sysacls.c

Rsync 3.0.5 source code

			if(acl_entry_link->entryp == NULL) {
				SAFE_FREE(file_acl);
				errno = ENOMEM;
				DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
				return(NULL);
			}
		}

		acl_entry_link->nextp = NULL;
 
		new_acl_entry = acl_entry_link->entryp;
		idp = new_acl_entry->ace_id;
 
		new_acl_entry->ace_len = sizeof(struct acl_entry);
		new_acl_entry->ace_type = ACC_PERMIT;
		idp->id_len = sizeof(struct ace_id);
		DEBUG(10,("idp->id_len = %d\n",idp->id_len));
		memset(idp->id_data,0,sizeof(uid_t));
 
		switch(i) {
		case 2:
			new_acl_entry->ace_access = file_acl->g_access << 6;
			idp->id_type = SMB_ACL_GROUP_OBJ;
			break;
 
		case 3:
			new_acl_entry->ace_access = file_acl->o_access << 6;
			idp->id_type = SMB_ACL_OTHER;
			break;
 
		case 1:
			new_acl_entry->ace_access = file_acl->u_access << 6;
			idp->id_type = SMB_ACL_USER_OBJ;
			break;
 
		default:
			return(NULL);
		}
 
		acl_entry_link_head->count++;
		DEBUG(10,("new_acl_entry->ace_access = %d\n",new_acl_entry->ace_access));
	}

	acl_entry_link_head->count = 0;
	SAFE_FREE(file_acl);
 
	return(acl_entry_link_head);
}
#endif

int sys_acl_get_info(SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T *tag_type_p, uint32 *bits_p, id_t *u_g_id_p)
{
	uint *permset;

	if (sys_acl_get_tag_type(entry, tag_type_p) != 0)
		return -1;

	if (*tag_type_p == SMB_ACL_USER || *tag_type_p == SMB_ACL_GROUP)
		memcpy(u_g_id_p, entry->ace_id->id_data, sizeof (id_t));

	permset = &entry->ace_access;

	DEBUG(10,("*permset is %d\n",*permset));
	*bits_p = (*permset & S_IRUSR ? 4 : 0)
		| (*permset & S_IWUSR ? 2 : 0)
		| (*permset & S_IXUSR ? 1 : 0);

	return 0;
}

SMB_ACL_T sys_acl_init( int count)
{
	struct acl_entry_link *theacl = NULL;
 
	if (count < 0) {
		errno = EINVAL;
		return NULL;
	}

	DEBUG(10,("Entering sys_acl_init\n"));

	theacl = SMB_MALLOC_P(struct acl_entry_link);
	if(theacl == NULL) {
		errno = ENOMEM;
		DEBUG(0,("Error in sys_acl_init is %d\n",errno));
		return(NULL);
	}

	theacl->count = 0;
	theacl->nextp = NULL;
	theacl->prevp = NULL;
	theacl->entryp = NULL;
	DEBUG(10,("Exiting sys_acl_init\n"));
	return(theacl);
}

int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
{
	struct acl_entry_link *theacl;
	struct acl_entry_link *acl_entryp;
	struct acl_entry_link *temp_entry;
	int counting;

	DEBUG(10,("Entering the sys_acl_create_entry\n"));

	theacl = acl_entryp = *pacl;

	/* Get to the end of the acl before adding entry */

	for(counting=0; counting < theacl->count; counting++){
		DEBUG(10,("The acl_entryp is %d\n",acl_entryp));
		temp_entry = acl_entryp;
		acl_entryp = acl_entryp->nextp;
	}

	if(theacl->count != 0){
		temp_entry->nextp = acl_entryp = SMB_MALLOC_P(struct acl_entry_link);
		if(acl_entryp == NULL) {
			errno = ENOMEM;
			DEBUG(0,("Error in sys_acl_create_entry is %d\n",errno));
			return(-1);
		}

		DEBUG(10,("The acl_entryp is %d\n",acl_entryp));
		acl_entryp->prevp = temp_entry;
		DEBUG(10,("The acl_entryp->prevp is %d\n",acl_entryp->prevp));
	}

	*pentry = acl_entryp->entryp = SMB_MALLOC_P(struct new_acl_entry);
	if(*pentry == NULL) {
		errno = ENOMEM;
		DEBUG(0,("Error in sys_acl_create_entry is %d\n",errno));
		return(-1);
	}

	memset(*pentry,0,sizeof(struct new_acl_entry));
	acl_entryp->entryp->ace_len = sizeof(struct acl_entry);
	acl_entryp->entryp->ace_type = ACC_PERMIT;
	acl_entryp->entryp->ace_id->id_len = sizeof(struct ace_id);
	acl_entryp->nextp = NULL;
	theacl->count++;
	DEBUG(10,("Exiting sys_acl_create_entry\n"));
	return(0);
}

int sys_acl_set_info(SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tag_type, uint32 bits, id_t u_g_id)
{
	entry->ace_id->id_type = tag_type;
	DEBUG(10,("The tag type is %d\n",entry->ace_id->id_type));

	if (tag_type == SMB_ACL_USER || tag_type == SMB_ACL_GROUP)
		memcpy(entry->ace_id->id_data, &u_g_id, sizeof (id_t));

	entry->ace_access = bits;
	DEBUG(10,("entry->ace_access = %d\n",entry->ace_access));

	return 0;
}

int sys_acl_set_access_bits(SMB_ACL_ENTRY_T entry, uint32 bits)
{
	DEBUG(10,("Starting AIX sys_acl_set_permset\n"));
	entry->ace_access = bits;
	DEBUG(10,("entry->ace_access = %d\n",entry->ace_access));
	DEBUG(10,("Ending AIX sys_acl_set_permset\n"));
	return(0);
}

int sys_acl_valid( SMB_ACL_T theacl )
{
	int user_obj = 0;
	int group_obj = 0;
	int other_obj = 0;
	struct acl_entry_link *acl_entry;

	for(acl_entry=theacl; acl_entry != NULL; acl_entry = acl_entry->nextp) {
		user_obj += (acl_entry->entryp->ace_id->id_type == SMB_ACL_USER_OBJ);
		group_obj += (acl_entry->entryp->ace_id->id_type == SMB_ACL_GROUP_OBJ);
		other_obj += (acl_entry->entryp->ace_id->id_type == SMB_ACL_OTHER);
	}

	DEBUG(10,("user_obj=%d, group_obj=%d, other_obj=%d\n",user_obj,group_obj,other_obj));
 
	if(user_obj != 1 || group_obj != 1 || other_obj != 1)
		return(-1); 

	return(0);
}

int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
{
	struct acl_entry_link *acl_entry_link = NULL;
	struct acl *file_acl = NULL;
	struct acl *file_acl_temp = NULL;
	struct acl_entry *acl_entry = NULL;
	struct ace_id *ace_id = NULL;
	uint id_type;
	uint user_id;
	uint acl_length;
	uint rc;

	DEBUG(10,("Entering sys_acl_set_file\n"));
	DEBUG(10,("File name is %s\n",name));
 
	/* AIX has no default ACL */
	if(acltype == SMB_ACL_TYPE_DEFAULT)
		return(0);

	acl_length = BUFSIZ;
	file_acl = (struct acl *)SMB_MALLOC(BUFSIZ);

	if(file_acl == NULL) {
		errno = ENOMEM;
		DEBUG(0,("Error in sys_acl_set_file is %d\n",errno));
		return(-1);
	}

	memset(file_acl,0,BUFSIZ);

	file_acl->acl_len = ACL_SIZ;
	file_acl->acl_mode = S_IXACL;

	for(acl_entry_link=theacl; acl_entry_link != NULL; acl_entry_link = acl_entry_link->nextp) {
		acl_entry_link->entryp->ace_access >>= 6;
		id_type = acl_entry_link->entryp->ace_id->id_type;

		switch(id_type) {
		case SMB_ACL_USER_OBJ:
			file_acl->u_access = acl_entry_link->entryp->ace_access;
			continue;
		case SMB_ACL_GROUP_OBJ:
			file_acl->g_access = acl_entry_link->entryp->ace_access;
			continue;
		case SMB_ACL_OTHER:
			file_acl->o_access = acl_entry_link->entryp->ace_access;
			continue;
		case SMB_ACL_MASK:
			continue;
		}

		if((file_acl->acl_len + sizeof(struct acl_entry)) > acl_length) {
			acl_length += sizeof(struct acl_entry);
			file_acl_temp = (struct acl *)SMB_MALLOC(acl_length);
			if(file_acl_temp == NULL) {
				SAFE_FREE(file_acl);
				errno = ENOMEM;
				DEBUG(0,("Error in sys_acl_set_file is %d\n",errno));
				return(-1);
			}  

			memcpy(file_acl_temp,file_acl,file_acl->acl_len);
			SAFE_FREE(file_acl);
			file_acl = file_acl_temp;
		}

		acl_entry = (struct acl_entry *)((char *)file_acl + file_acl->acl_len);
		file_acl->acl_len += sizeof(struct acl_entry);
		acl_entry->ace_len = acl_entry_link->entryp->ace_len;
		acl_entry->ace_access = acl_entry_link->entryp->ace_access;
 
		/* In order to use this, we'll need to wait until we can get denies */
		/* if(!acl_entry->ace_access && acl_entry->ace_type == ACC_PERMIT)
		acl_entry->ace_type = ACC_SPECIFY; */

		acl_entry->ace_type = ACC_SPECIFY;
 
		ace_id = acl_entry->ace_id;
 
		ace_id->id_type = acl_entry_link->entryp->ace_id->id_type;
		DEBUG(10,("The id type is %d\n",ace_id->id_type));
		ace_id->id_len = acl_entry_link->entryp->ace_id->id_len;
		memcpy(&user_id, acl_entry_link->entryp->ace_id->id_data, sizeof(uid_t));
		memcpy(acl_entry->ace_id->id_data, &user_id, sizeof(uid_t));
	}

	rc = chacl((char*)name,file_acl,file_acl->acl_len);
	DEBUG(10,("errno is %d\n",errno));
	DEBUG(10,("return code is %d\n",rc));
	SAFE_FREE(file_acl);
	DEBUG(10,("Exiting the sys_acl_set_file\n"));
	return(rc);
}

#if 0
int sys_acl_set_fd( int fd, SMB_ACL_T theacl)
{
	struct acl_entry_link *acl_entry_link = NULL;
	struct acl *file_acl = NULL;
	struct acl *file_acl_temp = NULL;
	struct acl_entry *acl_entry = NULL;
	struct ace_id *ace_id = NULL;
	uint id_type;
	uint user_id;
	uint acl_length;
	uint rc;
 
	DEBUG(10,("Entering sys_acl_set_fd\n"));
	acl_length = BUFSIZ;
	file_acl = (struct acl *)SMB_MALLOC(BUFSIZ);

	if(file_acl == NULL) {
		errno = ENOMEM;
		DEBUG(0,("Error in sys_acl_set_fd is %d\n",errno));
		return(-1);
	}

	memset(file_acl,0,BUFSIZ);
 
	file_acl->acl_len = ACL_SIZ;
	file_acl->acl_mode = S_IXACL;

	for(acl_entry_link=theacl; acl_entry_link != NULL; acl_entry_link = acl_entry_link->nextp) {
		acl_entry_link->entryp->ace_access >>= 6;
		id_type = acl_entry_link->entryp->ace_id->id_type;
		DEBUG(10,("The id_type is %d\n",id_type));

		switch(id_type) {
		case SMB_ACL_USER_OBJ:
			file_acl->u_access = acl_entry_link->entryp->ace_access;
			continue;
		case SMB_ACL_GROUP_OBJ:
			file_acl->g_access = acl_entry_link->entryp->ace_access;
			continue;
		case SMB_ACL_OTHER:
			file_acl->o_access = acl_entry_link->entryp->ace_access;
			continue;
		case SMB_ACL_MASK:
			continue;
		}

		if((file_acl->acl_len + sizeof(struct acl_entry)) > acl_length) {
			acl_length += sizeof(struct acl_entry);
			file_acl_temp = (struct acl *)SMB_MALLOC(acl_length);
			if(file_acl_temp == NULL) {
				SAFE_FREE(file_acl);
				errno = ENOMEM;
				DEBUG(0,("Error in sys_acl_set_fd is %d\n",errno));
				return(-1);
			}

			memcpy(file_acl_temp,file_acl,file_acl->acl_len);
			SAFE_FREE(file_acl);
			file_acl = file_acl_temp;
		}

		acl_entry = (struct acl_entry *)((char *)file_acl + file_acl->acl_len);
		file_acl->acl_len += sizeof(struct acl_entry);
		acl_entry->ace_len = acl_entry_link->entryp->ace_len;
		acl_entry->ace_access = acl_entry_link->entryp->ace_access;
 
		/* In order to use this, we'll need to wait until we can get denies */
		/* if(!acl_entry->ace_access && acl_entry->ace_type == ACC_PERMIT)
			acl_entry->ace_type = ACC_SPECIFY; */
 
		acl_entry->ace_type = ACC_SPECIFY;
 
		ace_id = acl_entry->ace_id;
 
		ace_id->id_type = acl_entry_link->entryp->ace_id->id_type;
		DEBUG(10,("The id type is %d\n",ace_id->id_type));
		ace_id->id_len = acl_entry_link->entryp->ace_id->id_len;
		memcpy(&user_id, acl_entry_link->entryp->ace_id->id_data, sizeof(uid_t));
		memcpy(ace_id->id_data, &user_id, sizeof(uid_t));
	}
 
	rc = fchacl(fd,file_acl,file_acl->acl_len);
	DEBUG(10,("errno is %d\n",errno));
	DEBUG(10,("return code is %d\n",rc));
	SAFE_FREE(file_acl);
	DEBUG(10,("Exiting sys_acl_set_fd\n"));
	return(rc);
}
#endif

int sys_acl_delete_def_file(UNUSED(const char *name))
{
	/* AIX has no default ACL */
	return 0;
}

int sys_acl_free_acl(SMB_ACL_T posix_acl)
{
	struct acl_entry_link *acl_entry_link;

	for(acl_entry_link = posix_acl->nextp; acl_entry_link->nextp != NULL; acl_entry_link = acl_entry_link->nextp) {
		SAFE_FREE(acl_entry_link->prevp->entryp);
		SAFE_FREE(acl_entry_link->prevp);
	}

	SAFE_FREE(acl_entry_link->prevp->entryp);
	SAFE_FREE(acl_entry_link->prevp);
	SAFE_FREE(acl_entry_link->entryp);
	SAFE_FREE(acl_entry_link);
 
	return(0);
}

#elif defined(HAVE_OSX_ACLS) /*----------------------------------------------*/

#define OSX_BROKEN_GETENTRY /* returns 0 instead of 1 */

#include <membership.h>

int sys_acl_get_entry(SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
{
	int ret = acl_get_entry(the_acl, entry_id, entry_p);
#ifdef OSX_BROKEN_GETENTRY
	if (ret == 0)
		ret = 1;
	else if (ret == -1 && errno == 22)
		ret = 0;
#endif
	return ret;
}

SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type)
{
	if (type == ACL_TYPE_DEFAULT) {
		errno = ENOTSUP;
		return NULL;
	}
	errno = 0;
	return acl_get_file(path_p, type);
}

#if 0
SMB_ACL_T sys_acl_get_fd(int fd)
{
	return acl_get_fd(fd);
}
#endif

int sys_acl_get_info(SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T *tag_type_p, uint32 *bits_p, id_t *u_g_id_p)
{
	uuid_t *uup;
	acl_tag_t tag;
	acl_flagset_t flagset;
	acl_permset_t permset;
	uint32 bits, fb, bb, pb;
	int id_type = -1;
	int rc;

	if (acl_get_tag_type(entry, &tag) != 0
	 || acl_get_flagset_np(entry, &flagset) != 0
	 || acl_get_permset(entry, &permset) != 0
	 || (uup = acl_get_qualifier(entry)) == NULL)
		return -1;

	rc = mbr_uuid_to_id(*uup, u_g_id_p, &id_type);
	acl_free(uup);
	if (rc != 0)
		return rc;

	if (id_type == ID_TYPE_UID)
		*tag_type_p = SMB_ACL_USER;
	else
		*tag_type_p = SMB_ACL_GROUP;

	bits = tag == ACL_EXTENDED_ALLOW ? 1 : 0;

	for (fb = (1u<<4), bb = (1u<<1); bb < (1u<<12); fb *= 2, bb *= 2) {
		if (acl_get_flag_np(flagset, fb) == 1)
			bits |= bb;
	}

	for (pb = (1u<<1), bb = (1u<<12); bb < (1u<<25); pb *= 2, bb *= 2) {
		if (acl_get_perm_np(permset, pb) == 1)
			bits |= bb;
	}

	*bits_p = bits;

	return 0;
}

SMB_ACL_T sys_acl_init(int count)
{
	return acl_init(count);
}

int sys_acl_create_entry(SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
{
	return acl_create_entry(pacl, pentry);
}

int sys_acl_set_info(SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tag_type, uint32 bits, id_t u_g_id)
{
	acl_flagset_t flagset;
	acl_permset_t permset;
	uint32 fb, bb, pb;
	int is_user = tag_type == SMB_ACL_USER;
	uuid_t uu;
	int rc;

	tag_type = bits & 1 ? ACL_EXTENDED_ALLOW : ACL_EXTENDED_DENY;

	if (acl_get_flagset_np(entry, &flagset) != 0
	 || acl_get_permset(entry, &permset) != 0)
		return -1;

	acl_clear_flags_np(flagset);
	acl_clear_perms(permset);

	for (fb = (1u<<4), bb = (1u<<1); bb < (1u<<12); fb *= 2, bb *= 2) {
		if (bits & bb)
			acl_add_flag_np(flagset, fb);
	}

	for (pb = (1u<<1), bb = (1u<<12); bb < (1u<<25); pb *= 2, bb *= 2) {
		if (bits & bb)
			acl_add_perm(permset, pb);
	}

	if (is_user)
		rc = mbr_uid_to_uuid(u_g_id, uu);
	else
		rc = mbr_gid_to_uuid(u_g_id, uu);
	if (rc != 0)
		return rc;

	if (acl_set_tag_type(entry, tag_type) != 0
	 || acl_set_qualifier(entry, &uu) != 0
	 || acl_set_permset(entry, permset) != 0
	 || acl_set_flagset_np(entry, flagset) != 0)
		return -1;

	return 0;
}

#if 0
int sys_acl_set_access_bits(SMB_ACL_ENTRY_T entry, uint32 bits)
{
	return -1; /* Not needed for OS X. */
}
#endif

int sys_acl_valid(SMB_ACL_T theacl)
{
	return acl_valid(theacl);
}

int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T aclt