Copyright (C) 2002, 2003, 2005, 2006, 2007 Free Software Foundation, Inc.
- This program is free software; you can redistribute it and/or modify
+ This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2, or (at your option)
- any later version.
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software Foundation,
- Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
Written by Paul Eggert and Andreas Gruenbacher. */
#include "acl.h"
-#include <stdbool.h>
-#include <stdlib.h>
-#include <string.h>
-#ifndef S_ISLNK
-# define S_ISLNK(Mode) 0
-#endif
-
-#ifdef HAVE_ACL_LIBACL_H
-# include <acl/libacl.h>
-#endif
-
-#include "error.h"
-#include "quote.h"
-
-#include <errno.h>
-#ifndef ENOSYS
-# define ENOSYS (-1)
-#endif
-#ifndef ENOTSUP
-# define ENOTSUP (-1)
-#endif
-
-#if ENABLE_NLS
-# include <libintl.h>
-# define _(Text) gettext (Text)
-#else
-# define _(Text) Text
-#endif
-
-#ifndef HAVE_FCHMOD
-# define HAVE_FCHMOD false
-# define fchmod(fd, mode) (-1)
-#endif
-
-/* POSIX 1003.1e (draft 17) */
-#ifndef HAVE_ACL_GET_FD
-# define HAVE_ACL_GET_FD false
-# define acl_get_fd(fd) (NULL)
-#endif
-
-/* POSIX 1003.1e (draft 17) */
-#ifndef HAVE_ACL_SET_FD
-# define HAVE_ACL_SET_FD false
-# define acl_set_fd(fd, acl) (-1)
-#endif
-
-/* Linux-specific */
-#ifndef HAVE_ACL_EXTENDED_FILE
-# define HAVE_ACL_EXTENDED_FILE false
-# define acl_extended_file(name) (-1)
-#endif
-
-/* Linux-specific */
-#ifndef HAVE_ACL_FROM_MODE
-# define HAVE_ACL_FROM_MODE false
-# define acl_from_mode(mode) (NULL)
-#endif
-
-/* We detect the presence of POSIX 1003.1e (draft 17 -- abandoned) support
- by checking for HAVE_ACL_GET_FILE, HAVE_ACL_SET_FILE, and HAVE_ACL_FREE.
- Systems that have acl_get_file, acl_set_file, and acl_free must also
- have acl_to_text, acl_from_text, and acl_delete_def_file (all defined
- in the draft); systems that don't would hit #error statements here. */
-
-#if USE_ACL && HAVE_ACL_GET_FILE && !HAVE_ACL_ENTRIES
-# ifndef HAVE_ACL_TO_TEXT
-# error Must have acl_to_text (see POSIX 1003.1e draft 17).
-# endif
-
-/* Return the number of entries in ACL. Linux implements acl_entries
- as a more efficient extension than using this workaround. */
-
-static int
-acl_entries (acl_t acl)
-{
- char *text = acl_to_text (acl, NULL), *t;
- int entries;
- if (text == NULL)
- return -1;
- for (entries = 0, t = text; ; t++, entries++) {
- t = strchr (t, '\n');
- if (t == NULL)
- break;
- }
- acl_free (text);
- return entries;
-}
-#endif
+#include "acl-internal.h"
/* If DESC is a valid file descriptor use fchmod to change the
file's mode to MODE on systems that have fchown. On systems
return chmod (name, mode);
}
-/* Return 1 if NAME has a nontrivial access control list, 0 if
- NAME only has no or a base access control list, and -1 on
- error. SB must be set to the stat buffer of FILE. */
-
-int
-file_has_acl (char const *name, struct stat const *sb)
-{
-#if USE_ACL && HAVE_ACL && defined GETACLCNT
- /* This implementation should work on recent-enough versions of HP-UX,
- Solaris, and Unixware. */
-
-# ifndef MIN_ACL_ENTRIES
-# define MIN_ACL_ENTRIES 4
-# endif
-
- if (! S_ISLNK (sb->st_mode))
- {
- int n = acl (name, GETACLCNT, 0, NULL);
- return n < 0 ? (errno == ENOSYS ? 0 : -1) : (MIN_ACL_ENTRIES < n);
- }
-#elif USE_ACL && HAVE_ACL_GET_FILE && HAVE_ACL_FREE
- /* POSIX 1003.1e (draft 17 -- abandoned) specific version. */
-
- if (! S_ISLNK (sb->st_mode))
- {
- int ret;
-
- if (HAVE_ACL_EXTENDED_FILE)
- ret = acl_extended_file (name);
- else
- {
- acl_t acl = acl_get_file (name, ACL_TYPE_ACCESS);
- if (acl)
- {
- ret = (3 < acl_entries (acl));
- acl_free (acl);
- if (ret == 0 && S_ISDIR (sb->st_mode))
- {
- acl = acl_get_file (name, ACL_TYPE_DEFAULT);
- if (acl)
- {
- ret = (0 < acl_entries (acl));
- acl_free (acl);
- }
- else
- ret = -1;
- }
- }
- else
- ret = -1;
- }
- if (ret < 0)
- return (errno == ENOSYS || errno == ENOTSUP) ? 0 : -1;
- return ret;
- }
-#endif
-
- /* FIXME: Add support for AIX, Irix, and Tru64. Please see Samba's
- source/lib/sysacls.c file for fix-related ideas. */
-
- return 0;
-}
-
/* Copy access control lists from one file to another. If SOURCE_DESC is
a valid file descriptor, use file descriptor operations, else use
filename based operations on SRC_NAME. Likewise for DEST_DESC and
- DEST_NAME.
+ DST_NAME.
If access control lists are not available, fchmod the target file to
MODE. Also sets the non-permission bits of the destination file
(S_ISUID, S_ISGID, S_ISVTX) to those from MODE if any are set.
- System call return value semantics. */
+ Return 0 if successful, otherwise output a diagnostic and return -1. */
int
copy_acl (const char *src_name, int source_desc, const char *dst_name,
acl = acl_get_file (src_name, ACL_TYPE_ACCESS);
if (acl == NULL)
{
- if (errno == ENOSYS || errno == ENOTSUP)
+ if (ACL_NOT_WELL_SUPPORTED (errno))
return set_acl (dst_name, dest_desc, mode);
else
{
{
int saved_errno = errno;
- if (errno == ENOSYS || errno == ENOTSUP)
+ if (ACL_NOT_WELL_SUPPORTED (errno))
{
int n = acl_entries (acl);
acl_free (acl);
- if (n == 3)
+ /* On most hosts an ACL is trivial if n == 3, and it cannot be
+ less than 3. On IRIX 6.5 it is also trivial if n == -1.
+ For simplicity and safety, assume the ACL is trivial if n <= 3.
+ Also see file-has-acl.c for some of the other possibilities;
+ it's not clear whether that complexity is needed here. */
+ if (n <= 3)
{
if (chmod_or_fchmod (dst_name, dest_desc, mode) != 0)
saved_errno = errno;
acl_free (acl);
}
return 0;
+
#else
- ret = chmod_or_fchmod (dst_name, dest_desc, mode);
+
+# if USE_ACL && defined ACL_NO_TRIVIAL
+ /* Solaris 10 NFSv4 ACLs. */
+ acl_t *aclp = NULL;
+ ret = (source_desc < 0
+ ? acl_get (src_name, ACL_NO_TRIVIAL, &aclp)
+ : facl_get (source_desc, ACL_NO_TRIVIAL, &aclp));
+ if (ret != 0 && errno != ENOSYS)
+ {
+ error (0, errno, "%s", quote (src_name));
+ return ret;
+ }
+# endif
+
+ ret = qset_acl (dst_name, dest_desc, mode);
if (ret != 0)
error (0, errno, _("preserving permissions for %s"), quote (dst_name));
+
+# if USE_ACL && defined ACL_NO_TRIVIAL
+ if (ret == 0 && aclp)
+ {
+ ret = (dest_desc < 0
+ ? acl_set (dst_name, aclp)
+ : facl_set (dest_desc, aclp));
+ if (ret != 0)
+ error (0, errno, _("preserving permissions for %s"), quote (dst_name));
+ acl_free (aclp);
+ }
+# endif
+
return ret;
#endif
}
semantics. */
int
-set_acl (char const *name, int desc, mode_t mode)
+qset_acl (char const *name, int desc, mode_t mode)
{
#if USE_ACL && HAVE_ACL_SET_FILE && HAVE_ACL_FREE
/* POSIX 1003.1e draft 17 (abandoned) specific version. */
{
acl = acl_from_mode (mode);
if (!acl)
- {
- error (0, errno, "%s", quote (name));
- return -1;
- }
+ return -1;
}
else
{
acl = acl_from_text (acl_text);
if (!acl)
- {
- error (0, errno, "%s", quote (name));
- return -1;
- }
+ return -1;
}
if (HAVE_ACL_SET_FD && desc != -1)
ret = acl_set_fd (desc, acl);
int saved_errno = errno;
acl_free (acl);
- if (errno == ENOTSUP || errno == ENOSYS || errno == EINVAL)
+ if (ACL_NOT_WELL_SUPPORTED (errno))
{
if (chmod_or_fchmod (name, desc, mode) != 0)
saved_errno = errno;
else
return 0;
}
- error (0, saved_errno, _("setting permissions for %s"), quote (name));
+ errno = saved_errno;
return -1;
}
else
acl_free (acl);
if (S_ISDIR (mode) && acl_delete_def_file (name))
- {
- error (0, errno, _("setting permissions for %s"), quote (name));
- return -1;
- }
+ return -1;
if (mode & (S_ISUID | S_ISGID | S_ISVTX))
{
been set. */
if (chmod_or_fchmod (name, desc, mode))
- {
- error (0, errno, _("preserving permissions for %s"), quote (name));
- return -1;
- }
+ return -1;
}
return 0;
#else
- int ret = chmod_or_fchmod (name, desc, mode);
- if (ret)
- error (0, errno, _("setting permissions for %s"), quote (name));
- return ret;
+
+# if USE_ACL && defined ACL_NO_TRIVIAL
+
+ /* Solaris 10, with NFSv4 ACLs. */
+ acl_t *aclp;
+ char acl_text[] = "user::---,group::---,mask:---,other:---";
+
+ if (mode & S_IRUSR) acl_text[ 6] = 'r';
+ if (mode & S_IWUSR) acl_text[ 7] = 'w';
+ if (mode & S_IXUSR) acl_text[ 8] = 'x';
+ if (mode & S_IRGRP) acl_text[17] = acl_text[26] = 'r';
+ if (mode & S_IWGRP) acl_text[18] = acl_text[27] = 'w';
+ if (mode & S_IXGRP) acl_text[19] = acl_text[28] = 'x';
+ if (mode & S_IROTH) acl_text[36] = 'r';
+ if (mode & S_IWOTH) acl_text[37] = 'w';
+ if (mode & S_IXOTH) acl_text[38] = 'x';
+
+ if (acl_fromtext (acl_text, &aclp) != 0)
+ {
+ errno = ENOMEM;
+ return -1;
+ }
+ else
+ {
+ int acl_result = (desc < 0 ? acl_set (name, aclp) : facl_set (desc, aclp));
+ int acl_errno = errno;
+ acl_free (aclp);
+ if (acl_result == 0 || acl_errno != ENOSYS)
+ {
+ errno = acl_errno;
+ return acl_result;
+ }
+ }
+# endif
+
+ return chmod_or_fchmod (name, desc, mode);
+
#endif
}
+
+/* As with qset_acl, but also output a diagnostic on failure. */
+
+int
+set_acl (char const *name, int desc, mode_t mode)
+{
+ int r = qset_acl (name, desc, mode);
+ if (r != 0)
+ error (0, errno, _("setting permissions for %s"), quote (name));
+ return r;
+}