Context Navigation

← Previous Revision
Next Revision →
Blame
Revision Log

source: vendor/3.5.0/source3/modules/vfs_hpuxacl.c

Visit:

Last change on this file was 414, checked in by Herwig Bauernfeind, 15 years ago
Samba 3.5.0: Initial import
File size: 31.2 KB

Line
1	/*
2	* Unix SMB/Netbios implementation.
3	* VFS module to get and set HP-UX ACLs
4	* Copyright (C) Michael Adam 2006,2008
5	*
6	* This program is free software; you can redistribute it and/or modify
7	* it under the terms of the GNU General Public License as published by
8	* the Free Software Foundation; either version 3 of the License, or
9	* (at your option) any later version.
10	*
11	* This program is distributed in the hope that it will be useful,
12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14	* GNU General Public License for more details.
15	*
16	* You should have received a copy of the GNU General Public License
17	* along with this program; if not, see <http://www.gnu.org/licenses/>.
18	*/
19
20	/*
21	* This module supports JFS (POSIX) ACLs on VxFS (Veritas * Filesystem).
22	* These are available on HP-UX 11.00 if JFS 3.3 is installed.
23	* On HP-UX 11i (11.11 and above) these ACLs are supported out of
24	* the box.
25	*
26	* There is another form of ACLs on HFS. These ACLs have a
27	* completely different API and their own set of userland tools.
28	* Since HFS seems to be considered deprecated, HFS acls
29	* are not supported. (They could be supported through a separate
30	* vfs-module if there is demand.)
31	*/
32
33	/* =================================================================
34	* NOTE:
35	*
36	* The original hpux-acl code in lib/sysacls.c was based upon the
37	* solaris acl code in the same file. Now for the new modularized
38	* acl implementation, I have taken the code from vfs_solarisacls.c
39	* and did similar adaptations as were done before, essentially
40	* reusing the original internal aclsort functions.
41	* The check for the presence of the acl() call has been adopted, and
42	* a check for the presence of the aclsort() call has been added.
43	*
44	* Michael Adam <obnox@samba.org>
45	*
46	* ================================================================= */
47
48
49	#include "includes.h"
50
51	/*
52	* including standard header <sys/aclv.h>
53	*
54	* included here as a quick hack for the special HP-UX-situation:
55	*
56	* The problem is that, on HP-UX, jfs/posix acls are
57	* defined in <sys/aclv.h>, while the deprecated hfs acls
58	* are defined inside <sys/acl.h>.
59	*
60	*/
61	/* GROUP is defined somewhere else so undef it here... */
62	#undef GROUP
63	#include <sys/aclv.h>
64	/* dl.h: needed to check for acl call via shl_findsym */
65	#include <dl.h>
66
67	typedef struct acl HPUX_ACE_T;
68	typedef struct acl *HPUX_ACL_T;
69	typedef int HPUX_ACL_TAG_T; /* the type of an ACL entry */
70	typedef ushort HPUX_PERM_T;
71
72	/* Structure to capture the count for each type of ACE.
73	* (for hpux_internal_aclsort */
74	struct hpux_acl_types {
75	int n_user;
76	int n_def_user;
77	int n_user_obj;
78	int n_def_user_obj;
79
80	int n_group;
81	int n_def_group;
82	int n_group_obj;
83	int n_def_group_obj;
84
85	int n_other;
86	int n_other_obj;
87	int n_def_other_obj;
88
89	int n_class_obj;
90	int n_def_class_obj;
91
92	int n_illegal_obj;
93	};
94
95	/* for convenience: check if hpux acl entry is a default entry? */
96	#define _IS_DEFAULT(ace) ((ace).a_type & ACL_DEFAULT)
97	#define _IS_OF_TYPE(ace, type) ( \
98	(((type) == SMB_ACL_TYPE_ACCESS) && !_IS_DEFAULT(ace)) \
99	\|\| \
100	(((type) == SMB_ACL_TYPE_DEFAULT) && _IS_DEFAULT(ace)) \
101	)
102
103
104	/* prototypes for private functions */
105
106	static HPUX_ACL_T hpux_acl_init(int count);
107	static bool smb_acl_to_hpux_acl(SMB_ACL_T smb_acl,
108	HPUX_ACL_T solariacl, int count,
109	SMB_ACL_TYPE_T type);
110	static SMB_ACL_T hpux_acl_to_smb_acl(HPUX_ACL_T hpuxacl, int count,
111	SMB_ACL_TYPE_T type);
112	static HPUX_ACL_TAG_T smb_tag_to_hpux_tag(SMB_ACL_TAG_T smb_tag);
113	static SMB_ACL_TAG_T hpux_tag_to_smb_tag(HPUX_ACL_TAG_T hpux_tag);
114	static bool hpux_add_to_acl(HPUX_ACL_T hpux_acl, int count,
115	HPUX_ACL_T add_acl, int add_count, SMB_ACL_TYPE_T type);
116	static bool hpux_acl_get_file(const char name, HPUX_ACL_T hpuxacl,
117	int *count);
118	static SMB_ACL_PERM_T hpux_perm_to_smb_perm(const HPUX_PERM_T perm);
119	static HPUX_PERM_T smb_perm_to_hpux_perm(const SMB_ACL_PERM_T perm);
120	#if 0
121	static bool hpux_acl_check(HPUX_ACL_T hpux_acl, int count);
122	#endif
123	/* aclsort (internal) and helpers: */
124	static bool hpux_acl_sort(HPUX_ACL_T acl, int count);
125	static int hpux_internal_aclsort(int acl_count, int calclass, HPUX_ACL_T aclp);
126	static void hpux_count_obj(int acl_count, HPUX_ACL_T aclp,
127	struct hpux_acl_types *acl_type_count);
128	static void hpux_swap_acl_entries(HPUX_ACE_T aclp0, HPUX_ACE_T aclp1);
129	static bool hpux_prohibited_duplicate_type(int acl_type);
130
131	static bool hpux_acl_call_present(void);
132	static bool hpux_aclsort_call_present(void);
133
134
135	/* public functions - the api */
136
137	SMB_ACL_T hpuxacl_sys_acl_get_file(vfs_handle_struct *handle,
138	const char *path_p,
139	SMB_ACL_TYPE_T type)
140	{
141	SMB_ACL_T result = NULL;
142	int count;
143	HPUX_ACL_T hpux_acl = NULL;
144
145	DEBUG(10, ("hpuxacl_sys_acl_get_file called for file '%s'.\n",
146	path_p));
147
148	if(hpux_acl_call_present() == False) {
149	/* Looks like we don't have the acl() system call on HPUX.
150	* May be the system doesn't have the latest version of JFS.
151	*/
152	goto done;
153	}
154
155	if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) {
156	DEBUG(10, ("invalid SMB_ACL_TYPE given (%d)\n", type));
157	errno = EINVAL;
158	goto done;
159	}
160
161	DEBUGADD(10, ("getting %s acl\n",
162	((type == SMB_ACL_TYPE_ACCESS) ? "access" : "default")));
163
164	if (!hpux_acl_get_file(path_p, &hpux_acl, &count)) {
165	goto done;
166	}
167	result = hpux_acl_to_smb_acl(hpux_acl, count, type);
168	if (result == NULL) {
169	DEBUG(10, ("conversion hpux_acl -> smb_acl failed (%s).\n",
170	strerror(errno)));
171	}
172
173	done:
174	DEBUG(10, ("hpuxacl_sys_acl_get_file %s.\n",
175	((result == NULL) ? "failed" : "succeeded" )));
176	SAFE_FREE(hpux_acl);
177	return result;
178	}
179
180
181	/*
182	* get the access ACL of a file referred to by a fd
183	*/
184	SMB_ACL_T hpuxacl_sys_acl_get_fd(vfs_handle_struct *handle,
185	files_struct *fsp)
186	{
187	/*
188	* HPUX doesn't have the facl call. Fake it using the path.... JRA.
189	*/
190	/* For all I see, the info should already be in the fsp
191	* parameter, but get it again to be safe --- necessary? */
192	files_struct *file_struct_p = file_find_fd(fsp->fh->fd);
193	if (file_struct_p == NULL) {
194	errno = EBADF;
195	return NULL;
196	}
197	/*
198	* We know we're in the same conn context. So we
199	* can use the relative path.
200	*/
201	DEBUG(10, ("redirecting call of hpuxacl_sys_acl_get_fd to "
202	"hpuxacl_sys_acl_get_file (no facl syscall on HPUX).\n"));
203
204	return hpuxacl_sys_acl_get_file(handle,
205	file_struct_p->fsp_name->base_name,
206	SMB_ACL_TYPE_ACCESS);
207	}
208
209
210	int hpuxacl_sys_acl_set_file(vfs_handle_struct *handle,
211	const char *name,
212	SMB_ACL_TYPE_T type,
213	SMB_ACL_T theacl)
214	{
215	int ret = -1;
216	HPUX_ACL_T hpux_acl = NULL;
217	int count;
218	struct smb_filename *smb_fname = NULL;
219	NTSTATUS status;
220
221	DEBUG(10, ("hpuxacl_sys_acl_set_file called for file '%s'\n",
222	name));
223
224	status = create_synthetic_smb_fname(talloc_tos(), name, NULL, NULL,
225	&smb_fname);
226	if (!NT_STATUS_IS_OK(status)) {
227	goto done;
228	}
229
230	if(hpux_acl_call_present() == False) {
231	/* Looks like we don't have the acl() system call on HPUX.
232	* May be the system doesn't have the latest version of JFS.
233	*/
234	goto done;
235	}
236
237	if ((type != SMB_ACL_TYPE_ACCESS) && (type != SMB_ACL_TYPE_DEFAULT)) {
238	errno = EINVAL;
239	DEBUG(10, ("invalid smb acl type given (%d).\n", type));
240	goto done;
241	}
242	DEBUGADD(10, ("setting %s acl\n",
243	((type == SMB_ACL_TYPE_ACCESS) ? "access" : "default")));
244
245	if(!smb_acl_to_hpux_acl(theacl, &hpux_acl, &count, type)) {
246	DEBUG(10, ("conversion smb_acl -> hpux_acl failed (%s).\n",
247	strerror(errno)));
248	goto done;
249	}
250
251	/*
252	* if the file is a directory, there is extra work to do:
253	* since the hpux acl call stores both the access acl and
254	* the default acl as provided, we have to get the acl part
255	* that has _not_ been specified in "type" from the file first
256	* and concatenate it with the acl provided.
257	*/
258	if (lp_posix_pathnames()) {
259	ret = SMB_VFS_LSTAT(handle->conn, smb_fname);
260	} else {
261	ret = SMB_VFS_STAT(handle->conn, smb_fname);
262	}
263	if (ret != 0) {
264	DEBUG(10, ("Error in stat call: %s\n", strerror(errno)));
265	goto done;
266	}
267	if (S_ISDIR(smb_fname->st.st_ex_mode)) {
268	HPUX_ACL_T other_acl;
269	int other_count;
270	SMB_ACL_TYPE_T other_type;
271
272	other_type = (type == SMB_ACL_TYPE_ACCESS)
273	? SMB_ACL_TYPE_DEFAULT
274	: SMB_ACL_TYPE_ACCESS;
275	DEBUGADD(10, ("getting acl from filesystem\n"));
276	if (!hpux_acl_get_file(smb_fname->base_name, &other_acl,
277	&other_count)) {
278	DEBUG(10, ("error getting acl from directory\n"));
279	goto done;
280	}
281	DEBUG(10, ("adding %s part of fs acl to given acl\n",
282	((other_type == SMB_ACL_TYPE_ACCESS)
283	? "access"
284	: "default")));
285	if (!hpux_add_to_acl(&hpux_acl, &count, other_acl,
286	other_count, other_type))
287	{
288	DEBUG(10, ("error adding other acl.\n"));
289	SAFE_FREE(other_acl);
290	goto done;
291	}
292	SAFE_FREE(other_acl);
293	}
294	else if (type != SMB_ACL_TYPE_ACCESS) {
295	errno = EINVAL;
296	goto done;
297	}
298
299	if (!hpux_acl_sort(hpux_acl, count)) {
300	DEBUG(10, ("resulting acl is not valid!\n"));
301	goto done;
302	}
303	DEBUG(10, ("resulting acl is valid.\n"));
304
305	ret = acl(CONST_DISCARD(char *, smb_fname->base_name), ACL_SET, count,
306	hpux_acl);
307	if (ret != 0) {
308	DEBUG(0, ("ERROR calling acl: %s\n", strerror(errno)));
309	}
310
311	done:
312	DEBUG(10, ("hpuxacl_sys_acl_set_file %s.\n",
313	((ret != 0) ? "failed" : "succeeded")));
314	TALLOC_FREE(smb_fname);
315	SAFE_FREE(hpux_acl);
316	return ret;
317	}
318
319	/*
320	* set the access ACL on the file referred to by a fd
321	*/
322	int hpuxacl_sys_acl_set_fd(vfs_handle_struct *handle,
323	files_struct *fsp,
324	SMB_ACL_T theacl)
325	{
326	/*
327	* HPUX doesn't have the facl call. Fake it using the path.... JRA.
328	*/
329	/* For all I see, the info should already be in the fsp
330	* parameter, but get it again to be safe --- necessary? */
331	files_struct *file_struct_p = file_find_fd(fsp->fh->fd);
332	if (file_struct_p == NULL) {
333	errno = EBADF;
334	return -1;
335	}
336	/*
337	* We know we're in the same conn context. So we
338	* can use the relative path.
339	*/
340	DEBUG(10, ("redirecting call of hpuxacl_sys_acl_set_fd to "
341	"hpuxacl_sys_acl_set_file (no facl syscall on HPUX)\n"));
342
343	return hpuxacl_sys_acl_set_file(handle,
344	file_struct_p->fsp_name->base_name,
345	SMB_ACL_TYPE_ACCESS, theacl);
346	}
347
348
349	/*
350	* delete the default ACL of a directory
351	*
352	* This is achieved by fetching the access ACL and rewriting it
353	* directly, via the hpux system call: the ACL_SET call on
354	* directories writes both the access and the default ACL as provided.
355	*
356	* XXX: posix acl_delete_def_file returns an error if
357	* the file referred to by path is not a directory.
358	* this function does not complain but the actions
359	* have no effect on a file other than a directory.
360	* But sys_acl_delete_default_file is only called in
361	* smbd/posixacls.c after having checked that the file
362	* is a directory, anyways. So implementing the extra
363	* check is considered unnecessary. --- Agreed? XXX
364	*/
365	int hpuxacl_sys_acl_delete_def_file(vfs_handle_struct *handle,
366	const char *path)
367	{
368	SMB_ACL_T smb_acl;
369	int ret = -1;
370	HPUX_ACL_T hpux_acl;
371	int count;
372
373	DEBUG(10, ("entering hpuxacl_sys_acl_delete_def_file.\n"));
374
375	smb_acl = hpuxacl_sys_acl_get_file(handle, path,
376	SMB_ACL_TYPE_ACCESS);
377	if (smb_acl == NULL) {
378	DEBUG(10, ("getting file acl failed!\n"));
379	goto done;
380	}
381	if (!smb_acl_to_hpux_acl(smb_acl, &hpux_acl, &count,
382	SMB_ACL_TYPE_ACCESS))
383	{
384	DEBUG(10, ("conversion smb_acl -> hpux_acl failed.\n"));
385	goto done;
386	}
387	if (!hpux_acl_sort(hpux_acl, count)) {
388	DEBUG(10, ("resulting acl is not valid!\n"));
389	goto done;
390	}
391	ret = acl(CONST_DISCARD(char *, path), ACL_SET, count, hpux_acl);
392	if (ret != 0) {
393	DEBUG(10, ("settinge file acl failed!\n"));
394	}
395
396	done:
397	DEBUG(10, ("hpuxacl_sys_acl_delete_def_file %s.\n",
398	((ret != 0) ? "failed" : "succeeded" )));
399	SAFE_FREE(smb_acl);
400	return ret;
401	}
402
403
404	/*
405	* private functions
406	*/
407
408	static HPUX_ACL_T hpux_acl_init(int count)
409	{
410	HPUX_ACL_T hpux_acl =
411	(HPUX_ACL_T)SMB_MALLOC(sizeof(HPUX_ACE_T) * count);
412	if (hpux_acl == NULL) {
413	errno = ENOMEM;
414	}
415	return hpux_acl;
416	}
417
418	/*
419	* Convert the SMB acl to the ACCESS or DEFAULT part of a
420	* hpux ACL, as desired.
421	*/
422	static bool smb_acl_to_hpux_acl(SMB_ACL_T smb_acl,
423	HPUX_ACL_T hpux_acl, int count,
424	SMB_ACL_TYPE_T type)
425	{
426	bool ret = False;
427	int i;
428	int check_which, check_rc;
429
430	DEBUG(10, ("entering smb_acl_to_hpux_acl\n"));
431
432	*hpux_acl = NULL;
433	*count = 0;
434
435	for (i = 0; i < smb_acl->count; i++) {
436	const struct smb_acl_entry *smb_entry = &(smb_acl->acl[i]);
437	HPUX_ACE_T hpux_entry;
438
439	ZERO_STRUCT(hpux_entry);
440
441	hpux_entry.a_type = smb_tag_to_hpux_tag(smb_entry->a_type);
442	if (hpux_entry.a_type == 0) {
443	DEBUG(10, ("smb_tag to hpux_tag failed\n"));
444	goto fail;
445	}
446	switch(hpux_entry.a_type) {
447	case USER:
448	DEBUG(10, ("got tag type USER with uid %d\n",
449	smb_entry->uid));
450	hpux_entry.a_id = (uid_t)smb_entry->uid;
451	break;
452	case GROUP:
453	DEBUG(10, ("got tag type GROUP with gid %d\n",
454	smb_entry->gid));
455	hpux_entry.a_id = (uid_t)smb_entry->gid;
456	break;
457	default:
458	break;
459	}
460	if (type == SMB_ACL_TYPE_DEFAULT) {
461	DEBUG(10, ("adding default bit to hpux ace\n"));
462	hpux_entry.a_type \|= ACL_DEFAULT;
463	}
464
465	hpux_entry.a_perm =
466	smb_perm_to_hpux_perm(smb_entry->a_perm);
467	DEBUG(10, ("assembled the following hpux ace:\n"));
468	DEBUGADD(10, (" - type: 0x%04x\n", hpux_entry.a_type));
469	DEBUGADD(10, (" - id: %d\n", hpux_entry.a_id));
470	DEBUGADD(10, (" - perm: o%o\n", hpux_entry.a_perm));
471	if (!hpux_add_to_acl(hpux_acl, count, &hpux_entry,
472	1, type))
473	{
474	DEBUG(10, ("error adding acl entry\n"));
475	goto fail;
476	}
477	DEBUG(10, ("count after adding: %d (i: %d)\n", *count, i));
478	DEBUG(10, ("test, if entry has been copied into acl:\n"));
479	DEBUGADD(10, (" - type: 0x%04x\n",
480	(hpux_acl)[(count)-1].a_type));
481	DEBUGADD(10, (" - id: %d\n",
482	(hpux_acl)[(count)-1].a_id));
483	DEBUGADD(10, (" - perm: o%o\n",
484	(hpux_acl)[(count)-1].a_perm));
485	}
486
487	ret = True;
488	goto done;
489
490	fail:
491	SAFE_FREE(*hpux_acl);
492	done:
493	DEBUG(10, ("smb_acl_to_hpux_acl %s\n",
494	((ret == True) ? "succeeded" : "failed")));
495	return ret;
496	}
497
498	/*
499	* convert either the access or the default part of a
500	* soaris acl to the SMB_ACL format.
501	*/
502	static SMB_ACL_T hpux_acl_to_smb_acl(HPUX_ACL_T hpux_acl, int count,
503	SMB_ACL_TYPE_T type)
504	{
505	SMB_ACL_T result;
506	int i;
507
508	if ((result = sys_acl_init(0)) == NULL) {
509	DEBUG(10, ("error allocating memory for SMB_ACL\n"));
510	goto fail;
511	}
512	for (i = 0; i < count; i++) {
513	SMB_ACL_ENTRY_T smb_entry;
514	SMB_ACL_PERM_T smb_perm;
515
516	if (!_IS_OF_TYPE(hpux_acl[i], type)) {
517	continue;
518	}
519	result = SMB_REALLOC(result,
520	sizeof(struct smb_acl_t) +
521	(sizeof(struct smb_acl_entry) *
522	(result->count + 1)));
523	if (result == NULL) {
524	DEBUG(10, ("error reallocating memory for SMB_ACL\n"));
525	goto fail;
526	}
527	smb_entry = &result->acl[result->count];
528	if (sys_acl_set_tag_type(smb_entry,
529	hpux_tag_to_smb_tag(hpux_acl[i].a_type)) != 0)
530	{
531	DEBUG(10, ("invalid tag type given: 0x%04x\n",
532	hpux_acl[i].a_type));
533	goto fail;
534	}
535	/* intentionally not checking return code here: */
536	sys_acl_set_qualifier(smb_entry, (void *)&hpux_acl[i].a_id);
537	smb_perm = hpux_perm_to_smb_perm(hpux_acl[i].a_perm);
538	if (sys_acl_set_permset(smb_entry, &smb_perm) != 0) {
539	DEBUG(10, ("invalid permset given: %d\n",
540	hpux_acl[i].a_perm));
541	goto fail;
542	}
543	result->count += 1;
544	}
545	goto done;
546
547	fail:
548	SAFE_FREE(result);
549	done:
550	DEBUG(10, ("hpux_acl_to_smb_acl %s\n",
551	((result == NULL) ? "failed" : "succeeded")));
552	return result;
553	}
554
555
556
557	static HPUX_ACL_TAG_T smb_tag_to_hpux_tag(SMB_ACL_TAG_T smb_tag)
558	{
559	HPUX_ACL_TAG_T hpux_tag = 0;
560
561	DEBUG(10, ("smb_tag_to_hpux_tag\n"));
562	DEBUGADD(10, (" --> got smb tag 0x%04x\n", smb_tag));
563
564	switch (smb_tag) {
565	case SMB_ACL_USER:
566	hpux_tag = USER;
567	break;
568	case SMB_ACL_USER_OBJ:
569	hpux_tag = USER_OBJ;
570	break;
571	case SMB_ACL_GROUP:
572	hpux_tag = GROUP;
573	break;
574	case SMB_ACL_GROUP_OBJ:
575	hpux_tag = GROUP_OBJ;
576	break;
577	case SMB_ACL_OTHER:
578	hpux_tag = OTHER_OBJ;
579	break;
580	case SMB_ACL_MASK:
581	hpux_tag = CLASS_OBJ;
582	break;
583	default:
584	DEBUGADD(10, (" !!! unknown smb tag type 0x%04x\n", smb_tag));
585	break;
586	}
587
588	DEBUGADD(10, (" --> determined hpux tag 0x%04x\n", hpux_tag));
589
590	return hpux_tag;
591	}
592
593	static SMB_ACL_TAG_T hpux_tag_to_smb_tag(HPUX_ACL_TAG_T hpux_tag)
594	{
595	SMB_ACL_TAG_T smb_tag = 0;
596
597	DEBUG(10, ("hpux_tag_to_smb_tag:\n"));
598	DEBUGADD(10, (" --> got hpux tag 0x%04x\n", hpux_tag));
599
600	hpux_tag &= ~ACL_DEFAULT;
601
602	switch (hpux_tag) {
603	case USER:
604	smb_tag = SMB_ACL_USER;
605	break;
606	case USER_OBJ:
607	smb_tag = SMB_ACL_USER_OBJ;
608	break;
609	case GROUP:
610	smb_tag = SMB_ACL_GROUP;
611	break;
612	case GROUP_OBJ:
613	smb_tag = SMB_ACL_GROUP_OBJ;
614	break;
615	case OTHER_OBJ:
616	smb_tag = SMB_ACL_OTHER;
617	break;
618	case CLASS_OBJ:
619	smb_tag = SMB_ACL_MASK;
620	break;
621	default:
622	DEBUGADD(10, (" !!! unknown hpux tag type: 0x%04x\n",
623	hpux_tag));
624	break;
625	}
626
627	DEBUGADD(10, (" --> determined smb tag 0x%04x\n", smb_tag));
628
629	return smb_tag;
630	}
631
632
633	/*
634	* The permission bits used in the following two permission conversion
635	* functions are same, but the functions make us independent of the concrete
636	* permission data types.
637	*/
638	static SMB_ACL_PERM_T hpux_perm_to_smb_perm(const HPUX_PERM_T perm)
639	{
640	SMB_ACL_PERM_T smb_perm = 0;
641	smb_perm \|= ((perm & SMB_ACL_READ) ? SMB_ACL_READ : 0);
642	smb_perm \|= ((perm & SMB_ACL_WRITE) ? SMB_ACL_WRITE : 0);
643	smb_perm \|= ((perm & SMB_ACL_EXECUTE) ? SMB_ACL_EXECUTE : 0);
644	return smb_perm;
645	}
646
647
648	static HPUX_PERM_T smb_perm_to_hpux_perm(const SMB_ACL_PERM_T perm)
649	{
650	HPUX_PERM_T hpux_perm = 0;
651	hpux_perm \|= ((perm & SMB_ACL_READ) ? SMB_ACL_READ : 0);
652	hpux_perm \|= ((perm & SMB_ACL_WRITE) ? SMB_ACL_WRITE : 0);
653	hpux_perm \|= ((perm & SMB_ACL_EXECUTE) ? SMB_ACL_EXECUTE : 0);
654	return hpux_perm;
655	}
656
657
658	static bool hpux_acl_get_file(const char name, HPUX_ACL_T hpux_acl,
659	int *count)
660	{
661	bool result = False;
662	static HPUX_ACE_T dummy_ace;
663
664	DEBUG(10, ("hpux_acl_get_file called for file '%s'\n", name));
665
666	/*
667	* The original code tries some INITIAL_ACL_SIZE
668	* and only did the ACL_CNT call upon failure
669	* (for performance reasons).
670	* For the sake of simplicity, I skip this for now.
671	*
672	* NOTE: There is a catch here on HP-UX: acl with cmd parameter
673	* ACL_CNT fails with errno EINVAL when called with a NULL
674	* pointer as last argument. So we need to use a dummy acl
675	* struct here (we make it static so it does not need to be
676	* instantiated or malloced each time this function is
677	* called). Btw: the count parameter does not seem to matter...
678	*/
679	count = acl(CONST_DISCARD(char , name), ACL_CNT, 0, &dummy_ace);
680	if (*count < 0) {
681	DEBUG(10, ("acl ACL_CNT failed: %s\n", strerror(errno)));
682	goto done;
683	}
684	hpux_acl = hpux_acl_init(count);
685	if (*hpux_acl == NULL) {
686	DEBUG(10, ("error allocating memory for hpux acl...\n"));
687	goto done;
688	}
689	count = acl(CONST_DISCARD(char , name), ACL_GET, count, hpux_acl);
690	if (*count < 0) {
691	DEBUG(10, ("acl ACL_GET failed: %s\n", strerror(errno)));
692	goto done;
693	}
694	result = True;
695
696	done:
697	DEBUG(10, ("hpux_acl_get_file %s.\n",
698	((result == True) ? "succeeded" : "failed" )));
699	return result;
700	}
701
702
703
704
705	/*
706	* Add entries to a hpux ACL.
707	*
708	* Entries are directly added to the hpuxacl parameter.
709	* if memory allocation fails, this may result in hpuxacl
710	* being NULL. if the resulting acl is to be checked and is
711	* not valid, it is kept in hpuxacl but False is returned.
712	*
713	* The type of ACEs (access/default) to be added to the ACL can
714	* be selected via the type parameter.
715	* I use the SMB_ACL_TYPE_T type here. Since SMB_ACL_TYPE_ACCESS
716	* is defined as "0", this means that one can only add either
717	* access or default ACEs from the given ACL, not both at the same
718	* time. If it should become necessary to add all of an ACL, one
719	* would have to replace this parameter by another type.
720	*/
721	static bool hpux_add_to_acl(HPUX_ACL_T hpux_acl, int count,
722	HPUX_ACL_T add_acl, int add_count,
723	SMB_ACL_TYPE_T type)
724	{
725	int i;
726
727	if ((type != SMB_ACL_TYPE_ACCESS) && (type != SMB_ACL_TYPE_DEFAULT))
728	{
729	DEBUG(10, ("invalid acl type given: %d\n", type));
730	errno = EINVAL;
731	return False;
732	}
733	for (i = 0; i < add_count; i++) {
734	if (!_IS_OF_TYPE(add_acl[i], type)) {
735	continue;
736	}
737	ADD_TO_ARRAY(NULL, HPUX_ACE_T, add_acl[i],
738	hpux_acl, count);
739	if (hpux_acl == NULL) {
740	DEBUG(10, ("error enlarging acl.\n"));
741	errno = ENOMEM;
742	return False;
743	}
744	}
745	return True;
746	}
747
748
749	/*
750	* sort the ACL and check it for validity
751	*
752	* [original comment from lib/sysacls.c:]
753	*
754	* if it's a minimal ACL with only 4 entries then we
755	* need to recalculate the mask permissions to make
756	* sure that they are the same as the GROUP_OBJ
757	* permissions as required by the UnixWare acl() system call.
758	*
759	* (note: since POSIX allows minimal ACLs which only contain
760	* 3 entries - ie there is no mask entry - we should, in theory,
761	* check for this and add a mask entry if necessary - however
762	* we "know" that the caller of this interface always specifies
763	* a mask, so in practice "this never happens" (tm) - if it does
764	* happen aclsort() will fail and return an error and someone will
765	* have to fix it...)
766	*/
767	static bool hpux_acl_sort(HPUX_ACL_T hpux_acl, int count)
768	{
769	int fixmask = (count <= 4);
770
771	if (hpux_internal_aclsort(count, fixmask, hpux_acl) != 0) {
772	errno = EINVAL;
773	return False;
774	}
775	return True;
776	}
777
778
779	/*
780	* Helpers for hpux_internal_aclsort:
781	* - hpux_count_obj
782	* - hpux_swap_acl_entries
783	* - hpux_prohibited_duplicate_type
784	* - hpux_get_needed_class_perm
785	*/
786
787	/* hpux_count_obj:
788	* Counts the different number of objects in a given array of ACL
789	* structures.
790	* Inputs:
791	*
792	* acl_count - Count of ACLs in the array of ACL strucutres.
793	* aclp - Array of ACL structures.
794	* acl_type_count - Pointer to acl_types structure. Should already be
795	* allocated.
796	* Output:
797	*
798	* acl_type_count - This structure is filled up with counts of various
799	* acl types.
800	*/
801
802	static void hpux_count_obj(int acl_count, HPUX_ACL_T aclp, struct hpux_acl_types *acl_type_count)
803	{
804	int i;
805
806	memset(acl_type_count, 0, sizeof(struct hpux_acl_types));
807
808	for(i=0;i<acl_count;i++) {
809	switch(aclp[i].a_type) {
810	case USER:
811	acl_type_count->n_user++;
812	break;
813	case USER_OBJ:
814	acl_type_count->n_user_obj++;
815	break;
816	case DEF_USER_OBJ:
817	acl_type_count->n_def_user_obj++;
818	break;
819	case GROUP:
820	acl_type_count->n_group++;
821	break;
822	case GROUP_OBJ:
823	acl_type_count->n_group_obj++;
824	break;
825	case DEF_GROUP_OBJ:
826	acl_type_count->n_def_group_obj++;
827	break;
828	case OTHER_OBJ:
829	acl_type_count->n_other_obj++;
830	break;
831	case DEF_OTHER_OBJ:
832	acl_type_count->n_def_other_obj++;
833	break;
834	case CLASS_OBJ:
835	acl_type_count->n_class_obj++;
836	break;
837	case DEF_CLASS_OBJ:
838	acl_type_count->n_def_class_obj++;
839	break;
840	case DEF_USER:
841	acl_type_count->n_def_user++;
842	break;
843	case DEF_GROUP:
844	acl_type_count->n_def_group++;
845	break;
846	default:
847	acl_type_count->n_illegal_obj++;
848	break;
849	}
850	}
851	}
852
853	/* hpux_swap_acl_entries: Swaps two ACL entries.
854	*
855	* Inputs: aclp0, aclp1 - ACL entries to be swapped.
856	*/
857
858	static void hpux_swap_acl_entries(HPUX_ACE_T aclp0, HPUX_ACE_T aclp1)
859	{
860	HPUX_ACE_T temp_acl;
861
862	temp_acl.a_type = aclp0->a_type;
863	temp_acl.a_id = aclp0->a_id;
864	temp_acl.a_perm = aclp0->a_perm;
865
866	aclp0->a_type = aclp1->a_type;
867	aclp0->a_id = aclp1->a_id;
868	aclp0->a_perm = aclp1->a_perm;
869
870	aclp1->a_type = temp_acl.a_type;
871	aclp1->a_id = temp_acl.a_id;
872	aclp1->a_perm = temp_acl.a_perm;
873	}
874
875	/* hpux_prohibited_duplicate_type
876	* Identifies if given ACL type can have duplicate entries or
877	* not.
878	*
879	* Inputs: acl_type - ACL Type.
880	*
881	* Outputs:
882	*
883	* Return..
884	*
885	* True - If the ACL type matches any of the prohibited types.
886	* False - If the ACL type doesn't match any of the prohibited types.
887	*/
888
889	static bool hpux_prohibited_duplicate_type(int acl_type)
890	{
891	switch(acl_type) {
892	case USER:
893	case GROUP:
894	case DEF_USER:
895	case DEF_GROUP:
896	return True;
897	default:
898	return False;
899	}
900	}
901
902	/* hpux_get_needed_class_perm
903	* Returns the permissions of a ACL structure only if the ACL
904	* type matches one of the pre-determined types for computing
905	* CLASS_OBJ permissions.
906	*
907	* Inputs: aclp - Pointer to ACL structure.
908	*/
909
910	static int hpux_get_needed_class_perm(struct acl *aclp)
911	{
912	switch(aclp->a_type) {
913	case USER:
914	case GROUP_OBJ:
915	case GROUP:
916	case DEF_USER_OBJ:
917	case DEF_USER:
918	case DEF_GROUP_OBJ:
919	case DEF_GROUP:
920	case DEF_CLASS_OBJ:
921	case DEF_OTHER_OBJ:
922	return aclp->a_perm;
923	default:
924	return 0;
925	}
926	}
927
928	/* hpux_internal_aclsort: aclsort for HPUX.
929	*
930	* -> The aclsort() system call is availabe on the latest HPUX General
931	* -> Patch Bundles. So for HPUX, we developed our version of aclsort
932	* -> function. Because, we don't want to update to a new
933	* -> HPUX GR bundle just for aclsort() call.
934	*
935	* aclsort sorts the array of ACL structures as per the description in
936	* aclsort man page. Refer to aclsort man page for more details
937	*
938	* Inputs:
939	*
940	* acl_count - Count of ACLs in the array of ACL structures.
941	* calclass - If this is not zero, then we compute the CLASS_OBJ
942	* permissions.
943	* aclp - Array of ACL structures.
944	*
945	* Outputs:
946	*
947	* aclp - Sorted array of ACL structures.
948	*
949	* Outputs:
950	*
951	* Returns 0 for success -1 for failure. Prints a message to the Samba
952	* debug log in case of failure.
953	*/
954
955	static int hpux_internal_aclsort(int acl_count, int calclass, HPUX_ACL_T aclp)
956	{
957	struct hpux_acl_types acl_obj_count;
958	int n_class_obj_perm = 0;
959	int i, j;
960
961	DEBUG(10,("Entering hpux_internal_aclsort. (calclass = %d)\n", calclass));
962
963	if (hpux_aclsort_call_present()) {
964	DEBUG(10, ("calling hpux aclsort\n"));
965	return aclsort(acl_count, calclass, aclp);
966	}
967
968	DEBUG(10, ("using internal aclsort\n"));
969
970	if(!acl_count) {
971	DEBUG(10,("Zero acl count passed. Returning Success\n"));
972	return 0;
973	}
974
975	if(aclp == NULL) {
976	DEBUG(0,("Null ACL pointer in hpux_acl_sort. Returning Failure. \n"));
977	return -1;
978	}
979
980	/* Count different types of ACLs in the ACLs array */
981
982	hpux_count_obj(acl_count, aclp, &acl_obj_count);
983
984	/* There should be only one entry each of type USER_OBJ, GROUP_OBJ,
985	* CLASS_OBJ and OTHER_OBJ
986	*/
987
988	if ( (acl_obj_count.n_user_obj != 1) \|\|
989	(acl_obj_count.n_group_obj != 1) \|\|
990	(acl_obj_count.n_class_obj != 1) \|\|
991	(acl_obj_count.n_other_obj != 1) )
992	{
993	DEBUG(0,("hpux_internal_aclsort: More than one entry or no entries for \
994	USER OBJ or GROUP_OBJ or OTHER_OBJ or CLASS_OBJ\n"));
995	return -1;
996	}
997
998	/* If any of the default objects are present, there should be only
999	* one of them each.
1000	*/
1001
1002	if ( (acl_obj_count.n_def_user_obj > 1) \|\|
1003	(acl_obj_count.n_def_group_obj > 1) \|\|
1004	(acl_obj_count.n_def_other_obj > 1) \|\|
1005	(acl_obj_count.n_def_class_obj > 1) )
1006	{
1007	DEBUG(0,("hpux_internal_aclsort: More than one entry for DEF_CLASS_OBJ \
1008	or DEF_USER_OBJ or DEF_GROUP_OBJ or DEF_OTHER_OBJ\n"));
1009	return -1;
1010	}
1011
1012	/* We now have proper number of OBJ and DEF_OBJ entries. Now sort the acl
1013	* structures.
1014	*
1015	* Sorting crieteria - First sort by ACL type. If there are multiple entries of
1016	* same ACL type, sort by ACL id.
1017	*
1018	* I am using the trival kind of sorting method here because, performance isn't
1019	* really effected by the ACLs feature. More over there aren't going to be more
1020	* than 17 entries on HPUX.
1021	*/
1022
1023	for(i=0; i<acl_count;i++) {
1024	for (j=i+1; j<acl_count; j++) {
1025	if( aclp[i].a_type > aclp[j].a_type ) {
1026	/* ACL entries out of order, swap them */
1027	hpux_swap_acl_entries((aclp+i), (aclp+j));
1028	} else if ( aclp[i].a_type == aclp[j].a_type ) {
1029	/* ACL entries of same type, sort by id */
1030	if(aclp[i].a_id > aclp[j].a_id) {
1031	hpux_swap_acl_entries((aclp+i), (aclp+j));
1032	} else if (aclp[i].a_id == aclp[j].a_id) {
1033	/* We have a duplicate entry. */
1034	if(hpux_prohibited_duplicate_type(aclp[i].a_type)) {
1035	DEBUG(0, ("hpux_internal_aclsort: Duplicate entry: Type(hex): %x Id: %d\n",
1036	aclp[i].a_type, aclp[i].a_id));
1037	return -1;
1038	}
1039	}
1040	}
1041	}
1042	}
1043
1044	/* set the class obj permissions to the computed one. */
1045	if(calclass) {
1046	int n_class_obj_index = -1;
1047
1048	for(i=0;i<acl_count;i++) {
1049	n_class_obj_perm \|= hpux_get_needed_class_perm((aclp+i));
1050
1051	if(aclp[i].a_type == CLASS_OBJ)
1052	n_class_obj_index = i;
1053	}
1054	aclp[n_class_obj_index].a_perm = n_class_obj_perm;
1055	}
1056
1057	return 0;
1058	}
1059
1060
1061	/*
1062	* hpux_acl_call_present:
1063	*
1064	* This checks if the POSIX ACL system call is defined
1065	* which basically corresponds to whether JFS 3.3 or
1066	* higher is installed. If acl() was called when it
1067	* isn't defined, it causes the process to core dump
1068	* so it is important to check this and avoid acl()
1069	* calls if it isn't there.
1070	*/
1071
1072	static bool hpux_acl_call_present(void)
1073	{
1074
1075	shl_t handle = NULL;
1076	void *value;
1077	int ret_val=0;
1078	static bool already_checked = False;
1079
1080	if(already_checked)
1081	return True;
1082
1083	errno = 0;
1084
1085	ret_val = shl_findsym(&handle, "acl", TYPE_PROCEDURE, &value);
1086
1087	if(ret_val != 0) {
1088	DEBUG(5, ("hpux_acl_call_present: shl_findsym() returned %d, errno = %d, error %s\n",
1089	ret_val, errno, strerror(errno)));
1090	DEBUG(5,("hpux_acl_call_present: acl() system call is not present. Check if you have JFS 3.3 and above?\n"));
1091	errno = ENOSYS;
1092	return False;
1093	}
1094
1095	DEBUG(10,("hpux_acl_call_present: acl() system call is present. We have JFS 3.3 or above \n"));
1096
1097	already_checked = True;
1098	return True;
1099	}
1100
1101	/*
1102	* runtime check for presence of aclsort library call.
1103	* same code as for acl call. if there are more of these,
1104	* a dispatcher function could be handy...
1105	*/
1106
1107	static bool hpux_aclsort_call_present(void)
1108	{
1109	shl_t handle = NULL;
1110	void *value;
1111	int ret_val = 0;
1112	static bool already_checked = False;
1113
1114	if (already_checked) {
1115	return True;
1116	}
1117
1118	errno = 0;
1119	ret_val = shl_findsym(&handle, "aclsort", TYPE_PROCEDURE, &value);
1120	if (ret_val != 0) {
1121	DEBUG(5, ("hpux_aclsort_call_present: shl_findsym "
1122	"returned %d, errno = %d, error %s",
1123	ret_val, errno, strerror(errno)));
1124	DEBUG(5, ("hpux_aclsort_call_present: "
1125	"aclsort() function not available.\n"));
1126	return False;
1127	}
1128	DEBUG(10,("hpux_aclsort_call_present: aclsort() function present.\n"));
1129	already_checked = True;
1130	return True;
1131	}
1132
1133	#if 0
1134	/*
1135	* acl check function:
1136	* unused at the moment but could be used to get more
1137	* concrete error messages for debugging...
1138	* (acl sort just says that the acl is invalid...)
1139	*/
1140	static bool hpux_acl_check(HPUX_ACL_T hpux_acl, int count)
1141	{
1142	int check_rc;
1143	int check_which;
1144
1145	check_rc = aclcheck(hpux_acl, count, &check_which);
1146	if (check_rc != 0) {
1147	DEBUG(10, ("acl is not valid:\n"));
1148	DEBUGADD(10, (" - return code: %d\n", check_rc));
1149	DEBUGADD(10, (" - which: %d\n", check_which));
1150	if (check_which != -1) {
1151	DEBUGADD(10, (" - invalid entry:\n"));
1152	DEBUGADD(10, (" * type: %d:\n",
1153	hpux_acl[check_which].a_type));
1154	DEBUGADD(10, (" * id: %d\n",
1155	hpux_acl[check_which].a_id));
1156	DEBUGADD(10, (" * perm: 0o%o\n",
1157	hpux_acl[check_which].a_perm));
1158	}
1159	return False;
1160	}
1161	return True;
1162	}
1163	#endif
1164
1165	/* VFS operations structure */
1166
1167	static struct vfs_fn_pointers hpuxacl_fns = {
1168	.sys_acl_get_file = hpuxacl_sys_acl_get_file,
1169	.sys_acl_get_fd = hpuxacl_sys_acl_get_fd,
1170	.sys_acl_set_file = hpuxacl_sys_acl_set_file,
1171	.sys_acl_set_fd = hpuxacl_sys_acl_set_fd,
1172	.sys_acl_delete_def_file = hpuxacl_sys_acl_delete_def_file,
1173	};
1174
1175	NTSTATUS vfs_hpuxacl_init(void)
1176	{
1177	return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "hpuxacl",
1178	&hpuxacl_fns);
1179	}
1180
1181	/* ENTE */

Note: See TracBrowser for help on using the repository browser.

Download in other formats: