2 Unix SMB/Netbios implementation.
4 Samba system utilities for ACL support.
5 Copyright (C) Jeremy Allison 2000.
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 extern int DEBUGLEVEL;
27 This file wraps all differing system ACL interfaces into a consistent
28 one based on the POSIX interface. It also returns the correct errors
29 for older UNIX systems that don't support ACLs.
31 The interfaces that each ACL implementation must support are as follows :
33 int sys_acl_get_entry( SMB_ACL_T theacl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
34 int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
35 int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p
36 void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d)
37 SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type)
38 SMB_ACL_T sys_acl_get_fd(int fd)
39 int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset);
40 int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm);
41 char *sys_acl_to_text( SMB_ACL_T theacl, ssize_t *plen)
42 SMB_ACL_T sys_acl_init( int count)
43 int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
44 int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype)
45 int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual)
46 int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset)
47 int sys_acl_valid( SMB_ACL_T theacl )
48 int sys_acl_set_file( char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
49 int sys_acl_set_fd( int fd, SMB_ACL_T theacl)
51 This next one is not POSIX complient - but we *have* to have it !
52 More POSIX braindamage.
54 int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
56 The generic POSIX free is the following call. We split this into
57 several different free functions as we may need to add tag info
58 to structures when emulating the POSIX interface.
60 int sys_acl_free( void *obj_p)
62 The calls we actually use are :
64 int sys_acl_free_text(char *text) - free acl_to_text
65 int sys_acl_free_acl(SMB_ACL_T posix_acl)
69 #if defined(HAVE_POSIX_ACLS)
71 /* Identity mapping - easy. */
73 int sys_acl_get_entry( SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
75 return acl_get_entry( the_acl, entry_id, entry_p);
78 int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
80 return acl_get_tag_type( entry_d, tag_type_p);
83 int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
85 return acl_get_permset( entry_d, permset_p);
88 void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d)
90 return acl_get_qualifier( entry_d);
93 SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type)
95 return acl_get_file( path_p, type);
98 SMB_ACL_T sys_acl_get_fd(int fd)
100 return acl_get_fd(fd);
103 int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset)
105 return acl_clear_perms(permset);
108 int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
110 return acl_add_perm(permset, perm);
113 int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
115 return acl_get_perm(permset, perm);
118 char *sys_acl_to_text( SMB_ACL_T the_acl, ssize_t *plen)
120 return acl_to_text( the_acl, plen);
123 SMB_ACL_T sys_acl_init( int count)
125 return acl_init(count);
128 int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
130 return acl_create_entry(pacl, pentry);
133 int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype)
135 return acl_set_tag_type(entry, tagtype);
138 int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual)
140 return acl_set_qualifier(entry, qual);
143 int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset)
145 return acl_set_permset(entry, permset);
148 int sys_acl_valid( SMB_ACL_T theacl )
150 return acl_valid(theacl);
153 int sys_acl_set_file( char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
155 return acl_set_file(name, acltype, theacl);
158 int sys_acl_set_fd( int fd, SMB_ACL_T theacl)
160 return acl_set_fd(fd, theacl);
163 int sys_acl_free_text(char *text)
165 return acl_free(text);
168 int sys_acl_free_acl(SMB_ACL_T the_acl)
170 return acl_free(the_acl);
173 #elif defined(HAVE_UNIXWARE_ACLS) || defined(HAVE_SOLARIS_ACLS)
176 * Donated by Michael Davidson <md@sco.COM> for UnixWare / OpenUNIX.
177 * Modified by Toomas Soome <tsoome@ut.ee> for Solaris.
181 * Note that while this code implements sufficient functionality
182 * to support the sys_acl_* interfaces it does not provide all
183 * of the semantics of the POSIX ACL interfaces.
185 * In particular, an ACL entry descriptor (SMB_ACL_ENTRY_T) returned
186 * from a call to sys_acl_get_entry() should not be assumed to be
187 * valid after calling any of the following functions, which may
188 * reorder the entries in the ACL.
196 * The only difference between Solaris and UnixWare / OpenUNIX is
197 * that the #defines for the ACL operations have different names
199 #if defined(HAVE_UNIXWARE_ACLS)
201 #define SETACL ACL_SET
202 #define GETACL ACL_GET
203 #define GETACLCNT ACL_CNT
208 int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p)
210 if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) {
215 if (entry_p == NULL) {
220 if (entry_id == SMB_ACL_FIRST_ENTRY) {
224 if (acl_d->next < 0) {
229 if (acl_d->next >= acl_d->count) {
233 *entry_p = &acl_d->acl[acl_d->next++];
238 int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p)
240 *type_p = entry_d->a_type;
245 int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
247 *permset_p = &entry_d->a_perm;
252 void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d)
254 if (entry_d->a_type != SMB_ACL_USER
255 && entry_d->a_type != SMB_ACL_GROUP) {
260 return &entry_d->a_id;
264 * There is no way of knowing what size the ACL returned by
265 * GETACL will be unless you first call GETACLCNT which means
266 * making an additional system call.
268 * In the hope of avoiding the cost of the additional system
269 * call in most cases, we initially allocate enough space for
270 * an ACL with INITIAL_ACL_SIZE entries. If this turns out to
271 * be too small then we use GETACLCNT to find out the actual
272 * size, reallocate the ACL buffer, and then call GETACL again.
275 #define INITIAL_ACL_SIZE 16
277 SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type)
280 int count; /* # of ACL entries allocated */
281 int naccess; /* # of access ACL entries */
282 int ndefault; /* # of default ACL entries */
284 if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) {
289 count = INITIAL_ACL_SIZE;
290 if ((acl_d = sys_acl_init(count)) == NULL) {
295 * If there isn't enough space for the ACL entries we use
296 * GETACLCNT to determine the actual number of ACL entries
297 * reallocate and try again. This is in a loop because it
298 * is possible that someone else could modify the ACL and
299 * increase the number of entries between the call to
300 * GETACLCNT and the call to GETACL.
302 while ((count = acl(path_p, GETACL, count, &acl_d->acl[0])) < 0
303 && errno == ENOSPC) {
305 if ((count = acl(path_p, GETACLCNT, 0, NULL)) < 0) {
309 sys_acl_free_acl(acl_d);
311 if ((acl_d = sys_acl_init(count)) == NULL) {
321 * calculate the number of access and default ACL entries
323 * Note: we assume that the acl() system call returned a
324 * well formed ACL which is sorted so that all of the
325 * access ACL entries preceed any default ACL entries
327 for (naccess = 0; naccess < count; naccess++) {
328 if (acl_d->acl[naccess].a_type & ACL_DEFAULT)
331 ndefault = count - naccess;
334 * if the caller wants the default ACL we have to copy
335 * the entries down to the start of the acl[] buffer
336 * and mask out the ACL_DEFAULT flag from the type field
338 if (type == SMB_ACL_TYPE_DEFAULT) {
341 for (i = 0, j = naccess; i < ndefault; i++, j++) {
342 acl_d->acl[i] = acl_d->acl[j];
343 acl_d->acl[i].a_type &= ~ACL_DEFAULT;
346 acl_d->count = ndefault;
348 acl_d->count = naccess;
354 SMB_ACL_T sys_acl_get_fd(int fd)
357 int count; /* # of ACL entries allocated */
358 int naccess; /* # of access ACL entries */
360 count = INITIAL_ACL_SIZE;
361 if ((acl_d = sys_acl_init(count)) == NULL) {
365 while ((count = facl(fd, GETACL, count, &acl_d->acl[0])) < 0
366 && errno == ENOSPC) {
368 if ((count = facl(fd, GETACLCNT, 0, NULL)) < 0) {
372 sys_acl_free_acl(acl_d);
374 if ((acl_d = sys_acl_init(count)) == NULL) {
384 * calculate the number of access ACL entries
386 for (naccess = 0; naccess < count; naccess++) {
387 if (acl_d->acl[naccess].a_type & ACL_DEFAULT)
391 acl_d->count = naccess;
396 int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d)
403 int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
405 if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE
406 && perm != SMB_ACL_EXECUTE) {
411 if (permset_d == NULL) {
421 int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
423 return *permset_d & perm;
426 char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p)
433 * use an initial estimate of 20 bytes per ACL entry
434 * when allocating memory for the text representation
438 maxlen = 20 * acl_d->count;
439 if ((text = malloc(maxlen)) == NULL) {
444 for (i = 0; i < acl_d->count; i++) {
445 struct acl *ap = &acl_d->acl[i];
455 switch (ap->a_type) {
457 * for debugging purposes it's probably more
458 * useful to dump unknown tag types rather
459 * than just returning an error
462 slprintf(tagbuf, sizeof(tagbuf)-1, "0x%x",
465 slprintf(idbuf, sizeof(idbuf)-1, "%ld",
471 if ((pw = sys_getpwuid(ap->a_id)) == NULL) {
472 slprintf(idbuf, sizeof(idbuf)-1, "%ld",
478 case SMB_ACL_USER_OBJ:
483 if ((gr = getgrgid(ap->a_id)) == NULL) {
484 slprintf(idbuf, sizeof(idbuf)-1, "%ld",
490 case SMB_ACL_GROUP_OBJ:
504 perms[0] = (ap->a_perm & SMB_ACL_READ) ? 'r' : '-';
505 perms[1] = (ap->a_perm & SMB_ACL_WRITE) ? 'w' : '-';
506 perms[2] = (ap->a_perm & SMB_ACL_EXECUTE) ? 'x' : '-';
509 /* <tag> : <qualifier> : rwx \n \0 */
510 nbytes = strlen(tag) + 1 + strlen(id) + 1 + 3 + 1 + 1;
513 * If this entry would overflow the buffer
514 * allocate enough additional memory for this
515 * entry and an estimate of another 20 bytes
516 * for each entry still to be processed
518 if ((len + nbytes) > maxlen) {
519 char *oldtext = text;
521 maxlen += nbytes + 20 * (acl_d->count - i);
523 if ((text = realloc(oldtext, maxlen)) == NULL) {
530 slprintf(&text[len], nbytes-1, "%s:%s:%s\n", tag, id, perms);
540 SMB_ACL_T sys_acl_init(int count)
550 * note that since the definition of the structure pointed
551 * to by the SMB_ACL_T includes the first element of the
552 * acl[] array, this actually allocates an ACL with room
553 * for (count+1) entries
555 if ((a = malloc(sizeof(*a) + count * sizeof(struct acl))) == NULL) {
568 int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p)
571 SMB_ACL_ENTRY_T entry_d;
573 if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) {
578 if (acl_d->count >= acl_d->size) {
583 entry_d = &acl_d->acl[acl_d->count++];
592 int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type)
596 case SMB_ACL_USER_OBJ:
598 case SMB_ACL_GROUP_OBJ:
601 entry_d->a_type = tag_type;
611 int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p)
613 if (entry_d->a_type != SMB_ACL_GROUP
614 && entry_d->a_type != SMB_ACL_USER) {
619 entry_d->a_id = *((id_t *)qual_p);
624 int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d)
626 if (*permset_d & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) {
630 entry_d->a_perm = *permset_d;
635 int sys_acl_valid(SMB_ACL_T acl_d)
637 if (aclsort(acl_d->count, 0, acl_d->acl) != 0) {
645 int sys_acl_set_file(char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d)
650 struct acl *acl_buf = NULL;
653 if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) {
658 if (stat(name, &s) != 0) {
662 acl_p = &acl_d->acl[0];
663 acl_count = acl_d->count;
666 * if it's a directory there is extra work to do
667 * since the acl() system call will replace both
668 * the access ACLs and the default ACLs (if any)
670 if (S_ISDIR(s.st_mode)) {
676 if (type == SMB_ACL_TYPE_ACCESS) {
679 tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_DEFAULT);
684 tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_ACCESS);
687 if (tmp_acl == NULL) {
692 * allocate a temporary buffer for the complete ACL
694 acl_count = acc_acl->count + def_acl->count;
696 acl_buf = malloc(acl_count * sizeof(acl_buf[0]));
698 if (acl_buf == NULL) {
699 sys_acl_free_acl(tmp_acl);
705 * copy the access control and default entries into the buffer
707 memcpy(&acl_buf[0], &acc_acl->acl[0],
708 acc_acl->count * sizeof(acl_buf[0]));
710 memcpy(&acl_buf[acc_acl->count], &def_acl->acl[0],
711 def_acl->count * sizeof(acl_buf[0]));
714 * set the ACL_DEFAULT flag on the default entries
716 for (i = acc_acl->count; i < acl_count; i++) {
717 acl_buf[i].a_type |= ACL_DEFAULT;
720 sys_acl_free_acl(tmp_acl);
722 } else if (type != SMB_ACL_TYPE_ACCESS) {
727 if (aclsort(acl_count, 0, acl_p) != 0) {
731 ret = acl(name, SETACL, acl_count, acl_p);
741 int sys_acl_set_fd(int fd, SMB_ACL_T acl_d)
743 if (aclsort(acl_d->count, 0, acl_d->acl) != 0) {
748 return facl(fd, SETACL, acl_d->count, &acl_d->acl[0]);
751 int sys_acl_free_text(char *text)
757 int sys_acl_free_acl(SMB_ACL_T acl_d)
763 #elif defined(HAVE_IRIX_ACLS)
765 int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p)
767 if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) {
772 if (entry_p == NULL) {
777 if (entry_id == SMB_ACL_FIRST_ENTRY) {
781 if (acl_d->next < 0) {
786 if (acl_d->next >= acl_d->aclp->acl_cnt) {
790 *entry_p = &acl_d->aclp->acl_entry[acl_d->next++];
795 int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p)
797 *type_p = entry_d->ae_tag;
802 int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
804 *permset_p = entry_d;
809 void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d)
811 if (entry_d->ae_tag != SMB_ACL_USER
812 && entry_d->ae_tag != SMB_ACL_GROUP) {
817 return &entry_d->ae_id;
820 SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type)
824 if ((a = malloc(sizeof(*a))) == NULL) {
828 if ((a->aclp = acl_get_file(path_p, type)) == NULL) {
837 SMB_ACL_T sys_acl_get_fd(int fd)
841 if ((a = malloc(sizeof(*a))) == NULL) {
845 if ((a->aclp = acl_get_fd(fd)) == NULL) {
854 int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d)
856 permset_d->ae_perm = 0;
861 int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
863 if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE
864 && perm != SMB_ACL_EXECUTE) {
869 if (permset_d == NULL) {
874 permset_d->ae_perm |= perm;
879 int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
881 return permset_d->ae_perm & perm;
884 char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p)
886 return acl_to_text(acl_d->aclp, len_p);
889 SMB_ACL_T sys_acl_init(int count)
898 if ((a = malloc(sizeof(*a) + sizeof(struct acl))) == NULL) {
905 a->aclp = (struct acl *)(&a->aclp + sizeof(struct acl *));
906 a->aclp->acl_cnt = 0;
912 int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p)
915 SMB_ACL_ENTRY_T entry_d;
917 if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) {
922 if (acl_d->aclp->acl_cnt >= ACL_MAX_ENTRIES) {
927 entry_d = &acl_d->aclp->acl_entry[acl_d->aclp->acl_cnt++];
930 entry_d->ae_perm = 0;
936 int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type)
940 case SMB_ACL_USER_OBJ:
942 case SMB_ACL_GROUP_OBJ:
945 entry_d->ae_tag = tag_type;
955 int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p)
957 if (entry_d->ae_tag != SMB_ACL_GROUP
958 && entry_d->ae_tag != SMB_ACL_USER) {
963 entry_d->ae_id = *((id_t *)qual_p);
968 int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d)
970 if (permset_d->ae_perm & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) {
974 entry_d->ae_perm = permset_d->ae_perm;
979 int sys_acl_valid(SMB_ACL_T acl_d)
981 return acl_valid(acl_d->aclp);
984 int sys_acl_set_file(char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d)
986 return acl_set_file(name, type, acl_d->aclp);
989 int sys_acl_set_fd(int fd, SMB_ACL_T acl_d)
991 return acl_set_fd(fd, acl_d->aclp);
994 int sys_acl_free_text(char *text)
996 return acl_free(text);
999 int sys_acl_free_acl(SMB_ACL_T acl_d)
1001 if (acl_d->freeaclp) {
1002 acl_free(acl_d->aclp);
1008 #elif defined(HAVE_XFS_ACLS)
1009 /* For Linux SGI/XFS Filesystems
1010 * contributed by J Trostel, Connex
1013 /* based on the implementation for Solaris by Toomas Soome.. which is
1014 * based on the implementation by Micheal Davidson for Unixware...
1016 * Linux XFS is a 'work-in-progress'
1017 * This interface may change...
1018 * You've been warned ;-> */
1020 /* First, do the identity mapping */
1022 int sys_acl_get_entry( SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
1024 if( acl_get_entry( the_acl, entry_id, entry_p) >= 0) {
1032 SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type)
1034 return acl_get_file( path_p, type);
1037 SMB_ACL_T sys_acl_get_fd(int fd)
1039 return acl_get_fd(fd);
1042 char *sys_acl_to_text( SMB_ACL_T the_acl, ssize_t *plen)
1044 return acl_to_text( the_acl, plen);
1047 int sys_acl_valid( SMB_ACL_T theacl )
1049 return acl_valid(theacl);
1052 int sys_acl_set_file( char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
1054 return acl_set_file(name, acltype, theacl);
1057 int sys_acl_set_fd( int fd, SMB_ACL_T theacl)
1059 return acl_set_fd(fd, theacl);
1062 /* Now the functions I need to define for XFS */
1064 int sys_acl_create_entry( SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p)
1073 if((*acl_p == NULL) || (ace == NULL)){
1079 if( (cnt + 1) > ACL_MAX_ENTRIES ){
1084 newacl = (acl_t)malloc(sizeof(struct acl));
1091 newacl->acl_entry[cnt] = *ace;
1092 newacl->acl_cnt = cnt + 1;
1096 *entry_p = &newacl->acl_entry[cnt];
1101 int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
1103 *tag_type_p = entry_d->ae_tag;
1107 int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
1109 *permset_p = &entry_d->ae_perm;
1113 void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d)
1115 if (entry_d->ae_tag != SMB_ACL_USER
1116 && entry_d->ae_tag != SMB_ACL_GROUP) {
1120 return &entry_d->ae_id;
1123 int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset)
1129 int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
1131 return (*permset & perm);
1134 int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
1137 // TO DO: Add in ALL possible permissions here
1138 // TO DO: Include extended ones!!
1140 if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE && perm != SMB_ACL_EXECUTE) {
1145 if(permset == NULL) {
1155 SMB_ACL_T sys_acl_init( int count)
1158 if((count > ACL_MAX_ENTRIES) || (count < 0)) {
1163 a = (struct acl *)malloc(sizeof(struct acl)); // where is this memory freed?
1169 int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type)
1174 case SMB_ACL_USER_OBJ:
1176 case SMB_ACL_GROUP_OBJ:
1179 entry_d->ae_tag = tag_type;
1188 int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry_d, void *qual_p)
1190 if(entry_d->ae_tag != SMB_ACL_GROUP &&
1191 entry_d->ae_tag != SMB_ACL_USER) {
1196 entry_d->ae_id = *((uid_t *)qual_p);
1201 int sys_acl_set_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d)
1203 // TO DO: expand to extended permissions eventually!
1205 if(*permset_d & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) {
1212 int sys_acl_free_text(char *text)
1214 return acl_free(text);
1217 int sys_acl_free_acl(SMB_ACL_T the_acl)
1219 return acl_free(the_acl);
1223 #else /* No ACLs. */
1225 int sys_acl_get_entry( SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
1231 int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
1237 int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
1243 void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d)
1249 SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type)
1252 return (SMB_ACL_T)NULL;
1255 SMB_ACL_T sys_acl_get_fd(int fd)
1258 return (SMB_ACL_T)NULL;
1261 int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset)
1267 int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
1273 int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
1276 return (permset & perm) ? 1 : 0;
1279 char *sys_acl_to_text( SMB_ACL_T the_acl, ssize_t *plen)
1285 int sys_acl_free_text(char *text)
1291 SMB_ACL_T sys_acl_init( int count)
1297 int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
1303 int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype)
1309 int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual)
1315 int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset)
1321 int sys_acl_valid( SMB_ACL_T theacl )
1327 int sys_acl_set_file( char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
1333 int sys_acl_set_fd( int fd, SMB_ACL_T theacl)
1339 int sys_acl_free_acl(SMB_ACL_T the_acl)
1344 #endif /* No ACLs. */
git.samba.org / kai / samba.git / blob