PageRenderTime 55ms CodeModel.GetById 21ms RepoModel.GetById 1ms app.codeStats 0ms

/release/src/router/samba3/source/modules/vfs_posixacl.c

https://gitlab.com/envieidoc/advancedtomato2
C | 398 lines | 322 code | 52 blank | 24 comment | 54 complexity | 53049625876122f0b676527482eff0da MD5 | raw file
    

  1. /*
    2. 

  2.    Unix SMB/Netbios implementation.
    3. 

  3.    VFS module to get and set posix acls
    4. 

  4.    Copyright (C) Volker Lendecke 2006
    5. 

    6. 

  6.    This program is free software; you can redistribute it and/or modify
    7. 

  7.    it under the terms of the GNU General Public License as published by
    8. 

  8.    the Free Software Foundation; either version 2 of the License, or
    9. 

  9.    (at your option) any later version.
    10. 

    11. 

  11.    This program is distributed in the hope that it will be useful,
    12. 

  12.    but WITHOUT ANY WARRANTY; without even the implied warranty of
    13. 

  13.    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    14. 

  14.    GNU General Public License for more details.
    15. 

    16. 

  16.    You should have received a copy of the GNU General Public License
    17. 

  17.    along with this program; if not, write to the Free Software
    18. 

  18.    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
    19. 

  19. */
    20. 

  20. 

  21. #include "includes.h"
    22. 

  22. 

  23. 

  24. /* prototypes for static functions first - for clarity */
    25. 

  25. 

  26. static BOOL smb_ace_to_internal(acl_entry_t posix_ace,
    27. 

  27. 				struct smb_acl_entry *ace);
    28. 

  28. static struct smb_acl_t *smb_acl_to_internal(acl_t acl);
    29. 

  29. static int smb_acl_set_mode(acl_entry_t entry, SMB_ACL_PERM_T perm);
    30. 

  30. static acl_t smb_acl_to_posix(const struct smb_acl_t *acl);
    31. 

  31. 

  32. 

  33. /* public functions - the api */
    34. 

  34. 

  35. SMB_ACL_T posixacl_sys_acl_get_file(vfs_handle_struct *handle,
    36. 

  36. 				    const char *path_p,
    37. 

  37. 				    SMB_ACL_TYPE_T type)
    38. 

  38. {
    39. 

  39. 	struct smb_acl_t *result;
    40. 

  40. 	acl_type_t acl_type;
    41. 

  41. 	acl_t acl;
    42. 

  42. 

  43. 	switch(type) {
    44. 

  44. 	case SMB_ACL_TYPE_ACCESS:
    45. 

  45. 		acl_type = ACL_TYPE_ACCESS;
    46. 

  46. 		break;
    47. 

  47. 	case SMB_ACL_TYPE_DEFAULT:
    48. 

  48. 		acl_type = ACL_TYPE_DEFAULT;
    49. 

  49. 		break;
    50. 

  50. 	default:
    51. 

  51. 		errno = EINVAL;
    52. 

  52. 		return NULL;
    53. 

  53. 	}
    54. 

  54. 

  55. 	acl = acl_get_file(path_p, acl_type);
    56. 

  56. 

  57. 	if (acl == NULL) {
    58. 

  58. 		return NULL;
    59. 

  59. 	}
    60. 

  60. 

  61. 	result = smb_acl_to_internal(acl);
    62. 

  62. 	acl_free(acl);
    63. 

  63. 	return result;
    64. 

  64. }
    65. 

  65. 

  66. SMB_ACL_T posixacl_sys_acl_get_fd(vfs_handle_struct *handle,
    67. 

  67. 				  files_struct *fsp,
    68. 

  68. 				  int fd)
    69. 

  69. {
    70. 

  70. 	struct smb_acl_t *result;
    71. 

  71. 	acl_t acl = acl_get_fd(fd);
    72. 

  72. 

  73. 	if (acl == NULL) {
    74. 

  74. 		return NULL;
    75. 

  75. 	}
    76. 

  76. 

  77. 	result = smb_acl_to_internal(acl);
    78. 

  78. 	acl_free(acl);
    79. 

  79. 	return result;
    80. 

  80. }
    81. 

  81. 

  82. int posixacl_sys_acl_set_file(vfs_handle_struct *handle,
    83. 

  83. 			      const char *name,
    84. 

  84. 			      SMB_ACL_TYPE_T type,
    85. 

  85. 			      SMB_ACL_T theacl)
    86. 

  86. {
    87. 

  87. 	int res;
    88. 

  88. 	acl_type_t acl_type;
    89. 

  89. 	acl_t acl;
    90. 

  90. 

  91. 	DEBUG(10, ("Calling acl_set_file: %s, %d\n", name, type));
    92. 

  92. 

  93. 	switch(type) {
    94. 

  94. 	case SMB_ACL_TYPE_ACCESS:
    95. 

  95. 		acl_type = ACL_TYPE_ACCESS;
    96. 

  96. 		break;
    97. 

  97. 	case SMB_ACL_TYPE_DEFAULT:
    98. 

  98. 		acl_type = ACL_TYPE_DEFAULT;
    99. 

  99. 		break;
    100. 

  100. 	default:
    101. 

  101. 		errno = EINVAL;
    102. 

  102. 		return -1;
    103. 

  103. 	}
    104. 

  104. 

  105. 	if ((acl = smb_acl_to_posix(theacl)) == NULL) {
    106. 

  106. 		return -1;
    107. 

  107. 	}
    108. 

  108. 	res = acl_set_file(name, acl_type, acl);
    109. 

  109. 	if (res != 0) {
    110. 

  110. 		DEBUG(10, ("acl_set_file failed: %s\n", strerror(errno)));
    111. 

  111. 	}
    112. 

  112. 	acl_free(acl);
    113. 

  113. 	return res;
    114. 

  114. }
    115. 

  115. 

  116. int posixacl_sys_acl_set_fd(vfs_handle_struct *handle,
    117. 

  117. 			    files_struct *fsp,
    118. 

  118. 			    int fd, SMB_ACL_T theacl)
    119. 

  119. {
    120. 

  120. 	int res;
    121. 

  121. 	acl_t acl = smb_acl_to_posix(theacl);
    122. 

  122. 	if (acl == NULL) {
    123. 

  123. 		return -1;
    124. 

  124. 	}
    125. 

  125. 	res =  acl_set_fd(fd, acl);
    126. 

  126. 	acl_free(acl);
    127. 

  127. 	return res;
    128. 

  128. }
    129. 

  129. 

  130. int posixacl_sys_acl_delete_def_file(vfs_handle_struct *handle,
    131. 

  131. 				     const char *path)
    132. 

  132. {
    133. 

  133. 	return acl_delete_def_file(path);
    134. 

  134. }
    135. 

  135. 

  136. 

  137. /* private functions */
    138. 

  138. 

  139. static BOOL smb_ace_to_internal(acl_entry_t posix_ace,
    140. 

  140. 				struct smb_acl_entry *ace)
    141. 

  141. {
    142. 

  142. 	acl_tag_t tag;
    143. 

  143. 	acl_permset_t permset;
    144. 

  144. 

  145. 	if (acl_get_tag_type(posix_ace, &tag) != 0) {
    146. 

  146. 		DEBUG(0, ("smb_acl_get_tag_type failed\n"));
    147. 

  147. 		return False;
    148. 

  148. 	}
    149. 

  149. 

  150. 	switch(tag) {
    151. 

  151. 	case ACL_USER:
    152. 

  152. 		ace->a_type = SMB_ACL_USER;
    153. 

  153. 		break;
    154. 

  154. 	case ACL_USER_OBJ:
    155. 

  155. 		ace->a_type = SMB_ACL_USER_OBJ;
    156. 

  156. 		break;
    157. 

  157. 	case ACL_GROUP:
    158. 

  158. 		ace->a_type = SMB_ACL_GROUP;
    159. 

  159. 		break;
    160. 

  160. 	case ACL_GROUP_OBJ:
    161. 

  161. 		ace->a_type = SMB_ACL_GROUP_OBJ;
    162. 

  162. 		break;
    163. 

  163. 	case ACL_OTHER:
    164. 

  164. 		ace->a_type = SMB_ACL_OTHER;
    165. 

  165. 		break;
    166. 

  166. 	case ACL_MASK:
    167. 

  167. 		ace->a_type = SMB_ACL_MASK;
    168. 

  168. 		break;
    169. 

  169. 	default:
    170. 

  170. 		DEBUG(0, ("unknown tag type %d\n", (unsigned int)tag));
    171. 

  171. 		return False;
    172. 

  172. 	}
    173. 

  173. 	switch(ace->a_type) {
    174. 

  174. 	case SMB_ACL_USER: {
    175. 

  175. 		uid_t *puid = (uid_t *)acl_get_qualifier(posix_ace);
    176. 

  176. 		if (puid == NULL) {
    177. 

  177. 			DEBUG(0, ("smb_acl_get_qualifier failed\n"));
    178. 

  178. 			return False;
    179. 

  179. 		}
    180. 

  180. 		ace->uid = *puid;
    181. 

  181. 		acl_free(puid);
    182. 

  182. 		break;
    183. 

  183. 	}
    184. 

  184. 		
    185. 

  185. 	case SMB_ACL_GROUP: {
    186. 

  186. 		gid_t *pgid = (uid_t *)acl_get_qualifier(posix_ace);
    187. 

  187. 		if (pgid == NULL) {
    188. 

  188. 			DEBUG(0, ("smb_acl_get_qualifier failed\n"));
    189. 

  189. 			return False;
    190. 

  190. 		}
    191. 

  191. 		ace->gid = *pgid;
    192. 

  192. 		acl_free(pgid);
    193. 

  193. 		break;
    194. 

  194. 	}
    195. 

  195. 	default:
    196. 

  196. 		break;
    197. 

  197. 	}
    198. 

  198. 	if (acl_get_permset(posix_ace, &permset) != 0) {
    199. 

  199. 		DEBUG(0, ("smb_acl_get_mode failed\n"));
    200. 

  200. 		return False;
    201. 

  201. 	}
    202. 

  202. 	ace->a_perm = 0;
    203. 

  203. #ifdef HAVE_ACL_GET_PERM_NP
    204. 

  204. 	ace->a_perm |= (acl_get_perm_np(permset, ACL_READ) ? SMB_ACL_READ : 0);
    205. 

  205. 	ace->a_perm |= (acl_get_perm_np(permset, ACL_WRITE) ? SMB_ACL_WRITE : 0);
    206. 

  206. 	ace->a_perm |= (acl_get_perm_np(permset, ACL_EXECUTE) ? SMB_ACL_EXECUTE : 0);
    207. 

  207. #else
    208. 

  208. 	ace->a_perm |= (acl_get_perm(permset, ACL_READ) ? SMB_ACL_READ : 0);
    209. 

  209. 	ace->a_perm |= (acl_get_perm(permset, ACL_WRITE) ? SMB_ACL_WRITE : 0);
    210. 

  210. 	ace->a_perm |= (acl_get_perm(permset, ACL_EXECUTE) ? SMB_ACL_EXECUTE : 0);
    211. 

  211. #endif
    212. 

  212. 	return True;
    213. 

  213. }
    214. 

  214. 

  215. static struct smb_acl_t *smb_acl_to_internal(acl_t acl)
    216. 

  216. {
    217. 

  217. 	struct smb_acl_t *result = SMB_MALLOC_P(struct smb_acl_t);
    218. 

  218. 	int entry_id = ACL_FIRST_ENTRY;
    219. 

  219. 	acl_entry_t e;
    220. 

  220. 	if (result == NULL) {
    221. 

  221. 		return NULL;
    222. 

  222. 	}
    223. 

  223. 	ZERO_STRUCTP(result);
    224. 

  224. 	while (acl_get_entry(acl, entry_id, &e) == 1) {
    225. 

  225. 

  226. 		entry_id = ACL_NEXT_ENTRY;
    227. 

  227. 

  228. 		result = (struct smb_acl_t *)SMB_REALLOC(
    229. 

  229. 			result, sizeof(struct smb_acl_t) +
    230. 

  230. 			(sizeof(struct smb_acl_entry) * (result->count+1)));
    231. 

  231. 		if (result == NULL) {
    232. 

  232. 			DEBUG(0, ("SMB_REALLOC failed\n"));
    233. 

  233. 			errno = ENOMEM;
    234. 

  234. 			return NULL;
    235. 

  235. 		}
    236. 

  236. 

  237. 		if (!smb_ace_to_internal(e, &result->acl[result->count])) {
    238. 

  238. 			SAFE_FREE(result);
    239. 

  239. 			return NULL;
    240. 

  240. 		}
    241. 

  241. 

  242. 		result->count += 1;
    243. 

  243. 	}
    244. 

  244. 	return result;
    245. 

  245. }
    246. 

  246. 

  247. static int smb_acl_set_mode(acl_entry_t entry, SMB_ACL_PERM_T perm)
    248. 

  248. {
    249. 

  249.         int ret;
    250. 

  250.         acl_permset_t permset;
    251. 

  251. 

  252. 	if ((ret = acl_get_permset(entry, &permset)) != 0) {
    253. 

  253. 		return ret;
    254. 

  254. 	}
    255. 

  255.         if ((ret = acl_clear_perms(permset)) != 0) {
    256. 

  256.                 return ret;
    257. 

  257. 	}
    258. 

  258.         if ((perm & SMB_ACL_READ) &&
    259. 

  259. 	    ((ret = acl_add_perm(permset, ACL_READ)) != 0)) {
    260. 

  260. 		return ret;
    261. 

  261. 	}
    262. 

  262.         if ((perm & SMB_ACL_WRITE) &&
    263. 

  263. 	    ((ret = acl_add_perm(permset, ACL_WRITE)) != 0)) {
    264. 

  264. 		return ret;
    265. 

  265. 	}
    266. 

  266.         if ((perm & SMB_ACL_EXECUTE) &&
    267. 

  267. 	    ((ret = acl_add_perm(permset, ACL_EXECUTE)) != 0)) {
    268. 

  268. 		return ret;
    269. 

  269. 	}
    270. 

  270.         return acl_set_permset(entry, permset);
    271. 

  271. }
    272. 

  272. 

  273. static acl_t smb_acl_to_posix(const struct smb_acl_t *acl)
    274. 

  274. {
    275. 

  275. 	acl_t result;
    276. 

  276. 	int i;
    277. 

  277. 

  278. 	result = acl_init(acl->count);
    279. 

  279. 	if (result == NULL) {
    280. 

  280. 		DEBUG(10, ("acl_init failed\n"));
    281. 

  281. 		return NULL;
    282. 

  282. 	}
    283. 

  283. 

  284. 	for (i=0; i<acl->count; i++) {
    285. 

  285. 		const struct smb_acl_entry *entry = &acl->acl[i];
    286. 

  286. 		acl_entry_t e;
    287. 

  287. 		acl_tag_t tag;
    288. 

  288. 

  289. 		if (acl_create_entry(&result, &e) != 0) {
    290. 

  290. 			DEBUG(1, ("acl_create_entry failed: %s\n",
    291. 

  291. 				  strerror(errno)));
    292. 

  292. 			goto fail;
    293. 

  293. 		}
    294. 

  294. 

  295. 		switch (entry->a_type) {
    296. 

  296. 		case SMB_ACL_USER:
    297. 

  297. 			tag = ACL_USER;
    298. 

  298. 			break;
    299. 

  299. 		case SMB_ACL_USER_OBJ:
    300. 

  300. 			tag = ACL_USER_OBJ;
    301. 

  301. 			break;
    302. 

  302. 		case SMB_ACL_GROUP:
    303. 

  303. 			tag = ACL_GROUP;
    304. 

  304. 			break;
    305. 

  305. 		case SMB_ACL_GROUP_OBJ:
    306. 

  306. 			tag = ACL_GROUP_OBJ;
    307. 

  307. 			break;
    308. 

  308. 		case SMB_ACL_OTHER:
    309. 

  309. 			tag = ACL_OTHER;
    310. 

  310. 			break;
    311. 

  311. 		case SMB_ACL_MASK:
    312. 

  312. 			tag = ACL_MASK;
    313. 

  313. 			break;
    314. 

  314. 		default:
    315. 

  315. 			DEBUG(1, ("Unknown tag value %d\n", entry->a_type));
    316. 

  316. 			goto fail;
    317. 

  317. 		}
    318. 

  318. 

  319. 		if (acl_set_tag_type(e, tag) != 0) {
    320. 

  320. 			DEBUG(10, ("acl_set_tag_type(%d) failed: %s\n",
    321. 

  321. 				   tag, strerror(errno)));
    322. 

  322. 			goto fail;
    323. 

  323. 		}
    324. 

  324. 

  325. 		switch (entry->a_type) {
    326. 

  326. 		case SMB_ACL_USER:
    327. 

  327. 			if (acl_set_qualifier(e, &entry->uid) != 0) {
    328. 

  328. 				DEBUG(1, ("acl_set_qualifiier failed: %s\n",
    329. 

  329. 					  strerror(errno)));
    330. 

  330. 				goto fail;
    331. 

  331. 			}
    332. 

  332. 			break;
    333. 

  333. 		case SMB_ACL_GROUP:
    334. 

  334. 			if (acl_set_qualifier(e, &entry->gid) != 0) {
    335. 

  335. 				DEBUG(1, ("acl_set_qualifiier failed: %s\n",
    336. 

  336. 					  strerror(errno)));
    337. 

  337. 				goto fail;
    338. 

  338. 			}
    339. 

  339. 			break;
    340. 

  340. 		default: 	/* Shut up, compiler! :-) */
    341. 

  341. 			break;
    342. 

  342. 		}
    343. 

  343. 

  344. 		if (smb_acl_set_mode(e, entry->a_perm) != 0) {
    345. 

  345. 			goto fail;
    346. 

  346. 		}
    347. 

  347. 	}
    348. 

  348. 

  349. 	if (acl_valid(result) != 0) {
    350. 

  350. 		DEBUG(0, ("smb_acl_to_posix: ACL is invalid for set (%s)\n",
    351. 

  351. 			  strerror(errno)));
    352. 

  352. 		goto fail;
    353. 

  353. 	}
    354. 

  354. 

  355. 	return result;
    356. 

  356. 

  357.  fail:
    358. 

  358. 	if (result != NULL) {
    359. 

  359. 		acl_free(result);
    360. 

  360. 	}
    361. 

  361. 	return NULL;
    362. 

  362. }
    363. 

  363. 

  364. /* VFS operations structure */
    365. 

  365. 

  366. static vfs_op_tuple posixacl_op_tuples[] = {
    367. 

  367. 	/* Disk operations */
    368. 

  368.   {SMB_VFS_OP(posixacl_sys_acl_get_file),
    369. 

  369.    SMB_VFS_OP_SYS_ACL_GET_FILE,
    370. 

  370.    SMB_VFS_LAYER_TRANSPARENT},
    371. 

  371. 

  372.   {SMB_VFS_OP(posixacl_sys_acl_get_fd),
    373. 

  373.    SMB_VFS_OP_SYS_ACL_GET_FD,
    374. 

  374.    SMB_VFS_LAYER_TRANSPARENT},
    375. 

  375. 

  376.   {SMB_VFS_OP(posixacl_sys_acl_set_file),
    377. 

  377.    SMB_VFS_OP_SYS_ACL_SET_FILE,
    378. 

  378.    SMB_VFS_LAYER_TRANSPARENT},
    379. 

  379. 

  380.   {SMB_VFS_OP(posixacl_sys_acl_set_fd),
    381. 

  381.    SMB_VFS_OP_SYS_ACL_SET_FD,
    382. 

  382.    SMB_VFS_LAYER_TRANSPARENT},
    383. 

  383. 

  384.   {SMB_VFS_OP(posixacl_sys_acl_delete_def_file),
    385. 

  385.    SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE,
    386. 

  386.    SMB_VFS_LAYER_TRANSPARENT},
    387. 

  387. 

  388.   {SMB_VFS_OP(NULL),
    389. 

  389.    SMB_VFS_OP_NOOP,
    390. 

  390.    SMB_VFS_LAYER_NOOP}
    391. 

  391. };
    392. 

  392. 

  393. NTSTATUS vfs_posixacl_init(void);
    394. 

  394. NTSTATUS vfs_posixacl_init(void)
    395. 

  395. {
    396. 

  396. 	return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "posixacl",
    397. 

  397. 				posixacl_op_tuples);
    398. 

  398. }
    399. 

  399.