Mon, 11 Feb 2019 09:18:33 +0100
remove libnsl from linux makefile
make/linux.mk | file | annotate | diff | comparison | revisions | |
src/server/daemon/acl.c | file | annotate | diff | comparison | revisions |
--- a/make/linux.mk Sun Jan 06 14:38:57 2019 +0100 +++ b/make/linux.mk Mon Feb 11 09:18:33 2019 +0100 @@ -29,7 +29,7 @@ # compiler and linker flags CFLAGS += -DLINUX -LDFLAGS += -lpthread -ldl -lnsl -lm -lldap +LDFLAGS += -lpthread -ldl -lm -lldap # platform dependend source files
--- a/src/server/daemon/acl.c Sun Jan 06 14:38:57 2019 +0100 +++ b/src/server/daemon/acl.c Mon Feb 11 09:18:33 2019 +0100 @@ -55,11 +55,11 @@ acllist_createhandle(sn, rq); } ACLListHandle *list = rq->acllist; - + if(!list->defaultauthdb && acl->authdb) { list->defaultauthdb = acl->authdb; } - + ACLListElm *elm = pool_malloc(sn->pool, sizeof(ACLListElm)); elm->acl = acl; elm->next = NULL; @@ -103,7 +103,7 @@ if(!sn || !rq || !list) { return NULL; } - + // get user User *user = NULL; if(list->defaultauthdb) { @@ -129,7 +129,7 @@ rq->vars); } } - + return user; } @@ -137,7 +137,7 @@ if(sn == NULL || rq == NULL) { return; } - + if(!user) { char *value = NULL; if(acl->authprompt) { @@ -167,13 +167,13 @@ if(!list) { return REQ_PROCEED; } - + // we combine access_mask with the required access rights access_mask |= rq->aclreqaccess; - + // get user User *user = acllist_getuser(sn, rq, list); - + // evalutate all ACLs ACLList *acl = acl_evallist(list, user, access_mask, NULL); if(acl) { @@ -184,12 +184,12 @@ } return REQ_ABORTED; } - + // access allowed, we can free the user if(user) { user->free(user); } - + return REQ_PROCEED; } @@ -205,7 +205,7 @@ if(externacl) { *externacl = NULL; } - + // evaluate each acl until one denies access ACLListElm *elm = list->listhead; while(elm) { @@ -218,30 +218,30 @@ } else if(!acl->check(acl, user, access_mask)) { // the acl denies access return acl; - } + } elm = elm->next; } - + // ok - all acls allowed access - + return NULL; } int wsacl_affects_user(WSAce *ace, User *user) { int check_access = 0; - + /* * an ace can affect * a named user or group (ace->who is set) * the owner of the resource (ACL_OWNER is set) * the owning group of the resource (ACL_GROUP is set) * everyone (ACL_EVERYONE is set) - * + * * Only one of this conditions should be true. The behavior on * illegal flag combination is undefined. We assume that the acls * are created correctly by the configuration loader. */ - + if(ace->who && user) { // this ace is defined for a named user or group if((ace->flags & ACL_IDENTIFIER_GROUP) == ACL_IDENTIFIER_GROUP) { @@ -261,19 +261,19 @@ } else if((ace->flags & ACL_EVERYONE) == ACL_EVERYONE) { check_access = 1; } - + return check_access; } -int wsacl_check(WSAcl *acl, User *user, int access_mask) { +int wsacl_check(WSAcl *acl, User *user, int access_mask) { int allow = 0; uint32_t allowed_access = 0; // check each access control entry for(int i=0;i<acl->acenum;i++) { - WSAce *ace = acl->ace[i]; + WSAce *ace = acl->ace[i]; if(wsacl_affects_user(ace, user)) { if(ace->type == ACL_TYPE_ALLOWED) { - // add all new access rights + // add all new access rights allowed_access |= (access_mask & ace->access_mask); // check if we have all requested rights if((allowed_access & access_mask) == access_mask) { @@ -282,7 +282,7 @@ } } else { // ACL_TYPE_DENIED - + if((ace->access_mask & access_mask) != 0) { // access denied break; @@ -290,9 +290,9 @@ } } } - + // TODO: events - + return allow; // allow is 0, if no ace set it to 1 } @@ -332,7 +332,7 @@ } sstr_t wd = sstr(cwd); sstr_t pp = sstr(path); - + p = sstrcat(3, wd, sstrn("/", 1), pp); } else { p = sstrdup(sstr(path)); @@ -341,7 +341,7 @@ p.ptr[p.length-1] = 0; p.length--; } - + // get uid/gid struct passwd pw; if(user) { @@ -362,7 +362,7 @@ acl->user_uid = -1; acl->user_gid = -1; } - + // translate access_mask uint32_t mask = 0; if((access_mask & ACL_READ_DATA) == ACL_READ_DATA) { @@ -407,7 +407,7 @@ if((access_mask & ACL_SYNCHRONIZE) == ACL_SYNCHRONIZE) { mask |= ACE_SYNCHRONIZE; } - + /* * If the vfs wants to create new files, path does not name an existing * file. In this case, we check if the user has the ACE_ADD_FILE @@ -428,11 +428,11 @@ } } } - + /* * perform a acl check for the path and each parent directory * we don't check the file system root - * + * * after the first check, we check only search permission for the * directories */ @@ -440,7 +440,7 @@ free(p.ptr); return 0; } - + p = util_path_remove_last(p); mask = ACE_LIST_DIRECTORY; while(p.length > 1) { @@ -452,12 +452,12 @@ free(p.ptr); return 0; } - + // cut the last file name from the path p = util_path_remove_last(p); } - - + + return 1; } @@ -469,7 +469,7 @@ gid_t gid) { //printf("solaris_acl_check %s\n", path); - + int nace = acl(path, ACE_GETACLCNT, 0, NULL); if(nace == -1) { perror("acl: ACE_GETACLCNT"); @@ -483,14 +483,14 @@ free(aces); return 0; } - + int allow = 0; uint32_t allowed_access = 0; for(int i=0;i<nace;i++) { ace_t ace = aces[i]; if(solaris_acl_affects_user(&ace, uid, gid, s->st_uid, s->st_gid)) { if(ace.a_type == ACE_ACCESS_ALLOWED_ACE_TYPE) { - // add all new access rights + // add all new access rights allowed_access |= (mask & ace.a_access_mask); // check if we have all requested rights if((allowed_access & mask) == mask) { @@ -499,7 +499,7 @@ } } else if(ace.a_type == ACE_ACCESS_DENIED_ACE_TYPE) { // ACL_TYPE_DENIED - + if((ace.a_access_mask & mask) != 0) { // access denied break; @@ -507,9 +507,9 @@ } } } - + free(aces); - + //printf("return %d\n", allow); return allow; } @@ -524,9 +524,9 @@ /* * mostly the same as wsacl_affects_user */ - + int check_access = 0; - + if((ace->a_flags & ACE_OWNER) == ACE_OWNER) { if(uid == owner) { check_access = 1; @@ -551,12 +551,12 @@ } } } - + return check_access; } void fs_acl_finish() { - + } #endif @@ -572,7 +572,7 @@ } void fs_acl_finish() { - + } #endif @@ -584,7 +584,7 @@ } void fs_acl_finish() { - + } #endif @@ -600,7 +600,7 @@ log_ereport(LOG_FAILURE, "fs_acl_check: unknown webserver uid/gid"); return 1; } - + // get uid/gid struct passwd pw; if(user) { @@ -619,7 +619,7 @@ acl->user_uid = 0; acl->user_gid = 0; } - + // set fs uid/gid if(acl->user_uid != 0) { if(setfsuid(pw.pw_uid)) { @@ -633,8 +633,8 @@ "Cannot set fsgid to gid: %u", pw.pw_gid); } } - - + + return 1; }