1 /*-
2 * Copyright (c) 2003-2009 Tim Kientzle
3 * Copyright (c) 2010-2012 Michihiro NAKAJIMA
4 * Copyright (c) 2017 Martin Matuska
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 */
27
28 #include "archive_platform.h"
29
30 #if ARCHIVE_ACL_LIBACL || ARCHIVE_ACL_LIBRICHACL
31
32 #ifdef HAVE_ERRNO_H
33 #include <errno.h>
34 #endif
35 #ifdef HAVE_FCNTL_H
36 #include <fcntl.h>
37 #endif
38 #if HAVE_ACL_LIBACL_H
39 #include <acl/libacl.h>
40 #endif
41 #ifdef HAVE_SYS_ACL_H
42 #include <sys/acl.h>
43 #endif
44 #ifdef HAVE_SYS_RICHACL_H
45 #include <sys/richacl.h>
46 #endif
47
48 #include "archive_entry.h"
49 #include "archive_private.h"
50 #include "archive_read_disk_private.h"
51 #include "archive_write_disk_private.h"
52
53 typedef struct {
54 const int a_perm; /* Libarchive permission or flag */
55 const int p_perm; /* Platform permission or flag */
56 } acl_perm_map_t;
57
58 #if ARCHIVE_ACL_LIBACL
59 static const acl_perm_map_t acl_posix_perm_map[] = {
60 {ARCHIVE_ENTRY_ACL_EXECUTE, ACL_EXECUTE},
61 {ARCHIVE_ENTRY_ACL_WRITE, ACL_WRITE},
62 {ARCHIVE_ENTRY_ACL_READ, ACL_READ},
63 };
64
65 static const int acl_posix_perm_map_size =
66 (int)(sizeof(acl_posix_perm_map)/sizeof(acl_posix_perm_map[0]));
67 #endif /* ARCHIVE_ACL_LIBACL */
68
69 #if ARCHIVE_ACL_LIBRICHACL
70 static const acl_perm_map_t acl_nfs4_perm_map[] = {
71 {ARCHIVE_ENTRY_ACL_EXECUTE, RICHACE_EXECUTE},
72 {ARCHIVE_ENTRY_ACL_READ_DATA, RICHACE_READ_DATA},
73 {ARCHIVE_ENTRY_ACL_LIST_DIRECTORY, RICHACE_LIST_DIRECTORY},
74 {ARCHIVE_ENTRY_ACL_WRITE_DATA, RICHACE_WRITE_DATA},
75 {ARCHIVE_ENTRY_ACL_ADD_FILE, RICHACE_ADD_FILE},
76 {ARCHIVE_ENTRY_ACL_APPEND_DATA, RICHACE_APPEND_DATA},
77 {ARCHIVE_ENTRY_ACL_ADD_SUBDIRECTORY, RICHACE_ADD_SUBDIRECTORY},
78 {ARCHIVE_ENTRY_ACL_READ_NAMED_ATTRS, RICHACE_READ_NAMED_ATTRS},
79 {ARCHIVE_ENTRY_ACL_WRITE_NAMED_ATTRS, RICHACE_WRITE_NAMED_ATTRS},
80 {ARCHIVE_ENTRY_ACL_DELETE_CHILD, RICHACE_DELETE_CHILD},
81 {ARCHIVE_ENTRY_ACL_READ_ATTRIBUTES, RICHACE_READ_ATTRIBUTES},
82 {ARCHIVE_ENTRY_ACL_WRITE_ATTRIBUTES, RICHACE_WRITE_ATTRIBUTES},
83 {ARCHIVE_ENTRY_ACL_DELETE, RICHACE_DELETE},
84 {ARCHIVE_ENTRY_ACL_READ_ACL, RICHACE_READ_ACL},
85 {ARCHIVE_ENTRY_ACL_WRITE_ACL, RICHACE_WRITE_ACL},
86 {ARCHIVE_ENTRY_ACL_WRITE_OWNER, RICHACE_WRITE_OWNER},
87 {ARCHIVE_ENTRY_ACL_SYNCHRONIZE, RICHACE_SYNCHRONIZE}
88 };
89
90 static const int acl_nfs4_perm_map_size =
91 (int)(sizeof(acl_nfs4_perm_map)/sizeof(acl_nfs4_perm_map[0]));
92
93 static const acl_perm_map_t acl_nfs4_flag_map[] = {
94 {ARCHIVE_ENTRY_ACL_ENTRY_FILE_INHERIT, RICHACE_FILE_INHERIT_ACE},
95 {ARCHIVE_ENTRY_ACL_ENTRY_DIRECTORY_INHERIT, RICHACE_DIRECTORY_INHERIT_ACE},
96 {ARCHIVE_ENTRY_ACL_ENTRY_NO_PROPAGATE_INHERIT, RICHACE_NO_PROPAGATE_INHERIT_ACE},
97 {ARCHIVE_ENTRY_ACL_ENTRY_INHERIT_ONLY, RICHACE_INHERIT_ONLY_ACE},
98 {ARCHIVE_ENTRY_ACL_ENTRY_INHERITED, RICHACE_INHERITED_ACE}
99 };
100
101 static const int acl_nfs4_flag_map_size =
102 (int)(sizeof(acl_nfs4_flag_map)/sizeof(acl_nfs4_flag_map[0]));
103 #endif /* ARCHIVE_ACL_LIBRICHACL */
104
105 #if ARCHIVE_ACL_LIBACL
106 /*
107 * Translate POSIX.1e ACLs into libarchive internal structure
108 */
109 static int
translate_acl(struct archive_read_disk * a,struct archive_entry * entry,acl_t acl,int default_entry_acl_type)110 translate_acl(struct archive_read_disk *a,
111 struct archive_entry *entry, acl_t acl, int default_entry_acl_type)
112 {
113 acl_tag_t acl_tag;
114 acl_entry_t acl_entry;
115 acl_permset_t acl_permset;
116 int i, entry_acl_type;
117 int r, s, ae_id, ae_tag, ae_perm;
118 void *q;
119 const char *ae_name;
120
121 s = acl_get_entry(acl, ACL_FIRST_ENTRY, &acl_entry);
122 if (s == -1) {
123 archive_set_error(&a->archive, errno,
124 "Failed to get first ACL entry");
125 return (ARCHIVE_WARN);
126 }
127
128 while (s == 1) {
129 ae_id = -1;
130 ae_name = NULL;
131 ae_perm = 0;
132
133 if (acl_get_tag_type(acl_entry, &acl_tag) != 0) {
134 archive_set_error(&a->archive, errno,
135 "Failed to get ACL tag type");
136 return (ARCHIVE_WARN);
137 }
138 switch (acl_tag) {
139 case ACL_USER:
140 q = acl_get_qualifier(acl_entry);
141 if (q != NULL) {
142 ae_id = (int)*(uid_t *)q;
143 acl_free(q);
144 ae_name = archive_read_disk_uname(&a->archive,
145 ae_id);
146 }
147 ae_tag = ARCHIVE_ENTRY_ACL_USER;
148 break;
149 case ACL_GROUP:
150 q = acl_get_qualifier(acl_entry);
151 if (q != NULL) {
152 ae_id = (int)*(gid_t *)q;
153 acl_free(q);
154 ae_name = archive_read_disk_gname(&a->archive,
155 ae_id);
156 }
157 ae_tag = ARCHIVE_ENTRY_ACL_GROUP;
158 break;
159 case ACL_MASK:
160 ae_tag = ARCHIVE_ENTRY_ACL_MASK;
161 break;
162 case ACL_USER_OBJ:
163 ae_tag = ARCHIVE_ENTRY_ACL_USER_OBJ;
164 break;
165 case ACL_GROUP_OBJ:
166 ae_tag = ARCHIVE_ENTRY_ACL_GROUP_OBJ;
167 break;
168 case ACL_OTHER:
169 ae_tag = ARCHIVE_ENTRY_ACL_OTHER;
170 break;
171 default:
172 /* Skip types that libarchive can't support. */
173 s = acl_get_entry(acl, ACL_NEXT_ENTRY, &acl_entry);
174 continue;
175 }
176
177 // XXX acl_type maps to allow/deny/audit/YYYY bits
178 entry_acl_type = default_entry_acl_type;
179
180 if (acl_get_permset(acl_entry, &acl_permset) != 0) {
181 archive_set_error(&a->archive, errno,
182 "Failed to get ACL permission set");
183 return (ARCHIVE_WARN);
184 }
185
186 for (i = 0; i < acl_posix_perm_map_size; ++i) {
187 r = acl_get_perm(acl_permset,
188 acl_posix_perm_map[i].p_perm);
189 if (r == -1) {
190 archive_set_error(&a->archive, errno,
191 "Failed to check permission in an ACL "
192 "permission set");
193 return (ARCHIVE_WARN);
194 } else if (r)
195 ae_perm |= acl_posix_perm_map[i].a_perm;
196 }
197
198 archive_entry_acl_add_entry(entry, entry_acl_type,
199 ae_perm, ae_tag,
200 ae_id, ae_name);
201
202 s = acl_get_entry(acl, ACL_NEXT_ENTRY, &acl_entry);
203 if (s == -1) {
204 archive_set_error(&a->archive, errno,
205 "Failed to get next ACL entry");
206 return (ARCHIVE_WARN);
207 }
208 }
209 return (ARCHIVE_OK);
210 }
211 #endif /* ARCHIVE_ACL_LIBACL */
212
213 #if ARCHIVE_ACL_LIBRICHACL
214 /*
215 * Translate RichACL into libarchive internal ACL
216 */
217 static int
translate_richacl(struct archive_read_disk * a,struct archive_entry * entry,struct richacl * richacl)218 translate_richacl(struct archive_read_disk *a, struct archive_entry *entry,
219 struct richacl *richacl)
220 {
221 int ae_id, ae_tag, ae_perm;
222 int entry_acl_type, i;
223 const char *ae_name;
224
225 struct richace *richace;
226
227 richacl_for_each_entry(richace, richacl) {
228 ae_name = NULL;
229 ae_tag = 0;
230 ae_perm = 0;
231 ae_id = -1;
232
233 switch (richace->e_type) {
234 case RICHACE_ACCESS_ALLOWED_ACE_TYPE:
235 entry_acl_type = ARCHIVE_ENTRY_ACL_TYPE_ALLOW;
236 break;
237 case RICHACE_ACCESS_DENIED_ACE_TYPE:
238 entry_acl_type = ARCHIVE_ENTRY_ACL_TYPE_DENY;
239 break;
240 default: /* Unknown entry type, skip */
241 continue;
242 }
243
244 /* Unsupported */
245 if (richace->e_flags & RICHACE_UNMAPPED_WHO)
246 continue;
247
248 if (richace->e_flags & RICHACE_SPECIAL_WHO) {
249 switch (richace->e_id) {
250 case RICHACE_OWNER_SPECIAL_ID:
251 ae_tag = ARCHIVE_ENTRY_ACL_USER_OBJ;
252 break;
253 case RICHACE_GROUP_SPECIAL_ID:
254 ae_tag = ARCHIVE_ENTRY_ACL_GROUP_OBJ;
255 break;
256 case RICHACE_EVERYONE_SPECIAL_ID:
257 ae_tag = ARCHIVE_ENTRY_ACL_EVERYONE;
258 break;
259 default: /* Unknown special ID type */
260 continue;
261 }
262 } else {
263 ae_id = richace->e_id;
264 if (richace->e_flags & RICHACE_IDENTIFIER_GROUP) {
265 ae_tag = ARCHIVE_ENTRY_ACL_GROUP;
266 ae_name = archive_read_disk_gname(&a->archive,
267 (gid_t)(richace->e_id));
268 } else {
269 ae_tag = ARCHIVE_ENTRY_ACL_USER;
270 ae_name = archive_read_disk_uname(&a->archive,
271 (uid_t)(richace->e_id));
272 }
273 }
274 for (i = 0; i < acl_nfs4_flag_map_size; ++i) {
275 if ((richace->e_flags &
276 acl_nfs4_flag_map[i].p_perm) != 0)
277 ae_perm |= acl_nfs4_flag_map[i].a_perm;
278 }
279 for (i = 0; i < acl_nfs4_perm_map_size; ++i) {
280 if ((richace->e_mask &
281 acl_nfs4_perm_map[i].p_perm) != 0)
282 ae_perm |=
283 acl_nfs4_perm_map[i].a_perm;
284 }
285
286 archive_entry_acl_add_entry(entry, entry_acl_type,
287 ae_perm, ae_tag, ae_id, ae_name);
288 }
289 return (ARCHIVE_OK);
290 }
291 #endif /* ARCHIVE_ACL_LIBRICHACL */
292
293 #if ARCHIVE_ACL_LIBRICHACL
294 static int
_richacl_mode_to_mask(short mode)295 _richacl_mode_to_mask(short mode)
296 {
297 int mask = 0;
298
299 if (mode & S_IROTH)
300 mask |= RICHACE_POSIX_MODE_READ;
301 if (mode & S_IWOTH)
302 mask |= RICHACE_POSIX_MODE_WRITE;
303 if (mode & S_IXOTH)
304 mask |= RICHACE_POSIX_MODE_EXEC;
305
306 return (mask);
307 }
308
309 static void
_richacl_mode_to_masks(struct richacl * richacl,__LA_MODE_T mode)310 _richacl_mode_to_masks(struct richacl *richacl, __LA_MODE_T mode)
311 {
312 richacl->a_owner_mask = _richacl_mode_to_mask((mode & 0700) >> 6);
313 richacl->a_group_mask = _richacl_mode_to_mask((mode & 0070) >> 3);
314 richacl->a_other_mask = _richacl_mode_to_mask(mode & 0007);
315 }
316 #endif /* ARCHIVE_ACL_LIBRICHACL */
317
318 #if ARCHIVE_ACL_LIBRICHACL
319 static int
set_richacl(struct archive * a,int fd,const char * name,struct archive_acl * abstract_acl,__LA_MODE_T mode,int ae_requested_type,const char * tname)320 set_richacl(struct archive *a, int fd, const char *name,
321 struct archive_acl *abstract_acl, __LA_MODE_T mode,
322 int ae_requested_type, const char *tname)
323 {
324 int ae_type, ae_permset, ae_tag, ae_id;
325 uid_t ae_uid;
326 gid_t ae_gid;
327 const char *ae_name;
328 int entries;
329 int i;
330 int ret;
331 int e = 0;
332 struct richacl *richacl = NULL;
333 struct richace *richace;
334
335 ret = ARCHIVE_OK;
336 entries = archive_acl_reset(abstract_acl, ae_requested_type);
337 if (entries == 0)
338 return (ARCHIVE_OK);
339
340 if (ae_requested_type != ARCHIVE_ENTRY_ACL_TYPE_NFS4) {
341 errno = ENOENT;
342 archive_set_error(a, errno, "Unsupported ACL type");
343 return (ARCHIVE_FAILED);
344 }
345
346 if (S_ISLNK(mode)) {
347 /* Linux does not support RichACLs on symbolic links */
348 return (ARCHIVE_OK);
349 }
350
351 richacl = richacl_alloc(entries);
352 if (richacl == NULL) {
353 archive_set_error(a, errno,
354 "Failed to initialize RichACL working storage");
355 return (ARCHIVE_FAILED);
356 }
357
358 e = 0;
359
360 while (archive_acl_next(a, abstract_acl, ae_requested_type, &ae_type,
361 &ae_permset, &ae_tag, &ae_id, &ae_name) == ARCHIVE_OK) {
362 richace = &(richacl->a_entries[e]);
363
364 richace->e_flags = 0;
365 richace->e_mask = 0;
366
367 switch (ae_tag) {
368 case ARCHIVE_ENTRY_ACL_USER:
369 ae_uid = archive_write_disk_uid(a, ae_name, ae_id);
370 richace->e_id = ae_uid;
371 break;
372 case ARCHIVE_ENTRY_ACL_GROUP:
373 ae_gid = archive_write_disk_gid(a, ae_name, ae_id);
374 richace->e_id = ae_gid;
375 richace->e_flags |= RICHACE_IDENTIFIER_GROUP;
376 break;
377 case ARCHIVE_ENTRY_ACL_USER_OBJ:
378 richace->e_flags |= RICHACE_SPECIAL_WHO;
379 richace->e_id = RICHACE_OWNER_SPECIAL_ID;
380 break;
381 case ARCHIVE_ENTRY_ACL_GROUP_OBJ:
382 richace->e_flags |= RICHACE_SPECIAL_WHO;
383 richace->e_id = RICHACE_GROUP_SPECIAL_ID;
384 break;
385 case ARCHIVE_ENTRY_ACL_EVERYONE:
386 richace->e_flags |= RICHACE_SPECIAL_WHO;
387 richace->e_id = RICHACE_EVERYONE_SPECIAL_ID;
388 break;
389 default:
390 archive_set_error(a, ARCHIVE_ERRNO_MISC,
391 "Unsupported ACL tag");
392 ret = ARCHIVE_FAILED;
393 goto exit_free;
394 }
395
396 switch (ae_type) {
397 case ARCHIVE_ENTRY_ACL_TYPE_ALLOW:
398 richace->e_type =
399 RICHACE_ACCESS_ALLOWED_ACE_TYPE;
400 break;
401 case ARCHIVE_ENTRY_ACL_TYPE_DENY:
402 richace->e_type =
403 RICHACE_ACCESS_DENIED_ACE_TYPE;
404 break;
405 case ARCHIVE_ENTRY_ACL_TYPE_AUDIT:
406 case ARCHIVE_ENTRY_ACL_TYPE_ALARM:
407 break;
408 default:
409 archive_set_error(a, ARCHIVE_ERRNO_MISC,
410 "Unsupported ACL entry type");
411 ret = ARCHIVE_FAILED;
412 goto exit_free;
413 }
414
415 for (i = 0; i < acl_nfs4_perm_map_size; ++i) {
416 if (ae_permset & acl_nfs4_perm_map[i].a_perm)
417 richace->e_mask |= acl_nfs4_perm_map[i].p_perm;
418 }
419
420 for (i = 0; i < acl_nfs4_flag_map_size; ++i) {
421 if (ae_permset &
422 acl_nfs4_flag_map[i].a_perm)
423 richace->e_flags |= acl_nfs4_flag_map[i].p_perm;
424 }
425 e++;
426 }
427
428 /* Fill RichACL masks */
429 _richacl_mode_to_masks(richacl, mode);
430
431 if (fd >= 0) {
432 if (richacl_set_fd(fd, richacl) == 0)
433 ret = ARCHIVE_OK;
434 else {
435 if (errno == EOPNOTSUPP) {
436 /* Filesystem doesn't support ACLs */
437 ret = ARCHIVE_OK;
438 } else {
439 archive_set_error(a, errno,
440 "Failed to set richacl on fd: %s", tname);
441 ret = ARCHIVE_WARN;
442 }
443 }
444 } else if (richacl_set_file(name, richacl) != 0) {
445 if (errno == EOPNOTSUPP) {
446 /* Filesystem doesn't support ACLs */
447 ret = ARCHIVE_OK;
448 } else {
449 archive_set_error(a, errno, "Failed to set richacl: %s",
450 tname);
451 ret = ARCHIVE_WARN;
452 }
453 }
454 exit_free:
455 richacl_free(richacl);
456 return (ret);
457 }
458 #endif /* ARCHIVE_ACL_RICHACL */
459
460 #if ARCHIVE_ACL_LIBACL
461 static int
set_acl(struct archive * a,int fd,const char * name,struct archive_acl * abstract_acl,__LA_MODE_T mode,int ae_requested_type,const char * tname)462 set_acl(struct archive *a, int fd, const char *name,
463 struct archive_acl *abstract_acl, __LA_MODE_T mode,
464 int ae_requested_type, const char *tname)
465 {
466 int acl_type = 0;
467 int ae_type, ae_permset, ae_tag, ae_id;
468 uid_t ae_uid;
469 gid_t ae_gid;
470 const char *ae_name;
471 int entries;
472 int i;
473 int ret;
474 acl_t acl = NULL;
475 acl_entry_t acl_entry;
476 acl_permset_t acl_permset;
477
478 ret = ARCHIVE_OK;
479 entries = archive_acl_reset(abstract_acl, ae_requested_type);
480 if (entries == 0)
481 return (ARCHIVE_OK);
482
483 switch (ae_requested_type) {
484 case ARCHIVE_ENTRY_ACL_TYPE_ACCESS:
485 acl_type = ACL_TYPE_ACCESS;
486 break;
487 case ARCHIVE_ENTRY_ACL_TYPE_DEFAULT:
488 acl_type = ACL_TYPE_DEFAULT;
489 break;
490 default:
491 errno = ENOENT;
492 archive_set_error(a, errno, "Unsupported ACL type");
493 return (ARCHIVE_FAILED);
494 }
495
496 if (S_ISLNK(mode)) {
497 /* Linux does not support ACLs on symbolic links */
498 return (ARCHIVE_OK);
499 }
500
501 if (acl_type == ACL_TYPE_DEFAULT && !S_ISDIR(mode)) {
502 errno = EINVAL;
503 archive_set_error(a, errno,
504 "Cannot set default ACL on non-directory");
505 return (ARCHIVE_WARN);
506 }
507
508 acl = acl_init(entries);
509 if (acl == (acl_t)NULL) {
510 archive_set_error(a, errno,
511 "Failed to initialize ACL working storage");
512 return (ARCHIVE_FAILED);
513 }
514
515 while (archive_acl_next(a, abstract_acl, ae_requested_type, &ae_type,
516 &ae_permset, &ae_tag, &ae_id, &ae_name) == ARCHIVE_OK) {
517
518 if (acl_create_entry(&acl, &acl_entry) != 0) {
519 archive_set_error(a, errno,
520 "Failed to create a new ACL entry");
521 ret = ARCHIVE_FAILED;
522 goto exit_free;
523 }
524
525 switch (ae_tag) {
526 case ARCHIVE_ENTRY_ACL_USER:
527 ae_uid = archive_write_disk_uid(a, ae_name, ae_id);
528 acl_set_tag_type(acl_entry, ACL_USER);
529 acl_set_qualifier(acl_entry, &ae_uid);
530 break;
531 case ARCHIVE_ENTRY_ACL_GROUP:
532 ae_gid = archive_write_disk_gid(a, ae_name, ae_id);
533 acl_set_tag_type(acl_entry, ACL_GROUP);
534 acl_set_qualifier(acl_entry, &ae_gid);
535 break;
536 case ARCHIVE_ENTRY_ACL_USER_OBJ:
537 acl_set_tag_type(acl_entry, ACL_USER_OBJ);
538 break;
539 case ARCHIVE_ENTRY_ACL_GROUP_OBJ:
540 acl_set_tag_type(acl_entry, ACL_GROUP_OBJ);
541 break;
542 case ARCHIVE_ENTRY_ACL_MASK:
543 acl_set_tag_type(acl_entry, ACL_MASK);
544 break;
545 case ARCHIVE_ENTRY_ACL_OTHER:
546 acl_set_tag_type(acl_entry, ACL_OTHER);
547 break;
548 default:
549 archive_set_error(a, ARCHIVE_ERRNO_MISC,
550 "Unsupported ACL tag");
551 ret = ARCHIVE_FAILED;
552 goto exit_free;
553 }
554
555 if (acl_get_permset(acl_entry, &acl_permset) != 0) {
556 archive_set_error(a, errno,
557 "Failed to get ACL permission set");
558 ret = ARCHIVE_FAILED;
559 goto exit_free;
560 }
561 if (acl_clear_perms(acl_permset) != 0) {
562 archive_set_error(a, errno,
563 "Failed to clear ACL permissions");
564 ret = ARCHIVE_FAILED;
565 goto exit_free;
566 }
567
568 for (i = 0; i < acl_posix_perm_map_size; ++i) {
569 if (ae_permset & acl_posix_perm_map[i].a_perm) {
570 if (acl_add_perm(acl_permset,
571 acl_posix_perm_map[i].p_perm) != 0) {
572 archive_set_error(a, errno,
573 "Failed to add ACL permission");
574 ret = ARCHIVE_FAILED;
575 goto exit_free;
576 }
577 }
578 }
579
580 }
581
582 if (fd >= 0 && ae_requested_type == ARCHIVE_ENTRY_ACL_TYPE_ACCESS) {
583 if (acl_set_fd(fd, acl) == 0)
584 ret = ARCHIVE_OK;
585 else {
586 if (errno == EOPNOTSUPP) {
587 /* Filesystem doesn't support ACLs */
588 ret = ARCHIVE_OK;
589 } else {
590 archive_set_error(a, errno,
591 "Failed to set acl on fd: %s", tname);
592 ret = ARCHIVE_WARN;
593 }
594 }
595 } else if (acl_set_file(name, acl_type, acl) != 0) {
596 if (errno == EOPNOTSUPP) {
597 /* Filesystem doesn't support ACLs */
598 ret = ARCHIVE_OK;
599 } else {
600 archive_set_error(a, errno, "Failed to set acl: %s",
601 tname);
602 ret = ARCHIVE_WARN;
603 }
604 }
605 exit_free:
606 acl_free(acl);
607 return (ret);
608 }
609 #endif /* ARCHIVE_ACL_LIBACL */
610
611 int
archive_read_disk_entry_setup_acls(struct archive_read_disk * a,struct archive_entry * entry,int * fd)612 archive_read_disk_entry_setup_acls(struct archive_read_disk *a,
613 struct archive_entry *entry, int *fd)
614 {
615 const char *accpath;
616 int r;
617 #if ARCHIVE_ACL_LIBACL
618 acl_t acl;
619 #endif
620 #if ARCHIVE_ACL_LIBRICHACL
621 struct richacl *richacl;
622 mode_t mode;
623 #endif
624
625 accpath = NULL;
626 r = ARCHIVE_OK;
627
628 /* For default ACLs we need reachable accpath */
629 if (*fd < 0 || S_ISDIR(archive_entry_mode(entry))) {
630 accpath = archive_read_disk_entry_setup_path(a, entry, fd);
631 if (accpath == NULL)
632 return (ARCHIVE_WARN);
633 }
634
635 archive_entry_acl_clear(entry);
636
637 #if ARCHIVE_ACL_LIBACL
638 acl = NULL;
639 #endif
640 #if ARCHIVE_ACL_LIBRICHACL
641 richacl = NULL;
642 #endif
643
644 #if ARCHIVE_ACL_LIBRICHACL
645 /* Try NFSv4 ACL first. */
646 if (*fd >= 0)
647 richacl = richacl_get_fd(*fd);
648 else if ((!a->follow_symlinks)
649 && (archive_entry_filetype(entry) == AE_IFLNK))
650 /* We can't get the ACL of a symlink, so we assume it can't
651 have one */
652 richacl = NULL;
653 else
654 richacl = richacl_get_file(accpath);
655
656 /* Ignore "trivial" ACLs that just mirror the file mode. */
657 if (richacl != NULL) {
658 mode = archive_entry_mode(entry);
659 if (richacl_equiv_mode(richacl, &mode) == 0) {
660 richacl_free(richacl);
661 richacl = NULL;
662 return (ARCHIVE_OK);
663 }
664 }
665
666 if (richacl != NULL) {
667 r = translate_richacl(a, entry, richacl);
668 richacl_free(richacl);
669 richacl = NULL;
670
671 if (r != ARCHIVE_OK) {
672 archive_set_error(&a->archive, errno,
673 "Couldn't translate NFSv4 ACLs");
674 }
675
676 return (r);
677 }
678 #endif /* ARCHIVE_ACL_LIBRICHACL */
679
680 #if ARCHIVE_ACL_LIBACL
681 /* Retrieve access ACL from file. */
682 if (*fd >= 0)
683 acl = acl_get_fd(*fd);
684 else if ((!a->follow_symlinks)
685 && (archive_entry_filetype(entry) == AE_IFLNK))
686 /* We can't get the ACL of a symlink, so we assume it can't
687 have one. */
688 acl = NULL;
689 else
690 acl = acl_get_file(accpath, ACL_TYPE_ACCESS);
691
692 if (acl != NULL) {
693 r = translate_acl(a, entry, acl, ARCHIVE_ENTRY_ACL_TYPE_ACCESS);
694 acl_free(acl);
695 acl = NULL;
696
697 if (r != ARCHIVE_OK) {
698 archive_set_error(&a->archive, errno,
699 "Couldn't translate access ACLs");
700 return (r);
701 }
702 }
703
704 /* Only directories can have default ACLs. */
705 if (S_ISDIR(archive_entry_mode(entry))) {
706 acl = acl_get_file(accpath, ACL_TYPE_DEFAULT);
707 if (acl != NULL) {
708 r = translate_acl(a, entry, acl,
709 ARCHIVE_ENTRY_ACL_TYPE_DEFAULT);
710 acl_free(acl);
711 if (r != ARCHIVE_OK) {
712 archive_set_error(&a->archive, errno,
713 "Couldn't translate default ACLs");
714 return (r);
715 }
716 }
717 }
718 #endif /* ARCHIVE_ACL_LIBACL */
719 return (r);
720 }
721
722 int
archive_write_disk_set_acls(struct archive * a,int fd,const char * name,struct archive_acl * abstract_acl,__LA_MODE_T mode)723 archive_write_disk_set_acls(struct archive *a, int fd, const char *name,
724 struct archive_acl *abstract_acl, __LA_MODE_T mode)
725 {
726 int ret = ARCHIVE_OK;
727
728 #if !ARCHIVE_ACL_LIBRICHACL
729 (void)mode; /* UNUSED */
730 #endif
731
732 #if ARCHIVE_ACL_LIBRICHACL
733 if ((archive_acl_types(abstract_acl)
734 & ARCHIVE_ENTRY_ACL_TYPE_NFS4) != 0) {
735 ret = set_richacl(a, fd, name, abstract_acl, mode,
736 ARCHIVE_ENTRY_ACL_TYPE_NFS4, "nfs4");
737 }
738 #if ARCHIVE_ACL_LIBACL
739 else
740 #endif
741 #endif /* ARCHIVE_ACL_LIBRICHACL */
742 #if ARCHIVE_ACL_LIBACL
743 if ((archive_acl_types(abstract_acl)
744 & ARCHIVE_ENTRY_ACL_TYPE_POSIX1E) != 0) {
745 if ((archive_acl_types(abstract_acl)
746 & ARCHIVE_ENTRY_ACL_TYPE_ACCESS) != 0) {
747 ret = set_acl(a, fd, name, abstract_acl, mode,
748 ARCHIVE_ENTRY_ACL_TYPE_ACCESS, "access");
749 if (ret != ARCHIVE_OK)
750 return (ret);
751 }
752 if ((archive_acl_types(abstract_acl)
753 & ARCHIVE_ENTRY_ACL_TYPE_DEFAULT) != 0)
754 ret = set_acl(a, fd, name, abstract_acl, mode,
755 ARCHIVE_ENTRY_ACL_TYPE_DEFAULT, "default");
756 }
757 #endif /* ARCHIVE_ACL_LIBACL */
758 return (ret);
759 }
760 #endif /* ARCHIVE_ACL_LIBACL || ARCHIVE_ACL_LIBRICHACL */
761