2 Unix SMB/Netbios implementation.
4 Samba system utilities for ACL support.
5 Copyright (C) Jeremy Allison 2000.
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 extern int DEBUGLEVEL;
27 This file wraps all differing system ACL interfaces into a consistent
28 one based on the POSIX interface. It also returns the correct errors
29 for older UNIX systems that don't support ACLs.
31 The interfaces that each ACL implementation must support are as follows :
33 int sys_acl_get_entry( SMB_ACL_T theacl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
34 int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
35 int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p
36 void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d)
37 SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type)
38 SMB_ACL_T sys_acl_get_fd(int fd)
39 int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset);
40 int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm);
41 char *sys_acl_to_text( SMB_ACL_T theacl, ssize_t *plen)
42 SMB_ACL_T sys_acl_init( int count)
43 int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
44 int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype)
45 int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual)
46 int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset)
47 int sys_acl_valid( SMB_ACL_T theacl )
48 int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
49 int sys_acl_set_fd( int fd, SMB_ACL_T theacl)
50 int sys_acl_delete_def_file(const char *path)
52 This next one is not POSIX complient - but we *have* to have it !
53 More POSIX braindamage.
55 int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
57 The generic POSIX free is the following call. We split this into
58 several different free functions as we may need to add tag info
59 to structures when emulating the POSIX interface.
61 int sys_acl_free( void *obj_p)
63 The calls we actually use are :
65 int sys_acl_free_text(char *text) - free acl_to_text
66 int sys_acl_free_acl(SMB_ACL_T posix_acl)
67 int sys_acl_free_qualifier(SMB_ACL_T posix_acl)
71 #if defined(HAVE_POSIX_ACLS)
73 /* Identity mapping - easy. */
75 int sys_acl_get_entry( SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
77 return acl_get_entry( the_acl, entry_id, entry_p);
80 int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
82 return acl_get_tag_type( entry_d, tag_type_p);
85 int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
87 return acl_get_permset( entry_d, permset_p);
90 void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d)
92 return acl_get_qualifier( entry_d);
95 SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type)
97 return acl_get_file( path_p, type);
100 SMB_ACL_T sys_acl_get_fd(int fd)
102 return acl_get_fd(fd);
105 int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset)
107 return acl_clear_perms(permset);
110 int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
112 return acl_add_perm(permset, perm);
115 int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
117 #if defined(HAVE_ACL_GET_PERM_NP)
119 * Required for TrustedBSD-based ACL implementations where
120 * non-POSIX.1e functions are denoted by a _np (non-portable)
123 return acl_get_perm_np(permset, perm);
125 return acl_get_perm(permset, perm);
129 char *sys_acl_to_text( SMB_ACL_T the_acl, ssize_t *plen)
131 return acl_to_text( the_acl, plen);
134 SMB_ACL_T sys_acl_init( int count)
136 return acl_init(count);
139 int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
141 return acl_create_entry(pacl, pentry);
144 int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype)
146 return acl_set_tag_type(entry, tagtype);
149 int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual)
151 return acl_set_qualifier(entry, qual);
154 int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset)
156 return acl_set_permset(entry, permset);
159 int sys_acl_valid( SMB_ACL_T theacl )
161 return acl_valid(theacl);
164 int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
166 return acl_set_file(name, acltype, theacl);
169 int sys_acl_set_fd( int fd, SMB_ACL_T theacl)
171 return acl_set_fd(fd, theacl);
174 int sys_acl_delete_def_file(const char *name)
176 return acl_delete_def_file(name);
179 int sys_acl_free_text(char *text)
181 return acl_free(text);
184 int sys_acl_free_acl(SMB_ACL_T the_acl)
186 return acl_free(the_acl);
189 int sys_acl_free_qualifier(void *qual)
191 return acl_free(qual);
194 #elif defined(HAVE_UNIXWARE_ACLS) || defined(HAVE_SOLARIS_ACLS)
197 * Donated by Michael Davidson <md@sco.COM> for UnixWare / OpenUNIX.
198 * Modified by Toomas Soome <tsoome@ut.ee> for Solaris.
202 * Note that while this code implements sufficient functionality
203 * to support the sys_acl_* interfaces it does not provide all
204 * of the semantics of the POSIX ACL interfaces.
206 * In particular, an ACL entry descriptor (SMB_ACL_ENTRY_T) returned
207 * from a call to sys_acl_get_entry() should not be assumed to be
208 * valid after calling any of the following functions, which may
209 * reorder the entries in the ACL.
217 * The only difference between Solaris and UnixWare / OpenUNIX is
218 * that the #defines for the ACL operations have different names
220 #if defined(HAVE_UNIXWARE_ACLS)
222 #define SETACL ACL_SET
223 #define GETACL ACL_GET
224 #define GETACLCNT ACL_CNT
229 int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p)
231 if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) {
236 if (entry_p == NULL) {
241 if (entry_id == SMB_ACL_FIRST_ENTRY) {
245 if (acl_d->next < 0) {
250 if (acl_d->next >= acl_d->count) {
254 *entry_p = &acl_d->acl[acl_d->next++];
259 int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p)
261 *type_p = entry_d->a_type;
266 int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
268 *permset_p = &entry_d->a_perm;
273 void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d)
275 if (entry_d->a_type != SMB_ACL_USER
276 && entry_d->a_type != SMB_ACL_GROUP) {
281 return &entry_d->a_id;
285 * There is no way of knowing what size the ACL returned by
286 * GETACL will be unless you first call GETACLCNT which means
287 * making an additional system call.
289 * In the hope of avoiding the cost of the additional system
290 * call in most cases, we initially allocate enough space for
291 * an ACL with INITIAL_ACL_SIZE entries. If this turns out to
292 * be too small then we use GETACLCNT to find out the actual
293 * size, reallocate the ACL buffer, and then call GETACL again.
296 #define INITIAL_ACL_SIZE 16
298 SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type)
301 int count; /* # of ACL entries allocated */
302 int naccess; /* # of access ACL entries */
303 int ndefault; /* # of default ACL entries */
305 if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) {
310 count = INITIAL_ACL_SIZE;
311 if ((acl_d = sys_acl_init(count)) == NULL) {
316 * If there isn't enough space for the ACL entries we use
317 * GETACLCNT to determine the actual number of ACL entries
318 * reallocate and try again. This is in a loop because it
319 * is possible that someone else could modify the ACL and
320 * increase the number of entries between the call to
321 * GETACLCNT and the call to GETACL.
323 while ((count = acl(path_p, GETACL, count, &acl_d->acl[0])) < 0
324 && errno == ENOSPC) {
326 sys_acl_free_acl(acl_d);
328 if ((count = acl(path_p, GETACLCNT, 0, NULL)) < 0) {
332 if ((acl_d = sys_acl_init(count)) == NULL) {
338 sys_acl_free_acl(acl_d);
343 * calculate the number of access and default ACL entries
345 * Note: we assume that the acl() system call returned a
346 * well formed ACL which is sorted so that all of the
347 * access ACL entries preceed any default ACL entries
349 for (naccess = 0; naccess < count; naccess++) {
350 if (acl_d->acl[naccess].a_type & ACL_DEFAULT)
353 ndefault = count - naccess;
356 * if the caller wants the default ACL we have to copy
357 * the entries down to the start of the acl[] buffer
358 * and mask out the ACL_DEFAULT flag from the type field
360 if (type == SMB_ACL_TYPE_DEFAULT) {
363 for (i = 0, j = naccess; i < ndefault; i++, j++) {
364 acl_d->acl[i] = acl_d->acl[j];
365 acl_d->acl[i].a_type &= ~ACL_DEFAULT;
368 acl_d->count = ndefault;
370 acl_d->count = naccess;
376 SMB_ACL_T sys_acl_get_fd(int fd)
379 int count; /* # of ACL entries allocated */
380 int naccess; /* # of access ACL entries */
382 count = INITIAL_ACL_SIZE;
383 if ((acl_d = sys_acl_init(count)) == NULL) {
387 while ((count = facl(fd, GETACL, count, &acl_d->acl[0])) < 0
388 && errno == ENOSPC) {
390 sys_acl_free_acl(acl_d);
392 if ((count = facl(fd, GETACLCNT, 0, NULL)) < 0) {
396 if ((acl_d = sys_acl_init(count)) == NULL) {
402 sys_acl_free_acl(acl_d);
407 * calculate the number of access ACL entries
409 for (naccess = 0; naccess < count; naccess++) {
410 if (acl_d->acl[naccess].a_type & ACL_DEFAULT)
414 acl_d->count = naccess;
419 int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d)
426 int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
428 if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE
429 && perm != SMB_ACL_EXECUTE) {
434 if (permset_d == NULL) {
444 int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
446 return *permset_d & perm;
449 char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p)
456 * use an initial estimate of 20 bytes per ACL entry
457 * when allocating memory for the text representation
461 maxlen = 20 * acl_d->count;
462 if ((text = malloc(maxlen)) == NULL) {
467 for (i = 0; i < acl_d->count; i++) {
468 struct acl *ap = &acl_d->acl[i];
478 switch (ap->a_type) {
480 * for debugging purposes it's probably more
481 * useful to dump unknown tag types rather
482 * than just returning an error
485 slprintf(tagbuf, sizeof(tagbuf)-1, "0x%x",
488 slprintf(idbuf, sizeof(idbuf)-1, "%ld",
494 if ((pw = sys_getpwuid(ap->a_id)) == NULL) {
495 slprintf(idbuf, sizeof(idbuf)-1, "%ld",
501 case SMB_ACL_USER_OBJ:
506 if ((gr = getgrgid(ap->a_id)) == NULL) {
507 slprintf(idbuf, sizeof(idbuf)-1, "%ld",
513 case SMB_ACL_GROUP_OBJ:
527 perms[0] = (ap->a_perm & SMB_ACL_READ) ? 'r' : '-';
528 perms[1] = (ap->a_perm & SMB_ACL_WRITE) ? 'w' : '-';
529 perms[2] = (ap->a_perm & SMB_ACL_EXECUTE) ? 'x' : '-';
532 /* <tag> : <qualifier> : rwx \n \0 */
533 nbytes = strlen(tag) + 1 + strlen(id) + 1 + 3 + 1 + 1;
536 * If this entry would overflow the buffer
537 * allocate enough additional memory for this
538 * entry and an estimate of another 20 bytes
539 * for each entry still to be processed
541 if ((len + nbytes) > maxlen) {
542 char *oldtext = text;
544 maxlen += nbytes + 20 * (acl_d->count - i);
546 if ((text = realloc(oldtext, maxlen)) == NULL) {
553 slprintf(&text[len], nbytes-1, "%s:%s:%s\n", tag, id, perms);
563 SMB_ACL_T sys_acl_init(int count)
573 * note that since the definition of the structure pointed
574 * to by the SMB_ACL_T includes the first element of the
575 * acl[] array, this actually allocates an ACL with room
576 * for (count+1) entries
578 if ((a = malloc(sizeof(*a) + count * sizeof(struct acl))) == NULL) {
591 int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p)
594 SMB_ACL_ENTRY_T entry_d;
596 if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) {
601 if (acl_d->count >= acl_d->size) {
606 entry_d = &acl_d->acl[acl_d->count++];
615 int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type)
619 case SMB_ACL_USER_OBJ:
621 case SMB_ACL_GROUP_OBJ:
624 entry_d->a_type = tag_type;
634 int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p)
636 if (entry_d->a_type != SMB_ACL_GROUP
637 && entry_d->a_type != SMB_ACL_USER) {
642 entry_d->a_id = *((id_t *)qual_p);
647 int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d)
649 if (*permset_d & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) {
653 entry_d->a_perm = *permset_d;
659 * sort the ACL and check it for validity
661 * if it's a minimal ACL with only 4 entries then we
662 * need to recalculate the mask permissions to make
663 * sure that they are the same as the GROUP_OBJ
664 * permissions as required by the UnixWare acl() system call.
666 * (note: since POSIX allows minimal ACLs which only contain
667 * 3 entries - ie there is no mask entry - we should, in theory,
668 * check for this and add a mask entry if necessary - however
669 * we "know" that the caller of this interface always specifies
670 * a mask so, in practice "this never happens" (tm) - if it *does*
671 * happen aclsort() will fail and return an error and someone will
672 * have to fix it ...)
675 static int acl_sort(SMB_ACL_T acl_d)
677 int fixmask = (acl_d->count <= 4);
679 if (aclsort(acl_d->count, fixmask, acl_d->acl) != 0) {
686 int sys_acl_valid(SMB_ACL_T acl_d)
688 return acl_sort(acl_d);
691 int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d)
696 struct acl *acl_buf = NULL;
699 if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) {
704 if (acl_sort(acl_d) != 0) {
708 acl_p = &acl_d->acl[0];
709 acl_count = acl_d->count;
712 * if it's a directory there is extra work to do
713 * since the acl() system call will replace both
714 * the access ACLs and the default ACLs (if any)
716 if (stat(name, &s) != 0) {
719 if (S_ISDIR(s.st_mode)) {
725 if (type == SMB_ACL_TYPE_ACCESS) {
727 def_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_DEFAULT);
731 acc_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_ACCESS);
734 if (tmp_acl == NULL) {
739 * allocate a temporary buffer for the complete ACL
741 acl_count = acc_acl->count + def_acl->count;
742 acl_p = acl_buf = malloc(acl_count * sizeof(acl_buf[0]));
744 if (acl_buf == NULL) {
745 sys_acl_free_acl(tmp_acl);
751 * copy the access control and default entries into the buffer
753 memcpy(&acl_buf[0], &acc_acl->acl[0],
754 acc_acl->count * sizeof(acl_buf[0]));
756 memcpy(&acl_buf[acc_acl->count], &def_acl->acl[0],
757 def_acl->count * sizeof(acl_buf[0]));
760 * set the ACL_DEFAULT flag on the default entries
762 for (i = acc_acl->count; i < acl_count; i++) {
763 acl_buf[i].a_type |= ACL_DEFAULT;
766 sys_acl_free_acl(tmp_acl);
768 } else if (type != SMB_ACL_TYPE_ACCESS) {
773 ret = acl(name, SETACL, acl_count, acl_p);
782 int sys_acl_set_fd(int fd, SMB_ACL_T acl_d)
784 if (acl_sort(acl_d) != 0) {
788 return facl(fd, SETACL, acl_d->count, &acl_d->acl[0]);
791 int sys_acl_delete_def_file(const char *path)
797 * fetching the access ACL and rewriting it has
798 * the effect of deleting the default ACL
800 if ((acl_d = sys_acl_get_file(path, SMB_ACL_TYPE_ACCESS)) == NULL) {
804 ret = acl(path, SETACL, acl_d->count, acl_d->acl);
806 sys_acl_free_acl(acl_d);
811 int sys_acl_free_text(char *text)
817 int sys_acl_free_acl(SMB_ACL_T acl_d)
823 int sys_acl_free_qualifier(void *qual)
828 #elif defined(HAVE_IRIX_ACLS)
830 int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p)
832 if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) {
837 if (entry_p == NULL) {
842 if (entry_id == SMB_ACL_FIRST_ENTRY) {
846 if (acl_d->next < 0) {
851 if (acl_d->next >= acl_d->aclp->acl_cnt) {
855 *entry_p = &acl_d->aclp->acl_entry[acl_d->next++];
860 int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p)
862 *type_p = entry_d->ae_tag;
867 int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
869 *permset_p = entry_d;
874 void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d)
876 if (entry_d->ae_tag != SMB_ACL_USER
877 && entry_d->ae_tag != SMB_ACL_GROUP) {
882 return &entry_d->ae_id;
885 SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type)
889 if ((a = malloc(sizeof(*a))) == NULL) {
893 if ((a->aclp = acl_get_file(path_p, type)) == NULL) {
902 SMB_ACL_T sys_acl_get_fd(int fd)
906 if ((a = malloc(sizeof(*a))) == NULL) {
910 if ((a->aclp = acl_get_fd(fd)) == NULL) {
919 int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d)
921 permset_d->ae_perm = 0;
926 int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
928 if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE
929 && perm != SMB_ACL_EXECUTE) {
934 if (permset_d == NULL) {
939 permset_d->ae_perm |= perm;
944 int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
946 return permset_d->ae_perm & perm;
949 char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p)
951 return acl_to_text(acl_d->aclp, len_p);
954 SMB_ACL_T sys_acl_init(int count)
963 if ((a = malloc(sizeof(*a) + sizeof(struct acl))) == NULL) {
970 a->aclp = (struct acl *)(&a->aclp + sizeof(struct acl *));
971 a->aclp->acl_cnt = 0;
977 int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p)
980 SMB_ACL_ENTRY_T entry_d;
982 if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) {
987 if (acl_d->aclp->acl_cnt >= ACL_MAX_ENTRIES) {
992 entry_d = &acl_d->aclp->acl_entry[acl_d->aclp->acl_cnt++];
995 entry_d->ae_perm = 0;
1001 int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type)
1005 case SMB_ACL_USER_OBJ:
1007 case SMB_ACL_GROUP_OBJ:
1010 entry_d->ae_tag = tag_type;
1020 int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p)
1022 if (entry_d->ae_tag != SMB_ACL_GROUP
1023 && entry_d->ae_tag != SMB_ACL_USER) {
1028 entry_d->ae_id = *((id_t *)qual_p);
1033 int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d)
1035 if (permset_d->ae_perm & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) {
1039 entry_d->ae_perm = permset_d->ae_perm;
1044 int sys_acl_valid(SMB_ACL_T acl_d)
1046 return acl_valid(acl_d->aclp);
1049 int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d)
1051 return acl_set_file(name, type, acl_d->aclp);
1054 int sys_acl_set_fd(int fd, SMB_ACL_T acl_d)
1056 return acl_set_fd(fd, acl_d->aclp);
1059 int sys_acl_delete_def_file(const char *name)
1061 return acl_delete_def_file(name);
1064 int sys_acl_free_text(char *text)
1066 return acl_free(text);
1069 int sys_acl_free_acl(SMB_ACL_T acl_d)
1071 if (acl_d->freeaclp) {
1072 acl_free(acl_d->aclp);
1078 int sys_acl_free_qualifier(void *qual)
1083 #elif defined(HAVE_AIX_ACLS)
1085 /* Donated by Medha Date, mdate@austin.ibm.com, for IBM */
1087 int sys_acl_get_entry( SMB_ACL_T theacl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
1089 struct acl_entry_link *link;
1090 struct new_acl_entry *entry;
1093 DEBUG(10,("This is the count: %d\n",theacl->count));
1095 /* Check if count was previously set to -1. *
1096 * If it was, that means we reached the end *
1097 * of the acl last time. */
1098 if(theacl->count == -1)
1102 /* To get to the next acl, traverse linked list until index *
1103 * of acl matches the count we are keeping. This count is *
1104 * incremented each time we return an acl entry. */
1106 for(keep_going = 0; keep_going < theacl->count; keep_going++)
1109 entry = *entry_p = link->entryp;
1111 DEBUG(10,("*entry_p is %d\n",entry_p));
1112 DEBUG(10,("*entry_p->ace_access is %d\n",entry->ace_access));
1114 /* Increment count */
1116 if(link->nextp == NULL)
1122 int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
1124 /* Initialize tag type */
1127 DEBUG(10,("the tagtype is %d\n",entry_d->ace_id->id_type));
1129 /* Depending on what type of entry we have, *
1130 * return tag type. */
1131 switch(entry_d->ace_id->id_type) {
1133 *tag_type_p = SMB_ACL_USER;
1136 *tag_type_p = SMB_ACL_GROUP;
1139 case SMB_ACL_USER_OBJ:
1140 case SMB_ACL_GROUP_OBJ:
1142 *tag_type_p = entry_d->ace_id->id_type;
1152 int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
1154 DEBUG(10,("Starting AIX sys_acl_get_permset\n"));
1155 *permset_p = &entry_d->ace_access;
1156 DEBUG(10,("**permset_p is %d\n",**permset_p));
1157 if(!(**permset_p & S_IXUSR) &&
1158 !(**permset_p & S_IWUSR) &&
1159 !(**permset_p & S_IRUSR) &&
1163 DEBUG(10,("Ending AIX sys_acl_get_permset\n"));
1167 void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d)
1169 return(entry_d->ace_id->id_data);
1172 SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type)
1174 struct acl *file_acl = (struct acl *)NULL;
1175 struct acl_entry *acl_entry;
1176 struct new_acl_entry *new_acl_entry;
1178 struct acl_entry_link *acl_entry_link;
1179 struct acl_entry_link *acl_entry_link_head;
1184 /* Get the acl using statacl */
1186 DEBUG(10,("Entering sys_acl_get_file\n"));
1187 DEBUG(10,("path_p is %s\n",path_p));
1189 file_acl = (struct acl *)malloc(BUFSIZ);
1191 if(file_acl == NULL) {
1193 DEBUG(0,("Error in AIX sys_acl_get_file: %d\n",errno));
1197 memset(file_acl,0,BUFSIZ);
1199 rc = statacl((char *)path_p,0,file_acl,BUFSIZ);
1201 DEBUG(0,("statacl returned %d with errno %d\n",rc,errno));
1206 DEBUG(10,("Got facl and returned it\n"));
1208 /* Point to the first acl entry in the acl */
1209 acl_entry = file_acl->acl_ext;
1211 /* Begin setting up the head of the linked list *
1212 * that will be used for the storing the acl *
1213 * in a way that is useful for the posix_acls.c *
1216 acl_entry_link_head = acl_entry_link = sys_acl_init(0);
1217 if(acl_entry_link_head == NULL)
1220 acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof(struct new_acl_entry));
1221 if(acl_entry_link->entryp == NULL) {
1224 DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno));
1228 DEBUG(10,("acl_entry is %d\n",acl_entry));
1229 DEBUG(10,("acl_last(file_acl) id %d\n",acl_last(file_acl)));
1231 /* Check if the extended acl bit is on. *
1232 * If it isn't, do not show the *
1233 * contents of the acl since AIX intends *
1234 * the extended info to remain unused */
1236 if(file_acl->acl_mode & S_IXACL){
1237 /* while we are not pointing to the very end */
1238 while(acl_entry < acl_last(file_acl)) {
1239 /* before we malloc anything, make sure this is */
1240 /* a valid acl entry and one that we want to map */
1241 idp = id_nxt(acl_entry->ace_id);
1242 if((acl_entry->ace_type == ACC_SPECIFY ||
1243 (acl_entry->ace_type == ACC_PERMIT)) && (idp != id_last(acl_entry))) {
1244 acl_entry = acl_nxt(acl_entry);
1248 idp = acl_entry->ace_id;
1250 /* Check if this is the first entry in the linked list. *
1251 * The first entry needs to keep prevp pointing to NULL *
1252 * and already has entryp allocated. */
1254 if(acl_entry_link_head->count != 0) {
1255 acl_entry_link->nextp = (struct acl_entry_link *)
1256 malloc(sizeof(struct acl_entry_link));
1258 if(acl_entry_link->nextp == NULL) {
1261 DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno));
1265 acl_entry_link->nextp->prevp = acl_entry_link;
1266 acl_entry_link = acl_entry_link->nextp;
1267 acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof(struct new_acl_entry));
1268 if(acl_entry_link->entryp == NULL) {
1271 DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno));
1274 acl_entry_link->nextp = NULL;
1277 acl_entry_link->entryp->ace_len = acl_entry->ace_len;
1279 /* Don't really need this since all types are going *
1280 * to be specified but, it's better than leaving it 0 */
1282 acl_entry_link->entryp->ace_type = acl_entry->ace_type;
1284 acl_entry_link->entryp->ace_access = acl_entry->ace_access;
1286 memcpy(acl_entry_link->entryp->ace_id,idp,sizeof(struct ace_id));
1288 /* The access in the acl entries must be left shifted by *
1289 * three bites, because they will ultimately be compared *
1290 * to S_IRUSR, S_IWUSR, and S_IXUSR. */
1292 switch(acl_entry->ace_type){
1295 acl_entry_link->entryp->ace_access = acl_entry->ace_access;
1296 acl_entry_link->entryp->ace_access <<= 6;
1297 acl_entry_link_head->count++;
1300 /* Since there is no way to return a DENY acl entry *
1301 * change to PERMIT and then shift. */
1302 DEBUG(10,("acl_entry->ace_access is %d\n",acl_entry->ace_access));
1303 acl_entry_link->entryp->ace_access = ~acl_entry->ace_access & 7;
1304 DEBUG(10,("acl_entry_link->entryp->ace_access is %d\n",acl_entry_link->entryp->ace_access));
1305 acl_entry_link->entryp->ace_access <<= 6;
1306 acl_entry_link_head->count++;
1312 DEBUG(10,("acl_entry = %d\n",acl_entry));
1313 DEBUG(10,("The ace_type is %d\n",acl_entry->ace_type));
1315 acl_entry = acl_nxt(acl_entry);
1317 } /* end of if enabled */
1319 /* Since owner, group, other acl entries are not *
1320 * part of the acl entries in an acl, they must *
1321 * be dummied up to become part of the list. */
1323 for( i = 1; i < 4; i++) {
1324 DEBUG(10,("i is %d\n",i));
1325 if(acl_entry_link_head->count != 0) {
1326 acl_entry_link->nextp = (struct acl_entry_link *)malloc(sizeof(struct acl_entry_link));
1327 if(acl_entry_link->nextp == NULL) {
1330 DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno));
1334 acl_entry_link->nextp->prevp = acl_entry_link;
1335 acl_entry_link = acl_entry_link->nextp;
1336 acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof(struct new_acl_entry));
1337 if(acl_entry_link->entryp == NULL) {
1340 DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno));
1345 acl_entry_link->nextp = NULL;
1347 new_acl_entry = acl_entry_link->entryp;
1348 idp = new_acl_entry->ace_id;
1350 new_acl_entry->ace_len = sizeof(struct acl_entry);
1351 new_acl_entry->ace_type = ACC_PERMIT;
1352 idp->id_len = sizeof(struct ace_id);
1353 DEBUG(10,("idp->id_len = %d\n",idp->id_len));
1354 memset(idp->id_data,0,sizeof(uid_t));
1358 new_acl_entry->ace_access = file_acl->g_access << 6;
1359 idp->id_type = SMB_ACL_GROUP_OBJ;
1363 new_acl_entry->ace_access = file_acl->o_access << 6;
1364 idp->id_type = SMB_ACL_OTHER;
1368 new_acl_entry->ace_access = file_acl->u_access << 6;
1369 idp->id_type = SMB_ACL_USER_OBJ;
1377 acl_entry_link_head->count++;
1378 DEBUG(10,("new_acl_entry->ace_access = %d\n",new_acl_entry->ace_access));
1381 acl_entry_link_head->count = 0;
1384 return(acl_entry_link_head);
1387 SMB_ACL_T sys_acl_get_fd(int fd)
1389 struct acl *file_acl = (struct acl *)NULL;
1390 struct acl_entry *acl_entry;
1391 struct new_acl_entry *new_acl_entry;
1393 struct acl_entry_link *acl_entry_link;
1394 struct acl_entry_link *acl_entry_link_head;
1399 /* Get the acl using fstatacl */
1401 DEBUG(10,("Entering sys_acl_get_fd\n"));
1402 DEBUG(10,("fd is %d\n",fd));
1403 file_acl = (struct acl *)malloc(BUFSIZ);
1405 if(file_acl == NULL) {
1407 DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
1411 memset(file_acl,0,BUFSIZ);
1413 rc = fstatacl(fd,0,file_acl,BUFSIZ);
1415 DEBUG(0,("The fstatacl call returned %d with errno %d\n",rc,errno));
1420 DEBUG(10,("Got facl and returned it\n"));
1422 /* Point to the first acl entry in the acl */
1424 acl_entry = file_acl->acl_ext;
1425 /* Begin setting up the head of the linked list *
1426 * that will be used for the storing the acl *
1427 * in a way that is useful for the posix_acls.c *
1430 acl_entry_link_head = acl_entry_link = sys_acl_init(0);
1431 if(acl_entry_link_head == NULL){
1436 acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof(struct new_acl_entry));
1438 if(acl_entry_link->entryp == NULL) {
1440 DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
1445 DEBUG(10,("acl_entry is %d\n",acl_entry));
1446 DEBUG(10,("acl_last(file_acl) id %d\n",acl_last(file_acl)));
1448 /* Check if the extended acl bit is on. *
1449 * If it isn't, do not show the *
1450 * contents of the acl since AIX intends *
1451 * the extended info to remain unused */
1453 if(file_acl->acl_mode & S_IXACL){
1454 /* while we are not pointing to the very end */
1455 while(acl_entry < acl_last(file_acl)) {
1456 /* before we malloc anything, make sure this is */
1457 /* a valid acl entry and one that we want to map */
1459 idp = id_nxt(acl_entry->ace_id);
1460 if((acl_entry->ace_type == ACC_SPECIFY ||
1461 (acl_entry->ace_type == ACC_PERMIT)) && (idp != id_last(acl_entry))) {
1462 acl_entry = acl_nxt(acl_entry);
1466 idp = acl_entry->ace_id;
1468 /* Check if this is the first entry in the linked list. *
1469 * The first entry needs to keep prevp pointing to NULL *
1470 * and already has entryp allocated. */
1472 if(acl_entry_link_head->count != 0) {
1473 acl_entry_link->nextp = (struct acl_entry_link *)malloc(sizeof(struct acl_entry_link));
1474 if(acl_entry_link->nextp == NULL) {
1476 DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
1480 acl_entry_link->nextp->prevp = acl_entry_link;
1481 acl_entry_link = acl_entry_link->nextp;
1482 acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof(struct new_acl_entry));
1483 if(acl_entry_link->entryp == NULL) {
1485 DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
1490 acl_entry_link->nextp = NULL;
1493 acl_entry_link->entryp->ace_len = acl_entry->ace_len;
1495 /* Don't really need this since all types are going *
1496 * to be specified but, it's better than leaving it 0 */
1498 acl_entry_link->entryp->ace_type = acl_entry->ace_type;
1499 acl_entry_link->entryp->ace_access = acl_entry->ace_access;
1501 memcpy(acl_entry_link->entryp->ace_id, idp, sizeof(struct ace_id));
1503 /* The access in the acl entries must be left shifted by *
1504 * three bites, because they will ultimately be compared *
1505 * to S_IRUSR, S_IWUSR, and S_IXUSR. */
1507 switch(acl_entry->ace_type){
1510 acl_entry_link->entryp->ace_access = acl_entry->ace_access;
1511 acl_entry_link->entryp->ace_access <<= 6;
1512 acl_entry_link_head->count++;
1515 /* Since there is no way to return a DENY acl entry *
1516 * change to PERMIT and then shift. */
1517 DEBUG(10,("acl_entry->ace_access is %d\n",acl_entry->ace_access));
1518 acl_entry_link->entryp->ace_access = ~acl_entry->ace_access & 7;
1519 DEBUG(10,("acl_entry_link->entryp->ace_access is %d\n",acl_entry_link->entryp->ace_access));
1520 acl_entry_link->entryp->ace_access <<= 6;
1521 acl_entry_link_head->count++;
1527 DEBUG(10,("acl_entry = %d\n",acl_entry));
1528 DEBUG(10,("The ace_type is %d\n",acl_entry->ace_type));
1530 acl_entry = acl_nxt(acl_entry);
1532 } /* end of if enabled */
1534 /* Since owner, group, other acl entries are not *
1535 * part of the acl entries in an acl, they must *
1536 * be dummied up to become part of the list. */
1538 for( i = 1; i < 4; i++) {
1539 DEBUG(10,("i is %d\n",i));
1540 if(acl_entry_link_head->count != 0){
1541 acl_entry_link->nextp = (struct acl_entry_link *)malloc(sizeof(struct acl_entry_link));
1542 if(acl_entry_link->nextp == NULL) {
1544 DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
1549 acl_entry_link->nextp->prevp = acl_entry_link;
1550 acl_entry_link = acl_entry_link->nextp;
1551 acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof(struct new_acl_entry));
1553 if(acl_entry_link->entryp == NULL) {
1556 DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
1561 acl_entry_link->nextp = NULL;
1563 new_acl_entry = acl_entry_link->entryp;
1564 idp = new_acl_entry->ace_id;
1566 new_acl_entry->ace_len = sizeof(struct acl_entry);
1567 new_acl_entry->ace_type = ACC_PERMIT;
1568 idp->id_len = sizeof(struct ace_id);
1569 DEBUG(10,("idp->id_len = %d\n",idp->id_len));
1570 memset(idp->id_data,0,sizeof(uid_t));
1574 new_acl_entry->ace_access = file_acl->g_access << 6;
1575 idp->id_type = SMB_ACL_GROUP_OBJ;
1579 new_acl_entry->ace_access = file_acl->o_access << 6;
1580 idp->id_type = SMB_ACL_OTHER;
1584 new_acl_entry->ace_access = file_acl->u_access << 6;
1585 idp->id_type = SMB_ACL_USER_OBJ;
1592 acl_entry_link_head->count++;
1593 DEBUG(10,("new_acl_entry->ace_access = %d\n",new_acl_entry->ace_access));
1596 acl_entry_link_head->count = 0;
1599 return(acl_entry_link_head);
1602 int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset)
1604 *permset = *permset & ~0777;
1608 int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
1611 (perm & (S_IXUSR | S_IWUSR | S_IRUSR)) == 0)
1615 DEBUG(10,("This is the permset now: %d\n",*permset));
1619 char *sys_acl_to_text( SMB_ACL_T theacl, ssize_t *plen)
1624 SMB_ACL_T sys_acl_init( int count)
1626 struct acl_entry_link *theacl = NULL;
1628 DEBUG(10,("Entering sys_acl_init\n"));
1630 theacl = (struct acl_entry_link *)malloc(sizeof(struct acl_entry_link));
1631 if(theacl == NULL) {
1633 DEBUG(0,("Error in sys_acl_init is %d\n",errno));
1638 theacl->nextp = NULL;
1639 theacl->prevp = NULL;
1640 theacl->entryp = NULL;
1641 DEBUG(10,("Exiting sys_acl_init\n"));
1645 int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
1647 struct acl_entry_link *theacl;
1648 struct acl_entry_link *acl_entryp;
1649 struct acl_entry_link *temp_entry;
1652 DEBUG(10,("Entering the sys_acl_create_entry\n"));
1654 theacl = acl_entryp = *pacl;
1656 /* Get to the end of the acl before adding entry */
1658 for(counting=0; counting < theacl->count; counting++){
1659 DEBUG(10,("The acl_entryp is %d\n",acl_entryp));
1660 temp_entry = acl_entryp;
1661 acl_entryp = acl_entryp->nextp;
1664 if(theacl->count != 0){
1665 temp_entry->nextp = acl_entryp = (struct acl_entry_link *)malloc(sizeof(struct acl_entry_link));
1666 if(acl_entryp == NULL) {
1668 DEBUG(0,("Error in sys_acl_create_entry is %d\n",errno));
1672 DEBUG(10,("The acl_entryp is %d\n",acl_entryp));
1673 acl_entryp->prevp = temp_entry;
1674 DEBUG(10,("The acl_entryp->prevp is %d\n",acl_entryp->prevp));
1677 *pentry = acl_entryp->entryp = (struct new_acl_entry *)malloc(sizeof(struct new_acl_entry));
1678 if(*pentry == NULL) {
1680 DEBUG(0,("Error in sys_acl_create_entry is %d\n",errno));
1684 memset(*pentry,0,sizeof(struct new_acl_entry));
1685 acl_entryp->entryp->ace_len = sizeof(struct acl_entry);
1686 acl_entryp->entryp->ace_type = ACC_PERMIT;
1687 acl_entryp->entryp->ace_id->id_len = sizeof(struct ace_id);
1688 acl_entryp->nextp = NULL;
1690 DEBUG(10,("Exiting sys_acl_create_entry\n"));
1694 int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype)
1696 DEBUG(10,("Starting AIX sys_acl_set_tag_type\n"));
1697 entry->ace_id->id_type = tagtype;
1698 DEBUG(10,("The tag type is %d\n",entry->ace_id->id_type));
1699 DEBUG(10,("Ending AIX sys_acl_set_tag_type\n"));
1702 int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual)
1704 DEBUG(10,("Starting AIX sys_acl_set_qualifier\n"));
1705 memcpy(entry->ace_id->id_data,qual,sizeof(uid_t));
1706 DEBUG(10,("Ending AIX sys_acl_set_qualifier\n"));
1710 int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset)
1712 DEBUG(10,("Starting AIX sys_acl_set_permset\n"));
1713 if(!(*permset & S_IXUSR) &&
1714 !(*permset & S_IWUSR) &&
1715 !(*permset & S_IRUSR) &&
1719 entry->ace_access = *permset;
1720 DEBUG(10,("entry->ace_access = %d\n",entry->ace_access));
1721 DEBUG(10,("Ending AIX sys_acl_set_permset\n"));
1725 int sys_acl_valid( SMB_ACL_T theacl )
1730 struct acl_entry_link *acl_entry;
1732 for(acl_entry=theacl; acl_entry != NULL; acl_entry = acl_entry->nextp) {
1733 user_obj += (acl_entry->entryp->ace_id->id_type == SMB_ACL_USER_OBJ);
1734 group_obj += (acl_entry->entryp->ace_id->id_type == SMB_ACL_GROUP_OBJ);
1735 other_obj += (acl_entry->entryp->ace_id->id_type == SMB_ACL_OTHER);
1738 DEBUG(10,("user_obj=%d, group_obj=%d, other_obj=%d\n",user_obj,group_obj,other_obj));
1740 if(user_obj != 1 || group_obj != 1 || other_obj != 1)
1746 int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
1748 struct acl_entry_link *acl_entry_link = NULL;
1749 struct acl *file_acl = NULL;
1750 struct acl *file_acl_temp = NULL;
1751 struct acl_entry *acl_entry = NULL;
1752 struct ace_id *ace_id = NULL;
1759 DEBUG(10,("Entering sys_acl_set_file\n"));
1760 DEBUG(10,("File name is %s\n",name));
1762 /* AIX has no default ACL */
1763 if(acltype == SMB_ACL_TYPE_DEFAULT)
1766 acl_length = BUFSIZ;
1767 file_acl = (struct acl *)malloc(BUFSIZ);
1769 if(file_acl == NULL) {
1771 DEBUG(0,("Error in sys_acl_set_file is %d\n",errno));
1775 memset(file_acl,0,BUFSIZ);
1777 file_acl->acl_len = ACL_SIZ;
1778 file_acl->acl_mode = S_IXACL;
1780 for(acl_entry_link=theacl; acl_entry_link != NULL; acl_entry_link = acl_entry_link->nextp) {
1781 acl_entry_link->entryp->ace_access >>= 6;
1782 id_type = acl_entry_link->entryp->ace_id->id_type;
1785 case SMB_ACL_USER_OBJ:
1786 file_acl->u_access = acl_entry_link->entryp->ace_access;
1788 case SMB_ACL_GROUP_OBJ:
1789 file_acl->g_access = acl_entry_link->entryp->ace_access;
1792 file_acl->o_access = acl_entry_link->entryp->ace_access;
1798 if((file_acl->acl_len + sizeof(struct acl_entry)) > acl_length) {
1799 acl_length += sizeof(struct acl_entry);
1800 file_acl_temp = (struct acl *)malloc(acl_length);
1801 if(file_acl_temp == NULL) {
1804 DEBUG(0,("Error in sys_acl_set_file is %d\n",errno));
1808 memcpy(file_acl_temp,file_acl,file_acl->acl_len);
1810 file_acl = file_acl_temp;
1813 acl_entry = (struct acl_entry *)((char *)file_acl + file_acl->acl_len);
1814 file_acl->acl_len += sizeof(struct acl_entry);
1815 acl_entry->ace_len = acl_entry_link->entryp->ace_len;
1816 acl_entry->ace_access = acl_entry_link->entryp->ace_access;
1818 /* In order to use this, we'll need to wait until we can get denies */
1819 /* if(!acl_entry->ace_access && acl_entry->ace_type == ACC_PERMIT)
1820 acl_entry->ace_type = ACC_SPECIFY; */
1822 acl_entry->ace_type = ACC_SPECIFY;
1824 ace_id = acl_entry->ace_id;
1826 ace_id->id_type = acl_entry_link->entryp->ace_id->id_type;
1827 DEBUG(10,("The id type is %d\n",ace_id->id_type));
1828 ace_id->id_len = acl_entry_link->entryp->ace_id->id_len;
1829 memcpy(&user_id, acl_entry_link->entryp->ace_id->id_data, sizeof(uid_t));
1830 memcpy(acl_entry->ace_id->id_data, &user_id, sizeof(uid_t));
1833 rc = chacl(name,file_acl,file_acl->acl_len);
1834 DEBUG(10,("errno is %d\n",errno));
1835 DEBUG(10,("return code is %d\n",rc));
1837 DEBUG(10,("Exiting the sys_acl_set_file\n"));
1841 int sys_acl_set_fd( int fd, SMB_ACL_T theacl)
1843 struct acl_entry_link *acl_entry_link = NULL;
1844 struct acl *file_acl = NULL;
1845 struct acl *file_acl_temp = NULL;
1846 struct acl_entry *acl_entry = NULL;
1847 struct ace_id *ace_id = NULL;
1853 DEBUG(10,("Entering sys_acl_set_fd\n"));
1854 acl_length = BUFSIZ;
1855 file_acl = (struct acl *)malloc(BUFSIZ);
1857 if(file_acl == NULL) {
1859 DEBUG(0,("Error in sys_acl_set_fd is %d\n",errno));
1863 memset(file_acl,0,BUFSIZ);
1865 file_acl->acl_len = ACL_SIZ;
1866 file_acl->acl_mode = S_IXACL;
1868 for(acl_entry_link=theacl; acl_entry_link != NULL; acl_entry_link = acl_entry_link->nextp) {
1869 acl_entry_link->entryp->ace_access >>= 6;
1870 id_type = acl_entry_link->entryp->ace_id->id_type;
1871 DEBUG(10,("The id_type is %d\n",id_type));
1874 case SMB_ACL_USER_OBJ:
1875 file_acl->u_access = acl_entry_link->entryp->ace_access;
1877 case SMB_ACL_GROUP_OBJ:
1878 file_acl->g_access = acl_entry_link->entryp->ace_access;
1881 file_acl->o_access = acl_entry_link->entryp->ace_access;
1887 if((file_acl->acl_len + sizeof(struct acl_entry)) > acl_length) {
1888 acl_length += sizeof(struct acl_entry);
1889 file_acl_temp = (struct acl *)malloc(acl_length);
1890 if(file_acl_temp == NULL) {
1893 DEBUG(0,("Error in sys_acl_set_fd is %d\n",errno));
1897 memcpy(file_acl_temp,file_acl,file_acl->acl_len);
1899 file_acl = file_acl_temp;
1902 acl_entry = (struct acl_entry *)((char *)file_acl + file_acl->acl_len);
1903 file_acl->acl_len += sizeof(struct acl_entry);
1904 acl_entry->ace_len = acl_entry_link->entryp->ace_len;
1905 acl_entry->ace_access = acl_entry_link->entryp->ace_access;
1907 /* In order to use this, we'll need to wait until we can get denies */
1908 /* if(!acl_entry->ace_access && acl_entry->ace_type == ACC_PERMIT)
1909 acl_entry->ace_type = ACC_SPECIFY; */
1911 acl_entry->ace_type = ACC_SPECIFY;
1913 ace_id = acl_entry->ace_id;
1915 ace_id->id_type = acl_entry_link->entryp->ace_id->id_type;
1916 DEBUG(10,("The id type is %d\n",ace_id->id_type));
1917 ace_id->id_len = acl_entry_link->entryp->ace_id->id_len;
1918 memcpy(&user_id, acl_entry_link->entryp->ace_id->id_data, sizeof(uid_t));
1919 memcpy(ace_id->id_data, &user_id, sizeof(uid_t));
1922 rc = fchacl(fd,file_acl,file_acl->acl_len);
1923 DEBUG(10,("errno is %d\n",errno));
1924 DEBUG(10,("return code is %d\n",rc));
1926 DEBUG(10,("Exiting sys_acl_set_fd\n"));
1930 int sys_acl_delete_def_file(const char *name)
1932 /* AIX has no default ACL */
1936 int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
1938 return(*permset & perm);
1941 int sys_acl_free_text(char *text)
1946 int sys_acl_free_acl(SMB_ACL_T posix_acl)
1948 struct acl_entry_link *acl_entry_link;
1950 for(acl_entry_link = posix_acl->nextp; acl_entry_link->nextp != NULL; acl_entry_link = acl_entry_link->nextp) {
1951 free(acl_entry_link->prevp->entryp);
1952 free(acl_entry_link->prevp);
1955 free(acl_entry_link->prevp->entryp);
1956 free(acl_entry_link->prevp);
1957 free(acl_entry_link->entryp);
1958 free(acl_entry_link);
1963 int sys_acl_free_qualifier(void *qual)
1968 #else /* No ACLs. */
1970 int sys_acl_get_entry( SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
1976 int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
1982 int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
1988 void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d)
1994 SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type)
1997 return (SMB_ACL_T)NULL;
2000 SMB_ACL_T sys_acl_get_fd(int fd)
2003 return (SMB_ACL_T)NULL;
2006 int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset)
2012 int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
2018 int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
2021 return (permset & perm) ? 1 : 0;
2024 char *sys_acl_to_text( SMB_ACL_T the_acl, ssize_t *plen)
2030 int sys_acl_free_text(char *text)
2036 SMB_ACL_T sys_acl_init( int count)
2042 int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
2048 int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype)
2054 int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual)
2060 int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset)
2066 int sys_acl_valid( SMB_ACL_T theacl )
2072 int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
2078 int sys_acl_set_fd( int fd, SMB_ACL_T theacl)
2084 int sys_acl_delete_def_file(const char *name)
2090 int sys_acl_free_acl(SMB_ACL_T the_acl)
2096 int sys_acl_free_qualifier(void *qual)
2102 #endif /* No ACLs. */
git.samba.org / ira / wip.git / blob