
8: * one call. Some functions that rsync doesn't need were also removed.
9: *
10: * This program is free software; you can redistribute it and/or modify
11: * it under the terms of the GNU General Public License as published by
12: * the Free Software Foundation; either version 3 of the License, or
13: * (at your option) any later version.
14: *
15: * This program is distributed in the hope that it will be useful,
16: * but WITHOUT ANY WARRANTY; without even the implied warranty of
17: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18: * GNU General Public License for more details.
19: *
20: * You should have received a copy of the GNU General Public License
21: * with this program; if not, visit the http://fsf.org website.
22: */
23:
24: #include "rsync.h"
25: #include "sysacls.h"
26:
27: #ifdef SUPPORT_ACLS
28:
29: #ifdef DEBUG
30: #undef DEBUG
31: #endif
32: #define DEBUG(x,y)
33:
34: void SAFE_FREE(void *mem)
35: {
36: if (mem)
37: free(mem);
38: }
39:
40: /*
41: This file wraps all differing system ACL interfaces into a consistent
42: one based on the POSIX interface. It also returns the correct errors
43: for older UNIX systems that don't support ACLs.
44:
45: The interfaces that each ACL implementation must support are as follows :
46:
47: int sys_acl_get_entry( SMB_ACL_T theacl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
48: int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
49: int sys_acl_get_info(SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T *tag_type_p, uint32 *bits_p, id_t *u_g_id_p)
50: SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type)
51: SMB_ACL_T sys_acl_get_fd(int fd)
52: SMB_ACL_T sys_acl_init( int count)
53: int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
54: int sys_acl_set_info(SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tag_type, uint32 bits, id_t u_g_id)
55: int sys_acl_set_access_bits(SMB_ACL_ENTRY_T entry, uint32 bits)
56: int sys_acl_valid( SMB_ACL_T theacl )
57: int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
58: int sys_acl_set_fd( int fd, SMB_ACL_T theacl)
59: int sys_acl_delete_def_file(const char *path)
60: int sys_acl_free_acl(SMB_ACL_T posix_acl)
61:
62: */
63:
64: #if defined(HAVE_POSIX_ACLS) /*--------------------------------------------*/
65:
66: /* Identity mapping - easy. */
67:
68: int sys_acl_get_entry( SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
69: {
70: return acl_get_entry( the_acl, entry_id, entry_p);
71: }
72:
73: int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
74: {
75: return acl_get_tag_type( entry_d, tag_type_p);
76: }
77:
78: SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type)
79: {
80: return acl_get_file( path_p, type);
81: }
82:
83: #if 0
84: SMB_ACL_T sys_acl_get_fd(int fd)
85: {
86: return acl_get_fd(fd);
87: }
88: #endif
89:
90: #if defined(HAVE_ACL_GET_PERM_NP)
91: #define acl_get_perm(p, b) acl_get_perm_np(p, b)
92: #endif
93:
94: int sys_acl_get_info(SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T *tag_type_p, uint32 *bits_p, id_t *u_g_id_p)
95: {
96: acl_permset_t permset;
97:
98: if (acl_get_tag_type(entry, tag_type_p) != 0
99: || acl_get_permset(entry, &permset) != 0)
100: return -1;
101:
102: *bits_p = (acl_get_perm(permset, ACL_READ) ? 4 : 0)
103: | (acl_get_perm(permset, ACL_WRITE) ? 2 : 0)
104: | (acl_get_perm(permset, ACL_EXECUTE) ? 1 : 0);
105:
106: if (*tag_type_p == SMB_ACL_USER || *tag_type_p == SMB_ACL_GROUP) {
107: void *qual;
108: if ((qual = acl_get_qualifier(entry)) == NULL)
109: return -1;
110: *u_g_id_p = *(id_t*)qual;
111: acl_free(qual);
112: }
113:
114: return 0;
115: }
116:
117: SMB_ACL_T sys_acl_init( int count)
118: {
119: return acl_init(count);
120: }
121:
122: int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
123: {
124: return acl_create_entry(pacl, pentry);
125: }
126:
127: int sys_acl_set_info(SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tag_type, uint32 bits, id_t u_g_id)
128: {
129: if (acl_set_tag_type(entry, tag_type) != 0)
130: return -1;
131:
132: if (tag_type == SMB_ACL_USER || tag_type == SMB_ACL_GROUP) {
133: if (acl_set_qualifier(entry, (void*)&u_g_id) != 0)
134: return -1;
135: }
136:
137: return sys_acl_set_access_bits(entry, bits);
138: }
139:
140: int sys_acl_set_access_bits(SMB_ACL_ENTRY_T entry, uint32 bits)
141: {
142: acl_permset_t permset;
143: int rc;
144: if ((rc = acl_get_permset(entry, &permset)) != 0)
145: return rc;
146: acl_clear_perms(permset);
147: if (bits & 4)
148: acl_add_perm(permset, ACL_READ);
149: if (bits & 2)
150: acl_add_perm(permset, ACL_WRITE);
151: if (bits & 1)
152: acl_add_perm(permset, ACL_EXECUTE);
153: return acl_set_permset(entry, permset);
154: }
155:
156: int sys_acl_valid( SMB_ACL_T theacl )
157: {
158: return acl_valid(theacl);
159: }
160:
161: int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
162: {
163: return acl_set_file(name, acltype, theacl);
164: }
165:
166: #if 0
167: int sys_acl_set_fd( int fd, SMB_ACL_T theacl)
168: {
169: return acl_set_fd(fd, theacl);
170: }
171: #endif
172:
173: int sys_acl_delete_def_file(const char *name)
174: {
175: return acl_delete_def_file(name);
176: }
177:
178: int sys_acl_free_acl(SMB_ACL_T the_acl)
179: {
180: return acl_free(the_acl);
181: }
182:
183: #elif defined(HAVE_TRU64_ACLS) /*--------------------------------------------*/
184: /*
185: * The interface to DEC/Compaq Tru64 UNIX ACLs
186: * is based on Draft 13 of the POSIX spec which is
187: * slightly different from the Draft 16 interface.
188: *
189: * Also, some of the permset manipulation functions
190: * such as acl_clear_perm() and acl_add_perm() appear
191: * to be broken on Tru64 so we have to manipulate
192: * the permission bits in the permset directly.
193: */
194: int sys_acl_get_entry( SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
195: {
196: SMB_ACL_ENTRY_T entry;
197:
198: if (entry_id == SMB_ACL_FIRST_ENTRY && acl_first_entry(the_acl) != 0) {
199: return -1;
200: }
201:
202: errno = 0;
203: if ((entry = acl_get_entry(the_acl)) != NULL) {
204: *entry_p = entry;
205: return 1;
206: }
207:
208: return errno ? -1 : 0;
209: }
210:
211: int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
212: {
213: return acl_get_tag_type( entry_d, tag_type_p);
214: }
215:
216: SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type)
217: {
218: return acl_get_file((char *)path_p, type);
219: }
220:
221: #if 0
222: SMB_ACL_T sys_acl_get_fd(int fd)
223: {
224: return acl_get_fd(fd, ACL_TYPE_ACCESS);
225: }
226: #endif
227:
228: int sys_acl_get_info(SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T *tag_type_p, uint32 *bits_p, id_t *u_g_id_p)
229: {
230: acl_permset_t permset;
231:
232: if (acl_get_tag_type(entry, tag_type_p) != 0
233: || acl_get_permset(entry, &permset) != 0)
234: return -1;
235:
236: *bits_p = *permset & 7; /* Tru64 doesn't have acl_get_perm() */
237:
238: if (*tag_type_p == SMB_ACL_USER || *tag_type_p == SMB_ACL_GROUP) {
239: void *qual;
240: if ((qual = acl_get_qualifier(entry)) == NULL)
241: return -1;
242: *u_g_id_p = *(id_t*)qual;
243: acl_free_qualifier(qual, *tag_type_p);
244: }
245:
246: return 0;
247: }
248:
249: SMB_ACL_T sys_acl_init( int count)
250: {
251: return acl_init(count);
252: }
253:
254: int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
255: {
256: SMB_ACL_ENTRY_T entry;
257:
258: if ((entry = acl_create_entry(pacl)) == NULL) {
259: return -1;
260: }
261:
262: *pentry = entry;
263: return 0;
264: }
265:
266: int sys_acl_set_info(SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tag_type, uint32 bits, id_t u_g_id)
267: {
268: if (acl_set_tag_type(entry, tag_type) != 0)
269: return -1;
270:
271: if (tag_type == SMB_ACL_USER || tag_type == SMB_ACL_GROUP) {
272: if (acl_set_qualifier(entry, (void*)&u_g_id) != 0)
273: return -1;
274: }
275:
276: return sys_acl_set_access_bits(entry, bits);
277: }
278:
279: int sys_acl_set_access_bits(SMB_ACL_ENTRY_T entry, uint32 bits)
280: {
281: acl_permset_t permset;
282: int rc;
283: if ((rc = acl_get_permset(entry, &permset)) != 0)
284: return rc;
285: *permset = bits & 7;
286: return acl_set_permset(entry, permset);
287: }
288:
289: int sys_acl_valid( SMB_ACL_T theacl )
290: {
291: acl_entry_t entry;
292:
293: return acl_valid(theacl, &entry);
294: }
295:
296: int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
297: {
298: return acl_set_file((char *)name, acltype, theacl);
299: }
300:
301: #if 0
302: int sys_acl_set_fd( int fd, SMB_ACL_T theacl)
303: {
304: return acl_set_fd(fd, ACL_TYPE_ACCESS, theacl);
305: }
306: #endif
307:
308: int sys_acl_delete_def_file(const char *name)
309: {
310: return acl_delete_def_file((char *)name);
311: }
312:
313: int sys_acl_free_acl(SMB_ACL_T the_acl)
314: {
315: return acl_free(the_acl);
316: }
317:
318: #elif defined(HAVE_UNIXWARE_ACLS) || defined(HAVE_SOLARIS_ACLS) /*-----------*/
319:
320: /*
321: * Donated by Michael Davidson <md@sco.COM> for UnixWare / OpenUNIX.
322: * Modified by Toomas Soome <tsoome@ut.ee> for Solaris.
323: */
324:
325: /*
326: * Note that while this code implements sufficient functionality
327: * to support the sys_acl_* interfaces it does not provide all
328: * of the semantics of the POSIX ACL interfaces.
329: *
330: * In particular, an ACL entry descriptor (SMB_ACL_ENTRY_T) returned
331: * from a call to sys_acl_get_entry() should not be assumed to be
332: * valid after calling any of the following functions, which may
333: * reorder the entries in the ACL.
334: *
335: * sys_acl_valid()
336: * sys_acl_set_file()
337: * sys_acl_set_fd()
338: */
339:
340: /*
341: * The only difference between Solaris and UnixWare / OpenUNIX is
342: * that the #defines for the ACL operations have different names
343: */
344: #if defined(HAVE_UNIXWARE_ACLS)
345:
346: #define SETACL ACL_SET
347: #define GETACL ACL_GET
348: #define GETACLCNT ACL_CNT
349:
350: #endif
351:
352:
353: int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p)
354: {
355: if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) {
356: errno = EINVAL;
357: return -1;
358: }
359:
360: if (entry_p == NULL) {
361: errno = EINVAL;
362: return -1;
363: }
364:
365: if (entry_id == SMB_ACL_FIRST_ENTRY) {
366: acl_d->next = 0;
367: }
368:
369: if (acl_d->next < 0) {
370: errno = EINVAL;
371: return -1;
372: }
373:
374: if (acl_d->next >= acl_d->count) {
375: return 0;
376: }
377:
378: *entry_p = &acl_d->acl[acl_d->next++];
379:
380: return 1;
381: }
382:
383: int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p)
384: {
385: *type_p = entry_d->a_type;
386:
387: return 0;
388: }
389:
390: /*
391: * There is no way of knowing what size the ACL returned by
392: * GETACL will be unless you first call GETACLCNT which means
393: * making an additional system call.
394: *
395: * In the hope of avoiding the cost of the additional system
396: * call in most cases, we initially allocate enough space for
397: * an ACL with INITIAL_ACL_SIZE entries. If this turns out to
398: * be too small then we use GETACLCNT to find out the actual
399: * size, reallocate the ACL buffer, and then call GETACL again.
400: */
401:
402: #define INITIAL_ACL_SIZE 16
403:
404: SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type)
405: {
406: SMB_ACL_T acl_d;
407: int count; /* # of ACL entries allocated */
408: int naccess; /* # of access ACL entries */
409: int ndefault; /* # of default ACL entries */
410:
411: if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) {
412: errno = EINVAL;
413: return NULL;
414: }
415:
416: count = INITIAL_ACL_SIZE;
417: if ((acl_d = sys_acl_init(count)) == NULL) {
418: return NULL;
419: }
420:
421: /*
422: * If there isn't enough space for the ACL entries we use
423: * GETACLCNT to determine the actual number of ACL entries
424: * reallocate and try again. This is in a loop because it
425: * is possible that someone else could modify the ACL and
426: * increase the number of entries between the call to
427: * GETACLCNT and the call to GETACL.
428: */
429: while ((count = acl(path_p, GETACL, count, &acl_d->acl[0])) < 0
430: && errno == ENOSPC) {
431:
432: sys_acl_free_acl(acl_d);
433:
434: if ((count = acl(path_p, GETACLCNT, 0, NULL)) < 0) {
435: return NULL;
436: }
437:
438: if ((acl_d = sys_acl_init(count)) == NULL) {
439: return NULL;
440: }
441: }
442:
443: if (count < 0) {
444: sys_acl_free_acl(acl_d);
445: return NULL;
446: }
447:
448: /*
449: * calculate the number of access and default ACL entries
450: *
451: * Note: we assume that the acl() system call returned a
452: * well formed ACL which is sorted so that all of the
453: * access ACL entries preceed any default ACL entries
454: */
455: for (naccess = 0; naccess < count; naccess++) {
456: if (acl_d->acl[naccess].a_type & ACL_DEFAULT)
457: break;
458: }
459: ndefault = count - naccess;
460:
461: /*
462: * if the caller wants the default ACL we have to copy
463: * the entries down to the start of the acl[] buffer
464: * and mask out the ACL_DEFAULT flag from the type field
465: */
466: if (type == SMB_ACL_TYPE_DEFAULT) {
467: int i, j;
468:
469: for (i = 0, j = naccess; i < ndefault; i++, j++) {
470: acl_d->acl[i] = acl_d->acl[j];
471: acl_d->acl[i].a_type &= ~ACL_DEFAULT;
472: }
473:
474: acl_d->count = ndefault;
475: } else {
476: acl_d->count = naccess;
477: }
478:
479: return acl_d;
480: }
481:
482: #if 0
483: SMB_ACL_T sys_acl_get_fd(int fd)
484: {
485: SMB_ACL_T acl_d;
486: int count; /* # of ACL entries allocated */
487: int naccess; /* # of access ACL entries */
488:
489: count = INITIAL_ACL_SIZE;
490: if ((acl_d = sys_acl_init(count)) == NULL) {
491: return NULL;
492: }
493:
494: while ((count = facl(fd, GETACL, count, &acl_d->acl[0])) < 0
495: && errno == ENOSPC) {
496:
497: sys_acl_free_acl(acl_d);
498:
499: if ((count = facl(fd, GETACLCNT, 0, NULL)) < 0) {
500: return NULL;
501: }
502:
503: if ((acl_d = sys_acl_init(count)) == NULL) {
504: return NULL;
505: }
506: }
507:
508: if (count < 0) {
509: sys_acl_free_acl(acl_d);
510: return NULL;
511: }
512:
513: /*
514: * calculate the number of access ACL entries
515: */
516: for (naccess = 0; naccess < count; naccess++) {
517: if (acl_d->acl[naccess].a_type & ACL_DEFAULT)
518: break;
519: }
520:
521: acl_d->count = naccess;
522:
523: return acl_d;
524: }
525: #endif
526:
527: int sys_acl_get_info(SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T *tag_type_p, uint32 *bits_p, id_t *u_g_id_p)
528: {
529: *tag_type_p = entry->a_type;
530:
531: *bits_p = entry->a_perm;
532:
533: if (*tag_type_p == SMB_ACL_USER || *tag_type_p == SMB_ACL_GROUP)
534: *u_g_id_p = entry->a_id;
535:
536: return 0;
537: }
538:
539: SMB_ACL_T sys_acl_init(int count)
540: {
541: SMB_ACL_T a;
542:
543: if (count < 0) {
544: errno = EINVAL;
545: return NULL;
546: }
547:
548: /*
549: * note that since the definition of the structure pointed
550: * to by the SMB_ACL_T includes the first element of the
551: * acl[] array, this actually allocates an ACL with room
552: * for (count+1) entries
553: */
554: if ((a = (SMB_ACL_T)SMB_MALLOC(sizeof a[0] + count * sizeof (struct acl))) == NULL) {
555: errno = ENOMEM;
556: return NULL;
557: }
558:
559: a->size = count + 1;
560: a->count = 0;
561: a->next = -1;
562:
563: return a;
564: }
565:
566:
567: int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p)
568: {
569: SMB_ACL_T acl_d;
570: SMB_ACL_ENTRY_T entry_d;
571:
572: if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) {
573: errno = EINVAL;
574: return -1;
575: }
576:
577: if (acl_d->count >= acl_d->size) {
578: errno = ENOSPC;
579: return -1;
580: }
581:
582: entry_d = &acl_d->acl[acl_d->count++];
583: entry_d->a_type = 0;
584: entry_d->a_id = -1;
585: entry_d->a_perm = 0;
586: *entry_p = entry_d;
587:
588: return 0;
589: }
590:
591: int sys_acl_set_info(SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tag_type, uint32 bits, id_t u_g_id)
592: {
593: entry->a_type = tag_type;
594:
595: if (tag_type == SMB_ACL_USER || tag_type == SMB_ACL_GROUP)
596: entry->a_id = u_g_id;
597:
598: entry->a_perm = bits;
599:
600: return 0;
601: }
602:
603: int sys_acl_set_access_bits(SMB_ACL_ENTRY_T entry_d, uint32 bits)
604: {
605: entry_d->a_perm = bits;
606: return 0;
607: }
608:
609: /*
610: * sort the ACL and check it for validity
611: *
612: * if it's a minimal ACL with only 4 entries then we
613: * need to recalculate the mask permissions to make
614: * sure that they are the same as the GROUP_OBJ
615: * permissions as required by the UnixWare acl() system call.
616: *
617: * (note: since POSIX allows minimal ACLs which only contain
618: * 3 entries - ie there is no mask entry - we should, in theory,
619: * check for this and add a mask entry if necessary - however
620: * we "know" that the caller of this interface always specifies
621: * a mask so, in practice "this never happens" (tm) - if it *does*
622: * happen aclsort() will fail and return an error and someone will
623: * have to fix it ...)
624: */
625:
626: static int acl_sort(SMB_ACL_T acl_d)
627: {
628: int fixmask = (acl_d->count <= 4);
629:
630: if (aclsort(acl_d->count, fixmask, acl_d->acl) != 0) {
631: errno = EINVAL;
632: return -1;
633: }
634: return 0;
635: }
636:
637: int sys_acl_valid(SMB_ACL_T acl_d)
638: {
639: return acl_sort(acl_d);
640: }
641:
642: int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d)
643: {
644: struct stat s;
645: struct acl *acl_p;
646: int acl_count;
647: struct acl *acl_buf = NULL;
648: int ret;
649:
650: if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) {
651: errno = EINVAL;
652: return -1;
653: }
654:
655: if (acl_sort(acl_d) != 0) {
656: return -1;
657: }
658:
659: acl_p = &acl_d->acl[0];
660: acl_count = acl_d->count;
661:
662: /*
663: * if it's a directory there is extra work to do
664: * since the acl() system call will replace both
665: * the access ACLs and the default ACLs (if any)
666: */
667: if (stat(name, &s) != 0) {
668: return -1;
669: }
670: if (S_ISDIR(s.st_mode)) {
671: SMB_ACL_T acc_acl;
672: SMB_ACL_T def_acl;
673: SMB_ACL_T tmp_acl;
674: int i;
675:
676: if (type == SMB_ACL_TYPE_ACCESS) {
677: acc_acl = acl_d;
678: def_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_DEFAULT);
679:
680: } else {
681: def_acl = acl_d;
682: acc_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_ACCESS);
683: }
684:
685: if (tmp_acl == NULL) {
686: return -1;
687: }
688:
689: /*
690: * allocate a temporary buffer for the complete ACL
691: */
692: acl_count = acc_acl->count + def_acl->count;
693: acl_p = acl_buf = SMB_MALLOC_ARRAY(struct acl, acl_count);
694:
695: if (acl_buf == NULL) {
696: sys_acl_free_acl(tmp_acl);
697: errno = ENOMEM;
698: return -1;
699: }
700:
701: /*
702: * copy the access control and default entries into the buffer
703: */
704: memcpy(&acl_buf[0], &acc_acl->acl[0],
705: acc_acl->count * sizeof(acl_buf[0]));
706:
707: memcpy(&acl_buf[acc_acl->count], &def_acl->acl[0],
708: def_acl->count * sizeof(acl_buf[0]));
709:
710: /*
711: * set the ACL_DEFAULT flag on the default entries
712: */
713: for (i = acc_acl->count; i < acl_count; i++) {
714: acl_buf[i].a_type |= ACL_DEFAULT;
715: }
716:
717: sys_acl_free_acl(tmp_acl);
718:
719: } else if (type != SMB_ACL_TYPE_ACCESS) {
720: errno = EINVAL;
721: return -1;
722: }
723:
724: ret = acl(name, SETACL, acl_count, acl_p);
725:
726: SAFE_FREE(acl_buf);
727:
728: return ret;
729: }
730:
731: #if 0
732: int sys_acl_set_fd(int fd, SMB_ACL_T acl_d)
733: {
734: if (acl_sort(acl_d) != 0) {
735: return -1;
736: }
737:
738: return facl(fd, SETACL, acl_d->count, &acl_d->acl[0]);
739: }
740: #endif
741:
742: int sys_acl_delete_def_file(const char *path)
743: {
744: SMB_ACL_T acl_d;
745: int ret;
746:
747: /*
748: * fetching the access ACL and rewriting it has
749: * the effect of deleting the default ACL
750: */
751: if ((acl_d = sys_acl_get_file(path, SMB_ACL_TYPE_ACCESS)) == NULL) {
752: return -1;
753: }
754:
755: ret = acl(path, SETACL, acl_d->count, acl_d->acl);
756:
757: sys_acl_free_acl(acl_d);
758:
759: return ret;
760: }
761:
762: int sys_acl_free_acl(SMB_ACL_T acl_d)
763: {
764: SAFE_FREE(acl_d);
765: return 0;
766: }
767:
768: #elif defined(HAVE_HPUX_ACLS) /*---------------------------------------------*/
769:
770: #include <dl.h>
771:
772: /*
773: * Based on the Solaris/SCO code - with modifications.
774: */
775:
776: /*
777: * Note that while this code implements sufficient functionality
778: * to support the sys_acl_* interfaces it does not provide all
779: * of the semantics of the POSIX ACL interfaces.
780: *
781: * In particular, an ACL entry descriptor (SMB_ACL_ENTRY_T) returned
782: * from a call to sys_acl_get_entry() should not be assumed to be
783: * valid after calling any of the following functions, which may
784: * reorder the entries in the ACL.
785: *
786: * sys_acl_valid()
787: * sys_acl_set_file()
788: * sys_acl_set_fd()
789: */
790:
791: /* This checks if the POSIX ACL system call is defined */
792: /* which basically corresponds to whether JFS 3.3 or */
793: /* higher is installed. If acl() was called when it */
794: /* isn't defined, it causes the process to core dump */
795: /* so it is important to check this and avoid acl() */
796: /* calls if it isn't there. */
797:
798: static BOOL hpux_acl_call_presence(void)
799: {
800:
801: shl_t handle = NULL;
802: void *value;
803: int ret_val=0;
804: static BOOL already_checked=0;
805:
806: if(already_checked)
807: return True;
808:
809:
810: ret_val = shl_findsym(&handle, "acl", TYPE_PROCEDURE, &value);
811:
812: if(ret_val != 0) {
813: DEBUG(5, ("hpux_acl_call_presence: shl_findsym() returned %d, errno = %d, error %s\n",
814: ret_val, errno, strerror(errno)));
815: DEBUG(5,("hpux_acl_call_presence: acl() system call is not present. Check if you have JFS 3.3 and above?\n"));
816: return False;
817: }
818:
819: DEBUG(10,("hpux_acl_call_presence: acl() system call is present. We have JFS 3.3 or above \n"));
820:
821: already_checked = True;
822: return True;
823: }
824:
825: int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p)
826: {
827: if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) {
828: errno = EINVAL;
829: return -1;
830: }
831:
832: if (entry_p == NULL) {
833: errno = EINVAL;
834: return -1;
835: }
836:
837: if (entry_id == SMB_ACL_FIRST_ENTRY) {
838: acl_d->next = 0;
839: }
840:
841: if (acl_d->next < 0) {
842: errno = EINVAL;
843: return -1;
844: }
845:
846: if (acl_d->next >= acl_d->count) {
847: return 0;
848: }
849:
850: *entry_p = &acl_d->acl[acl_d->next++];
851:
852: return 1;
853: }
854:
855: int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p)
856: {
857: *type_p = entry_d->a_type;
858:
859: return 0;
860: }
861:
862: /*
863: * There is no way of knowing what size the ACL returned by
864: * ACL_GET will be unless you first call ACL_CNT which means
865: * making an additional system call.
866: *
867: * In the hope of avoiding the cost of the additional system
868: * call in most cases, we initially allocate enough space for
869: * an ACL with INITIAL_ACL_SIZE entries. If this turns out to
870: * be too small then we use ACL_CNT to find out the actual
871: * size, reallocate the ACL buffer, and then call ACL_GET again.
872: */
873:
874: #define INITIAL_ACL_SIZE 16
875:
876: SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type)
877: {
878: SMB_ACL_T acl_d;
879: int count; /* # of ACL entries allocated */
880: int naccess; /* # of access ACL entries */
881: int ndefault; /* # of default ACL entries */
882:
883: if(hpux_acl_call_presence() == False) {
884: /* Looks like we don't have the acl() system call on HPUX.
885: * May be the system doesn't have the latest version of JFS.
886: */
887: return NULL;
888: }
889:
890: if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) {
891: errno = EINVAL;
892: return NULL;
893: }
894:
895: count = INITIAL_ACL_SIZE;
896: if ((acl_d = sys_acl_init(count)) == NULL) {
897: return NULL;
898: }
899:
900: /*
901: * If there isn't enough space for the ACL entries we use
902: * ACL_CNT to determine the actual number of ACL entries
903: * reallocate and try again. This is in a loop because it
904: * is possible that someone else could modify the ACL and
905: * increase the number of entries between the call to
906: * ACL_CNT and the call to ACL_GET.
907: */
908: while ((count = acl(path_p, ACL_GET, count, &acl_d->acl[0])) < 0 && errno == ENOSPC) {
909:
910: sys_acl_free_acl(acl_d);
911:
912: if ((count = acl(path_p, ACL_CNT, 0, NULL)) < 0) {
913: return NULL;
914: }
915:
916: if ((acl_d = sys_acl_init(count)) == NULL) {
917: return NULL;
918: }
919: }
920:
921: if (count < 0) {
922: sys_acl_free_acl(acl_d);
923: return NULL;
924: }
925:
926: /*
927: * calculate the number of access and default ACL entries
928: *
929: * Note: we assume that the acl() system call returned a
930: * well formed ACL which is sorted so that all of the
931: * access ACL entries preceed any default ACL entries
932: */
933: for (naccess = 0; naccess < count; naccess++) {
934: if (acl_d->acl[naccess].a_type & ACL_DEFAULT)
935: break;
936: }
937: ndefault = count - naccess;
938:
939: /*
940: * if the caller wants the default ACL we have to copy
941: * the entries down to the start of the acl[] buffer
942: * and mask out the ACL_DEFAULT flag from the type field
943: */
944: if (type == SMB_ACL_TYPE_DEFAULT) {
945: int i, j;
946:
947: for (i = 0, j = naccess; i < ndefault; i++, j++) {
948: acl_d->acl[i] = acl_d->acl[j];
949: acl_d->acl[i].a_type &= ~ACL_DEFAULT;
950: }
951:
952: acl_d->count = ndefault;
953: } else {
954: acl_d->count = naccess;
955: }
956:
957: return acl_d;
958: }
959:
960: #if 0
961: SMB_ACL_T sys_acl_get_fd(int fd)
962: {
963: /*
964: * HPUX doesn't have the facl call. Fake it using the path.... JRA.
965: */
966:
967: files_struct *fsp = file_find_fd(fd);
968:
969: if (fsp == NULL) {
970: errno = EBADF;
971: return NULL;
972: }
973:
974: /*
975: * We know we're in the same conn context. So we
976: * can use the relative path.
977: */
978:
979: return sys_acl_get_file(fsp->fsp_name, SMB_ACL_TYPE_ACCESS);
980: }
981: #endif
982:
983: int sys_acl_get_info(SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T *tag_type_p, uint32 *bits_p, id_t *u_g_id_p)
984: {
985: *tag_type_p = entry->a_type;
986:
987: *bits_p = entry->a_perm;
988:
989: if (*tag_type_p == SMB_ACL_USER || *tag_type_p == SMB_ACL_GROUP)
990: *u_g_id_p = entry->a_id;
991:
992: return 0;
993: }
994:
995: SMB_ACL_T sys_acl_init(int count)
996: {
997: SMB_ACL_T a;
998:
999: if (count < 0) {
1000: errno = EINVAL;
1001: return NULL;
1002: }
1003:
1004: /*
1005: * note that since the definition of the structure pointed
1006: * to by the SMB_ACL_T includes the first element of the
1007: * acl[] array, this actually allocates an ACL with room
1008: * for (count+1) entries
1009: */
1010: if ((a = (SMB_ACL_T)SMB_MALLOC(sizeof a[0] + count * sizeof(struct acl))) == NULL) {
1011: errno = ENOMEM;
1012: return NULL;
1013: }
1014:
1015: a->size = count + 1;
1016: a->count = 0;
1017: a->next = -1;
1018:
1019: return a;
1020: }
1021:
1022:
1023: int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p)
1024: {
1025: SMB_ACL_T acl_d;
1026: SMB_ACL_ENTRY_T entry_d;
1027:
1028: if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) {
1029: errno = EINVAL;
1030: return -1;
1031: }
1032:
1033: if (acl_d->count >= acl_d->size) {
1034: errno = ENOSPC;
1035: return -1;
1036: }
1037:
1038: entry_d = &acl_d->acl[acl_d->count++];
1039: entry_d->a_type = 0;
1040: entry_d->a_id = -1;
1041: entry_d->a_perm = 0;
1042: *entry_p = entry_d;
1043:
1044: return 0;
1045: }
1046:
1047: int sys_acl_set_info(SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tag_type, uint32 bits, id_t u_g_id)
1048: {
1049: entry->a_type = tag_type;
1050:
1051: if (tag_type == SMB_ACL_USER || tag_type == SMB_ACL_GROUP)
1052: entry->a_id = u_g_id;
1053:
1054: entry->a_perm = bits;
1055:
1056: return 0;
1057: }
1058:
1059: int sys_acl_set_access_bits(SMB_ACL_ENTRY_T entry_d, uint32 bits)
1060: {
1061: entry_d->a_perm = bits;
1062:
1063: return 0;
1064: }
1065:
1066: /* Structure to capture the count for each type of ACE. */
1067:
1068: struct hpux_acl_types {
1069: int n_user;
1070: int n_def_user;
1071: int n_user_obj;
1072: int n_def_user_obj;
1073:
1074: int n_group;
1075: int n_def_group;
1076: int n_group_obj;
1077: int n_def_group_obj;
1078:
1079: int n_other;
1080: int n_other_obj;
1081: int n_def_other_obj;
1082:
1083: int n_class_obj;
1084: int n_def_class_obj;
1085:
1086: int n_illegal_obj;
1087: };
1088:
1089: /* count_obj:
1090: * Counts the different number of objects in a given array of ACL
1091: * structures.
1092: * Inputs:
1093: *
1094: * acl_count - Count of ACLs in the array of ACL strucutres.
1095: * aclp - Array of ACL structures.
1096: * acl_type_count - Pointer to acl_types structure. Should already be
1097: * allocated.
1098: * Output:
1099: *
1100: * acl_type_count - This structure is filled up with counts of various
1101: * acl types.
1102: */
1103:
1104: static void hpux_count_obj(int acl_count, struct acl *aclp, struct hpux_acl_types *acl_type_count)
1105: {
1106: int i;
1107:
1108: memset(acl_type_count, 0, sizeof(struct hpux_acl_types));
1109:
1110: for(i=0;i<acl_count;i++) {
1111: switch(aclp[i].a_type) {
1112: case USER:
1113: acl_type_count->n_user++;
1114: break;
1115: case USER_OBJ:
1116: acl_type_count->n_user_obj++;
1117: break;
1118: case DEF_USER_OBJ:
1119: acl_type_count->n_def_user_obj++;
1120: break;
1121: case GROUP:
1122: acl_type_count->n_group++;
1123: break;
1124: case GROUP_OBJ:
1125: acl_type_count->n_group_obj++;
1126: break;
1127: case DEF_GROUP_OBJ:
1128: acl_type_count->n_def_group_obj++;
1129: break;
1130: case OTHER_OBJ:
1131: acl_type_count->n_other_obj++;
1132: break;
1133: case DEF_OTHER_OBJ:
1134: acl_type_count->n_def_other_obj++;
1135: break;
1136: case CLASS_OBJ:
1137: acl_type_count->n_class_obj++;
1138: break;
1139: case DEF_CLASS_OBJ:
1140: acl_type_count->n_def_class_obj++;
1141: break;
1142: case DEF_USER:
1143: acl_type_count->n_def_user++;
1144: break;
1145: case DEF_GROUP:
1146: acl_type_count->n_def_group++;
1147: break;
1148: default:
1149: acl_type_count->n_illegal_obj++;
1150: break;
1151: }
1152: }
1153: }
1154:
1155: /* swap_acl_entries: Swaps two ACL entries.
1156: *
1157: * Inputs: aclp0, aclp1 - ACL entries to be swapped.
1158: */
1159:
1160: static void hpux_swap_acl_entries(struct acl *aclp0, struct acl *aclp1)
1161: {
1162: struct acl temp_acl;
1163:
1164: temp_acl.a_type = aclp0->a_type;
1165: temp_acl.a_id = aclp0->a_id;
1166: temp_acl.a_perm = aclp0->a_perm;
1167:
1168: aclp0->a_type = aclp1->a_type;
1169: aclp0->a_id = aclp1->a_id;
1170: aclp0->a_perm = aclp1->a_perm;
1171:
1172: aclp1->a_type = temp_acl.a_type;
1173: aclp1->a_id = temp_acl.a_id;
1174: aclp1->a_perm = temp_acl.a_perm;
1175: }
1176:
1177: /* prohibited_duplicate_type
1178: * Identifies if given ACL type can have duplicate entries or
1179: * not.
1180: *
1181: * Inputs: acl_type - ACL Type.
1182: *
1183: * Outputs:
1184: *
1185: * Return..
1186: *
1187: * True - If the ACL type matches any of the prohibited types.
1188: * False - If the ACL type doesn't match any of the prohibited types.
1189: */
1190:
1191: static BOOL hpux_prohibited_duplicate_type(int acl_type)
1192: {
1193: switch(acl_type) {
1194: case USER:
1195: case GROUP:
1196: case DEF_USER:
1197: case DEF_GROUP:
1198: return True;
1199: default:
1200: return False;
1201: }
1202: }
1203:
1204: /* get_needed_class_perm
1205: * Returns the permissions of a ACL structure only if the ACL
1206: * type matches one of the pre-determined types for computing
1207: * CLASS_OBJ permissions.
1208: *
1209: * Inputs: aclp - Pointer to ACL structure.
1210: */
1211:
1212: static int hpux_get_needed_class_perm(struct acl *aclp)
1213: {
1214: switch(aclp->a_type) {
1215: case USER:
1216: case GROUP_OBJ:
1217: case GROUP:
1218: case DEF_USER_OBJ:
1219: case DEF_USER:
1220: case DEF_GROUP_OBJ:
1221: case DEF_GROUP:
1222: case DEF_CLASS_OBJ:
1223: case DEF_OTHER_OBJ:
1224: return aclp->a_perm;
1225: default:
1226: return 0;
1227: }
1228: }
1229:
1230: /* acl_sort for HPUX.
1231: * Sorts the array of ACL structures as per the description in
1232: * aclsort man page. Refer to aclsort man page for more details
1233: *
1234: * Inputs:
1235: *
1236: * acl_count - Count of ACLs in the array of ACL structures.
1237: * calclass - If this is not zero, then we compute the CLASS_OBJ
1238: * permissions.
1239: * aclp - Array of ACL structures.
1240: *
1241: * Outputs:
1242: *
1243: * aclp - Sorted array of ACL structures.
1244: *
1245: * Outputs:
1246: *
1247: * Returns 0 for success -1 for failure. Prints a message to the Samba
1248: * debug log in case of failure.
1249: */
1250:
1251: static int hpux_acl_sort(int acl_count, int calclass, struct acl *aclp)
1252: {
1253: #if !defined(HAVE_HPUX_ACLSORT)
1254: /*
1255: * The aclsort() system call is availabe on the latest HPUX General
1256: * Patch Bundles. So for HPUX, we developed our version of acl_sort
1257: * function. Because, we don't want to update to a new
1258: * HPUX GR bundle just for aclsort() call.
1259: */
1260:
1261: struct hpux_acl_types acl_obj_count;
1262: int n_class_obj_perm = 0;
1263: int i, j;
1264:
1265: if(!acl_count) {
1266: DEBUG(10,("Zero acl count passed. Returning Success\n"));
1267: return 0;
1268: }
1269:
1270: if(aclp == NULL) {
1271: DEBUG(0,("Null ACL pointer in hpux_acl_sort. Returning Failure. \n"));
1272: return -1;
1273: }
1274:
1275: /* Count different types of ACLs in the ACLs array */
1276:
1277: hpux_count_obj(acl_count, aclp, &acl_obj_count);
1278:
1279: /* There should be only one entry each of type USER_OBJ, GROUP_OBJ,
1280: * CLASS_OBJ and OTHER_OBJ
1281: */
1282:
1283: if( (acl_obj_count.n_user_obj != 1) ||
1284: (acl_obj_count.n_group_obj != 1) ||
1285: (acl_obj_count.n_class_obj != 1) ||
1286: (acl_obj_count.n_other_obj != 1)
1287: ) {
1288: DEBUG(0,("hpux_acl_sort: More than one entry or no entries for \
1289: USER OBJ or GROUP_OBJ or OTHER_OBJ or CLASS_OBJ\n"));
1290: return -1;
1291: }
1292:
1293: /* If any of the default objects are present, there should be only
1294: * one of them each.
1295: */
1296:
1297: if( (acl_obj_count.n_def_user_obj > 1) || (acl_obj_count.n_def_group_obj > 1) ||
1298: (acl_obj_count.n_def_other_obj > 1) || (acl_obj_count.n_def_class_obj > 1) ) {
1299: DEBUG(0,("hpux_acl_sort: More than one entry for DEF_CLASS_OBJ \
1300: or DEF_USER_OBJ or DEF_GROUP_OBJ or DEF_OTHER_OBJ\n"));
1301: return -1;
1302: }
1303:
1304: /* We now have proper number of OBJ and DEF_OBJ entries. Now sort the acl
1305: * structures.
1306: *
1307: * Sorting crieteria - First sort by ACL type. If there are multiple entries of
1308: * same ACL type, sort by ACL id.
1309: *
1310: * I am using the trival kind of sorting method here because, performance isn't
1311: * really effected by the ACLs feature. More over there aren't going to be more
1312: * than 17 entries on HPUX.
1313: */
1314:
1315: for(i=0; i<acl_count;i++) {
1316: for (j=i+1; j<acl_count; j++) {
1317: if( aclp[i].a_type > aclp[j].a_type ) {
1318: /* ACL entries out of order, swap them */
1319:
1320: hpux_swap_acl_entries((aclp+i), (aclp+j));
1321:
1322: } else if ( aclp[i].a_type == aclp[j].a_type ) {
1323:
1324: /* ACL entries of same type, sort by id */
1325:
1326: if(aclp[i].a_id > aclp[j].a_id) {
1327: hpux_swap_acl_entries((aclp+i), (aclp+j));
1328: } else if (aclp[i].a_id == aclp[j].a_id) {
1329: /* We have a duplicate entry. */
1330: if(hpux_prohibited_duplicate_type(aclp[i].a_type)) {
1331: DEBUG(0, ("hpux_acl_sort: Duplicate entry: Type(hex): %x Id: %d\n",
1332: aclp[i].a_type, aclp[i].a_id));
1333: return -1;
1334: }
1335: }
1336:
1337: }
1338: }
1339: }
1340:
1341: /* set the class obj permissions to the computed one. */
1342: if(calclass) {
1343: int n_class_obj_index = -1;
1344:
1345: for(i=0;i<acl_count;i++) {
1346: n_class_obj_perm |= hpux_get_needed_class_perm((aclp+i));
1347:
1348: if(aclp[i].a_type == CLASS_OBJ)
1349: n_class_obj_index = i;
1350: }
1351: aclp[n_class_obj_index].a_perm = n_class_obj_perm;
1352: }
1353:
1354: return 0;
1355: #else
1356: return aclsort(acl_count, calclass, aclp);
1357: #endif
1358: }
1359:
1360: /*
1361: * sort the ACL and check it for validity
1362: *
1363: * if it's a minimal ACL with only 4 entries then we
1364: * need to recalculate the mask permissions to make
1365: * sure that they are the same as the GROUP_OBJ
1366: * permissions as required by the UnixWare acl() system call.
1367: *
1368: * (note: since POSIX allows minimal ACLs which only contain
1369: * 3 entries - ie there is no mask entry - we should, in theory,
1370: * check for this and add a mask entry if necessary - however
1371: * we "know" that the caller of this interface always specifies
1372: * a mask so, in practice "this never happens" (tm) - if it *does*
1373: * happen aclsort() will fail and return an error and someone will
1374: * have to fix it ...)
1375: */
1376:
1377: static int acl_sort(SMB_ACL_T acl_d)
1378: {
1379: int fixmask = (acl_d->count <= 4);
1380:
1381: if (hpux_acl_sort(acl_d->count, fixmask, acl_d->acl) != 0) {
1382: errno = EINVAL;
1383: return -1;
1384: }
1385: return 0;
1386: }
1387:
1388: int sys_acl_valid(SMB_ACL_T acl_d)
1389: {
1390: return acl_sort(acl_d);
1391: }
1392:
1393: int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d)
1394: {
1395: struct stat s;
1396: struct acl *acl_p;
1397: int acl_count;
1398: struct acl *acl_buf = NULL;
1399: int ret;
1400:
1401: if(hpux_acl_call_presence() == False) {
1402: /* Looks like we don't have the acl() system call on HPUX.
1403: * May be the system doesn't have the latest version of JFS.
1404: */
1405: errno=ENOSYS;
1406: return -1;
1407: }
1408:
1409: if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) {
1410: errno = EINVAL;
1411: return -1;
1412: }
1413:
1414: if (acl_sort(acl_d) != 0) {
1415: return -1;
1416: }
1417:
1418: acl_p = &acl_d->acl[0];
1419: acl_count = acl_d->count;
1420:
1421: /*
1422: * if it's a directory there is extra work to do
1423: * since the acl() system call will replace both
1424: * the access ACLs and the default ACLs (if any)
1425: */
1426: if (stat(name, &s) != 0) {
1427: return -1;
1428: }
1429: if (S_ISDIR(s.st_mode)) {
1430: SMB_ACL_T acc_acl;
1431: SMB_ACL_T def_acl;
1432: SMB_ACL_T tmp_acl;
1433: int i;
1434:
1435: if (type == SMB_ACL_TYPE_ACCESS) {
1436: acc_acl = acl_d;
1437: def_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_DEFAULT);
1438:
1439: } else {
1440: def_acl = acl_d;
1441: acc_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_ACCESS);
1442: }
1443:
1444: if (tmp_acl == NULL) {
1445: return -1;
1446: }
1447:
1448: /*
1449: * allocate a temporary buffer for the complete ACL
1450: */
1451: acl_count = acc_acl->count + def_acl->count;
1452: acl_p = acl_buf = SMB_MALLOC_ARRAY(struct acl, acl_count);
1453:
1454: if (acl_buf == NULL) {
1455: sys_acl_free_acl(tmp_acl);
1456: errno = ENOMEM;
1457: return -1;
1458: }
1459:
1460: /*
1461: * copy the access control and default entries into the buffer
1462: */
1463: memcpy(&acl_buf[0], &acc_acl->acl[0],
1464: acc_acl->count * sizeof(acl_buf[0]));
1465:
1466: memcpy(&acl_buf[acc_acl->count], &def_acl->acl[0],
1467: def_acl->count * sizeof(acl_buf[0]));
1468:
1469: /*
1470: * set the ACL_DEFAULT flag on the default entries
1471: */
1472: for (i = acc_acl->count; i < acl_count; i++) {
1473: acl_buf[i].a_type |= ACL_DEFAULT;
1474: }
1475:
1476: sys_acl_free_acl(tmp_acl);
1477:
1478: } else if (type != SMB_ACL_TYPE_ACCESS) {
1479: errno = EINVAL;
1480: return -1;
1481: }
1482:
1483: ret = acl(name, ACL_SET, acl_count, acl_p);
1484:
1485: if (acl_buf) {
1486: free(acl_buf);
1487: }
1488:
1489: return ret;
1490: }
1491:
1492: #if 0
1493: int sys_acl_set_fd(int fd, SMB_ACL_T acl_d)
1494: {
1495: /*
1496: * HPUX doesn't have the facl call. Fake it using the path.... JRA.
1497: */
1498:
1499: files_struct *fsp = file_find_fd(fd);
1500:
1501: if (fsp == NULL) {
1502: errno = EBADF;
1503: return NULL;
1504: }
1505:
1506: if (acl_sort(acl_d) != 0) {
1507: return -1;
1508: }
1509:
1510: /*
1511: * We know we're in the same conn context. So we
1512: * can use the relative path.
1513: */
1514:
1515: return sys_acl_set_file(fsp->fsp_name, SMB_ACL_TYPE_ACCESS, acl_d);
1516: }
1517: #endif
1518:
1519: int sys_acl_delete_def_file(const char *path)
1520: {
1521: SMB_ACL_T acl_d;
1522: int ret;
1523:
1524: /*
1525: * fetching the access ACL and rewriting it has
1526: * the effect of deleting the default ACL
1527: */
1528: if ((acl_d = sys_acl_get_file(path, SMB_ACL_TYPE_ACCESS)) == NULL) {
1529: return -1;
1530: }
1531:
1532: ret = acl(path, ACL_SET, acl_d->count, acl_d->acl);
1533:
1534: sys_acl_free_acl(acl_d);
1535:
1536: return ret;
1537: }
1538:
1539: int sys_acl_free_acl(SMB_ACL_T acl_d)
1540: {
1541: free(acl_d);
1542: return 0;
1543: }
1544:
1545: #elif defined(HAVE_IRIX_ACLS) /*---------------------------------------------*/
1546:
1547: int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p)
1548: {
1549: if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) {
1550: errno = EINVAL;
1551: return -1;
1552: }
1553:
1554: if (entry_p == NULL) {
1555: errno = EINVAL;
1556: return -1;
1557: }
1558:
1559: if (entry_id == SMB_ACL_FIRST_ENTRY) {
1560: acl_d->next = 0;
1561: }
1562:
1563: if (acl_d->next < 0) {
1564: errno = EINVAL;
1565: return -1;
1566: }
1567:
1568: if (acl_d->next >= acl_d->aclp->acl_cnt) {
1569: return 0;
1570: }
1571:
1572: *entry_p = &acl_d->aclp->acl_entry[acl_d->next++];
1573:
1574: return 1;
1575: }
1576:
1577: int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p)
1578: {
1579: *type_p = entry_d->ae_tag;
1580:
1581: return 0;
1582: }
1583:
1584: SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type)
1585: {
1586: SMB_ACL_T a;
1587:
1588: if ((a = SMB_MALLOC_P(struct SMB_ACL_T)) == NULL) {
1589: errno = ENOMEM;
1590: return NULL;
1591: }
1592: if ((a->aclp = acl_get_file(path_p, type)) == NULL) {
1593: SAFE_FREE(a);
1594: return NULL;
1595: }
1596: a->next = -1;
1597: a->freeaclp = True;
1598: return a;
1599: }
1600:
1601: #if 0
1602: SMB_ACL_T sys_acl_get_fd(int fd)
1603: {
1604: SMB_ACL_T a;
1605:
1606: if ((a = SMB_MALLOC_P(struct SMB_ACL_T)) == NULL) {
1607: errno = ENOMEM;
1608: return NULL;
1609: }
1610: if ((a->aclp = acl_get_fd(fd)) == NULL) {
1611: SAFE_FREE(a);
1612: return NULL;
1613: }
1614: a->next = -1;
1615: a->freeaclp = True;
1616: return a;
1617: }
1618: #endif
1619:
1620: int sys_acl_get_info(SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T *tag_type_p, uint32 *bits_p, id_t *u_g_id_p)
1621: {
1622: *tag_type_p = entry->ae_tag;
1623:
1624: *bits_p = entry->ae_perm;
1625:
1626: if (*tag_type_p == SMB_ACL_USER || *tag_type_p == SMB_ACL_GROUP)
1627: *u_g_id_p = entry->ae_id;
1628:
1629: return 0;
1630: }
1631:
1632: SMB_ACL_T sys_acl_init(int count)
1633: {
1634: SMB_ACL_T a;
1635:
1636: if (count < 0) {
1637: errno = EINVAL;
1638: return NULL;
1639: }
1640:
1641: if ((a = (SMB_ACL_T)SMB_MALLOC(sizeof a[0] + sizeof (struct acl))) == NULL) {
1642: errno = ENOMEM;
1643: return NULL;
1644: }
1645:
1646: a->next = -1;
1647: a->freeaclp = False;
1648: a->aclp = (struct acl *)((char *)a + sizeof a[0]);
1649: a->aclp->acl_cnt = 0;
1650:
1651: return a;
1652: }
1653:
1654:
1655: int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p)
1656: {
1657: SMB_ACL_T acl_d;
1658: SMB_ACL_ENTRY_T entry_d;
1659:
1660: if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) {
1661: errno = EINVAL;
1662: return -1;
1663: }
1664:
1665: if (acl_d->aclp->acl_cnt >= ACL_MAX_ENTRIES) {
1666: errno = ENOSPC;
1667: return -1;
1668: }
1669:
1670: entry_d = &acl_d->aclp->acl_entry[acl_d->aclp->acl_cnt++];
1671: entry_d->ae_tag = 0;
1672: entry_d->ae_id = 0;
1673: entry_d->ae_perm = 0;
1674: *entry_p = entry_d;
1675:
1676: return 0;
1677: }
1678:
1679: int sys_acl_set_info(SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tag_type, uint32 bits, id_t u_g_id)
1680: {
1681: entry->ae_tag = tag_type;
1682:
1683: if (tag_type == SMB_ACL_USER || tag_type == SMB_ACL_GROUP)
1684: entry->ae_id = u_g_id;
1685:
1686: entry->ae_perm = bits;
1687:
1688: return 0;
1689: }
1690:
1691: int sys_acl_set_access_bits(SMB_ACL_ENTRY_T entry_d, uint32 bits)
1692: {
1693: entry_d->ae_perm = bits;
1694:
1695: return 0;
1696: }
1697:
1698: int sys_acl_valid(SMB_ACL_T acl_d)
1699: {
1700: return acl_valid(acl_d->aclp);
1701: }
1702:
1703: int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d)
1704: {
1705: return acl_set_file(name, type, acl_d->aclp);
1706: }
1707:
1708: #if 0
1709: int sys_acl_set_fd(int fd, SMB_ACL_T acl_d)
1710: {
1711: return acl_set_fd(fd, acl_d->aclp);
1712: }
1713: #endif
1714:
1715: int sys_acl_delete_def_file(const char *name)
1716: {
1717: return acl_delete_def_file(name);
1718: }
1719:
1720: int sys_acl_free_acl(SMB_ACL_T acl_d)
1721: {
1722: if (acl_d->freeaclp) {
1723: acl_free(acl_d->aclp);
1724: }
1725: acl_free(acl_d);
1726: return 0;
1727: }
1728:
1729: #elif defined(HAVE_AIX_ACLS) /*----------------------------------------------*/
1730:
1731: /* Donated by Medha Date, mdate@austin.ibm.com, for IBM */
1732:
1733: int sys_acl_get_entry( SMB_ACL_T theacl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
1734: {
1735: struct acl_entry_link *link;
1736: struct new_acl_entry *entry;
1737: int keep_going;
1738:
1739: if (entry_id == SMB_ACL_FIRST_ENTRY)
1740: theacl->count = 0;
1741: else if (entry_id != SMB_ACL_NEXT_ENTRY) {
1742: errno = EINVAL;
1743: return -1;
1744: }
1745:
1746: DEBUG(10,("This is the count: %d\n",theacl->count));
1747:
1748: /* Check if count was previously set to -1. *
1749: * If it was, that means we reached the end *
1750: * of the acl last time. */
1751: if(theacl->count == -1)
1752: return(0);
1753:
1754: link = theacl;
1755: /* To get to the next acl, traverse linked list until index *
1756: * of acl matches the count we are keeping. This count is *
1757: * incremented each time we return an acl entry. */
1758:
1759: for(keep_going = 0; keep_going < theacl->count; keep_going++)
1760: link = link->nextp;
1761:
1762: entry = *entry_p = link->entryp;
1763:
1764: DEBUG(10,("*entry_p is %d\n",entry_p));
1765: DEBUG(10,("*entry_p->ace_access is %d\n",entry->ace_access));
1766:
1767: /* Increment count */
1768: theacl->count++;
1769: if(link->nextp == NULL)
1770: theacl->count = -1;
1771:
1772: return(1);
1773: }
1774:
1775: int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
1776: {
1777: /* Initialize tag type */
1778:
1779: *tag_type_p = -1;
1780: DEBUG(10,("the tagtype is %d\n",entry_d->ace_id->id_type));
1781:
1782: /* Depending on what type of entry we have, *
1783: * return tag type. */
1784: switch(entry_d->ace_id->id_type) {
1785: case ACEID_USER:
1786: *tag_type_p = SMB_ACL_USER;
1787: break;
1788: case ACEID_GROUP:
1789: *tag_type_p = SMB_ACL_GROUP;
1790: break;
1791:
1792: case SMB_ACL_USER_OBJ:
1793: case SMB_ACL_GROUP_OBJ:
1794: case SMB_ACL_OTHER:
1795: *tag_type_p = entry_d->ace_id->id_type;
1796: break;
1797:
1798: default:
1799: return(-1);
1800: }
1801:
1802: return(0);
1803: }
1804:
1805: SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type)
1806: {
1807: struct acl *file_acl = (struct acl *)NULL;
1808: struct acl_entry *acl_entry;
1809: struct new_acl_entry *new_acl_entry;
1810: struct ace_id *idp;
1811: struct acl_entry_link *acl_entry_link;
1812: struct acl_entry_link *acl_entry_link_head;
1813: int i;
1814: int rc = 0;
1815:
1816: /* AIX has no DEFAULT */
1817: if ( type == SMB_ACL_TYPE_DEFAULT ) {
1818: #ifdef ENOTSUP
1819: errno = ENOTSUP;
1820: #else
1821: errno = ENOSYS;
1822: #endif
1823: return NULL;
1824: }
1825:
1826: /* Get the acl using statacl */
1827:
1828: DEBUG(10,("Entering sys_acl_get_file\n"));
1829: DEBUG(10,("path_p is %s\n",path_p));
1830:
1831: file_acl = (struct acl *)SMB_MALLOC(BUFSIZ);
1832:
1833: if(file_acl == NULL) {
1834: errno=ENOMEM;
1835: DEBUG(0,("Error in AIX sys_acl_get_file: %d\n",errno));
1836: return(NULL);
1837: }
1838:
1839: memset(file_acl,0,BUFSIZ);
1840:
1841: rc = statacl((char *)path_p,0,file_acl,BUFSIZ);
1842: if(rc == -1) {
1843: DEBUG(0,("statacl returned %d with errno %d\n",rc,errno));
1844: SAFE_FREE(file_acl);
1845: return(NULL);
1846: }
1847:
1848: DEBUG(10,("Got facl and returned it\n"));
1849:
1850: /* Point to the first acl entry in the acl */
1851: acl_entry = file_acl->acl_ext;
1852:
1853: /* Begin setting up the head of the linked list *
1854: * that will be used for the storing the acl *
1855: * in a way that is useful for the posix_acls.c *
1856: * code. */
1857:
1858: acl_entry_link_head = acl_entry_link = sys_acl_init(0);
1859: if(acl_entry_link_head == NULL)
1860: return(NULL);
1861:
1862: acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry);
1863: if(acl_entry_link->entryp == NULL) {
1864: SAFE_FREE(file_acl);
1865: errno = ENOMEM;
1866: DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno));
1867: return(NULL);
1868: }
1869:
1870: DEBUG(10,("acl_entry is %d\n",acl_entry));
1871: DEBUG(10,("acl_last(file_acl) id %d\n",acl_last(file_acl)));
1872:
1873: /* Check if the extended acl bit is on. *
1874: * If it isn't, do not show the *
1875: * contents of the acl since AIX intends *
1876: * the extended info to remain unused */
1877:
1878: if(file_acl->acl_mode & S_IXACL){
1879: /* while we are not pointing to the very end */
1880: while(acl_entry < acl_last(file_acl)) {
1881: /* before we malloc anything, make sure this is */
1882: /* a valid acl entry and one that we want to map */
1883: idp = id_nxt(acl_entry->ace_id);
1884: if((acl_entry->ace_type == ACC_SPECIFY ||
1885: (acl_entry->ace_type == ACC_PERMIT)) && (idp != id_last(acl_entry))) {
1886: acl_entry = acl_nxt(acl_entry);
1887: continue;
1888: }
1889:
1890: idp = acl_entry->ace_id;
1891:
1892: /* Check if this is the first entry in the linked list. *
1893: * The first entry needs to keep prevp pointing to NULL *
1894: * and already has entryp allocated. */
1895:
1896: if(acl_entry_link_head->count != 0) {
1897: acl_entry_link->nextp = SMB_MALLOC_P(struct acl_entry_link);
1898:
1899: if(acl_entry_link->nextp == NULL) {
1900: SAFE_FREE(file_acl);
1901: errno = ENOMEM;
1902: DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno));
1903: return(NULL);
1904: }
1905:
1906: acl_entry_link->nextp->prevp = acl_entry_link;
1907: acl_entry_link = acl_entry_link->nextp;
1908: acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry);
1909: if(acl_entry_link->entryp == NULL) {
1910: SAFE_FREE(file_acl);
1911: errno = ENOMEM;
1912: DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno));
1913: return(NULL);
1914: }
1915: acl_entry_link->nextp = NULL;
1916: }
1917:
1918: acl_entry_link->entryp->ace_len = acl_entry->ace_len;
1919:
1920: /* Don't really need this since all types are going *
1921: * to be specified but, it's better than leaving it 0 */
1922:
1923: acl_entry_link->entryp->ace_type = acl_entry->ace_type;
1924:
1925: acl_entry_link->entryp->ace_access = acl_entry->ace_access;
1926:
1927: memcpy(acl_entry_link->entryp->ace_id,idp,sizeof(struct ace_id));
1928:
1929: /* The access in the acl entries must be left shifted by *
1930: * three bites, because they will ultimately be compared *
1931: * to S_IRUSR, S_IWUSR, and S_IXUSR. */
1932:
1933: switch(acl_entry->ace_type){
1934: case ACC_PERMIT:
1935: case ACC_SPECIFY:
1936: acl_entry_link->entryp->ace_access = acl_entry->ace_access;
1937: acl_entry_link->entryp->ace_access <<= 6;
1938: acl_entry_link_head->count++;
1939: break;
1940: case ACC_DENY:
1941: /* Since there is no way to return a DENY acl entry *
1942: * change to PERMIT and then shift. */
1943: DEBUG(10,("acl_entry->ace_access is %d\n",acl_entry->ace_access));
1944: acl_entry_link->entryp->ace_access = ~acl_entry->ace_access & 7;
1945: DEBUG(10,("acl_entry_link->entryp->ace_access is %d\n",acl_entry_link->entryp->ace_access));
1946: acl_entry_link->entryp->ace_access <<= 6;
1947: acl_entry_link_head->count++;
1948: break;
1949: default:
1950: return(0);
1951: }
1952:
1953: DEBUG(10,("acl_entry = %d\n",acl_entry));
1954: DEBUG(10,("The ace_type is %d\n",acl_entry->ace_type));
1955:
1956: acl_entry = acl_nxt(acl_entry);
1957: }
1958: } /* end of if enabled */
1959:
1960: /* Since owner, group, other acl entries are not *
1961: * part of the acl entries in an acl, they must *
1962: * be dummied up to become part of the list. */
1963:
1964: for( i = 1; i < 4; i++) {
1965: DEBUG(10,("i is %d\n",i));
1966: if(acl_entry_link_head->count != 0) {
1967: acl_entry_link->nextp = SMB_MALLOC_P(struct acl_entry_link);
1968: if(acl_entry_link->nextp == NULL) {
1969: SAFE_FREE(file_acl);
1970: errno = ENOMEM;
1971: DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno));
1972: return(NULL);
1973: }
1974:
1975: acl_entry_link->nextp->prevp = acl_entry_link;
1976: acl_entry_link = acl_entry_link->nextp;
1977: acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry);
1978: if(acl_entry_link->entryp == NULL) {
1979: SAFE_FREE(file_acl);
1980: errno = ENOMEM;
1981: DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno));
1982: return(NULL);
1983: }
1984: }
1985:
1986: acl_entry_link->nextp = NULL;
1987:
1988: new_acl_entry = acl_entry_link->entryp;
1989: idp = new_acl_entry->ace_id;
1990:
1991: new_acl_entry->ace_len = sizeof(struct acl_entry);
1992: new_acl_entry->ace_type = ACC_PERMIT;
1993: idp->id_len = sizeof(struct ace_id);
1994: DEBUG(10,("idp->id_len = %d\n",idp->id_len));
1995: memset(idp->id_data,0,sizeof(uid_t));
1996:
1997: switch(i) {
1998: case 2:
1999: new_acl_entry->ace_access = file_acl->g_access << 6;
2000: idp->id_type = SMB_ACL_GROUP_OBJ;
2001: break;
2002:
2003: case 3:
2004: new_acl_entry->ace_access = file_acl->o_access << 6;
2005: idp->id_type = SMB_ACL_OTHER;
2006: break;
2007:
2008: case 1:
2009: new_acl_entry->ace_access = file_acl->u_access << 6;
2010: idp->id_type = SMB_ACL_USER_OBJ;
2011: break;
2012:
2013: default:
2014: return(NULL);
2015:
2016: }
2017:
2018: acl_entry_link_head->count++;
2019: DEBUG(10,("new_acl_entry->ace_access = %d\n",new_acl_entry->ace_access));
2020: }
2021:
2022: acl_entry_link_head->count = 0;
2023: SAFE_FREE(file_acl);
2024:
2025: return(acl_entry_link_head);
2026: }
2027:
2028: #if 0
2029: SMB_ACL_T sys_acl_get_fd(int fd)
2030: {
2031: struct acl *file_acl = (struct acl *)NULL;
2032: struct acl_entry *acl_entry;
2033: struct new_acl_entry *new_acl_entry;
2034: struct ace_id *idp;
2035: struct acl_entry_link *acl_entry_link;
2036: struct acl_entry_link *acl_entry_link_head;
2037: int i;
2038: int rc = 0;
2039:
2040: /* Get the acl using fstatacl */
2041:
2042: DEBUG(10,("Entering sys_acl_get_fd\n"));
2043: DEBUG(10,("fd is %d\n",fd));
2044: file_acl = (struct acl *)SMB_MALLOC(BUFSIZ);
2045:
2046: if(file_acl == NULL) {
2047: errno=ENOMEM;
2048: DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
2049: return(NULL);
2050: }
2051:
2052: memset(file_acl,0,BUFSIZ);
2053:
2054: rc = fstatacl(fd,0,file_acl,BUFSIZ);
2055: if(rc == -1) {
2056: DEBUG(0,("The fstatacl call returned %d with errno %d\n",rc,errno));
2057: SAFE_FREE(file_acl);
2058: return(NULL);
2059: }
2060:
2061: DEBUG(10,("Got facl and returned it\n"));
2062:
2063: /* Point to the first acl entry in the acl */
2064:
2065: acl_entry = file_acl->acl_ext;
2066: /* Begin setting up the head of the linked list *
2067: * that will be used for the storing the acl *
2068: * in a way that is useful for the posix_acls.c *
2069: * code. */
2070:
2071: acl_entry_link_head = acl_entry_link = sys_acl_init(0);
2072: if(acl_entry_link_head == NULL){
2073: SAFE_FREE(file_acl);
2074: return(NULL);
2075: }
2076:
2077: acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry);
2078:
2079: if(acl_entry_link->entryp == NULL) {
2080: errno = ENOMEM;
2081: DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
2082: SAFE_FREE(file_acl);
2083: return(NULL);
2084: }
2085:
2086: DEBUG(10,("acl_entry is %d\n",acl_entry));
2087: DEBUG(10,("acl_last(file_acl) id %d\n",acl_last(file_acl)));
2088:
2089: /* Check if the extended acl bit is on. *
2090: * If it isn't, do not show the *
2091: * contents of the acl since AIX intends *
2092: * the extended info to remain unused */
2093:
2094: if(file_acl->acl_mode & S_IXACL){
2095: /* while we are not pointing to the very end */
2096: while(acl_entry < acl_last(file_acl)) {
2097: /* before we malloc anything, make sure this is */
2098: /* a valid acl entry and one that we want to map */
2099:
2100: idp = id_nxt(acl_entry->ace_id);
2101: if((acl_entry->ace_type == ACC_SPECIFY ||
2102: (acl_entry->ace_type == ACC_PERMIT)) && (idp != id_last(acl_entry))) {
2103: acl_entry = acl_nxt(acl_entry);
2104: continue;
2105: }
2106:
2107: idp = acl_entry->ace_id;
2108:
2109: /* Check if this is the first entry in the linked list. *
2110: * The first entry needs to keep prevp pointing to NULL *
2111: * and already has entryp allocated. */
2112:
2113: if(acl_entry_link_head->count != 0) {
2114: acl_entry_link->nextp = SMB_MALLOC_P(struct acl_entry_link);
2115: if(acl_entry_link->nextp == NULL) {
2116: errno = ENOMEM;
2117: DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
2118: SAFE_FREE(file_acl);
2119: return(NULL);
2120: }
2121: acl_entry_link->nextp->prevp = acl_entry_link;
2122: acl_entry_link = acl_entry_link->nextp;
2123: acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry);
2124: if(acl_entry_link->entryp == NULL) {
2125: errno = ENOMEM;
2126: DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
2127: SAFE_FREE(file_acl);
2128: return(NULL);
2129: }
2130:
2131: acl_entry_link->nextp = NULL;
2132: }
2133:
2134: acl_entry_link->entryp->ace_len = acl_entry->ace_len;
2135:
2136: /* Don't really need this since all types are going *
2137: * to be specified but, it's better than leaving it 0 */
2138:
2139: acl_entry_link->entryp->ace_type = acl_entry->ace_type;
2140: acl_entry_link->entryp->ace_access = acl_entry->ace_access;
2141:
2142: memcpy(acl_entry_link->entryp->ace_id, idp, sizeof(struct ace_id));
2143:
2144: /* The access in the acl entries must be left shifted by *
2145: * three bites, because they will ultimately be compared *
2146: * to S_IRUSR, S_IWUSR, and S_IXUSR. */
2147:
2148: switch(acl_entry->ace_type){
2149: case ACC_PERMIT:
2150: case ACC_SPECIFY:
2151: acl_entry_link->entryp->ace_access = acl_entry->ace_access;
2152: acl_entry_link->entryp->ace_access <<= 6;
2153: acl_entry_link_head->count++;
2154: break;
2155: case ACC_DENY:
2156: /* Since there is no way to return a DENY acl entry *
2157: * change to PERMIT and then shift. */
2158: DEBUG(10,("acl_entry->ace_access is %d\n",acl_entry->ace_access));
2159: acl_entry_link->entryp->ace_access = ~acl_entry->ace_access & 7;
2160: DEBUG(10,("acl_entry_link->entryp->ace_access is %d\n",acl_entry_link->entryp->ace_access));
2161: acl_entry_link->entryp->ace_access <<= 6;
2162: acl_entry_link_head->count++;
2163: break;
2164: default:
2165: return(0);
2166: }
2167:
2168: DEBUG(10,("acl_entry = %d\n",acl_entry));
2169: DEBUG(10,("The ace_type is %d\n",acl_entry->ace_type));
2170:
2171: acl_entry = acl_nxt(acl_entry);
2172: }
2173: } /* end of if enabled */
2174:
2175: /* Since owner, group, other acl entries are not *
2176: * part of the acl entries in an acl, they must *
2177: * be dummied up to become part of the list. */
2178:
2179: for( i = 1; i < 4; i++) {
2180: DEBUG(10,("i is %d\n",i));
2181: if(acl_entry_link_head->count != 0){
2182: acl_entry_link->nextp = SMB_MALLOC_P(struct acl_entry_link);
2183: if(acl_entry_link->nextp == NULL) {
2184: errno = ENOMEM;
2185: DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
2186: SAFE_FREE(file_acl);
2187: return(NULL);
2188: }
2189:
2190: acl_entry_link->nextp->prevp = acl_entry_link;
2191: acl_entry_link = acl_entry_link->nextp;
2192: acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry);
2193:
2194: if(acl_entry_link->entryp == NULL) {
2195: SAFE_FREE(file_acl);
2196: errno = ENOMEM;
2197: DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
2198: return(NULL);
2199: }
2200: }
2201:
2202: acl_entry_link->nextp = NULL;
2203:
2204: new_acl_entry = acl_entry_link->entryp;
2205: idp = new_acl_entry->ace_id;
2206:
2207: new_acl_entry->ace_len = sizeof(struct acl_entry);
2208: new_acl_entry->ace_type = ACC_PERMIT;
2209: idp->id_len = sizeof(struct ace_id);
2210: DEBUG(10,("idp->id_len = %d\n",idp->id_len));
2211: memset(idp->id_data,0,sizeof(uid_t));
2212:
2213: switch(i) {
2214: case 2:
2215: new_acl_entry->ace_access = file_acl->g_access << 6;
2216: idp->id_type = SMB_ACL_GROUP_OBJ;
2217: break;
2218:
2219: case 3:
2220: new_acl_entry->ace_access = file_acl->o_access << 6;
2221: idp->id_type = SMB_ACL_OTHER;
2222: break;
2223:
2224: case 1:
2225: new_acl_entry->ace_access = file_acl->u_access << 6;
2226: idp->id_type = SMB_ACL_USER_OBJ;
2227: break;
2228:
2229: default:
2230: return(NULL);
2231: }
2232:
2233: acl_entry_link_head->count++;
2234: DEBUG(10,("new_acl_entry->ace_access = %d\n",new_acl_entry->ace_access));
2235: }
2236:
2237: acl_entry_link_head->count = 0;
2238: SAFE_FREE(file_acl);
2239:
2240: return(acl_entry_link_head);
2241: }
2242: #endif
2243:
2244: int sys_acl_get_info(SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T *tag_type_p, uint32 *bits_p, id_t *u_g_id_p)
2245: {
2246: uint *permset;
2247:
2248: if (sys_acl_get_tag_type(entry, tag_type_p) != 0)
2249: return -1;
2250:
2251: if (*tag_type_p == SMB_ACL_USER || *tag_type_p == SMB_ACL_GROUP)
2252: memcpy(u_g_id_p, entry->ace_id->id_data, sizeof (id_t));
2253:
2254: permset = &entry->ace_access;
2255:
2256: DEBUG(10,("*permset is %d\n",*permset));
2257: *bits_p = (*permset & S_IRUSR ? 4 : 0)
2258: | (*permset & S_IWUSR ? 2 : 0)
2259: | (*permset & S_IXUSR ? 1 : 0);
2260:
2261: return 0;
2262: }
2263:
2264: SMB_ACL_T sys_acl_init( int count)
2265: {
2266: struct acl_entry_link *theacl = NULL;
2267:
2268: if (count < 0) {
2269: errno = EINVAL;
2270: return NULL;
2271: }
2272:
2273: DEBUG(10,("Entering sys_acl_init\n"));
2274:
2275: theacl = SMB_MALLOC_P(struct acl_entry_link);
2276: if(theacl == NULL) {
2277: errno = ENOMEM;
2278: DEBUG(0,("Error in sys_acl_init is %d\n",errno));
2279: return(NULL);
2280: }
2281:
2282: theacl->count = 0;
2283: theacl->nextp = NULL;
2284: theacl->prevp = NULL;
2285: theacl->entryp = NULL;
2286: DEBUG(10,("Exiting sys_acl_init\n"));
2287: return(theacl);
2288: }
2289:
2290: int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
2291: {
2292: struct acl_entry_link *theacl;
2293: struct acl_entry_link *acl_entryp;
2294: struct acl_entry_link *temp_entry;
2295: int counting;
2296:
2297: DEBUG(10,("Entering the sys_acl_create_entry\n"));
2298:
2299: theacl = acl_entryp = *pacl;
2300:
2301: /* Get to the end of the acl before adding entry */
2302:
2303: for(counting=0; counting < theacl->count; counting++){
2304: DEBUG(10,("The acl_entryp is %d\n",acl_entryp));
2305: temp_entry = acl_entryp;
2306: acl_entryp = acl_entryp->nextp;
2307: }
2308:
2309: if(theacl->count != 0){
2310: temp_entry->nextp = acl_entryp = SMB_MALLOC_P(struct acl_entry_link);
2311: if(acl_entryp == NULL) {
2312: errno = ENOMEM;
2313: DEBUG(0,("Error in sys_acl_create_entry is %d\n",errno));
2314: return(-1);
2315: }
2316:
2317: DEBUG(10,("The acl_entryp is %d\n",acl_entryp));
2318: acl_entryp->prevp = temp_entry;
2319: DEBUG(10,("The acl_entryp->prevp is %d\n",acl_entryp->prevp));
2320: }
2321:
2322: *pentry = acl_entryp->entryp = SMB_MALLOC_P(struct new_acl_entry);
2323: if(*pentry == NULL) {
2324: errno = ENOMEM;
2325: DEBUG(0,("Error in sys_acl_create_entry is %d\n",errno));
2326: return(-1);
2327: }
2328:
2329: memset(*pentry,0,sizeof(struct new_acl_entry));
2330: acl_entryp->entryp->ace_len = sizeof(struct acl_entry);
2331: acl_entryp->entryp->ace_type = ACC_PERMIT;
2332: acl_entryp->entryp->ace_id->id_len = sizeof(struct ace_id);
2333: acl_entryp->nextp = NULL;
2334: theacl->count++;
2335: DEBUG(10,("Exiting sys_acl_create_entry\n"));
2336: return(0);
2337: }
2338:
2339: int sys_acl_set_info(SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tag_type, uint32 bits, id_t u_g_id)
2340: {
2341: entry->ace_id->id_type = tag_type;
2342: DEBUG(10,("The tag type is %d\n",entry->ace_id->id_type));
2343:
2344: if (tag_type == SMB_ACL_USER || tag_type == SMB_ACL_GROUP)
2345: memcpy(entry->ace_id->id_data, &u_g_id, sizeof (id_t));
2346:
2347: entry->ace_access = bits;
2348: DEBUG(10,("entry->ace_access = %d\n",entry->ace_access));
2349:
2350: return 0;
2351: }
2352:
2353: int sys_acl_set_access_bits(SMB_ACL_ENTRY_T entry, uint32 bits)
2354: {
2355: DEBUG(10,("Starting AIX sys_acl_set_permset\n"));
2356: entry->ace_access = bits;
2357: DEBUG(10,("entry->ace_access = %d\n",entry->ace_access));
2358: DEBUG(10,("Ending AIX sys_acl_set_permset\n"));
2359: return(0);
2360: }
2361:
2362: int sys_acl_valid( SMB_ACL_T theacl )
2363: {
2364: int user_obj = 0;
2365: int group_obj = 0;
2366: int other_obj = 0;
2367: struct acl_entry_link *acl_entry;
2368:
2369: for(acl_entry=theacl; acl_entry != NULL; acl_entry = acl_entry->nextp) {
2370: user_obj += (acl_entry->entryp->ace_id->id_type == SMB_ACL_USER_OBJ);
2371: group_obj += (acl_entry->entryp->ace_id->id_type == SMB_ACL_GROUP_OBJ);
2372: other_obj += (acl_entry->entryp->ace_id->id_type == SMB_ACL_OTHER);
2373: }
2374:
2375: DEBUG(10,("user_obj=%d, group_obj=%d, other_obj=%d\n",user_obj,group_obj,other_obj));
2376:
2377: if(user_obj != 1 || group_obj != 1 || other_obj != 1)
2378: return(-1);
2379:
2380: return(0);
2381: }
2382:
2383: int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
2384: {
2385: struct acl_entry_link *acl_entry_link = NULL;
2386: struct acl *file_acl = NULL;
2387: struct acl *file_acl_temp = NULL;
2388: struct acl_entry *acl_entry = NULL;
2389: struct ace_id *ace_id = NULL;
2390: uint id_type;
2391: uint user_id;
2392: uint acl_length;
2393: uint rc;
2394:
2395: DEBUG(10,("Entering sys_acl_set_file\n"));
2396: DEBUG(10,("File name is %s\n",name));
2397:
2398: /* AIX has no default ACL */
2399: if(acltype == SMB_ACL_TYPE_DEFAULT)
2400: return(0);
2401:
2402: acl_length = BUFSIZ;
2403: file_acl = (struct acl *)SMB_MALLOC(BUFSIZ);
2404:
2405: if(file_acl == NULL) {
2406: errno = ENOMEM;
2407: DEBUG(0,("Error in sys_acl_set_file is %d\n",errno));
2408: return(-1);
2409: }
2410:
2411: memset(file_acl,0,BUFSIZ);
2412:
2413: file_acl->acl_len = ACL_SIZ;
2414: file_acl->acl_mode = S_IXACL;
2415:
2416: for(acl_entry_link=theacl; acl_entry_link != NULL; acl_entry_link = acl_entry_link->nextp) {
2417: acl_entry_link->entryp->ace_access >>= 6;
2418: id_type = acl_entry_link->entryp->ace_id->id_type;
2419:
2420: switch(id_type) {
2421: case SMB_ACL_USER_OBJ:
2422: file_acl->u_access = acl_entry_link->entryp->ace_access;
2423: continue;
2424: case SMB_ACL_GROUP_OBJ:
2425: file_acl->g_access = acl_entry_link->entryp->ace_access;
2426: continue;
2427: case SMB_ACL_OTHER:
2428: file_acl->o_access = acl_entry_link->entryp->ace_access;
2429: continue;
2430: case SMB_ACL_MASK:
2431: continue;
2432: }
2433:
2434: if((file_acl->acl_len + sizeof(struct acl_entry)) > acl_length) {
2435: acl_length += sizeof(struct acl_entry);
2436: file_acl_temp = (struct acl *)SMB_MALLOC(acl_length);
2437: if(file_acl_temp == NULL) {
2438: SAFE_FREE(file_acl);
2439: errno = ENOMEM;
2440: DEBUG(0,("Error in sys_acl_set_file is %d\n",errno));
2441: return(-1);
2442: }
2443:
2444: memcpy(file_acl_temp,file_acl,file_acl->acl_len);
2445: SAFE_FREE(file_acl);
2446: file_acl = file_acl_temp;
2447: }
2448:
2449: acl_entry = (struct acl_entry *)((char *)file_acl + file_acl->acl_len);
2450: file_acl->acl_len += sizeof(struct acl_entry);
2451: acl_entry->ace_len = acl_entry_link->entryp->ace_len;
2452: acl_entry->ace_access = acl_entry_link->entryp->ace_access;
2453:
2454: /* In order to use this, we'll need to wait until we can get denies */
2455: /* if(!acl_entry->ace_access && acl_entry->ace_type == ACC_PERMIT)
2456: acl_entry->ace_type = ACC_SPECIFY; */
2457:
2458: acl_entry->ace_type = ACC_SPECIFY;
2459:
2460: ace_id = acl_entry->ace_id;
2461:
2462: ace_id->id_type = acl_entry_link->entryp->ace_id->id_type;
2463: DEBUG(10,("The id type is %d\n",ace_id->id_type));
2464: ace_id->id_len = acl_entry_link->entryp->ace_id->id_len;
2465: memcpy(&user_id, acl_entry_link->entryp->ace_id->id_data, sizeof(uid_t));
2466: memcpy(acl_entry->ace_id->id_data, &user_id, sizeof(uid_t));
2467: }
2468:
2469: rc = chacl((char*)name,file_acl,file_acl->acl_len);
2470: DEBUG(10,("errno is %d\n",errno));
2471: DEBUG(10,("return code is %d\n",rc));
2472: SAFE_FREE(file_acl);
2473: DEBUG(10,("Exiting the sys_acl_set_file\n"));
2474: return(rc);
2475: }
2476:
2477: #if 0
2478: int sys_acl_set_fd( int fd, SMB_ACL_T theacl)
2479: {
2480: struct acl_entry_link *acl_entry_link = NULL;
2481: struct acl *file_acl = NULL;
2482: struct acl *file_acl_temp = NULL;
2483: struct acl_entry *acl_entry = NULL;
2484: struct ace_id *ace_id = NULL;
2485: uint id_type;
2486: uint user_id;
2487: uint acl_length;
2488: uint rc;
2489:
2490: DEBUG(10,("Entering sys_acl_set_fd\n"));
2491: acl_length = BUFSIZ;
2492: file_acl = (struct acl *)SMB_MALLOC(BUFSIZ);
2493:
2494: if(file_acl == NULL) {
2495: errno = ENOMEM;
2496: DEBUG(0,("Error in sys_acl_set_fd is %d\n",errno));
2497: return(-1);
2498: }
2499:
2500: memset(file_acl,0,BUFSIZ);
2501:
2502: file_acl->acl_len = ACL_SIZ;
2503: file_acl->acl_mode = S_IXACL;
2504:
2505: for(acl_entry_link=theacl; acl_entry_link != NULL; acl_entry_link = acl_entry_link->nextp) {
2506: acl_entry_link->entryp->ace_access >>= 6;
2507: id_type = acl_entry_link->entryp->ace_id->id_type;
2508: DEBUG(10,("The id_type is %d\n",id_type));
2509:
2510: switch(id_type) {
2511: case SMB_ACL_USER_OBJ:
2512: file_acl->u_access = acl_entry_link->entryp->ace_access;
2513: continue;
2514: case SMB_ACL_GROUP_OBJ:
2515: file_acl->g_access = acl_entry_link->entryp->ace_access;
2516: continue;
2517: case SMB_ACL_OTHER:
2518: file_acl->o_access = acl_entry_link->entryp->ace_access;
2519: continue;
2520: case SMB_ACL_MASK:
2521: continue;
2522: }
2523:
2524: if((file_acl->acl_len + sizeof(struct acl_entry)) > acl_length) {
2525: acl_length += sizeof(struct acl_entry);
2526: file_acl_temp = (struct acl *)SMB_MALLOC(acl_length);
2527: if(file_acl_temp == NULL) {
2528: SAFE_FREE(file_acl);
2529: errno = ENOMEM;
2530: DEBUG(0,("Error in sys_acl_set_fd is %d\n",errno));
2531: return(-1);
2532: }
2533:
2534: memcpy(file_acl_temp,file_acl,file_acl->acl_len);
2535: SAFE_FREE(file_acl);
2536: file_acl = file_acl_temp;
2537: }
2538:
2539: acl_entry = (struct acl_entry *)((char *)file_acl + file_acl->acl_len);
2540: file_acl->acl_len += sizeof(struct acl_entry);
2541: acl_entry->ace_len = acl_entry_link->entryp->ace_len;
2542: acl_entry->ace_access = acl_entry_link->entryp->ace_access;
2543:
2544: /* In order to use this, we'll need to wait until we can get denies */
2545: /* if(!acl_entry->ace_access && acl_entry->ace_type == ACC_PERMIT)
2546: acl_entry->ace_type = ACC_SPECIFY; */
2547:
2548: acl_entry->ace_type = ACC_SPECIFY;
2549:
2550: ace_id = acl_entry->ace_id;
2551:
2552: ace_id->id_type = acl_entry_link->entryp->ace_id->id_type;
2553: DEBUG(10,("The id type is %d\n",ace_id->id_type));
2554: ace_id->id_len = acl_entry_link->entryp->ace_id->id_len;
2555: memcpy(&user_id, acl_entry_link->entryp->ace_id->id_data, sizeof(uid_t));
2556: memcpy(ace_id->id_data, &user_id, sizeof(uid_t));
2557: }
2558:
2559: rc = fchacl(fd,file_acl,file_acl->acl_len);
2560: DEBUG(10,("errno is %d\n",errno));
2561: DEBUG(10,("return code is %d\n",rc));
2562: SAFE_FREE(file_acl);
2563: DEBUG(10,("Exiting sys_acl_set_fd\n"));
2564: return(rc);
2565: }
2566: #endif
2567:
2568: int sys_acl_delete_def_file(UNUSED(const char *name))
2569: {
2570: /* AIX has no default ACL */
2571: return 0;
2572: }
2573:
2574: int sys_acl_free_acl(SMB_ACL_T posix_acl)
2575: {
2576: struct acl_entry_link *acl_entry_link;
2577:
2578: for(acl_entry_link = posix_acl->nextp; acl_entry_link->nextp != NULL; acl_entry_link = acl_entry_link->nextp) {
2579: SAFE_FREE(acl_entry_link->prevp->entryp);
2580: SAFE_FREE(acl_entry_link->prevp);
2581: }
2582:
2583: SAFE_FREE(acl_entry_link->prevp->entryp);
2584: SAFE_FREE(acl_entry_link->prevp);
2585: SAFE_FREE(acl_entry_link->entryp);
2586: SAFE_FREE(acl_entry_link);
2587:
2588: return(0);
2589: }
2590:
2591: #elif defined(HAVE_OSX_ACLS) /*----------------------------------------------*/
2592:
2593: #define OSX_BROKEN_GETENTRY /* returns 0 instead of 1 */
2594:
2595: #include <membership.h>
2596:
2597: int sys_acl_get_entry(SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
2598: {
2599: int ret = acl_get_entry(the_acl, entry_id, entry_p);
2600: #ifdef OSX_BROKEN_GETENTRY
2601: if (ret == 0)
2602: ret = 1;
2603: else if (ret == -1 && errno == 22)
2604: ret = 0;
2605: #endif
2606: return ret;
2607: }
2608:
2609: SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type)
2610: {
2611: if (type == ACL_TYPE_DEFAULT) {
2612: errno = ENOTSUP;
2613: return NULL;
2614: }
2615: errno = 0;
2616: return acl_get_file(path_p, type);
2617: }
2618:
2619: #if 0
2620: SMB_ACL_T sys_acl_get_fd(int fd)
2621: {
2622: return acl_get_fd(fd);
2623: }
2624: #endif
2625:
2626: int sys_acl_get_info(SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T *tag_type_p, uint32 *bits_p, id_t *u_g_id_p)
2627: {
2628: uuid_t *uup;
2629: acl_tag_t tag;
2630: acl_flagset_t flagset;
2631: acl_permset_t permset;
2632: uint32 bits, fb, bb, pb;
2633: int id_type = -1;
2634: int rc;
2635:
2636: if (acl_get_tag_type(entry, &tag) != 0
2637: || acl_get_flagset_np(entry, &flagset) != 0
2638: || acl_get_permset(entry, &permset) != 0
2639: || (uup = acl_get_qualifier(entry)) == NULL)
2640: return -1;
2641:
2642: rc = mbr_uuid_to_id(*uup, u_g_id_p, &id_type);
2643: acl_free(uup);
2644: if (rc != 0)
2645: return rc;
2646:
2647: if (id_type == ID_TYPE_UID)
2648: *tag_type_p = SMB_ACL_USER;
2649: else
2650: *tag_type_p = SMB_ACL_GROUP;
2651:
2652: bits = tag == ACL_EXTENDED_ALLOW ? 1 : 0;
2653:
2654: for (fb = (1u<<4), bb = (1u<<1); bb < (1u<<12); fb *= 2, bb *= 2) {
2655: if (acl_get_flag_np(flagset, fb) == 1)
2656: bits |= bb;
2657: }
2658:
2659: for (pb = (1u<<1), bb = (1u<<12); bb < (1u<<25); pb *= 2, bb *= 2) {
2660: if (acl_get_perm_np(permset, pb) == 1)
2661: bits |= bb;
2662: }
2663:
2664: *bits_p = bits;
2665:
2666: return 0;
2667: }
2668:
2669: SMB_ACL_T sys_acl_init(int count)
2670: {
2671: return acl_init(count);
2672: }
2673:
2674: int sys_acl_create_entry(SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
2675: {
2676: return acl_create_entry(pacl, pentry);
2677: }
2678:
2679: int sys_acl_set_info(SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tag_type, uint32 bits, id_t u_g_id)
2680: {
2681: acl_flagset_t flagset;
2682: acl_permset_t permset;
2683: uint32 fb, bb, pb;
2684: int is_user = tag_type == SMB_ACL_USER;
2685: uuid_t uu;
2686: int rc;
2687:
2688: tag_type = bits & 1 ? ACL_EXTENDED_ALLOW : ACL_EXTENDED_DENY;
2689:
2690: if (acl_get_flagset_np(entry, &flagset) != 0
2691: || acl_get_permset(entry, &permset) != 0)
2692: return -1;
2693:
2694: acl_clear_flags_np(flagset);
2695: acl_clear_perms(permset);
2696:
2697: for (fb = (1u<<4), bb = (1u<<1); bb < (1u<<12); fb *= 2, bb *= 2) {
2698: if (bits & bb)
2699: acl_add_flag_np(flagset, fb);
2700: }
2701:
2702: for (pb = (1u<<1), bb = (1u<<12); bb < (1u<<25); pb *= 2, bb *= 2) {
2703: if (bits & bb)
2704: acl_add_perm(permset, pb);
2705: }
2706:
2707: if (is_user)
2708: rc = mbr_uid_to_uuid(u_g_id, uu);
2709: else
2710: rc = mbr_gid_to_uuid(u_g_id, uu);
2711: if (rc != 0)
2712: return rc;
2713:
2714: if (acl_set_tag_type(entry, tag_type) != 0
2715: || acl_set_qualifier(entry, &uu) != 0
2716: || acl_set_permset(entry, permset) != 0
2717: || acl_set_flagset_np(entry, flagset) != 0)
2718: return -1;
2719:
2720: return 0;
2721: }
2722:
2723: #if 0
2724: int sys_acl_set_access_bits(SMB_ACL_ENTRY_T entry, uint32 bits)
2725: {
2726: return -1; /* Not needed for OS X. */
2727: }
2728: #endif
2729:
2730: int sys_acl_valid(SMB_ACL_T theacl)
2731: {
2732: return acl_valid(theacl);
2733: }
2734:
2735: int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
2736: {
2737: return acl_set_file(name, acltype, theacl);
2738: }
2739:
2740: #if 0
2741: int sys_acl_set_fd(int fd, SMB_ACL_T theacl)
2742: {
2743: return acl_set_fd(fd, theacl);
2744: }
2745: #endif
2746:
2747: int sys_acl_delete_def_file(const char *name)
2748: {
2749: return acl_delete_def_file(name);
2750: }
2751:
2752: int sys_acl_free_acl(SMB_ACL_T the_acl)
2753: {
2754: return acl_free(the_acl);
2755: }
2756:
2757: #else /* No ACLs. */
2758:
2759: #error No ACL functions defined for this platform!
2760:
2761: #endif
2762:
2763: /************************************************************************
2764: Deliberately outside the ACL defines. Return 1 if this is a "no acls"
2765: errno, 0 if not.
2766: ************************************************************************/
2767:
2768: int no_acl_syscall_error(int err)
2769: {
2770: #ifdef HAVE_OSX_ACLS
2771: if (err == ENOENT)
2772: return 1; /* Weird problem with directory ACLs. */
2773: #endif
2774: #if defined(ENOSYS)
2775: if (err == ENOSYS) {
2776: return 1;
2777: }
2778: #endif
2779: #if defined(ENOTSUP)
2780: if (err == ENOTSUP) {
2781: return 1;
2782: }
2783: #endif
2784: if (err == EINVAL) {
2785: /* If the type of SMB_ACL_TYPE_ACCESS or SMB_ACL_TYPE_DEFAULT
2786: * isn't valid, then the ACLs must be non-POSIX. */
2787: return 1;
2788: }
2789: return 0;
2790: }
2791:
2792: #endif /* SUPPORT_ACLS */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to sysacls.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / rsync / lib