Merged the Posix ACL code, now it is a compile-time option

2024-11-23 18:14:24 +08:00 · 2008-08-21 10:08:20 +00:00 · 2008-08-21 10:08:20 +00:00 · 6a47056d18
commit 6a47056d18
parent 499e106341
3 changed files with 2973 additions and 8 deletions
--- a/include/ntfs-3g/security.h
+++ b/include/ntfs-3g/security.h
@ -30,6 +30,8 @@
 #include "inode.h"
 #include "dir.h"

+#define POSIXACLS 1
+
 /*
 *          item in the mapping list
 */
@ -52,6 +54,10 @@ struct CACHED_PERMISSIONS {
 	gid_t gid;
 	le32 inh_fileid;
 	le32 inh_dirid;
+#if POSIXACLS
+	void *pxdesc;
+	unsigned int pxdescsize:16;
+#endif
 	unsigned int mode:12;
 	unsigned int valid:1;
 } ;
@ -129,6 +135,65 @@ struct SECURITY_CONTEXT {
 	pid_t tid; /* thread id of thread requesting */
 	} ;

+#if POSIXACLS
+
+/*
+ *		       Posix ACL structures
+ */
+  
+struct POSIX_ACE {
+	u16 tag;
+	u16 perms;
+	s32 id;   
+} ;
+        
+struct POSIX_ACL {
+	u8 version;
+	u8 flags;
+	u16 filler;
+	struct POSIX_ACE ace[0];
+} ;
+
+struct POSIX_SECURITY {
+	mode_t mode;
+	int acccnt;
+	int defcnt;
+	int firstdef;
+	u16 tagsset;
+	struct POSIX_ACL acl;
+} ;
+        
+/*
+ *		Posix tags, cpu-endian 16 bits
+ */
+   
+enum {  
+	POSIX_ACL_USER_OBJ =	1,
+	POSIX_ACL_USER =	2,
+	POSIX_ACL_GROUP_OBJ =	4,
+	POSIX_ACL_GROUP =	8,
+	POSIX_ACL_MASK =	16,
+	POSIX_ACL_OTHER =	32,
+	POSIX_ACL_SPECIAL =	64  /* internal use only */
+} ;
+
+#define POSIX_ACL_EXTENSIONS (POSIX_ACL_USER | POSIX_ACL_GROUP | POSIX_ACL_MASK)
+        
+/*
+ *		Posix permissions, cpu-endian 16 bits
+ */
+   
+enum {  
+	POSIX_PERM_X =		1,
+	POSIX_PERM_W =		2,
+	POSIX_PERM_R =		4,
+	POSIX_PERM_DENIAL =	64 /* internal use only */
+} ;
+
+#define POSIX_VERSION 2
+
+#endif
+
 extern const GUID *const zero_guid;

 extern BOOL ntfs_guid_is_zero(const GUID *guid);
@ -169,17 +234,46 @@ int ntfs_allowed_access(struct SECURITY_CONTEXT *scx, const char *path,
 BOOL ntfs_allowed_dir_access(struct SECURITY_CONTEXT *scx,
 		const char *path, int accesstype);

+#if POSIXACLS
+le32 ntfs_alloc_securid(struct SECURITY_CONTEXT *scx,
+		uid_t uid, gid_t gid, const char *dir_path,
+		ntfs_inode *dir_ni, mode_t mode, BOOL isdir);
+#else
 le32 ntfs_alloc_securid(struct SECURITY_CONTEXT *scx,
 		uid_t uid, gid_t gid, mode_t mode, BOOL isdir);
+#endif
 int ntfs_set_owner(struct SECURITY_CONTEXT *scx,
 		const char *path, ntfs_inode *ni, uid_t uid, gid_t gid);
+#if POSIXACLS
+int ntfs_set_owner_mode(struct SECURITY_CONTEXT *scx,
+		ntfs_inode *ni, uid_t uid, gid_t gid,
+		mode_t mode, struct POSIX_SECURITY *pxdesc);
+#else
 int ntfs_set_owner_mode(struct SECURITY_CONTEXT *scx,
 		ntfs_inode *ni, uid_t uid, gid_t gid, mode_t mode);
+#endif
 le32 ntfs_inherited_id(struct SECURITY_CONTEXT *scx,
 		const char *dir_path, ntfs_inode *dir_ni, BOOL fordir);
 int ntfs_open_secure(ntfs_volume *vol);
 void ntfs_close_secure(struct SECURITY_CONTEXT *scx);

+#if POSIXACLS
+
+int ntfs_set_inherited_posix(struct SECURITY_CONTEXT *scx,
+		ntfs_inode *ni, uid_t uid, gid_t gid,
+		const char *dir_path, ntfs_inode *dir_ni, mode_t mode);
+int ntfs_get_posix_acl(struct SECURITY_CONTEXT *scx, const char *path,
+			const char *name, char *value, size_t size,
+			ntfs_inode *ni);
+int ntfs_set_posix_acl(struct SECURITY_CONTEXT *scx, const char *path,
+			const char *name, const char *value, size_t size,
+			ntfs_inode *ni);
+int ntfs_remove_posix_acl(struct SECURITY_CONTEXT *scx, const char *path,
+			const char *name, ntfs_inode *ni);
+
+#endif
+
+
 /*
 *		Security API for direct access to security descriptors
 *	based on Win32 API
--- a/libntfs-3g/security.c
+++ b/libntfs-3g/security.c
--- a/src/ntfs-3g.c
+++ b/src/ntfs-3g.c
@ -1071,9 +1071,15 @@ static int ntfs_fuse_create(const char *org_path, dev_t typemode, dev_t dev,
 				securid = ntfs_inherited_id(&security, dir_path,
 					dir_ni, S_ISDIR(type));
 			else
+#if POSIXACLS
+				securid = ntfs_alloc_securid(&security,
+					security.uid, security.gid,
+					dir_path, dir_ni, perm, S_ISDIR(type));
+#else
 				securid = ntfs_alloc_securid(&security,
 					security.uid, security.gid, perm,
 					S_ISDIR(type));
+#endif
 		/* Create object specified in @type. */
 		switch (type) {
 			case S_IFCHR:
@ -1102,10 +1108,18 @@ static int ntfs_fuse_create(const char *org_path, dev_t typemode, dev_t dev,
 				 * could not be allocated (eg NTFS 1.x)
 				 */
 			if (ctx->security.usermapping) {
+#if POSIXACLS
+			   	if (!securid
+				   && ntfs_set_inherited_posix(&security, ni,
+					security.uid, security.gid,
+					dir_path, dir_ni, perm) < 0)
+					set_fuse_error(&res);
+#else
 			   	if (!securid
 				   && ntfs_set_owner_mode(&security, ni,
 					security.uid, security.gid, perm) < 0)
 					set_fuse_error(&res);
+#endif
 				else {
 					/* Adjust read-only (for Windows) */
 					if (perm & S_IWUSR)
@ -1731,6 +1745,38 @@ static int ntfs_fuse_getxattr(const char *path, const char *name,
 	ntfschar *lename = NULL;
 	int res, lename_len;

+#if POSIXACLS
+	struct SECURITY_CONTEXT security;
+
+			/* hijack Posix ACL retrieval */
+	if ((size > 0)
+	    && (!strcmp(name,"system.posix_acl_access")
+		|| !strcmp(name,"system.posix_acl_default"))) {
+
+		if (ntfs_fuse_is_named_data_stream(path))
+			return -EINVAL; /* n/a for named data streams. */
+
+		  /* JPA return unsupported if no user mapping has been defined */
+		if (!ntfs_fuse_fill_security_context(&security)) {
+			if (ctx->silent)
+				res = 0;
+			else
+				res = -EOPNOTSUPP;
+
+		} else {
+			ni = ntfs_pathname_to_inode(ctx->vol, NULL, path);
+			if (!ni)
+				res = -errno;
+			else {
+				res = ntfs_get_posix_acl(&security,path,
+					name,value,size,ni);
+				if (ntfs_inode_close(ni))
+					set_fuse_error(&res);
+			}
+		}
+		return (res);
+	}
+#endif
 	if (ctx->streams == NF_STREAMS_INTERFACE_WINDOWS)
 		return ntfs_fuse_getxattr_windows(path, name, value, size);
 	if (ctx->streams != NF_STREAMS_INTERFACE_XATTR)
@ -1777,6 +1823,37 @@ static int ntfs_fuse_setxattr(const char *path, const char *name,
 	ntfschar *lename = NULL;
 	int res, lename_len;

+#if POSIXACLS
+	struct SECURITY_CONTEXT security;
+
+			/* hijack Posix ACL setting */
+	if (!strcmp(name,"system.posix_acl_access")
+	    || !strcmp(name,"system.posix_acl_default")) {
+
+		if (ntfs_fuse_is_named_data_stream(path))
+			return -EINVAL; /* n/a for named data streams. */
+
+		  /* JPA return unsupported if no user mapping has been defined */
+		if (!ntfs_fuse_fill_security_context(&security)) {
+			if (ctx->silent)
+				res = 0;
+			else
+				res = -EOPNOTSUPP;
+
+		} else {
+			ni = ntfs_pathname_to_inode(ctx->vol, NULL, path);
+			if (!ni)
+				res = -errno;
+			else {
+				res = ntfs_set_posix_acl(&security,path,
+					name,value,size,ni);
+				if (ntfs_inode_close(ni))
+					set_fuse_error(&res);
+			}
+		}
+		return (res);
+	}
+#endif
 	if (ctx->streams != NF_STREAMS_INTERFACE_XATTR)
 		return -EOPNOTSUPP;
 	if (strncmp(name, nf_ns_xattr_preffix, nf_ns_xattr_preffix_len) ||
@ -1831,6 +1908,37 @@ static int ntfs_fuse_removexattr(const char *path, const char *name)
 	int res = 0, lename_len;


+#if POSIXACLS
+	struct SECURITY_CONTEXT security;
+
+			/* hijack Posix ACL removal */
+	if (!strcmp(name,"system.posix_acl_access")
+	    || !strcmp(name,"system.posix_acl_default")) {
+
+		if (ntfs_fuse_is_named_data_stream(path))
+			return -EINVAL; /* n/a for named data streams. */
+
+		  /* JPA return unsupported if no user mapping has been defined */
+		if (!ntfs_fuse_fill_security_context(&security)) {
+			if (ctx->silent)
+				res = 0;
+			else
+				res = -EOPNOTSUPP;
+
+		} else {
+			ni = ntfs_pathname_to_inode(ctx->vol, NULL, path);
+			if (!ni)
+				res = -errno;
+			else {
+				res = ntfs_remove_posix_acl(&security,path,
+					name,ni);
+				if (ntfs_inode_close(ni))
+					set_fuse_error(&res);
+			}
+		}
+		return (res);
+	}
+#endif
 	if (ctx->streams != NF_STREAMS_INTERFACE_XATTR)
 		return -EOPNOTSUPP;
 	if (strncmp(name, nf_ns_xattr_preffix, nf_ns_xattr_preffix_len) ||