1 /*-
2 * Copyright (c) 2003-2009 Tim Kientzle
3 * Copyright (c) 2010-2012 Michihiro NAKAJIMA
4 * Copyright (c) 2017 Martin Matuska
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 */
27
28 #include "archive_platform.h"
29
30 #if ARCHIVE_ACL_LIBACL || ARCHIVE_ACL_LIBRICHACL
31
32 #ifdef HAVE_ERRNO_H
33 #include <errno.h>
34 #endif
35 #ifdef HAVE_FCNTL_H
36 #include <fcntl.h>
37 #endif
38 #if HAVE_ACL_LIBACL_H
39 #include <acl/libacl.h>
40 #endif
41 #ifdef HAVE_SYS_ACL_H
42 #include <sys/acl.h>
43 #endif
44 #ifdef HAVE_SYS_RICHACL_H
45 #include <sys/richacl.h>
46 #endif
47
48 #include "archive_entry.h"
49 #include "archive_private.h"
50 #include "archive_read_disk_private.h"
51 #include "archive_write_disk_private.h"
52
53 typedef struct {
54 const int a_perm; /* Libarchive permission or flag */
55 const int p_perm; /* Platform permission or flag */
56 } acl_perm_map_t;
57
58 #if ARCHIVE_ACL_LIBACL
59 static const acl_perm_map_t acl_posix_perm_map[] = {
60 {ARCHIVE_ENTRY_ACL_EXECUTE, ACL_EXECUTE},
61 {ARCHIVE_ENTRY_ACL_WRITE, ACL_WRITE},
62 {ARCHIVE_ENTRY_ACL_READ, ACL_READ},
63 };
64
65 static const int acl_posix_perm_map_size =
66 (int)(sizeof(acl_posix_perm_map)/sizeof(acl_posix_perm_map[0]));
67 #endif /* ARCHIVE_ACL_LIBACL */
68
69 #if ARCHIVE_ACL_LIBRICHACL
70 static const acl_perm_map_t acl_nfs4_perm_map[] = {
71 {ARCHIVE_ENTRY_ACL_EXECUTE, RICHACE_EXECUTE},
72 {ARCHIVE_ENTRY_ACL_READ_DATA, RICHACE_READ_DATA},
73 {ARCHIVE_ENTRY_ACL_LIST_DIRECTORY, RICHACE_LIST_DIRECTORY},
74 {ARCHIVE_ENTRY_ACL_WRITE_DATA, RICHACE_WRITE_DATA},
75 {ARCHIVE_ENTRY_ACL_ADD_FILE, RICHACE_ADD_FILE},
76 {ARCHIVE_ENTRY_ACL_APPEND_DATA, RICHACE_APPEND_DATA},
77 {ARCHIVE_ENTRY_ACL_ADD_SUBDIRECTORY, RICHACE_ADD_SUBDIRECTORY},
78 {ARCHIVE_ENTRY_ACL_READ_NAMED_ATTRS, RICHACE_READ_NAMED_ATTRS},
79 {ARCHIVE_ENTRY_ACL_WRITE_NAMED_ATTRS, RICHACE_WRITE_NAMED_ATTRS},
80 {ARCHIVE_ENTRY_ACL_DELETE_CHILD, RICHACE_DELETE_CHILD},
81 {ARCHIVE_ENTRY_ACL_READ_ATTRIBUTES, RICHACE_READ_ATTRIBUTES},
82 {ARCHIVE_ENTRY_ACL_WRITE_ATTRIBUTES, RICHACE_WRITE_ATTRIBUTES},
83 {ARCHIVE_ENTRY_ACL_DELETE, RICHACE_DELETE},
84 {ARCHIVE_ENTRY_ACL_READ_ACL, RICHACE_READ_ACL},
85 {ARCHIVE_ENTRY_ACL_WRITE_ACL, RICHACE_WRITE_ACL},
86 {ARCHIVE_ENTRY_ACL_WRITE_OWNER, RICHACE_WRITE_OWNER},
87 {ARCHIVE_ENTRY_ACL_SYNCHRONIZE, RICHACE_SYNCHRONIZE}
88 };
89
90 static const int acl_nfs4_perm_map_size =
91 (int)(sizeof(acl_nfs4_perm_map)/sizeof(acl_nfs4_perm_map[0]));
92
93 static const acl_perm_map_t acl_nfs4_flag_map[] = {
94 {ARCHIVE_ENTRY_ACL_ENTRY_FILE_INHERIT, RICHACE_FILE_INHERIT_ACE},
95 {ARCHIVE_ENTRY_ACL_ENTRY_DIRECTORY_INHERIT, RICHACE_DIRECTORY_INHERIT_ACE},
96 {ARCHIVE_ENTRY_ACL_ENTRY_NO_PROPAGATE_INHERIT, RICHACE_NO_PROPAGATE_INHERIT_ACE},
97 {ARCHIVE_ENTRY_ACL_ENTRY_INHERIT_ONLY, RICHACE_INHERIT_ONLY_ACE},
98 {ARCHIVE_ENTRY_ACL_ENTRY_INHERITED, RICHACE_INHERITED_ACE}
99 };
100
101 static const int acl_nfs4_flag_map_size =
102 (int)(sizeof(acl_nfs4_flag_map)/sizeof(acl_nfs4_flag_map[0]));
103 #endif /* ARCHIVE_ACL_LIBRICHACL */
104
105 #if ARCHIVE_ACL_LIBACL
106 /*
107 * Translate POSIX.1e ACLs into libarchive internal structure
108 */
109 static int
translate_acl(struct archive_read_disk * a,struct archive_entry * entry,acl_t acl,int default_entry_acl_type)110 translate_acl(struct archive_read_disk *a,
111 struct archive_entry *entry, acl_t acl, int default_entry_acl_type)
112 {
113 acl_tag_t acl_tag;
114 acl_entry_t acl_entry;
115 acl_permset_t acl_permset;
116 int i, entry_acl_type;
117 int r, s, ae_id, ae_tag, ae_perm;
118 void *q;
119 const char *ae_name;
120
121 s = acl_get_entry(acl, ACL_FIRST_ENTRY, &acl_entry);
122 if (s == -1) {
123 archive_set_error(&a->archive, errno,
124 "Failed to get first ACL entry");
125 return (ARCHIVE_WARN);
126 }
127
128 while (s == 1) {
129 ae_id = -1;
130 ae_name = NULL;
131 ae_perm = 0;
132
133 if (acl_get_tag_type(acl_entry, &acl_tag) != 0) {
134 archive_set_error(&a->archive, errno,
135 "Failed to get ACL tag type");
136 return (ARCHIVE_WARN);
137 }
138 switch (acl_tag) {
139 case ACL_USER:
140 q = acl_get_qualifier(acl_entry);
141 if (q != NULL) {
142 ae_id = (int)*(uid_t *)q;
143 acl_free(q);
144 ae_name = archive_read_disk_uname(&a->archive,
145 ae_id);
146 }
147 ae_tag = ARCHIVE_ENTRY_ACL_USER;
148 break;
149 case ACL_GROUP:
150 q = acl_get_qualifier(acl_entry);
151 if (q != NULL) {
152 ae_id = (int)*(gid_t *)q;
153 acl_free(q);
154 ae_name = archive_read_disk_gname(&a->archive,
155 ae_id);
156 }
157 ae_tag = ARCHIVE_ENTRY_ACL_GROUP;
158 break;
159 case ACL_MASK:
160 ae_tag = ARCHIVE_ENTRY_ACL_MASK;
161 break;
162 case ACL_USER_OBJ:
163 ae_tag = ARCHIVE_ENTRY_ACL_USER_OBJ;
164 break;
165 case ACL_GROUP_OBJ:
166 ae_tag = ARCHIVE_ENTRY_ACL_GROUP_OBJ;
167 break;
168 case ACL_OTHER:
169 ae_tag = ARCHIVE_ENTRY_ACL_OTHER;
170 break;
171 default:
172 /* Skip types that libarchive can't support. */
173 s = acl_get_entry(acl, ACL_NEXT_ENTRY, &acl_entry);
174 continue;
175 }
176
177 // XXX acl_type maps to allow/deny/audit/YYYY bits
178 entry_acl_type = default_entry_acl_type;
179
180 if (acl_get_permset(acl_entry, &acl_permset) != 0) {
181 archive_set_error(&a->archive, errno,
182 "Failed to get ACL permission set");
183 return (ARCHIVE_WARN);
184 }
185
186 for (i = 0; i < acl_posix_perm_map_size; ++i) {
187 r = acl_get_perm(acl_permset,
188 acl_posix_perm_map[i].p_perm);
189 if (r == -1) {
190 archive_set_error(&a->archive, errno,
191 "Failed to check permission in an ACL "
192 "permission set");
193 return (ARCHIVE_WARN);
194 } else if (r)
195 ae_perm |= acl_posix_perm_map[i].a_perm;
196 }
197
198 archive_entry_acl_add_entry(entry, entry_acl_type,
199 ae_perm, ae_tag,
200 ae_id, ae_name);
201
202 s = acl_get_entry(acl, ACL_NEXT_ENTRY, &acl_entry);
203 if (s == -1) {
204 archive_set_error(&a->archive, errno,
205 "Failed to get next ACL entry");
206 return (ARCHIVE_WARN);
207 }
208 }
209 return (ARCHIVE_OK);
210 }
211 #endif /* ARCHIVE_ACL_LIBACL */
212
213 #if ARCHIVE_ACL_LIBRICHACL
214 /*
215 * Translate RichACL into libarchive internal ACL
216 */
217 static int
translate_richacl(struct archive_read_disk * a,struct archive_entry * entry,struct richacl * richacl)218 translate_richacl(struct archive_read_disk *a, struct archive_entry *entry,
219 struct richacl *richacl)
220 {
221 int ae_id, ae_tag, ae_perm;
222 int entry_acl_type, i;
223 const char *ae_name;
224
225 struct richace *richace;
226
227 richacl_for_each_entry(richace, richacl) {
228 ae_name = NULL;
229 ae_tag = 0;
230 ae_perm = 0;
231 ae_id = -1;
232
233 switch (richace->e_type) {
234 case RICHACE_ACCESS_ALLOWED_ACE_TYPE:
235 entry_acl_type = ARCHIVE_ENTRY_ACL_TYPE_ALLOW;
236 break;
237 case RICHACE_ACCESS_DENIED_ACE_TYPE:
238 entry_acl_type = ARCHIVE_ENTRY_ACL_TYPE_DENY;
239 break;
240 default: /* Unknown entry type, skip */
241 continue;
242 }
243
244 /* Unsupported */
245 if (richace->e_flags & RICHACE_UNMAPPED_WHO)
246 continue;
247
248 if (richace->e_flags & RICHACE_SPECIAL_WHO) {
249 switch (richace->e_id) {
250 case RICHACE_OWNER_SPECIAL_ID:
251 ae_tag = ARCHIVE_ENTRY_ACL_USER_OBJ;
252 break;
253 case RICHACE_GROUP_SPECIAL_ID:
254 ae_tag = ARCHIVE_ENTRY_ACL_GROUP_OBJ;
255 break;
256 case RICHACE_EVERYONE_SPECIAL_ID:
257 ae_tag = ARCHIVE_ENTRY_ACL_EVERYONE;
258 break;
259 default: /* Unknown special ID type */
260 continue;
261 }
262 } else {
263 ae_id = richace->e_id;
264 if (richace->e_flags & RICHACE_IDENTIFIER_GROUP) {
265 ae_tag = ARCHIVE_ENTRY_ACL_GROUP;
266 ae_name = archive_read_disk_gname(&a->archive,
267 (gid_t)(richace->e_id));
268 } else {
269 ae_tag = ARCHIVE_ENTRY_ACL_USER;
270 ae_name = archive_read_disk_uname(&a->archive,
271 (uid_t)(richace->e_id));
272 }
273 }
274 for (i = 0; i < acl_nfs4_flag_map_size; ++i) {
275 if ((richace->e_flags &
276 acl_nfs4_flag_map[i].p_perm) != 0)
277 ae_perm |= acl_nfs4_flag_map[i].a_perm;
278 }
279 for (i = 0; i < acl_nfs4_perm_map_size; ++i) {
280 if ((richace->e_mask &
281 acl_nfs4_perm_map[i].p_perm) != 0)
282 ae_perm |=
283 acl_nfs4_perm_map[i].a_perm;
284 }
285
286 archive_entry_acl_add_entry(entry, entry_acl_type,
287 ae_perm, ae_tag, ae_id, ae_name);
288 }
289 return (ARCHIVE_OK);
290 }
291 #endif /* ARCHIVE_ACL_LIBRICHACL */
292
293 #if ARCHIVE_ACL_LIBRICHACL
294 static int
_richacl_mode_to_mask(short mode)295 _richacl_mode_to_mask(short mode)
296 {
297 int mask = 0;
298
299 if (mode & S_IROTH)
300 mask |= RICHACE_POSIX_MODE_READ;
301 if (mode & S_IWOTH)
302 mask |= RICHACE_POSIX_MODE_WRITE;
303 if (mode & S_IXOTH)
304 mask |= RICHACE_POSIX_MODE_EXEC;
305
306 return (mask);
307 }
308
309 static void
_richacl_mode_to_masks(struct richacl * richacl,__LA_MODE_T mode)310 _richacl_mode_to_masks(struct richacl *richacl, __LA_MODE_T mode)
311 {
312 richacl->a_owner_mask = _richacl_mode_to_mask((mode & 0700) >> 6);
313 richacl->a_group_mask = _richacl_mode_to_mask((mode & 0070) >> 3);
314 richacl->a_other_mask = _richacl_mode_to_mask(mode & 0007);
315 }
316 #endif /* ARCHIVE_ACL_LIBRICHACL */
317
318 #if ARCHIVE_ACL_LIBRICHACL
319 static int
set_richacl(struct archive * a,int fd,const char * name,struct archive_acl * abstract_acl,__LA_MODE_T mode,int ae_requested_type,const char * tname)320 set_richacl(struct archive *a, int fd, const char *name,
321 struct archive_acl *abstract_acl, __LA_MODE_T mode,
322 int ae_requested_type, const char *tname)
323 {
324 int ae_type, ae_permset, ae_tag, ae_id;
325 uid_t ae_uid;
326 gid_t ae_gid;
327 const char *ae_name;
328 int entries;
329 int i;
330 int ret;
331 int e = 0;
332 struct richacl *richacl = NULL;
333 struct richace *richace;
334
335 ret = ARCHIVE_OK;
336 entries = archive_acl_reset(abstract_acl, ae_requested_type);
337 if (entries == 0)
338 return (ARCHIVE_OK);
339
340 if (ae_requested_type != ARCHIVE_ENTRY_ACL_TYPE_NFS4) {
341 errno = ENOENT;
342 archive_set_error(a, errno, "Unsupported ACL type");
343 return (ARCHIVE_FAILED);
344 }
345
346 richacl = richacl_alloc(entries);
347 if (richacl == NULL) {
348 archive_set_error(a, errno,
349 "Failed to initialize RichACL working storage");
350 return (ARCHIVE_FAILED);
351 }
352
353 e = 0;
354
355 while (archive_acl_next(a, abstract_acl, ae_requested_type, &ae_type,
356 &ae_permset, &ae_tag, &ae_id, &ae_name) == ARCHIVE_OK) {
357 richace = &(richacl->a_entries[e]);
358
359 richace->e_flags = 0;
360 richace->e_mask = 0;
361
362 switch (ae_tag) {
363 case ARCHIVE_ENTRY_ACL_USER:
364 ae_uid = archive_write_disk_uid(a, ae_name, ae_id);
365 richace->e_id = ae_uid;
366 break;
367 case ARCHIVE_ENTRY_ACL_GROUP:
368 ae_gid = archive_write_disk_gid(a, ae_name, ae_id);
369 richace->e_id = ae_gid;
370 richace->e_flags |= RICHACE_IDENTIFIER_GROUP;
371 break;
372 case ARCHIVE_ENTRY_ACL_USER_OBJ:
373 richace->e_flags |= RICHACE_SPECIAL_WHO;
374 richace->e_id = RICHACE_OWNER_SPECIAL_ID;
375 break;
376 case ARCHIVE_ENTRY_ACL_GROUP_OBJ:
377 richace->e_flags |= RICHACE_SPECIAL_WHO;
378 richace->e_id = RICHACE_GROUP_SPECIAL_ID;
379 break;
380 case ARCHIVE_ENTRY_ACL_EVERYONE:
381 richace->e_flags |= RICHACE_SPECIAL_WHO;
382 richace->e_id = RICHACE_EVERYONE_SPECIAL_ID;
383 break;
384 default:
385 archive_set_error(a, ARCHIVE_ERRNO_MISC,
386 "Unsupported ACL tag");
387 ret = ARCHIVE_FAILED;
388 goto exit_free;
389 }
390
391 switch (ae_type) {
392 case ARCHIVE_ENTRY_ACL_TYPE_ALLOW:
393 richace->e_type =
394 RICHACE_ACCESS_ALLOWED_ACE_TYPE;
395 break;
396 case ARCHIVE_ENTRY_ACL_TYPE_DENY:
397 richace->e_type =
398 RICHACE_ACCESS_DENIED_ACE_TYPE;
399 break;
400 case ARCHIVE_ENTRY_ACL_TYPE_AUDIT:
401 case ARCHIVE_ENTRY_ACL_TYPE_ALARM:
402 break;
403 default:
404 archive_set_error(a, ARCHIVE_ERRNO_MISC,
405 "Unsupported ACL entry type");
406 ret = ARCHIVE_FAILED;
407 goto exit_free;
408 }
409
410 for (i = 0; i < acl_nfs4_perm_map_size; ++i) {
411 if (ae_permset & acl_nfs4_perm_map[i].a_perm)
412 richace->e_mask |= acl_nfs4_perm_map[i].p_perm;
413 }
414
415 for (i = 0; i < acl_nfs4_flag_map_size; ++i) {
416 if (ae_permset &
417 acl_nfs4_flag_map[i].a_perm)
418 richace->e_flags |= acl_nfs4_flag_map[i].p_perm;
419 }
420 e++;
421 }
422
423 /* Fill RichACL masks */
424 _richacl_mode_to_masks(richacl, mode);
425
426 if (fd >= 0) {
427 if (richacl_set_fd(fd, richacl) == 0)
428 ret = ARCHIVE_OK;
429 else {
430 if (errno == EOPNOTSUPP) {
431 /* Filesystem doesn't support ACLs */
432 ret = ARCHIVE_OK;
433 } else {
434 archive_set_error(a, errno,
435 "Failed to set richacl on fd: %s", tname);
436 ret = ARCHIVE_WARN;
437 }
438 }
439 } else if (richacl_set_file(name, richacl) != 0) {
440 if (errno == EOPNOTSUPP) {
441 /* Filesystem doesn't support ACLs */
442 ret = ARCHIVE_OK;
443 } else {
444 archive_set_error(a, errno, "Failed to set richacl: %s",
445 tname);
446 ret = ARCHIVE_WARN;
447 }
448 }
449 exit_free:
450 richacl_free(richacl);
451 return (ret);
452 }
453 #endif /* ARCHIVE_ACL_RICHACL */
454
455 #if ARCHIVE_ACL_LIBACL
456 static int
set_acl(struct archive * a,int fd,const char * name,struct archive_acl * abstract_acl,int ae_requested_type,const char * tname)457 set_acl(struct archive *a, int fd, const char *name,
458 struct archive_acl *abstract_acl,
459 int ae_requested_type, const char *tname)
460 {
461 int acl_type = 0;
462 int ae_type, ae_permset, ae_tag, ae_id;
463 uid_t ae_uid;
464 gid_t ae_gid;
465 const char *ae_name;
466 int entries;
467 int i;
468 int ret;
469 acl_t acl = NULL;
470 acl_entry_t acl_entry;
471 acl_permset_t acl_permset;
472
473 ret = ARCHIVE_OK;
474 entries = archive_acl_reset(abstract_acl, ae_requested_type);
475 if (entries == 0)
476 return (ARCHIVE_OK);
477
478 switch (ae_requested_type) {
479 case ARCHIVE_ENTRY_ACL_TYPE_ACCESS:
480 acl_type = ACL_TYPE_ACCESS;
481 break;
482 case ARCHIVE_ENTRY_ACL_TYPE_DEFAULT:
483 acl_type = ACL_TYPE_DEFAULT;
484 break;
485 default:
486 errno = ENOENT;
487 archive_set_error(a, errno, "Unsupported ACL type");
488 return (ARCHIVE_FAILED);
489 }
490
491 acl = acl_init(entries);
492 if (acl == (acl_t)NULL) {
493 archive_set_error(a, errno,
494 "Failed to initialize ACL working storage");
495 return (ARCHIVE_FAILED);
496 }
497
498 while (archive_acl_next(a, abstract_acl, ae_requested_type, &ae_type,
499 &ae_permset, &ae_tag, &ae_id, &ae_name) == ARCHIVE_OK) {
500
501 if (acl_create_entry(&acl, &acl_entry) != 0) {
502 archive_set_error(a, errno,
503 "Failed to create a new ACL entry");
504 ret = ARCHIVE_FAILED;
505 goto exit_free;
506 }
507
508 switch (ae_tag) {
509 case ARCHIVE_ENTRY_ACL_USER:
510 ae_uid = archive_write_disk_uid(a, ae_name, ae_id);
511 acl_set_tag_type(acl_entry, ACL_USER);
512 acl_set_qualifier(acl_entry, &ae_uid);
513 break;
514 case ARCHIVE_ENTRY_ACL_GROUP:
515 ae_gid = archive_write_disk_gid(a, ae_name, ae_id);
516 acl_set_tag_type(acl_entry, ACL_GROUP);
517 acl_set_qualifier(acl_entry, &ae_gid);
518 break;
519 case ARCHIVE_ENTRY_ACL_USER_OBJ:
520 acl_set_tag_type(acl_entry, ACL_USER_OBJ);
521 break;
522 case ARCHIVE_ENTRY_ACL_GROUP_OBJ:
523 acl_set_tag_type(acl_entry, ACL_GROUP_OBJ);
524 break;
525 case ARCHIVE_ENTRY_ACL_MASK:
526 acl_set_tag_type(acl_entry, ACL_MASK);
527 break;
528 case ARCHIVE_ENTRY_ACL_OTHER:
529 acl_set_tag_type(acl_entry, ACL_OTHER);
530 break;
531 default:
532 archive_set_error(a, ARCHIVE_ERRNO_MISC,
533 "Unsupported ACL tag");
534 ret = ARCHIVE_FAILED;
535 goto exit_free;
536 }
537
538 if (acl_get_permset(acl_entry, &acl_permset) != 0) {
539 archive_set_error(a, errno,
540 "Failed to get ACL permission set");
541 ret = ARCHIVE_FAILED;
542 goto exit_free;
543 }
544 if (acl_clear_perms(acl_permset) != 0) {
545 archive_set_error(a, errno,
546 "Failed to clear ACL permissions");
547 ret = ARCHIVE_FAILED;
548 goto exit_free;
549 }
550
551 for (i = 0; i < acl_posix_perm_map_size; ++i) {
552 if (ae_permset & acl_posix_perm_map[i].a_perm) {
553 if (acl_add_perm(acl_permset,
554 acl_posix_perm_map[i].p_perm) != 0) {
555 archive_set_error(a, errno,
556 "Failed to add ACL permission");
557 ret = ARCHIVE_FAILED;
558 goto exit_free;
559 }
560 }
561 }
562
563 }
564
565 if (fd >= 0 && ae_requested_type == ARCHIVE_ENTRY_ACL_TYPE_ACCESS) {
566 if (acl_set_fd(fd, acl) == 0)
567 ret = ARCHIVE_OK;
568 else {
569 if (errno == EOPNOTSUPP) {
570 /* Filesystem doesn't support ACLs */
571 ret = ARCHIVE_OK;
572 } else {
573 archive_set_error(a, errno,
574 "Failed to set acl on fd: %s", tname);
575 ret = ARCHIVE_WARN;
576 }
577 }
578 } else if (acl_set_file(name, acl_type, acl) != 0) {
579 if (errno == EOPNOTSUPP) {
580 /* Filesystem doesn't support ACLs */
581 ret = ARCHIVE_OK;
582 } else {
583 archive_set_error(a, errno, "Failed to set acl: %s",
584 tname);
585 ret = ARCHIVE_WARN;
586 }
587 }
588 exit_free:
589 acl_free(acl);
590 return (ret);
591 }
592 #endif /* ARCHIVE_ACL_LIBACL */
593
594 int
archive_read_disk_entry_setup_acls(struct archive_read_disk * a,struct archive_entry * entry,int * fd)595 archive_read_disk_entry_setup_acls(struct archive_read_disk *a,
596 struct archive_entry *entry, int *fd)
597 {
598 const char *accpath;
599 int r;
600 #if ARCHIVE_ACL_LIBACL
601 acl_t acl;
602 #endif
603 #if ARCHIVE_ACL_LIBRICHACL
604 struct richacl *richacl;
605 mode_t mode;
606 #endif
607
608 accpath = NULL;
609 r = ARCHIVE_OK;
610
611 /* For default ACLs we need reachable accpath */
612 if (*fd < 0 || S_ISDIR(archive_entry_mode(entry))) {
613 accpath = archive_read_disk_entry_setup_path(a, entry, fd);
614 if (accpath == NULL)
615 return (ARCHIVE_WARN);
616 }
617
618 archive_entry_acl_clear(entry);
619
620 #if ARCHIVE_ACL_LIBACL
621 acl = NULL;
622 #endif
623 #if ARCHIVE_ACL_LIBRICHACL
624 richacl = NULL;
625 #endif
626
627 #if ARCHIVE_ACL_LIBRICHACL
628 /* Try NFSv4 ACL first. */
629 if (*fd >= 0)
630 richacl = richacl_get_fd(*fd);
631 else if ((!a->follow_symlinks)
632 && (archive_entry_filetype(entry) == AE_IFLNK))
633 /* We can't get the ACL of a symlink, so we assume it can't
634 have one */
635 richacl = NULL;
636 else
637 richacl = richacl_get_file(accpath);
638
639 /* Ignore "trivial" ACLs that just mirror the file mode. */
640 if (richacl != NULL) {
641 mode = archive_entry_mode(entry);
642 if (richacl_equiv_mode(richacl, &mode) == 0) {
643 richacl_free(richacl);
644 richacl = NULL;
645 return (ARCHIVE_OK);
646 }
647 }
648
649 if (richacl != NULL) {
650 r = translate_richacl(a, entry, richacl);
651 richacl_free(richacl);
652 richacl = NULL;
653
654 if (r != ARCHIVE_OK) {
655 archive_set_error(&a->archive, errno,
656 "Couldn't translate NFSv4 ACLs");
657 }
658
659 return (r);
660 }
661 #endif /* ARCHIVE_ACL_LIBRICHACL */
662
663 #if ARCHIVE_ACL_LIBACL
664 /* Retrieve access ACL from file. */
665 if (*fd >= 0)
666 acl = acl_get_fd(*fd);
667 else if ((!a->follow_symlinks)
668 && (archive_entry_filetype(entry) == AE_IFLNK))
669 /* We can't get the ACL of a symlink, so we assume it can't
670 have one. */
671 acl = NULL;
672 else
673 acl = acl_get_file(accpath, ACL_TYPE_ACCESS);
674
675 if (acl != NULL) {
676 r = translate_acl(a, entry, acl, ARCHIVE_ENTRY_ACL_TYPE_ACCESS);
677 acl_free(acl);
678 acl = NULL;
679
680 if (r != ARCHIVE_OK) {
681 archive_set_error(&a->archive, errno,
682 "Couldn't translate access ACLs");
683 return (r);
684 }
685 }
686
687 /* Only directories can have default ACLs. */
688 if (S_ISDIR(archive_entry_mode(entry))) {
689 acl = acl_get_file(accpath, ACL_TYPE_DEFAULT);
690 if (acl != NULL) {
691 r = translate_acl(a, entry, acl,
692 ARCHIVE_ENTRY_ACL_TYPE_DEFAULT);
693 acl_free(acl);
694 if (r != ARCHIVE_OK) {
695 archive_set_error(&a->archive, errno,
696 "Couldn't translate default ACLs");
697 return (r);
698 }
699 }
700 }
701 #endif /* ARCHIVE_ACL_LIBACL */
702 return (r);
703 }
704
705 int
archive_write_disk_set_acls(struct archive * a,int fd,const char * name,struct archive_acl * abstract_acl,__LA_MODE_T mode)706 archive_write_disk_set_acls(struct archive *a, int fd, const char *name,
707 struct archive_acl *abstract_acl, __LA_MODE_T mode)
708 {
709 int ret = ARCHIVE_OK;
710
711 #if !ARCHIVE_ACL_LIBRICHACL
712 (void)mode; /* UNUSED */
713 #endif
714
715 #if ARCHIVE_ACL_LIBRICHACL
716 if ((archive_acl_types(abstract_acl)
717 & ARCHIVE_ENTRY_ACL_TYPE_NFS4) != 0) {
718 ret = set_richacl(a, fd, name, abstract_acl, mode,
719 ARCHIVE_ENTRY_ACL_TYPE_NFS4, "nfs4");
720 }
721 #if ARCHIVE_ACL_LIBACL
722 else
723 #endif
724 #endif /* ARCHIVE_ACL_LIBRICHACL */
725 #if ARCHIVE_ACL_LIBACL
726 if ((archive_acl_types(abstract_acl)
727 & ARCHIVE_ENTRY_ACL_TYPE_POSIX1E) != 0) {
728 if ((archive_acl_types(abstract_acl)
729 & ARCHIVE_ENTRY_ACL_TYPE_ACCESS) != 0) {
730 ret = set_acl(a, fd, name, abstract_acl,
731 ARCHIVE_ENTRY_ACL_TYPE_ACCESS, "access");
732 if (ret != ARCHIVE_OK)
733 return (ret);
734 }
735 if ((archive_acl_types(abstract_acl)
736 & ARCHIVE_ENTRY_ACL_TYPE_DEFAULT) != 0)
737 ret = set_acl(a, fd, name, abstract_acl,
738 ARCHIVE_ENTRY_ACL_TYPE_DEFAULT, "default");
739 }
740 #endif /* ARCHIVE_ACL_LIBACL */
741 return (ret);
742 }
743 #endif /* ARCHIVE_ACL_LIBACL || ARCHIVE_ACL_LIBRICHACL */
744