2 Unix SMB/CIFS implementation.
3 Samba system utilities for ACL support.
4 Copyright (C) Jeremy Allison 2000.
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 This file wraps all differing system ACL interfaces into a consistent
25 one based on the POSIX interface. It also returns the correct errors
26 for older UNIX systems that don't support ACLs.
28 The interfaces that each ACL implementation must support are as follows :
30 int sys_acl_get_entry( SMB_ACL_T theacl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
31 int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
32 int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p
33 void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d)
34 SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type)
35 SMB_ACL_T sys_acl_get_fd(int fd)
36 int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset);
37 int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm);
38 char *sys_acl_to_text( SMB_ACL_T theacl, ssize_t *plen)
39 SMB_ACL_T sys_acl_init( int count)
40 int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
41 int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype)
42 int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual)
43 int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset)
44 int sys_acl_valid( SMB_ACL_T theacl )
45 int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
46 int sys_acl_set_fd( int fd, SMB_ACL_T theacl)
47 int sys_acl_delete_def_file(const char *path)
49 This next one is not POSIX complient - but we *have* to have it !
50 More POSIX braindamage.
52 int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
54 The generic POSIX free is the following call. We split this into
55 several different free functions as we may need to add tag info
56 to structures when emulating the POSIX interface.
58 int sys_acl_free( void *obj_p)
60 The calls we actually use are :
62 int sys_acl_free_text(char *text) - free acl_to_text
63 int sys_acl_free_acl(SMB_ACL_T posix_acl)
64 int sys_acl_free_qualifier(void *qualifier, SMB_ACL_TAG_T tagtype)
68 #if defined(HAVE_POSIX_ACLS)
70 /* Identity mapping - easy. */
72 int sys_acl_get_entry( SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
74 return acl_get_entry( the_acl, entry_id, entry_p);
77 int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
79 return acl_get_tag_type( entry_d, tag_type_p);
82 int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
84 return acl_get_permset( entry_d, permset_p);
87 void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d)
89 return acl_get_qualifier( entry_d);
92 SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type)
94 return acl_get_file( path_p, type);
97 SMB_ACL_T sys_acl_get_fd(int fd)
99 return acl_get_fd(fd);
102 int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset)
104 return acl_clear_perms(permset);
107 int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
109 return acl_add_perm(permset, perm);
112 int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
114 #if defined(HAVE_ACL_GET_PERM_NP)
116 * Required for TrustedBSD-based ACL implementations where
117 * non-POSIX.1e functions are denoted by a _np (non-portable)
120 return acl_get_perm_np(permset, perm);
122 return acl_get_perm(permset, perm);
126 char *sys_acl_to_text( SMB_ACL_T the_acl, ssize_t *plen)
128 return acl_to_text( the_acl, plen);
131 SMB_ACL_T sys_acl_init( int count)
133 return acl_init(count);
136 int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
138 return acl_create_entry(pacl, pentry);
141 int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype)
143 return acl_set_tag_type(entry, tagtype);
146 int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual)
148 return acl_set_qualifier(entry, qual);
151 int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset)
153 return acl_set_permset(entry, permset);
156 int sys_acl_valid( SMB_ACL_T theacl )
158 return acl_valid(theacl);
161 int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
163 return acl_set_file(name, acltype, theacl);
166 int sys_acl_set_fd( int fd, SMB_ACL_T theacl)
168 return acl_set_fd(fd, theacl);
171 int sys_acl_delete_def_file(const char *name)
173 return acl_delete_def_file(name);
176 int sys_acl_free_text(char *text)
178 return acl_free(text);
181 int sys_acl_free_acl(SMB_ACL_T the_acl)
183 return acl_free(the_acl);
186 int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype)
188 return acl_free(qual);
191 #elif defined(HAVE_TRU64_ACLS)
193 * The interface to DEC/Compaq Tru64 UNIX ACLs
194 * is based on Draft 13 of the POSIX spec which is
195 * slightly different from the Draft 16 interface.
197 * Also, some of the permset manipulation functions
198 * such as acl_clear_perm() and acl_add_perm() appear
199 * to be broken on Tru64 so we have to manipulate
200 * the permission bits in the permset directly.
202 int sys_acl_get_entry( SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
204 SMB_ACL_ENTRY_T entry;
206 if (entry_id == SMB_ACL_FIRST_ENTRY && acl_first_entry(the_acl) != 0) {
211 if ((entry = acl_get_entry(the_acl)) != NULL) {
216 return errno ? -1 : 0;
219 int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
221 return acl_get_tag_type( entry_d, tag_type_p);
224 int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
226 return acl_get_permset( entry_d, permset_p);
229 void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d)
231 return acl_get_qualifier( entry_d);
234 SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type)
236 return acl_get_file((char *)path_p, type);
239 SMB_ACL_T sys_acl_get_fd(int fd)
241 return acl_get_fd(fd, ACL_TYPE_ACCESS);
244 int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset)
246 *permset = 0; /* acl_clear_perm() is broken on Tru64 */
251 int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
253 if (perm & ~(SMB_ACL_READ | SMB_ACL_WRITE | SMB_ACL_EXECUTE)) {
258 *permset |= perm; /* acl_add_perm() is broken on Tru64 */
263 int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
265 return *permset & perm; /* Tru64 doesn't have acl_get_perm() */
268 char *sys_acl_to_text( SMB_ACL_T the_acl, ssize_t *plen)
270 return acl_to_text( the_acl, plen);
273 SMB_ACL_T sys_acl_init( int count)
275 return acl_init(count);
278 int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
280 SMB_ACL_ENTRY_T entry;
282 if ((entry = acl_create_entry(pacl)) == NULL) {
290 int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype)
292 return acl_set_tag_type(entry, tagtype);
295 int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual)
297 return acl_set_qualifier(entry, qual);
300 int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset)
302 return acl_set_permset(entry, permset);
305 int sys_acl_valid( SMB_ACL_T theacl )
309 return acl_valid(theacl, &entry);
312 int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
314 return acl_set_file((char *)name, acltype, theacl);
317 int sys_acl_set_fd( int fd, SMB_ACL_T theacl)
319 return acl_set_fd(fd, ACL_TYPE_ACCESS, theacl);
322 int sys_acl_delete_def_file(const char *name)
324 return acl_delete_def_file((char *)name);
327 int sys_acl_free_text(char *text)
330 * (void) cast and explicit return 0 are for DEC UNIX
331 * which just #defines acl_free_text() to be free()
333 (void) acl_free_text(text);
337 int sys_acl_free_acl(SMB_ACL_T the_acl)
339 return acl_free(the_acl);
342 int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype)
344 return acl_free_qualifier(qual, tagtype);
347 #elif defined(HAVE_UNIXWARE_ACLS) || defined(HAVE_SOLARIS_ACLS)
350 * Donated by Michael Davidson <md@sco.COM> for UnixWare / OpenUNIX.
351 * Modified by Toomas Soome <tsoome@ut.ee> for Solaris.
355 * Note that while this code implements sufficient functionality
356 * to support the sys_acl_* interfaces it does not provide all
357 * of the semantics of the POSIX ACL interfaces.
359 * In particular, an ACL entry descriptor (SMB_ACL_ENTRY_T) returned
360 * from a call to sys_acl_get_entry() should not be assumed to be
361 * valid after calling any of the following functions, which may
362 * reorder the entries in the ACL.
370 * The only difference between Solaris and UnixWare / OpenUNIX is
371 * that the #defines for the ACL operations have different names
373 #if defined(HAVE_UNIXWARE_ACLS)
375 #define SETACL ACL_SET
376 #define GETACL ACL_GET
377 #define GETACLCNT ACL_CNT
382 int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p)
384 if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) {
389 if (entry_p == NULL) {
394 if (entry_id == SMB_ACL_FIRST_ENTRY) {
398 if (acl_d->next < 0) {
403 if (acl_d->next >= acl_d->count) {
407 *entry_p = &acl_d->acl[acl_d->next++];
412 int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p)
414 *type_p = entry_d->a_type;
419 int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
421 *permset_p = &entry_d->a_perm;
426 void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d)
428 if (entry_d->a_type != SMB_ACL_USER
429 && entry_d->a_type != SMB_ACL_GROUP) {
434 return &entry_d->a_id;
438 * There is no way of knowing what size the ACL returned by
439 * GETACL will be unless you first call GETACLCNT which means
440 * making an additional system call.
442 * In the hope of avoiding the cost of the additional system
443 * call in most cases, we initially allocate enough space for
444 * an ACL with INITIAL_ACL_SIZE entries. If this turns out to
445 * be too small then we use GETACLCNT to find out the actual
446 * size, reallocate the ACL buffer, and then call GETACL again.
449 #define INITIAL_ACL_SIZE 16
451 SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type)
454 int count; /* # of ACL entries allocated */
455 int naccess; /* # of access ACL entries */
456 int ndefault; /* # of default ACL entries */
458 if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) {
463 count = INITIAL_ACL_SIZE;
464 if ((acl_d = sys_acl_init(count)) == NULL) {
469 * If there isn't enough space for the ACL entries we use
470 * GETACLCNT to determine the actual number of ACL entries
471 * reallocate and try again. This is in a loop because it
472 * is possible that someone else could modify the ACL and
473 * increase the number of entries between the call to
474 * GETACLCNT and the call to GETACL.
476 while ((count = acl(path_p, GETACL, count, &acl_d->acl[0])) < 0
477 && errno == ENOSPC) {
479 sys_acl_free_acl(acl_d);
481 if ((count = acl(path_p, GETACLCNT, 0, NULL)) < 0) {
485 if ((acl_d = sys_acl_init(count)) == NULL) {
491 sys_acl_free_acl(acl_d);
496 * calculate the number of access and default ACL entries
498 * Note: we assume that the acl() system call returned a
499 * well formed ACL which is sorted so that all of the
500 * access ACL entries preceed any default ACL entries
502 for (naccess = 0; naccess < count; naccess++) {
503 if (acl_d->acl[naccess].a_type & ACL_DEFAULT)
506 ndefault = count - naccess;
509 * if the caller wants the default ACL we have to copy
510 * the entries down to the start of the acl[] buffer
511 * and mask out the ACL_DEFAULT flag from the type field
513 if (type == SMB_ACL_TYPE_DEFAULT) {
516 for (i = 0, j = naccess; i < ndefault; i++, j++) {
517 acl_d->acl[i] = acl_d->acl[j];
518 acl_d->acl[i].a_type &= ~ACL_DEFAULT;
521 acl_d->count = ndefault;
523 acl_d->count = naccess;
529 SMB_ACL_T sys_acl_get_fd(int fd)
532 int count; /* # of ACL entries allocated */
533 int naccess; /* # of access ACL entries */
535 count = INITIAL_ACL_SIZE;
536 if ((acl_d = sys_acl_init(count)) == NULL) {
540 while ((count = facl(fd, GETACL, count, &acl_d->acl[0])) < 0
541 && errno == ENOSPC) {
543 sys_acl_free_acl(acl_d);
545 if ((count = facl(fd, GETACLCNT, 0, NULL)) < 0) {
549 if ((acl_d = sys_acl_init(count)) == NULL) {
555 sys_acl_free_acl(acl_d);
560 * calculate the number of access ACL entries
562 for (naccess = 0; naccess < count; naccess++) {
563 if (acl_d->acl[naccess].a_type & ACL_DEFAULT)
567 acl_d->count = naccess;
572 int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d)
579 int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
581 if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE
582 && perm != SMB_ACL_EXECUTE) {
587 if (permset_d == NULL) {
597 int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
599 return *permset_d & perm;
602 char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p)
609 * use an initial estimate of 20 bytes per ACL entry
610 * when allocating memory for the text representation
614 maxlen = 20 * acl_d->count;
615 if ((text = malloc(maxlen)) == NULL) {
620 for (i = 0; i < acl_d->count; i++) {
621 struct acl *ap = &acl_d->acl[i];
631 switch (ap->a_type) {
633 * for debugging purposes it's probably more
634 * useful to dump unknown tag types rather
635 * than just returning an error
638 slprintf(tagbuf, sizeof(tagbuf)-1, "0x%x",
641 slprintf(idbuf, sizeof(idbuf)-1, "%ld",
647 id = uidtoname(ap->a_id);
648 case SMB_ACL_USER_OBJ:
653 if ((gr = getgrgid(ap->a_id)) == NULL) {
654 slprintf(idbuf, sizeof(idbuf)-1, "%ld",
660 case SMB_ACL_GROUP_OBJ:
674 perms[0] = (ap->a_perm & SMB_ACL_READ) ? 'r' : '-';
675 perms[1] = (ap->a_perm & SMB_ACL_WRITE) ? 'w' : '-';
676 perms[2] = (ap->a_perm & SMB_ACL_EXECUTE) ? 'x' : '-';
679 /* <tag> : <qualifier> : rwx \n \0 */
680 nbytes = strlen(tag) + 1 + strlen(id) + 1 + 3 + 1 + 1;
683 * If this entry would overflow the buffer
684 * allocate enough additional memory for this
685 * entry and an estimate of another 20 bytes
686 * for each entry still to be processed
688 if ((len + nbytes) > maxlen) {
689 char *oldtext = text;
691 maxlen += nbytes + 20 * (acl_d->count - i);
693 if ((text = Realloc(oldtext, maxlen)) == NULL) {
700 slprintf(&text[len], nbytes-1, "%s:%s:%s\n", tag, id, perms);
710 SMB_ACL_T sys_acl_init(int count)
720 * note that since the definition of the structure pointed
721 * to by the SMB_ACL_T includes the first element of the
722 * acl[] array, this actually allocates an ACL with room
723 * for (count+1) entries
725 if ((a = malloc(sizeof(*a) + count * sizeof(struct acl))) == NULL) {
738 int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p)
741 SMB_ACL_ENTRY_T entry_d;
743 if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) {
748 if (acl_d->count >= acl_d->size) {
753 entry_d = &acl_d->acl[acl_d->count++];
762 int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type)
766 case SMB_ACL_USER_OBJ:
768 case SMB_ACL_GROUP_OBJ:
771 entry_d->a_type = tag_type;
781 int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p)
783 if (entry_d->a_type != SMB_ACL_GROUP
784 && entry_d->a_type != SMB_ACL_USER) {
789 entry_d->a_id = *((id_t *)qual_p);
794 int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d)
796 if (*permset_d & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) {
800 entry_d->a_perm = *permset_d;
806 * sort the ACL and check it for validity
808 * if it's a minimal ACL with only 4 entries then we
809 * need to recalculate the mask permissions to make
810 * sure that they are the same as the GROUP_OBJ
811 * permissions as required by the UnixWare acl() system call.
813 * (note: since POSIX allows minimal ACLs which only contain
814 * 3 entries - ie there is no mask entry - we should, in theory,
815 * check for this and add a mask entry if necessary - however
816 * we "know" that the caller of this interface always specifies
817 * a mask so, in practice "this never happens" (tm) - if it *does*
818 * happen aclsort() will fail and return an error and someone will
819 * have to fix it ...)
822 static int acl_sort(SMB_ACL_T acl_d)
824 int fixmask = (acl_d->count <= 4);
826 if (aclsort(acl_d->count, fixmask, acl_d->acl) != 0) {
833 int sys_acl_valid(SMB_ACL_T acl_d)
835 return acl_sort(acl_d);
838 int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d)
843 struct acl *acl_buf = NULL;
846 if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) {
851 if (acl_sort(acl_d) != 0) {
855 acl_p = &acl_d->acl[0];
856 acl_count = acl_d->count;
859 * if it's a directory there is extra work to do
860 * since the acl() system call will replace both
861 * the access ACLs and the default ACLs (if any)
863 if (stat(name, &s) != 0) {
866 if (S_ISDIR(s.st_mode)) {
872 if (type == SMB_ACL_TYPE_ACCESS) {
874 def_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_DEFAULT);
878 acc_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_ACCESS);
881 if (tmp_acl == NULL) {
886 * allocate a temporary buffer for the complete ACL
888 acl_count = acc_acl->count + def_acl->count;
889 acl_p = acl_buf = malloc(acl_count * sizeof(acl_buf[0]));
891 if (acl_buf == NULL) {
892 sys_acl_free_acl(tmp_acl);
898 * copy the access control and default entries into the buffer
900 memcpy(&acl_buf[0], &acc_acl->acl[0],
901 acc_acl->count * sizeof(acl_buf[0]));
903 memcpy(&acl_buf[acc_acl->count], &def_acl->acl[0],
904 def_acl->count * sizeof(acl_buf[0]));
907 * set the ACL_DEFAULT flag on the default entries
909 for (i = acc_acl->count; i < acl_count; i++) {
910 acl_buf[i].a_type |= ACL_DEFAULT;
913 sys_acl_free_acl(tmp_acl);
915 } else if (type != SMB_ACL_TYPE_ACCESS) {
920 ret = acl(name, SETACL, acl_count, acl_p);
927 int sys_acl_set_fd(int fd, SMB_ACL_T acl_d)
929 if (acl_sort(acl_d) != 0) {
933 return facl(fd, SETACL, acl_d->count, &acl_d->acl[0]);
936 int sys_acl_delete_def_file(const char *path)
942 * fetching the access ACL and rewriting it has
943 * the effect of deleting the default ACL
945 if ((acl_d = sys_acl_get_file(path, SMB_ACL_TYPE_ACCESS)) == NULL) {
949 ret = acl(path, SETACL, acl_d->count, acl_d->acl);
951 sys_acl_free_acl(acl_d);
956 int sys_acl_free_text(char *text)
962 int sys_acl_free_acl(SMB_ACL_T acl_d)
968 int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype)
973 #elif defined(HAVE_HPUX_ACLS)
977 * Based on the Solaris/SCO code - with modifications.
981 * Note that while this code implements sufficient functionality
982 * to support the sys_acl_* interfaces it does not provide all
983 * of the semantics of the POSIX ACL interfaces.
985 * In particular, an ACL entry descriptor (SMB_ACL_ENTRY_T) returned
986 * from a call to sys_acl_get_entry() should not be assumed to be
987 * valid after calling any of the following functions, which may
988 * reorder the entries in the ACL.
995 /* This checks if the POSIX ACL system call is defined */
996 /* which basically corresponds to whether JFS 3.3 or */
997 /* higher is installed. If acl() was called when it */
998 /* isn't defined, it causes the process to core dump */
999 /* so it is important to check this and avoid acl() */
1000 /* calls if it isn't there. */
1002 static BOOL hpux_acl_call_presence(void)
1005 shl_t handle = NULL;
1008 static BOOL already_checked=0;
1014 ret_val = shl_findsym(&handle, "acl", TYPE_PROCEDURE, &value);
1017 DEBUG(5, ("hpux_acl_call_presence: shl_findsym() returned %d, errno = %d, error %s\n",
1018 ret_val, errno, strerror(errno)));
1019 DEBUG(5,("hpux_acl_call_presence: acl() system call is not present. Check if you have JFS 3.3 and above?\n"));
1023 DEBUG(10,("hpux_acl_call_presence: acl() system call is present. We have JFS 3.3 or above \n"));
1025 already_checked = True;
1029 int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p)
1031 if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) {
1036 if (entry_p == NULL) {
1041 if (entry_id == SMB_ACL_FIRST_ENTRY) {
1045 if (acl_d->next < 0) {
1050 if (acl_d->next >= acl_d->count) {
1054 *entry_p = &acl_d->acl[acl_d->next++];
1059 int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p)
1061 *type_p = entry_d->a_type;
1066 int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
1068 *permset_p = &entry_d->a_perm;
1073 void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d)
1075 if (entry_d->a_type != SMB_ACL_USER
1076 && entry_d->a_type != SMB_ACL_GROUP) {
1081 return &entry_d->a_id;
1085 * There is no way of knowing what size the ACL returned by
1086 * ACL_GET will be unless you first call ACL_CNT which means
1087 * making an additional system call.
1089 * In the hope of avoiding the cost of the additional system
1090 * call in most cases, we initially allocate enough space for
1091 * an ACL with INITIAL_ACL_SIZE entries. If this turns out to
1092 * be too small then we use ACL_CNT to find out the actual
1093 * size, reallocate the ACL buffer, and then call ACL_GET again.
1096 #define INITIAL_ACL_SIZE 16
1098 SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type)
1101 int count; /* # of ACL entries allocated */
1102 int naccess; /* # of access ACL entries */
1103 int ndefault; /* # of default ACL entries */
1105 if(hpux_acl_call_presence() == False) {
1106 /* Looks like we don't have the acl() system call on HPUX.
1107 * May be the system doesn't have the latest version of JFS.
1112 if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) {
1117 count = INITIAL_ACL_SIZE;
1118 if ((acl_d = sys_acl_init(count)) == NULL) {
1123 * If there isn't enough space for the ACL entries we use
1124 * ACL_CNT to determine the actual number of ACL entries
1125 * reallocate and try again. This is in a loop because it
1126 * is possible that someone else could modify the ACL and
1127 * increase the number of entries between the call to
1128 * ACL_CNT and the call to ACL_GET.
1130 while ((count = acl(path_p, ACL_GET, count, &acl_d->acl[0])) < 0 && errno == ENOSPC) {
1132 sys_acl_free_acl(acl_d);
1134 if ((count = acl(path_p, ACL_CNT, 0, NULL)) < 0) {
1138 if ((acl_d = sys_acl_init(count)) == NULL) {
1144 sys_acl_free_acl(acl_d);
1149 * calculate the number of access and default ACL entries
1151 * Note: we assume that the acl() system call returned a
1152 * well formed ACL which is sorted so that all of the
1153 * access ACL entries preceed any default ACL entries
1155 for (naccess = 0; naccess < count; naccess++) {
1156 if (acl_d->acl[naccess].a_type & ACL_DEFAULT)
1159 ndefault = count - naccess;
1162 * if the caller wants the default ACL we have to copy
1163 * the entries down to the start of the acl[] buffer
1164 * and mask out the ACL_DEFAULT flag from the type field
1166 if (type == SMB_ACL_TYPE_DEFAULT) {
1169 for (i = 0, j = naccess; i < ndefault; i++, j++) {
1170 acl_d->acl[i] = acl_d->acl[j];
1171 acl_d->acl[i].a_type &= ~ACL_DEFAULT;
1174 acl_d->count = ndefault;
1176 acl_d->count = naccess;
1182 SMB_ACL_T sys_acl_get_fd(int fd)
1185 * HPUX doesn't have the facl call. Fake it using the path.... JRA.
1188 files_struct *fsp = file_find_fd(fd);
1196 * We know we're in the same conn context. So we
1197 * can use the relative path.
1200 return sys_acl_get_file(fsp->fsp_name, SMB_ACL_TYPE_ACCESS);
1203 int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d)
1210 int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
1212 if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE
1213 && perm != SMB_ACL_EXECUTE) {
1218 if (permset_d == NULL) {
1228 int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
1230 return *permset_d & perm;
1233 char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p)
1240 * use an initial estimate of 20 bytes per ACL entry
1241 * when allocating memory for the text representation
1245 maxlen = 20 * acl_d->count;
1246 if ((text = malloc(maxlen)) == NULL) {
1251 for (i = 0; i < acl_d->count; i++) {
1252 struct acl *ap = &acl_d->acl[i];
1262 switch (ap->a_type) {
1264 * for debugging purposes it's probably more
1265 * useful to dump unknown tag types rather
1266 * than just returning an error
1269 slprintf(tagbuf, sizeof(tagbuf)-1, "0x%x",
1272 slprintf(idbuf, sizeof(idbuf)-1, "%ld",
1278 id = uidtoname(ap->a_id);
1279 case SMB_ACL_USER_OBJ:
1284 if ((gr = getgrgid(ap->a_id)) == NULL) {
1285 slprintf(idbuf, sizeof(idbuf)-1, "%ld",
1291 case SMB_ACL_GROUP_OBJ:
1305 perms[0] = (ap->a_perm & SMB_ACL_READ) ? 'r' : '-';
1306 perms[1] = (ap->a_perm & SMB_ACL_WRITE) ? 'w' : '-';
1307 perms[2] = (ap->a_perm & SMB_ACL_EXECUTE) ? 'x' : '-';
1310 /* <tag> : <qualifier> : rwx \n \0 */
1311 nbytes = strlen(tag) + 1 + strlen(id) + 1 + 3 + 1 + 1;
1314 * If this entry would overflow the buffer
1315 * allocate enough additional memory for this
1316 * entry and an estimate of another 20 bytes
1317 * for each entry still to be processed
1319 if ((len + nbytes) > maxlen) {
1320 char *oldtext = text;
1322 maxlen += nbytes + 20 * (acl_d->count - i);
1324 if ((text = Realloc(oldtext, maxlen)) == NULL) {
1331 slprintf(&text[len], nbytes-1, "%s:%s:%s\n", tag, id, perms);
1341 SMB_ACL_T sys_acl_init(int count)
1351 * note that since the definition of the structure pointed
1352 * to by the SMB_ACL_T includes the first element of the
1353 * acl[] array, this actually allocates an ACL with room
1354 * for (count+1) entries
1356 if ((a = malloc(sizeof(*a) + count * sizeof(struct acl))) == NULL) {
1361 a->size = count + 1;
1369 int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p)
1372 SMB_ACL_ENTRY_T entry_d;
1374 if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) {
1379 if (acl_d->count >= acl_d->size) {
1384 entry_d = &acl_d->acl[acl_d->count++];
1385 entry_d->a_type = 0;
1387 entry_d->a_perm = 0;
1393 int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type)
1397 case SMB_ACL_USER_OBJ:
1399 case SMB_ACL_GROUP_OBJ:
1402 entry_d->a_type = tag_type;
1412 int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p)
1414 if (entry_d->a_type != SMB_ACL_GROUP
1415 && entry_d->a_type != SMB_ACL_USER) {
1420 entry_d->a_id = *((id_t *)qual_p);
1425 int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d)
1427 if (*permset_d & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) {
1431 entry_d->a_perm = *permset_d;
1436 /* Structure to capture the count for each type of ACE. */
1438 struct hpux_acl_types {
1447 int n_def_group_obj;
1451 int n_def_other_obj;
1454 int n_def_class_obj;
1460 * Counts the different number of objects in a given array of ACL
1464 * acl_count - Count of ACLs in the array of ACL strucutres.
1465 * aclp - Array of ACL structures.
1466 * acl_type_count - Pointer to acl_types structure. Should already be
1470 * acl_type_count - This structure is filled up with counts of various
1474 static int hpux_count_obj(int acl_count, struct acl *aclp, struct hpux_acl_types *acl_type_count)
1478 memset(acl_type_count, 0, sizeof(struct hpux_acl_types));
1480 for(i=0;i<acl_count;i++) {
1481 switch(aclp[i].a_type) {
1483 acl_type_count->n_user++;
1486 acl_type_count->n_user_obj++;
1489 acl_type_count->n_def_user_obj++;
1492 acl_type_count->n_group++;
1495 acl_type_count->n_group_obj++;
1498 acl_type_count->n_def_group_obj++;
1501 acl_type_count->n_other_obj++;
1504 acl_type_count->n_def_other_obj++;
1507 acl_type_count->n_class_obj++;
1510 acl_type_count->n_def_class_obj++;
1513 acl_type_count->n_def_user++;
1516 acl_type_count->n_def_group++;
1519 acl_type_count->n_illegal_obj++;
1525 /* swap_acl_entries: Swaps two ACL entries.
1527 * Inputs: aclp0, aclp1 - ACL entries to be swapped.
1530 static void hpux_swap_acl_entries(struct acl *aclp0, struct acl *aclp1)
1532 struct acl temp_acl;
1534 temp_acl.a_type = aclp0->a_type;
1535 temp_acl.a_id = aclp0->a_id;
1536 temp_acl.a_perm = aclp0->a_perm;
1538 aclp0->a_type = aclp1->a_type;
1539 aclp0->a_id = aclp1->a_id;
1540 aclp0->a_perm = aclp1->a_perm;
1542 aclp1->a_type = temp_acl.a_type;
1543 aclp1->a_id = temp_acl.a_id;
1544 aclp1->a_perm = temp_acl.a_perm;
1547 /* prohibited_duplicate_type
1548 * Identifies if given ACL type can have duplicate entries or
1551 * Inputs: acl_type - ACL Type.
1557 * True - If the ACL type matches any of the prohibited types.
1558 * False - If the ACL type doesn't match any of the prohibited types.
1561 static BOOL hpux_prohibited_duplicate_type(int acl_type)
1574 /* get_needed_class_perm
1575 * Returns the permissions of a ACL structure only if the ACL
1576 * type matches one of the pre-determined types for computing
1577 * CLASS_OBJ permissions.
1579 * Inputs: aclp - Pointer to ACL structure.
1582 static int hpux_get_needed_class_perm(struct acl *aclp)
1584 switch(aclp->a_type) {
1594 return aclp->a_perm;
1600 /* acl_sort for HPUX.
1601 * Sorts the array of ACL structures as per the description in
1602 * aclsort man page. Refer to aclsort man page for more details
1606 * acl_count - Count of ACLs in the array of ACL structures.
1607 * calclass - If this is not zero, then we compute the CLASS_OBJ
1609 * aclp - Array of ACL structures.
1613 * aclp - Sorted array of ACL structures.
1617 * Returns 0 for success -1 for failure. Prints a message to the Samba
1618 * debug log in case of failure.
1621 static int hpux_acl_sort(int acl_count, int calclass, struct acl *aclp)
1623 #if !defined(HAVE_HPUX_ACLSORT)
1625 * The aclsort() system call is availabe on the latest HPUX General
1626 * Patch Bundles. So for HPUX, we developed our version of acl_sort
1627 * function. Because, we don't want to update to a new
1628 * HPUX GR bundle just for aclsort() call.
1631 struct hpux_acl_types acl_obj_count;
1632 int n_class_obj_perm = 0;
1636 DEBUG(10,("Zero acl count passed. Returning Success\n"));
1641 DEBUG(0,("Null ACL pointer in hpux_acl_sort. Returning Failure. \n"));
1645 /* Count different types of ACLs in the ACLs array */
1647 hpux_count_obj(acl_count, aclp, &acl_obj_count);
1649 /* There should be only one entry each of type USER_OBJ, GROUP_OBJ,
1650 * CLASS_OBJ and OTHER_OBJ
1653 if( (acl_obj_count.n_user_obj != 1) ||
1654 (acl_obj_count.n_group_obj != 1) ||
1655 (acl_obj_count.n_class_obj != 1) ||
1656 (acl_obj_count.n_other_obj != 1)
1658 DEBUG(0,("hpux_acl_sort: More than one entry or no entries for \
1659 USER OBJ or GROUP_OBJ or OTHER_OBJ or CLASS_OBJ\n"));
1663 /* If any of the default objects are present, there should be only
1667 if( (acl_obj_count.n_def_user_obj > 1) || (acl_obj_count.n_def_group_obj > 1) ||
1668 (acl_obj_count.n_def_other_obj > 1) || (acl_obj_count.n_def_class_obj > 1) ) {
1669 DEBUG(0,("hpux_acl_sort: More than one entry for DEF_CLASS_OBJ \
1670 or DEF_USER_OBJ or DEF_GROUP_OBJ or DEF_OTHER_OBJ\n"));
1674 /* We now have proper number of OBJ and DEF_OBJ entries. Now sort the acl
1677 * Sorting crieteria - First sort by ACL type. If there are multiple entries of
1678 * same ACL type, sort by ACL id.
1680 * I am using the trival kind of sorting method here because, performance isn't
1681 * really effected by the ACLs feature. More over there aren't going to be more
1682 * than 17 entries on HPUX.
1685 for(i=0; i<acl_count;i++) {
1686 for (j=i+1; j<acl_count; j++) {
1687 if( aclp[i].a_type > aclp[j].a_type ) {
1688 /* ACL entries out of order, swap them */
1690 hpux_swap_acl_entries((aclp+i), (aclp+j));
1692 } else if ( aclp[i].a_type == aclp[j].a_type ) {
1694 /* ACL entries of same type, sort by id */
1696 if(aclp[i].a_id > aclp[j].a_id) {
1697 hpux_swap_acl_entries((aclp+i), (aclp+j));
1698 } else if (aclp[i].a_id == aclp[j].a_id) {
1699 /* We have a duplicate entry. */
1700 if(hpux_prohibited_duplicate_type(aclp[i].a_type)) {
1701 DEBUG(0, ("hpux_acl_sort: Duplicate entry: Type(hex): %x Id: %d\n",
1702 aclp[i].a_type, aclp[i].a_id));
1711 /* set the class obj permissions to the computed one. */
1713 int n_class_obj_index = -1;
1715 for(i=0;i<acl_count;i++) {
1716 n_class_obj_perm |= hpux_get_needed_class_perm((aclp+i));
1718 if(aclp[i].a_type == CLASS_OBJ)
1719 n_class_obj_index = i;
1721 aclp[n_class_obj_index].a_perm = n_class_obj_perm;
1726 return aclsort(acl_count, calclass, aclp);
1731 * sort the ACL and check it for validity
1733 * if it's a minimal ACL with only 4 entries then we
1734 * need to recalculate the mask permissions to make
1735 * sure that they are the same as the GROUP_OBJ
1736 * permissions as required by the UnixWare acl() system call.
1738 * (note: since POSIX allows minimal ACLs which only contain
1739 * 3 entries - ie there is no mask entry - we should, in theory,
1740 * check for this and add a mask entry if necessary - however
1741 * we "know" that the caller of this interface always specifies
1742 * a mask so, in practice "this never happens" (tm) - if it *does*
1743 * happen aclsort() will fail and return an error and someone will
1744 * have to fix it ...)
1747 static int acl_sort(SMB_ACL_T acl_d)
1749 int fixmask = (acl_d->count <= 4);
1751 if (hpux_acl_sort(acl_d->count, fixmask, acl_d->acl) != 0) {
1758 int sys_acl_valid(SMB_ACL_T acl_d)
1760 return acl_sort(acl_d);
1763 int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d)
1768 struct acl *acl_buf = NULL;
1771 if(hpux_acl_call_presence() == False) {
1772 /* Looks like we don't have the acl() system call on HPUX.
1773 * May be the system doesn't have the latest version of JFS.
1779 if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) {
1784 if (acl_sort(acl_d) != 0) {
1788 acl_p = &acl_d->acl[0];
1789 acl_count = acl_d->count;
1792 * if it's a directory there is extra work to do
1793 * since the acl() system call will replace both
1794 * the access ACLs and the default ACLs (if any)
1796 if (stat(name, &s) != 0) {
1799 if (S_ISDIR(s.st_mode)) {
1805 if (type == SMB_ACL_TYPE_ACCESS) {
1807 def_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_DEFAULT);
1811 acc_acl = tmp_acl = sys_acl_get_file(name, SMB_ACL_TYPE_ACCESS);
1814 if (tmp_acl == NULL) {
1819 * allocate a temporary buffer for the complete ACL
1821 acl_count = acc_acl->count + def_acl->count;
1822 acl_p = acl_buf = malloc(acl_count * sizeof(acl_buf[0]));
1824 if (acl_buf == NULL) {
1825 sys_acl_free_acl(tmp_acl);
1831 * copy the access control and default entries into the buffer
1833 memcpy(&acl_buf[0], &acc_acl->acl[0],
1834 acc_acl->count * sizeof(acl_buf[0]));
1836 memcpy(&acl_buf[acc_acl->count], &def_acl->acl[0],
1837 def_acl->count * sizeof(acl_buf[0]));
1840 * set the ACL_DEFAULT flag on the default entries
1842 for (i = acc_acl->count; i < acl_count; i++) {
1843 acl_buf[i].a_type |= ACL_DEFAULT;
1846 sys_acl_free_acl(tmp_acl);
1848 } else if (type != SMB_ACL_TYPE_ACCESS) {
1853 ret = acl(name, ACL_SET, acl_count, acl_p);
1862 int sys_acl_set_fd(int fd, SMB_ACL_T acl_d)
1865 * HPUX doesn't have the facl call. Fake it using the path.... JRA.
1868 files_struct *fsp = file_find_fd(fd);
1875 if (acl_sort(acl_d) != 0) {
1880 * We know we're in the same conn context. So we
1881 * can use the relative path.
1884 return sys_acl_set_file(fsp->fsp_name, SMB_ACL_TYPE_ACCESS, acl_d);
1887 int sys_acl_delete_def_file(const char *path)
1893 * fetching the access ACL and rewriting it has
1894 * the effect of deleting the default ACL
1896 if ((acl_d = sys_acl_get_file(path, SMB_ACL_TYPE_ACCESS)) == NULL) {
1900 ret = acl(path, ACL_SET, acl_d->count, acl_d->acl);
1902 sys_acl_free_acl(acl_d);
1907 int sys_acl_free_text(char *text)
1913 int sys_acl_free_acl(SMB_ACL_T acl_d)
1919 int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype)
1924 #elif defined(HAVE_IRIX_ACLS)
1926 int sys_acl_get_entry(SMB_ACL_T acl_d, int entry_id, SMB_ACL_ENTRY_T *entry_p)
1928 if (entry_id != SMB_ACL_FIRST_ENTRY && entry_id != SMB_ACL_NEXT_ENTRY) {
1933 if (entry_p == NULL) {
1938 if (entry_id == SMB_ACL_FIRST_ENTRY) {
1942 if (acl_d->next < 0) {
1947 if (acl_d->next >= acl_d->aclp->acl_cnt) {
1951 *entry_p = &acl_d->aclp->acl_entry[acl_d->next++];
1956 int sys_acl_get_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *type_p)
1958 *type_p = entry_d->ae_tag;
1963 int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
1965 *permset_p = entry_d;
1970 void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d)
1972 if (entry_d->ae_tag != SMB_ACL_USER
1973 && entry_d->ae_tag != SMB_ACL_GROUP) {
1978 return &entry_d->ae_id;
1981 SMB_ACL_T sys_acl_get_file(const char *path_p, SMB_ACL_TYPE_T type)
1985 if ((a = malloc(sizeof(*a))) == NULL) {
1989 if ((a->aclp = acl_get_file(path_p, type)) == NULL) {
1998 SMB_ACL_T sys_acl_get_fd(int fd)
2002 if ((a = malloc(sizeof(*a))) == NULL) {
2006 if ((a->aclp = acl_get_fd(fd)) == NULL) {
2015 int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset_d)
2017 permset_d->ae_perm = 0;
2022 int sys_acl_add_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
2024 if (perm != SMB_ACL_READ && perm != SMB_ACL_WRITE
2025 && perm != SMB_ACL_EXECUTE) {
2030 if (permset_d == NULL) {
2035 permset_d->ae_perm |= perm;
2040 int sys_acl_get_perm(SMB_ACL_PERMSET_T permset_d, SMB_ACL_PERM_T perm)
2042 return permset_d->ae_perm & perm;
2045 char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p)
2047 return acl_to_text(acl_d->aclp, len_p);
2050 SMB_ACL_T sys_acl_init(int count)
2059 if ((a = malloc(sizeof(*a) + sizeof(struct acl))) == NULL) {
2065 a->freeaclp = False;
2066 a->aclp = (struct acl *)(&a->aclp + sizeof(struct acl *));
2067 a->aclp->acl_cnt = 0;
2073 int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p)
2076 SMB_ACL_ENTRY_T entry_d;
2078 if (acl_p == NULL || entry_p == NULL || (acl_d = *acl_p) == NULL) {
2083 if (acl_d->aclp->acl_cnt >= ACL_MAX_ENTRIES) {
2088 entry_d = &acl_d->aclp->acl_entry[acl_d->aclp->acl_cnt++];
2089 entry_d->ae_tag = 0;
2091 entry_d->ae_perm = 0;
2097 int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type)
2101 case SMB_ACL_USER_OBJ:
2103 case SMB_ACL_GROUP_OBJ:
2106 entry_d->ae_tag = tag_type;
2116 int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p)
2118 if (entry_d->ae_tag != SMB_ACL_GROUP
2119 && entry_d->ae_tag != SMB_ACL_USER) {
2124 entry_d->ae_id = *((id_t *)qual_p);
2129 int sys_acl_set_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T permset_d)
2131 if (permset_d->ae_perm & ~(SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE)) {
2135 entry_d->ae_perm = permset_d->ae_perm;
2140 int sys_acl_valid(SMB_ACL_T acl_d)
2142 return acl_valid(acl_d->aclp);
2145 int sys_acl_set_file(const char *name, SMB_ACL_TYPE_T type, SMB_ACL_T acl_d)
2147 return acl_set_file(name, type, acl_d->aclp);
2150 int sys_acl_set_fd(int fd, SMB_ACL_T acl_d)
2152 return acl_set_fd(fd, acl_d->aclp);
2155 int sys_acl_delete_def_file(const char *name)
2157 return acl_delete_def_file(name);
2160 int sys_acl_free_text(char *text)
2162 return acl_free(text);
2165 int sys_acl_free_acl(SMB_ACL_T acl_d)
2167 if (acl_d->freeaclp) {
2168 acl_free(acl_d->aclp);
2174 int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype)
2179 #elif defined(HAVE_AIX_ACLS)
2181 /* Donated by Medha Date, mdate@austin.ibm.com, for IBM */
2183 int sys_acl_get_entry( SMB_ACL_T theacl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
2185 struct acl_entry_link *link;
2186 struct new_acl_entry *entry;
2189 DEBUG(10,("This is the count: %d\n",theacl->count));
2191 /* Check if count was previously set to -1. *
2192 * If it was, that means we reached the end *
2193 * of the acl last time. */
2194 if(theacl->count == -1)
2198 /* To get to the next acl, traverse linked list until index *
2199 * of acl matches the count we are keeping. This count is *
2200 * incremented each time we return an acl entry. */
2202 for(keep_going = 0; keep_going < theacl->count; keep_going++)
2205 entry = *entry_p = link->entryp;
2207 DEBUG(10,("*entry_p is %d\n",entry_p));
2208 DEBUG(10,("*entry_p->ace_access is %d\n",entry->ace_access));
2210 /* Increment count */
2212 if(link->nextp == NULL)
2218 int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
2220 /* Initialize tag type */
2223 DEBUG(10,("the tagtype is %d\n",entry_d->ace_id->id_type));
2225 /* Depending on what type of entry we have, *
2226 * return tag type. */
2227 switch(entry_d->ace_id->id_type) {
2229 *tag_type_p = SMB_ACL_USER;
2232 *tag_type_p = SMB_ACL_GROUP;
2235 case SMB_ACL_USER_OBJ:
2236 case SMB_ACL_GROUP_OBJ:
2238 *tag_type_p = entry_d->ace_id->id_type;
2248 int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
2250 DEBUG(10,("Starting AIX sys_acl_get_permset\n"));
2251 *permset_p = &entry_d->ace_access;
2252 DEBUG(10,("**permset_p is %d\n",**permset_p));
2253 if(!(**permset_p & S_IXUSR) &&
2254 !(**permset_p & S_IWUSR) &&
2255 !(**permset_p & S_IRUSR) &&
2259 DEBUG(10,("Ending AIX sys_acl_get_permset\n"));
2263 void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d)
2265 return(entry_d->ace_id->id_data);
2268 SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type)
2270 struct acl *file_acl = (struct acl *)NULL;
2271 struct acl_entry *acl_entry;
2272 struct new_acl_entry *new_acl_entry;
2274 struct acl_entry_link *acl_entry_link;
2275 struct acl_entry_link *acl_entry_link_head;
2280 /* Get the acl using statacl */
2282 DEBUG(10,("Entering sys_acl_get_file\n"));
2283 DEBUG(10,("path_p is %s\n",path_p));
2285 file_acl = (struct acl *)malloc(BUFSIZ);
2287 if(file_acl == NULL) {
2289 DEBUG(0,("Error in AIX sys_acl_get_file: %d\n",errno));
2293 memset(file_acl,0,BUFSIZ);
2295 rc = statacl((char *)path_p,0,file_acl,BUFSIZ);
2297 DEBUG(0,("statacl returned %d with errno %d\n",rc,errno));
2298 SAFE_FREE(file_acl);
2302 DEBUG(10,("Got facl and returned it\n"));
2304 /* Point to the first acl entry in the acl */
2305 acl_entry = file_acl->acl_ext;
2307 /* Begin setting up the head of the linked list *
2308 * that will be used for the storing the acl *
2309 * in a way that is useful for the posix_acls.c *
2312 acl_entry_link_head = acl_entry_link = sys_acl_init(0);
2313 if(acl_entry_link_head == NULL)
2316 acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof(struct new_acl_entry));
2317 if(acl_entry_link->entryp == NULL) {
2318 SAFE_FREE(file_acl);
2320 DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno));
2324 DEBUG(10,("acl_entry is %d\n",acl_entry));
2325 DEBUG(10,("acl_last(file_acl) id %d\n",acl_last(file_acl)));
2327 /* Check if the extended acl bit is on. *
2328 * If it isn't, do not show the *
2329 * contents of the acl since AIX intends *
2330 * the extended info to remain unused */
2332 if(file_acl->acl_mode & S_IXACL){
2333 /* while we are not pointing to the very end */
2334 while(acl_entry < acl_last(file_acl)) {
2335 /* before we malloc anything, make sure this is */
2336 /* a valid acl entry and one that we want to map */
2337 idp = id_nxt(acl_entry->ace_id);
2338 if((acl_entry->ace_type == ACC_SPECIFY ||
2339 (acl_entry->ace_type == ACC_PERMIT)) && (idp != id_last(acl_entry))) {
2340 acl_entry = acl_nxt(acl_entry);
2344 idp = acl_entry->ace_id;
2346 /* Check if this is the first entry in the linked list. *
2347 * The first entry needs to keep prevp pointing to NULL *
2348 * and already has entryp allocated. */
2350 if(acl_entry_link_head->count != 0) {
2351 acl_entry_link->nextp = (struct acl_entry_link *)
2352 malloc(sizeof(struct acl_entry_link));
2354 if(acl_entry_link->nextp == NULL) {
2355 SAFE_FREE(file_acl);
2357 DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno));
2361 acl_entry_link->nextp->prevp = acl_entry_link;
2362 acl_entry_link = acl_entry_link->nextp;
2363 acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof(struct new_acl_entry));
2364 if(acl_entry_link->entryp == NULL) {
2365 SAFE_FREE(file_acl);
2367 DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno));
2370 acl_entry_link->nextp = NULL;
2373 acl_entry_link->entryp->ace_len = acl_entry->ace_len;
2375 /* Don't really need this since all types are going *
2376 * to be specified but, it's better than leaving it 0 */
2378 acl_entry_link->entryp->ace_type = acl_entry->ace_type;
2380 acl_entry_link->entryp->ace_access = acl_entry->ace_access;
2382 memcpy(acl_entry_link->entryp->ace_id,idp,sizeof(struct ace_id));
2384 /* The access in the acl entries must be left shifted by *
2385 * three bites, because they will ultimately be compared *
2386 * to S_IRUSR, S_IWUSR, and S_IXUSR. */
2388 switch(acl_entry->ace_type){
2391 acl_entry_link->entryp->ace_access = acl_entry->ace_access;
2392 acl_entry_link->entryp->ace_access <<= 6;
2393 acl_entry_link_head->count++;
2396 /* Since there is no way to return a DENY acl entry *
2397 * change to PERMIT and then shift. */
2398 DEBUG(10,("acl_entry->ace_access is %d\n",acl_entry->ace_access));
2399 acl_entry_link->entryp->ace_access = ~acl_entry->ace_access & 7;
2400 DEBUG(10,("acl_entry_link->entryp->ace_access is %d\n",acl_entry_link->entryp->ace_access));
2401 acl_entry_link->entryp->ace_access <<= 6;
2402 acl_entry_link_head->count++;
2408 DEBUG(10,("acl_entry = %d\n",acl_entry));
2409 DEBUG(10,("The ace_type is %d\n",acl_entry->ace_type));
2411 acl_entry = acl_nxt(acl_entry);
2413 } /* end of if enabled */
2415 /* Since owner, group, other acl entries are not *
2416 * part of the acl entries in an acl, they must *
2417 * be dummied up to become part of the list. */
2419 for( i = 1; i < 4; i++) {
2420 DEBUG(10,("i is %d\n",i));
2421 if(acl_entry_link_head->count != 0) {
2422 acl_entry_link->nextp = (struct acl_entry_link *)malloc(sizeof(struct acl_entry_link));
2423 if(acl_entry_link->nextp == NULL) {
2424 SAFE_FREE(file_acl);
2426 DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno));
2430 acl_entry_link->nextp->prevp = acl_entry_link;
2431 acl_entry_link = acl_entry_link->nextp;
2432 acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof(struct new_acl_entry));
2433 if(acl_entry_link->entryp == NULL) {
2434 SAFE_FREE(file_acl);
2436 DEBUG(0,("Error in AIX sys_acl_get_file is %d\n",errno));
2441 acl_entry_link->nextp = NULL;
2443 new_acl_entry = acl_entry_link->entryp;
2444 idp = new_acl_entry->ace_id;
2446 new_acl_entry->ace_len = sizeof(struct acl_entry);
2447 new_acl_entry->ace_type = ACC_PERMIT;
2448 idp->id_len = sizeof(struct ace_id);
2449 DEBUG(10,("idp->id_len = %d\n",idp->id_len));
2450 memset(idp->id_data,0,sizeof(uid_t));
2454 new_acl_entry->ace_access = file_acl->g_access << 6;
2455 idp->id_type = SMB_ACL_GROUP_OBJ;
2459 new_acl_entry->ace_access = file_acl->o_access << 6;
2460 idp->id_type = SMB_ACL_OTHER;
2464 new_acl_entry->ace_access = file_acl->u_access << 6;
2465 idp->id_type = SMB_ACL_USER_OBJ;
2473 acl_entry_link_head->count++;
2474 DEBUG(10,("new_acl_entry->ace_access = %d\n",new_acl_entry->ace_access));
2477 acl_entry_link_head->count = 0;
2478 SAFE_FREE(file_acl);
2480 return(acl_entry_link_head);
2483 SMB_ACL_T sys_acl_get_fd(int fd)
2485 struct acl *file_acl = (struct acl *)NULL;
2486 struct acl_entry *acl_entry;
2487 struct new_acl_entry *new_acl_entry;
2489 struct acl_entry_link *acl_entry_link;
2490 struct acl_entry_link *acl_entry_link_head;
2495 /* Get the acl using fstatacl */
2497 DEBUG(10,("Entering sys_acl_get_fd\n"));
2498 DEBUG(10,("fd is %d\n",fd));
2499 file_acl = (struct acl *)malloc(BUFSIZ);
2501 if(file_acl == NULL) {
2503 DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
2507 memset(file_acl,0,BUFSIZ);
2509 rc = fstatacl(fd,0,file_acl,BUFSIZ);
2511 DEBUG(0,("The fstatacl call returned %d with errno %d\n",rc,errno));
2512 SAFE_FREE(file_acl);
2516 DEBUG(10,("Got facl and returned it\n"));
2518 /* Point to the first acl entry in the acl */
2520 acl_entry = file_acl->acl_ext;
2521 /* Begin setting up the head of the linked list *
2522 * that will be used for the storing the acl *
2523 * in a way that is useful for the posix_acls.c *
2526 acl_entry_link_head = acl_entry_link = sys_acl_init(0);
2527 if(acl_entry_link_head == NULL){
2528 SAFE_FREE(file_acl);
2532 acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof(struct new_acl_entry));
2534 if(acl_entry_link->entryp == NULL) {
2536 DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
2537 SAFE_FREE(file_acl);
2541 DEBUG(10,("acl_entry is %d\n",acl_entry));
2542 DEBUG(10,("acl_last(file_acl) id %d\n",acl_last(file_acl)));
2544 /* Check if the extended acl bit is on. *
2545 * If it isn't, do not show the *
2546 * contents of the acl since AIX intends *
2547 * the extended info to remain unused */
2549 if(file_acl->acl_mode & S_IXACL){
2550 /* while we are not pointing to the very end */
2551 while(acl_entry < acl_last(file_acl)) {
2552 /* before we malloc anything, make sure this is */
2553 /* a valid acl entry and one that we want to map */
2555 idp = id_nxt(acl_entry->ace_id);
2556 if((acl_entry->ace_type == ACC_SPECIFY ||
2557 (acl_entry->ace_type == ACC_PERMIT)) && (idp != id_last(acl_entry))) {
2558 acl_entry = acl_nxt(acl_entry);
2562 idp = acl_entry->ace_id;
2564 /* Check if this is the first entry in the linked list. *
2565 * The first entry needs to keep prevp pointing to NULL *
2566 * and already has entryp allocated. */
2568 if(acl_entry_link_head->count != 0) {
2569 acl_entry_link->nextp = (struct acl_entry_link *)malloc(sizeof(struct acl_entry_link));
2570 if(acl_entry_link->nextp == NULL) {
2572 DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
2573 SAFE_FREE(file_acl);
2576 acl_entry_link->nextp->prevp = acl_entry_link;
2577 acl_entry_link = acl_entry_link->nextp;
2578 acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof(struct new_acl_entry));
2579 if(acl_entry_link->entryp == NULL) {
2581 DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
2582 SAFE_FREE(file_acl);
2586 acl_entry_link->nextp = NULL;
2589 acl_entry_link->entryp->ace_len = acl_entry->ace_len;
2591 /* Don't really need this since all types are going *
2592 * to be specified but, it's better than leaving it 0 */
2594 acl_entry_link->entryp->ace_type = acl_entry->ace_type;
2595 acl_entry_link->entryp->ace_access = acl_entry->ace_access;
2597 memcpy(acl_entry_link->entryp->ace_id, idp, sizeof(struct ace_id));
2599 /* The access in the acl entries must be left shifted by *
2600 * three bites, because they will ultimately be compared *
2601 * to S_IRUSR, S_IWUSR, and S_IXUSR. */
2603 switch(acl_entry->ace_type){
2606 acl_entry_link->entryp->ace_access = acl_entry->ace_access;
2607 acl_entry_link->entryp->ace_access <<= 6;
2608 acl_entry_link_head->count++;
2611 /* Since there is no way to return a DENY acl entry *
2612 * change to PERMIT and then shift. */
2613 DEBUG(10,("acl_entry->ace_access is %d\n",acl_entry->ace_access));
2614 acl_entry_link->entryp->ace_access = ~acl_entry->ace_access & 7;
2615 DEBUG(10,("acl_entry_link->entryp->ace_access is %d\n",acl_entry_link->entryp->ace_access));
2616 acl_entry_link->entryp->ace_access <<= 6;
2617 acl_entry_link_head->count++;
2623 DEBUG(10,("acl_entry = %d\n",acl_entry));
2624 DEBUG(10,("The ace_type is %d\n",acl_entry->ace_type));
2626 acl_entry = acl_nxt(acl_entry);
2628 } /* end of if enabled */
2630 /* Since owner, group, other acl entries are not *
2631 * part of the acl entries in an acl, they must *
2632 * be dummied up to become part of the list. */
2634 for( i = 1; i < 4; i++) {
2635 DEBUG(10,("i is %d\n",i));
2636 if(acl_entry_link_head->count != 0){
2637 acl_entry_link->nextp = (struct acl_entry_link *)malloc(sizeof(struct acl_entry_link));
2638 if(acl_entry_link->nextp == NULL) {
2640 DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
2641 SAFE_FREE(file_acl);
2645 acl_entry_link->nextp->prevp = acl_entry_link;
2646 acl_entry_link = acl_entry_link->nextp;
2647 acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof(struct new_acl_entry));
2649 if(acl_entry_link->entryp == NULL) {
2650 SAFE_FREE(file_acl);
2652 DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
2657 acl_entry_link->nextp = NULL;
2659 new_acl_entry = acl_entry_link->entryp;
2660 idp = new_acl_entry->ace_id;
2662 new_acl_entry->ace_len = sizeof(struct acl_entry);
2663 new_acl_entry->ace_type = ACC_PERMIT;
2664 idp->id_len = sizeof(struct ace_id);
2665 DEBUG(10,("idp->id_len = %d\n",idp->id_len));
2666 memset(idp->id_data,0,sizeof(uid_t));
2670 new_acl_entry->ace_access = file_acl->g_access << 6;
2671 idp->id_type = SMB_ACL_GROUP_OBJ;
2675 new_acl_entry->ace_access = file_acl->o_access << 6;
2676 idp->id_type = SMB_ACL_OTHER;
2680 new_acl_entry->ace_access = file_acl->u_access << 6;
2681 idp->id_type = SMB_ACL_USER_OBJ;
2688 acl_entry_link_head->count++;
2689 DEBUG(10,("new_acl_entry->ace_access = %d\n",new_acl_entry->ace_access));
2692 acl_entry_link_head->count = 0;
2693 SAFE_FREE(file_acl);
2695 return(acl_entry_link_head);
2698 int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset)
2700 *permset = *permset & ~0777;
2704 int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
2707 (perm & (S_IXUSR | S_IWUSR | S_IRUSR)) == 0)
2711 DEBUG(10,("This is the permset now: %d\n",*permset));
2715 char *sys_acl_to_text( SMB_ACL_T theacl, ssize_t *plen)
2720 SMB_ACL_T sys_acl_init( int count)
2722 struct acl_entry_link *theacl = NULL;
2724 DEBUG(10,("Entering sys_acl_init\n"));
2726 theacl = (struct acl_entry_link *)malloc(sizeof(struct acl_entry_link));
2727 if(theacl == NULL) {
2729 DEBUG(0,("Error in sys_acl_init is %d\n",errno));
2734 theacl->nextp = NULL;
2735 theacl->prevp = NULL;
2736 theacl->entryp = NULL;
2737 DEBUG(10,("Exiting sys_acl_init\n"));
2741 int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
2743 struct acl_entry_link *theacl;
2744 struct acl_entry_link *acl_entryp;
2745 struct acl_entry_link *temp_entry;
2748 DEBUG(10,("Entering the sys_acl_create_entry\n"));
2750 theacl = acl_entryp = *pacl;
2752 /* Get to the end of the acl before adding entry */
2754 for(counting=0; counting < theacl->count; counting++){
2755 DEBUG(10,("The acl_entryp is %d\n",acl_entryp));
2756 temp_entry = acl_entryp;
2757 acl_entryp = acl_entryp->nextp;
2760 if(theacl->count != 0){
2761 temp_entry->nextp = acl_entryp = (struct acl_entry_link *)malloc(sizeof(struct acl_entry_link));
2762 if(acl_entryp == NULL) {
2764 DEBUG(0,("Error in sys_acl_create_entry is %d\n",errno));
2768 DEBUG(10,("The acl_entryp is %d\n",acl_entryp));
2769 acl_entryp->prevp = temp_entry;
2770 DEBUG(10,("The acl_entryp->prevp is %d\n",acl_entryp->prevp));
2773 *pentry = acl_entryp->entryp = (struct new_acl_entry *)malloc(sizeof(struct new_acl_entry));
2774 if(*pentry == NULL) {
2776 DEBUG(0,("Error in sys_acl_create_entry is %d\n",errno));
2780 memset(*pentry,0,sizeof(struct new_acl_entry));
2781 acl_entryp->entryp->ace_len = sizeof(struct acl_entry);
2782 acl_entryp->entryp->ace_type = ACC_PERMIT;
2783 acl_entryp->entryp->ace_id->id_len = sizeof(struct ace_id);
2784 acl_entryp->nextp = NULL;
2786 DEBUG(10,("Exiting sys_acl_create_entry\n"));
2790 int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype)
2792 DEBUG(10,("Starting AIX sys_acl_set_tag_type\n"));
2793 entry->ace_id->id_type = tagtype;
2794 DEBUG(10,("The tag type is %d\n",entry->ace_id->id_type));
2795 DEBUG(10,("Ending AIX sys_acl_set_tag_type\n"));
2798 int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual)
2800 DEBUG(10,("Starting AIX sys_acl_set_qualifier\n"));
2801 memcpy(entry->ace_id->id_data,qual,sizeof(uid_t));
2802 DEBUG(10,("Ending AIX sys_acl_set_qualifier\n"));
2806 int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset)
2808 DEBUG(10,("Starting AIX sys_acl_set_permset\n"));
2809 if(!(*permset & S_IXUSR) &&
2810 !(*permset & S_IWUSR) &&
2811 !(*permset & S_IRUSR) &&
2815 entry->ace_access = *permset;
2816 DEBUG(10,("entry->ace_access = %d\n",entry->ace_access));
2817 DEBUG(10,("Ending AIX sys_acl_set_permset\n"));
2821 int sys_acl_valid( SMB_ACL_T theacl )
2826 struct acl_entry_link *acl_entry;
2828 for(acl_entry=theacl; acl_entry != NULL; acl_entry = acl_entry->nextp) {
2829 user_obj += (acl_entry->entryp->ace_id->id_type == SMB_ACL_USER_OBJ);
2830 group_obj += (acl_entry->entryp->ace_id->id_type == SMB_ACL_GROUP_OBJ);
2831 other_obj += (acl_entry->entryp->ace_id->id_type == SMB_ACL_OTHER);
2834 DEBUG(10,("user_obj=%d, group_obj=%d, other_obj=%d\n",user_obj,group_obj,other_obj));
2836 if(user_obj != 1 || group_obj != 1 || other_obj != 1)
2842 int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
2844 struct acl_entry_link *acl_entry_link = NULL;
2845 struct acl *file_acl = NULL;
2846 struct acl *file_acl_temp = NULL;
2847 struct acl_entry *acl_entry = NULL;
2848 struct ace_id *ace_id = NULL;
2855 DEBUG(10,("Entering sys_acl_set_file\n"));
2856 DEBUG(10,("File name is %s\n",name));
2858 /* AIX has no default ACL */
2859 if(acltype == SMB_ACL_TYPE_DEFAULT)
2862 acl_length = BUFSIZ;
2863 file_acl = (struct acl *)malloc(BUFSIZ);
2865 if(file_acl == NULL) {
2867 DEBUG(0,("Error in sys_acl_set_file is %d\n",errno));
2871 memset(file_acl,0,BUFSIZ);
2873 file_acl->acl_len = ACL_SIZ;
2874 file_acl->acl_mode = S_IXACL;
2876 for(acl_entry_link=theacl; acl_entry_link != NULL; acl_entry_link = acl_entry_link->nextp) {
2877 acl_entry_link->entryp->ace_access >>= 6;
2878 id_type = acl_entry_link->entryp->ace_id->id_type;
2881 case SMB_ACL_USER_OBJ:
2882 file_acl->u_access = acl_entry_link->entryp->ace_access;
2884 case SMB_ACL_GROUP_OBJ:
2885 file_acl->g_access = acl_entry_link->entryp->ace_access;
2888 file_acl->o_access = acl_entry_link->entryp->ace_access;
2894 if((file_acl->acl_len + sizeof(struct acl_entry)) > acl_length) {
2895 acl_length += sizeof(struct acl_entry);
2896 file_acl_temp = (struct acl *)malloc(acl_length);
2897 if(file_acl_temp == NULL) {
2898 SAFE_FREE(file_acl);
2900 DEBUG(0,("Error in sys_acl_set_file is %d\n",errno));
2904 memcpy(file_acl_temp,file_acl,file_acl->acl_len);
2905 SAFE_FREE(file_acl);
2906 file_acl = file_acl_temp;
2909 acl_entry = (struct acl_entry *)((char *)file_acl + file_acl->acl_len);
2910 file_acl->acl_len += sizeof(struct acl_entry);
2911 acl_entry->ace_len = acl_entry_link->entryp->ace_len;
2912 acl_entry->ace_access = acl_entry_link->entryp->ace_access;
2914 /* In order to use this, we'll need to wait until we can get denies */
2915 /* if(!acl_entry->ace_access && acl_entry->ace_type == ACC_PERMIT)
2916 acl_entry->ace_type = ACC_SPECIFY; */
2918 acl_entry->ace_type = ACC_SPECIFY;
2920 ace_id = acl_entry->ace_id;
2922 ace_id->id_type = acl_entry_link->entryp->ace_id->id_type;
2923 DEBUG(10,("The id type is %d\n",ace_id->id_type));
2924 ace_id->id_len = acl_entry_link->entryp->ace_id->id_len;
2925 memcpy(&user_id, acl_entry_link->entryp->ace_id->id_data, sizeof(uid_t));
2926 memcpy(acl_entry->ace_id->id_data, &user_id, sizeof(uid_t));
2929 rc = chacl(name,file_acl,file_acl->acl_len);
2930 DEBUG(10,("errno is %d\n",errno));
2931 DEBUG(10,("return code is %d\n",rc));
2932 SAFE_FREE(file_acl);
2933 DEBUG(10,("Exiting the sys_acl_set_file\n"));
2937 int sys_acl_set_fd( int fd, SMB_ACL_T theacl)
2939 struct acl_entry_link *acl_entry_link = NULL;
2940 struct acl *file_acl = NULL;
2941 struct acl *file_acl_temp = NULL;
2942 struct acl_entry *acl_entry = NULL;
2943 struct ace_id *ace_id = NULL;
2949 DEBUG(10,("Entering sys_acl_set_fd\n"));
2950 acl_length = BUFSIZ;
2951 file_acl = (struct acl *)malloc(BUFSIZ);
2953 if(file_acl == NULL) {
2955 DEBUG(0,("Error in sys_acl_set_fd is %d\n",errno));
2959 memset(file_acl,0,BUFSIZ);
2961 file_acl->acl_len = ACL_SIZ;
2962 file_acl->acl_mode = S_IXACL;
2964 for(acl_entry_link=theacl; acl_entry_link != NULL; acl_entry_link = acl_entry_link->nextp) {
2965 acl_entry_link->entryp->ace_access >>= 6;
2966 id_type = acl_entry_link->entryp->ace_id->id_type;
2967 DEBUG(10,("The id_type is %d\n",id_type));
2970 case SMB_ACL_USER_OBJ:
2971 file_acl->u_access = acl_entry_link->entryp->ace_access;
2973 case SMB_ACL_GROUP_OBJ:
2974 file_acl->g_access = acl_entry_link->entryp->ace_access;
2977 file_acl->o_access = acl_entry_link->entryp->ace_access;
2983 if((file_acl->acl_len + sizeof(struct acl_entry)) > acl_length) {
2984 acl_length += sizeof(struct acl_entry);
2985 file_acl_temp = (struct acl *)malloc(acl_length);
2986 if(file_acl_temp == NULL) {
2987 SAFE_FREE(file_acl);
2989 DEBUG(0,("Error in sys_acl_set_fd is %d\n",errno));
2993 memcpy(file_acl_temp,file_acl,file_acl->acl_len);
2994 SAFE_FREE(file_acl);
2995 file_acl = file_acl_temp;
2998 acl_entry = (struct acl_entry *)((char *)file_acl + file_acl->acl_len);
2999 file_acl->acl_len += sizeof(struct acl_entry);
3000 acl_entry->ace_len = acl_entry_link->entryp->ace_len;
3001 acl_entry->ace_access = acl_entry_link->entryp->ace_access;
3003 /* In order to use this, we'll need to wait until we can get denies */
3004 /* if(!acl_entry->ace_access && acl_entry->ace_type == ACC_PERMIT)
3005 acl_entry->ace_type = ACC_SPECIFY; */
3007 acl_entry->ace_type = ACC_SPECIFY;
3009 ace_id = acl_entry->ace_id;
3011 ace_id->id_type = acl_entry_link->entryp->ace_id->id_type;
3012 DEBUG(10,("The id type is %d\n",ace_id->id_type));
3013 ace_id->id_len = acl_entry_link->entryp->ace_id->id_len;
3014 memcpy(&user_id, acl_entry_link->entryp->ace_id->id_data, sizeof(uid_t));
3015 memcpy(ace_id->id_data, &user_id, sizeof(uid_t));
3018 rc = fchacl(fd,file_acl,file_acl->acl_len);
3019 DEBUG(10,("errno is %d\n",errno));
3020 DEBUG(10,("return code is %d\n",rc));
3021 SAFE_FREE(file_acl);
3022 DEBUG(10,("Exiting sys_acl_set_fd\n"));
3026 int sys_acl_delete_def_file(const char *name)
3028 /* AIX has no default ACL */
3032 int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
3034 return(*permset & perm);
3037 int sys_acl_free_text(char *text)
3042 int sys_acl_free_acl(SMB_ACL_T posix_acl)
3044 struct acl_entry_link *acl_entry_link;
3046 for(acl_entry_link = posix_acl->nextp; acl_entry_link->nextp != NULL; acl_entry_link = acl_entry_link->nextp) {
3047 SAFE_FREE(acl_entry_link->prevp->entryp);
3048 SAFE_FREE(acl_entry_link->prevp);
3051 SAFE_FREE(acl_entry_link->prevp->entryp);
3052 SAFE_FREE(acl_entry_link->prevp);
3053 SAFE_FREE(acl_entry_link->entryp);
3054 SAFE_FREE(acl_entry_link);
3059 int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype)
3064 #else /* No ACLs. */
3066 int sys_acl_get_entry( SMB_ACL_T the_acl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
3072 int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
3078 int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
3084 void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d)
3090 SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type)
3093 return (SMB_ACL_T)NULL;
3096 SMB_ACL_T sys_acl_get_fd(int fd)
3099 return (SMB_ACL_T)NULL;
3102 int sys_acl_clear_perms(SMB_ACL_PERMSET_T permset)
3108 int sys_acl_add_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
3114 int sys_acl_get_perm( SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
3117 return (permset & perm) ? 1 : 0;
3120 char *sys_acl_to_text( SMB_ACL_T the_acl, ssize_t *plen)
3126 int sys_acl_free_text(char *text)
3132 SMB_ACL_T sys_acl_init( int count)
3138 int sys_acl_create_entry( SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
3144 int sys_acl_set_tag_type( SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype)
3150 int sys_acl_set_qualifier( SMB_ACL_ENTRY_T entry, void *qual)
3156 int sys_acl_set_permset( SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset)
3162 int sys_acl_valid( SMB_ACL_T theacl )
3168 int sys_acl_set_file( const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
3174 int sys_acl_set_fd( int fd, SMB_ACL_T theacl)
3180 int sys_acl_delete_def_file(const char *name)
3186 int sys_acl_free_acl(SMB_ACL_T the_acl)
3192 int sys_acl_free_qualifier(void *qual, SMB_ACL_TAG_T tagtype)
3198 #endif /* No ACLs. */
git.samba.org / tprouty / samba.git / blob