1 /*
2 Unix SMB/Netbios implementation.
3 VFS module to get and set Tru64 acls
4 Copyright (C) Michael Adam 2006,2008
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include "includes.h"
21 #include "system/filesys.h"
22 #include "smbd/smbd.h"
23 #include "modules/vfs_tru64acl.h"
24
25 /* prototypes for private functions first - for clarity */
26
27 static struct smb_acl_t *tru64_acl_to_smb_acl(const struct acl *tru64_acl,
28 TALLOC_CTX *mem_ctx);
29 static bool tru64_ace_to_smb_ace(acl_entry_t tru64_ace,
30 struct smb_acl_entry *smb_ace);
31 static acl_t smb_acl_to_tru64_acl(const SMB_ACL_T smb_acl);
32 static acl_tag_t smb_tag_to_tru64(SMB_ACL_TAG_T smb_tag);
33 static SMB_ACL_TAG_T tru64_tag_to_smb(acl_tag_t tru64_tag);
34 static acl_perm_t smb_permset_to_tru64(SMB_ACL_PERM_T smb_permset);
35 static SMB_ACL_PERM_T tru64_permset_to_smb(const acl_perm_t tru64_permset);
36
37
38 /* public functions - the api */
39
tru64acl_sys_acl_get_file(vfs_handle_struct * handle,const struct smb_filename * smb_fname,SMB_ACL_TYPE_T type,TALLOC_CTX * mem_ctx)40 SMB_ACL_T tru64acl_sys_acl_get_file(vfs_handle_struct *handle,
41 const struct smb_filename *smb_fname,
42 SMB_ACL_TYPE_T type,
43 TALLOC_CTX *mem_ctx)
44 {
45 struct smb_acl_t *result;
46 acl_type_t the_acl_type;
47 acl_t tru64_acl;
48
49 DEBUG(10, ("Hi! This is tru64acl_sys_acl_get_file.\n"));
50
51 switch(type) {
52 case SMB_ACL_TYPE_ACCESS:
53 the_acl_type = ACL_TYPE_ACCESS;
54 break;
55 case SMB_ACL_TYPE_DEFAULT:
56 the_acl_type = ACL_TYPE_DEFAULT;
57 break;
58 default:
59 errno = EINVAL;
60 return NULL;
61 }
62
63 tru64_acl = acl_get_file((char *)smb_fname->base_name, the_acl_type);
64
65 if (tru64_acl == NULL) {
66 return NULL;
67 }
68
69 result = tru64_acl_to_smb_acl(tru64_acl, mem_ctx);
70 acl_free(tru64_acl);
71 return result;
72 }
73
tru64acl_sys_acl_get_fd(vfs_handle_struct * handle,files_struct * fsp,TALLOC_CTX * mem_ctx)74 SMB_ACL_T tru64acl_sys_acl_get_fd(vfs_handle_struct *handle,
75 files_struct *fsp,
76 TALLOC_CTX *mem_ctx)
77 {
78 struct smb_acl_t *result;
79 acl_t tru64_acl = acl_get_fd(fsp->fh->fd, ACL_TYPE_ACCESS);
80
81 if (tru64_acl == NULL) {
82 return NULL;
83 }
84
85 result = tru64_acl_to_smb_acl(tru64_acl, mem_ctx);
86 acl_free(tru64_acl);
87 return result;
88 }
89
tru64acl_sys_acl_set_file(vfs_handle_struct * handle,const struct smb_filename * smb_fname,SMB_ACL_TYPE_T type,SMB_ACL_T theacl)90 int tru64acl_sys_acl_set_file(vfs_handle_struct *handle,
91 const struct smb_filename *smb_fname,
92 SMB_ACL_TYPE_T type,
93 SMB_ACL_T theacl)
94 {
95 int res;
96 acl_type_t the_acl_type;
97 acl_t tru64_acl;
98
99 DEBUG(10, ("tru64acl_sys_acl_set_file called with name %s, type %d\n",
100 smb_fname->base_name, type));
101
102 switch(type) {
103 case SMB_ACL_TYPE_ACCESS:
104 DEBUGADD(10, ("got acl type ACL_TYPE_ACCESS\n"));
105 the_acl_type = ACL_TYPE_ACCESS;
106 break;
107 case SMB_ACL_TYPE_DEFAULT:
108 DEBUGADD(10, ("got acl type ACL_TYPE_DEFAULT\n"));
109 the_acl_type = ACL_TYPE_DEFAULT;
110 break;
111 default:
112 DEBUGADD(10, ("invalid acl type\n"));
113 errno = EINVAL;
114 goto fail;
115 }
116
117 tru64_acl = smb_acl_to_tru64_acl(theacl);
118 if (tru64_acl == NULL) {
119 DEBUG(10, ("smb_acl_to_tru64_acl failed!\n"));
120 goto fail;
121 }
122 DEBUG(10, ("got tru64 acl...\n"));
123 res = acl_set_file((char *)smb_fname->base_name,
124 the_acl_type, tru64_acl);
125 acl_free(tru64_acl);
126 if (res != 0) {
127 DEBUG(10, ("acl_set_file failed: %s\n", strerror(errno)));
128 goto fail;
129 }
130 return res;
131 fail:
132 DEBUG(1, ("tru64acl_sys_acl_set_file failed!\n"));
133 return -1;
134 }
135
tru64acl_sys_acl_set_fd(vfs_handle_struct * handle,files_struct * fsp,SMB_ACL_T theacl)136 int tru64acl_sys_acl_set_fd(vfs_handle_struct *handle,
137 files_struct *fsp,
138 SMB_ACL_T theacl)
139 {
140 int res;
141 acl_t tru64_acl = smb_acl_to_tru64_acl(theacl);
142 if (tru64_acl == NULL) {
143 return -1;
144 }
145 res = acl_set_fd(fsp->fh->fd, ACL_TYPE_ACCESS, tru64_acl);
146 acl_free(tru64_acl);
147 return res;
148
149 }
150
tru64acl_sys_acl_delete_def_file(vfs_handle_struct * handle,const struct smb_filename * smb_fname)151 int tru64acl_sys_acl_delete_def_file(vfs_handle_struct *handle,
152 const struct smb_filename *smb_fname)
153 {
154 return acl_delete_def_file((char *)smb_fname->base_name);
155 }
156
157
158 /* private functions */
159
tru64_acl_to_smb_acl(const struct acl * tru64_acl,TALLOC_CTX * mem_ctx)160 static struct smb_acl_t *tru64_acl_to_smb_acl(const struct acl *tru64_acl,
161 TALLOC_CTX *mem_ctx)
162 {
163 struct smb_acl_t *result;
164 acl_entry_t entry;
165
166 DEBUG(10, ("Hi! This is tru64_acl_to_smb_acl.\n"));
167
168 if ((result = sys_acl_init(mem_ctx)) == NULL) {
169 DEBUG(0, ("sys_acl_init() failed in tru64_acl_to_smb_acl\n"));
170 errno = ENOMEM;
171 goto fail;
172 }
173 if (acl_first_entry((struct acl *)tru64_acl) != 0) {
174 DEBUG(10, ("acl_first_entry failed: %s\n", strerror(errno)));
175 goto fail;
176 }
177 while ((entry = acl_get_entry((struct acl *)tru64_acl)) != NULL) {
178 result->acl = talloc_realloc(result, result->acl, struct smb_acl_entry,
179 result->count + 1);
180 if (result->acl == NULL) {
181 TALLOC_FREE(result);
182 DEBUG(0, ("talloc_realloc failed in tru64_acl_to_smb_acl\n"));
183 errno = ENOMEM;
184 goto fail;
185 }
186 /* XYZ */
187 if (!tru64_ace_to_smb_ace(entry, &result->acl[result->count])) {
188 TALLOC_FREE(result);
189 goto fail;
190 }
191 result->count += 1;
192 }
193 return result;
194
195 fail:
196 TALLOC_FREE(result);
197 DEBUG(1, ("tru64_acl_to_smb_acl failed!\n"));
198 return NULL;
199 }
200
tru64_ace_to_smb_ace(acl_entry_t tru64_ace,struct smb_acl_entry * smb_ace)201 static bool tru64_ace_to_smb_ace(acl_entry_t tru64_ace,
202 struct smb_acl_entry *smb_ace)
203 {
204 acl_tag_t tru64_tag;
205 acl_permset_t permset;
206 SMB_ACL_TAG_T smb_tag_type;
207 SMB_ACL_PERM_T smb_permset;
208 void *qualifier;
209
210 if (acl_get_tag_type(tru64_ace, &tru64_tag) != 0) {
211 DEBUG(0, ("acl_get_tag_type failed: %s\n", strerror(errno)));
212 return False;
213 }
214
215 /* On could set the tag type directly to save a function call,
216 * but I like this better... */
217 smb_tag_type = tru64_tag_to_smb(tru64_tag);
218 if (smb_tag_type == 0) {
219 DEBUG(3, ("invalid tag type given: %d\n", tru64_tag));
220 return False;
221 }
222 if (sys_acl_set_tag_type(smb_ace, smb_tag_type) != 0) {
223 DEBUG(3, ("sys_acl_set_tag_type failed: %s\n",
224 strerror(errno)));
225 return False;
226 }
227 qualifier = acl_get_qualifier(tru64_ace);
228 if (qualifier != NULL) {
229 if (sys_acl_set_qualifier(smb_ace, qualifier) != 0) {
230 DEBUG(3, ("sys_acl_set_qualifier failed\n"));
231 return False;
232 }
233 }
234 if (acl_get_permset(tru64_ace, &permset) != 0) {
235 DEBUG(3, ("acl_get_permset failed: %s\n", strerror(errno)));
236 return False;
237 }
238 smb_permset = tru64_permset_to_smb(*permset);
239 if (sys_acl_set_permset(smb_ace, &smb_permset) != 0) {
240 DEBUG(3, ("sys_acl_set_permset failed: %s\n", strerror(errno)));
241 return False;
242 }
243 return True;
244 }
245
smb_acl_to_tru64_acl(const SMB_ACL_T smb_acl)246 static acl_t smb_acl_to_tru64_acl(const SMB_ACL_T smb_acl)
247 {
248 acl_t result;
249 acl_entry_t tru64_entry;
250 int i;
251 char *acl_text;
252 ssize_t acl_text_len;
253
254 /* The tru64 acl_init function takes a size_t value
255 * instead of a count of entries (as with posix).
256 * the size parameter "Specifies the size of the working
257 * storage in bytes" (according to the man page).
258 * But it is unclear to me, how this size is to be
259 * calculated.
260 *
261 * It should not matter, since acl_create_entry enlarges
262 * the working storage at need. ... */
263
264 DEBUG(10, ("Hi! This is smb_acl_to_tru64_acl.\n"));
265
266 result = acl_init(1);
267
268 if (result == NULL) {
269 DEBUG(3, ("acl_init failed!\n"));
270 goto fail;
271 }
272
273 DEBUGADD(10, ("parsing acl entries...\n"));
274 for (i = 0; i < smb_acl->count; i++) {
275 /* XYZ - maybe eliminate this direct access? */
276 const struct smb_acl_entry *smb_entry = &smb_acl->acl[i];
277 acl_tag_t tru64_tag;
278 acl_perm_t tru64_permset;
279
280 tru64_tag = smb_tag_to_tru64(smb_entry->a_type);
281 if (tru64_tag == -1) {
282 DEBUG(3, ("smb_tag_to_tru64 failed!\n"));
283 goto fail;
284 }
285
286 if (tru64_tag == ACL_MASK) {
287 DEBUGADD(10, (" - acl type ACL_MASK: not implemented on Tru64 ==> skipping\n"));
288 continue;
289 }
290
291 tru64_entry = acl_create_entry(&result);
292 if (tru64_entry == NULL) {
293 DEBUG(3, ("acl_create_entry failed: %s\n",
294 strerror(errno)));
295 goto fail;
296 }
297
298 if (acl_set_tag_type(tru64_entry, tru64_tag) != 0) {
299 DEBUG(3, ("acl_set_tag_type(%d) failed: %s\n",
300 strerror(errno)));
301 goto fail;
302 }
303
304 switch (smb_entry->a_type) {
305 case SMB_ACL_USER:
306 if (acl_set_qualifier(tru64_entry,
307 (int *)&smb_entry->info.user.uid) != 0)
308 {
309 DEBUG(3, ("acl_set_qualifier failed: %s\n",
310 strerror(errno)));
311 goto fail;
312 }
313 DEBUGADD(10, (" - setting uid to %d\n", smb_entry->info.user.uid));
314 break;
315 case SMB_ACL_GROUP:
316 if (acl_set_qualifier(tru64_entry,
317 (int *)&smb_entry->info.group.gid) != 0)
318 {
319 DEBUG(3, ("acl_set_qualifier failed: %s\n",
320 strerror(errno)));
321 goto fail;
322 }
323 DEBUGADD(10, (" - setting gid to %d\n", smb_entry->info.group.gid));
324 break;
325 default:
326 break;
327 }
328
329 tru64_permset = smb_permset_to_tru64(smb_entry->a_perm);
330 if (tru64_permset == -1) {
331 DEBUG(3, ("smb_permset_to_tru64 failed!\n"));
332 goto fail;
333 }
334 DEBUGADD(10, (" - setting perms to %0d\n", tru64_permset));
335 if (acl_set_permset(tru64_entry, &tru64_permset) != 0)
336 {
337 DEBUG(3, ("acl_set_permset failed: %s\n", strerror(errno)));
338 goto fail;
339 }
340 } /* for */
341 DEBUGADD(10, ("done parsing acl entries\n"));
342
343 tru64_entry = NULL;
344 if (acl_valid(result, &tru64_entry) != 0) {
345 DEBUG(1, ("smb_acl_to_tru64_acl: ACL is invalid (%s)\n",
346 strerror(errno)));
347 if (tru64_entry != NULL) {
348 DEBUGADD(1, ("the acl contains duplicate entries\n"));
349 }
350 goto fail;
351 }
352 DEBUGADD(10, ("acl is valid\n"));
353
354 acl_text = acl_to_text(result, &acl_text_len);
355 if (acl_text == NULL) {
356 DEBUG(3, ("acl_to_text failed: %s\n", strerror(errno)));
357 goto fail;
358 }
359 DEBUG(1, ("acl_text: %s\n", acl_text));
360 free(acl_text);
361
362 return result;
363
364 fail:
365 if (result != NULL) {
366 acl_free(result);
367 }
368 DEBUG(1, ("smb_acl_to_tru64_acl failed!\n"));
369 return NULL;
370 }
371
smb_tag_to_tru64(SMB_ACL_TAG_T smb_tag)372 static acl_tag_t smb_tag_to_tru64(SMB_ACL_TAG_T smb_tag)
373 {
374 acl_tag_t result;
375 switch (smb_tag) {
376 case SMB_ACL_USER:
377 result = ACL_USER;
378 DEBUGADD(10, ("got acl type ACL_USER\n"));
379 break;
380 case SMB_ACL_USER_OBJ:
381 result = ACL_USER_OBJ;
382 DEBUGADD(10, ("got acl type ACL_USER_OBJ\n"));
383 break;
384 case SMB_ACL_GROUP:
385 result = ACL_GROUP;
386 DEBUGADD(10, ("got acl type ACL_GROUP\n"));
387 break;
388 case SMB_ACL_GROUP_OBJ:
389 result = ACL_GROUP_OBJ;
390 DEBUGADD(10, ("got acl type ACL_GROUP_OBJ\n"));
391 break;
392 case SMB_ACL_OTHER:
393 result = ACL_OTHER;
394 DEBUGADD(10, ("got acl type ACL_OTHER\n"));
395 break;
396 case SMB_ACL_MASK:
397 result = ACL_MASK;
398 DEBUGADD(10, ("got acl type ACL_MASK\n"));
399 break;
400 default:
401 DEBUG(1, ("Unknown tag type %d\n", smb_tag));
402 result = -1;
403 }
404 return result;
405 }
406
407
tru64_tag_to_smb(acl_tag_t tru64_tag)408 static SMB_ACL_TAG_T tru64_tag_to_smb(acl_tag_t tru64_tag)
409 {
410 SMB_ACL_TAG_T smb_tag_type;
411 switch(tru64_tag) {
412 case ACL_USER:
413 smb_tag_type = SMB_ACL_USER;
414 DEBUGADD(10, ("got smb acl tag type SMB_ACL_USER\n"));
415 break;
416 case ACL_USER_OBJ:
417 smb_tag_type = SMB_ACL_USER_OBJ;
418 DEBUGADD(10, ("got smb acl tag type SMB_ACL_USER_OBJ\n"));
419 break;
420 case ACL_GROUP:
421 smb_tag_type = SMB_ACL_GROUP;
422 DEBUGADD(10, ("got smb acl tag type SMB_ACL_GROUP\n"));
423 break;
424 case ACL_GROUP_OBJ:
425 smb_tag_type = SMB_ACL_GROUP_OBJ;
426 DEBUGADD(10, ("got smb acl tag type SMB_ACL_GROUP_OBJ\n"));
427 break;
428 case ACL_OTHER:
429 smb_tag_type = SMB_ACL_OTHER;
430 DEBUGADD(10, ("got smb acl tag type SMB_ACL_OTHER\n"));
431 break;
432 case ACL_MASK:
433 smb_tag_type = SMB_ACL_MASK;
434 DEBUGADD(10, ("got smb acl tag type SMB_ACL_MASK\n"));
435 break;
436 default:
437 DEBUG(0, ("Unknown tag type %d\n", (unsigned int)tru64_tag));
438 smb_tag_type = 0;
439 }
440 return smb_tag_type;
441 }
442
smb_permset_to_tru64(SMB_ACL_PERM_T smb_permset)443 static acl_perm_t smb_permset_to_tru64(SMB_ACL_PERM_T smb_permset)
444 {
445 /* originally, I thought that acl_clear_perm was the
446 * proper way to reset the permset to 0. but without
447 * initializing it to 0, acl_clear_perm fails.
448 * so probably, acl_clear_perm is not necessary here... ?! */
449 acl_perm_t tru64_permset = 0;
450 if (acl_clear_perm(&tru64_permset) != 0) {
451 DEBUG(5, ("acl_clear_perm failed: %s\n", strerror(errno)));
452 return -1;
453 }
454 /* according to original lib/sysacls.c, acl_add_perm is
455 * broken on tru64 ... */
456 tru64_permset |= ((smb_permset & SMB_ACL_READ) ? ACL_READ : 0);
457 tru64_permset |= ((smb_permset & SMB_ACL_WRITE) ? ACL_WRITE : 0);
458 tru64_permset |= ((smb_permset & SMB_ACL_EXECUTE) ? ACL_EXECUTE : 0);
459 return tru64_permset;
460 }
461
tru64_permset_to_smb(const acl_perm_t tru64_permset)462 static SMB_ACL_PERM_T tru64_permset_to_smb(const acl_perm_t tru64_permset)
463 {
464 SMB_ACL_PERM_T smb_permset = 0;
465 smb_permset |= ((tru64_permset & ACL_READ) ? SMB_ACL_READ : 0);
466 smb_permset |= ((tru64_permset & ACL_WRITE) ? SMB_ACL_WRITE : 0);
467 smb_permset |= ((tru64_permset & ACL_EXECUTE) ? SMB_ACL_EXECUTE : 0);
468 return smb_permset;
469 }
470
471
472 /* VFS operations structure */
473
474 static struct vfs_fn_pointers tru64acl_fns = {
475 .sys_acl_get_file_fn = tru64acl_sys_acl_get_file,
476 .sys_acl_get_fd_fn = tru64acl_sys_acl_get_fd,
477 .sys_acl_blob_get_file_fn = posix_sys_acl_blob_get_file,
478 .sys_acl_blob_get_fd_fn = posix_sys_acl_blob_get_fd,
479 .sys_acl_set_file_fn = tru64acl_sys_acl_set_file,
480 .sys_acl_set_fd_fn = tru64acl_sys_acl_set_fd,
481 .sys_acl_delete_def_file_fn = tru64acl_sys_acl_delete_def_file,
482 };
483
484 static_decl_vfs;
vfs_tru64acl_init(TALLOC_CTX * ctx)485 NTSTATUS vfs_tru64acl_init(TALLOC_CTX *ctx)
486 {
487 return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "tru64acl",
488 &tru64acl_fns);
489 }
490
491 /* ENTE */
492