Context Navigation

source: vendor/3.6.0/source3/modules/vfs_hpuxacl.c

Visit:

Last change on this file was 740, checked in by Silvan Scherrer, 13 years ago
Samba Server: update vendor to 3.6.0
File size: 32.5 KB

Line
1	/*
2	* Unix SMB/Netbios implementation.
3	* VFS module to get and set HP-UX ACLs
4	* Copyright (C) Michael Adam 2006,2008
5	*
6	* This program is free software; you can redistribute it and/or modify
7	* it under the terms of the GNU General Public License as published by
8	* the Free Software Foundation; either version 3 of the License, or
9	* (at your option) any later version.
10	*
11	* This program is distributed in the hope that it will be useful,
12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14	* GNU General Public License for more details.
15	*
16	* You should have received a copy of the GNU General Public License
17	* along with this program; if not, see <http://www.gnu.org/licenses/>.
18	*/
19
20	/*
21	* This module supports JFS (POSIX) ACLs on VxFS (Veritas * Filesystem).
22	* These are available on HP-UX 11.00 if JFS 3.3 is installed.
23	* On HP-UX 11i (11.11 and above) these ACLs are supported out of
24	* the box.
25	*
26	* There is another form of ACLs on HFS. These ACLs have a
27	* completely different API and their own set of userland tools.
28	* Since HFS seems to be considered deprecated, HFS acls
29	* are not supported. (They could be supported through a separate
30	* vfs-module if there is demand.)
31	*/
32
33	/* =================================================================
34	* NOTE:
35	*
36	* The original hpux-acl code in lib/sysacls.c was based upon the
37	* solaris acl code in the same file. Now for the new modularized
38	* acl implementation, I have taken the code from vfs_solarisacls.c
39	* and did similar adaptations as were done before, essentially
40	* reusing the original internal aclsort functions.
41	* The check for the presence of the acl() call has been adopted, and
42	* a check for the presence of the aclsort() call has been added.
43	*
44	* Michael Adam <obnox@samba.org>
45	*
46	* ================================================================= */
47
48
49	#include "includes.h"
50	#include "system/filesys.h"
51	#include "smbd/smbd.h"
52	#include "modules/vfs_hpuxacl.h"
53
54
55	/*
56	* including standard header <sys/aclv.h>
57	*
58	* included here as a quick hack for the special HP-UX-situation:
59	*
60	* The problem is that, on HP-UX, jfs/posix acls are
61	* defined in <sys/aclv.h>, while the deprecated hfs acls
62	* are defined inside <sys/acl.h>.
63	*
64	*/
65	/* GROUP is defined somewhere else so undef it here... */
66	#undef GROUP
67	#include <sys/aclv.h>
68	/* dl.h: needed to check for acl call via shl_findsym */
69	#include <dl.h>
70
71	typedef struct acl HPUX_ACE_T;
72	typedef struct acl *HPUX_ACL_T;
73	typedef int HPUX_ACL_TAG_T; /* the type of an ACL entry */
74	typedef ushort HPUX_PERM_T;
75
76	/* Structure to capture the count for each type of ACE.
77	* (for hpux_internal_aclsort */
78	struct hpux_acl_types {
79	int n_user;
80	int n_def_user;
81	int n_user_obj;
82	int n_def_user_obj;
83
84	int n_group;
85	int n_def_group;
86	int n_group_obj;
87	int n_def_group_obj;
88
89	int n_other;
90	int n_other_obj;
91	int n_def_other_obj;
92
93	int n_class_obj;
94	int n_def_class_obj;
95
96	int n_illegal_obj;
97	};
98
99	/* for convenience: check if hpux acl entry is a default entry? */
100	#define _IS_DEFAULT(ace) ((ace).a_type & ACL_DEFAULT)
101	#define _IS_OF_TYPE(ace, type) ( \
102	(((type) == SMB_ACL_TYPE_ACCESS) && !_IS_DEFAULT(ace)) \
103	\|\| \
104	(((type) == SMB_ACL_TYPE_DEFAULT) && _IS_DEFAULT(ace)) \
105	)
106
107
108	/* prototypes for private functions */
109
110	static HPUX_ACL_T hpux_acl_init(int count);
111	static bool smb_acl_to_hpux_acl(SMB_ACL_T smb_acl,
112	HPUX_ACL_T solariacl, int count,
113	SMB_ACL_TYPE_T type);
114	static SMB_ACL_T hpux_acl_to_smb_acl(HPUX_ACL_T hpuxacl, int count,
115	SMB_ACL_TYPE_T type);
116	static HPUX_ACL_TAG_T smb_tag_to_hpux_tag(SMB_ACL_TAG_T smb_tag);
117	static SMB_ACL_TAG_T hpux_tag_to_smb_tag(HPUX_ACL_TAG_T hpux_tag);
118	static bool hpux_add_to_acl(HPUX_ACL_T hpux_acl, int count,
119	HPUX_ACL_T add_acl, int add_count, SMB_ACL_TYPE_T type);
120	static bool hpux_acl_get_file(const char name, HPUX_ACL_T hpuxacl,
121	int *count);
122	static SMB_ACL_PERM_T hpux_perm_to_smb_perm(const HPUX_PERM_T perm);
123	static HPUX_PERM_T smb_perm_to_hpux_perm(const SMB_ACL_PERM_T perm);
124	#if 0
125	static bool hpux_acl_check(HPUX_ACL_T hpux_acl, int count);
126	#endif
127	/* aclsort (internal) and helpers: */
128	static bool hpux_acl_sort(HPUX_ACL_T acl, int count);
129	static int hpux_internal_aclsort(int acl_count, int calclass, HPUX_ACL_T aclp);
130	static void hpux_count_obj(int acl_count, HPUX_ACL_T aclp,
131	struct hpux_acl_types *acl_type_count);
132	static void hpux_swap_acl_entries(HPUX_ACE_T aclp0, HPUX_ACE_T aclp1);
133	static bool hpux_prohibited_duplicate_type(int acl_type);
134
135	static bool hpux_acl_call_present(void);
136	static bool hpux_aclsort_call_present(void);
137
138
139	/* public functions - the api */
140
141	SMB_ACL_T hpuxacl_sys_acl_get_file(vfs_handle_struct *handle,
142	const char *path_p,
143	SMB_ACL_TYPE_T type)
144	{
145	SMB_ACL_T result = NULL;
146	int count;
147	HPUX_ACL_T hpux_acl = NULL;
148
149	DEBUG(10, ("hpuxacl_sys_acl_get_file called for file '%s'.\n",
150	path_p));
151
152	if(hpux_acl_call_present() == False) {
153	/* Looks like we don't have the acl() system call on HPUX.
154	* May be the system doesn't have the latest version of JFS.
155	*/
156	goto done;
157	}
158
159	if (type != SMB_ACL_TYPE_ACCESS && type != SMB_ACL_TYPE_DEFAULT) {
160	DEBUG(10, ("invalid SMB_ACL_TYPE given (%d)\n", type));
161	errno = EINVAL;
162	goto done;
163	}
164
165	DEBUGADD(10, ("getting %s acl\n",
166	((type == SMB_ACL_TYPE_ACCESS) ? "access" : "default")));
167
168	if (!hpux_acl_get_file(path_p, &hpux_acl, &count)) {
169	goto done;
170	}
171	result = hpux_acl_to_smb_acl(hpux_acl, count, type);
172	if (result == NULL) {
173	DEBUG(10, ("conversion hpux_acl -> smb_acl failed (%s).\n",
174	strerror(errno)));
175	}
176
177	done:
178	DEBUG(10, ("hpuxacl_sys_acl_get_file %s.\n",
179	((result == NULL) ? "failed" : "succeeded" )));
180	SAFE_FREE(hpux_acl);
181	return result;
182	}
183
184
185	/*
186	* get the access ACL of a file referred to by a fd
187	*/
188	SMB_ACL_T hpuxacl_sys_acl_get_fd(vfs_handle_struct *handle,
189	files_struct *fsp)
190	{
191	/*
192	* HPUX doesn't have the facl call. Fake it using the path.... JRA.
193	*/
194	/* For all I see, the info should already be in the fsp
195	* parameter, but get it again to be safe --- necessary? */
196	files_struct *file_struct_p = file_find_fd(fsp->conn->sconn,
197	fsp->fh->fd);
198	if (file_struct_p == NULL) {
199	errno = EBADF;
200	return NULL;
201	}
202	/*
203	* We know we're in the same conn context. So we
204	* can use the relative path.
205	*/
206	DEBUG(10, ("redirecting call of hpuxacl_sys_acl_get_fd to "
207	"hpuxacl_sys_acl_get_file (no facl syscall on HPUX).\n"));
208
209	return hpuxacl_sys_acl_get_file(handle,
210	file_struct_p->fsp_name->base_name,
211	SMB_ACL_TYPE_ACCESS);
212	}
213
214
215	int hpuxacl_sys_acl_set_file(vfs_handle_struct *handle,
216	const char *name,
217	SMB_ACL_TYPE_T type,
218	SMB_ACL_T theacl)
219	{
220	int ret = -1;
221	HPUX_ACL_T hpux_acl = NULL;
222	int count;
223	struct smb_filename *smb_fname = NULL;
224	NTSTATUS status;
225
226	DEBUG(10, ("hpuxacl_sys_acl_set_file called for file '%s'\n",
227	name));
228
229	status = create_synthetic_smb_fname(talloc_tos(), name, NULL, NULL,
230	&smb_fname);
231	if (!NT_STATUS_IS_OK(status)) {
232	goto done;
233	}
234
235	if(hpux_acl_call_present() == False) {
236	/* Looks like we don't have the acl() system call on HPUX.
237	* May be the system doesn't have the latest version of JFS.
238	*/
239	goto done;
240	}
241
242	if ((type != SMB_ACL_TYPE_ACCESS) && (type != SMB_ACL_TYPE_DEFAULT)) {
243	errno = EINVAL;
244	DEBUG(10, ("invalid smb acl type given (%d).\n", type));
245	goto done;
246	}
247	DEBUGADD(10, ("setting %s acl\n",
248	((type == SMB_ACL_TYPE_ACCESS) ? "access" : "default")));
249
250	if(!smb_acl_to_hpux_acl(theacl, &hpux_acl, &count, type)) {
251	DEBUG(10, ("conversion smb_acl -> hpux_acl failed (%s).\n",
252	strerror(errno)));
253	goto done;
254	}
255
256	/*
257	* if the file is a directory, there is extra work to do:
258	* since the hpux acl call stores both the access acl and
259	* the default acl as provided, we have to get the acl part
260	* that has _not_ been specified in "type" from the file first
261	* and concatenate it with the acl provided.
262	*/
263	if (lp_posix_pathnames()) {
264	ret = SMB_VFS_LSTAT(handle->conn, smb_fname);
265	} else {
266	ret = SMB_VFS_STAT(handle->conn, smb_fname);
267	}
268	if (ret != 0) {
269	DEBUG(10, ("Error in stat call: %s\n", strerror(errno)));
270	goto done;
271	}
272	if (S_ISDIR(smb_fname->st.st_ex_mode)) {
273	HPUX_ACL_T other_acl;
274	int other_count;
275	SMB_ACL_TYPE_T other_type;
276
277	other_type = (type == SMB_ACL_TYPE_ACCESS)
278	? SMB_ACL_TYPE_DEFAULT
279	: SMB_ACL_TYPE_ACCESS;
280	DEBUGADD(10, ("getting acl from filesystem\n"));
281	if (!hpux_acl_get_file(smb_fname->base_name, &other_acl,
282	&other_count)) {
283	DEBUG(10, ("error getting acl from directory\n"));
284	goto done;
285	}
286	DEBUG(10, ("adding %s part of fs acl to given acl\n",
287	((other_type == SMB_ACL_TYPE_ACCESS)
288	? "access"
289	: "default")));
290	if (!hpux_add_to_acl(&hpux_acl, &count, other_acl,
291	other_count, other_type))
292	{
293	DEBUG(10, ("error adding other acl.\n"));
294	SAFE_FREE(other_acl);
295	goto done;
296	}
297	SAFE_FREE(other_acl);
298	}
299	else if (type != SMB_ACL_TYPE_ACCESS) {
300	errno = EINVAL;
301	goto done;
302	}
303
304	if (!hpux_acl_sort(hpux_acl, count)) {
305	DEBUG(10, ("resulting acl is not valid!\n"));
306	goto done;
307	}
308	DEBUG(10, ("resulting acl is valid.\n"));
309
310	ret = acl(CONST_DISCARD(char *, smb_fname->base_name), ACL_SET, count,
311	hpux_acl);
312	if (ret != 0) {
313	DEBUG(0, ("ERROR calling acl: %s\n", strerror(errno)));
314	}
315
316	done:
317	DEBUG(10, ("hpuxacl_sys_acl_set_file %s.\n",
318	((ret != 0) ? "failed" : "succeeded")));
319	TALLOC_FREE(smb_fname);
320	SAFE_FREE(hpux_acl);
321	return ret;
322	}
323
324	/*
325	* set the access ACL on the file referred to by a fd
326	*/
327	int hpuxacl_sys_acl_set_fd(vfs_handle_struct *handle,
328	files_struct *fsp,
329	SMB_ACL_T theacl)
330	{
331	/*
332	* HPUX doesn't have the facl call. Fake it using the path.... JRA.
333	*/
334	/* For all I see, the info should already be in the fsp
335	* parameter, but get it again to be safe --- necessary? */
336	files_struct *file_struct_p = file_find_fd(fsp->conn->sconn,
337	fsp->fh->fd);
338	if (file_struct_p == NULL) {
339	errno = EBADF;
340	return -1;
341	}
342	/*
343	* We know we're in the same conn context. So we
344	* can use the relative path.
345	*/
346	DEBUG(10, ("redirecting call of hpuxacl_sys_acl_set_fd to "
347	"hpuxacl_sys_acl_set_file (no facl syscall on HPUX)\n"));
348
349	return hpuxacl_sys_acl_set_file(handle,
350	file_struct_p->fsp_name->base_name,
351	SMB_ACL_TYPE_ACCESS, theacl);
352	}
353
354
355	/*
356	* delete the default ACL of a directory
357	*
358	* This is achieved by fetching the access ACL and rewriting it
359	* directly, via the hpux system call: the ACL_SET call on
360	* directories writes both the access and the default ACL as provided.
361	*
362	* XXX: posix acl_delete_def_file returns an error if
363	* the file referred to by path is not a directory.
364	* this function does not complain but the actions
365	* have no effect on a file other than a directory.
366	* But sys_acl_delete_default_file is only called in
367	* smbd/posixacls.c after having checked that the file
368	* is a directory, anyways. So implementing the extra
369	* check is considered unnecessary. --- Agreed? XXX
370	*/
371	int hpuxacl_sys_acl_delete_def_file(vfs_handle_struct *handle,
372	const char *path)
373	{
374	SMB_ACL_T smb_acl;
375	int ret = -1;
376	HPUX_ACL_T hpux_acl;
377	int count;
378
379	DEBUG(10, ("entering hpuxacl_sys_acl_delete_def_file.\n"));
380
381	smb_acl = hpuxacl_sys_acl_get_file(handle, path,
382	SMB_ACL_TYPE_ACCESS);
383	if (smb_acl == NULL) {
384	DEBUG(10, ("getting file acl failed!\n"));
385	goto done;
386	}
387	if (!smb_acl_to_hpux_acl(smb_acl, &hpux_acl, &count,
388	SMB_ACL_TYPE_ACCESS))
389	{
390	DEBUG(10, ("conversion smb_acl -> hpux_acl failed.\n"));
391	goto done;
392	}
393	if (!hpux_acl_sort(hpux_acl, count)) {
394	DEBUG(10, ("resulting acl is not valid!\n"));
395	goto done;
396	}
397	ret = acl(CONST_DISCARD(char *, path), ACL_SET, count, hpux_acl);
398	if (ret != 0) {
399	DEBUG(10, ("settinge file acl failed!\n"));
400	}
401
402	done:
403	DEBUG(10, ("hpuxacl_sys_acl_delete_def_file %s.\n",
404	((ret != 0) ? "failed" : "succeeded" )));
405	SAFE_FREE(smb_acl);
406	return ret;
407	}
408
409
410	/*
411	* private functions
412	*/
413
414	static HPUX_ACL_T hpux_acl_init(int count)
415	{
416	HPUX_ACL_T hpux_acl =
417	(HPUX_ACL_T)SMB_MALLOC(sizeof(HPUX_ACE_T) * count);
418	if (hpux_acl == NULL) {
419	errno = ENOMEM;
420	}
421	return hpux_acl;
422	}
423
424	/*
425	* Convert the SMB acl to the ACCESS or DEFAULT part of a
426	* hpux ACL, as desired.
427	*/
428	static bool smb_acl_to_hpux_acl(SMB_ACL_T smb_acl,
429	HPUX_ACL_T hpux_acl, int count,
430	SMB_ACL_TYPE_T type)
431	{
432	bool ret = False;
433	int i;
434	int check_which, check_rc;
435
436	DEBUG(10, ("entering smb_acl_to_hpux_acl\n"));
437
438	*hpux_acl = NULL;
439	*count = 0;
440
441	for (i = 0; i < smb_acl->count; i++) {
442	const struct smb_acl_entry *smb_entry = &(smb_acl->acl[i]);
443	HPUX_ACE_T hpux_entry;
444
445	ZERO_STRUCT(hpux_entry);
446
447	hpux_entry.a_type = smb_tag_to_hpux_tag(smb_entry->a_type);
448	if (hpux_entry.a_type == 0) {
449	DEBUG(10, ("smb_tag to hpux_tag failed\n"));
450	goto fail;
451	}
452	switch(hpux_entry.a_type) {
453	case USER:
454	DEBUG(10, ("got tag type USER with uid %d\n",
455	smb_entry->uid));
456	hpux_entry.a_id = (uid_t)smb_entry->uid;
457	break;
458	case GROUP:
459	DEBUG(10, ("got tag type GROUP with gid %d\n",
460	smb_entry->gid));
461	hpux_entry.a_id = (uid_t)smb_entry->gid;
462	break;
463	default:
464	break;
465	}
466	if (type == SMB_ACL_TYPE_DEFAULT) {
467	DEBUG(10, ("adding default bit to hpux ace\n"));
468	hpux_entry.a_type \|= ACL_DEFAULT;
469	}
470
471	hpux_entry.a_perm =
472	smb_perm_to_hpux_perm(smb_entry->a_perm);
473	DEBUG(10, ("assembled the following hpux ace:\n"));
474	DEBUGADD(10, (" - type: 0x%04x\n", hpux_entry.a_type));
475	DEBUGADD(10, (" - id: %d\n", hpux_entry.a_id));
476	DEBUGADD(10, (" - perm: o%o\n", hpux_entry.a_perm));
477	if (!hpux_add_to_acl(hpux_acl, count, &hpux_entry,
478	1, type))
479	{
480	DEBUG(10, ("error adding acl entry\n"));
481	goto fail;
482	}
483	DEBUG(10, ("count after adding: %d (i: %d)\n", *count, i));
484	DEBUG(10, ("test, if entry has been copied into acl:\n"));
485	DEBUGADD(10, (" - type: 0x%04x\n",
486	(hpux_acl)[(count)-1].a_type));
487	DEBUGADD(10, (" - id: %d\n",
488	(hpux_acl)[(count)-1].a_id));
489	DEBUGADD(10, (" - perm: o%o\n",
490	(hpux_acl)[(count)-1].a_perm));
491	}
492
493	ret = True;
494	goto done;
495
496	fail:
497	SAFE_FREE(*hpux_acl);
498	done:
499	DEBUG(10, ("smb_acl_to_hpux_acl %s\n",
500	((ret == True) ? "succeeded" : "failed")));
501	return ret;
502	}
503
504	/*
505	* convert either the access or the default part of a
506	* soaris acl to the SMB_ACL format.
507	*/
508	static SMB_ACL_T hpux_acl_to_smb_acl(HPUX_ACL_T hpux_acl, int count,
509	SMB_ACL_TYPE_T type)
510	{
511	SMB_ACL_T result;
512	int i;
513
514	if ((result = sys_acl_init(0)) == NULL) {
515	DEBUG(10, ("error allocating memory for SMB_ACL\n"));
516	goto fail;
517	}
518	for (i = 0; i < count; i++) {
519	SMB_ACL_ENTRY_T smb_entry;
520	SMB_ACL_PERM_T smb_perm;
521
522	if (!_IS_OF_TYPE(hpux_acl[i], type)) {
523	continue;
524	}
525	result = SMB_REALLOC(result,
526	sizeof(struct smb_acl_t) +
527	(sizeof(struct smb_acl_entry) *
528	(result->count + 1)));
529	if (result == NULL) {
530	DEBUG(10, ("error reallocating memory for SMB_ACL\n"));
531	goto fail;
532	}
533	smb_entry = &result->acl[result->count];
534	if (sys_acl_set_tag_type(smb_entry,
535	hpux_tag_to_smb_tag(hpux_acl[i].a_type)) != 0)
536	{
537	DEBUG(10, ("invalid tag type given: 0x%04x\n",
538	hpux_acl[i].a_type));
539	goto fail;
540	}
541	/* intentionally not checking return code here: */
542	sys_acl_set_qualifier(smb_entry, (void *)&hpux_acl[i].a_id);
543	smb_perm = hpux_perm_to_smb_perm(hpux_acl[i].a_perm);
544	if (sys_acl_set_permset(smb_entry, &smb_perm) != 0) {
545	DEBUG(10, ("invalid permset given: %d\n",
546	hpux_acl[i].a_perm));
547	goto fail;
548	}
549	result->count += 1;
550	}
551	goto done;
552
553	fail:
554	SAFE_FREE(result);
555	done:
556	DEBUG(10, ("hpux_acl_to_smb_acl %s\n",
557	((result == NULL) ? "failed" : "succeeded")));
558	return result;
559	}
560
561
562
563	static HPUX_ACL_TAG_T smb_tag_to_hpux_tag(SMB_ACL_TAG_T smb_tag)
564	{
565	HPUX_ACL_TAG_T hpux_tag = 0;
566
567	DEBUG(10, ("smb_tag_to_hpux_tag\n"));
568	DEBUGADD(10, (" --> got smb tag 0x%04x\n", smb_tag));
569
570	switch (smb_tag) {
571	case SMB_ACL_USER:
572	hpux_tag = USER;
573	break;
574	case SMB_ACL_USER_OBJ:
575	hpux_tag = USER_OBJ;
576	break;
577	case SMB_ACL_GROUP:
578	hpux_tag = GROUP;
579	break;
580	case SMB_ACL_GROUP_OBJ:
581	hpux_tag = GROUP_OBJ;
582	break;
583	case SMB_ACL_OTHER:
584	hpux_tag = OTHER_OBJ;
585	break;
586	case SMB_ACL_MASK:
587	hpux_tag = CLASS_OBJ;
588	break;
589	default:
590	DEBUGADD(10, (" !!! unknown smb tag type 0x%04x\n", smb_tag));
591	break;
592	}
593
594	DEBUGADD(10, (" --> determined hpux tag 0x%04x\n", hpux_tag));
595
596	return hpux_tag;
597	}
598
599	static SMB_ACL_TAG_T hpux_tag_to_smb_tag(HPUX_ACL_TAG_T hpux_tag)
600	{
601	SMB_ACL_TAG_T smb_tag = 0;
602
603	DEBUG(10, ("hpux_tag_to_smb_tag:\n"));
604	DEBUGADD(10, (" --> got hpux tag 0x%04x\n", hpux_tag));
605
606	hpux_tag &= ~ACL_DEFAULT;
607
608	switch (hpux_tag) {
609	case USER:
610	smb_tag = SMB_ACL_USER;
611	break;
612	case USER_OBJ:
613	smb_tag = SMB_ACL_USER_OBJ;
614	break;
615	case GROUP:
616	smb_tag = SMB_ACL_GROUP;
617	break;
618	case GROUP_OBJ:
619	smb_tag = SMB_ACL_GROUP_OBJ;
620	break;
621	case OTHER_OBJ:
622	smb_tag = SMB_ACL_OTHER;
623	break;
624	case CLASS_OBJ:
625	smb_tag = SMB_ACL_MASK;
626	break;
627	default:
628	DEBUGADD(10, (" !!! unknown hpux tag type: 0x%04x\n",
629	hpux_tag));
630	break;
631	}
632
633	DEBUGADD(10, (" --> determined smb tag 0x%04x\n", smb_tag));
634
635	return smb_tag;
636	}
637
638
639	/*
640	* The permission bits used in the following two permission conversion
641	* functions are same, but the functions make us independent of the concrete
642	* permission data types.
643	*/
644	static SMB_ACL_PERM_T hpux_perm_to_smb_perm(const HPUX_PERM_T perm)
645	{
646	SMB_ACL_PERM_T smb_perm = 0;
647	smb_perm \|= ((perm & SMB_ACL_READ) ? SMB_ACL_READ : 0);
648	smb_perm \|= ((perm & SMB_ACL_WRITE) ? SMB_ACL_WRITE : 0);
649	smb_perm \|= ((perm & SMB_ACL_EXECUTE) ? SMB_ACL_EXECUTE : 0);
650	return smb_perm;
651	}
652
653
654	static HPUX_PERM_T smb_perm_to_hpux_perm(const SMB_ACL_PERM_T perm)
655	{
656	HPUX_PERM_T hpux_perm = 0;
657	hpux_perm \|= ((perm & SMB_ACL_READ) ? SMB_ACL_READ : 0);
658	hpux_perm \|= ((perm & SMB_ACL_WRITE) ? SMB_ACL_WRITE : 0);
659	hpux_perm \|= ((perm & SMB_ACL_EXECUTE) ? SMB_ACL_EXECUTE : 0);
660	return hpux_perm;
661	}
662
663
664	static bool hpux_acl_get_file(const char name, HPUX_ACL_T hpux_acl,
665	int *count)
666	{
667	bool result = False;
668	static HPUX_ACE_T dummy_ace;
669
670	DEBUG(10, ("hpux_acl_get_file called for file '%s'\n", name));
671
672	/*
673	* The original code tries some INITIAL_ACL_SIZE
674	* and only did the ACL_CNT call upon failure
675	* (for performance reasons).
676	* For the sake of simplicity, I skip this for now.
677	*
678	* NOTE: There is a catch here on HP-UX: acl with cmd parameter
679	* ACL_CNT fails with errno EINVAL when called with a NULL
680	* pointer as last argument. So we need to use a dummy acl
681	* struct here (we make it static so it does not need to be
682	* instantiated or malloced each time this function is
683	* called). Btw: the count parameter does not seem to matter...
684	*/
685	count = acl(CONST_DISCARD(char , name), ACL_CNT, 0, &dummy_ace);
686	if (*count < 0) {
687	DEBUG(10, ("acl ACL_CNT failed: %s\n", strerror(errno)));
688	goto done;
689	}
690	hpux_acl = hpux_acl_init(count);
691	if (*hpux_acl == NULL) {
692	DEBUG(10, ("error allocating memory for hpux acl...\n"));
693	goto done;
694	}
695	count = acl(CONST_DISCARD(char , name), ACL_GET, count, hpux_acl);
696	if (*count < 0) {
697	DEBUG(10, ("acl ACL_GET failed: %s\n", strerror(errno)));
698	goto done;
699	}
700	result = True;
701
702	done:
703	DEBUG(10, ("hpux_acl_get_file %s.\n",
704	((result == True) ? "succeeded" : "failed" )));
705	return result;
706	}
707
708
709
710
711	/*
712	* Add entries to a hpux ACL.
713	*
714	* Entries are directly added to the hpuxacl parameter.
715	* if memory allocation fails, this may result in hpuxacl
716	* being NULL. if the resulting acl is to be checked and is
717	* not valid, it is kept in hpuxacl but False is returned.
718	*
719	* The type of ACEs (access/default) to be added to the ACL can
720	* be selected via the type parameter.
721	* I use the SMB_ACL_TYPE_T type here. Since SMB_ACL_TYPE_ACCESS
722	* is defined as "0", this means that one can only add either
723	* access or default ACEs from the given ACL, not both at the same
724	* time. If it should become necessary to add all of an ACL, one
725	* would have to replace this parameter by another type.
726	*/
727	static bool hpux_add_to_acl(HPUX_ACL_T hpux_acl, int count,
728	HPUX_ACL_T add_acl, int add_count,
729	SMB_ACL_TYPE_T type)
730	{
731	int i;
732
733	if ((type != SMB_ACL_TYPE_ACCESS) && (type != SMB_ACL_TYPE_DEFAULT))
734	{
735	DEBUG(10, ("invalid acl type given: %d\n", type));
736	errno = EINVAL;
737	return False;
738	}
739	for (i = 0; i < add_count; i++) {
740	if (!_IS_OF_TYPE(add_acl[i], type)) {
741	continue;
742	}
743	ADD_TO_ARRAY(NULL, HPUX_ACE_T, add_acl[i],
744	hpux_acl, count);
745	if (hpux_acl == NULL) {
746	DEBUG(10, ("error enlarging acl.\n"));
747	errno = ENOMEM;
748	return False;
749	}
750	}
751	return True;
752	}
753
754
755	/*
756	* sort the ACL and check it for validity
757	*
758	* [original comment from lib/sysacls.c:]
759	*
760	* if it's a minimal ACL with only 4 entries then we
761	* need to recalculate the mask permissions to make
762	* sure that they are the same as the GROUP_OBJ
763	* permissions as required by the UnixWare acl() system call.
764	*
765	* (note: since POSIX allows minimal ACLs which only contain
766	* 3 entries - ie there is no mask entry - we should, in theory,
767	* check for this and add a mask entry if necessary - however
768	* we "know" that the caller of this interface always specifies
769	* a mask, so in practice "this never happens" (tm) - if it does
770	* happen aclsort() will fail and return an error and someone will
771	* have to fix it...)
772	*/
773	static bool hpux_acl_sort(HPUX_ACL_T hpux_acl, int count)
774	{
775	int fixmask = (count <= 4);
776
777	if (hpux_internal_aclsort(count, fixmask, hpux_acl) != 0) {
778	errno = EINVAL;
779	return False;
780	}
781	return True;
782	}
783
784
785	/*
786	* Helpers for hpux_internal_aclsort:
787	* - hpux_count_obj
788	* - hpux_swap_acl_entries
789	* - hpux_prohibited_duplicate_type
790	* - hpux_get_needed_class_perm
791	*/
792
793	/* hpux_count_obj:
794	* Counts the different number of objects in a given array of ACL
795	* structures.
796	* Inputs:
797	*
798	* acl_count - Count of ACLs in the array of ACL strucutres.
799	* aclp - Array of ACL structures.
800	* acl_type_count - Pointer to acl_types structure. Should already be
801	* allocated.
802	* Output:
803	*
804	* acl_type_count - This structure is filled up with counts of various
805	* acl types.
806	*/
807
808	static void hpux_count_obj(int acl_count, HPUX_ACL_T aclp, struct hpux_acl_types *acl_type_count)
809	{
810	int i;
811
812	memset(acl_type_count, 0, sizeof(struct hpux_acl_types));
813
814	for(i=0;i<acl_count;i++) {
815	switch(aclp[i].a_type) {
816	case USER:
817	acl_type_count->n_user++;
818	break;
819	case USER_OBJ:
820	acl_type_count->n_user_obj++;
821	break;
822	case DEF_USER_OBJ:
823	acl_type_count->n_def_user_obj++;
824	break;
825	case GROUP:
826	acl_type_count->n_group++;
827	break;
828	case GROUP_OBJ:
829	acl_type_count->n_group_obj++;
830	break;
831	case DEF_GROUP_OBJ:
832	acl_type_count->n_def_group_obj++;
833	break;
834	case OTHER_OBJ:
835	acl_type_count->n_other_obj++;
836	break;
837	case DEF_OTHER_OBJ:
838	acl_type_count->n_def_other_obj++;
839	break;
840	case CLASS_OBJ:
841	acl_type_count->n_class_obj++;
842	break;
843	case DEF_CLASS_OBJ:
844	acl_type_count->n_def_class_obj++;
845	break;
846	case DEF_USER:
847	acl_type_count->n_def_user++;
848	break;
849	case DEF_GROUP:
850	acl_type_count->n_def_group++;
851	break;
852	default:
853	acl_type_count->n_illegal_obj++;
854	break;
855	}
856	}
857	}
858
859	/* hpux_swap_acl_entries: Swaps two ACL entries.
860	*
861	* Inputs: aclp0, aclp1 - ACL entries to be swapped.
862	*/
863
864	static void hpux_swap_acl_entries(HPUX_ACE_T aclp0, HPUX_ACE_T aclp1)
865	{
866	HPUX_ACE_T temp_acl;
867
868	temp_acl.a_type = aclp0->a_type;
869	temp_acl.a_id = aclp0->a_id;
870	temp_acl.a_perm = aclp0->a_perm;
871
872	aclp0->a_type = aclp1->a_type;
873	aclp0->a_id = aclp1->a_id;
874	aclp0->a_perm = aclp1->a_perm;
875
876	aclp1->a_type = temp_acl.a_type;
877	aclp1->a_id = temp_acl.a_id;
878	aclp1->a_perm = temp_acl.a_perm;
879	}
880
881	/* hpux_prohibited_duplicate_type
882	* Identifies if given ACL type can have duplicate entries or
883	* not.
884	*
885	* Inputs: acl_type - ACL Type.
886	*
887	* Outputs:
888	*
889	* Return..
890	*
891	* True - If the ACL type matches any of the prohibited types.
892	* False - If the ACL type doesn't match any of the prohibited types.
893	*/
894
895	static bool hpux_prohibited_duplicate_type(int acl_type)
896	{
897	switch(acl_type) {
898	case USER:
899	case GROUP:
900	case DEF_USER:
901	case DEF_GROUP:
902	return True;
903	default:
904	return False;
905	}
906	}
907
908	/* hpux_get_needed_class_perm
909	* Returns the permissions of a ACL structure only if the ACL
910	* type matches one of the pre-determined types for computing
911	* CLASS_OBJ permissions.
912	*
913	* Inputs: aclp - Pointer to ACL structure.
914	*/
915
916	static int hpux_get_needed_class_perm(struct acl *aclp)
917	{
918	switch(aclp->a_type) {
919	case USER:
920	case GROUP_OBJ:
921	case GROUP:
922	case DEF_USER_OBJ:
923	case DEF_USER:
924	case DEF_GROUP_OBJ:
925	case DEF_GROUP:
926	case DEF_CLASS_OBJ:
927	case DEF_OTHER_OBJ:
928	return aclp->a_perm;
929	default:
930	return 0;
931	}
932	}
933
934	/* hpux_internal_aclsort: aclsort for HPUX.
935	*
936	* -> The aclsort() system call is availabe on the latest HPUX General
937	* -> Patch Bundles. So for HPUX, we developed our version of aclsort
938	* -> function. Because, we don't want to update to a new
939	* -> HPUX GR bundle just for aclsort() call.
940	*
941	* aclsort sorts the array of ACL structures as per the description in
942	* aclsort man page. Refer to aclsort man page for more details
943	*
944	* Inputs:
945	*
946	* acl_count - Count of ACLs in the array of ACL structures.
947	* calclass - If this is not zero, then we compute the CLASS_OBJ
948	* permissions.
949	* aclp - Array of ACL structures.
950	*
951	* Outputs:
952	*
953	* aclp - Sorted array of ACL structures.
954	*
955	* Outputs:
956	*
957	* Returns 0 for success -1 for failure. Prints a message to the Samba
958	* debug log in case of failure.
959	*/
960
961	static int hpux_internal_aclsort(int acl_count, int calclass, HPUX_ACL_T aclp)
962	{
963	struct hpux_acl_types acl_obj_count;
964	int n_class_obj_perm = 0;
965	int i, j;
966
967	DEBUG(10,("Entering hpux_internal_aclsort. (calclass = %d)\n", calclass));
968
969	if (hpux_aclsort_call_present()) {
970	DEBUG(10, ("calling hpux aclsort\n"));
971	return aclsort(acl_count, calclass, aclp);
972	}
973
974	DEBUG(10, ("using internal aclsort\n"));
975
976	if(!acl_count) {
977	DEBUG(10,("Zero acl count passed. Returning Success\n"));
978	return 0;
979	}
980
981	if(aclp == NULL) {
982	DEBUG(0,("Null ACL pointer in hpux_acl_sort. Returning Failure. \n"));
983	return -1;
984	}
985
986	/* Count different types of ACLs in the ACLs array */
987
988	hpux_count_obj(acl_count, aclp, &acl_obj_count);
989
990	/* There should be only one entry each of type USER_OBJ, GROUP_OBJ,
991	* CLASS_OBJ and OTHER_OBJ
992	*/
993
994	if ( (acl_obj_count.n_user_obj != 1) \|\|
995	(acl_obj_count.n_group_obj != 1) \|\|
996	(acl_obj_count.n_class_obj != 1) \|\|
997	(acl_obj_count.n_other_obj != 1) )
998	{
999	DEBUG(0,("hpux_internal_aclsort: More than one entry or no entries for \
1000	USER OBJ or GROUP_OBJ or OTHER_OBJ or CLASS_OBJ\n"));
1001	return -1;
1002	}
1003
1004	/* If any of the default objects are present, there should be only
1005	* one of them each.
1006	*/
1007
1008	if ( (acl_obj_count.n_def_user_obj > 1) \|\|
1009	(acl_obj_count.n_def_group_obj > 1) \|\|
1010	(acl_obj_count.n_def_other_obj > 1) \|\|
1011	(acl_obj_count.n_def_class_obj > 1) )
1012	{
1013	DEBUG(0,("hpux_internal_aclsort: More than one entry for DEF_CLASS_OBJ \
1014	or DEF_USER_OBJ or DEF_GROUP_OBJ or DEF_OTHER_OBJ\n"));
1015	return -1;
1016	}
1017
1018	/* We now have proper number of OBJ and DEF_OBJ entries. Now sort the acl
1019	* structures.
1020	*
1021	* Sorting crieteria - First sort by ACL type. If there are multiple entries of
1022	* same ACL type, sort by ACL id.
1023	*
1024	* I am using the trival kind of sorting method here because, performance isn't
1025	* really effected by the ACLs feature. More over there aren't going to be more
1026	* than 17 entries on HPUX.
1027	*/
1028
1029	for(i=0; i<acl_count;i++) {
1030	for (j=i+1; j<acl_count; j++) {
1031	if( aclp[i].a_type > aclp[j].a_type ) {
1032	/* ACL entries out of order, swap them */
1033	hpux_swap_acl_entries((aclp+i), (aclp+j));
1034	} else if ( aclp[i].a_type == aclp[j].a_type ) {
1035	/* ACL entries of same type, sort by id */
1036	if(aclp[i].a_id > aclp[j].a_id) {
1037	hpux_swap_acl_entries((aclp+i), (aclp+j));
1038	} else if (aclp[i].a_id == aclp[j].a_id) {
1039	/* We have a duplicate entry. */
1040	if(hpux_prohibited_duplicate_type(aclp[i].a_type)) {
1041	DEBUG(0, ("hpux_internal_aclsort: Duplicate entry: Type(hex): %x Id: %d\n",
1042	aclp[i].a_type, aclp[i].a_id));
1043	return -1;
1044	}
1045	}
1046	}
1047	}
1048	}
1049
1050	/* set the class obj permissions to the computed one. */
1051	if(calclass) {
1052	int n_class_obj_index = -1;
1053
1054	for(i=0;i<acl_count;i++) {
1055	n_class_obj_perm \|= hpux_get_needed_class_perm((aclp+i));
1056
1057	if(aclp[i].a_type == CLASS_OBJ)
1058	n_class_obj_index = i;
1059	}
1060	aclp[n_class_obj_index].a_perm = n_class_obj_perm;
1061	}
1062
1063	return 0;
1064	}
1065
1066
1067	/*
1068	* hpux_acl_call_present:
1069	*
1070	* This checks if the POSIX ACL system call is defined
1071	* which basically corresponds to whether JFS 3.3 or
1072	* higher is installed. If acl() was called when it
1073	* isn't defined, it causes the process to core dump
1074	* so it is important to check this and avoid acl()
1075	* calls if it isn't there.
1076	*/
1077
1078	static bool hpux_acl_call_present(void)
1079	{
1080
1081	shl_t handle = NULL;
1082	void *value;
1083	int ret_val=0;
1084	static bool already_checked = False;
1085
1086	if(already_checked)
1087	return True;
1088
1089	errno = 0;
1090
1091	ret_val = shl_findsym(&handle, "acl", TYPE_PROCEDURE, &value);
1092
1093	if(ret_val != 0) {
1094	DEBUG(5, ("hpux_acl_call_present: shl_findsym() returned %d, errno = %d, error %s\n",
1095	ret_val, errno, strerror(errno)));
1096	DEBUG(5,("hpux_acl_call_present: acl() system call is not present. Check if you have JFS 3.3 and above?\n"));
1097	errno = ENOSYS;
1098	return False;
1099	}
1100
1101	DEBUG(10,("hpux_acl_call_present: acl() system call is present. We have JFS 3.3 or above \n"));
1102
1103	already_checked = True;
1104	return True;
1105	}
1106
1107	/*
1108	* runtime check for presence of aclsort library call.
1109	* same code as for acl call. if there are more of these,
1110	* a dispatcher function could be handy...
1111	*/
1112
1113	static bool hpux_aclsort_call_present(void)
1114	{
1115	shl_t handle = NULL;
1116	void *value;
1117	int ret_val = 0;
1118	static bool already_checked = False;
1119
1120	if (already_checked) {
1121	return True;
1122	}
1123
1124	errno = 0;
1125	ret_val = shl_findsym(&handle, "aclsort", TYPE_PROCEDURE, &value);
1126	if (ret_val != 0) {
1127	DEBUG(5, ("hpux_aclsort_call_present: shl_findsym "
1128	"returned %d, errno = %d, error %s",
1129	ret_val, errno, strerror(errno)));
1130	DEBUG(5, ("hpux_aclsort_call_present: "
1131	"aclsort() function not available.\n"));
1132	return False;
1133	}
1134	DEBUG(10,("hpux_aclsort_call_present: aclsort() function present.\n"));
1135	already_checked = True;
1136	return True;
1137	}
1138
1139	#if 0
1140	/*
1141	* acl check function:
1142	* unused at the moment but could be used to get more
1143	* concrete error messages for debugging...
1144	* (acl sort just says that the acl is invalid...)
1145	*/
1146	static bool hpux_acl_check(HPUX_ACL_T hpux_acl, int count)
1147	{
1148	int check_rc;
1149	int check_which;
1150
1151	check_rc = aclcheck(hpux_acl, count, &check_which);
1152	if (check_rc != 0) {
1153	DEBUG(10, ("acl is not valid:\n"));
1154	DEBUGADD(10, (" - return code: %d\n", check_rc));
1155	DEBUGADD(10, (" - which: %d\n", check_which));
1156	if (check_which != -1) {
1157	DEBUGADD(10, (" - invalid entry:\n"));
1158	DEBUGADD(10, (" * type: %d:\n",
1159	hpux_acl[check_which].a_type));
1160	DEBUGADD(10, (" * id: %d\n",
1161	hpux_acl[check_which].a_id));
1162	DEBUGADD(10, (" * perm: 0o%o\n",
1163	hpux_acl[check_which].a_perm));
1164	}
1165	return False;
1166	}
1167	return True;
1168	}
1169	#endif
1170
1171	/* VFS operations structure */
1172
1173	static struct vfs_fn_pointers hpuxacl_fns = {
1174	.sys_acl_get_file = hpuxacl_sys_acl_get_file,
1175	.sys_acl_get_fd = hpuxacl_sys_acl_get_fd,
1176	.sys_acl_set_file = hpuxacl_sys_acl_set_file,
1177	.sys_acl_set_fd = hpuxacl_sys_acl_set_fd,
1178	.sys_acl_delete_def_file = hpuxacl_sys_acl_delete_def_file,
1179	};
1180
1181	NTSTATUS vfs_hpuxacl_init(void)
1182	{
1183	return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "hpuxacl",
1184	&hpuxacl_fns);
1185	}
1186
1187	/* ENTE */

Note: See TracBrowser for help on using the repository browser.

Download in other formats: