After applying this patch, run these commands for a successful build: autoconf automake ./configure --with-acl-support make proto make --- Makefile.in 2 May 2004 17:04:14 -0000 1.100 +++ Makefile.in 13 May 2004 17:58:41 -0000 @@ -25,7 +25,7 @@ VERSION=@VERSION@ .SUFFIXES: .SUFFIXES: .c .o -HEADERS=byteorder.h config.h errcode.h proto.h rsync.h lib/pool_alloc.h +HEADERS=byteorder.h config.h errcode.h proto.h rsync.h smb_acls.h lib/pool_alloc.h LIBOBJ=lib/wildmatch.o lib/compat.o lib/snprintf.o lib/mdfour.o \ lib/permstring.o lib/pool_alloc.o @LIBOBJS@ ZLIBOBJ=zlib/deflate.o zlib/infblock.o zlib/infcodes.o zlib/inffast.o \ @@ -34,7 +34,7 @@ ZLIBOBJ=zlib/deflate.o zlib/infblock.o z OBJS1=rsync.o generator.o receiver.o cleanup.o sender.o exclude.o util.o \ main.o checksum.o match.o syscall.o log.o backup.o OBJS2=options.o flist.o io.o compat.o hlink.o token.o uidlist.o socket.o \ - fileio.o batch.o clientname.o + fileio.o batch.o clientname.o sysacls.o acls.o OBJS3=progress.o pipe.o DAEMON_OBJ = params.o loadparm.o clientserver.o access.o connection.o authenticate.o popt_OBJS=popt/findme.o popt/popt.o popt/poptconfig.o \ --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ acls.c 13 May 2004 17:58:42 -0000 @@ -0,0 +1,1119 @@ +/* -*- c-file-style: "linux" -*- + Copyright (C) Andrew Tridgell 1996 + Copyright (C) Paul Mackerras 1996 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +/* handle passing ACLs between systems */ + +#include "rsync.h" + +#ifdef SUPPORT_ACLS + +extern int preserve_acls; +extern int am_root; +extern int dry_run; + +typedef struct { + id_t id; + uchar access; + SMB_ACL_TAG_T tag_type; +} rsync_ace; + +typedef struct { + size_t count; + size_t malloced; + rsync_ace *races; +} rsync_acl; + +static const rsync_acl rsync_acl_initializer = { 0, 0, NULL }; + +static void expand_rsync_acl(rsync_acl *racl) +{ + /* first time through, 0 <= 0, so list is expanded: + * diabolical, rsync guys! */ + if (racl->malloced <= racl->count) { + void *new_ptr; + size_t new_size; + racl->malloced += 10; + new_size = racl->malloced * sizeof racl->races[0]; + if (racl->races) + new_ptr = realloc(racl->races, new_size); + else + new_ptr = malloc(new_size); + if (verbose >= 4) { + rprintf(FINFO, "expand rsync_acl to %.0f bytes, did%s move\n", + (double) new_size, + racl->races ? "" : " not"); + } + + racl->races = (rsync_ace *) new_ptr; + + if (!racl->races) + out_of_memory("expand_rsync_acl"); + } +} + +static void rsync_acl_free(rsync_acl *racl) +{ + free(racl->races); + racl->races = NULL; + racl->count = 0; + racl->malloced = 0; +} + +static int rsync_ace_sorter(const void *r1, const void *r2) +{ + rsync_ace *race1 = (rsync_ace *)r1; + SMB_ACL_TAG_T rtag1 = race1->tag_type; + id_t rid1 = race1->id; + rsync_ace *race2 = (rsync_ace *)r2; + SMB_ACL_TAG_T rtag2 = race2->tag_type; + id_t rid2 = race2->id; + /* start at the extrema */ + if (rtag1 == SMB_ACL_USER_OBJ || rtag2 == SMB_ACL_MASK) + return -1; + if (rtag2 == SMB_ACL_USER_OBJ || rtag1 == SMB_ACL_MASK) + return 1; + /* work inwards */ + if (rtag1 == SMB_ACL_OTHER) + return 1; + if (rtag2 == SMB_ACL_OTHER) + return -1; + /* only SMB_ACL_USERs and SMB_ACL_GROUP*s left */ + if (rtag1 == SMB_ACL_USER) { + switch (rtag2) { + case SMB_ACL_GROUP: + case SMB_ACL_GROUP_OBJ: + case SMB_ACL_OTHER: + return -1; + } + /* both USER */ + return rid1 == rid2 ? 0 : rid1 < rid2 ? -1 : 1; + } + if (rtag2 == SMB_ACL_USER) + return 1; + /* only SMB_ACL_GROUP*s to worry about; kick out GROUP_OBJs first */ + if (rtag1 == SMB_ACL_GROUP_OBJ) + return -1; + if (rtag2 == SMB_ACL_GROUP_OBJ) + return 1; + /* only SMB_ACL_GROUPs left */ + return rid1 == rid2 ? 0 : rid1 < rid2 ? -1 : 1; +} + +static void sort_rsync_acl(rsync_acl *racl) +{ + if (!racl->count) + return; + qsort((void **)racl->races, racl->count, sizeof racl->races[0], + &rsync_ace_sorter); +} + +static BOOL unpack_smb_acl(rsync_acl *racl, SMB_ACL_T sacl) +{ + SMB_ACL_ENTRY_T entry; + int rc; + const char *errfun; + *racl = rsync_acl_initializer; + errfun = "sys_acl_get_entry"; + for (rc = sys_acl_get_entry(sacl, SMB_ACL_FIRST_ENTRY, &entry); + rc == 1; + rc = sys_acl_get_entry(sacl, SMB_ACL_NEXT_ENTRY, &entry)) { + SMB_ACL_PERMSET_T permset; + void *qualifier; + rsync_ace *race; + expand_rsync_acl(racl); + race = &racl->races[racl->count++]; + if ((rc = sys_acl_get_tag_type(entry, &race->tag_type))) { + errfun = "sys_acl_get_tag_type"; + break; + } + if ((rc = sys_acl_get_permset(entry, &permset))) { + errfun = "sys_acl_get_tag_type"; + break; + } + race->access = (sys_acl_get_perm(permset, SMB_ACL_READ) ? 4 : 0) + | (sys_acl_get_perm(permset, SMB_ACL_WRITE) ? 2 : 0) + | (sys_acl_get_perm(permset, SMB_ACL_EXECUTE) ? 1 : 0); + switch (race->tag_type) { + case SMB_ACL_USER: + case SMB_ACL_GROUP: + break; + default: + continue; + } + if (!(qualifier = sys_acl_get_qualifier(entry))) { + errfun = "sys_acl_get_tag_type"; + rc = EINVAL; + break; + } + race->id = *((id_t *)qualifier); + sys_acl_free_qualifier(qualifier, race->tag_type); + } + if (rc) { + rprintf(FERROR, "unpack_smb_acl: %s(): %s\n", + errfun, strerror(errno)); + rsync_acl_free(racl); + return False; + } + sort_rsync_acl(racl); + return True; +} + +static BOOL rsync_acls_equal(const rsync_acl *racl1, const rsync_acl *racl2) +{ + rsync_ace *race1, *race2; + size_t count = racl1->count; + if (count != racl2->count) + return False; + race1 = racl1->races; + race2 = racl2->races; + for (; count--; race1++, race2++) { + if (race1->tag_type != race2->tag_type + || race1->access != race2->access + || ((race1->tag_type == SMB_ACL_USER + || race1->tag_type == SMB_ACL_GROUP) + && race1->id != race2->id)) + return False; + } + return True; +} + +typedef struct { + size_t count; + size_t malloced; + rsync_acl *racls; +} rsync_acl_list; + +static rsync_acl_list _rsync_acl_lists[] = { + { 0, 0, NULL }, /* SMB_ACL_TYPE_ACCESS */ + { 0, 0, NULL } /* SMB_ACL_TYPE_DEFAULT */ +}; + +static inline rsync_acl_list *rsync_acl_lists(SMB_ACL_TYPE_T type) +{ + return type == SMB_ACL_TYPE_ACCESS ? &_rsync_acl_lists[0] + : &_rsync_acl_lists[1]; +} + +static void expand_rsync_acl_list(rsync_acl_list *racl_list) +{ + /* first time through, 0 <= 0, so list is expanded: + * diabolical, rsync guys! */ + if (racl_list->malloced <= racl_list->count) { + void *new_ptr; + size_t new_size; + if (racl_list->malloced < 1000) + racl_list->malloced += 1000; + else + racl_list->malloced *= 2; + new_size = racl_list->malloced * sizeof racl_list->racls[0]; + if (racl_list->racls) + new_ptr = realloc(racl_list->racls, new_size); + else + new_ptr = malloc(new_size); + if (verbose >= 3) { + rprintf(FINFO, "expand_rsync_acl_list to %.0f bytes, did%s move\n", + (double) new_size, + racl_list->racls ? "" : " not"); + } + + racl_list->racls = (rsync_acl *) new_ptr; + + if (!racl_list->racls) + out_of_memory("expand_rsync_acl_list"); + } +} + +#if 0 +static void free_rsync_acl_list(rsync_acl_list *racl_list) +{ + /* run this in reverse, so references are freed before referents, */ + /* although not currently necessary */ + while (racl_list->count--) { + rsync_acl *racl = &racl_list->racls[racl_list->count]; + if (racl) + rsync_acl_free(racl); + } + free(racl_list->racls); + racl_list->racls = NULL; + racl_list->malloced = 0; +} +#endif + +static int find_matching_rsync_acl(SMB_ACL_TYPE_T type, + const rsync_acl_list *racl_list, + const rsync_acl *racl) +{ + static int access_match = -1, default_match = -1; + int *match = (type == SMB_ACL_TYPE_ACCESS) ? + &access_match : &default_match; + size_t count = racl_list->count; + /* if this is the first time through or we didn't match the last + * time, then start at the end of the list, which should be the + * best place to start hunting */ + if (*match == -1) + *match = racl_list->count - 1; + while (count--) { + if (rsync_acls_equal(&racl_list->racls[*match], racl)) + return *match; + if (!(*match)--) + *match = racl_list->count - 1; + } + *match = -1; + return *match; +} + +/* the general strategy with the tag_type <-> character mapping is that + * lowercase implies that no qualifier follows, where uppercase does. + * same sorta thing for the acl type (access or default) itself, but + * lowercase in this instance means there's no ACL following, so the + * ACL is a repeat, so the receiver should reuse the last of the same + * type ACL */ + +static void send_rsync_acl(int f, const rsync_acl *racl) +{ + rsync_ace *race; + size_t count = racl->count; + write_int(f, count); + for (race = racl->races; count--; race++) { + char ch; + switch (race->tag_type) { + case SMB_ACL_USER_OBJ: + ch = 'u'; + break; + case SMB_ACL_USER: + ch = 'U'; + break; + case SMB_ACL_GROUP_OBJ: + ch = 'g'; + break; + case SMB_ACL_GROUP: + ch = 'G'; + break; + case SMB_ACL_OTHER: + ch = 'o'; + break; + case SMB_ACL_MASK: + ch = 'm'; + break; + default: + rprintf(FERROR, + "send_rsync_acl: unknown tag_type (%0x) on ACE; disregarding\n", + race->tag_type); + continue; + } + write_byte(f, ch); + write_byte(f, race->access); + if (isupper((int)ch)) { + write_int(f, race->id); + /* FIXME: sorta wasteful. we should maybe buffer as + * many ids as max(ACL_USER + ACL_GROUP) objects to + * keep from making so many calls */ + if (ch == 'U') + add_uid(race->id); + else + add_gid(race->id); + } + } +} + +static rsync_acl _curr_rsync_acls[2]; + + +static const char *str_acl_type(SMB_ACL_TYPE_T type) +{ + return type == SMB_ACL_TYPE_ACCESS ? "SMB_ACL_TYPE_ACCESS" : + type == SMB_ACL_TYPE_DEFAULT ? "SMB_ACL_TYPE_DEFAULT" : + "unknown SMB_ACL_TYPE_T"; +} + +/* generate the ACL(s) for this flist entry; + * ACL(s) are either sent or cleaned-up by send_acl() below */ + +BOOL make_acl(const struct file_struct *file, const char *fname) +{ + SMB_ACL_TYPE_T *type, + types[] = {SMB_ACL_TYPE_ACCESS, SMB_ACL_TYPE_DEFAULT}; + rsync_acl *curr_racl; + if (!preserve_acls || S_ISLNK(file->mode)) + return True; + for (type = &types[0], curr_racl = &_curr_rsync_acls[0]; + type < &types[0] + sizeof types / sizeof types[0] + && (*type == SMB_ACL_TYPE_ACCESS || S_ISDIR(file->mode)); + type++, curr_racl++) { + SMB_ACL_T sacl; + BOOL ok; + *curr_racl = rsync_acl_initializer; + if (!(sacl = sys_acl_get_file(fname, *type))) { + rprintf(FERROR, "send_acl : sys_acl_get_file(%s, %s): %s\n", + fname, str_acl_type(*type), strerror(errno)); + return False; + } + ok = unpack_smb_acl(curr_racl, sacl); + sys_acl_free_acl(sacl); + if (!ok) + return False; + } + return True; +} + +/* send the make_acl()-generated ACLs for this flist entry, + * or clean up after an flist entry that's not being sent (f == -1) */ + +void send_acl(const struct file_struct *file, int f) +{ + SMB_ACL_TYPE_T *type, + types[] = {SMB_ACL_TYPE_ACCESS, SMB_ACL_TYPE_DEFAULT}; + rsync_acl *curr_racl; + if (!preserve_acls || S_ISLNK(file->mode)) + return; + for (type = &types[0], curr_racl = &_curr_rsync_acls[0]; + type < &types[0] + sizeof types / sizeof types[0] + && (*type == SMB_ACL_TYPE_ACCESS || S_ISDIR(file->mode)); + type++, curr_racl++) { + int index; + rsync_acl_list *racl_list = rsync_acl_lists(*type); + if (f == -1) { + rsync_acl_free(curr_racl); + continue; + } + if ((index = find_matching_rsync_acl(*type, racl_list, curr_racl)) + != -1) { + write_byte(f, *type == SMB_ACL_TYPE_ACCESS ? 'a' : 'd'); + write_int(f, index); + rsync_acl_free(curr_racl); + } else { + write_byte(f, *type == SMB_ACL_TYPE_ACCESS ? 'A' : 'D'); + send_rsync_acl(f, curr_racl); + expand_rsync_acl_list(racl_list); + racl_list->racls[racl_list->count++] = *curr_racl; + } + } +} + +/* the below stuff is only used by the receiver */ + +/* structure to hold index to rsync_acl_list member corresponding to + * flist->files[i] */ + +typedef struct { + const struct file_struct *file; + int aclidx; +} file_acl_index; + +typedef struct { + size_t count; + size_t malloced; + file_acl_index *fileaclidxs; +} file_acl_index_list; + +static file_acl_index_list _file_acl_index_lists[] = { + {0, 0, NULL },/* SMB_ACL_TYPE_ACCESS */ + {0, 0, NULL } /* SMB_ACL_TYPE_DEFAULT */ +}; + +static inline file_acl_index_list *file_acl_index_lists(SMB_ACL_TYPE_T type) +{ + return type == SMB_ACL_TYPE_ACCESS ? + &_file_acl_index_lists[0] : &_file_acl_index_lists[1]; +} + +static void expand_file_acl_index_list(file_acl_index_list *fileaclidx_list) +{ + /* first time through, 0 <= 0, so list is expanded: + * diabolical, rsync guys! */ + if (fileaclidx_list->malloced <= fileaclidx_list->count) { + void *new_ptr; + size_t new_size; + if (fileaclidx_list->malloced < 1000) + fileaclidx_list->malloced += 1000; + else + fileaclidx_list->malloced *= 2; + new_size = fileaclidx_list->malloced + * sizeof fileaclidx_list->fileaclidxs[0]; + if (fileaclidx_list->fileaclidxs) + new_ptr = realloc(fileaclidx_list->fileaclidxs, new_size); + else + new_ptr = malloc(new_size); + if (verbose >= 3) { + rprintf(FINFO, "expand_file_acl_index_list to %.0f bytes, did%s move\n", + (double) new_size, + fileaclidx_list->fileaclidxs ? "" : " not"); + } + + fileaclidx_list->fileaclidxs = (file_acl_index *) new_ptr; + + if (!fileaclidx_list->fileaclidxs) + out_of_memory("expand_file_acl_index_list"); + } +} + +#if 0 +static void free_file_acl_index_list(file_acl_index_list *fileaclidx_list) +{ + free(fileaclidx_list->fileaclidxs); + fileaclidx_list->fileaclidxs = NULL; + fileaclidx_list->malloced = 0; +} +#endif + +/* lists to hold the SMB_ACL_Ts corresponding to the rsync_acl_list entries */ + +typedef struct { + size_t count; + size_t malloced; + SMB_ACL_T *sacls; +} smb_acl_list; + +static smb_acl_list _smb_acl_lists[] = { + { 0, 0, NULL }, /* SMB_ACL_TYPE_ACCESS */ + { 0, 0, NULL } /* SMB_ACL_TYPE_DEFAULT */ +}; + +static inline smb_acl_list *smb_acl_lists(SMB_ACL_TYPE_T type) +{ + return type == SMB_ACL_TYPE_ACCESS ? &_smb_acl_lists[0] : + &_smb_acl_lists[1]; +} + +static void expand_smb_acl_list(smb_acl_list *sacl_list) +{ + /* first time through, 0 <= 0, so list is expanded: + * diabolical, rsync guys! */ + if (sacl_list->malloced <= sacl_list->count) { + void *new_ptr; + size_t new_size; + if (sacl_list->malloced < 1000) + sacl_list->malloced += 1000; + else + sacl_list->malloced *= 2; + new_size = sacl_list->malloced + * sizeof sacl_list->sacls[0]; + if (sacl_list->sacls) + new_ptr = realloc(sacl_list->sacls, new_size); + else + new_ptr = malloc(new_size); + if (verbose >= 3) { + rprintf(FINFO, "expand_smb_acl_list to %.0f bytes, did%s move\n", + (double) new_size, + sacl_list->sacls ? "" : " not"); + } + + sacl_list->sacls = (SMB_ACL_T *) new_ptr; + + if (!sacl_list->sacls) + out_of_memory("expand_smb_acl_list"); + } +} + +#if 0 +static void free_smb_acl_list(SMB_ACL_TYPE_T type) +{ + smb_acl_list *sacl_list = smb_acl_lists(type); + SMB_ACL_T *sacl = sacl_list->sacls; + while (sacl_list->count--) { + if (*sacl) + sys_acl_free_acl(*sacl++); + } + free(sacl_list->sacls); + sacl_list->sacls = NULL; + sacl_list->malloced = 0; +} +#endif + +/* build an SMB_ACL_T corresponding to an rsync_acl */ +static BOOL pack_smb_acl(SMB_ACL_T *smb_acl, const rsync_acl *racl) +{ + size_t count = racl->count; + rsync_ace *race = racl->races; + const char *errfun = NULL; + *smb_acl = sys_acl_init(count); + if (!*smb_acl) { + rprintf(FERROR, "pack_smb_acl: sys_acl_int(): %s\n", + strerror(errno)); + return False; + } + for (; count--; race++) { + SMB_ACL_ENTRY_T entry; + SMB_ACL_PERMSET_T permset; + if (sys_acl_create_entry(smb_acl, &entry)) { + errfun = "sys_acl_create)"; + break; + } + if (sys_acl_set_tag_type(entry, race->tag_type)) { + errfun = "sys_acl_set_tag"; + break; + } + if (race->tag_type == SMB_ACL_USER || + race->tag_type == SMB_ACL_GROUP) + if (sys_acl_set_qualifier(entry, (void*)&race->id)) { + errfun = "sys_acl_set_qualfier"; + break; + } + if (sys_acl_get_permset(entry, &permset)) { + errfun = "sys_acl_get_permset"; + break; + } + if (sys_acl_clear_perms(permset)) { + errfun = "sys_acl_clear_perms"; + break; + } + if (race->access & 4) + if (sys_acl_add_perm(permset, SMB_ACL_READ)) { + errfun = "sys_acl_add_perm"; + break; + } + if (race->access & 2) + if (sys_acl_add_perm(permset, SMB_ACL_WRITE)) { + errfun = "sys_acl_add_perm"; + break; + } + if (race->access & 1) + if (sys_acl_add_perm(permset, SMB_ACL_EXECUTE)) { + errfun = "sys_acl_add_perm"; + break; + } + if (sys_acl_set_permset(entry, permset)) { + errfun = "sys_acl_set_permset"; + break; + } + } + if (errfun) { + sys_acl_free_acl(*smb_acl); + rprintf(FERROR, "pack_smb_acl %s(): %s\n", errfun, + strerror(errno)); + return False; + } + return True; +} + +static void receive_rsync_acl(rsync_acl *racl, int f) +{ +#if ACLS_NEED_MASK + uchar required_mask_perm = 0; + BOOL saw_mask = False; +#endif + BOOL saw_user_obj = False, saw_group_obj = False, + saw_other = False; + size_t count = read_int(f); + rsync_ace *race; + if (!count) + return; + while (count--) { + uchar tag = read_byte(f); + expand_rsync_acl(racl); + race = &racl->races[racl->count++]; + switch (tag) { + case 'u': + race->tag_type = SMB_ACL_USER_OBJ; + saw_user_obj = True; + break; + case 'U': + race->tag_type = SMB_ACL_USER; + break; + case 'g': + race->tag_type = SMB_ACL_GROUP_OBJ; + saw_group_obj = True; + break; + case 'G': + race->tag_type = SMB_ACL_GROUP; + break; + case 'o': + race->tag_type = SMB_ACL_OTHER; + saw_other = True; + break; + case 'm': + race->tag_type = SMB_ACL_MASK; +#if ACLS_NEED_MASK + saw_mask = True; +#endif + break; + default: + rprintf(FERROR, "receive_rsync_acl: unknown tag %c\n", + tag); + exit_cleanup(RERR_STREAMIO); + } + race->access = read_byte(f); + if (race->access & ~ (4 | 2 | 1)) { + rprintf(FERROR, "receive_rsync_acl: bogus permset %o\n", + race->access); + exit_cleanup(RERR_STREAMIO); + } + if (race->tag_type == SMB_ACL_USER || + race->tag_type == SMB_ACL_GROUP) { + race->id = read_int(f); +#if ACLS_NEED_MASK + required_mask_perm |= race->access; +#endif + } +#if ACLS_NEED_MASK + else if (race->tag_type == SMB_ACL_GROUP_OBJ) + required_mask_perm |= race->access; +#endif + + } + if (!saw_user_obj) { + expand_rsync_acl(racl); + race = &racl->races[racl->count++]; + race->tag_type = SMB_ACL_USER_OBJ; + race->access = 7; + } + if (!saw_group_obj) { + expand_rsync_acl(racl); + race = &racl->races[racl->count++]; + race->tag_type = SMB_ACL_GROUP_OBJ; + race->access = 0; + } + if (!saw_other) { + expand_rsync_acl(racl); + race = &racl->races[racl->count++]; + race->tag_type = SMB_ACL_OTHER; + race->access = 0; + } +#if ACLS_NEED_MASK + if (!saw_mask) { + expand_rsync_acl(racl); + race = &racl->races[racl->count++]; + race->tag_type = SMB_ACL_MASK; + race->access = required_mask_perm; + } +#endif +#if ACLS_NEED_MASK + if (!(saw_user_obj && saw_group_obj && saw_other && saw_mask)) +#else + if (!(saw_user_obj && saw_group_obj && saw_other)) +#endif + sort_rsync_acl(racl); +} + +/* receive and build the rsync_acl_lists */ + +void receive_acl(struct file_struct *file, int f) +{ + SMB_ACL_TYPE_T *type, + types[] = {SMB_ACL_TYPE_ACCESS, SMB_ACL_TYPE_DEFAULT}; + char *fname; + if (!preserve_acls || S_ISLNK(file->mode)) + return; + fname = f_name(file); + for (type = &types[0]; + type < &types[0] + sizeof types / sizeof types[0] + && (*type == SMB_ACL_TYPE_ACCESS || S_ISDIR(file->mode)); + type++) { + file_acl_index_list *fileaclidx_list = + file_acl_index_lists(*type); + uchar tag; + expand_file_acl_index_list(fileaclidx_list); + + tag = read_byte(f); + if (tag == 'A' || tag == 'a') { + if (*type != SMB_ACL_TYPE_ACCESS) { + rprintf(FERROR, "receive_acl %s: duplicate access ACL\n", + fname); + exit_cleanup(RERR_STREAMIO); + } + } else if (tag == 'D' || tag == 'd') { + if (*type == SMB_ACL_TYPE_ACCESS) { + rprintf(FERROR, "receive_acl %s: expecting access ACL; got default\n", + fname); + exit_cleanup(RERR_STREAMIO); + } + } else { + rprintf(FERROR, "receive_acl %s: unknown ACL type tag: %c\n", + fname, tag); + exit_cleanup(RERR_STREAMIO); + } + if (tag == 'A' || tag == 'D') { + rsync_acl racl = rsync_acl_initializer; + rsync_acl_list *racl_list = rsync_acl_lists(*type); + smb_acl_list *sacl_list = smb_acl_lists(*type); + fileaclidx_list->fileaclidxs[fileaclidx_list->count]. + aclidx = racl_list->count; + fileaclidx_list->fileaclidxs[fileaclidx_list->count++]. + file = file; + receive_rsync_acl(&racl, f); + expand_rsync_acl_list(racl_list); + racl_list->racls[racl_list->count++] = racl; + expand_smb_acl_list(sacl_list); + sacl_list->sacls[sacl_list->count++] = NULL; + } else { + int index = read_int(f); + rsync_acl_list *racl_list = rsync_acl_lists(*type); + if ((size_t) index >= racl_list->count) { + rprintf(FERROR, "receive_acl %s: %s ACL index %d out of range\n", + fname, + str_acl_type(*type), + index); + exit_cleanup(RERR_STREAMIO); + } + fileaclidx_list->fileaclidxs[fileaclidx_list->count]. + aclidx = index; + fileaclidx_list->fileaclidxs[fileaclidx_list->count++]. + file = file; + } + } +} + +static int file_acl_index_list_sorter(const void *f1, const void *f2) +{ + const file_acl_index *fileaclidx1 = (const file_acl_index *)f1; + const file_acl_index *fileaclidx2 = (const file_acl_index *)f2; + return fileaclidx1->file == fileaclidx2->file ? 0 : + fileaclidx1->file < fileaclidx2->file ? -1 : 1; +} + +void sort_file_acl_index_lists() +{ + SMB_ACL_TYPE_T *type, + types[] = {SMB_ACL_TYPE_ACCESS, SMB_ACL_TYPE_DEFAULT}; + if (!preserve_acls) + return; + for (type = &types[0]; + type < &types[0] + sizeof types / sizeof types[0]; + type++) + { + file_acl_index_list *fileaclidx_list = + file_acl_index_lists(*type); + if (!fileaclidx_list->count) + continue; + qsort(fileaclidx_list->fileaclidxs, fileaclidx_list->count, + sizeof fileaclidx_list->fileaclidxs[0], + &file_acl_index_list_sorter); + } +} + +static int find_file_acl_index(const file_acl_index_list *fileaclidx_list, + const struct file_struct *file) { + int low = 0, high = fileaclidx_list->count; + const struct file_struct *file_mid; + if (!high--) + return -1; + do { + int mid = (high + low) / 2; + file_mid = fileaclidx_list->fileaclidxs[mid].file; + if (file_mid == file) + return fileaclidx_list->fileaclidxs[mid].aclidx; + if (file_mid > file) + high = mid - 1; + else + low = mid + 1; + } while (low < high); + if (low == high) { + file_mid = fileaclidx_list->fileaclidxs[low].file; + if (file_mid == file) + return fileaclidx_list->fileaclidxs[low].aclidx; + } + rprintf(FERROR, + "find_file_acl_index: can't find entry for file in list\n"); + exit_cleanup(RERR_STREAMIO); + return -1; +} + +/* for duplicating ACLs on backups when using backup_dir */ + +int dup_acl(const char *orig, const char *bak, mode_t mode) +{ + SMB_ACL_TYPE_T *type, + types[] = {SMB_ACL_TYPE_ACCESS, SMB_ACL_TYPE_DEFAULT}; + int ret = 0; + if (!preserve_acls) + return 0; + for (type = &types[0]; + type < &types[0] + sizeof types / sizeof types[0] + && (*type == SMB_ACL_TYPE_ACCESS || S_ISDIR(mode)); + type++) { + SMB_ACL_T sacl_orig, sacl_bak; + rsync_acl racl_orig, racl_bak; + if (!(sacl_orig = sys_acl_get_file(orig, *type))) { + rprintf(FERROR, "dup_acl : sys_acl_get_file(%s, %s): %s\n", + orig, str_acl_type(*type), strerror(errno)); + ret = -1; + continue; + } + if (!(sacl_bak = sys_acl_get_file(orig, *type))) { + rprintf(FERROR, "dup_acl : sys_acl_get_file(%s, %s): %s. ignoring\n", + bak, str_acl_type(*type), strerror(errno)); + ret = -1; + /* try to forge on through */ + } + if (!unpack_smb_acl(&racl_orig, sacl_orig)) { + ret = -1; + goto out_with_sacls; + } + if (sacl_bak) { + if (!unpack_smb_acl(&racl_bak, sacl_bak)) { + ret = -1; + goto out_with_one_racl; + } + if (rsync_acls_equal(&racl_orig, &racl_bak)) + goto out_with_all; + } else { + ; /* presume they're unequal */ + } + if (*type == SMB_ACL_TYPE_DEFAULT && !racl_orig.count) { + if (-1 == sys_acl_delete_def_file(bak)) { + rprintf(FERROR, "dup_acl: sys_acl_delete_def_file(%s): %s\n", + bak, strerror(errno)); + ret = -1; + } + } else if (-1 == sys_acl_set_file(bak, *type, sacl_bak)) { + rprintf(FERROR, "dup_acl : sys_acl_set_file(%s, %s): %s\n", + bak, str_acl_type(*type), strerror(errno)); + ret = -1; + } + out_with_all: + if (sacl_bak) + rsync_acl_free(&racl_bak); + out_with_one_racl: + rsync_acl_free(&racl_orig); + out_with_sacls: + if (sacl_bak) + sys_acl_free_acl(sacl_bak); + /* out_with_one_sacl: */ + if (sacl_orig) + sys_acl_free_acl(sacl_orig); + } + return ret; +} + +/* stuff for redirecting calls to set_acl() from set_perms() + * for keep_backup() */ +static const struct file_struct *backup_orig_file = NULL; +static const char null_string[] = ""; +static const char *backup_orig_fname = null_string; +static const char *backup_dest_fname = null_string; +static SMB_ACL_T _backup_sacl[] = { NULL, NULL }; + +void push_keep_backup_acl(const struct file_struct *file, + const char *orig, const char *dest) +{ + if (preserve_acls) { + SMB_ACL_TYPE_T *type, + types[] = {SMB_ACL_TYPE_ACCESS, SMB_ACL_TYPE_DEFAULT}; + SMB_ACL_T *sacl; + backup_orig_file = file; + backup_orig_fname = orig; + backup_dest_fname = dest; + for (type = &types[0], sacl = &_backup_sacl[0]; + type < &types[0] + sizeof types / sizeof types[0]; + type++) { + if (*type == SMB_ACL_TYPE_DEFAULT && !S_ISDIR(file->mode)) + *sacl = NULL; + else { + if (!(*sacl = sys_acl_get_file(orig, *type))) { + rprintf(FERROR, "push_keep_backup_acl : sys_acl_get_file(%s, %s): %s\n", + orig, str_acl_type(*type), + strerror(errno)); + } + } + } + } +} + +static int set_keep_backup_acl() +{ + if (preserve_acls) { + SMB_ACL_TYPE_T *type, + types[] = {SMB_ACL_TYPE_ACCESS, SMB_ACL_TYPE_DEFAULT}; + SMB_ACL_T *sacl; + int ret = 0; + for (type = &types[0], sacl = &_backup_sacl[0]; + type < &types[0] + sizeof types / sizeof types[0]; + type++) { + if (*sacl) { + if (-1 == sys_acl_set_file(backup_dest_fname, + *type, *sacl)) + { + rprintf(FERROR, "push_keep_backup_acl : sys_acl_get_file(%s, %s): %s\n", + backup_dest_fname, + str_acl_type(*type), + strerror(errno)); + ret = -1; + } + } + } + return ret; + } + return 0; +} + +void cleanup_keep_backup_acl() +{ + if (preserve_acls) { + SMB_ACL_TYPE_T *type, + types[] = {SMB_ACL_TYPE_ACCESS, SMB_ACL_TYPE_DEFAULT}; + SMB_ACL_T *sacl; + backup_orig_file = NULL; + backup_orig_fname = null_string; + backup_dest_fname = null_string; + for (type = &types[0], sacl = &_backup_sacl[0]; + type < &types[0] + sizeof types / sizeof types[0]; + type++) { + if (*sacl) + sys_acl_free_acl(*sacl); + *sacl = NULL; + } + } +} + +/* set ACL on rsync-ed or keep_backup-ed file */ + +int set_acl(const char *fname, const struct file_struct *file) +{ + int updated = 0; + SMB_ACL_TYPE_T *type, + types[] = {SMB_ACL_TYPE_ACCESS, SMB_ACL_TYPE_DEFAULT}; + if (dry_run || !preserve_acls || S_ISLNK(file->mode)) + return 0; + if (file == backup_orig_file) { + if (!strcmp(fname, backup_dest_fname)) + return set_keep_backup_acl(); + } + for (type = &types[0]; + type < &types[0] + sizeof types / sizeof types[0] + && (*type == SMB_ACL_TYPE_ACCESS || S_ISDIR(file->mode)); + type++) { + SMB_ACL_T sacl_orig, *sacl_new; + rsync_acl racl_orig, *racl_new; + int aclidx = find_file_acl_index(file_acl_index_lists(*type), + file); + BOOL ok; + racl_new = &(rsync_acl_lists(*type)->racls[aclidx]); + sacl_new = &(smb_acl_lists(*type)->sacls[aclidx]); + sacl_orig = sys_acl_get_file(fname, *type); + if (!sacl_orig) { + rprintf(FERROR, "set_acl: sys_acl_get_file(%s, %s): %s\n", + fname, str_acl_type(*type), strerror(errno)); + updated = -1; + continue; + } + ok = unpack_smb_acl(&racl_orig, sacl_orig); + sys_acl_free_acl(sacl_orig); + if (!ok) { + updated = -1; + continue; + } + ok = rsync_acls_equal(&racl_orig, racl_new); + rsync_acl_free(&racl_orig); + if (ok) + continue; + if (*type == SMB_ACL_TYPE_DEFAULT && !racl_new->count) { + if (-1 == sys_acl_delete_def_file(fname)) { + rprintf(FERROR, "set_acl: sys_acl_delete_def_file(%s): %s\n", + fname, strerror(errno)); + updated = -1; + continue; + } + } else { + if (!*sacl_new) + if (!pack_smb_acl(sacl_new, racl_new)) { + updated = -1; + continue; + } + if (-1 == sys_acl_set_file(fname, *type, *sacl_new)) { + rprintf(FERROR, "set_acl: sys_acl_set_file(%s, %s): %s\n", + fname, str_acl_type(*type), + strerror(errno)); + updated = -1; + continue; + } + } + if (!updated) + updated = 1; + } + return updated; +} + +/* enumeration functions for uid mapping */ + +/* context -- one and only one. should be cycled through once on uid mapping + * and once on gid mapping */ +static rsync_acl_list *_enum_racl_lists[] = { + &_rsync_acl_lists[0], &_rsync_acl_lists[1], NULL +}; + +static rsync_acl_list **enum_racl_list = &_enum_racl_lists[0]; +static size_t enum_racl_index = 0; +static size_t enum_race_index = 0; + +/* this returns the next tag_type id from the given acl for the next entry, + * or it returns 0 if there are no more tag_type ids in the acl */ + +static id_t next_ace_id(SMB_ACL_TAG_T tag_type, const rsync_acl *racl) +{ + for (; enum_race_index < racl->count; enum_race_index++) { + rsync_ace *race = &racl->races[enum_race_index]; + if (race->tag_type == tag_type) + return race->id; + } + enum_race_index = 0; + return 0; +} + +static id_t next_acl_id(SMB_ACL_TAG_T tag_type, const rsync_acl_list *racl_list) +{ + for (; enum_racl_index < racl_list->count; enum_racl_index++) { + rsync_acl *racl = &racl_list->racls[enum_racl_index]; + id_t id = next_ace_id(tag_type, racl); + if (id) + return id; + } + enum_racl_index = 0; + return 0; +} + +static id_t next_acl_list_id(SMB_ACL_TAG_T tag_type) +{ + for (; *enum_racl_list; enum_racl_list++) { + id_t id = next_acl_id(tag_type, *enum_racl_list); + if (id) + return id; + } + enum_racl_list = &_enum_racl_lists[0]; + return 0; +} + +id_t next_acl_uid() +{ + return next_acl_list_id(SMB_ACL_USER); +} + +id_t next_acl_gid() +{ + return next_acl_list_id(SMB_ACL_GROUP); +} + +/* referring to the global context enum_entry, sets the entry's id */ +static void set_acl_id(id_t id) +{ + (*enum_racl_list)->racls[enum_racl_index].races[enum_race_index++].id = id; +} + +void acl_uid_map(id_t uid) +{ + set_acl_id(uid); +} + +void acl_gid_map(id_t gid) +{ + set_acl_id(gid); +} + + + +#endif /* SUPPORT_ACLS */ --- backup.c 13 May 2004 06:34:03 -0000 1.30 +++ backup.c 13 May 2004 17:58:42 -0000 @@ -104,6 +104,7 @@ static int make_bak_dir(char *fullpath) } else { do_lchown(fullpath, st.st_uid, st.st_gid); do_chmod(fullpath, st.st_mode); + (void)DUP_ACL(end, fullpath, st.st_mode); } } *p = '/'; @@ -165,6 +166,8 @@ static int keep_backup(char *fname) return 0; } + PUSH_KEEP_BACKUP_ACL(file, fname, backup_dir_buf); + #ifdef HAVE_MKNOD /* Check to see if this is a device file, or link */ if (IS_DEVICE(file->mode)) { @@ -235,6 +238,7 @@ static int keep_backup(char *fname) } } set_perms(backup_dir_buf, file, NULL, 0); + CLEANUP_KEEP_BACKUP_ACL(); free(file); if (verbose > 1) --- configure.in 30 Apr 2004 18:03:33 -0000 1.196 +++ configure.in 13 May 2004 17:58:44 -0000 @@ -434,6 +434,11 @@ if test x"$ac_cv_func_strcasecmp" = x"no AC_CHECK_LIB(resolv, strcasecmp) fi +AC_CHECK_FUNCS(aclsort) +if test x"$ac_cv_func_aclsort" = x"no"; then + AC_CHECK_LIB(sec, aclsort) +fi + dnl At the moment we don't test for a broken memcmp(), because all we dnl need to do is test for equality, not comparison, and it seems that dnl every platform has a memcmp that can do at least that. @@ -654,6 +659,74 @@ AC_SUBST(OBJ_SAVE) AC_SUBST(OBJ_RESTORE) AC_SUBST(CC_SHOBJ_FLAG) AC_SUBST(BUILD_POPT) + +AC_CHECK_HEADERS(sys/acl.h) +AC_CHECK_FUNCS(_acl __acl _facl __facl) +################################################# +# check for ACL support + +AC_MSG_CHECKING(whether to support ACLs) +AC_ARG_WITH(acl-support, +[ --with-acl-support Include ACL support (default=no)], +[ case "$withval" in + yes) + + case "$host_os" in + *sysv5*) + AC_MSG_RESULT(Using UnixWare ACLs) + AC_DEFINE(HAVE_UNIXWARE_ACLS, 1, [true if you have UnixWare ACLs]) + ;; + *solaris*) + AC_MSG_RESULT(Using solaris ACLs) + AC_DEFINE(HAVE_SOLARIS_ACLS, 1, [true if you have solaris ACLs]) + ;; + *hpux*) + AC_MSG_RESULT(Using HPUX ACLs) + AC_DEFINE(HAVE_HPUX_ACLS, 1, [true if you have HPUX ACLs]) + ;; + *irix*) + AC_MSG_RESULT(Using IRIX ACLs) + AC_DEFINE(HAVE_IRIX_ACLS, 1, [true if you have IRIX ACLs]) + ;; + *aix*) + AC_MSG_RESULT(Using AIX ACLs) + AC_DEFINE(HAVE_AIX_ACLS, 1, [true if you have AIX ACLs]) + ;; + *osf*) + AC_MSG_RESULT(Using Tru64 ACLs) + AC_DEFINE(HAVE_TRU64_ACLS, 1, [true if you have Tru64 ACLs]) + LIBS="$LIBS -lpacl" + ;; + *) + AC_CHECK_LIB(acl,acl_get_file) + AC_CACHE_CHECK([for ACL support],samba_cv_HAVE_POSIX_ACLS,[ + AC_TRY_LINK([#include +#include ], +[ acl_t acl; int entry_id; acl_entry_t *entry_p; return acl_get_entry( acl, entry_id, entry_p);], +samba_cv_HAVE_POSIX_ACLS=yes,samba_cv_HAVE_POSIX_ACLS=no)]) + if test x"$samba_cv_HAVE_POSIX_ACLS" = x"yes"; then + AC_MSG_RESULT(Using posix ACLs) + AC_DEFINE(HAVE_POSIX_ACLS, 1, [true if you have posix ACLs]) + AC_CACHE_CHECK([for acl_get_perm_np],samba_cv_HAVE_ACL_GET_PERM_NP,[ + AC_TRY_LINK([#include +#include ], +[ acl_permset_t permset_d; acl_perm_t perm; return acl_get_perm_np( permset_d, perm);], +samba_cv_HAVE_ACL_GET_PERM_NP=yes,samba_cv_HAVE_ACL_GET_PERM_NP=no)]) + if test x"$samba_cv_HAVE_ACL_GET_PERM_NP" = x"yes"; then + AC_DEFINE(HAVE_ACL_GET_PERM_NP, 1, [true if you have acl_get_perm_np]) + fi + fi + ;; + esac + ;; + *) + AC_MSG_RESULT(no) + AC_DEFINE(HAVE_NO_ACLS, 1, [true if you don't have ACLs]) + ;; + esac ], + AC_DEFINE(HAVE_NO_ACLS, 1, [true if you don't have ACLs]) + AC_MSG_RESULT(no) +) AC_CONFIG_FILES([Makefile lib/dummy zlib/dummy popt/dummy shconfig]) AC_OUTPUT --- flist.c 11 May 2004 17:25:16 -0000 1.221 +++ flist.c 13 May 2004 17:58:44 -0000 @@ -931,6 +931,8 @@ void send_file_name(int f, struct file_l if (!file) return; + if (!MAKE_ACL(file, fname)) + return; maybe_emit_filelist_progress(flist); @@ -942,6 +944,10 @@ void send_file_name(int f, struct file_l if (file->basename[0]) { flist->files[flist->count++] = file; send_file_entry(file, f, base_flags); + SEND_ACL(file, f); + } else { + /* Cleanup unsent ACL(s). */ + SEND_ACL(file, -1); } if (recursive && S_ISDIR(file->mode) @@ -1257,6 +1263,8 @@ struct file_list *recv_file_list(int f) flags |= read_byte(f) << 8; receive_file_entry(&flist->files[i], flags, flist, f); + RECEIVE_ACL(flist->files[i], f); + if (S_ISREG(flist->files[i]->mode)) stats.total_size += flist->files[i]->length; @@ -1278,6 +1286,8 @@ struct file_list *recv_file_list(int f) finish_filelist_progress(flist); clean_flist(flist, relative_paths, 1); + + SORT_FILE_ACL_INDEX_LISTS(); if (f != -1) { /* Now send the uid/gid list. This was introduced in --- generator.c 13 May 2004 06:55:01 -0000 1.82 +++ generator.c 13 May 2004 17:58:45 -0000 @@ -328,6 +328,10 @@ void recv_generator(char *fname, struct permission and modification time repair */ if (set_perms(fname,file,NULL,0) && verbose && (f_out != -1)) rprintf(FINFO,"%s/\n",fname); +#if SUPPORT_ACLS + if (f_out == -1) + SET_ACL(fname, file); +#endif return; } --- mkproto.awk 1 Jan 2004 21:10:50 -0000 1.6 +++ mkproto.awk 13 May 2004 17:58:45 -0000 @@ -58,7 +58,7 @@ BEGIN { next; } -!/^OFF_T|^size_t|^off_t|^pid_t|^unsigned|^mode_t|^DIR|^user|^int|^char|^uint|^struct|^BOOL|^void|^time|^const/ { +!/^OFF_T|^size_t|^off_t|^pid_t|^unsigned|^mode_t|^DIR|^user|^int|^char|^uint|^struct|^BOOL|^void|^time|^const|^SMB_ACL_T|^id_t/ { next; } --- options.c 6 May 2004 21:08:01 -0000 1.148 +++ options.c 13 May 2004 17:58:45 -0000 @@ -41,6 +41,7 @@ int archive_mode = 0; int copy_links = 0; int preserve_links = 0; int preserve_hard_links = 0; +int preserve_acls = 0; int preserve_perms = 0; int preserve_devices = 0; int preserve_uid = 0; @@ -147,6 +148,7 @@ static void print_rsync_version(enum log { char const *got_socketpair = "no "; char const *hardlinks = "no "; + char const *acls = "no "; char const *links = "no "; char const *ipv6 = "no "; STRUCT_STAT *dumstat; @@ -159,6 +161,10 @@ static void print_rsync_version(enum log hardlinks = ""; #endif +#if SUPPORT_ACLS + acls = ""; +#endif + #if SUPPORT_LINKS links = ""; #endif @@ -173,9 +179,9 @@ static void print_rsync_version(enum log "Copyright (C) 1996-2004 by Andrew Tridgell and others\n"); rprintf(f, "\n"); rprintf(f, "Capabilities: %d-bit files, %ssocketpairs, " - "%shard links, %ssymlinks, batchfiles, \n", + "%shard links, %sacls, %ssymlinks, batchfiles, \n", (int) (sizeof (OFF_T) * 8), - got_socketpair, hardlinks, links); + got_socketpair, hardlinks, acls, links); /* Note that this field may not have type ino_t. It depends * on the complicated interaction between largefile feature @@ -237,6 +243,7 @@ void usage(enum logcode F) rprintf(F," --safe-links ignore \"unsafe\" symlinks\n"); rprintf(F," -H, --hard-links preserve hard links\n"); rprintf(F," -p, --perms preserve permissions\n"); + rprintf(F," -A, --acls preserve ACLs (implies --perms)\n"); rprintf(F," -o, --owner preserve owner (root only)\n"); rprintf(F," -g, --group preserve group\n"); rprintf(F," -D, --devices preserve devices (root only)\n"); @@ -380,6 +387,7 @@ static struct poptOption long_options[] {"address", 0, POPT_ARG_STRING, &bind_address, 0, 0, 0 }, {"backup-dir", 0, POPT_ARG_STRING, &backup_dir, 0, 0, 0 }, {"hard-links", 'H', POPT_ARG_NONE, &preserve_hard_links, 0, 0, 0 }, + {"acls", 'A', POPT_ARG_NONE, &preserve_acls, 0, 0, 0 }, {"read-batch", 0, POPT_ARG_STRING, &batch_prefix, OPT_READ_BATCH, 0, 0 }, {"write-batch", 0, POPT_ARG_STRING, &batch_prefix, OPT_WRITE_BATCH, 0, 0 }, {"files-from", 0, POPT_ARG_STRING, &files_from, 0, 0, 0 }, @@ -584,6 +592,31 @@ int parse_arguments(int *argc, const cha return 0; #endif + case 'A': +#if SUPPORT_ACLS + preserve_acls = 1; + preserve_perms = 1; +#else + /* FIXME: this should probably be ignored with a + * warning and then countermeasures taken to + * restrict group and other access in the presence + * of any more restrictive ACLs, but this is safe + * for now */ + /* FIXME: Don't say "server" if this is + * happening on the client. */ + /* FIXME: Why do we have the duplicated + * rprintf? Everybody who gets this message + * ought to send it to the client and also to + * the logs. */ + snprintf(err_buf,sizeof(err_buf), + "ACLs are not supported on this %s\n", + am_server ? "server" : "client"); + rprintf(FERROR,"ERROR: ACLs not supported on this platform\n"); + return 0; +#endif /* SUPPORT_ACLS */ + break; + + default: /* A large opt value means that set_refuse_options() * turned this option off (opt-BASE is its index). */ @@ -815,6 +848,8 @@ void server_options(char **args,int *arg if (preserve_hard_links) argstr[x++] = 'H'; + if (preserve_acls) + argstr[x++] = 'A'; if (preserve_uid) argstr[x++] = 'o'; if (preserve_gid) --- rsync.c 13 May 2004 07:08:25 -0000 1.136 +++ rsync.c 13 May 2004 17:58:45 -0000 @@ -204,6 +204,14 @@ int set_perms(char *fname,struct file_st } #endif + /* If this is a directory, SET_ACL() will be called on the cleanup + * receive_generator() pass--if we called it here, we might clobber + * writability on the directory. everything else is OK to do now. */ + if (!S_ISDIR(st->st_mode)) { + if (SET_ACL(fname, file) == 0) + updated = 1; + } + if (verbose > 1 && flags & PERMS_REPORT) { if (updated) rprintf(FINFO,"%s\n",fname); --- rsync.h 13 May 2004 06:53:23 -0000 1.202 +++ rsync.h 13 May 2004 17:58:45 -0000 @@ -537,6 +537,40 @@ static inline int flist_up(struct file_l #include "lib/permstring.h" #include "lib/addrinfo.h" +#define SUPPORT_ACLS HAVE_POSIX_ACLS|HAVE_UNIXWARE_ACLS|HAVE_SOLARIS_ACLS|\ + HAVE_HPUX_ACLS|HAVE_IRIX_ACLS|HAVE_AIX_ACLS|HAVE_TRU64_ACLS + +#define ACLS_NEED_MASK HAVE_UNIXWARE_ACLS|HAVE_SOLARIS_ACLS|HAVE_HPUX_ACLS + +#if SUPPORT_ACLS +#ifdef HAVE_SYS_ACL_H +#include +#endif +#define MAKE_ACL(file, fname) make_acl(file, fname) +#define SEND_ACL(file, f) send_acl(file, f) +#define RECEIVE_ACL(file, f) receive_acl(file, f) +#define SORT_FILE_ACL_INDEX_LISTS() sort_file_acl_index_lists() +#define SET_ACL(fname, file) set_acl(fname, file) +#define NEXT_ACL_UID() next_acl_uid() +#define ACL_UID_MAP(uid) acl_uid_map(uid) +#define PUSH_KEEP_BACKUP_ACL(file, orig, dest) \ + push_keep_backup_acl(file, orig, dest) +#define CLEANUP_KEEP_BACKUP_ACL() cleanup_keep_backup_acl() +#define DUP_ACL(orig, dest, mode) dup_acl(orig, dest, mode) +#else /* SUPPORT_ACLS */ +#define MAKE_ACL(file, fname) 1 /* checked return value */ +#define SEND_ACL(file, f) +#define RECEIVE_ACL(file, f) +#define SORT_FILE_ACL_INDEX_LISTS() +#define SET_ACL(fname, file) 0 /* checked return value */ +#define NEXT_ACL_UID() +#define ACL_UID_MAP(uid) +#define PUSH_KEEP_BACKUP_ACL(file, orig, dest) +#define CLEANUP_KEEP_BACKUP_ACL() +#define DUP_ACL(src, orig, mode) 0 /* checked return value */ +#endif /* SUPPORT_ACLS */ +#include "smb_acls.h" + #include "proto.h" /* We have replacement versions of these if they're missing. */ --- rsync.yo 7 May 2004 00:18:37 -0000 1.169 +++ rsync.yo 13 May 2004 17:58:46 -0000 @@ -295,6 +295,7 @@ verb( --safe-links ignore "unsafe" symlinks -H, --hard-links preserve hard links -p, --perms preserve permissions + -A, --acls preserve ACLs (implies -p) [local option] -o, --owner preserve owner (root only) -g, --group preserve group -D, --devices preserve devices (root only) @@ -520,6 +521,11 @@ Without this option, each new file gets source file's permissions and the umask at the receiving end, while all other files (including updated files) retain their existing permissions (which is the same behavior as other file-copy utilities, such as cp). + +dit(bf(-A, --acls)) This option causes rsync to update the remote +ACLs to be the same as the local ACLs. This will work only if the +remote machine's rsync supports this option also. This is a non-standard +option. dit(bf(-o, --owner)) This option causes rsync to set the owner of the destination file to be the same as the source file. On most systems, --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ smb_acls.h 13 May 2004 17:58:46 -0000 @@ -0,0 +1,277 @@ +/* + Unix SMB/Netbios implementation. + Version 2.2.x + Portable SMB ACL interface + Copyright (C) Jeremy Allison 2000 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#ifndef _SMB_ACLS_H +#define _SMB_ACLS_H + +#if defined(HAVE_POSIX_ACLS) + +/* This is an identity mapping (just remove the SMB_). */ + +#define SMB_ACL_TAG_T acl_tag_t +#define SMB_ACL_TYPE_T acl_type_t +#define SMB_ACL_PERMSET_T acl_permset_t +#define SMB_ACL_PERM_T acl_perm_t +#define SMB_ACL_READ ACL_READ +#define SMB_ACL_WRITE ACL_WRITE +#define SMB_ACL_EXECUTE ACL_EXECUTE + +/* Types of ACLs. */ +#define SMB_ACL_USER ACL_USER +#define SMB_ACL_USER_OBJ ACL_USER_OBJ +#define SMB_ACL_GROUP ACL_GROUP +#define SMB_ACL_GROUP_OBJ ACL_GROUP_OBJ +#define SMB_ACL_OTHER ACL_OTHER +#define SMB_ACL_MASK ACL_MASK + +#define SMB_ACL_T acl_t + +#define SMB_ACL_ENTRY_T acl_entry_t + +#define SMB_ACL_FIRST_ENTRY ACL_FIRST_ENTRY +#define SMB_ACL_NEXT_ENTRY ACL_NEXT_ENTRY + +#define SMB_ACL_TYPE_ACCESS ACL_TYPE_ACCESS +#define SMB_ACL_TYPE_DEFAULT ACL_TYPE_DEFAULT + +#elif defined(HAVE_TRU64_ACLS) + +/* This is for DEC/Compaq Tru64 UNIX */ + +#define SMB_ACL_TAG_T acl_tag_t +#define SMB_ACL_TYPE_T acl_type_t +#define SMB_ACL_PERMSET_T acl_permset_t +#define SMB_ACL_PERM_T acl_perm_t +#define SMB_ACL_READ ACL_READ +#define SMB_ACL_WRITE ACL_WRITE +#define SMB_ACL_EXECUTE ACL_EXECUTE + +/* Types of ACLs. */ +#define SMB_ACL_USER ACL_USER +#define SMB_ACL_USER_OBJ ACL_USER_OBJ +#define SMB_ACL_GROUP ACL_GROUP +#define SMB_ACL_GROUP_OBJ ACL_GROUP_OBJ +#define SMB_ACL_OTHER ACL_OTHER +#define SMB_ACL_MASK ACL_MASK + +#define SMB_ACL_T acl_t + +#define SMB_ACL_ENTRY_T acl_entry_t + +#define SMB_ACL_FIRST_ENTRY 0 +#define SMB_ACL_NEXT_ENTRY 1 + +#define SMB_ACL_TYPE_ACCESS ACL_TYPE_ACCESS +#define SMB_ACL_TYPE_DEFAULT ACL_TYPE_DEFAULT + +#elif defined(HAVE_UNIXWARE_ACLS) || defined(HAVE_SOLARIS_ACLS) +/* + * Donated by Michael Davidson for UnixWare / OpenUNIX. + * Modified by Toomas Soome for Solaris. + */ + +/* SVR4.2 ES/MP ACLs */ +typedef int SMB_ACL_TAG_T; +typedef int SMB_ACL_TYPE_T; +typedef ushort *SMB_ACL_PERMSET_T; +typedef ushort SMB_ACL_PERM_T; +#define SMB_ACL_READ 4 +#define SMB_ACL_WRITE 2 +#define SMB_ACL_EXECUTE 1 + +/* Types of ACLs. */ +#define SMB_ACL_USER USER +#define SMB_ACL_USER_OBJ USER_OBJ +#define SMB_ACL_GROUP GROUP +#define SMB_ACL_GROUP_OBJ GROUP_OBJ +#define SMB_ACL_OTHER OTHER_OBJ +#define SMB_ACL_MASK CLASS_OBJ + +typedef struct SMB_ACL_T { + int size; + int count; + int next; + struct acl acl[1]; +} *SMB_ACL_T; + +typedef struct acl *SMB_ACL_ENTRY_T; + +#define SMB_ACL_FIRST_ENTRY 0 +#define SMB_ACL_NEXT_ENTRY 1 + +#define SMB_ACL_TYPE_ACCESS 0 +#define SMB_ACL_TYPE_DEFAULT 1 + +#elif defined(HAVE_HPUX_ACLS) + +/* + * Based on the Solaris & UnixWare code. + */ + +#undef GROUP +#include + +/* SVR4.2 ES/MP ACLs */ +typedef int SMB_ACL_TAG_T; +typedef int SMB_ACL_TYPE_T; +typedef ushort *SMB_ACL_PERMSET_T; +typedef ushort SMB_ACL_PERM_T; +#define SMB_ACL_READ 4 +#define SMB_ACL_WRITE 2 +#define SMB_ACL_EXECUTE 1 + +/* Types of ACLs. */ +#define SMB_ACL_USER USER +#define SMB_ACL_USER_OBJ USER_OBJ +#define SMB_ACL_GROUP GROUP +#define SMB_ACL_GROUP_OBJ GROUP_OBJ +#define SMB_ACL_OTHER OTHER_OBJ +#define SMB_ACL_MASK CLASS_OBJ + +typedef struct SMB_ACL_T { + int size; + int count; + int next; + struct acl acl[1]; +} *SMB_ACL_T; + +typedef struct acl *SMB_ACL_ENTRY_T; + +#define SMB_ACL_FIRST_ENTRY 0 +#define SMB_ACL_NEXT_ENTRY 1 + +#define SMB_ACL_TYPE_ACCESS 0 +#define SMB_ACL_TYPE_DEFAULT 1 + +#elif defined(HAVE_IRIX_ACLS) + +#define SMB_ACL_TAG_T acl_tag_t +#define SMB_ACL_TYPE_T acl_type_t +#define SMB_ACL_PERMSET_T acl_permset_t +#define SMB_ACL_PERM_T acl_perm_t +#define SMB_ACL_READ ACL_READ +#define SMB_ACL_WRITE ACL_WRITE +#define SMB_ACL_EXECUTE ACL_EXECUTE + +/* Types of ACLs. */ +#define SMB_ACL_USER ACL_USER +#define SMB_ACL_USER_OBJ ACL_USER_OBJ +#define SMB_ACL_GROUP ACL_GROUP +#define SMB_ACL_GROUP_OBJ ACL_GROUP_OBJ +#define SMB_ACL_OTHER ACL_OTHER_OBJ +#define SMB_ACL_MASK ACL_MASK + +typedef struct SMB_ACL_T { + int next; + BOOL freeaclp; + struct acl *aclp; +} *SMB_ACL_T; + +#define SMB_ACL_ENTRY_T acl_entry_t + +#define SMB_ACL_FIRST_ENTRY 0 +#define SMB_ACL_NEXT_ENTRY 1 + +#define SMB_ACL_TYPE_ACCESS ACL_TYPE_ACCESS +#define SMB_ACL_TYPE_DEFAULT ACL_TYPE_DEFAULT + +#elif defined(HAVE_AIX_ACLS) + +/* Donated by Medha Date, mdate@austin.ibm.com, for IBM */ + +#include "/usr/include/acl.h" + +typedef uint *SMB_ACL_PERMSET_T; + +struct acl_entry_link{ + struct acl_entry_link *prevp; + struct new_acl_entry *entryp; + struct acl_entry_link *nextp; + int count; +}; + +struct new_acl_entry{ + unsigned short ace_len; + unsigned short ace_type; + unsigned int ace_access; + struct ace_id ace_id[1]; +}; + +#define SMB_ACL_ENTRY_T struct new_acl_entry* +#define SMB_ACL_T struct acl_entry_link* + +#define SMB_ACL_TAG_T unsigned short +#define SMB_ACL_TYPE_T int +#define SMB_ACL_PERM_T uint +#define SMB_ACL_READ S_IRUSR +#define SMB_ACL_WRITE S_IWUSR +#define SMB_ACL_EXECUTE S_IXUSR + +/* Types of ACLs. */ +#define SMB_ACL_USER ACEID_USER +#define SMB_ACL_USER_OBJ 3 +#define SMB_ACL_GROUP ACEID_GROUP +#define SMB_ACL_GROUP_OBJ 4 +#define SMB_ACL_OTHER 5 +#define SMB_ACL_MASK 6 + + +#define SMB_ACL_FIRST_ENTRY 1 +#define SMB_ACL_NEXT_ENTRY 2 + +#define SMB_ACL_TYPE_ACCESS 0 +#define SMB_ACL_TYPE_DEFAULT 1 + +#else /* No ACLs. */ + +/* No ACLS - fake it. */ +#define SMB_ACL_TAG_T int +#define SMB_ACL_TYPE_T int +#define SMB_ACL_PERMSET_T mode_t +#define SMB_ACL_PERM_T mode_t +#define SMB_ACL_READ S_IRUSR +#define SMB_ACL_WRITE S_IWUSR +#define SMB_ACL_EXECUTE S_IXUSR + +/* Types of ACLs. */ +#define SMB_ACL_USER 0 +#define SMB_ACL_USER_OBJ 1 +#define SMB_ACL_GROUP 2 +#define SMB_ACL_GROUP_OBJ 3 +#define SMB_ACL_OTHER 4 +#define SMB_ACL_MASK 5 + +typedef struct SMB_ACL_T { + int dummy; +} *SMB_ACL_T; + +typedef struct SMB_ACL_ENTRY_T { + int dummy; +} *SMB_ACL_ENTRY_T; + +#define SMB_ACL_FIRST_ENTRY 0 +#define SMB_ACL_NEXT_ENTRY 1 + +#define SMB_ACL_TYPE_ACCESS 0 +#define SMB_ACL_TYPE_DEFAULT 1 + +#endif /* No ACLs. */ +#endif /* _SMB_ACLS_H */ --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ sysacls.c 13 May 2004 17:58:47 -0000 @@ -0,0 +1,3117 @@ +/* + Unix SMB/Netbios implementation. + Version 2.2. + Samba system utilities for ACL support. + Copyright (C) Jeremy Allison 2000. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "rsync.h" + +/* + This file wraps all differing system ACL interfaces into a consistent + one based on the POSIX interface. It also returns the correct errors + for older UNIX systems that don't support ACLs. + + The interfaces that each ACL implementation must support are as follows: + + int sys_acl_get_entry(SMB_ACL_T theacl, int entry_id, SMB_ACL_ENTRY_T *entry_p) + int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p) + int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p + void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d) + SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type) + SMB_ACL_T sys_acl_get_fd(int fd) + int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset); + int sys_acl_add_perm(SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm); + char *sys_acl_to_text(SMB_ACL_T theacl, ssize_t *plen) + SMB_ACL_T sys_acl_init(int count) + int sys_acl_create_entry(SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry) + int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype) + int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry, void *qual) + int sys_acl_set_permset(SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset) + int sys_acl_valid(SMB_ACL_T theacl) + int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) + int sys_acl_set_fd(int fd, SMB_ACL_T theacl) + int sys_acl_delete_def_file(const char *path) + + This next one is not POSIX complient - but we *have* to have it ! + More POSIX braindamage. + + int sys_acl_get_perm(SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) + + The generic POSIX free is the following call. We split this into + several different free functions as we may need to add tag info + to structures when emulating the POSIX interface. + + int sys_acl_free(void *obj_p) + + The calls we actually use are: + + int sys_acl_free_text(char *text) - free acl_to_text + int sys_acl_free_acl(SMB_ACL_T posix_acl) + int sys_acl_free_qualifier(void *qualifier, SMB_ACL_TAG_T tagtype) + +*/ + +#if defined(HAVE_POSIX_ACLS) + +/* Identity mapping - easy. */ + +int sys_acl_get_entry(SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p) +{ + return acl_get_entry(the_acl, entry_id, entry_p); +} + +int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p) +{ + return acl_get_tag_type(entry_d, tag_type_p); +} + +int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p) +{ + return acl_get_permset(entry_d, permset_p); +} + +void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d) +{ + return acl_get_qualifier(entry_d); +} + +SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type) +{ + return acl_get_file(path_p, type); +} + +SMB_ACL_T sys_acl_get_fd(int fd) +{ + return acl_get_fd(fd); +} + +int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset) +{ + return acl_clear_perms(permset); +} + +int sys_acl_add_perm(SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) +{ + return acl_add_perm(permset, perm); +} + +int sys_acl_get_perm(SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) +{ +#if defined(HAVE_ACL_GET_PERM_NP) + /* Required for TrustedBSD-based ACL implementations where + * non-POSIX.1e functions are denoted by a _np (non-portable) + * suffix. */ + return acl_get_perm_np(permset, perm); +#else + return acl_get_perm(permset, perm); +#endif +} + +char *sys_acl_to_text(SMB_ACL_T the_acl, ssize_t *plen) +{ + return acl_to_text(the_acl, plen); +} + +SMB_ACL_T sys_acl_init(int count) +{ + return acl_init(count); +} + +int sys_acl_create_entry(SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry) +{ + return acl_create_entry(pacl, pentry); +} + +int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype) +{ + return acl_set_tag_type(entry, tagtype); +} + +int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry, void *qual) +{ + return acl_set_qualifier(entry, qual); +} + +int sys_acl_set_permset(SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset) +{ + return acl_set_permset(entry, permset); +} + +int sys_acl_valid(SMB_ACL_T theacl) +{ + return acl_valid(theacl); +} + +int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) +{ + return acl_set_file(name, acltype, theacl); +} + +int sys_acl_set_fd(int fd, SMB_ACL_T theacl) +{ + return acl_set_fd(fd, theacl); +} + +int sys_acl_delete_def_file(const char *name) +{ + return acl_delete_def_file(name); +} + +int sys_acl_free_text(char *text) +{ + return acl_free(text); +} + +int sys_acl_free_acl(SMB_ACL_T the_acl) +{ + return acl_free(the_acl); +} + +int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype) +{ + return acl_free(qual); +} + +#elif defined(HAVE_TRU64_ACLS) +/* The interface to DEC/Compaq Tru64 UNIX ACLs + * is based on Draft 13 of the POSIX spec which is + * slightly different from the Draft 16 interface. + * + * Also, some of the permset manipulation functions + * such as acl_clear_perm() and acl_add_perm() appear + * to be broken on Tru64 so we have to manipulate + * the permission bits in the permset directly. */ + int sys_acl_get_entry(SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p) +{ + SMB_ACL_ENTRY_T entry; + + if (entry_id == SMB_ACL_FIRST_ENTRY && acl_first_entry(the_acl) != 0) { + return -1; + } + + errno = 0; + if ((entry = acl_get_entry(the_acl)) != NULL) { + *entry_p = entry; + return 1; + } + + return errno ? -1 : 0; +} + + int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p) +{ + return acl_get_tag_type(entry_d, tag_type_p); +} + + int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p) +{ + return acl_get_permset(entry_d, permset_p); +} + + void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d) +{ + return acl_get_qualifier(entry_d); +} + + SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type) +{ + return acl_get_file((char *)path_p, type); +} + + SMB_ACL_T sys_acl_get_fd(int fd) +{ + return acl_get_fd(fd, ACL_TYPE_ACCESS); +} + + int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset) +{ + *permset = 0; /* acl_clear_perm() is broken on Tru64 */ + + return 0; +} + + int sys_acl_add_perm(SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) +{ + if (perm & ~(SMB_ACL_READ | SMB_ACL_WRITE | SMB_ACL_EXECUTE)) { + errno = EINVAL; + return -1; + } + + *permset |= perm; /* acl_add_perm() is broken on Tru64 */ + + return 0; +} + + int sys_acl_get_perm(SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) +{ + return *permset & perm; /* Tru64 doesn't have acl_get_perm() */ +} + + char *sys_acl_to_text(SMB_ACL_T the_acl, ssize_t *plen) +{ + return acl_to_text(the_acl, plen); +} + + SMB_ACL_T sys_acl_init(int count) +{ + return acl_init(count); +} + + int sys_acl_create_entry(SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry) +{ + SMB_ACL_ENTRY_T entry; + + if ((entry = acl_create_entry(pacl)) == NULL) { + return -1; + } + + *pentry = entry; + return 0; +} + + int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype) +{ + return acl_set_tag_type(entry, tagtype); +} + + int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry, void *qual) +{ + return acl_set_qualifier(entry, qual); +} + + int sys_acl_set_permset(SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset) +{ + return acl_set_permset(entry, permset); +} + + int sys_acl_valid(SMB_ACL_T theacl) +{ + acl_entry_t entry; + + return acl_valid(theacl, &entry); +} + + int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) +{ + return acl_set_file((char *)name, acltype, theacl); +} + + int sys_acl_set_fd(int fd, SMB_ACL_T theacl) +{ + return acl_set_fd(fd, ACL_TYPE_ACCESS, theacl); +} + + int sys_acl_delete_def_file(const char *name) +{ + return acl_delete_def_file((char *)name); +} + + int sys_acl_free_text(char *text) +{ + /* (void) cast and explicit return 0 are for DEC UNIX + * which just #defines acl_free_text() to be free(). */ + (void) acl_free_text(text); + return 0; +} + + int sys_acl_free_acl(SMB_ACL_T the_acl) +{ + return acl_free(the_acl); +} + + int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype) +{ + return acl_free_qualifier(qual, tagtype); +} + +#elif defined(HAVE_UNIXWARE_ACLS) || defined(HAVE_SOLARIS_ACLS) + +/* Donated by Michael Davidson for UnixWare / OpenUNIX. + * Modified by Toomas Soome for Solaris. */ + +/* Note that while this code implements sufficient functionality + * to support the sys_acl_* interfaces it does not provide all + * of the semantics of the POSIX ACL interfaces. + * + * In particular, an ACL entry descriptor (SMB_ACL_ENTRY_T) returned + * from a call to sys_acl_get_entry() should not be assumed to be + * valid after calling any of the following functions, which may + * reorder the entries in the ACL. + * + * sys_acl_valid() + * sys_acl_set_file() + * sys_acl_set_fd() + */ + +/* The only difference between Solaris and UnixWare / OpenUNIX is + * that the #defines for the ACL operations have different names. */ +#if defined(HAVE_UNIXWARE_ACLS) + +#define SETACL ACL_SET +#define GETACL ACL_GET +#define GETACLCNT ACL_CNT + +#endif + + + int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p) +{ + if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) { + errno = EINVAL; + return -1; + } + + if (entry_p == NULL) { + errno = EINVAL; + return -1; + } + + if (entry_id == SMB_ACL_FIRST_ENTRY) { + acl_d->next = 0; + } + + if (acl_d->next < 0) { + errno = EINVAL; + return -1; + } + + if (acl_d->next >= acl_d->count) { + return 0; + } + + *entry_p = &acl_d->acl[acl_d->next++]; + + return 1; +} + + int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p) +{ + *type_p = entry_d->a_type; + + return 0; +} + + int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p) +{ + *permset_p = &entry_d->a_perm; + + return 0; +} + + void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d) +{ + if (entry_d->a_type != SMB_ACL_USER + && entry_d->a_type != SMB_ACL_GROUP) { + errno = EINVAL; + return NULL; + } + + return &entry_d->a_id; +} + +/* There is no way of knowing what size the ACL returned by + * GETACL will be unless you first call GETACLCNT which means + * making an additional system call. + * + * In the hope of avoiding the cost of the additional system + * call in most cases, we initially allocate enough space for + * an ACL with INITIAL_ACL_SIZE entries. If this turns out to + * be too small then we use GETACLCNT to find out the actual + * size, reallocate the ACL buffer, and then call GETACL again. */ + +#define INITIAL_ACL_SIZE 16 + + SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type) +{ + SMB_ACL_T acl_d; + int count; /* # of ACL entries allocated */ + int naccess; /* # of access ACL entries */ + int ndefault; /* # of default ACL entries */ + + if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) { + errno = EINVAL; + return NULL; + } + + count = INITIAL_ACL_SIZE; + if ((acl_d = sys_acl_init(count)) == NULL) { + return NULL; + } + + /* If there isn't enough space for the ACL entries we use + * GETACLCNT to determine the actual number of ACL entries + * reallocate and try again. This is in a loop because it + * is possible that someone else could modify the ACL and + * increase the number of entries between the call to + * GETACLCNT and the call to GETACL. */ + while ((count = acl(path_p, GETACL, count, &acl_d->acl[0])) < 0 + && errno == ENOSPC) { + + sys_acl_free_acl(acl_d); + + if ((count = acl(path_p, GETACLCNT, 0, NULL)) < 0) { + return NULL; + } + + if ((acl_d = sys_acl_init(count)) == NULL) { + return NULL; + } + } + + if (count < 0) { + sys_acl_free_acl(acl_d); + return NULL; + } + + /* Calculate the number of access and default ACL entries. + * + * Note: we assume that the acl() system call returned a + * well formed ACL which is sorted so that all of the + * access ACL entries preceed any default ACL entries. */ + for (naccess = 0; naccess < count; naccess++) { + if (acl_d->acl[naccess].a_type & ACL_DEFAULT) + break; + } + ndefault = count - naccess; + + /* If the caller wants the default ACL we have to copy + * the entries down to the start of the acl[] buffer + * and mask out the ACL_DEFAULT flag from the type field. */ + if (type == SMB_ACL_TYPE_DEFAULT) { + int i, j; + + for (i = 0, j = naccess; i < ndefault; i++, j++) { + acl_d->acl[i] = acl_d->acl[j]; + acl_d->acl[i].a_type &= ~ACL_DEFAULT; + } + + acl_d->count = ndefault; + } else { + acl_d->count = naccess; + } + + return acl_d; +} + + SMB_ACL_T sys_acl_get_fd(int fd) +{ + SMB_ACL_T acl_d; + int count; /* # of ACL entries allocated */ + int naccess; /* # of access ACL entries */ + + count = INITIAL_ACL_SIZE; + if ((acl_d = sys_acl_init(count)) == NULL) { + return NULL; + } + + while ((count = facl(fd, GETACL, count, &acl_d->acl[0])) < 0 + && errno == ENOSPC) { + + sys_acl_free_acl(acl_d); + + if ((count = facl(fd, GETACLCNT, 0, NULL)) < 0) { + return NULL; + } + + if ((acl_d = sys_acl_init(count)) == NULL) { + return NULL; + } + } + + if (count < 0) { + sys_acl_free_acl(acl_d); + return NULL; + } + + /* Calculate the number of access ACL entries. */ + for (naccess = 0; naccess < count; naccess++) { + if (acl_d->acl[naccess].a_type & ACL_DEFAULT) + break; + } + + acl_d->count = naccess; + + return acl_d; +} + + int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d) +{ + *permset_d = 0; + + return 0; +} + + int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm) +{ + if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE + && perm != SMB_ACL_EXECUTE) { + errno = EINVAL; + return -1; + } + + if (permset_d == NULL) { + errno = EINVAL; + return -1; + } + + *permset_d |= perm; + + return 0; +} + + int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm) +{ + return *permset_d & perm; +} + + char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p) +{ + int i; + int len, maxlen; + char *text; + + /* Use an initial estimate of 20 bytes per ACL entry + * when allocating memory for the text representation + * of the ACL. */ + len = 0; + maxlen = 20 * acl_d->count; + if ((text = malloc(maxlen)) == NULL) { + errno = ENOMEM; + return NULL; + } + + for (i = 0; i < acl_d->count; i++) { + struct acl *ap = &acl_d->acl[i]; + struct passwd *pw; + struct group *gr; + char tagbuf[12]; + char idbuf[12]; + char *tag; + char *id = ""; + char perms[4]; + int nbytes; + + switch (ap->a_type) { + /* For debugging purposes it's probably more + * useful to dump unknown tag types rather + * than just returning an error. */ + default: + snprintf(tagbuf, sizeof tagbuf - 1, "0x%x", + ap->a_type); + tag = tagbuf; + snprintf(idbuf, sizeof idbuf - 1, "%ld", + (long)ap->a_id); + id = idbuf; + break; + + case SMB_ACL_USER: + if ((pw = getpwuid(ap->a_id)) == NULL) { + snprintf(idbuf, sizeof idbuf - 1, "%ld", + (long)ap->a_id); + id = idbuf; + } else { + id = pw->pw_name; + } + case SMB_ACL_USER_OBJ: + tag = "user"; + break; + + case SMB_ACL_GROUP: + if ((gr = getgrgid(ap->a_id)) == NULL) { + snprintf(idbuf, sizeof idbuf - 1, "%ld", + (long)ap->a_id); + id = idbuf; + } else { + id = gr->gr_name; + } + case SMB_ACL_GROUP_OBJ: + tag = "group"; + break; + + case SMB_ACL_OTHER: + tag = "other"; + break; + + case SMB_ACL_MASK: + tag = "mask"; + break; + + } + + perms[0] = (ap->a_perm & SMB_ACL_READ) ? 'r' : '-'; + perms[1] = (ap->a_perm & SMB_ACL_WRITE) ? 'w' : '-'; + perms[2] = (ap->a_perm & SMB_ACL_EXECUTE) ? 'x' : '-'; + perms[3] = '\0'; + + /* : : rwx \n \0 */ + nbytes = strlen(tag) + 1 + strlen(id) + 1 + 3 + 1 + 1; + + /* If this entry would overflow the buffer + * allocate enough additional memory for this + * entry and an estimate of another 20 bytes + * for each entry still to be processed. */ + if ((len + nbytes) > maxlen) { + char *oldtext = text; + + maxlen += nbytes + 20 * (acl_d->count - i); + + if ((text = Realloc(oldtext, maxlen)) == NULL) { + free(oldtext); + errno = ENOMEM; + return NULL; + } + } + + snprintf(&text[len], nbytes-1, "%s:%s:%s\n", tag, id, perms); + len += nbytes - 1; + } + + if (len_p) + *len_p = len; + + return text; +} + + SMB_ACL_T sys_acl_init(int count) +{ + SMB_ACL_T a; + + if (count < 0) { + errno = EINVAL; + return NULL; + } + + /* Note that since the definition of the structure pointed + * to by the SMB_ACL_T includes the first element of the + * acl[] array, this actually allocates an ACL with room + * for (count+1) entries. */ + if ((a = malloc(sizeof a[0] + count * sizeof (struct acl))) == NULL) { + errno = ENOMEM; + return NULL; + } + + a->size = count + 1; + a->count = 0; + a->next = -1; + + return a; +} + + + int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p) +{ + SMB_ACL_T acl_d; + SMB_ACL_ENTRY_T entry_d; + + if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) { + errno = EINVAL; + return -1; + } + + if (acl_d->count >= acl_d->size) { + errno = ENOSPC; + return -1; + } + + entry_d = &acl_d->acl[acl_d->count++]; + entry_d->a_type = 0; + entry_d->a_id = -1; + entry_d->a_perm = 0; + *entry_p = entry_d; + + return 0; +} + + int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type) +{ + switch (tag_type) { + case SMB_ACL_USER: + case SMB_ACL_USER_OBJ: + case SMB_ACL_GROUP: + case SMB_ACL_GROUP_OBJ: + case SMB_ACL_OTHER: + case SMB_ACL_MASK: + entry_d->a_type = tag_type; + break; + default: + errno = EINVAL; + return -1; + } + + return 0; +} + + int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p) +{ + if (entry_d->a_type != SMB_ACL_GROUP + && entry_d->a_type != SMB_ACL_USER) { + errno = EINVAL; + return -1; + } + + entry_d->a_id = *((id_t *)qual_p); + + return 0; +} + + int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d) +{ + if (*permset_d & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) { + return EINVAL; + } + + entry_d->a_perm = *permset_d; + + return 0; +} + +/* Sort the ACL and check it for validity. + * + * If it's a minimal ACL with only 4 entries then we + * need to recalculate the mask permissions to make + * sure that they are the same as the GROUP_OBJ + * permissions as required by the UnixWare acl() system call. + * + * (Note: since POSIX allows minimal ACLs which only contain + * 3 entries - ie there is no mask entry - we should, in theory, + * check for this and add a mask entry if necessary - however + * we "know" that the caller of this interface always specifies + * a mask so, in practice "this never happens" (tm) - if it *does* + * happen aclsort() will fail and return an error and someone will + * have to fix it ...) */ + +static int acl_sort(SMB_ACL_T acl_d) +{ + int fixmask = (acl_d->count <= 4); + + if (aclsort(acl_d->count, fixmask, acl_d->acl) != 0) { + errno = EINVAL; + return -1; + } + return 0; +} + + int sys_acl_valid(SMB_ACL_T acl_d) +{ + return acl_sort(acl_d); +} + + int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d) +{ + struct stat s; + struct acl *acl_p; + int acl_count; + struct acl *acl_buf = NULL; + int ret; + + if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) { + errno = EINVAL; + return -1; + } + + if (acl_sort(acl_d) != 0) { + return -1; + } + + acl_p = &acl_d->acl[0]; + acl_count = acl_d->count; + + /* If it's a directory there is extra work to do since the acl() + * system call will replace both the access ACLs and the default + * ACLs (if any). */ + if (stat(name, &s) != 0) { + return -1; + } + if (S_ISDIR(s.st_mode)) { + SMB_ACL_T acc_acl; + SMB_ACL_T def_acl; + SMB_ACL_T tmp_acl; + int i; + + if (type == SMB_ACL_TYPE_ACCESS) { + acc_acl = acl_d; + def_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_DEFAULT); + + } else { + def_acl = acl_d; + acc_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_ACCESS); + } + + if (tmp_acl == NULL) { + return -1; + } + + /* Allocate a temporary buffer for the complete ACL. */ + acl_count = acc_acl->count + def_acl->count; + acl_p = acl_buf = malloc(acl_count * sizeof acl_buf[0]); + + if (acl_buf == NULL) { + sys_acl_free_acl(tmp_acl); + errno = ENOMEM; + return -1; + } + + /* Copy the access control and default entries into the buffer. */ + memcpy(&acl_buf[0], &acc_acl->acl[0], + acc_acl->count * sizeof acl_buf[0]); + + memcpy(&acl_buf[acc_acl->count], &def_acl->acl[0], + def_acl->count * sizeof acl_buf[0]); + + /* Set the ACL_DEFAULT flag on the default entries. */ + for (i = acc_acl->count; i < acl_count; i++) { + acl_buf[i].a_type |= ACL_DEFAULT; + } + + sys_acl_free_acl(tmp_acl); + + } else if (type != SMB_ACL_TYPE_ACCESS) { + errno = EINVAL; + return -1; + } + + ret = acl(name, SETACL, acl_count, acl_p); + + free(acl_buf); + + return ret; +} + + int sys_acl_set_fd(int fd, SMB_ACL_T acl_d) +{ + if (acl_sort(acl_d) != 0) { + return -1; + } + + return facl(fd, SETACL, acl_d->count, &acl_d->acl[0]); +} + + int sys_acl_delete_def_file(const char *path) +{ + SMB_ACL_T acl_d; + int ret; + + /* Fetching the access ACL and rewriting it has the effect of + * deleting the default ACL. */ + if ((acl_d = sys_acl_get_file(path, SMB_ACL_TYPE_ACCESS)) == NULL) { + return -1; + } + + ret = acl(path, SETACL, acl_d->count, acl_d->acl); + + sys_acl_free_acl(acl_d); + + return ret; +} + + int sys_acl_free_text(char *text) +{ + free(text); + return 0; +} + + int sys_acl_free_acl(SMB_ACL_T acl_d) +{ + free(acl_d); + return 0; +} + + int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype) +{ + return 0; +} + +#elif defined(HAVE_HPUX_ACLS) +#include + +/* Based on the Solaris/SCO code - with modifications. */ + +/* Note that while this code implements sufficient functionality + * to support the sys_acl_* interfaces it does not provide all + * of the semantics of the POSIX ACL interfaces. + * + * In particular, an ACL entry descriptor (SMB_ACL_ENTRY_T) returned + * from a call to sys_acl_get_entry() should not be assumed to be + * valid after calling any of the following functions, which may + * reorder the entries in the ACL. + * + * sys_acl_valid() + * sys_acl_set_file() + * sys_acl_set_fd() + */ + +/* This checks if the POSIX ACL system call is defined which basically + * corresponds to whether JFS 3.3 or higher is installed. If acl() was + * called when it isn't defined, it causes the process to core dump so + * it is important to check this and avoid acl() calls if it isn't + * there. */ + +static BOOL hpux_acl_call_presence(void) +{ + + shl_t handle = NULL; + void *value; + int ret_val=0; + static BOOL already_checked=0; + + if (already_checked) + return True; + + + ret_val = shl_findsym(&handle, "acl", TYPE_PROCEDURE, &value); + + if (ret_val != 0) { + DEBUG(5, ("hpux_acl_call_presence: shl_findsym() returned %d, errno = %d, error %s\n", + ret_val, errno, strerror(errno))); + DEBUG(5,("hpux_acl_call_presence: acl() system call is not present. Check if you have JFS 3.3 and above?\n")); + return False; + } + + DEBUG(10,("hpux_acl_call_presence: acl() system call is present. We have JFS 3.3 or above \n")); + + already_checked = True; + return True; +} + + int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p) +{ + if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) { + errno = EINVAL; + return -1; + } + + if (entry_p == NULL) { + errno = EINVAL; + return -1; + } + + if (entry_id == SMB_ACL_FIRST_ENTRY) { + acl_d->next = 0; + } + + if (acl_d->next < 0) { + errno = EINVAL; + return -1; + } + + if (acl_d->next >= acl_d->count) { + return 0; + } + + *entry_p = &acl_d->acl[acl_d->next++]; + + return 1; +} + + int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p) +{ + *type_p = entry_d->a_type; + + return 0; +} + + int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p) +{ + *permset_p = &entry_d->a_perm; + + return 0; +} + + void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d) +{ + if (entry_d->a_type != SMB_ACL_USER + && entry_d->a_type != SMB_ACL_GROUP) { + errno = EINVAL; + return NULL; + } + + return &entry_d->a_id; +} + +/* There is no way of knowing what size the ACL returned by + * ACL_GET will be unless you first call ACL_CNT which means + * making an additional system call. + * + * In the hope of avoiding the cost of the additional system + * call in most cases, we initially allocate enough space for + * an ACL with INITIAL_ACL_SIZE entries. If this turns out to + * be too small then we use ACL_CNT to find out the actual + * size, reallocate the ACL buffer, and then call ACL_GET again. + */ + +#define INITIAL_ACL_SIZE 16 + + SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type) +{ + SMB_ACL_T acl_d; + int count; /* # of ACL entries allocated */ + int naccess; /* # of access ACL entries */ + int ndefault; /* # of default ACL entries */ + + if (hpux_acl_call_presence() == False) { + /* Looks like we don't have the acl() system call on HPUX. + * May be the system doesn't have the latest version of JFS. */ + return NULL; + } + + if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) { + errno = EINVAL; + return NULL; + } + + count = INITIAL_ACL_SIZE; + if ((acl_d = sys_acl_init(count)) == NULL) { + return NULL; + } + + /* If there isn't enough space for the ACL entries we use + * ACL_CNT to determine the actual number of ACL entries + * reallocate and try again. This is in a loop because it + * is possible that someone else could modify the ACL and + * increase the number of entries between the call to + * ACL_CNT and the call to ACL_GET. */ + while ((count = acl(path_p, ACL_GET, count, &acl_d->acl[0])) < 0 && errno == ENOSPC) { + + sys_acl_free_acl(acl_d); + + if ((count = acl(path_p, ACL_CNT, 0, NULL)) < 0) { + return NULL; + } + + if ((acl_d = sys_acl_init(count)) == NULL) { + return NULL; + } + } + + if (count < 0) { + sys_acl_free_acl(acl_d); + return NULL; + } + + /* Calculate the number of access and default ACL entries. + * + * Note: we assume that the acl() system call returned a + * well formed ACL which is sorted so that all of the + * access ACL entries preceed any default ACL entries. */ + for (naccess = 0; naccess < count; naccess++) { + if (acl_d->acl[naccess].a_type & ACL_DEFAULT) + break; + } + ndefault = count - naccess; + + /* If the caller wants the default ACL we have to copy + * the entries down to the start of the acl[] buffer + * and mask out the ACL_DEFAULT flag from the type field. */ + if (type == SMB_ACL_TYPE_DEFAULT) { + int i, j; + + for (i = 0, j = naccess; i < ndefault; i++, j++) { + acl_d->acl[i] = acl_d->acl[j]; + acl_d->acl[i].a_type &= ~ACL_DEFAULT; + } + + acl_d->count = ndefault; + } else { + acl_d->count = naccess; + } + + return acl_d; +} + + SMB_ACL_T sys_acl_get_fd(int fd) +{ + /* HPUX doesn't have the facl call. Fake it using the path.... JRA. */ + + files_struct *fsp = file_find_fd(fd); + + if (fsp == NULL) { + errno = EBADF; + return NULL; + } + + /* We know we're in the same conn context. So we can use the + * relative path. */ + + return sys_acl_get_file(dos_to_unix_static(fsp->fsp_name), SMB_ACL_TYPE_ACCESS); +} + + int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d) +{ + *permset_d = 0; + + return 0; +} + + int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm) +{ + if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE + && perm != SMB_ACL_EXECUTE) { + errno = EINVAL; + return -1; + } + + if (permset_d == NULL) { + errno = EINVAL; + return -1; + } + + *permset_d |= perm; + + return 0; +} + + int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm) +{ + return *permset_d & perm; +} + + char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p) +{ + int i; + int len, maxlen; + char *text; + + /* Use an initial estimate of 20 bytes per ACL entry when + * allocating memory for the text representation of the ACL. */ + len = 0; + maxlen = 20 * acl_d->count; + if ((text = malloc(maxlen)) == NULL) { + errno = ENOMEM; + return NULL; + } + + for (i = 0; i < acl_d->count; i++) { + struct acl *ap = &acl_d->acl[i]; + struct passwd *pw; + struct group *gr; + char tagbuf[12]; + char idbuf[12]; + char *tag; + char *id = ""; + char perms[4]; + int nbytes; + + switch (ap->a_type) { + /* For debugging purposes it's probably more + * useful to dump unknown tag types rather + * than just returning an error. */ + default: + snprintf(tagbuf, sizeof tagbuf - 1, "0x%x", + ap->a_type); + tag = tagbuf; + snprintf(idbuf, sizeof idbuf - 1, "%ld", + (long)ap->a_id); + id = idbuf; + break; + + case SMB_ACL_USER: + if ((pw = getpwuid(ap->a_id)) == NULL) { + snprintf(idbuf, sizeof idbuf - 1, "%ld", + (long)ap->a_id); + id = idbuf; + } else { + id = pw->pw_name; + } + case SMB_ACL_USER_OBJ: + tag = "user"; + break; + + case SMB_ACL_GROUP: + if ((gr = getgrgid(ap->a_id)) == NULL) { + snprintf(idbuf, sizeof idbuf - 1, "%ld", + (long)ap->a_id); + id = idbuf; + } else { + id = gr->gr_name; + } + case SMB_ACL_GROUP_OBJ: + tag = "group"; + break; + + case SMB_ACL_OTHER: + tag = "other"; + break; + + case SMB_ACL_MASK: + tag = "mask"; + break; + + } + + perms[0] = (ap->a_perm & SMB_ACL_READ) ? 'r' : '-'; + perms[1] = (ap->a_perm & SMB_ACL_WRITE) ? 'w' : '-'; + perms[2] = (ap->a_perm & SMB_ACL_EXECUTE) ? 'x' : '-'; + perms[3] = '\0'; + + /* : : rwx \n \0 */ + nbytes = strlen(tag) + 1 + strlen(id) + 1 + 3 + 1 + 1; + + /* If this entry would overflow the buffer + * allocate enough additional memory for this + * entry and an estimate of another 20 bytes + * for each entry still to be processed. */ + if ((len + nbytes) > maxlen) { + char *oldtext = text; + + maxlen += nbytes + 20 * (acl_d->count - i); + + if ((text = Realloc(oldtext, maxlen)) == NULL) { + free(oldtext); + errno = ENOMEM; + return NULL; + } + } + + snprintf(&text[len], nbytes-1, "%s:%s:%s\n", tag, id, perms); + len += nbytes - 1; + } + + if (len_p) + *len_p = len; + + return text; +} + + SMB_ACL_T sys_acl_init(int count) +{ + SMB_ACL_T a; + + if (count < 0) { + errno = EINVAL; + return NULL; + } + + /* Note that since the definition of the structure pointed + * to by the SMB_ACL_T includes the first element of the + * acl[] array, this actually allocates an ACL with room + * for (count+1) entries. */ + if ((a = malloc(sizeof a[0] + count * sizeof (struct acl))) == NULL) { + errno = ENOMEM; + return NULL; + } + + a->size = count + 1; + a->count = 0; + a->next = -1; + + return a; +} + + + int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p) +{ + SMB_ACL_T acl_d; + SMB_ACL_ENTRY_T entry_d; + + if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) { + errno = EINVAL; + return -1; + } + + if (acl_d->count >= acl_d->size) { + errno = ENOSPC; + return -1; + } + + entry_d = &acl_d->acl[acl_d->count++]; + entry_d->a_type = 0; + entry_d->a_id = -1; + entry_d->a_perm = 0; + *entry_p = entry_d; + + return 0; +} + + int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type) +{ + switch (tag_type) { + case SMB_ACL_USER: + case SMB_ACL_USER_OBJ: + case SMB_ACL_GROUP: + case SMB_ACL_GROUP_OBJ: + case SMB_ACL_OTHER: + case SMB_ACL_MASK: + entry_d->a_type = tag_type; + break; + default: + errno = EINVAL; + return -1; + } + + return 0; +} + + int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p) +{ + if (entry_d->a_type != SMB_ACL_GROUP + && entry_d->a_type != SMB_ACL_USER) { + errno = EINVAL; + return -1; + } + + entry_d->a_id = *((id_t *)qual_p); + + return 0; +} + + int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d) +{ + if (*permset_d & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) { + return EINVAL; + } + + entry_d->a_perm = *permset_d; + + return 0; +} + +/* Structure to capture the count for each type of ACE. */ + +struct hpux_acl_types { + int n_user; + int n_def_user; + int n_user_obj; + int n_def_user_obj; + + int n_group; + int n_def_group; + int n_group_obj; + int n_def_group_obj; + + int n_other; + int n_other_obj; + int n_def_other_obj; + + int n_class_obj; + int n_def_class_obj; + + int n_illegal_obj; +}; + +/* count_obj: + * Counts the different number of objects in a given array of ACL + * structures. + * Inputs: + * + * acl_count - Count of ACLs in the array of ACL strucutres. + * aclp - Array of ACL structures. + * acl_type_count - Pointer to acl_types structure. Should already be + * allocated. + * Output: + * + * acl_type_count - This structure is filled up with counts of various + * acl types. + */ + +static int hpux_count_obj(int acl_count, struct acl *aclp, struct hpux_acl_types *acl_type_count) +{ + int i; + + memset(acl_type_count, 0, sizeof (struct hpux_acl_types)); + + for (i=0;in_user++; + break; + case USER_OBJ: + acl_type_count->n_user_obj++; + break; + case DEF_USER_OBJ: + acl_type_count->n_def_user_obj++; + break; + case GROUP: + acl_type_count->n_group++; + break; + case GROUP_OBJ: + acl_type_count->n_group_obj++; + break; + case DEF_GROUP_OBJ: + acl_type_count->n_def_group_obj++; + break; + case OTHER_OBJ: + acl_type_count->n_other_obj++; + break; + case DEF_OTHER_OBJ: + acl_type_count->n_def_other_obj++; + break; + case CLASS_OBJ: + acl_type_count->n_class_obj++; + break; + case DEF_CLASS_OBJ: + acl_type_count->n_def_class_obj++; + break; + case DEF_USER: + acl_type_count->n_def_user++; + break; + case DEF_GROUP: + acl_type_count->n_def_group++; + break; + default: + acl_type_count->n_illegal_obj++; + break; + } + } +} + +/* swap_acl_entries: Swaps two ACL entries. + * + * Inputs: aclp0, aclp1 - ACL entries to be swapped. + */ + +static void hpux_swap_acl_entries(struct acl *aclp0, struct acl *aclp1) +{ + struct acl temp_acl; + + temp_acl.a_type = aclp0->a_type; + temp_acl.a_id = aclp0->a_id; + temp_acl.a_perm = aclp0->a_perm; + + aclp0->a_type = aclp1->a_type; + aclp0->a_id = aclp1->a_id; + aclp0->a_perm = aclp1->a_perm; + + aclp1->a_type = temp_acl.a_type; + aclp1->a_id = temp_acl.a_id; + aclp1->a_perm = temp_acl.a_perm; +} + +/* prohibited_duplicate_type + * Identifies if given ACL type can have duplicate entries or + * not. + * + * Inputs: acl_type - ACL Type. + * + * Outputs: + * + * Return.. + * + * True - If the ACL type matches any of the prohibited types. + * False - If the ACL type doesn't match any of the prohibited types. + */ + +static BOOL hpux_prohibited_duplicate_type(int acl_type) +{ + switch (acl_type) { + case USER: + case GROUP: + case DEF_USER: + case DEF_GROUP: + return True; + } + return False; +} + +/* get_needed_class_perm + * Returns the permissions of a ACL structure only if the ACL + * type matches one of the pre-determined types for computing + * CLASS_OBJ permissions. + * + * Inputs: aclp - Pointer to ACL structure. + */ + +static int hpux_get_needed_class_perm(struct acl *aclp) +{ + switch (aclp->a_type) { + case USER: + case GROUP_OBJ: + case GROUP: + case DEF_USER_OBJ: + case DEF_USER: + case DEF_GROUP_OBJ: + case DEF_GROUP: + case DEF_CLASS_OBJ: + case DEF_OTHER_OBJ: + return aclp->a_perm; + default: + return 0; + } +} + +/* acl_sort for HPUX. + * Sorts the array of ACL structures as per the description in + * aclsort man page. Refer to aclsort man page for more details + * + * Inputs: + * + * acl_count - Count of ACLs in the array of ACL structures. + * calclass - If this is not zero, then we compute the CLASS_OBJ + * permissions. + * aclp - Array of ACL structures. + * + * Outputs: + * + * aclp - Sorted array of ACL structures. + * + * Outputs: + * + * Returns 0 for success -1 for failure. Prints a message to the Samba + * debug log in case of failure. + */ + +static int hpux_acl_sort(int acl_count, int calclass, struct acl *aclp) +{ +#if !defined(HAVE_HPUX_ACLSORT) + /* The aclsort() system call is availabe on the latest HPUX General + * Patch Bundles. So for HPUX, we developed our version of acl_sort + * function. Because, we don't want to update to a new + * HPUX GR bundle just for aclsort() call. */ + + struct hpux_acl_types acl_obj_count; + int n_class_obj_perm = 0; + int i, j; + + if (!acl_count) { + DEBUG(10,("Zero acl count passed. Returning Success\n")); + return 0; + } + + if (aclp == NULL) { + DEBUG(0,("Null ACL pointer in hpux_acl_sort. Returning Failure. \n")); + return -1; + } + + /* Count different types of ACLs in the ACLs array */ + + hpux_count_obj(acl_count, aclp, &acl_obj_count); + + /* There should be only one entry each of type USER_OBJ, GROUP_OBJ, + * CLASS_OBJ and OTHER_OBJ + */ + + if (acl_obj_count.n_user_obj != 1 + || acl_obj_count.n_group_obj != 1 + || acl_obj_count.n_class_obj != 1 + || acl_obj_count.n_other_obj != 1) { + DEBUG(0,("hpux_acl_sort: More than one entry or no entries for \ +USER OBJ or GROUP_OBJ or OTHER_OBJ or CLASS_OBJ\n")); + return -1; + } + + /* If any of the default objects are present, there should be only + * one of them each. + */ + + if (acl_obj_count.n_def_user_obj > 1 || acl_obj_count.n_def_group_obj > 1 || + acl_obj_count.n_def_other_obj > 1 || acl_obj_count.n_def_class_obj > 1) { + DEBUG(0,("hpux_acl_sort: More than one entry for DEF_CLASS_OBJ \ +or DEF_USER_OBJ or DEF_GROUP_OBJ or DEF_OTHER_OBJ\n")); + return -1; + } + + /* We now have proper number of OBJ and DEF_OBJ entries. Now sort the acl + * structures. + * + * Sorting crieteria - First sort by ACL type. If there are multiple entries of + * same ACL type, sort by ACL id. + * + * I am using the trival kind of sorting method here because, performance isn't + * really effected by the ACLs feature. More over there aren't going to be more + * than 17 entries on HPUX. + */ + + for (i=0; i aclp[j].a_type) { + /* ACL entries out of order, swap them */ + + hpux_swap_acl_entries((aclp+i), (aclp+j)); + + } else if (aclp[i].a_type == aclp[j].a_type) { + + /* ACL entries of same type, sort by id */ + + if (aclp[i].a_id > aclp[j].a_id) { + hpux_swap_acl_entries((aclp+i), (aclp+j)); + } else if (aclp[i].a_id == aclp[j].a_id) { + /* We have a duplicate entry. */ + if (hpux_prohibited_duplicate_type(aclp[i].a_type)) { + DEBUG(0, ("hpux_acl_sort: Duplicate entry: Type(hex): %x Id: %d\n", + aclp[i].a_type, aclp[i].a_id)); + return -1; + } + } + + } + } + } + + /* set the class obj permissions to the computed one. */ + if (calclass) { + int n_class_obj_index = -1; + + for (i=0;icount <= 4); + + if (hpux_acl_sort(acl_d->count, fixmask, acl_d->acl) != 0) { + errno = EINVAL; + return -1; + } + return 0; +} + + int sys_acl_valid(SMB_ACL_T acl_d) +{ + return acl_sort(acl_d); +} + + int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d) +{ + struct stat s; + struct acl *acl_p; + int acl_count; + struct acl *acl_buf = NULL; + int ret; + + if (hpux_acl_call_presence() == False) { + /* Looks like we don't have the acl() system call on HPUX. + * May be the system doesn't have the latest version of JFS. */ + errno = ENOSYS; + return -1; + } + + if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) { + errno = EINVAL; + return -1; + } + + if (acl_sort(acl_d) != 0) { + return -1; + } + + acl_p = &acl_d->acl[0]; + acl_count = acl_d->count; + + /* If it's a directory there is extra work to do since the acl() + * system call will replace both the access ACLs and the default + * ACLs (if any). */ + if (stat(name, &s) != 0) { + return -1; + } + if (S_ISDIR(s.st_mode)) { + SMB_ACL_T acc_acl; + SMB_ACL_T def_acl; + SMB_ACL_T tmp_acl; + int i; + + if (type == SMB_ACL_TYPE_ACCESS) { + acc_acl = acl_d; + def_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_DEFAULT); + + } else { + def_acl = acl_d; + acc_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_ACCESS); + } + + if (tmp_acl == NULL) { + return -1; + } + + /* Allocate a temporary buffer for the complete ACL. */ + acl_count = acc_acl->count + def_acl->count; + acl_p = acl_buf = malloc(acl_count * sizeof acl_buf[0]); + + if (acl_buf == NULL) { + sys_acl_free_acl(tmp_acl); + errno = ENOMEM; + return -1; + } + + /* Copy the access control and default entries into the buffer. */ + memcpy(&acl_buf[0], &acc_acl->acl[0], + acc_acl->count * sizeof acl_buf[0]); + + memcpy(&acl_buf[acc_acl->count], &def_acl->acl[0], + def_acl->count * sizeof acl_buf[0]); + + /* Set the ACL_DEFAULT flag on the default entries. */ + for (i = acc_acl->count; i < acl_count; i++) { + acl_buf[i].a_type |= ACL_DEFAULT; + } + + sys_acl_free_acl(tmp_acl); + + } else if (type != SMB_ACL_TYPE_ACCESS) { + errno = EINVAL; + return -1; + } + + ret = acl(name, ACL_SET, acl_count, acl_p); + + free(acl_buf); + + return ret; +} + + int sys_acl_set_fd(int fd, SMB_ACL_T acl_d) +{ + /* HPUX doesn't have the facl call. Fake it using the path.... JRA. */ + + files_struct *fsp = file_find_fd(fd); + + if (fsp == NULL) { + errno = EBADF; + return NULL; + } + + if (acl_sort(acl_d) != 0) { + return -1; + } + + /* We know we're in the same conn context. So we can use the + * relative path. */ + + return sys_acl_set_file(dos_to_unix_static(fsp->fsp_name), SMB_ACL_TYPE_ACCESS, acl_d); +} + + int sys_acl_delete_def_file(const char *path) +{ + SMB_ACL_T acl_d; + int ret; + + /* Fetching the access ACL and rewriting it has the effect of + * deleting the default ACL. */ + if ((acl_d = sys_acl_get_file(path, SMB_ACL_TYPE_ACCESS)) == NULL) { + return -1; + } + + ret = acl(path, ACL_SET, acl_d->count, acl_d->acl); + + sys_acl_free_acl(acl_d); + + return ret; +} + + int sys_acl_free_text(char *text) +{ + free(text); + return 0; +} + + int sys_acl_free_acl(SMB_ACL_T acl_d) +{ + free(acl_d); + return 0; +} + + int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype) +{ + return 0; +} + +#elif defined(HAVE_IRIX_ACLS) + + int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p) +{ + if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) { + errno = EINVAL; + return -1; + } + + if (entry_p == NULL) { + errno = EINVAL; + return -1; + } + + if (entry_id == SMB_ACL_FIRST_ENTRY) { + acl_d->next = 0; + } + + if (acl_d->next < 0) { + errno = EINVAL; + return -1; + } + + if (acl_d->next >= acl_d->aclp->acl_cnt) { + return 0; + } + + *entry_p = &acl_d->aclp->acl_entry[acl_d->next++]; + + return 1; +} + + int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p) +{ + *type_p = entry_d->ae_tag; + + return 0; +} + + int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p) +{ + *permset_p = entry_d; + + return 0; +} + + void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d) +{ + if (entry_d->ae_tag != SMB_ACL_USER + && entry_d->ae_tag != SMB_ACL_GROUP) { + errno = EINVAL; + return NULL; + } + + return &entry_d->ae_id; +} + + SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type) +{ + SMB_ACL_T a; + + if ((a = malloc(sizeof a[0])) == NULL) { + errno = ENOMEM; + return NULL; + } + if ((a->aclp = acl_get_file(path_p, type)) == NULL) { + free(a); + return NULL; + } + a->next = -1; + a->freeaclp = True; + return a; +} + + SMB_ACL_T sys_acl_get_fd(int fd) +{ + SMB_ACL_T a; + + if ((a = malloc(sizeof a[0])) == NULL) { + errno = ENOMEM; + return NULL; + } + if ((a->aclp = acl_get_fd(fd)) == NULL) { + free(a); + return NULL; + } + a->next = -1; + a->freeaclp = True; + return a; +} + + int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d) +{ + permset_d->ae_perm = 0; + + return 0; +} + + int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm) +{ + if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE + && perm != SMB_ACL_EXECUTE) { + errno = EINVAL; + return -1; + } + + if (permset_d == NULL) { + errno = EINVAL; + return -1; + } + + permset_d->ae_perm |= perm; + + return 0; +} + + int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm) +{ + return permset_d->ae_perm & perm; +} + + char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p) +{ + return acl_to_text(acl_d->aclp, len_p); +} + + SMB_ACL_T sys_acl_init(int count) +{ + SMB_ACL_T a; + + if (count < 0) { + errno = EINVAL; + return NULL; + } + + if ((a = malloc(sizeof a[0] + sizeof (struct acl))) == NULL) { + errno = ENOMEM; + return NULL; + } + + a->next = -1; + a->freeaclp = False; + a->aclp = (struct acl *)(&a->aclp + sizeof (struct acl *)); + a->aclp->acl_cnt = 0; + + return a; +} + + + int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p) +{ + SMB_ACL_T acl_d; + SMB_ACL_ENTRY_T entry_d; + + if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) { + errno = EINVAL; + return -1; + } + + if (acl_d->aclp->acl_cnt >= ACL_MAX_ENTRIES) { + errno = ENOSPC; + return -1; + } + + entry_d = &acl_d->aclp->acl_entry[acl_d->aclp->acl_cnt++]; + entry_d->ae_tag = 0; + entry_d->ae_id = 0; + entry_d->ae_perm = 0; + *entry_p = entry_d; + + return 0; +} + + int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type) +{ + switch (tag_type) { + case SMB_ACL_USER: + case SMB_ACL_USER_OBJ: + case SMB_ACL_GROUP: + case SMB_ACL_GROUP_OBJ: + case SMB_ACL_OTHER: + case SMB_ACL_MASK: + entry_d->ae_tag = tag_type; + break; + default: + errno = EINVAL; + return -1; + } + + return 0; +} + + int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p) +{ + if (entry_d->ae_tag != SMB_ACL_GROUP + && entry_d->ae_tag != SMB_ACL_USER) { + errno = EINVAL; + return -1; + } + + entry_d->ae_id = *((id_t *)qual_p); + + return 0; +} + + int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d) +{ + if (permset_d->ae_perm & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) { + return EINVAL; + } + + entry_d->ae_perm = permset_d->ae_perm; + + return 0; +} + + int sys_acl_valid(SMB_ACL_T acl_d) +{ + return acl_valid(acl_d->aclp); +} + + int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d) +{ + return acl_set_file(name, type, acl_d->aclp); +} + + int sys_acl_set_fd(int fd, SMB_ACL_T acl_d) +{ + return acl_set_fd(fd, acl_d->aclp); +} + + int sys_acl_delete_def_file(const char *name) +{ + return acl_delete_def_file(name); +} + + int sys_acl_free_text(char *text) +{ + return acl_free(text); +} + + int sys_acl_free_acl(SMB_ACL_T acl_d) +{ + if (acl_d->freeaclp) { + acl_free(acl_d->aclp); + } + acl_free(acl_d); + return 0; +} + + int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype) +{ + return 0; +} + +#elif defined(HAVE_AIX_ACLS) + +/* Donated by Medha Date, mdate@austin.ibm.com, for IBM */ + + int sys_acl_get_entry(SMB_ACL_T theacl, int entry_id, SMB_ACL_ENTRY_T *entry_p) +{ + struct acl_entry_link *link; + struct new_acl_entry *entry; + int keep_going; + + DEBUG(10,("This is the count: %d\n",theacl->count)); + + /* Check if count was previously set to -1. If it was, that + * means we reached the end of the acl last time. */ + if (theacl->count == -1) + return 0; + + link = theacl; + /* To get to the next acl, traverse linked list until index of + * acl matches the count we are keeping. This count is + * incremented each time we return an acl entry. */ + + for (keep_going = 0; keep_going < theacl->count; keep_going++) + link = link->nextp; + + entry = *entry_p = link->entryp; + + DEBUG(10,("*entry_p is %d\n",entry_p)); + DEBUG(10,("*entry_p->ace_access is %d\n",entry->ace_access)); + + /* Increment count */ + theacl->count++; + if (link->nextp == NULL) + theacl->count = -1; + + return 1; +} + + int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p) +{ + /* Initialize tag type */ + + *tag_type_p = -1; + DEBUG(10,("the tagtype is %d\n",entry_d->ace_id->id_type)); + + /* Depending on what type of entry we have, return tag type. */ + switch (entry_d->ace_id->id_type) { + case ACEID_USER: + *tag_type_p = SMB_ACL_USER; + break; + case ACEID_GROUP: + *tag_type_p = SMB_ACL_GROUP; + break; + + case SMB_ACL_USER_OBJ: + case SMB_ACL_GROUP_OBJ: + case SMB_ACL_OTHER: + *tag_type_p = entry_d->ace_id->id_type; + break; + + default: + return -1; + } + + return 0; +} + + int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p) +{ + DEBUG(10,("Starting AIX sys_acl_get_permset\n")); + *permset_p = &entry_d->ace_access; + DEBUG(10,("**permset_p is %d\n",**permset_p)); + if (!(**permset_p & S_IXUSR) + && !(**permset_p & S_IWUSR) + && !(**permset_p & S_IRUSR) + && **permset_p != 0) + return -1; + + DEBUG(10,("Ending AIX sys_acl_get_permset\n")); + return 0; +} + + void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d) +{ + return entry_d->ace_id->id_data; +} + + SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type) +{ + struct acl *file_acl = (struct acl *)NULL; + struct acl_entry *acl_entry; + struct new_acl_entry *new_acl_entry; + struct ace_id *idp; + struct acl_entry_link *acl_entry_link; + struct acl_entry_link *acl_entry_link_head; + int i; + int rc = 0; + uid_t user_id; + + /* Get the acl using statacl */ + + DEBUG(10,("Entering sys_acl_get_file\n")); + DEBUG(10,("path_p is %s\n",path_p)); + + file_acl = (struct acl *)malloc(BUFSIZ); + + if (file_acl == NULL) { + errno=ENOMEM; + DEBUG(0,("Error in AIX sys_acl_get_file: %d\n",errno)); + return NULL; + } + + memset(file_acl,0,BUFSIZ); + + rc = statacl((char *)path_p,0,file_acl,BUFSIZ); + if (rc == -1) { + DEBUG(0,("statacl returned %d with errno %d\n",rc,errno)); + free(file_acl); + return NULL; + } + + DEBUG(10,("Got facl and returned it\n")); + + /* Point to the first acl entry in the acl */ + acl_entry = file_acl->acl_ext; + + /* Begin setting up the head of the linked list that will be + * used for the storing the acl in a way that is useful for the + * posix_acls.c code. */ + + acl_entry_link_head = acl_entry_link = sys_acl_init(0); + if (acl_entry_link_head == NULL) + return NULL; + + acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof (struct new_acl_entry)); + if (acl_entry_link->entryp == NULL) { + free(file_acl); + errno = ENOMEM; + DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno)); + return NULL; + } + + DEBUG(10,("acl_entry is %d\n",acl_entry)); + DEBUG(10,("acl_last(file_acl) id %d\n",acl_last(file_acl))); + + /* Check if the extended acl bit is on. If it isn't, do not + * show the contents of the acl since AIX intends the extended + * info to remain unused. */ + + if (file_acl->acl_mode & S_IXACL){ + /* while we are not pointing to the very end */ + while (acl_entry < acl_last(file_acl)) { + /* before we malloc anything, make sure this is */ + /* a valid acl entry and one that we want to map */ + idp = id_nxt(acl_entry->ace_id); + if ((acl_entry->ace_type == ACC_SPECIFY + || acl_entry->ace_type == ACC_PERMIT) + && idp != id_last(acl_entry)) { + acl_entry = acl_nxt(acl_entry); + continue; + } + + idp = acl_entry->ace_id; + + /* Check if this is the first entry in the linked list. + * The first entry needs to keep prevp pointing to NULL + * and already has entryp allocated. */ + + if (acl_entry_link_head->count != 0) { + acl_entry_link->nextp = (struct acl_entry_link *)malloc(sizeof (struct acl_entry_link)); + + if (acl_entry_link->nextp == NULL) { + free(file_acl); + errno = ENOMEM; + DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno)); + return NULL; + } + + acl_entry_link->nextp->prevp = acl_entry_link; + acl_entry_link = acl_entry_link->nextp; + acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof (struct new_acl_entry)); + if (acl_entry_link->entryp == NULL) { + free(file_acl); + errno = ENOMEM; + DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno)); + return NULL; + } + acl_entry_link->nextp = NULL; + } + + acl_entry_link->entryp->ace_len = acl_entry->ace_len; + + /* Don't really need this since all types are going + * to be specified but, it's better than leaving it 0. */ + + acl_entry_link->entryp->ace_type = acl_entry->ace_type; + + acl_entry_link->entryp->ace_access = acl_entry->ace_access; + + memcpy(acl_entry_link->entryp->ace_id,idp,sizeof (struct ace_id)); + + /* The access in the acl entries must be left shifted by + * three bites, because they will ultimately be compared + * to S_IRUSR, S_IWUSR, and S_IXUSR. */ + + switch (acl_entry->ace_type){ + case ACC_PERMIT: + case ACC_SPECIFY: + acl_entry_link->entryp->ace_access = acl_entry->ace_access; + acl_entry_link->entryp->ace_access <<= 6; + acl_entry_link_head->count++; + break; + case ACC_DENY: + /* Since there is no way to return a DENY acl entry + * change to PERMIT and then shift. */ + DEBUG(10,("acl_entry->ace_access is %d\n",acl_entry->ace_access)); + acl_entry_link->entryp->ace_access = ~acl_entry->ace_access & 7; + DEBUG(10,("acl_entry_link->entryp->ace_access is %d\n",acl_entry_link->entryp->ace_access)); + acl_entry_link->entryp->ace_access <<= 6; + acl_entry_link_head->count++; + break; + default: + return 0; + } + + DEBUG(10,("acl_entry = %d\n",acl_entry)); + DEBUG(10,("The ace_type is %d\n",acl_entry->ace_type)); + + acl_entry = acl_nxt(acl_entry); + } + } /* end of if enabled */ + + /* Since owner, group, other acl entries are not part of the acl + * entries in an acl, they must be dummied up to become part of + * the list. */ + + for (i = 1; i < 4; i++) { + DEBUG(10,("i is %d\n",i)); + if (acl_entry_link_head->count != 0) { + acl_entry_link->nextp = (struct acl_entry_link *)malloc(sizeof (struct acl_entry_link)); + if (acl_entry_link->nextp == NULL) { + free(file_acl); + errno = ENOMEM; + DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno)); + return NULL; + } + + acl_entry_link->nextp->prevp = acl_entry_link; + acl_entry_link = acl_entry_link->nextp; + acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof (struct new_acl_entry)); + if (acl_entry_link->entryp == NULL) { + free(file_acl); + errno = ENOMEM; + DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno)); + return NULL; + } + } + + acl_entry_link->nextp = NULL; + + new_acl_entry = acl_entry_link->entryp; + idp = new_acl_entry->ace_id; + + new_acl_entry->ace_len = sizeof (struct acl_entry); + new_acl_entry->ace_type = ACC_PERMIT; + idp->id_len = sizeof (struct ace_id); + DEBUG(10,("idp->id_len = %d\n",idp->id_len)); + memset(idp->id_data,0,sizeof (uid_t)); + + switch (i) { + case 2: + new_acl_entry->ace_access = file_acl->g_access << 6; + idp->id_type = SMB_ACL_GROUP_OBJ; + break; + + case 3: + new_acl_entry->ace_access = file_acl->o_access << 6; + idp->id_type = SMB_ACL_OTHER; + break; + + case 1: + new_acl_entry->ace_access = file_acl->u_access << 6; + idp->id_type = SMB_ACL_USER_OBJ; + break; + + default: + return NULL; + + } + + acl_entry_link_head->count++; + DEBUG(10,("new_acl_entry->ace_access = %d\n",new_acl_entry->ace_access)); + } + + acl_entry_link_head->count = 0; + free(file_acl); + + return acl_entry_link_head; +} + + SMB_ACL_T sys_acl_get_fd(int fd) +{ + struct acl *file_acl = (struct acl *)NULL; + struct acl_entry *acl_entry; + struct new_acl_entry *new_acl_entry; + struct ace_id *idp; + struct acl_entry_link *acl_entry_link; + struct acl_entry_link *acl_entry_link_head; + int i; + int rc = 0; + uid_t user_id; + + /* Get the acl using fstatacl */ + + DEBUG(10,("Entering sys_acl_get_fd\n")); + DEBUG(10,("fd is %d\n",fd)); + file_acl = (struct acl *)malloc(BUFSIZ); + + if (file_acl == NULL) { + errno=ENOMEM; + DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno)); + return NULL; + } + + memset(file_acl,0,BUFSIZ); + + rc = fstatacl(fd,0,file_acl,BUFSIZ); + if (rc == -1) { + DEBUG(0,("The fstatacl call returned %d with errno %d\n",rc,errno)); + free(file_acl); + return NULL; + } + + DEBUG(10,("Got facl and returned it\n")); + + /* Point to the first acl entry in the acl */ + + acl_entry = file_acl->acl_ext; + + /* Begin setting up the head of the linked list that will be + * used for the storing the acl in a way that is useful for the + * posix_acls.c code. */ + + acl_entry_link_head = acl_entry_link = sys_acl_init(0); + if (acl_entry_link_head == NULL){ + free(file_acl); + return NULL; + } + + acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof (struct new_acl_entry)); + + if (acl_entry_link->entryp == NULL) { + errno = ENOMEM; + DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno)); + free(file_acl); + return NULL; + } + + DEBUG(10,("acl_entry is %d\n",acl_entry)); + DEBUG(10,("acl_last(file_acl) id %d\n",acl_last(file_acl))); + + /* Check if the extended acl bit is on. If it isn't, do not + * show the contents of the acl since AIX intends the extended + * info to remain unused. */ + + if (file_acl->acl_mode & S_IXACL){ + /* while we are not pointing to the very end */ + while (acl_entry < acl_last(file_acl)) { + /* before we malloc anything, make sure this is */ + /* a valid acl entry and one that we want to map */ + + idp = id_nxt(acl_entry->ace_id); + if ((acl_entry->ace_type == ACC_SPECIFY + || acl_entry->ace_type == ACC_PERMIT) + && (idp != id_last(acl_entry))) { + acl_entry = acl_nxt(acl_entry); + continue; + } + + idp = acl_entry->ace_id; + + /* Check if this is the first entry in the linked list. + * The first entry needs to keep prevp pointing to NULL + * and already has entryp allocated. */ + + if (acl_entry_link_head->count != 0) { + acl_entry_link->nextp = (struct acl_entry_link *)malloc(sizeof (struct acl_entry_link)); + if (acl_entry_link->nextp == NULL) { + errno = ENOMEM; + DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno)); + free(file_acl); + return NULL; + } + acl_entry_link->nextp->prevp = acl_entry_link; + acl_entry_link = acl_entry_link->nextp; + acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof (struct new_acl_entry)); + if (acl_entry_link->entryp == NULL) { + errno = ENOMEM; + DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno)); + free(file_acl); + return NULL; + } + + acl_entry_link->nextp = NULL; + } + + acl_entry_link->entryp->ace_len = acl_entry->ace_len; + + /* Don't really need this since all types are going + * to be specified but, it's better than leaving it 0. */ + + acl_entry_link->entryp->ace_type = acl_entry->ace_type; + acl_entry_link->entryp->ace_access = acl_entry->ace_access; + + memcpy(acl_entry_link->entryp->ace_id, idp, sizeof (struct ace_id)); + + /* The access in the acl entries must be left shifted by + * three bites, because they will ultimately be compared + * to S_IRUSR, S_IWUSR, and S_IXUSR. */ + + switch (acl_entry->ace_type){ + case ACC_PERMIT: + case ACC_SPECIFY: + acl_entry_link->entryp->ace_access = acl_entry->ace_access; + acl_entry_link->entryp->ace_access <<= 6; + acl_entry_link_head->count++; + break; + case ACC_DENY: + /* Since there is no way to return a DENY acl entry + * change to PERMIT and then shift. */ + DEBUG(10,("acl_entry->ace_access is %d\n",acl_entry->ace_access)); + acl_entry_link->entryp->ace_access = ~acl_entry->ace_access & 7; + DEBUG(10,("acl_entry_link->entryp->ace_access is %d\n",acl_entry_link->entryp->ace_access)); + acl_entry_link->entryp->ace_access <<= 6; + acl_entry_link_head->count++; + break; + default: + return 0; + } + + DEBUG(10,("acl_entry = %d\n",acl_entry)); + DEBUG(10,("The ace_type is %d\n",acl_entry->ace_type)); + + acl_entry = acl_nxt(acl_entry); + } + } /* end of if enabled */ + + /* Since owner, group, other acl entries are not + * part of the acl entries in an acl, they must + * be dummied up to become part of the list. */ + + for (i = 1; i < 4; i++) { + DEBUG(10,("i is %d\n",i)); + if (acl_entry_link_head->count != 0){ + acl_entry_link->nextp = (struct acl_entry_link *)malloc(sizeof (struct acl_entry_link)); + if (acl_entry_link->nextp == NULL) { + errno = ENOMEM; + DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno)); + free(file_acl); + return NULL; + } + + acl_entry_link->nextp->prevp = acl_entry_link; + acl_entry_link = acl_entry_link->nextp; + acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof (struct new_acl_entry)); + + if (acl_entry_link->entryp == NULL) { + free(file_acl); + errno = ENOMEM; + DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno)); + return NULL; + } + } + + acl_entry_link->nextp = NULL; + + new_acl_entry = acl_entry_link->entryp; + idp = new_acl_entry->ace_id; + + new_acl_entry->ace_len = sizeof (struct acl_entry); + new_acl_entry->ace_type = ACC_PERMIT; + idp->id_len = sizeof (struct ace_id); + DEBUG(10,("idp->id_len = %d\n",idp->id_len)); + memset(idp->id_data,0,sizeof (uid_t)); + + switch (i) { + case 2: + new_acl_entry->ace_access = file_acl->g_access << 6; + idp->id_type = SMB_ACL_GROUP_OBJ; + break; + + case 3: + new_acl_entry->ace_access = file_acl->o_access << 6; + idp->id_type = SMB_ACL_OTHER; + break; + + case 1: + new_acl_entry->ace_access = file_acl->u_access << 6; + idp->id_type = SMB_ACL_USER_OBJ; + break; + + default: + return NULL; + } + + acl_entry_link_head->count++; + DEBUG(10,("new_acl_entry->ace_access = %d\n",new_acl_entry->ace_access)); + } + + acl_entry_link_head->count = 0; + free(file_acl); + + return acl_entry_link_head; +} + + int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset) +{ + *permset = *permset & ~0777; + return 0; +} + + int sys_acl_add_perm(SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) +{ + if (perm != 0 && (perm & (S_IXUSR | S_IWUSR | S_IRUSR)) == 0) + return -1; + + *permset |= perm; + DEBUG(10,("This is the permset now: %d\n",*permset)); + return 0; +} + + char *sys_acl_to_text(SMB_ACL_T theacl, ssize_t *plen) +{ + return NULL; +} + + SMB_ACL_T sys_acl_init(int count) +{ + struct acl_entry_link *theacl = NULL; + + DEBUG(10,("Entering sys_acl_init\n")); + + theacl = (struct acl_entry_link *)malloc(sizeof (struct acl_entry_link)); + if (theacl == NULL) { + errno = ENOMEM; + DEBUG(0,("Error in sys_acl_init is %d\n",errno)); + return NULL; + } + + theacl->count = 0; + theacl->nextp = NULL; + theacl->prevp = NULL; + theacl->entryp = NULL; + DEBUG(10,("Exiting sys_acl_init\n")); + return theacl; +} + + int sys_acl_create_entry(SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry) +{ + struct acl_entry_link *theacl; + struct acl_entry_link *acl_entryp; + struct acl_entry_link *temp_entry; + int counting; + + DEBUG(10,("Entering the sys_acl_create_entry\n")); + + theacl = acl_entryp = *pacl; + + /* Get to the end of the acl before adding entry */ + + for (counting=0; counting < theacl->count; counting++){ + DEBUG(10,("The acl_entryp is %d\n",acl_entryp)); + temp_entry = acl_entryp; + acl_entryp = acl_entryp->nextp; + } + + if (theacl->count != 0){ + temp_entry->nextp = acl_entryp = (struct acl_entry_link *)malloc(sizeof (struct acl_entry_link)); + if (acl_entryp == NULL) { + errno = ENOMEM; + DEBUG(0,("Error in sys_acl_create_entry is %d\n",errno)); + return -1; + } + + DEBUG(10,("The acl_entryp is %d\n",acl_entryp)); + acl_entryp->prevp = temp_entry; + DEBUG(10,("The acl_entryp->prevp is %d\n",acl_entryp->prevp)); + } + + *pentry = acl_entryp->entryp = (struct new_acl_entry *)malloc(sizeof (struct new_acl_entry)); + if (*pentry == NULL) { + errno = ENOMEM; + DEBUG(0,("Error in sys_acl_create_entry is %d\n",errno)); + return -1; + } + + memset(*pentry,0,sizeof (struct new_acl_entry)); + acl_entryp->entryp->ace_len = sizeof (struct acl_entry); + acl_entryp->entryp->ace_type = ACC_PERMIT; + acl_entryp->entryp->ace_id->id_len = sizeof (struct ace_id); + acl_entryp->nextp = NULL; + theacl->count++; + DEBUG(10,("Exiting sys_acl_create_entry\n")); + return 0; +} + + int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype) +{ + DEBUG(10,("Starting AIX sys_acl_set_tag_type\n")); + entry->ace_id->id_type = tagtype; + DEBUG(10,("The tag type is %d\n",entry->ace_id->id_type)); + DEBUG(10,("Ending AIX sys_acl_set_tag_type\n")); +} + + int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry, void *qual) +{ + DEBUG(10,("Starting AIX sys_acl_set_qualifier\n")); + memcpy(entry->ace_id->id_data,qual,sizeof (uid_t)); + DEBUG(10,("Ending AIX sys_acl_set_qualifier\n")); + return 0; +} + + int sys_acl_set_permset(SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset) +{ + DEBUG(10,("Starting AIX sys_acl_set_permset\n")); + if (!(*permset & S_IXUSR) + && !(*permset & S_IWUSR) + && !(*permset & S_IRUSR) + && *permset != 0) + return -1; + + entry->ace_access = *permset; + DEBUG(10,("entry->ace_access = %d\n",entry->ace_access)); + DEBUG(10,("Ending AIX sys_acl_set_permset\n")); + return 0; +} + + int sys_acl_valid(SMB_ACL_T theacl) +{ + int user_obj = 0; + int group_obj = 0; + int other_obj = 0; + struct acl_entry_link *acl_entry; + + for (acl_entry=theacl; acl_entry != NULL; acl_entry = acl_entry->nextp) { + user_obj += (acl_entry->entryp->ace_id->id_type == SMB_ACL_USER_OBJ); + group_obj += (acl_entry->entryp->ace_id->id_type == SMB_ACL_GROUP_OBJ); + other_obj += (acl_entry->entryp->ace_id->id_type == SMB_ACL_OTHER); + } + + DEBUG(10,("user_obj=%d, group_obj=%d, other_obj=%d\n",user_obj,group_obj,other_obj)); + + if (user_obj != 1 || group_obj != 1 || other_obj != 1) + return -1; + + return 0; +} + + int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) +{ + struct acl_entry_link *acl_entry_link = NULL; + struct acl *file_acl = NULL; + struct acl *file_acl_temp = NULL; + struct acl_entry *acl_entry = NULL; + struct ace_id *ace_id = NULL; + uint id_type; + uint ace_access; + uint user_id; + uint acl_length; + uint rc; + + DEBUG(10,("Entering sys_acl_set_file\n")); + DEBUG(10,("File name is %s\n",name)); + + /* AIX has no default ACL */ + if (acltype == SMB_ACL_TYPE_DEFAULT) + return 0; + + acl_length = BUFSIZ; + file_acl = (struct acl *)malloc(BUFSIZ); + + if (file_acl == NULL) { + errno = ENOMEM; + DEBUG(0,("Error in sys_acl_set_file is %d\n",errno)); + return -1; + } + + memset(file_acl,0,BUFSIZ); + + file_acl->acl_len = ACL_SIZ; + file_acl->acl_mode = S_IXACL; + + for (acl_entry_link=theacl; acl_entry_link != NULL; acl_entry_link = acl_entry_link->nextp) { + acl_entry_link->entryp->ace_access >>= 6; + id_type = acl_entry_link->entryp->ace_id->id_type; + + switch (id_type) { + case SMB_ACL_USER_OBJ: + file_acl->u_access = acl_entry_link->entryp->ace_access; + continue; + case SMB_ACL_GROUP_OBJ: + file_acl->g_access = acl_entry_link->entryp->ace_access; + continue; + case SMB_ACL_OTHER: + file_acl->o_access = acl_entry_link->entryp->ace_access; + continue; + case SMB_ACL_MASK: + continue; + } + + if ((file_acl->acl_len + sizeof (struct acl_entry)) > acl_length) { + acl_length += sizeof (struct acl_entry); + file_acl_temp = (struct acl *)malloc(acl_length); + if (file_acl_temp == NULL) { + free(file_acl); + errno = ENOMEM; + DEBUG(0,("Error in sys_acl_set_file is %d\n",errno)); + return -1; + } + + memcpy(file_acl_temp,file_acl,file_acl->acl_len); + free(file_acl); + file_acl = file_acl_temp; + } + + acl_entry = (struct acl_entry *)((char *)file_acl + file_acl->acl_len); + file_acl->acl_len += sizeof (struct acl_entry); + acl_entry->ace_len = acl_entry_link->entryp->ace_len; + acl_entry->ace_access = acl_entry_link->entryp->ace_access; + + /* In order to use this, we'll need to wait until we can get denies */ + /* if (!acl_entry->ace_access && acl_entry->ace_type == ACC_PERMIT) + acl_entry->ace_type = ACC_SPECIFY; */ + + acl_entry->ace_type = ACC_SPECIFY; + + ace_id = acl_entry->ace_id; + + ace_id->id_type = acl_entry_link->entryp->ace_id->id_type; + DEBUG(10,("The id type is %d\n",ace_id->id_type)); + ace_id->id_len = acl_entry_link->entryp->ace_id->id_len; + memcpy(&user_id, acl_entry_link->entryp->ace_id->id_data, sizeof (uid_t)); + memcpy(acl_entry->ace_id->id_data, &user_id, sizeof (uid_t)); + } + + rc = chacl((char *)name,file_acl,file_acl->acl_len); + DEBUG(10,("errno is %d\n",errno)); + DEBUG(10,("return code is %d\n",rc)); + free(file_acl); + DEBUG(10,("Exiting the sys_acl_set_file\n")); + return rc; +} + + int sys_acl_set_fd(int fd, SMB_ACL_T theacl) +{ + struct acl_entry_link *acl_entry_link = NULL; + struct acl *file_acl = NULL; + struct acl *file_acl_temp = NULL; + struct acl_entry *acl_entry = NULL; + struct ace_id *ace_id = NULL; + uint id_type; + uint user_id; + uint acl_length; + uint rc; + + DEBUG(10,("Entering sys_acl_set_fd\n")); + acl_length = BUFSIZ; + file_acl = (struct acl *)malloc(BUFSIZ); + + if (file_acl == NULL) { + errno = ENOMEM; + DEBUG(0,("Error in sys_acl_set_fd is %d\n",errno)); + return -1; + } + + memset(file_acl,0,BUFSIZ); + + file_acl->acl_len = ACL_SIZ; + file_acl->acl_mode = S_IXACL; + + for (acl_entry_link=theacl; acl_entry_link != NULL; acl_entry_link = acl_entry_link->nextp) { + acl_entry_link->entryp->ace_access >>= 6; + id_type = acl_entry_link->entryp->ace_id->id_type; + DEBUG(10,("The id_type is %d\n",id_type)); + + switch (id_type) { + case SMB_ACL_USER_OBJ: + file_acl->u_access = acl_entry_link->entryp->ace_access; + continue; + case SMB_ACL_GROUP_OBJ: + file_acl->g_access = acl_entry_link->entryp->ace_access; + continue; + case SMB_ACL_OTHER: + file_acl->o_access = acl_entry_link->entryp->ace_access; + continue; + case SMB_ACL_MASK: + continue; + } + + if ((file_acl->acl_len + sizeof (struct acl_entry)) > acl_length) { + acl_length += sizeof (struct acl_entry); + file_acl_temp = (struct acl *)malloc(acl_length); + if (file_acl_temp == NULL) { + free(file_acl); + errno = ENOMEM; + DEBUG(0,("Error in sys_acl_set_fd is %d\n",errno)); + return -1; + } + + memcpy(file_acl_temp,file_acl,file_acl->acl_len); + free(file_acl); + file_acl = file_acl_temp; + } + + acl_entry = (struct acl_entry *)((char *)file_acl + file_acl->acl_len); + file_acl->acl_len += sizeof (struct acl_entry); + acl_entry->ace_len = acl_entry_link->entryp->ace_len; + acl_entry->ace_access = acl_entry_link->entryp->ace_access; + + /* In order to use this, we'll need to wait until we can get denies */ + /* if (!acl_entry->ace_access && acl_entry->ace_type == ACC_PERMIT) + acl_entry->ace_type = ACC_SPECIFY; */ + + acl_entry->ace_type = ACC_SPECIFY; + + ace_id = acl_entry->ace_id; + + ace_id->id_type = acl_entry_link->entryp->ace_id->id_type; + DEBUG(10,("The id type is %d\n",ace_id->id_type)); + ace_id->id_len = acl_entry_link->entryp->ace_id->id_len; + memcpy(&user_id, acl_entry_link->entryp->ace_id->id_data, sizeof (uid_t)); + memcpy(ace_id->id_data, &user_id, sizeof (uid_t)); + } + + rc = fchacl(fd,file_acl,file_acl->acl_len); + DEBUG(10,("errno is %d\n",errno)); + DEBUG(10,("return code is %d\n",rc)); + free(file_acl); + DEBUG(10,("Exiting sys_acl_set_fd\n")); + return rc; +} + + int sys_acl_delete_def_file(const char *name) +{ + /* AIX has no default ACL */ + return 0; +} + + int sys_acl_get_perm(SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) +{ + return *permset & perm; +} + + int sys_acl_free_text(char *text) +{ + return 0; +} + + int sys_acl_free_acl(SMB_ACL_T posix_acl) +{ + struct acl_entry_link *acl_entry_link; + + for (acl_entry_link = posix_acl->nextp; acl_entry_link->nextp != NULL; acl_entry_link = acl_entry_link->nextp) { + free(acl_entry_link->prevp->entryp); + free(acl_entry_link->prevp); + } + + free(acl_entry_link->prevp->entryp); + free(acl_entry_link->prevp); + free(acl_entry_link->entryp); + free(acl_entry_link); + + return 0; +} + + int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype) +{ + return 0; +} + +#else /* No ACLs. */ + + int sys_acl_get_entry(UNUSED(SMB_ACL_T the_acl), UNUSED(int entry_id), UNUSED(SMB_ACL_ENTRY_T *entry_p)) +{ + errno = ENOSYS; + return -1; +} + + int sys_acl_get_tag_type(UNUSED(SMB_ACL_ENTRY_T entry_d), UNUSED(SMB_ACL_TAG_T *tag_type_p)) +{ + errno = ENOSYS; + return -1; +} + + int sys_acl_get_permset(UNUSED(SMB_ACL_ENTRY_T entry_d), UNUSED(SMB_ACL_PERMSET_T *permset_p)) +{ + errno = ENOSYS; + return -1; +} + + void *sys_acl_get_qualifier(UNUSED(SMB_ACL_ENTRY_T entry_d)) +{ + errno = ENOSYS; + return NULL; +} + + SMB_ACL_T sys_acl_get_file(UNUSED(const char *path_p), UNUSED(SMB_ACL_TYPE_T type)) +{ + errno = ENOSYS; + return 0; +} + + SMB_ACL_T sys_acl_get_fd(UNUSED(int fd)) +{ + errno = ENOSYS; + return 0; +} + + int sys_acl_clear_perms(UNUSED(SMB_ACL_PERMSET_T permset)) +{ + errno = ENOSYS; + return -1; +} + + int sys_acl_add_perm(UNUSED(SMB_ACL_PERMSET_T permset), UNUSED(SMB_ACL_PERM_T perm)) +{ + errno = ENOSYS; + return -1; +} + + int sys_acl_get_perm(UNUSED(SMB_ACL_PERMSET_T permset), UNUSED(SMB_ACL_PERM_T perm)) +{ + errno = ENOSYS; + return permset & perm ? 1 : 0; +} + + char *sys_acl_to_text(UNUSED(SMB_ACL_T the_acl), UNUSED(ssize_t *plen)) +{ + errno = ENOSYS; + return NULL; +} + + int sys_acl_free_text(UNUSED(char *text)) +{ + errno = ENOSYS; + return -1; +} + + SMB_ACL_T sys_acl_init(UNUSED(int count)) +{ + errno = ENOSYS; + return NULL; +} + + int sys_acl_create_entry(UNUSED(SMB_ACL_T *pacl), UNUSED(SMB_ACL_ENTRY_T *pentry)) +{ + errno = ENOSYS; + return -1; +} + + int sys_acl_set_tag_type(UNUSED(SMB_ACL_ENTRY_T entry), UNUSED(SMB_ACL_TAG_T tagtype)) +{ + errno = ENOSYS; + return -1; +} + + int sys_acl_set_qualifier(UNUSED(SMB_ACL_ENTRY_T entry), UNUSED(void *qual)) +{ + errno = ENOSYS; + return -1; +} + + int sys_acl_set_permset(UNUSED(SMB_ACL_ENTRY_T entry), UNUSED(SMB_ACL_PERMSET_T permset)) +{ + errno = ENOSYS; + return -1; +} + + int sys_acl_valid(UNUSED(SMB_ACL_T theacl)) +{ + errno = ENOSYS; + return -1; +} + + int sys_acl_set_file(UNUSED(const char *name), UNUSED(SMB_ACL_TYPE_T acltype), UNUSED(SMB_ACL_T theacl)) +{ + errno = ENOSYS; + return -1; +} + + int sys_acl_set_fd(UNUSED(int fd), UNUSED(SMB_ACL_T theacl)) +{ + errno = ENOSYS; + return -1; +} + + int sys_acl_delete_def_file(UNUSED(const char *name)) +{ + errno = ENOSYS; + return -1; +} + + int sys_acl_free_acl(UNUSED(SMB_ACL_T the_acl)) +{ + errno = ENOSYS; + return -1; +} + + int sys_acl_free_qualifier(UNUSED(void *qual), UNUSED(SMB_ACL_TAG_T tagtype)) +{ + errno = ENOSYS; + return -1; +} + +#endif /* No ACLs. */ --- uidlist.c 28 Apr 2004 17:31:31 -0000 1.24 +++ uidlist.c 13 May 2004 17:58:47 -0000 @@ -34,6 +34,7 @@ extern int verbose; extern int preserve_uid; extern int preserve_gid; +extern int preserve_acls; extern int numeric_ids; extern int am_root; @@ -274,7 +275,7 @@ void send_uid_list(int f) if (numeric_ids) return; - if (preserve_uid) { + if (preserve_uid || preserve_acls) { int len; /* we send sequences of uid/byte-length/name */ for (list = uidlist; list; list = list->next) { @@ -291,7 +292,7 @@ void send_uid_list(int f) write_int(f, 0); } - if (preserve_gid) { + if (preserve_gid || preserve_acls) { int len; for (list = gidlist; list; list = list->next) { if (!list->name) @@ -312,7 +313,7 @@ void recv_uid_list(int f, struct file_li int id, i; char *name; - if (preserve_uid && !numeric_ids) { + if ((preserve_uid || preserve_acls) && !numeric_ids) { /* read the uid list */ while ((id = read_int(f)) != 0) { int len = read_byte(f); @@ -325,7 +326,7 @@ void recv_uid_list(int f, struct file_li } - if (preserve_gid && !numeric_ids) { + if ((preserve_gid || preserve_acls) && !numeric_ids) { /* read the gid list */ while ((id = read_int(f)) != 0) { int len = read_byte(f); @@ -336,6 +337,18 @@ void recv_uid_list(int f, struct file_li recv_add_gid(id, name); /* node keeps name's memory */ } } + +#if SUPPORT_ACLS + if (preserve_acls && !numeric_ids) { + id_t id; + /* the enumerations don't return 0 except to flag the last + * entry, since uidlist doesn't munge 0 anyway */ + while ((id = next_acl_uid(flist))) + acl_uid_map(match_uid(id)); + while ((id = next_acl_gid(flist))) + acl_gid_map(match_gid(id)); + } +#endif /* SUPPORT_ACLS */ /* now convert the uid/gid of all files in the list to the mapped * uid/gid */