src/server/daemon/acl.c

Wed, 27 Nov 2024 23:00:07 +0100

author
Olaf Wintermann <olaf.wintermann@gmail.com>
date
Wed, 27 Nov 2024 23:00:07 +0100
changeset 563
6ca97c99173e
parent 470
467ed0f559af
permissions
-rw-r--r--

add TODO to use a future ucx feature

51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
1 /*
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
2 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
3 *
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
4 * Copyright 2013 Olaf Wintermann. All rights reserved.
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
5 *
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
6 * Redistribution and use in source and binary forms, with or without
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
7 * modification, are permitted provided that the following conditions are met:
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
8 *
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
9 * 1. Redistributions of source code must retain the above copyright
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
10 * notice, this list of conditions and the following disclaimer.
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
11 *
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
12 * 2. Redistributions in binary form must reproduce the above copyright
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
13 * notice, this list of conditions and the following disclaimer in the
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
14 * documentation and/or other materials provided with the distribution.
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
15 *
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
16 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
17 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
20 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
26 * POSSIBILITY OF SUCH DAMAGE.
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
27 */
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
28
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
29 #include <stdio.h>
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
30 #include <stdlib.h>
73
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
31 #include <unistd.h>
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
32
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
33 #include "../util/util.h"
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
34 #include "../util/pool.h"
141
ff311b63c3af many fixes
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 109
diff changeset
35 #include "../util/pblock.h"
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
36 #include "../safs/auth.h"
73
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
37 #include "log.h"
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
38 #include "acl.h"
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
39
141
ff311b63c3af many fixes
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 109
diff changeset
40 #define AUTH_TYPE_BASIC "basic"
ff311b63c3af many fixes
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 109
diff changeset
41
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
42 void acllist_createhandle(Session *sn, Request *rq) {
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
43 ACLListHandle *handle = pool_malloc(sn->pool, sizeof(ACLListHandle));
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
44 handle->defaultauthdb = NULL;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
45 handle->listhead = NULL;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
46 handle->listtail = NULL;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
47 rq->acllist = handle;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
48 }
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
49
52
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
50 /*
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
51 * append or prepend an ACL
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
52 */
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
53 void acllist_add(Session *sn, Request *rq, ACLList *acl, int append) {
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
54 if(!rq->acllist) {
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
55 acllist_createhandle(sn, rq);
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
56 }
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
57 ACLListHandle *list = rq->acllist;
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
58
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
59 if(!list->defaultauthdb && acl->authdb) {
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
60 list->defaultauthdb = acl->authdb;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
61 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
62
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
63 ACLListElm *elm = pool_malloc(sn->pool, sizeof(ACLListElm));
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
64 elm->acl = acl;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
65 elm->next = NULL;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
66 if(list->listhead == NULL) {
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
67 list->listhead = elm;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
68 list->listtail = elm;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
69 } else {
52
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
70 if(append) {
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
71 list->listtail->next = elm;
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
72 list->listtail = elm;
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
73 } else {
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
74 elm->next = list->listhead;
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
75 list->listhead = elm;
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
76 }
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
77 }
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
78 }
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
79
52
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
80 void acllist_append(Session *sn, Request *rq, ACLList *acl) {
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
81 acllist_add(sn, rq, acl, 1);
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
82 }
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
83
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
84 void acllist_prepend(Session *sn, Request *rq, ACLList *acl) {
52
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
85 acllist_add(sn, rq, acl, 0);
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
86 }
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
87
54
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
88 uint32_t acl_oflag2mask(int oflags) {
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
89 /* TODO:
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
90 * maybe there is a plattform where O_RDWR is not O_RDONLY | O_WRONLY
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
91 */
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
92 uint32_t access_mask = 0;
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
93 if((oflags & O_RDONLY) == O_RDONLY) {
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
94 access_mask |= ACL_READ_DATA;
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
95 }
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
96 if((oflags & O_WRONLY) == O_WRONLY) {
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
97 access_mask |= ACL_WRITE_DATA;
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
98 }
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
99 return access_mask;
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
100 }
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
101
54
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
102 User* acllist_getuser(Session *sn, Request *rq, ACLListHandle *list) {
261
f2c772336ecd add some references to issues
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 260
diff changeset
103 // TODO: cache result #50
54
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
104 if(!sn || !rq || !list) {
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
105 return NULL;
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
106 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
107
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
108 // get user
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
109 User *user = NULL;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
110 if(list->defaultauthdb) {
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
111 char *usr;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
112 char *pw;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
113 if(!basicauth_getuser(sn, rq, &usr, &pw)) {
66
74babc0082b7 added authentication cache
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 63
diff changeset
114 int pwok;
467
4d038bc6f86e refactore ldap_auth to use resource pools
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 453
diff changeset
115 user = authdb_get_and_verify(list->defaultauthdb, sn, rq, usr, pw, &pwok);
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
116 if(!user) {
66
74babc0082b7 added authentication cache
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 63
diff changeset
117 // wrong user or wrong password
54
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
118 return NULL;
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
119 }
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
120 // ok - user is authenticated
141
ff311b63c3af many fixes
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 109
diff changeset
121 pblock_kvinsert(
ff311b63c3af many fixes
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 109
diff changeset
122 pb_key_auth_user,
ff311b63c3af many fixes
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 109
diff changeset
123 user->name,
ff311b63c3af many fixes
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 109
diff changeset
124 strlen(user->name),
ff311b63c3af many fixes
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 109
diff changeset
125 rq->vars);
ff311b63c3af many fixes
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 109
diff changeset
126 pblock_kvinsert(
ff311b63c3af many fixes
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 109
diff changeset
127 pb_key_auth_type,
ff311b63c3af many fixes
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 109
diff changeset
128 AUTH_TYPE_BASIC,
ff311b63c3af many fixes
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 109
diff changeset
129 sizeof(AUTH_TYPE_BASIC)-1,
ff311b63c3af many fixes
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 109
diff changeset
130 rq->vars);
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
131 }
54
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
132 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
133
54
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
134 return user;
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
135 }
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
136
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
137 void acl_set_error_status(Session *sn, Request *rq, ACLList *acl, User *user) {
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
138 if(sn == NULL || rq == NULL) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
139 return;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
140 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
141
54
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
142 if(!user) {
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
143 char *value = NULL;
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
144 if(acl->authprompt) {
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
145 size_t realmlen = strlen(acl->authprompt);
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
146 size_t len = realmlen + 16;
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
147 value = pool_malloc(sn->pool, len);
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
148 if(value) {
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
149 snprintf(
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
150 value,
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
151 len,
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
152 "Basic realm=\"%s\"",
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
153 acl->authprompt);
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
154 }
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
155 }
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
156 if(!value) {
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
157 value = "Basic realm=\"login\"";
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
158 }
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
159 pblock_nvinsert("www-authenticate", value, rq->srvhdrs);
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
160 protocol_status(sn, rq, PROTOCOL_UNAUTHORIZED, NULL);
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
161 } else {
54
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
162 protocol_status(sn, rq, PROTOCOL_FORBIDDEN, NULL);
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
163 }
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
164 }
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
165
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
166 int acl_evaluate(Session *sn, Request *rq, int access_mask) {
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
167 ACLListHandle *list = rq->acllist;
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
168 if(!list) {
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
169 return REQ_PROCEED;
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
170 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
171
54
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
172 // we combine access_mask with the required access rights
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
173 access_mask |= rq->aclreqaccess;
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
174
54
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
175 // get user
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
176 User *user = acllist_getuser(sn, rq, list);
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
177
54
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
178 // evalutate all ACLs
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
179 ACLList *acl = acl_evallist(list, user, access_mask, NULL);
54
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
180 if(acl) {
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
181 acl_set_error_status(sn, rq, acl, user);
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
182 return REQ_ABORTED;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
183 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
184
54
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
185 return REQ_PROCEED;
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
186 }
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
187
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
188 ACLList* acl_evallist(
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
189 ACLListHandle *list,
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
190 User *user,
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
191 int access_mask,
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
192 ACLList **externacl)
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
193 {
54
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
194 if(!list) {
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
195 return NULL;
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
196 }
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
197 if(externacl) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
198 *externacl = NULL;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
199 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
200
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
201 // evaluate each acl until one denies access
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
202 ACLListElm *elm = list->listhead;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
203 while(elm) {
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
204 ACLList *acl = elm->acl;
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
205 if(acl->isextern) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
206 // set externacl to the first external acl
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
207 if(externacl && *externacl == NULL) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
208 *externacl = acl;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
209 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
210 } else if(!acl->check(acl, user, access_mask)) {
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
211 // the acl denies access
54
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
212 return acl;
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
213 }
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
214 elm = elm->next;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
215 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
216
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
217 // ok - all acls allowed access
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
218
54
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
219 return NULL;
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
220 }
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
221
54
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
222 int wsacl_affects_user(WSAce *ace, User *user) {
52
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
223 int check_access = 0;
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
224
52
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
225 /*
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
226 * an ace can affect
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
227 * a named user or group (ace->who is set)
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
228 * the owner of the resource (ACL_OWNER is set)
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
229 * the owning group of the resource (ACL_GROUP is set)
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
230 * everyone (ACL_EVERYONE is set)
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
231 *
52
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
232 * Only one of this conditions should be true. The behavior on
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
233 * illegal flag combination is undefined. We assume that the acls
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
234 * are created correctly by the configuration loader.
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
235 */
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
236
52
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
237 if(ace->who && user) {
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
238 // this ace is defined for a named user or group
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
239 if((ace->flags & ACL_IDENTIFIER_GROUP) == ACL_IDENTIFIER_GROUP) {
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
240 if(user->check_group(user, ace->who)) {
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
241 // the user is in the group
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
242 check_access = 1;
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
243 }
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
244 } else {
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
245 if(!strcmp(user->name, ace->who)) {
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
246 check_access = 1;
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
247 }
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
248 }
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
249 } else if((ace->flags & ACL_OWNER) == ACL_OWNER) {
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
250 // TODO
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
251 } else if((ace->flags & ACL_GROUP) == ACL_GROUP) {
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
252 // TODO
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
253 } else if((ace->flags & ACL_EVERYONE) == ACL_EVERYONE) {
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
254 check_access = 1;
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
255 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
256
52
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
257 return check_access;
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
258 }
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
259
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
260 int wsacl_check(WSAcl *acl, User *user, int access_mask) {
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
261 int allow = 0;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
262 uint32_t allowed_access = 0;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
263 // check each access control entry
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
264 for(int i=0;i<acl->acenum;i++) {
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
265 WSAce *ace = acl->ace[i];
52
aced2245fb1c new pathcheck saf and code cleanup
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 51
diff changeset
266 if(wsacl_affects_user(ace, user)) {
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
267 if(ace->type == ACL_TYPE_ALLOWED) {
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
268 // add all new access rights
54
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
269 allowed_access |= (access_mask & ace->access_mask);
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
270 // check if we have all requested rights
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
271 if((allowed_access & access_mask) == access_mask) {
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
272 allow = 1;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
273 break;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
274 }
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
275 } else {
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
276 // ACL_TYPE_DENIED
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
277
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
278 if((ace->access_mask & access_mask) != 0) {
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
279 // access denied
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
280 break;
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
281 }
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
282 }
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
283 }
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
284 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
285
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
286 // TODO: events
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
287
54
3a1d5a52adfc new vfs api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 53
diff changeset
288 return allow; // allow is 0, if no ace set it to 1
51
b28cf69f42e8 added acls
Olaf Wintermann <olaf.wintermann@gmail.com>
parents:
diff changeset
289 }
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
290
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
291
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
292 /* filesystem acl functions */
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
293
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
294 #if defined (__SVR4) && defined (__sun)
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
295
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
296 #include <sys/acl.h>
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
297
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
298 int solaris_acl_check(
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
299 char *path,
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
300 struct stat *s,
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
301 uint32_t mask,
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
302 uid_t uid,
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
303 gid_t gid);
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
304 int solaris_acl_affects_user(
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
305 ace_t *ace,
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
306 uid_t uid,
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
307 gid_t gid,
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
308 uid_t owner,
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
309 gid_t owninggroup);
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
310
241
4adad7faf452 add proppatch op
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 211
diff changeset
311 int fs_acl_check(SysACL *acl, User *user, const char *path, uint32_t access_mask) {
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
312 cxmutstr p;
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
313 if(path[0] != '/') {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
314 size_t n = 128;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
315 char *cwd = malloc(n);
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
316 while(!getcwd(cwd, n)) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
317 if(errno == ERANGE) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
318 n *= 2;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
319 cwd = realloc(cwd, n);
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
320 } else {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
321 free(cwd);
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
322 return 0;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
323 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
324 }
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
325 cxmutstr wd = cx_str(cwd);
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
326 cxmutstr pp = cx_str((char*)path);
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
327
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
328 p = cx_strcat(3, wd, cx_strn("/", 1), pp);
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
329 } else {
415
d938228c382e switch from ucx 2 to 3
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 261
diff changeset
330 p = cx_strdup(cx_str((char*)path));
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
331 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
332 if(p.ptr[p.length-1] == '/') {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
333 p.ptr[p.length-1] = 0;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
334 p.length--;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
335 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
336
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
337 // get uid/gid
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
338 struct passwd pw;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
339 if(user) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
340 char *pwbuf = malloc(DEF_PWBUF);
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
341 if(pwbuf == NULL) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
342 free(p.ptr);
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
343 return 0;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
344 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
345 if(!util_getpwnam(user->name, &pw, pwbuf, DEF_PWBUF)) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
346 free(pwbuf);
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
347 free(p.ptr);
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
348 return 0;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
349 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
350 free(pwbuf);
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
351 acl->user_uid = pw.pw_uid;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
352 acl->user_gid = pw.pw_gid;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
353 } else {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
354 acl->user_uid = -1;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
355 acl->user_gid = -1;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
356 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
357
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
358 // translate access_mask
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
359 uint32_t mask = 0;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
360 if((access_mask & ACL_READ_DATA) == ACL_READ_DATA) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
361 mask |= ACE_READ_DATA;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
362 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
363 if((access_mask & ACL_WRITE_DATA) == ACL_WRITE_DATA) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
364 mask |= ACE_WRITE_DATA;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
365 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
366 if((access_mask & ACL_ADD_FILE) == ACL_ADD_FILE) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
367 mask |= ACE_ADD_FILE;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
368 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
369 if((access_mask & ACL_READ_XATTR) == ACL_READ_XATTR) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
370 mask |= ACE_READ_NAMED_ATTRS;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
371 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
372 if((access_mask & ACL_WRITE_XATTR) == ACL_WRITE_XATTR) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
373 mask |= ACE_WRITE_NAMED_ATTRS;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
374 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
375 if((access_mask & ACL_EXECUTE) == ACL_EXECUTE) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
376 mask |= ACE_EXECUTE;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
377 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
378 if((access_mask & ACL_DELETE) == ACL_DELETE) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
379 mask |= ACE_DELETE_CHILD;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
380 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
381 if((access_mask & ACL_READ_ATTRIBUTES) == ACL_READ_ATTRIBUTES) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
382 mask |= ACE_READ_ATTRIBUTES;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
383 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
384 if((access_mask & ACL_WRITE_ATTRIBUTES) == ACL_WRITE_ATTRIBUTES) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
385 mask |= ACE_WRITE_ATTRIBUTES;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
386 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
387 if((access_mask & ACL_LIST) == ACL_LIST) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
388 mask |= ACE_LIST_DIRECTORY;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
389 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
390 if((access_mask & ACL_READ_ACL) == ACL_READ_ACL) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
391 mask |= ACE_READ_ACL;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
392 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
393 if((access_mask & ACL_WRITE_ACL) == ACL_WRITE_ACL) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
394 mask |= ACE_WRITE_ACL;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
395 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
396 if((access_mask & ACL_WRITE_OWNER) == ACL_WRITE_OWNER) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
397 mask |= ACE_WRITE_OWNER;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
398 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
399 if((access_mask & ACL_SYNCHRONIZE) == ACL_SYNCHRONIZE) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
400 mask |= ACE_SYNCHRONIZE;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
401 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
402
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
403 /*
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
404 * If the vfs wants to create new files, path does not name an existing
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
405 * file. In this case, we check if the user has the ACE_ADD_FILE
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
406 * permission for the parent directory
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
407 */
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
408 struct stat s;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
409 if(stat(p.ptr, &s)) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
410 if(errno != ENOENT) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
411 perror("fs_acl_check: stat");
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
412 free(p.ptr);
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
413 return 0;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
414 } else {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
415 mask = ACE_ADD_FILE;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
416 p = util_path_remove_last(p);
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
417 if(stat(p.ptr, &s)) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
418 free(p.ptr);
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
419 return 0;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
420 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
421 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
422 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
423
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
424 /*
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
425 * perform a acl check for the path and each parent directory
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
426 * we don't check the file system root
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
427 *
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
428 * after the first check, we check only search permission for the
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
429 * directories
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
430 */
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
431 if(!solaris_acl_check(p.ptr, &s, mask, pw.pw_uid, pw.pw_gid)) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
432 free(p.ptr);
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
433 return 0;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
434 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
435
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
436 p = util_path_remove_last(p);
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
437 mask = ACE_LIST_DIRECTORY;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
438 while(p.length > 1) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
439 if(stat(p.ptr, &s)) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
440 free(p.ptr);
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
441 return 0;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
442 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
443 if(!solaris_acl_check(p.ptr, &s, mask, pw.pw_uid, pw.pw_gid)) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
444 free(p.ptr);
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
445 return 0;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
446 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
447
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
448 // cut the last file name from the path
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
449 p = util_path_remove_last(p);
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
450 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
451
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
452
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
453 return 1;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
454 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
455
211
2160585200ac add propfind/proppatch parser and first iteration of the new webdav api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 202
diff changeset
456 int fs_acl_check_fd(SysACL *acl, User *user, int fd, uint32_t access_mask) {
2160585200ac add propfind/proppatch parser and first iteration of the new webdav api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 202
diff changeset
457 // TODO:
2160585200ac add propfind/proppatch parser and first iteration of the new webdav api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 202
diff changeset
458 return 1;
2160585200ac add propfind/proppatch parser and first iteration of the new webdav api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 202
diff changeset
459 }
2160585200ac add propfind/proppatch parser and first iteration of the new webdav api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 202
diff changeset
460
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
461 int solaris_acl_check(
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
462 char *path,
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
463 struct stat *s,
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
464 uint32_t mask,
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
465 uid_t uid,
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
466 gid_t gid)
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
467 {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
468 //printf("solaris_acl_check %s\n", path);
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
469
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
470 int nace = acl(path, ACE_GETACLCNT, 0, NULL);
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
471 if(nace == -1) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
472 perror("acl: ACE_GETACLCNT");
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
473 // TODO: log error
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
474 return 0;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
475 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
476 ace_t *aces = calloc(nace, sizeof(ace_t));
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
477 if(acl(path, ACE_GETACL, nace, aces) == 1) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
478 perror("acl: ACE_GETACL");
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
479 // TODO: log error
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
480 free(aces);
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
481 return 0;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
482 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
483
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
484 int allow = 0;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
485 uint32_t allowed_access = 0;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
486 for(int i=0;i<nace;i++) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
487 ace_t ace = aces[i];
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
488 if(solaris_acl_affects_user(&ace, uid, gid, s->st_uid, s->st_gid)) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
489 if(ace.a_type == ACE_ACCESS_ALLOWED_ACE_TYPE) {
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
490 // add all new access rights
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
491 allowed_access |= (mask & ace.a_access_mask);
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
492 // check if we have all requested rights
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
493 if((allowed_access & mask) == mask) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
494 allow = 1;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
495 break;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
496 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
497 } else if(ace.a_type == ACE_ACCESS_DENIED_ACE_TYPE) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
498 // ACL_TYPE_DENIED
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
499
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
500 if((ace.a_access_mask & mask) != 0) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
501 // access denied
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
502 break;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
503 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
504 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
505 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
506 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
507
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
508 free(aces);
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
509
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
510 //printf("return %d\n", allow);
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
511 return allow;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
512 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
513
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
514 int solaris_acl_affects_user(
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
515 ace_t *ace,
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
516 uid_t uid,
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
517 gid_t gid,
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
518 uid_t owner,
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
519 gid_t owninggroup)
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
520 {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
521 /*
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
522 * mostly the same as wsacl_affects_user
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
523 */
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
524
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
525 int check_access = 0;
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
526
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
527 if((ace->a_flags & ACE_OWNER) == ACE_OWNER) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
528 if(uid == owner) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
529 check_access = 1;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
530 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
531 } else if((ace->a_flags & ACE_GROUP) == ACE_GROUP) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
532 if(gid == owninggroup) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
533 check_access = 1;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
534 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
535 } else if((ace->a_flags & ACE_EVERYONE) == ACE_EVERYONE) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
536 check_access = 1;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
537 } else if(ace->a_who != -1 && uid != 0) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
538 // this ace is defined for a named user or group
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
539 if((ace->a_flags & ACE_IDENTIFIER_GROUP) == ACE_IDENTIFIER_GROUP) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
540 // TODO: check all groups
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
541 if(ace->a_who == gid) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
542 // the user is in the group
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
543 check_access = 1;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
544 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
545 } else {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
546 if(ace->a_who == uid) {
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
547 check_access = 1;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
548 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
549 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
550 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
551
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
552 return check_access;
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
553 }
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
554
73
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
555 void fs_acl_finish() {
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
556
73
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
557 }
63
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
558
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
559 #endif
66442f81f823 supports file system ACLs on Solaris
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 54
diff changeset
560
69
4a10bc0ee80d compiles on os x
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
561 /*
4a10bc0ee80d compiles on os x
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
562 * generic code for all non acl unices
4a10bc0ee80d compiles on os x
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
563 * TODO: don't use OSX in the preprocessor directive
4a10bc0ee80d compiles on os x
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
564 */
4a10bc0ee80d compiles on os x
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
565 #ifdef OSX
4a10bc0ee80d compiles on os x
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
566
453
4586d534f9b5 fix build on macos
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
567 int fs_acl_check(SysACL *acl, User *user, const char *path, uint32_t access_mask) {
69
4a10bc0ee80d compiles on os x
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
568 return 1;
4a10bc0ee80d compiles on os x
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
569 }
4a10bc0ee80d compiles on os x
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
570
211
2160585200ac add propfind/proppatch parser and first iteration of the new webdav api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 202
diff changeset
571 int fs_acl_check_fd(SysACL *acl, User *user, int fd, uint32_t access_mask) {
2160585200ac add propfind/proppatch parser and first iteration of the new webdav api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 202
diff changeset
572 return 1;
2160585200ac add propfind/proppatch parser and first iteration of the new webdav api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 202
diff changeset
573 }
2160585200ac add propfind/proppatch parser and first iteration of the new webdav api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 202
diff changeset
574
73
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
575 void fs_acl_finish() {
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
576
73
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
577 }
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
578
69
4a10bc0ee80d compiles on os x
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 66
diff changeset
579 #endif
73
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
580
453
4586d534f9b5 fix build on macos
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 415
diff changeset
581 #if defined(BSD) && !defined(OSX)
109
8a0a7754f123 experimental BSD support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 100
diff changeset
582
260
4779a6fb4fbe fix freebsd build
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 241
diff changeset
583 int fs_acl_check(SysACL *acl, User *user, const char *path, uint32_t access_mask) {
109
8a0a7754f123 experimental BSD support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 100
diff changeset
584 return 1;
8a0a7754f123 experimental BSD support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 100
diff changeset
585 }
8a0a7754f123 experimental BSD support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 100
diff changeset
586
211
2160585200ac add propfind/proppatch parser and first iteration of the new webdav api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 202
diff changeset
587 int fs_acl_check_fd(SysACL *acl, User *user, int fd, uint32_t access_mask) {
2160585200ac add propfind/proppatch parser and first iteration of the new webdav api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 202
diff changeset
588 return 1;
2160585200ac add propfind/proppatch parser and first iteration of the new webdav api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 202
diff changeset
589 }
2160585200ac add propfind/proppatch parser and first iteration of the new webdav api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 202
diff changeset
590
109
8a0a7754f123 experimental BSD support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 100
diff changeset
591 void fs_acl_finish() {
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
592
109
8a0a7754f123 experimental BSD support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 100
diff changeset
593 }
8a0a7754f123 experimental BSD support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 100
diff changeset
594
8a0a7754f123 experimental BSD support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 100
diff changeset
595 #endif
8a0a7754f123 experimental BSD support
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 100
diff changeset
596
73
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
597
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
598 #ifdef LINUX
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
599
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
600 #include <sys/fsuid.h>
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
601
260
4779a6fb4fbe fix freebsd build
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 241
diff changeset
602 int fs_acl_check(SysACL *acl, User *user, const char *path, uint32_t access_mask) {
73
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
603 struct passwd *ws_pw = conf_getglobals()->Vuserpw;
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
604 if(!ws_pw) {
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
605 log_ereport(LOG_FAILURE, "fs_acl_check: unknown webserver uid/gid");
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
606 return 1;
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
607 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
608
73
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
609 // get uid/gid
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
610 struct passwd pw;
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
611 if(user) {
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
612 char *pwbuf = malloc(DEF_PWBUF);
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
613 if(pwbuf == NULL) {
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
614 return 0;
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
615 }
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
616 if(!util_getpwnam(user->name, &pw, pwbuf, DEF_PWBUF)) {
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
617 free(pwbuf);
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
618 return 0;
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
619 }
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
620 free(pwbuf);
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
621 acl->user_uid = pw.pw_uid;
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
622 acl->user_gid = pw.pw_gid;
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
623 } else {
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
624 acl->user_uid = 0;
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
625 acl->user_gid = 0;
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
626 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
627
73
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
628 // set fs uid/gid
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
629 if(acl->user_uid != 0) {
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
630 if(setfsuid(pw.pw_uid)) {
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
631 log_ereport(
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
632 LOG_FAILURE,
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
633 "Cannot set fsuid to uid: %u", pw.pw_uid);
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
634 }
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
635 if(setfsgid(pw.pw_gid)) {
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
636 log_ereport(
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
637 LOG_FAILURE,
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
638 "Cannot set fsgid to gid: %u", pw.pw_gid);
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
639 }
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
640 }
202
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
641
c374d11d6720 remove libnsl from linux makefile
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 141
diff changeset
642
73
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
643 return 1;
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
644 }
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
645
211
2160585200ac add propfind/proppatch parser and first iteration of the new webdav api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 202
diff changeset
646 int fs_acl_check_fd(SysACL *acl, User *user, int fd, uint32_t access_mask) {
2160585200ac add propfind/proppatch parser and first iteration of the new webdav api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 202
diff changeset
647 // TODO
2160585200ac add propfind/proppatch parser and first iteration of the new webdav api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 202
diff changeset
648 return 1;
2160585200ac add propfind/proppatch parser and first iteration of the new webdav api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 202
diff changeset
649 }
2160585200ac add propfind/proppatch parser and first iteration of the new webdav api
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 202
diff changeset
650
73
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
651 void fs_acl_finish() {
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
652 struct passwd *pw = conf_getglobals()->Vuserpw;
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
653 if(!pw) {
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
654 log_ereport(
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
655 LOG_FAILURE,
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
656 "global configuration broken (Vuserpw is null)");
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
657 return;
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
658 }
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
659 if(setfsuid(pw->pw_uid)) {
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
660 log_ereport(
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
661 LOG_FAILURE,
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
662 "Cannot set fsuid back to server uid: %u", pw->pw_uid);
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
663 }
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
664 if(setfsgid(pw->pw_gid)) {
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
665 log_ereport(
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
666 LOG_FAILURE,
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
667 "Cannot set fsgid back to server gid: %u", pw->pw_gid);
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
668 }
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
669 }
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
670
79fa26ecd135 added file system ACLs for linux
Olaf Wintermann <olaf.wintermann@gmail.com>
parents: 69
diff changeset
671 #endif

mercurial