author | amw |
Thu, 25 Oct 2007 16:34:29 -0700 | |
changeset 5331 | 3047ad28a67b |
parent 4321 | a8930ec16e52 |
child 7057 | d3fa1d6dbef7 |
permissions | -rw-r--r-- |
789 | 1 |
/* |
2 |
* CDDL HEADER START |
|
3 |
* |
|
4 |
* The contents of this file are subject to the terms of the |
|
1462 | 5 |
* Common Development and Distribution License (the "License"). |
6 |
* You may not use this file except in compliance with the License. |
|
789 | 7 |
* |
8 |
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE |
|
9 |
* or http://www.opensolaris.org/os/licensing. |
|
10 |
* See the License for the specific language governing permissions |
|
11 |
* and limitations under the License. |
|
12 |
* |
|
13 |
* When distributing Covered Code, include this CDDL HEADER in each |
|
14 |
* file and include the License file at usr/src/OPENSOLARIS.LICENSE. |
|
15 |
* If applicable, add the following below this CDDL HEADER, with the |
|
16 |
* fields enclosed by brackets "[]" replaced with your own identifying |
|
17 |
* information: Portions Copyright [yyyy] [name of copyright owner] |
|
18 |
* |
|
19 |
* CDDL HEADER END |
|
20 |
*/ |
|
21 |
/* |
|
4321
a8930ec16e52
PSARC 2007/064 Unified POSIX and Windows Credentials for Solaris
casper
parents:
1953
diff
changeset
|
22 |
* Copyright 2007 Sun Microsystems, Inc. All rights reserved. |
789 | 23 |
* Use is subject to license terms. |
24 |
*/ |
|
25 |
||
26 |
#pragma ident "%Z%%M% %I% %E% SMI" |
|
27 |
||
28 |
#include <stdlib.h> |
|
29 |
#include <string.h> |
|
30 |
#include <unistd.h> |
|
31 |
#include <limits.h> |
|
32 |
#include <grp.h> |
|
33 |
#include <pwd.h> |
|
1462 | 34 |
#include <strings.h> |
789 | 35 |
#include <sys/types.h> |
36 |
#include <errno.h> |
|
37 |
#include <sys/stat.h> |
|
1420 | 38 |
#include <sys/varargs.h> |
789 | 39 |
#include <locale.h> |
40 |
#include <aclutils.h> |
|
5331 | 41 |
#include <sys/avl.h> |
789 | 42 |
#include <acl_common.h> |
43 |
||
44 |
#define ACL_PATH 0 |
|
45 |
#define ACL_FD 1 |
|
46 |
||
1231
64215f768e86
6354804 The file's ACL was changed when cp it from one ZFS file system to another one.
marks
parents:
789
diff
changeset
|
47 |
|
789 | 48 |
typedef union { |
49 |
const char *file; |
|
50 |
int fd; |
|
51 |
} acl_inp; |
|
52 |
||
53 |
||
54 |
/* |
|
55 |
* Determine whether a file has a trivial ACL |
|
56 |
* returns: 0 = trivial |
|
57 |
* 1 = nontrivial |
|
58 |
* <0 some other system failure, such as ENOENT or EPERM |
|
59 |
*/ |
|
60 |
int |
|
61 |
acl_trivial(const char *filename) |
|
62 |
{ |
|
63 |
int acl_flavor; |
|
64 |
int aclcnt; |
|
65 |
int cntcmd; |
|
66 |
int val = 0; |
|
67 |
ace_t *acep; |
|
68 |
||
69 |
acl_flavor = pathconf(filename, _PC_ACL_ENABLED); |
|
70 |
||
71 |
if (acl_flavor == _ACL_ACE_ENABLED) |
|
72 |
cntcmd = ACE_GETACLCNT; |
|
73 |
else |
|
74 |
cntcmd = GETACLCNT; |
|
75 |
||
76 |
aclcnt = acl(filename, cntcmd, 0, NULL); |
|
77 |
if (aclcnt > 0) { |
|
78 |
if (acl_flavor == _ACL_ACE_ENABLED) { |
|
1231
64215f768e86
6354804 The file's ACL was changed when cp it from one ZFS file system to another one.
marks
parents:
789
diff
changeset
|
79 |
acep = malloc(sizeof (ace_t) * aclcnt); |
64215f768e86
6354804 The file's ACL was changed when cp it from one ZFS file system to another one.
marks
parents:
789
diff
changeset
|
80 |
if (acep == NULL) |
64215f768e86
6354804 The file's ACL was changed when cp it from one ZFS file system to another one.
marks
parents:
789
diff
changeset
|
81 |
return (-1); |
64215f768e86
6354804 The file's ACL was changed when cp it from one ZFS file system to another one.
marks
parents:
789
diff
changeset
|
82 |
if (acl(filename, ACE_GETACL, |
64215f768e86
6354804 The file's ACL was changed when cp it from one ZFS file system to another one.
marks
parents:
789
diff
changeset
|
83 |
aclcnt, acep) < 0) { |
64215f768e86
6354804 The file's ACL was changed when cp it from one ZFS file system to another one.
marks
parents:
789
diff
changeset
|
84 |
free(acep); |
64215f768e86
6354804 The file's ACL was changed when cp it from one ZFS file system to another one.
marks
parents:
789
diff
changeset
|
85 |
return (-1); |
64215f768e86
6354804 The file's ACL was changed when cp it from one ZFS file system to another one.
marks
parents:
789
diff
changeset
|
86 |
} |
789 | 87 |
|
1231
64215f768e86
6354804 The file's ACL was changed when cp it from one ZFS file system to another one.
marks
parents:
789
diff
changeset
|
88 |
val = ace_trivial(acep, aclcnt); |
64215f768e86
6354804 The file's ACL was changed when cp it from one ZFS file system to another one.
marks
parents:
789
diff
changeset
|
89 |
free(acep); |
64215f768e86
6354804 The file's ACL was changed when cp it from one ZFS file system to another one.
marks
parents:
789
diff
changeset
|
90 |
|
789 | 91 |
} else if (aclcnt > MIN_ACL_ENTRIES) |
92 |
val = 1; |
|
93 |
} |
|
94 |
return (val); |
|
95 |
} |
|
96 |
||
1462 | 97 |
|
1477 | 98 |
static int |
789 | 99 |
cacl_get(acl_inp inp, int get_flag, int type, acl_t **aclp) |
100 |
{ |
|
101 |
const char *fname; |
|
102 |
int fd; |
|
103 |
int ace_acl = 0; |
|
104 |
int error; |
|
105 |
int getcmd, cntcmd; |
|
106 |
acl_t *acl_info; |
|
107 |
int save_errno; |
|
108 |
int stat_error; |
|
109 |
struct stat64 statbuf; |
|
110 |
||
111 |
*aclp = NULL; |
|
112 |
if (type == ACL_PATH) { |
|
113 |
fname = inp.file; |
|
114 |
ace_acl = pathconf(fname, _PC_ACL_ENABLED); |
|
115 |
} else { |
|
116 |
fd = inp.fd; |
|
117 |
ace_acl = fpathconf(fd, _PC_ACL_ENABLED); |
|
118 |
} |
|
119 |
||
120 |
/* |
|
121 |
* if acl's aren't supported then |
|
122 |
* send it through the old GETACL interface |
|
123 |
*/ |
|
1666
07697c578888
6401243 ZFS ACLs should not break third party filesystems
marks
parents:
1477
diff
changeset
|
124 |
if (ace_acl == 0 || ace_acl == -1) { |
789 | 125 |
ace_acl = _ACL_ACLENT_ENABLED; |
126 |
} |
|
127 |
||
128 |
if (ace_acl & _ACL_ACE_ENABLED) { |
|
129 |
cntcmd = ACE_GETACLCNT; |
|
130 |
getcmd = ACE_GETACL; |
|
131 |
acl_info = acl_alloc(ACE_T); |
|
132 |
} else { |
|
133 |
cntcmd = GETACLCNT; |
|
134 |
getcmd = GETACL; |
|
135 |
acl_info = acl_alloc(ACLENT_T); |
|
136 |
} |
|
137 |
||
138 |
if (acl_info == NULL) |
|
139 |
return (-1); |
|
140 |
||
141 |
if (type == ACL_PATH) { |
|
142 |
acl_info->acl_cnt = acl(fname, cntcmd, 0, NULL); |
|
143 |
} else { |
|
144 |
acl_info->acl_cnt = facl(fd, cntcmd, 0, NULL); |
|
145 |
} |
|
146 |
||
147 |
save_errno = errno; |
|
148 |
if (acl_info->acl_cnt < 0) { |
|
149 |
acl_free(acl_info); |
|
150 |
errno = save_errno; |
|
151 |
return (-1); |
|
152 |
} |
|
153 |
||
154 |
if (acl_info->acl_cnt == 0) { |
|
155 |
acl_free(acl_info); |
|
156 |
errno = save_errno; |
|
157 |
return (0); |
|
158 |
} |
|
159 |
||
160 |
acl_info->acl_aclp = |
|
161 |
malloc(acl_info->acl_cnt * acl_info->acl_entry_size); |
|
162 |
save_errno = errno; |
|
163 |
||
164 |
if (acl_info->acl_aclp == NULL) { |
|
165 |
acl_free(acl_info); |
|
166 |
errno = save_errno; |
|
167 |
return (-1); |
|
168 |
} |
|
169 |
||
170 |
if (type == ACL_PATH) { |
|
171 |
stat_error = stat64(fname, &statbuf); |
|
172 |
error = acl(fname, getcmd, acl_info->acl_cnt, |
|
173 |
acl_info->acl_aclp); |
|
174 |
} else { |
|
175 |
stat_error = fstat64(fd, &statbuf); |
|
176 |
error = facl(fd, getcmd, acl_info->acl_cnt, |
|
177 |
acl_info->acl_aclp); |
|
178 |
} |
|
179 |
||
180 |
save_errno = errno; |
|
181 |
if (error == -1) { |
|
182 |
acl_free(acl_info); |
|
183 |
errno = save_errno; |
|
184 |
return (-1); |
|
185 |
} |
|
186 |
||
187 |
||
188 |
if (stat_error == 0) { |
|
189 |
acl_info->acl_flags = |
|
190 |
(S_ISDIR(statbuf.st_mode) ? ACL_IS_DIR : 0); |
|
191 |
} else |
|
192 |
acl_info->acl_flags = 0; |
|
193 |
||
194 |
switch (acl_info->acl_type) { |
|
195 |
case ACLENT_T: |
|
196 |
if (acl_info->acl_cnt <= MIN_ACL_ENTRIES) |
|
197 |
acl_info->acl_flags |= ACL_IS_TRIVIAL; |
|
198 |
break; |
|
199 |
case ACE_T: |
|
200 |
if (ace_trivial(acl_info->acl_aclp, acl_info->acl_cnt) == 0) |
|
201 |
acl_info->acl_flags |= ACL_IS_TRIVIAL; |
|
202 |
break; |
|
203 |
default: |
|
204 |
errno = EINVAL; |
|
205 |
acl_free(acl_info); |
|
206 |
return (-1); |
|
207 |
} |
|
208 |
||
209 |
if ((acl_info->acl_flags & ACL_IS_TRIVIAL) && |
|
210 |
(get_flag & ACL_NO_TRIVIAL)) { |
|
211 |
acl_free(acl_info); |
|
212 |
errno = 0; |
|
213 |
return (0); |
|
214 |
} |
|
215 |
||
216 |
*aclp = acl_info; |
|
217 |
return (0); |
|
218 |
} |
|
219 |
||
220 |
/* |
|
221 |
* return -1 on failure, otherwise the number of acl |
|
222 |
* entries is returned |
|
223 |
*/ |
|
224 |
int |
|
225 |
acl_get(const char *path, int get_flag, acl_t **aclp) |
|
226 |
{ |
|
227 |
acl_inp acl_inp; |
|
228 |
acl_inp.file = path; |
|
229 |
||
230 |
return (cacl_get(acl_inp, get_flag, ACL_PATH, aclp)); |
|
231 |
} |
|
232 |
||
233 |
int |
|
234 |
facl_get(int fd, int get_flag, acl_t **aclp) |
|
235 |
{ |
|
236 |
||
237 |
acl_inp acl_inp; |
|
238 |
acl_inp.fd = fd; |
|
239 |
||
240 |
return (cacl_get(acl_inp, get_flag, ACL_FD, aclp)); |
|
241 |
} |
|
242 |
||
243 |
/* |
|
244 |
* Set an ACL, translates acl to ace_t when appropriate. |
|
245 |
*/ |
|
246 |
static int |
|
247 |
cacl_set(acl_inp *acl_inp, acl_t *aclp, int type) |
|
248 |
{ |
|
249 |
int error = 0; |
|
250 |
int acl_flavor_target; |
|
251 |
struct stat64 statbuf; |
|
252 |
int stat_error; |
|
253 |
int isdir; |
|
254 |
||
255 |
||
256 |
if (type == ACL_PATH) { |
|
257 |
stat_error = stat64(acl_inp->file, &statbuf); |
|
258 |
if (stat_error) |
|
259 |
return (-1); |
|
260 |
acl_flavor_target = pathconf(acl_inp->file, _PC_ACL_ENABLED); |
|
261 |
} else { |
|
262 |
stat_error = fstat64(acl_inp->fd, &statbuf); |
|
263 |
if (stat_error) |
|
264 |
return (-1); |
|
265 |
acl_flavor_target = fpathconf(acl_inp->fd, _PC_ACL_ENABLED); |
|
266 |
} |
|
267 |
||
1666
07697c578888
6401243 ZFS ACLs should not break third party filesystems
marks
parents:
1477
diff
changeset
|
268 |
/* |
07697c578888
6401243 ZFS ACLs should not break third party filesystems
marks
parents:
1477
diff
changeset
|
269 |
* If target returns an error or 0 from pathconf call then |
07697c578888
6401243 ZFS ACLs should not break third party filesystems
marks
parents:
1477
diff
changeset
|
270 |
* fall back to UFS/POSIX Draft interface. |
07697c578888
6401243 ZFS ACLs should not break third party filesystems
marks
parents:
1477
diff
changeset
|
271 |
* In the case of 0 we will then fail in either acl(2) or |
07697c578888
6401243 ZFS ACLs should not break third party filesystems
marks
parents:
1477
diff
changeset
|
272 |
* acl_translate(). We could erroneously get 0 back from |
07697c578888
6401243 ZFS ACLs should not break third party filesystems
marks
parents:
1477
diff
changeset
|
273 |
* a file system that is using fs_pathconf() and not answering |
07697c578888
6401243 ZFS ACLs should not break third party filesystems
marks
parents:
1477
diff
changeset
|
274 |
* the _PC_ACL_ENABLED question itself. |
07697c578888
6401243 ZFS ACLs should not break third party filesystems
marks
parents:
1477
diff
changeset
|
275 |
*/ |
07697c578888
6401243 ZFS ACLs should not break third party filesystems
marks
parents:
1477
diff
changeset
|
276 |
if (acl_flavor_target == 0 || acl_flavor_target == -1) |
07697c578888
6401243 ZFS ACLs should not break third party filesystems
marks
parents:
1477
diff
changeset
|
277 |
acl_flavor_target = _ACL_ACLENT_ENABLED; |
07697c578888
6401243 ZFS ACLs should not break third party filesystems
marks
parents:
1477
diff
changeset
|
278 |
|
789 | 279 |
isdir = S_ISDIR(statbuf.st_mode); |
280 |
||
1462 | 281 |
if ((error = acl_translate(aclp, acl_flavor_target, isdir, |
282 |
statbuf.st_uid, statbuf.st_gid)) != 0) { |
|
283 |
return (error); |
|
789 | 284 |
} |
285 |
||
286 |
if (type == ACL_PATH) { |
|
287 |
error = acl(acl_inp->file, |
|
288 |
(aclp->acl_type == ACE_T) ? ACE_SETACL : SETACL, |
|
289 |
aclp->acl_cnt, aclp->acl_aclp); |
|
290 |
} else { |
|
291 |
error = facl(acl_inp->fd, |
|
292 |
(aclp->acl_type == ACE_T) ? ACE_SETACL : SETACL, |
|
293 |
aclp->acl_cnt, aclp->acl_aclp); |
|
294 |
} |
|
295 |
||
296 |
return (error); |
|
297 |
} |
|
298 |
||
299 |
int |
|
300 |
acl_set(const char *path, acl_t *aclp) |
|
301 |
{ |
|
302 |
acl_inp acl_inp; |
|
303 |
||
304 |
acl_inp.file = path; |
|
305 |
||
306 |
return (cacl_set(&acl_inp, aclp, ACL_PATH)); |
|
307 |
} |
|
308 |
||
309 |
int |
|
310 |
facl_set(int fd, acl_t *aclp) |
|
311 |
{ |
|
312 |
acl_inp acl_inp; |
|
313 |
||
314 |
acl_inp.fd = fd; |
|
315 |
||
316 |
return (cacl_set(&acl_inp, aclp, ACL_FD)); |
|
317 |
} |
|
318 |
||
319 |
int |
|
320 |
acl_cnt(acl_t *aclp) |
|
321 |
{ |
|
322 |
return (aclp->acl_cnt); |
|
323 |
} |
|
324 |
||
325 |
int |
|
326 |
acl_type(acl_t *aclp) |
|
327 |
{ |
|
328 |
return (aclp->acl_type); |
|
329 |
} |
|
330 |
||
331 |
acl_t * |
|
332 |
acl_dup(acl_t *aclp) |
|
333 |
{ |
|
334 |
acl_t *newaclp; |
|
335 |
||
336 |
newaclp = acl_alloc(aclp->acl_type); |
|
337 |
if (newaclp == NULL) |
|
338 |
return (NULL); |
|
339 |
||
340 |
newaclp->acl_aclp = malloc(aclp->acl_entry_size * aclp->acl_cnt); |
|
341 |
if (newaclp->acl_aclp == NULL) { |
|
342 |
acl_free(newaclp); |
|
343 |
return (NULL); |
|
344 |
} |
|
345 |
||
346 |
(void) memcpy(newaclp->acl_aclp, |
|
347 |
aclp->acl_aclp, aclp->acl_entry_size * aclp->acl_cnt); |
|
348 |
newaclp->acl_cnt = aclp->acl_cnt; |
|
349 |
||
350 |
return (newaclp); |
|
351 |
} |
|
352 |
||
353 |
int |
|
354 |
acl_flags(acl_t *aclp) |
|
355 |
{ |
|
356 |
return (aclp->acl_flags); |
|
357 |
} |
|
358 |
||
359 |
void * |
|
360 |
acl_data(acl_t *aclp) |
|
361 |
{ |
|
362 |
return (aclp->acl_aclp); |
|
363 |
} |
|
364 |
||
365 |
/* |
|
1953
7d218c488035
6421216 ufsrestore should use acl_set() for setting ACLs
marks
parents:
1666
diff
changeset
|
366 |
* Take an acl array and build an acl_t. |
7d218c488035
6421216 ufsrestore should use acl_set() for setting ACLs
marks
parents:
1666
diff
changeset
|
367 |
*/ |
7d218c488035
6421216 ufsrestore should use acl_set() for setting ACLs
marks
parents:
1666
diff
changeset
|
368 |
acl_t * |
7d218c488035
6421216 ufsrestore should use acl_set() for setting ACLs
marks
parents:
1666
diff
changeset
|
369 |
acl_to_aclp(enum acl_type type, void *acl, int count) |
7d218c488035
6421216 ufsrestore should use acl_set() for setting ACLs
marks
parents:
1666
diff
changeset
|
370 |
{ |
7d218c488035
6421216 ufsrestore should use acl_set() for setting ACLs
marks
parents:
1666
diff
changeset
|
371 |
acl_t *aclp; |
7d218c488035
6421216 ufsrestore should use acl_set() for setting ACLs
marks
parents:
1666
diff
changeset
|
372 |
|
7d218c488035
6421216 ufsrestore should use acl_set() for setting ACLs
marks
parents:
1666
diff
changeset
|
373 |
|
7d218c488035
6421216 ufsrestore should use acl_set() for setting ACLs
marks
parents:
1666
diff
changeset
|
374 |
aclp = acl_alloc(type); |
7d218c488035
6421216 ufsrestore should use acl_set() for setting ACLs
marks
parents:
1666
diff
changeset
|
375 |
if (aclp == NULL) |
7d218c488035
6421216 ufsrestore should use acl_set() for setting ACLs
marks
parents:
1666
diff
changeset
|
376 |
return (aclp); |
7d218c488035
6421216 ufsrestore should use acl_set() for setting ACLs
marks
parents:
1666
diff
changeset
|
377 |
|
7d218c488035
6421216 ufsrestore should use acl_set() for setting ACLs
marks
parents:
1666
diff
changeset
|
378 |
aclp->acl_aclp = acl; |
7d218c488035
6421216 ufsrestore should use acl_set() for setting ACLs
marks
parents:
1666
diff
changeset
|
379 |
aclp->acl_cnt = count; |
7d218c488035
6421216 ufsrestore should use acl_set() for setting ACLs
marks
parents:
1666
diff
changeset
|
380 |
|
7d218c488035
6421216 ufsrestore should use acl_set() for setting ACLs
marks
parents:
1666
diff
changeset
|
381 |
return (aclp); |
7d218c488035
6421216 ufsrestore should use acl_set() for setting ACLs
marks
parents:
1666
diff
changeset
|
382 |
} |
7d218c488035
6421216 ufsrestore should use acl_set() for setting ACLs
marks
parents:
1666
diff
changeset
|
383 |
|
7d218c488035
6421216 ufsrestore should use acl_set() for setting ACLs
marks
parents:
1666
diff
changeset
|
384 |
/* |
789 | 385 |
* Remove an ACL from a file and create a trivial ACL based |
386 |
* off of the mode argument. After acl has been set owner/group |
|
387 |
* are updated to match owner,group arguments |
|
388 |
*/ |
|
389 |
int |
|
390 |
acl_strip(const char *file, uid_t owner, gid_t group, mode_t mode) |
|
391 |
{ |
|
392 |
int error = 0; |
|
393 |
aclent_t min_acl[MIN_ACL_ENTRIES]; |
|
394 |
ace_t min_ace_acl[6]; /* owner, group, everyone + complement denies */ |
|
395 |
int acl_flavor; |
|
396 |
int aclcnt; |
|
397 |
||
398 |
acl_flavor = pathconf(file, _PC_ACL_ENABLED); |
|
399 |
||
400 |
/* |
|
401 |
* force it through aclent flavor when file system doesn't |
|
402 |
* understand question |
|
403 |
*/ |
|
1666
07697c578888
6401243 ZFS ACLs should not break third party filesystems
marks
parents:
1477
diff
changeset
|
404 |
if (acl_flavor == 0 || acl_flavor == -1) |
789 | 405 |
acl_flavor = _ACL_ACLENT_ENABLED; |
406 |
||
407 |
if (acl_flavor & _ACL_ACLENT_ENABLED) { |
|
408 |
min_acl[0].a_type = USER_OBJ; |
|
409 |
min_acl[0].a_id = owner; |
|
410 |
min_acl[0].a_perm = ((mode & 0700) >> 6); |
|
411 |
min_acl[1].a_type = GROUP_OBJ; |
|
412 |
min_acl[1].a_id = group; |
|
413 |
min_acl[1].a_perm = ((mode & 0070) >> 3); |
|
414 |
min_acl[2].a_type = CLASS_OBJ; |
|
415 |
min_acl[2].a_id = (uid_t)-1; |
|
416 |
min_acl[2].a_perm = ((mode & 0070) >> 3); |
|
417 |
min_acl[3].a_type = OTHER_OBJ; |
|
418 |
min_acl[3].a_id = (uid_t)-1; |
|
419 |
min_acl[3].a_perm = (mode & 0007); |
|
420 |
aclcnt = 4; |
|
421 |
error = acl(file, SETACL, aclcnt, min_acl); |
|
422 |
} else if (acl_flavor & _ACL_ACE_ENABLED) { |
|
423 |
(void) memcpy(min_ace_acl, trivial_acl, sizeof (ace_t) * 6); |
|
424 |
||
425 |
/* |
|
426 |
* Make aces match request mode |
|
427 |
*/ |
|
428 |
adjust_ace_pair(&min_ace_acl[0], (mode & 0700) >> 6); |
|
429 |
adjust_ace_pair(&min_ace_acl[2], (mode & 0070) >> 3); |
|
430 |
adjust_ace_pair(&min_ace_acl[4], mode & 0007); |
|
431 |
||
432 |
error = acl(file, ACE_SETACL, 6, min_ace_acl); |
|
433 |
} else { |
|
434 |
errno = EINVAL; |
|
435 |
error = 1; |
|
436 |
} |
|
437 |
||
438 |
if (error == 0) |
|
439 |
error = chown(file, owner, group); |
|
440 |
return (error); |
|
441 |
} |
|
442 |
||
443 |
static int |
|
444 |
ace_match(void *entry1, void *entry2) |
|
445 |
{ |
|
446 |
ace_t *p1 = (ace_t *)entry1; |
|
447 |
ace_t *p2 = (ace_t *)entry2; |
|
448 |
ace_t ace1, ace2; |
|
449 |
||
450 |
ace1 = *p1; |
|
451 |
ace2 = *p2; |
|
452 |
||
453 |
/* |
|
454 |
* Need to fixup who field for abstrations for |
|
455 |
* accurate comparison, since field is undefined. |
|
456 |
*/ |
|
457 |
if (ace1.a_flags & (ACE_OWNER|ACE_GROUP|ACE_EVERYONE)) |
|
4321
a8930ec16e52
PSARC 2007/064 Unified POSIX and Windows Credentials for Solaris
casper
parents:
1953
diff
changeset
|
458 |
ace1.a_who = (uid_t)-1; |
789 | 459 |
if (ace2.a_flags & (ACE_OWNER|ACE_GROUP|ACE_EVERYONE)) |
4321
a8930ec16e52
PSARC 2007/064 Unified POSIX and Windows Credentials for Solaris
casper
parents:
1953
diff
changeset
|
460 |
ace2.a_who = (uid_t)-1; |
789 | 461 |
return (memcmp(&ace1, &ace2, sizeof (ace_t))); |
462 |
} |
|
463 |
||
464 |
static int |
|
465 |
aclent_match(void *entry1, void *entry2) |
|
466 |
{ |
|
467 |
aclent_t *aclent1 = (aclent_t *)entry1; |
|
468 |
aclent_t *aclent2 = (aclent_t *)entry2; |
|
469 |
||
470 |
return (memcmp(aclent1, aclent2, sizeof (aclent_t))); |
|
471 |
} |
|
472 |
||
473 |
/* |
|
474 |
* Find acl entries in acl that correspond to removeacl. Search |
|
475 |
* is started from slot. The flag argument indicates whether to |
|
476 |
* remove all matches or just the first match. |
|
477 |
*/ |
|
478 |
int |
|
479 |
acl_removeentries(acl_t *acl, acl_t *removeacl, int start_slot, int flag) |
|
480 |
{ |
|
481 |
int i, j; |
|
482 |
int match; |
|
483 |
int (*acl_match)(void *acl1, void *acl2); |
|
484 |
void *acl_entry, *remove_entry; |
|
485 |
void *start; |
|
486 |
int found = 0; |
|
487 |
||
488 |
if (flag != ACL_REMOVE_ALL && flag != ACL_REMOVE_FIRST) |
|
489 |
flag = ACL_REMOVE_FIRST; |
|
490 |
||
491 |
if (acl == NULL || removeacl == NULL) |
|
492 |
return (EACL_NO_ACL_ENTRY); |
|
493 |
||
494 |
if (acl->acl_type != removeacl->acl_type) |
|
495 |
return (EACL_DIFF_TYPE); |
|
496 |
||
497 |
if (acl->acl_type == ACLENT_T) |
|
498 |
acl_match = aclent_match; |
|
499 |
else |
|
500 |
acl_match = ace_match; |
|
501 |
||
502 |
for (i = 0, remove_entry = removeacl->acl_aclp; |
|
503 |
i != removeacl->acl_cnt; i++) { |
|
504 |
||
505 |
j = 0; |
|
506 |
acl_entry = (char *)acl->acl_aclp + |
|
507 |
(acl->acl_entry_size * start_slot); |
|
508 |
for (;;) { |
|
509 |
match = acl_match(acl_entry, remove_entry); |
|
510 |
if (match == 0) { |
|
511 |
found++; |
|
512 |
start = (char *)acl_entry + |
|
513 |
acl->acl_entry_size; |
|
514 |
(void) memmove(acl_entry, start, |
|
515 |
acl->acl_entry_size * |
|
516 |
acl->acl_cnt-- - (j + 1)); |
|
517 |
||
518 |
if (flag == ACL_REMOVE_FIRST) |
|
519 |
break; |
|
520 |
/* |
|
521 |
* List has changed, restart search from |
|
522 |
* beginning. |
|
523 |
*/ |
|
524 |
acl_entry = acl->acl_aclp; |
|
525 |
j = 0; |
|
526 |
continue; |
|
527 |
} |
|
528 |
acl_entry = ((char *)acl_entry + acl->acl_entry_size); |
|
529 |
if (++j >= acl->acl_cnt) { |
|
530 |
break; |
|
531 |
} |
|
532 |
} |
|
533 |
} |
|
534 |
||
535 |
return ((found == 0) ? EACL_NO_ACL_ENTRY : 0); |
|
536 |
} |
|
537 |
||
538 |
/* |
|
539 |
* Replace entires entries in acl1 with the corresponding entries |
|
540 |
* in newentries. The where argument specifies where to begin |
|
541 |
* the replacement. If the where argument is 1 greater than the |
|
542 |
* number of acl entries in acl1 then they are appended. If the |
|
543 |
* where argument is 2+ greater than the number of acl entries then |
|
544 |
* EACL_INVALID_SLOT is returned. |
|
545 |
*/ |
|
546 |
int |
|
547 |
acl_modifyentries(acl_t *acl1, acl_t *newentries, int where) |
|
548 |
{ |
|
549 |
||
550 |
int slot; |
|
551 |
int slots_needed; |
|
552 |
int slots_left; |
|
553 |
int newsize; |
|
554 |
||
555 |
if (acl1 == NULL || newentries == NULL) |
|
556 |
return (EACL_NO_ACL_ENTRY); |
|
557 |
||
558 |
if (where < 0 || where >= acl1->acl_cnt) |
|
559 |
return (EACL_INVALID_SLOT); |
|
560 |
||
561 |
if (acl1->acl_type != newentries->acl_type) |
|
562 |
return (EACL_DIFF_TYPE); |
|
563 |
||
564 |
slot = where; |
|
565 |
||
566 |
slots_left = acl1->acl_cnt - slot + 1; |
|
567 |
if (slots_left < newentries->acl_cnt) { |
|
568 |
slots_needed = newentries->acl_cnt - slots_left; |
|
569 |
newsize = (acl1->acl_entry_size * acl1->acl_cnt) + |
|
570 |
(acl1->acl_entry_size * slots_needed); |
|
571 |
acl1->acl_aclp = realloc(acl1->acl_aclp, newsize); |
|
572 |
if (acl1->acl_aclp == NULL) |
|
573 |
return (-1); |
|
574 |
} |
|
575 |
(void) memcpy((char *)acl1->acl_aclp + (acl1->acl_entry_size * slot), |
|
576 |
newentries->acl_aclp, |
|
577 |
newentries->acl_entry_size * newentries->acl_cnt); |
|
578 |
||
579 |
/* |
|
580 |
* Did ACL grow? |
|
581 |
*/ |
|
582 |
||
583 |
if ((slot + newentries->acl_cnt) > acl1->acl_cnt) { |
|
584 |
acl1->acl_cnt = slot + newentries->acl_cnt; |
|
585 |
} |
|
586 |
||
587 |
return (0); |
|
588 |
} |
|
589 |
||
590 |
/* |
|
591 |
* Add acl2 entries into acl1. The where argument specifies where |
|
592 |
* to add the entries. |
|
593 |
*/ |
|
594 |
int |
|
595 |
acl_addentries(acl_t *acl1, acl_t *acl2, int where) |
|
596 |
{ |
|
597 |
||
598 |
int newsize; |
|
599 |
int len; |
|
600 |
void *start; |
|
601 |
void *to; |
|
602 |
||
603 |
if (acl1 == NULL || acl2 == NULL) |
|
604 |
return (EACL_NO_ACL_ENTRY); |
|
605 |
||
606 |
if (acl1->acl_type != acl2->acl_type) |
|
607 |
return (EACL_DIFF_TYPE); |
|
608 |
||
609 |
/* |
|
610 |
* allow where to specify 1 past last slot for an append operation |
|
611 |
* but anything greater is an error. |
|
612 |
*/ |
|
613 |
if (where < 0 || where > acl1->acl_cnt) |
|
614 |
return (EACL_INVALID_SLOT); |
|
615 |
||
616 |
newsize = (acl2->acl_entry_size * acl2->acl_cnt) + |
|
617 |
(acl1->acl_entry_size * acl1->acl_cnt); |
|
618 |
acl1->acl_aclp = realloc(acl1->acl_aclp, newsize); |
|
619 |
if (acl1->acl_aclp == NULL) |
|
620 |
return (-1); |
|
621 |
||
622 |
/* |
|
623 |
* first push down entries where new ones will be inserted |
|
624 |
*/ |
|
625 |
||
626 |
to = (void *)((char *)acl1->acl_aclp + |
|
627 |
((where + acl2->acl_cnt) * acl1->acl_entry_size)); |
|
628 |
||
629 |
start = (void *)((char *)acl1->acl_aclp + |
|
630 |
where * acl1->acl_entry_size); |
|
631 |
||
632 |
if (where < acl1->acl_cnt) { |
|
633 |
len = (acl1->acl_cnt - where) * acl1->acl_entry_size; |
|
634 |
(void) memmove(to, start, len); |
|
635 |
} |
|
636 |
||
637 |
/* |
|
638 |
* now stick in new entries. |
|
639 |
*/ |
|
640 |
||
641 |
(void) memmove(start, acl2->acl_aclp, |
|
642 |
acl2->acl_cnt * acl2->acl_entry_size); |
|
643 |
||
644 |
acl1->acl_cnt += acl2->acl_cnt; |
|
645 |
return (0); |
|
646 |
} |
|
647 |
||
648 |
/* |
|
649 |
* return text for an ACL error. |
|
650 |
*/ |
|
651 |
char * |
|
652 |
acl_strerror(int errnum) |
|
653 |
{ |
|
654 |
switch (errnum) { |
|
655 |
case EACL_GRP_ERROR: |
|
656 |
return (dgettext(TEXT_DOMAIN, |
|
1420 | 657 |
"There is more than one group or default group entry")); |
789 | 658 |
case EACL_USER_ERROR: |
659 |
return (dgettext(TEXT_DOMAIN, |
|
1420 | 660 |
"There is more than one user or default user entry")); |
789 | 661 |
case EACL_OTHER_ERROR: |
662 |
return (dgettext(TEXT_DOMAIN, |
|
663 |
"There is more than one other entry")); |
|
664 |
case EACL_CLASS_ERROR: |
|
665 |
return (dgettext(TEXT_DOMAIN, |
|
666 |
"There is more than one mask entry")); |
|
667 |
case EACL_DUPLICATE_ERROR: |
|
668 |
return (dgettext(TEXT_DOMAIN, |
|
669 |
"Duplicate user or group entries")); |
|
670 |
case EACL_MISS_ERROR: |
|
671 |
return (dgettext(TEXT_DOMAIN, |
|
672 |
"Missing user/group owner, other, mask entry")); |
|
673 |
case EACL_MEM_ERROR: |
|
674 |
return (dgettext(TEXT_DOMAIN, |
|
675 |
"Memory error")); |
|
676 |
case EACL_ENTRY_ERROR: |
|
677 |
return (dgettext(TEXT_DOMAIN, |
|
678 |
"Unrecognized entry type")); |
|
679 |
case EACL_INHERIT_ERROR: |
|
680 |
return (dgettext(TEXT_DOMAIN, |
|
681 |
"Invalid inheritance flags")); |
|
682 |
case EACL_FLAGS_ERROR: |
|
683 |
return (dgettext(TEXT_DOMAIN, |
|
684 |
"Unrecognized entry flags")); |
|
685 |
case EACL_PERM_MASK_ERROR: |
|
686 |
return (dgettext(TEXT_DOMAIN, |
|
687 |
"Invalid ACL permissions")); |
|
688 |
case EACL_COUNT_ERROR: |
|
689 |
return (dgettext(TEXT_DOMAIN, |
|
690 |
"Invalid ACL count")); |
|
691 |
case EACL_INVALID_SLOT: |
|
692 |
return (dgettext(TEXT_DOMAIN, |
|
693 |
"Invalid ACL entry number specified")); |
|
694 |
case EACL_NO_ACL_ENTRY: |
|
695 |
return (dgettext(TEXT_DOMAIN, |
|
696 |
"ACL entry doesn't exist")); |
|
697 |
case EACL_DIFF_TYPE: |
|
698 |
return (dgettext(TEXT_DOMAIN, |
|
699 |
"ACL type's are different")); |
|
700 |
case EACL_INVALID_USER_GROUP: |
|
701 |
return (dgettext(TEXT_DOMAIN, "Invalid user or group")); |
|
702 |
case EACL_INVALID_STR: |
|
703 |
return (dgettext(TEXT_DOMAIN, "ACL string is invalid")); |
|
704 |
case EACL_FIELD_NOT_BLANK: |
|
705 |
return (dgettext(TEXT_DOMAIN, "Field expected to be blank")); |
|
706 |
case EACL_INVALID_ACCESS_TYPE: |
|
707 |
return (dgettext(TEXT_DOMAIN, "Invalid access type")); |
|
708 |
case EACL_UNKNOWN_DATA: |
|
709 |
return (dgettext(TEXT_DOMAIN, "Unrecognized entry")); |
|
710 |
case EACL_MISSING_FIELDS: |
|
711 |
return (dgettext(TEXT_DOMAIN, |
|
712 |
"ACL specification missing required fields")); |
|
713 |
case EACL_INHERIT_NOTDIR: |
|
714 |
return (dgettext(TEXT_DOMAIN, |
|
715 |
"Inheritance flags are only allowed on directories")); |
|
716 |
case -1: |
|
717 |
return (strerror(errno)); |
|
718 |
default: |
|
719 |
errno = EINVAL; |
|
720 |
return (dgettext(TEXT_DOMAIN, "Unknown error")); |
|
721 |
} |
|
722 |
} |
|
1420 | 723 |
|
724 |
extern int yyinteractive; |
|
725 |
||
726 |
/* PRINTFLIKE1 */ |
|
727 |
void |
|
728 |
acl_error(const char *fmt, ...) |
|
729 |
{ |
|
730 |
va_list va; |
|
731 |
||
732 |
if (yyinteractive == 0) |
|
733 |
return; |
|
734 |
||
735 |
va_start(va, fmt); |
|
736 |
(void) vfprintf(stderr, fmt, va); |
|
737 |
va_end(va); |
|
738 |
} |