2 Unix SMB/CIFS implementation.
3 Samba system utilities for ACL support.
4 Copyright (C) Jeremy Allison 2000.
5 Copyright (C) Volker Lendecke 2006
6 Copyright (C) Michael Adam 2006,2008
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "system/passwd.h"
25 #if defined(HAVE_POSIX_ACLS)
26 #include "modules/vfs_posixacl.h"
29 #if defined(HAVE_TRU64_ACLS)
30 #include "modules/vfs_tru64acl.h"
33 #if defined(HAVE_SOLARIS_UNIXWARE_ACLS)
34 #include "modules/vfs_solarisacl.h"
37 #if defined(HAVE_HPUX_ACLS)
38 #include "modules/vfs_hpuxacl.h"
42 #define DBGC_CLASS DBGC_ACLS
45 * Note that while this code implements sufficient functionality
46 * to support the sys_acl_* interfaces it does not provide all
47 * of the semantics of the POSIX ACL interfaces.
49 * In particular, an ACL entry descriptor (SMB_ACL_ENTRY_T) returned
50 * from a call to sys_acl_get_entry() should not be assumed to be
51 * valid after calling any of the following functions, which may
52 * reorder the entries in the ACL.
59 int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p)
61 if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) {
66 if (entry_p == NULL) {
71 if (entry_id == SMB_ACL_FIRST_ENTRY) {
75 if (acl_d->next < 0) {
80 if (acl_d->next >= acl_d->count) {
84 *entry_p = &acl_d->acl[acl_d->next++];
89 int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p)
91 *type_p = entry_d->a_type;
96 int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
98 *permset_p = &entry_d->a_perm;
103 void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d)
105 if (entry_d->a_type == SMB_ACL_USER) {
106 return &entry_d->info.user.uid;
109 if (entry_d->a_type == SMB_ACL_GROUP) {
110 return &entry_d->info.group.gid;
117 int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d)
124 int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
126 if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE
127 && perm != SMB_ACL_EXECUTE) {
132 if (permset_d == NULL) {
142 int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
144 return *permset_d & perm;
147 char *sys_acl_to_text(const struct smb_acl_t *acl_d, ssize_t *len_p)
154 * use an initial estimate of 20 bytes per ACL entry
155 * when allocating memory for the text representation
159 maxlen = 20 * acl_d->count;
160 if ((text = (char *)SMB_MALLOC(maxlen)) == NULL) {
165 for (i = 0; i < acl_d->count; i++) {
166 struct smb_acl_entry *ap = &acl_d->acl[i];
175 switch (ap->a_type) {
177 * for debugging purposes it's probably more
178 * useful to dump unknown tag types rather
179 * than just returning an error
182 slprintf(tagbuf, sizeof(tagbuf)-1, "0x%x",
188 id = uidtoname(ap->info.user.uid);
191 case SMB_ACL_USER_OBJ:
196 if ((gr = getgrgid(ap->info.group.gid)) == NULL) {
197 slprintf(idbuf, sizeof(idbuf)-1, "%ld",
198 (long)ap->info.group.gid);
205 case SMB_ACL_GROUP_OBJ:
219 perms[0] = (ap->a_perm & SMB_ACL_READ) ? 'r' : '-';
220 perms[1] = (ap->a_perm & SMB_ACL_WRITE) ? 'w' : '-';
221 perms[2] = (ap->a_perm & SMB_ACL_EXECUTE) ? 'x' : '-';
224 /* <tag> : <qualifier> : rwx \n \0 */
225 nbytes = strlen(tag) + 1 + strlen(id) + 1 + 3 + 1 + 1;
228 * If this entry would overflow the buffer
229 * allocate enough additional memory for this
230 * entry and an estimate of another 20 bytes
231 * for each entry still to be processed
233 if ((len + nbytes) > maxlen) {
234 maxlen += nbytes + 20 * (acl_d->count - i);
235 if ((text = (char *)SMB_REALLOC(text, maxlen)) == NULL) {
242 slprintf(&text[len], nbytes, "%s:%s:%s\n", tag, id, perms);
252 SMB_ACL_T sys_acl_init(TALLOC_CTX *mem_ctx)
256 if ((a = talloc(mem_ctx, struct smb_acl_t)) == NULL) {
264 a->acl = talloc_array(a, struct smb_acl_entry, 0);
274 int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p)
277 SMB_ACL_ENTRY_T entry_d;
278 struct smb_acl_entry *acl;
280 if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) {
285 acl = talloc_realloc(acl_d, acl_d->acl, struct smb_acl_entry, acl_d->count+1);
291 entry_d = &acl_d->acl[acl_d->count];
292 entry_d->a_type = SMB_ACL_TAG_INVALID;
300 int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type)
304 case SMB_ACL_USER_OBJ:
306 case SMB_ACL_GROUP_OBJ:
309 entry_d->a_type = tag_type;
319 int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p)
321 if (entry_d->a_type == SMB_ACL_USER) {
322 entry_d->info.user.uid = *((uid_t *)qual_p);
325 if (entry_d->a_type == SMB_ACL_GROUP) {
326 entry_d->info.group.gid = *((gid_t *)qual_p);
334 int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d)
336 if (*permset_d & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) {
341 entry_d->a_perm = *permset_d;
346 int sys_acl_free_text(char *text)
352 int sys_acl_valid(SMB_ACL_T acl_d)
359 * acl_get_file, acl_get_fd, acl_set_file, acl_set_fd and
360 * sys_acl_delete_def_file are to be redirected to the default
361 * statically-bound acl vfs module, but they are replacable.
364 #if defined(HAVE_POSIX_ACLS)
366 SMB_ACL_T sys_acl_get_file(vfs_handle_struct *handle,
367 const struct smb_filename *smb_fname,
371 return posixacl_sys_acl_get_file(handle, smb_fname, type, mem_ctx);
374 SMB_ACL_T sys_acl_get_fd(vfs_handle_struct *handle, files_struct *fsp, TALLOC_CTX *mem_ctx)
376 return posixacl_sys_acl_get_fd(handle, fsp, mem_ctx);
379 int sys_acl_set_file(vfs_handle_struct *handle,
380 const struct smb_filename *smb_fname,
384 return posixacl_sys_acl_set_file(handle, smb_fname, type, acl_d);
387 int sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp,
390 return posixacl_sys_acl_set_fd(handle, fsp, acl_d);
393 int sys_acl_delete_def_file(vfs_handle_struct *handle,
394 const struct smb_filename *smb_fname)
396 return posixacl_sys_acl_delete_def_file(handle, smb_fname);
399 #elif defined(HAVE_AIX_ACLS)
401 SMB_ACL_T sys_acl_get_file(vfs_handle_struct *handle,
402 const struct smb_filename *smb_fname,
406 return aixacl_sys_acl_get_file(handle, smb_fname, type, mem_ctx);
409 SMB_ACL_T sys_acl_get_fd(vfs_handle_struct *handle, files_struct *fsp,
412 return aixacl_sys_acl_get_fd(handle, fsp, mem_ctx);
415 int sys_acl_set_file(vfs_handle_struct *handle,
416 const struct smb_filename *smb_fname,
420 return aixacl_sys_acl_set_file(handle, smb_fname, type, acl_d);
423 int sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp,
426 return aixacl_sys_acl_set_fd(handle, fsp, acl_d);
429 int sys_acl_delete_def_file(vfs_handle_struct *handle,
430 const struct smb_filename *smb_fname)
432 return aixacl_sys_acl_delete_def_file(handle, smb_fname);
435 #elif defined(HAVE_TRU64_ACLS)
437 SMB_ACL_T sys_acl_get_file(vfs_handle_struct *handle,
438 const struct smb_filename *smb_fname,
442 return tru64acl_sys_acl_get_file(handle, smb_fname, type,
446 SMB_ACL_T sys_acl_get_fd(vfs_handle_struct *handle, files_struct *fsp,
449 return tru64acl_sys_acl_get_fd(handle, fsp, mem_ctx);
452 int sys_acl_set_file(vfs_handle_struct *handle,
453 const struct smb_filename *smb_fname,
457 return tru64acl_sys_acl_set_file(handle, smb_fname, type, acl_d);
460 int sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp,
463 return tru64acl_sys_acl_set_fd(handle, fsp, acl_d);
466 int sys_acl_delete_def_file(vfs_handle_struct *handle,
467 const struct smb_filename *smb_fname)
469 return tru64acl_sys_acl_delete_def_file(handle, smb_fname);
472 #elif defined(HAVE_SOLARIS_UNIXWARE_ACLS)
474 SMB_ACL_T sys_acl_get_file(vfs_handle_struct *handle,
475 const struct smb_filename *smb_fname,
479 return solarisacl_sys_acl_get_file(handle, smb_fname, type,
483 SMB_ACL_T sys_acl_get_fd(vfs_handle_struct *handle, files_struct *fsp,
486 return solarisacl_sys_acl_get_fd(handle, fsp,
490 int sys_acl_set_file(vfs_handle_struct *handle,
491 const struct smb_filename *smb_fname,
495 return solarisacl_sys_acl_set_file(handle, smb_fname, type, acl_d);
498 int sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp,
501 return solarisacl_sys_acl_set_fd(handle, fsp, acl_d);
504 int sys_acl_delete_def_file(vfs_handle_struct *handle,
505 const struct smb_filename *smb_fname)
507 return solarisacl_sys_acl_delete_def_file(handle, smb_fname);
510 #elif defined(HAVE_HPUX_ACLS)
512 SMB_ACL_T sys_acl_get_file(vfs_handle_struct *handle,
513 const struct smb_filename *smb_fname,
517 return hpuxacl_sys_acl_get_file(handle, smb_fname, type, mem_ctx);
520 SMB_ACL_T sys_acl_get_fd(vfs_handle_struct *handle, files_struct *fsp,
523 return hpuxacl_sys_acl_get_fd(handle, fsp, mem_ctx);
526 int sys_acl_set_file(vfs_handle_struct *handle,
527 const struct smb_filename *smb_fname,
531 return hpuxacl_sys_acl_set_file(handle, smb_fname, type, acl_d);
534 int sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp,
537 return hpuxacl_sys_acl_set_fd(handle, fsp, acl_d);
540 int sys_acl_delete_def_file(vfs_handle_struct *handle,
541 const struct smb_filename *smb_fname)
543 return hpuxacl_sys_acl_delete_def_file(handle, smb_fname);
548 SMB_ACL_T sys_acl_get_file(vfs_handle_struct *handle,
549 const struct smb_filename *smb_fname,
561 SMB_ACL_T sys_acl_get_fd(vfs_handle_struct *handle, files_struct *fsp,
572 int sys_acl_set_file(vfs_handle_struct *handle,
573 const struct smb_filename *smb_fname,
585 int sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp,
596 int sys_acl_delete_def_file(vfs_handle_struct *handle,
597 const struct smb_filename *smb_fname)
609 /************************************************************************
610 Deliberately outside the ACL defines. Return 1 if this is a "no acls"
612 ************************************************************************/
614 int no_acl_syscall_error(int err)
622 if (err == ENOTSUP) {