2 Unix SMB/Netbios implementation.
3 VFS module to get and set posix acls
4 Copyright (C) Volker Lendecke 2006
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #include "system/filesys.h"
22 #include "smbd/smbd.h"
23 #include "modules/vfs_posixacl.h"
25 /* prototypes for static functions first - for clarity */
27 static bool smb_ace_to_internal(acl_entry_t posix_ace,
28 struct smb_acl_entry *ace);
29 static struct smb_acl_t *smb_acl_to_internal(acl_t acl, TALLOC_CTX *mem_ctx);
30 static int smb_acl_set_mode(acl_entry_t entry, SMB_ACL_PERM_T perm);
31 static acl_t smb_acl_to_posix(const struct smb_acl_t *acl);
34 /* public functions - the api */
36 SMB_ACL_T posixacl_sys_acl_get_file(vfs_handle_struct *handle,
37 const struct smb_filename *smb_fname,
41 struct smb_acl_t *result;
46 case SMB_ACL_TYPE_ACCESS:
47 acl_type = ACL_TYPE_ACCESS;
49 case SMB_ACL_TYPE_DEFAULT:
50 acl_type = ACL_TYPE_DEFAULT;
57 acl = acl_get_file(smb_fname->base_name, acl_type);
63 result = smb_acl_to_internal(acl, mem_ctx);
68 SMB_ACL_T posixacl_sys_acl_get_fd(vfs_handle_struct *handle,
69 files_struct *fsp, TALLOC_CTX *mem_ctx)
71 struct smb_acl_t *result;
74 if (!fsp->fsp_flags.is_pathref) {
75 acl = acl_get_fd(fsp_get_io_fd(fsp));
76 } else if (fsp->fsp_flags.have_proc_fds) {
77 int fd = fsp_get_pathref_fd(fsp);
78 const char *proc_fd_path = NULL;
81 proc_fd_path = sys_proc_fd_path(fd, buf, sizeof(buf));
82 if (proc_fd_path == NULL) {
86 acl = acl_get_file(proc_fd_path, ACL_TYPE_ACCESS);
89 * This is no longer a handle based call.
91 acl = acl_get_file(fsp->fsp_name->base_name, ACL_TYPE_ACCESS);
97 result = smb_acl_to_internal(acl, mem_ctx);
102 int posixacl_sys_acl_set_file(vfs_handle_struct *handle,
103 const struct smb_filename *smb_fname,
111 DEBUG(10, ("Calling acl_set_file: %s, %d\n",
112 smb_fname->base_name,
116 case SMB_ACL_TYPE_ACCESS:
117 acl_type = ACL_TYPE_ACCESS;
119 case SMB_ACL_TYPE_DEFAULT:
120 acl_type = ACL_TYPE_DEFAULT;
127 if ((acl = smb_acl_to_posix(theacl)) == NULL) {
130 res = acl_set_file(smb_fname->base_name, acl_type, acl);
132 DEBUG(10, ("acl_set_file failed: %s\n", strerror(errno)));
138 int posixacl_sys_acl_set_fd(vfs_handle_struct *handle,
143 acl_t acl = smb_acl_to_posix(theacl);
144 int fd = fsp_get_pathref_fd(fsp);
150 if (!fsp->fsp_flags.is_pathref) {
151 res = acl_set_fd(fd, acl);
152 } else if (fsp->fsp_flags.have_proc_fds) {
153 const char *proc_fd_path = NULL;
156 proc_fd_path = sys_proc_fd_path(fd, buf, sizeof(buf));
157 if (proc_fd_path == NULL) {
160 res = acl_set_file(proc_fd_path, ACL_TYPE_ACCESS, acl);
163 * This is no longer a handle based call.
165 res = acl_set_file(fsp->fsp_name->base_name,
174 int posixacl_sys_acl_delete_def_file(vfs_handle_struct *handle,
175 const struct smb_filename *smb_fname)
177 return acl_delete_def_file(smb_fname->base_name);
181 /* private functions */
183 static bool smb_ace_to_internal(acl_entry_t posix_ace,
184 struct smb_acl_entry *ace)
187 acl_permset_t permset;
189 if (acl_get_tag_type(posix_ace, &tag) != 0) {
190 DEBUG(0, ("smb_acl_get_tag_type failed\n"));
196 ace->a_type = SMB_ACL_USER;
199 ace->a_type = SMB_ACL_USER_OBJ;
202 ace->a_type = SMB_ACL_GROUP;
205 ace->a_type = SMB_ACL_GROUP_OBJ;
208 ace->a_type = SMB_ACL_OTHER;
211 ace->a_type = SMB_ACL_MASK;
213 #ifdef HAVE_ACL_EVERYONE
215 DEBUG(1, ("ACL tag type ACL_EVERYONE. FreeBSD with ZFS? Use 'vfs objects = zfsacl'\n"));
219 DEBUG(0, ("unknown tag type %d\n", (unsigned int)tag));
222 switch(ace->a_type) {
224 uid_t *puid = (uid_t *)acl_get_qualifier(posix_ace);
226 DEBUG(0, ("smb_acl_get_qualifier failed\n"));
229 ace->info.user.uid = *puid;
234 case SMB_ACL_GROUP: {
235 gid_t *pgid = (uid_t *)acl_get_qualifier(posix_ace);
237 DEBUG(0, ("smb_acl_get_qualifier failed\n"));
240 ace->info.group.gid = *pgid;
247 if (acl_get_permset(posix_ace, &permset) != 0) {
248 DEBUG(0, ("smb_acl_get_mode failed\n"));
252 #ifdef HAVE_ACL_GET_PERM_NP
253 ace->a_perm |= (acl_get_perm_np(permset, ACL_READ) ? SMB_ACL_READ : 0);
254 ace->a_perm |= (acl_get_perm_np(permset, ACL_WRITE) ? SMB_ACL_WRITE : 0);
255 ace->a_perm |= (acl_get_perm_np(permset, ACL_EXECUTE) ? SMB_ACL_EXECUTE : 0);
257 ace->a_perm |= (acl_get_perm(permset, ACL_READ) ? SMB_ACL_READ : 0);
258 ace->a_perm |= (acl_get_perm(permset, ACL_WRITE) ? SMB_ACL_WRITE : 0);
259 ace->a_perm |= (acl_get_perm(permset, ACL_EXECUTE) ? SMB_ACL_EXECUTE : 0);
264 static struct smb_acl_t *smb_acl_to_internal(acl_t acl, TALLOC_CTX *mem_ctx)
266 struct smb_acl_t *result = sys_acl_init(mem_ctx);
267 int entry_id = ACL_FIRST_ENTRY;
269 if (result == NULL) {
272 while (acl_get_entry(acl, entry_id, &e) == 1) {
274 entry_id = ACL_NEXT_ENTRY;
276 result->acl = talloc_realloc(result, result->acl,
277 struct smb_acl_entry, result->count+1);
278 if (result->acl == NULL) {
280 DEBUG(0, ("talloc_realloc failed\n"));
285 if (!smb_ace_to_internal(e, &result->acl[result->count])) {
295 static int smb_acl_set_mode(acl_entry_t entry, SMB_ACL_PERM_T perm)
298 acl_permset_t permset;
300 if ((ret = acl_get_permset(entry, &permset)) != 0) {
303 if ((ret = acl_clear_perms(permset)) != 0) {
306 if ((perm & SMB_ACL_READ) &&
307 ((ret = acl_add_perm(permset, ACL_READ)) != 0)) {
310 if ((perm & SMB_ACL_WRITE) &&
311 ((ret = acl_add_perm(permset, ACL_WRITE)) != 0)) {
314 if ((perm & SMB_ACL_EXECUTE) &&
315 ((ret = acl_add_perm(permset, ACL_EXECUTE)) != 0)) {
322 static acl_t smb_acl_to_posix(const struct smb_acl_t *acl)
327 result = acl_init(acl->count);
328 if (result == NULL) {
329 DEBUG(10, ("acl_init failed\n"));
333 for (i=0; i<acl->count; i++) {
334 const struct smb_acl_entry *entry = &acl->acl[i];
338 if (acl_create_entry(&result, &e) != 0) {
339 DEBUG(1, ("acl_create_entry failed: %s\n",
344 switch (entry->a_type) {
348 case SMB_ACL_USER_OBJ:
354 case SMB_ACL_GROUP_OBJ:
364 DEBUG(1, ("Unknown tag value %d\n", entry->a_type));
368 if (acl_set_tag_type(e, tag) != 0) {
369 DEBUG(10, ("acl_set_tag_type(%d) failed: %s\n",
370 tag, strerror(errno)));
374 switch (entry->a_type) {
376 if (acl_set_qualifier(e, &entry->info.user.uid) != 0) {
377 DEBUG(1, ("acl_set_qualifiier failed: %s\n",
383 if (acl_set_qualifier(e, &entry->info.group.gid) != 0) {
384 DEBUG(1, ("acl_set_qualifiier failed: %s\n",
389 default: /* Shut up, compiler! :-) */
393 if (smb_acl_set_mode(e, entry->a_perm) != 0) {
398 if (acl_valid(result) != 0) {
399 char *acl_string = sys_acl_to_text(acl, NULL);
400 DEBUG(0, ("smb_acl_to_posix: ACL %s is invalid for set (%s)\n",
401 acl_string, strerror(errno)));
402 SAFE_FREE(acl_string);
409 if (result != NULL) {
415 /* VFS operations structure */
417 static struct vfs_fn_pointers posixacl_fns = {
418 .sys_acl_get_file_fn = posixacl_sys_acl_get_file,
419 .sys_acl_get_fd_fn = posixacl_sys_acl_get_fd,
420 .sys_acl_blob_get_file_fn = posix_sys_acl_blob_get_file,
421 .sys_acl_blob_get_fd_fn = posix_sys_acl_blob_get_fd,
422 .sys_acl_set_file_fn = posixacl_sys_acl_set_file,
423 .sys_acl_set_fd_fn = posixacl_sys_acl_set_fd,
424 .sys_acl_delete_def_file_fn = posixacl_sys_acl_delete_def_file,
428 NTSTATUS vfs_posixacl_init(TALLOC_CTX *ctx)
430 return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "posixacl",
git.samba.org / samba.git / blob