sysacls.c

samba-3.0.22.tar.gz 编译smb服务器的源码

		}
	}

	/* set the class obj permissions to the computed one. */
	if(calclass) {
		int n_class_obj_index = -1;

		for(i=0;i<acl_count;i++) {
			n_class_obj_perm |= hpux_get_needed_class_perm((aclp+i));

			if(aclp[i].a_type == CLASS_OBJ)
				n_class_obj_index = i;
		}
		aclp[n_class_obj_index].a_perm = n_class_obj_perm;
	}

	return 0;
#else
	return aclsort(acl_count, calclass, aclp);
#endif
}

/*
 * sort the ACL and check it for validity
 *
 * if it's a minimal ACL with only 4 entries then we
 * need to recalculate the mask permissions to make
 * sure that they are the same as the GROUP_OBJ
 * permissions as required by the UnixWare acl() system call.
 *
 * (note: since POSIX allows minimal ACLs which only contain
 * 3 entries - ie there is no mask entry - we should, in theory,
 * check for this and add a mask entry if necessary - however
 * we "know" that the caller of this interface always specifies
 * a mask so, in practice "this never happens" (tm) - if it *does*
 * happen aclsort() will fail and return an error and someone will
 * have to fix it ...)
 */

static int acl_sort(SMB_ACL_T acl_d)
{
	int fixmask = (acl_d->count <= 4);

	if (hpux_acl_sort(acl_d->count, fixmask, acl_d->acl) != 0) {
		errno = EINVAL;
		return -1;
	}
	return 0;
}
 
int sys_acl_valid(SMB_ACL_T acl_d)
{
	return acl_sort(acl_d);
}

int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d)
{
	struct stat	s;
	struct acl	*acl_p;
	int		acl_count;
	struct acl	*acl_buf	= NULL;
	int		ret;

	if(hpux_acl_call_presence() == False) {
		/* Looks like we don't have the acl() system call on HPUX. 
		 * May be the system doesn't have the latest version of JFS.
		 */
		errno=ENOSYS;
		return -1; 
	}

	if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) {
		errno = EINVAL;
		return -1;
	}

	if (acl_sort(acl_d) != 0) {
		return -1;
	}

	acl_p		= &acl_d->acl[0];
	acl_count	= acl_d->count;

	/*
	 * if it's a directory there is extra work to do
	 * since the acl() system call will replace both
	 * the access ACLs and the default ACLs (if any)
	 */
	if (stat(name, &s) != 0) {
		return -1;
	}
	if (S_ISDIR(s.st_mode)) {
		SMB_ACL_T	acc_acl;
		SMB_ACL_T	def_acl;
		SMB_ACL_T	tmp_acl;
		int		i;

		if (type == SMB_ACL_TYPE_ACCESS) {
			acc_acl = acl_d;
			def_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_DEFAULT);

		} else {
			def_acl = acl_d;
			acc_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_ACCESS);
		}

		if (tmp_acl == NULL) {
			return -1;
		}

		/*
		 * allocate a temporary buffer for the complete ACL
		 */
		acl_count = acc_acl->count + def_acl->count;
		acl_p = acl_buf = SMB_MALLOC_ARRAY(struct acl, acl_count);

		if (acl_buf == NULL) {
			sys_acl_free_acl(tmp_acl);
			errno = ENOMEM;
			return -1;
		}

		/*
		 * copy the access control and default entries into the buffer
		 */
		memcpy(&acl_buf[0], &acc_acl->acl[0],
			acc_acl->count * sizeof(acl_buf[0]));

		memcpy(&acl_buf[acc_acl->count], &def_acl->acl[0],
			def_acl->count * sizeof(acl_buf[0]));

		/*
		 * set the ACL_DEFAULT flag on the default entries
		 */
		for (i = acc_acl->count; i < acl_count; i++) {
			acl_buf[i].a_type |= ACL_DEFAULT;
		}

		sys_acl_free_acl(tmp_acl);

	} else if (type != SMB_ACL_TYPE_ACCESS) {
		errno = EINVAL;
		return -1;
	}

	ret = acl(name, ACL_SET, acl_count, acl_p);

	if (acl_buf) {
		free(acl_buf);
	}

	return ret;
}

int sys_acl_set_fd(int fd, SMB_ACL_T acl_d)
{
	/*
	 * HPUX doesn't have the facl call. Fake it using the path.... JRA.
	 */

	files_struct *fsp = file_find_fd(fd);

	if (fsp == NULL) {
		errno = EBADF;
		return NULL;
	}

	if (acl_sort(acl_d) != 0) {
		return -1;
	}

	/*
	 * We know we're in the same conn context. So we
	 * can use the relative path.
	 */

	return sys_acl_set_file(fsp->fsp_name, SMB_ACL_TYPE_ACCESS, acl_d);
}

int sys_acl_delete_def_file(const char *path)
{
	SMB_ACL_T	acl_d;
	int		ret;

	/*
	 * fetching the access ACL and rewriting it has
	 * the effect of deleting the default ACL
	 */
	if ((acl_d = sys_acl_get_file(path, SMB_ACL_TYPE_ACCESS)) == NULL) {
		return -1;
	}

	ret = acl(path, ACL_SET, acl_d->count, acl_d->acl);

	sys_acl_free_acl(acl_d);
	
	return ret;
}

int sys_acl_free_text(char *text)
{
	free(text);
	return 0;
}

int sys_acl_free_acl(SMB_ACL_T acl_d) 
{
	free(acl_d);
	return 0;
}

int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype)
{
	return 0;
}

#elif defined(HAVE_IRIX_ACLS)

int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p)
{
	if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) {
		errno = EINVAL;
		return -1;
	}

	if (entry_p == NULL) {
		errno = EINVAL;
		return -1;
	}

	if (entry_id == SMB_ACL_FIRST_ENTRY) {
		acl_d->next = 0;
	}

	if (acl_d->next < 0) {
		errno = EINVAL;
		return -1;
	}

	if (acl_d->next >= acl_d->aclp->acl_cnt) {
		return 0;
	}

	*entry_p = &acl_d->aclp->acl_entry[acl_d->next++];

	return 1;
}

int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p)
{
	*type_p = entry_d->ae_tag;

	return 0;
}

int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
{
	*permset_p = entry_d;

	return 0;
}

void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d)
{
	if (entry_d->ae_tag != SMB_ACL_USER
	    && entry_d->ae_tag != SMB_ACL_GROUP) {
		errno = EINVAL;
		return NULL;
	}

	return &entry_d->ae_id;
}

SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type)
{
	SMB_ACL_T	a;

	if ((a = SMB_MALLOC_P(struct SMB_ACL_T)) == NULL) {
		errno = ENOMEM;
		return NULL;
	}
	if ((a->aclp = acl_get_file(path_p, type)) == NULL) {
		SAFE_FREE(a);
		return NULL;
	}
	a->next = -1;
	a->freeaclp = True;
	return a;
}

SMB_ACL_T sys_acl_get_fd(int fd)
{
	SMB_ACL_T	a;

	if ((a = SMB_MALLOC_P(struct SMB_ACL_T)) == NULL) {
		errno = ENOMEM;
		return NULL;
	}
	if ((a->aclp = acl_get_fd(fd)) == NULL) {
		SAFE_FREE(a);
		return NULL;
	}
	a->next = -1;
	a->freeaclp = True;
	return a;
}

int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d)
{
	permset_d->ae_perm = 0;

	return 0;
}

int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
{
	if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE
	    && perm != SMB_ACL_EXECUTE) {
		errno = EINVAL;
		return -1;
	}

	if (permset_d == NULL) {
		errno = EINVAL;
		return -1;
	}

	permset_d->ae_perm |= perm;

	return 0;
}

int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
{
	return permset_d->ae_perm & perm;
}

char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p)
{
	return acl_to_text(acl_d->aclp, len_p);
}

SMB_ACL_T sys_acl_init(int count)
{
	SMB_ACL_T	a;

	if (count < 0) {
		errno = EINVAL;
		return NULL;
	}

	if ((a = SMB_MALLOC(sizeof(struct SMB_ACL_T) + sizeof(struct acl))) == NULL) {
		errno = ENOMEM;
		return NULL;
	}

	a->next = -1;
	a->freeaclp = False;
	a->aclp = (struct acl *)(&a->aclp + sizeof(struct acl *));
	a->aclp->acl_cnt = 0;

	return a;
}


int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p)
{
	SMB_ACL_T	acl_d;
	SMB_ACL_ENTRY_T	entry_d;

	if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) {
		errno = EINVAL;
		return -1;
	}

	if (acl_d->aclp->acl_cnt >= ACL_MAX_ENTRIES) {
		errno = ENOSPC;
		return -1;
	}

	entry_d		= &acl_d->aclp->acl_entry[acl_d->aclp->acl_cnt++];
	entry_d->ae_tag	= 0;
	entry_d->ae_id	= 0;
	entry_d->ae_perm	= 0;
	*entry_p	= entry_d;

	return 0;
}

int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type)
{
	switch (tag_type) {
		case SMB_ACL_USER:
		case SMB_ACL_USER_OBJ:
		case SMB_ACL_GROUP:
		case SMB_ACL_GROUP_OBJ:
		case SMB_ACL_OTHER:
		case SMB_ACL_MASK:
			entry_d->ae_tag = tag_type;
			break;
		default:
			errno = EINVAL;
			return -1;
	}

	return 0;
}

int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p)
{
	if (entry_d->ae_tag != SMB_ACL_GROUP
	    && entry_d->ae_tag != SMB_ACL_USER) {
		errno = EINVAL;
		return -1;
	}

	entry_d->ae_id = *((id_t *)qual_p);

	return 0;
}

int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d)
{
	if (permset_d->ae_perm & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) {
		return EINVAL;
	}

	entry_d->ae_perm = permset_d->ae_perm;

	return 0;
}

int sys_acl_valid(SMB_ACL_T acl_d)
{
	return acl_valid(acl_d->aclp);
}

int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d)
{
	return acl_set_file(name, type, acl_d->aclp);
}

int sys_acl_set_fd(int fd, SMB_ACL_T acl_d)
{
	return acl_set_fd(fd, acl_d->aclp);
}

int sys_acl_delete_def_file(const char *name)
{
	return acl_delete_def_file(name);
}

int sys_acl_free_text(char *text)
{
	return acl_free(text);
}

int sys_acl_free_acl(SMB_ACL_T acl_d) 
{
	if (acl_d->freeaclp) {
		acl_free(acl_d->aclp);
	}
	acl_free(acl_d);
	return 0;
}

int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype)
{
	return 0;
}

#elif defined(HAVE_AIX_ACLS)

/* Donated by Medha Date, mdate@austin.ibm.com, for IBM */

int sys_acl_get_entry( SMB_ACL_T theacl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
{
	struct acl_entry_link *link;
	struct new_acl_entry *entry;
	int keep_going;

	DEBUG(10,("This is the count: %d\n",theacl->count));

	/* Check if count was previously set to -1. *
	 * If it was, that means we reached the end *
	 * of the acl last time.                    */
	if(theacl->count == -1)
		return(0);

	link = theacl;
	/* To get to the next acl, traverse linked list until index *
	 * of acl matches the count we are keeping.  This count is  *
	 * incremented each time we return an acl entry.            */

	for(keep_going = 0; keep_going < theacl->count; keep_going++)
		link = link->nextp;

	entry = *entry_p =  link->entryp;

	DEBUG(10,("*entry_p is %d\n",entry_p));
	DEBUG(10,("*entry_p->ace_access is %d\n",entry->ace_access));

	/* Increment count */
	theacl->count++;
	if(link->nextp == NULL)
		theacl->count = -1;

	return(1);
}

int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
{
	/* Initialize tag type */

	*tag_type_p = -1;
	DEBUG(10,("the tagtype is %d\n",entry_d->ace_id->id_type));

	/* Depending on what type of entry we have, *
	 * return tag type.                         */
	switch(entry_d->ace_id->id_type) {
	case ACEID_USER:
		*tag_type_p = SMB_ACL_USER;
		break;
	case ACEID_GROUP:
		*tag_type_p = SMB_ACL_GROUP;
		break;

	case SMB_ACL_USER_OBJ:
	case SMB_ACL_GROUP_OBJ:
	case SMB_ACL_OTHER:
		*tag_type_p = entry_d->ace_id->id_type;
		break;
 
	default:
		return(-1);
	}

	return(0);
}

int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
{
	DEBUG(10,("Starting AIX sys_acl_get_permset\n"));
	*permset_p = &entry_d->ace_access;
	DEBUG(10,("**permset_p is %d\n",**permset_p));
	if(!(**permset_p & S_IXUSR) &&
		!(**permset_p & S_IWUSR) &&
		!(**permset_p & S_IRUSR) &&
		(**permset_p != 0))
			return(-1);

	DEBUG(10,("Ending AIX sys_acl_get_permset\n"));
	return(0);
}

void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d)
{
	return(entry_d->ace_id->id_data);
}

SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type)
{
	struct acl *file_acl = (struct acl *)NULL;
	struct acl_entry *acl_entry;
	struct new_acl_entry *new_acl_entry;
	struct ace_id *idp;
	struct acl_entry_link *acl_entry_link;
	struct acl_entry_link *acl_entry_link_head;
	int i;
	int rc = 0;