Mercurial > hg > webserver / annotate

src/server/daemon/acl.c@ef3c8a0e1fee (annotated)

src/server/daemon/acl.c

Sun, 27 Nov 2022 13:33:30 +0100

author
Olaf Wintermann <olaf.wintermann@gmail.com>
date
Sun, 27 Nov 2022 13:33:30 +0100
changeset 443
ef3c8a0e1fee
parent 415
d938228c382e
child 453
4586d534f9b5
permissions
-rw-r--r--

improve daemon startup
parent will wait until daemon is started and returns error code if startup failed
daemon startup log messages will be printed by parent

51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
1 /*
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
2 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
3 *
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
4 * Copyright 2013 Olaf Wintermann. All rights reserved.
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
5 *
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
6 * Redistribution and use in source and binary forms, with or without
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
7 * modification, are permitted provided that the following conditions are met:
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
8 *
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
9 * 1. Redistributions of source code must retain the above copyright
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
10 * notice, this list of conditions and the following disclaimer.
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
11 *
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
12 * 2. Redistributions in binary form must reproduce the above copyright
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
13 * notice, this list of conditions and the following disclaimer in the
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
14 * documentation and/or other materials provided with the distribution.
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
15 *
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
17 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
20 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
26 * POSSIBILITY OF SUCH DAMAGE.
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
27 */
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
28
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
29 #include <stdio.h>
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
30 #include <stdlib.h>
73
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
31 #include <unistd.h>
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
32
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
33 #include "../util/util.h"
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
34 #include "../util/pool.h"
141
ff311b63c3af many fixes
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 109
diff changeset
35 #include "../util/pblock.h"
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
36 #include "../safs/auth.h"
73
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
37 #include "log.h"
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
38 #include "acl.h"
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
39
141
ff311b63c3af many fixes
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 109
diff changeset
40 #define AUTH_TYPE_BASIC "basic"
ff311b63c3af many fixes
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 109
diff changeset
41
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
42 void acllist_createhandle(Session *sn, Request *rq) {
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
43 ACLListHandle *handle = pool_malloc(sn->pool, sizeof(ACLListHandle));
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
44 handle->defaultauthdb = NULL;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
45 handle->listhead = NULL;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
46 handle->listtail = NULL;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
47 rq->acllist = handle;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
48 }
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
49
52
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
50 /*
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
51 * append or prepend an ACL
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
52 */
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
53 void acllist_add(Session *sn, Request *rq, ACLList *acl, int append) {
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
54 if(!rq->acllist) {
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
55 acllist_createhandle(sn, rq);
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
56 }
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
57 ACLListHandle *list = rq->acllist;
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
58
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
59 if(!list->defaultauthdb && acl->authdb) {
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
60 list->defaultauthdb = acl->authdb;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
61 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
62
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
63 ACLListElm *elm = pool_malloc(sn->pool, sizeof(ACLListElm));
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
64 elm->acl = acl;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
65 elm->next = NULL;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
66 if(list->listhead == NULL) {
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
67 list->listhead = elm;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
68 list->listtail = elm;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
69 } else {
52
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
70 if(append) {
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
71 list->listtail->next = elm;
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
72 list->listtail = elm;
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
73 } else {
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
74 elm->next = list->listhead;
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
75 list->listhead = elm;
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
76 }
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
77 }
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
78 }
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
79
52
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
80 void acllist_append(Session *sn, Request *rq, ACLList *acl) {
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
81 acllist_add(sn, rq, acl, 1);
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
82 }
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
83
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
84 void acllist_prepend(Session *sn, Request *rq, ACLList *acl) {
52
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
85 acllist_add(sn, rq, acl, 0);
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
86 }
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
87
54
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
88 uint32_t acl_oflag2mask(int oflags) {
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
89 /* TODO:
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
90 * maybe there is a plattform where O_RDWR is not O_RDONLY | O_WRONLY
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
91 */
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
92 uint32_t access_mask = 0;
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
93 if((oflags & O_RDONLY) == O_RDONLY) {
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
94 access_mask |= ACL_READ_DATA;
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
95 }
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
96 if((oflags & O_WRONLY) == O_WRONLY) {
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
97 access_mask |= ACL_WRITE_DATA;
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
98 }
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
99 return access_mask;
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
100 }
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
101
54
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
102 User* acllist_getuser(Session *sn, Request *rq, ACLListHandle *list) {
261
f2c772336ecd add some references to issues
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 260
diff changeset
103 // TODO: cache result #50
54
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
104 if(!sn || !rq || !list) {
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
105 return NULL;
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
106 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
107
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
108 // get user
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
109 User *user = NULL;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
110 if(list->defaultauthdb) {
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
111 char *usr;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
112 char *pw;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
113 if(!basicauth_getuser(sn, rq, &usr, &pw)) {
66
74babc0082b7 added authentication cache
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 63
diff changeset
114 int pwok;
74babc0082b7 added authentication cache
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 63
diff changeset
115 user = authdb_get_and_verify(list->defaultauthdb, usr, pw, &pwok);
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
116 if(!user) {
66
74babc0082b7 added authentication cache
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 63
diff changeset
117 // wrong user or wrong password
54
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
118 return NULL;
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
119 }
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
120 // ok - user is authenticated
141
ff311b63c3af many fixes
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 109
diff changeset
121 pblock_kvinsert(
ff311b63c3af many fixes
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 109
diff changeset
122 pb_key_auth_user,
ff311b63c3af many fixes
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 109
diff changeset
123 user->name,
ff311b63c3af many fixes
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 109
diff changeset
124 strlen(user->name),
ff311b63c3af many fixes
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 109
diff changeset
125 rq->vars);
ff311b63c3af many fixes
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 109
diff changeset
126 pblock_kvinsert(
ff311b63c3af many fixes
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 109
diff changeset
127 pb_key_auth_type,
ff311b63c3af many fixes
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 109
diff changeset
128 AUTH_TYPE_BASIC,
ff311b63c3af many fixes
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 109
diff changeset
129 sizeof(AUTH_TYPE_BASIC)-1,
ff311b63c3af many fixes
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 109
diff changeset
130 rq->vars);
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
131 }
54
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
132 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
133
54
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
134 return user;
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
135 }
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
136
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
137 void acl_set_error_status(Session *sn, Request *rq, ACLList *acl, User *user) {
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
138 if(sn == NULL || rq == NULL) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
139 return;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
140 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
141
54
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
142 if(!user) {
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
143 char *value = NULL;
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
144 if(acl->authprompt) {
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
145 size_t realmlen = strlen(acl->authprompt);
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
146 size_t len = realmlen + 16;
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
147 value = pool_malloc(sn->pool, len);
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
148 if(value) {
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
149 snprintf(
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
150 value,
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
151 len,
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
152 "Basic realm=\"%s\"",
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
153 acl->authprompt);
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
154 }
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
155 }
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
156 if(!value) {
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
157 value = "Basic realm=\"login\"";
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
158 }
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
159 pblock_nvinsert("www-authenticate", value, rq->srvhdrs);
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
160 protocol_status(sn, rq, PROTOCOL_UNAUTHORIZED, NULL);
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
161 } else {
54
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
162 protocol_status(sn, rq, PROTOCOL_FORBIDDEN, NULL);
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
163 }
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
164 }
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
165
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
166 int acl_evaluate(Session *sn, Request *rq, int access_mask) {
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
167 ACLListHandle *list = rq->acllist;
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
168 if(!list) {
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
169 return REQ_PROCEED;
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
170 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
171
54
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
172 // we combine access_mask with the required access rights
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
173 access_mask |= rq->aclreqaccess;
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
174
54
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
175 // get user
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
176 User *user = acllist_getuser(sn, rq, list);
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
177
54
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
178 // evalutate all ACLs
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
179 ACLList *acl = acl_evallist(list, user, access_mask, NULL);
54
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
180 if(acl) {
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
181 acl_set_error_status(sn, rq, acl, user);
261
f2c772336ecd add some references to issues
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 260
diff changeset
182 // TODO: don't free the user here #51
54
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
183 if(user) {
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
184 user->free(user);
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
185 }
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
186 return REQ_ABORTED;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
187 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
188
54
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
189 // access allowed, we can free the user
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
190 if(user) {
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
191 user->free(user);
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
192 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
193
54
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
194 return REQ_PROCEED;
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
195 }
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
196
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
197 ACLList* acl_evallist(
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
198 ACLListHandle *list,
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
199 User *user,
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
200 int access_mask,
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
201 ACLList **externacl)
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
202 {
54
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
203 if(!list) {
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
204 return NULL;
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
205 }
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
206 if(externacl) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
207 *externacl = NULL;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
208 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
209
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
210 // evaluate each acl until one denies access
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
211 ACLListElm *elm = list->listhead;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
212 while(elm) {
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
213 ACLList *acl = elm->acl;
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
214 if(acl->isextern) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
215 // set externacl to the first external acl
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
216 if(externacl && *externacl == NULL) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
217 *externacl = acl;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
218 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
219 } else if(!acl->check(acl, user, access_mask)) {
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
220 // the acl denies access
54
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
221 return acl;
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
222 }
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
223 elm = elm->next;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
224 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
225
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
226 // ok - all acls allowed access
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
227
54
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
228 return NULL;
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
229 }
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
230
54
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
231 int wsacl_affects_user(WSAce *ace, User *user) {
52
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
232 int check_access = 0;
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
233
52
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
234 /*
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
235 * an ace can affect
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
236 * a named user or group (ace->who is set)
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
237 * the owner of the resource (ACL_OWNER is set)
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
238 * the owning group of the resource (ACL_GROUP is set)
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
239 * everyone (ACL_EVERYONE is set)
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
240 *
52
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
241 * Only one of this conditions should be true. The behavior on
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
242 * illegal flag combination is undefined. We assume that the acls
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
243 * are created correctly by the configuration loader.
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
244 */
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
245
52
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
246 if(ace->who && user) {
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
247 // this ace is defined for a named user or group
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
248 if((ace->flags & ACL_IDENTIFIER_GROUP) == ACL_IDENTIFIER_GROUP) {
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
249 if(user->check_group(user, ace->who)) {
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
250 // the user is in the group
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
251 check_access = 1;
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
252 }
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
253 } else {
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
254 if(!strcmp(user->name, ace->who)) {
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
255 check_access = 1;
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
256 }
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
257 }
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
258 } else if((ace->flags & ACL_OWNER) == ACL_OWNER) {
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
259 // TODO
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
260 } else if((ace->flags & ACL_GROUP) == ACL_GROUP) {
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
261 // TODO
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
262 } else if((ace->flags & ACL_EVERYONE) == ACL_EVERYONE) {
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
263 check_access = 1;
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
264 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
265
52
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
266 return check_access;
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
267 }
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
268
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
269 int wsacl_check(WSAcl *acl, User *user, int access_mask) {
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
270 int allow = 0;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
271 uint32_t allowed_access = 0;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
272 // check each access control entry
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
273 for(int i=0;i<acl->acenum;i++) {
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
274 WSAce *ace = acl->ace[i];
52
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
275 if(wsacl_affects_user(ace, user)) {
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
276 if(ace->type == ACL_TYPE_ALLOWED) {
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
277 // add all new access rights
54
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
278 allowed_access |= (access_mask & ace->access_mask);
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
279 // check if we have all requested rights
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
280 if((allowed_access & access_mask) == access_mask) {
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
281 allow = 1;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
282 break;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
283 }
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
284 } else {
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
285 // ACL_TYPE_DENIED
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
286
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
287 if((ace->access_mask & access_mask) != 0) {
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
288 // access denied
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
289 break;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
290 }
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
291 }
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
292 }
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
293 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
294
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
295 // TODO: events
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
296
54
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
297 return allow; // allow is 0, if no ace set it to 1
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
298 }
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
299
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
300
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
301 /* filesystem acl functions */
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
302
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
303 #if defined (__SVR4) && defined (__sun)
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
304
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
305 #include <sys/acl.h>
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
306
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
307 int solaris_acl_check(
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
308 char *path,
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
309 struct stat *s,
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
310 uint32_t mask,
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
311 uid_t uid,
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
312 gid_t gid);
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
313 int solaris_acl_affects_user(
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
314 ace_t *ace,
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
315 uid_t uid,
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
316 gid_t gid,
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
317 uid_t owner,
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
318 gid_t owninggroup);
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
319
241
4adad7faf452 add proppatch op
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 211
diff changeset
320 int fs_acl_check(SysACL *acl, User *user, const char *path, uint32_t access_mask) {
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
321 cxmutstr p;
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
322 if(path[0] != '/') {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
323 size_t n = 128;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
324 char *cwd = malloc(n);
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
325 while(!getcwd(cwd, n)) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
326 if(errno == ERANGE) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
327 n *= 2;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
328 cwd = realloc(cwd, n);
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
329 } else {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
330 free(cwd);
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
331 return 0;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
332 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
333 }
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
334 cxmutstr wd = cx_str(cwd);
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
335 cxmutstr pp = cx_str((char*)path);
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
336
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
337 p = cx_strcat(3, wd, cx_strn("/", 1), pp);
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
338 } else {
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
339 p = cx_strdup(cx_str((char*)path));
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
340 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
341 if(p.ptr[p.length-1] == '/') {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
342 p.ptr[p.length-1] = 0;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
343 p.length--;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
344 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
345
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
346 // get uid/gid
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
347 struct passwd pw;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
348 if(user) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
349 char *pwbuf = malloc(DEF_PWBUF);
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
350 if(pwbuf == NULL) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
351 free(p.ptr);
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
352 return 0;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
353 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
354 if(!util_getpwnam(user->name, &pw, pwbuf, DEF_PWBUF)) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
355 free(pwbuf);
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
356 free(p.ptr);
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
357 return 0;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
358 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
359 free(pwbuf);
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
360 acl->user_uid = pw.pw_uid;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
361 acl->user_gid = pw.pw_gid;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
362 } else {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
363 acl->user_uid = -1;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
364 acl->user_gid = -1;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
365 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
366
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
367 // translate access_mask
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
368 uint32_t mask = 0;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
369 if((access_mask & ACL_READ_DATA) == ACL_READ_DATA) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
370 mask |= ACE_READ_DATA;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
371 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
372 if((access_mask & ACL_WRITE_DATA) == ACL_WRITE_DATA) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
373 mask |= ACE_WRITE_DATA;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
374 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
375 if((access_mask & ACL_ADD_FILE) == ACL_ADD_FILE) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
376 mask |= ACE_ADD_FILE;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
377 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
378 if((access_mask & ACL_READ_XATTR) == ACL_READ_XATTR) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
379 mask |= ACE_READ_NAMED_ATTRS;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
380 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
381 if((access_mask & ACL_WRITE_XATTR) == ACL_WRITE_XATTR) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
382 mask |= ACE_WRITE_NAMED_ATTRS;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
383 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
384 if((access_mask & ACL_EXECUTE) == ACL_EXECUTE) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
385 mask |= ACE_EXECUTE;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
386 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
387 if((access_mask & ACL_DELETE) == ACL_DELETE) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
388 mask |= ACE_DELETE_CHILD;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
389 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
390 if((access_mask & ACL_READ_ATTRIBUTES) == ACL_READ_ATTRIBUTES) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
391 mask |= ACE_READ_ATTRIBUTES;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
392 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
393 if((access_mask & ACL_WRITE_ATTRIBUTES) == ACL_WRITE_ATTRIBUTES) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
394 mask |= ACE_WRITE_ATTRIBUTES;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
395 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
396 if((access_mask & ACL_LIST) == ACL_LIST) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
397 mask |= ACE_LIST_DIRECTORY;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
398 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
399 if((access_mask & ACL_READ_ACL) == ACL_READ_ACL) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
400 mask |= ACE_READ_ACL;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
401 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
402 if((access_mask & ACL_WRITE_ACL) == ACL_WRITE_ACL) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
403 mask |= ACE_WRITE_ACL;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
404 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
405 if((access_mask & ACL_WRITE_OWNER) == ACL_WRITE_OWNER) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
406 mask |= ACE_WRITE_OWNER;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
407 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
408 if((access_mask & ACL_SYNCHRONIZE) == ACL_SYNCHRONIZE) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
409 mask |= ACE_SYNCHRONIZE;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
410 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
411
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
412 /*
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
413 * If the vfs wants to create new files, path does not name an existing
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
414 * file. In this case, we check if the user has the ACE_ADD_FILE
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
415 * permission for the parent directory
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
416 */
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
417 struct stat s;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
418 if(stat(p.ptr, &s)) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
419 if(errno != ENOENT) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
420 perror("fs_acl_check: stat");
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
421 free(p.ptr);
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
422 return 0;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
423 } else {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
424 mask = ACE_ADD_FILE;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
425 p = util_path_remove_last(p);
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
426 if(stat(p.ptr, &s)) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
427 free(p.ptr);
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
428 return 0;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
429 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
430 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
431 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
432
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
433 /*
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
434 * perform a acl check for the path and each parent directory
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
435 * we don't check the file system root
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
436 *
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
437 * after the first check, we check only search permission for the
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
438 * directories
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
439 */
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
440 if(!solaris_acl_check(p.ptr, &s, mask, pw.pw_uid, pw.pw_gid)) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
441 free(p.ptr);
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
442 return 0;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
443 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
444
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
445 p = util_path_remove_last(p);
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
446 mask = ACE_LIST_DIRECTORY;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
447 while(p.length > 1) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
448 if(stat(p.ptr, &s)) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
449 free(p.ptr);
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
450 return 0;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
451 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
452 if(!solaris_acl_check(p.ptr, &s, mask, pw.pw_uid, pw.pw_gid)) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
453 free(p.ptr);
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
454 return 0;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
455 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
456
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
457 // cut the last file name from the path
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
458 p = util_path_remove_last(p);
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
459 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
460
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
461
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
462 return 1;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
463 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
464
211
2160585200ac add propfind/proppatch parser and first iteration of the new webdav api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 202
diff changeset
465 int fs_acl_check_fd(SysACL *acl, User *user, int fd, uint32_t access_mask) {
2160585200ac add propfind/proppatch parser and first iteration of the new webdav api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 202
diff changeset
466 // TODO:
2160585200ac add propfind/proppatch parser and first iteration of the new webdav api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 202
diff changeset
467 return 1;
2160585200ac add propfind/proppatch parser and first iteration of the new webdav api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 202
diff changeset
468 }
2160585200ac add propfind/proppatch parser and first iteration of the new webdav api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 202
diff changeset
469
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
470 int solaris_acl_check(
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
471 char *path,
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
472 struct stat *s,
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
473 uint32_t mask,
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
474 uid_t uid,
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
475 gid_t gid)
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
476 {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
477 //printf("solaris_acl_check %s\n", path);
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
478
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
479 int nace = acl(path, ACE_GETACLCNT, 0, NULL);
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
480 if(nace == -1) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
481 perror("acl: ACE_GETACLCNT");
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
482 // TODO: log error
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
483 return 0;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
484 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
485 ace_t *aces = calloc(nace, sizeof(ace_t));
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
486 if(acl(path, ACE_GETACL, nace, aces) == 1) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
487 perror("acl: ACE_GETACL");
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
488 // TODO: log error
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
489 free(aces);
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
490 return 0;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
491 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
492
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
493 int allow = 0;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
494 uint32_t allowed_access = 0;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
495 for(int i=0;i<nace;i++) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
496 ace_t ace = aces[i];
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
497 if(solaris_acl_affects_user(&ace, uid, gid, s->st_uid, s->st_gid)) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
498 if(ace.a_type == ACE_ACCESS_ALLOWED_ACE_TYPE) {
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
499 // add all new access rights
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
500 allowed_access |= (mask & ace.a_access_mask);
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
501 // check if we have all requested rights
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
502 if((allowed_access & mask) == mask) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
503 allow = 1;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
504 break;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
505 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
506 } else if(ace.a_type == ACE_ACCESS_DENIED_ACE_TYPE) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
507 // ACL_TYPE_DENIED
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
508
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
509 if((ace.a_access_mask & mask) != 0) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
510 // access denied
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
511 break;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
512 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
513 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
514 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
515 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
516
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
517 free(aces);
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
518
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
519 //printf("return %d\n", allow);
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
520 return allow;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
521 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
522
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
523 int solaris_acl_affects_user(
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
524 ace_t *ace,
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
525 uid_t uid,
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
526 gid_t gid,
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
527 uid_t owner,
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
528 gid_t owninggroup)
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
529 {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
530 /*
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
531 * mostly the same as wsacl_affects_user
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
532 */
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
533
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
534 int check_access = 0;
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
535
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
536 if((ace->a_flags & ACE_OWNER) == ACE_OWNER) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
537 if(uid == owner) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
538 check_access = 1;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
539 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
540 } else if((ace->a_flags & ACE_GROUP) == ACE_GROUP) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
541 if(gid == owninggroup) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
542 check_access = 1;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
543 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
544 } else if((ace->a_flags & ACE_EVERYONE) == ACE_EVERYONE) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
545 check_access = 1;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
546 } else if(ace->a_who != -1 && uid != 0) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
547 // this ace is defined for a named user or group
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
548 if((ace->a_flags & ACE_IDENTIFIER_GROUP) == ACE_IDENTIFIER_GROUP) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
549 // TODO: check all groups
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
550 if(ace->a_who == gid) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
551 // the user is in the group
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
552 check_access = 1;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
553 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
554 } else {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
555 if(ace->a_who == uid) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
556 check_access = 1;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
557 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
558 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
559 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
560
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
561 return check_access;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
562 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
563
73
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
564 void fs_acl_finish() {
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
565
73
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
566 }
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
567
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
568 #endif
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
569
69
4a10bc0ee80d compiles on os x
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
570 /*
4a10bc0ee80d compiles on os x
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
571 * generic code for all non acl unices
4a10bc0ee80d compiles on os x
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
572 * TODO: don't use OSX in the preprocessor directive
4a10bc0ee80d compiles on os x
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
573 */
4a10bc0ee80d compiles on os x
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
574 #ifdef OSX
4a10bc0ee80d compiles on os x
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
575
4a10bc0ee80d compiles on os x
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
576 int fs_acl_check(SysACL *acl, User *user, char *path, uint32_t access_mask) {
4a10bc0ee80d compiles on os x
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
577 return 1;
4a10bc0ee80d compiles on os x
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
578 }
4a10bc0ee80d compiles on os x
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
579
211
2160585200ac add propfind/proppatch parser and first iteration of the new webdav api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 202
diff changeset
580 int fs_acl_check_fd(SysACL *acl, User *user, int fd, uint32_t access_mask) {
2160585200ac add propfind/proppatch parser and first iteration of the new webdav api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 202
diff changeset
581 return 1;
2160585200ac add propfind/proppatch parser and first iteration of the new webdav api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 202
diff changeset
582 }
2160585200ac add propfind/proppatch parser and first iteration of the new webdav api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 202
diff changeset
583
73
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
584 void fs_acl_finish() {
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
585
73
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
586 }
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
587
69
4a10bc0ee80d compiles on os x
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
588 #endif
73
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
589
109
8a0a7754f123 experimental BSD support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 100
diff changeset
590 #ifdef BSD
8a0a7754f123 experimental BSD support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 100
diff changeset
591
260
4779a6fb4fbe fix freebsd build
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 241
diff changeset
592 int fs_acl_check(SysACL *acl, User *user, const char *path, uint32_t access_mask) {
109
8a0a7754f123 experimental BSD support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 100
diff changeset
593 return 1;
8a0a7754f123 experimental BSD support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 100
diff changeset
594 }
8a0a7754f123 experimental BSD support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 100
diff changeset
595
211
2160585200ac add propfind/proppatch parser and first iteration of the new webdav api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 202
diff changeset
596 int fs_acl_check_fd(SysACL *acl, User *user, int fd, uint32_t access_mask) {
2160585200ac add propfind/proppatch parser and first iteration of the new webdav api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 202
diff changeset
597 return 1;
2160585200ac add propfind/proppatch parser and first iteration of the new webdav api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 202
diff changeset
598 }
2160585200ac add propfind/proppatch parser and first iteration of the new webdav api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 202
diff changeset
599
109
8a0a7754f123 experimental BSD support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 100
diff changeset
600 void fs_acl_finish() {
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
601
109
8a0a7754f123 experimental BSD support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 100
diff changeset
602 }
8a0a7754f123 experimental BSD support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 100
diff changeset
603
8a0a7754f123 experimental BSD support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 100
diff changeset
604 #endif
8a0a7754f123 experimental BSD support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 100
diff changeset
605
73
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
606
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
607 #ifdef LINUX
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
608
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
609 #include <sys/fsuid.h>
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
610
260
4779a6fb4fbe fix freebsd build
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 241
diff changeset
611 int fs_acl_check(SysACL *acl, User *user, const char *path, uint32_t access_mask) {
73
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
612 struct passwd *ws_pw = conf_getglobals()->Vuserpw;
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
613 if(!ws_pw) {
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
614 log_ereport(LOG_FAILURE, "fs_acl_check: unknown webserver uid/gid");
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
615 return 1;
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
616 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
617
73
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
618 // get uid/gid
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
619 struct passwd pw;
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
620 if(user) {
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
621 char *pwbuf = malloc(DEF_PWBUF);
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
622 if(pwbuf == NULL) {
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
623 return 0;
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
624 }
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
625 if(!util_getpwnam(user->name, &pw, pwbuf, DEF_PWBUF)) {
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
626 free(pwbuf);
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
627 return 0;
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
628 }
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
629 free(pwbuf);
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
630 acl->user_uid = pw.pw_uid;
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
631 acl->user_gid = pw.pw_gid;
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
632 } else {
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
633 acl->user_uid = 0;
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
634 acl->user_gid = 0;
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
635 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
636
73
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
637 // set fs uid/gid
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
638 if(acl->user_uid != 0) {
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
639 if(setfsuid(pw.pw_uid)) {
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
640 log_ereport(
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
641 LOG_FAILURE,
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
642 "Cannot set fsuid to uid: %u", pw.pw_uid);
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
643 }
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
644 if(setfsgid(pw.pw_gid)) {
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
645 log_ereport(
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
646 LOG_FAILURE,
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
647 "Cannot set fsgid to gid: %u", pw.pw_gid);
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
648 }
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
649 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
650
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
651
73
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
652 return 1;
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
653 }
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
654
211
2160585200ac add propfind/proppatch parser and first iteration of the new webdav api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 202
diff changeset
655 int fs_acl_check_fd(SysACL *acl, User *user, int fd, uint32_t access_mask) {
2160585200ac add propfind/proppatch parser and first iteration of the new webdav api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 202
diff changeset
656 // TODO
2160585200ac add propfind/proppatch parser and first iteration of the new webdav api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 202
diff changeset
657 return 1;
2160585200ac add propfind/proppatch parser and first iteration of the new webdav api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 202
diff changeset
658 }
2160585200ac add propfind/proppatch parser and first iteration of the new webdav api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 202
diff changeset
659
73
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
660 void fs_acl_finish() {
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
661 struct passwd *pw = conf_getglobals()->Vuserpw;
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
662 if(!pw) {
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
663 log_ereport(
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
664 LOG_FAILURE,
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
665 "global configuration broken (Vuserpw is null)");
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
666 return;
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
667 }
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
668 if(setfsuid(pw->pw_uid)) {
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
669 log_ereport(
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
670 LOG_FAILURE,
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
671 "Cannot set fsuid back to server uid: %u", pw->pw_uid);
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
672 }
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
673 if(setfsgid(pw->pw_gid)) {
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
674 log_ereport(
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
675 LOG_FAILURE,
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
676 "Cannot set fsgid back to server gid: %u", pw->pw_gid);
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
677 }
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
678 }
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
679
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
680 #endif

Mercurial Repository: webserver

mercurial