void
libcfs_ssl_logerr(int level, SSL *ssl, int code)
{
#define ERRBUF_LEN 256
int xcode = SSL_get_error(ssl, code);
char sbuf[ERRBUF_LEN];
if (ERR_error_string(ERR_get_error(), sbuf) == NULL)
psclog_error("unable to get SSL error");
psclog(level, "ssl error: %s (%d)", sbuf, xcode);
}
/**
* pfl_socket_setnosig - Try to set "no SIGPIPE" on a socket.
* @sock: socket file descriptor.
*/
void
pfl_socket_setnosig(int sock)
{
#ifdef SO_NOSIGPIPE
socklen_t optsiz;
int optval;
optval = 1;
optsiz = sizeof(optval);
if (setsockopt(sock, SOL_SOCKET, SO_NOSIGPIPE,
&optval, optsiz) == -1)
psclog_error("setsockopt");
#else
(void)sock;
#endif
}
int
wipefs_fidns(FTSENT *f, __unusedx void *arg)
{
int rc = 0, skiplevel = ion ? 7 : 6;
const char *fn;
fn = f->fts_path;
if (f->fts_level < 1)
return (0);
if (f->fts_info == FTS_D || f->fts_info == FTS_DP) {
if (f->fts_info == FTS_DP && rmdir(fn) == -1)
psc_fatal("rmdir %s", fn);
/*
* Do not descend into hardlinked directories.
*
* MDS:
* 0 -> dir
* 1 -> dir/.slmd
* 2 -> dir/.slmd/fidns
* 3 -> dir/.slmd/fidns/0
* 4 -> dir/.slmd/fidns/0/1
* 5 -> dir/.slmd/fidns/0/1/2
* 6 -> dir/.slmd/fidns/0/1/2/3
* 7 -> dir/.slmd/fidns/0/1/2/3/file
*
* IO:
* 0 -> dir
* 1 -> dir/.slmd
* 2 -> dir/.slmd/fsuuid
* 3 -> dir/.slmd/fsuuid/fidns
* 4 -> dir/.slmd/fsuuid/fidns/0
* 5 -> dir/.slmd/fsuuid/fidns/0/1
* 6 -> dir/.slmd/fsuuid/fidns/0/1/2
* 7 -> dir/.slmd/fsuuid/fidns/0/1/2/3
* 8 -> dir/.slmd/fsuuid/fidns/0/1/2/3/file
*/
else if (f->fts_level > skiplevel)
pfl_fts_set(f, FTS_SKIP);
} else if (unlink(fn) == -1)
psclog_error("unlink %s", fn);
return (rc);
}
int
wipefs_user(FTSENT *f, __unusedx void *arg)
{
const char *p, *fn;
int rc = 0;
fn = f->fts_path;
if (f->fts_level < 1)
return (0);
if (f->fts_info == FTS_D || f->fts_info == FTS_DP) {
/* skip SLASH2 internal metadata */
p = strrchr(fn, '/');
if (p)
p++;
else
p = fn;
if (strcmp(p, SL_RPATH_META_DIR) == 0)
pfl_fts_set(f, FTS_SKIP);
else if (f->fts_info == FTS_DP && rmdir(fn) == -1)
psc_fatal("rmdir %s", fn);
} else if (unlink(fn) == -1)
psclog_error("unlink %s", fn);
return (rc);
}
acl_t
pfl_acl_from_xattr(const void *buf, size_t size)
{
int i, entries;
const struct acl_ea_header *h = buf;
const struct acl_ea_entry *xe = PSC_AGP(h + 1, 0);
unsigned int xperms;
acl_permset_t permset;
acl_entry_t e;
acl_tag_t tag;
acl_t a;
if (size < sizeof(*h)) {
errno = EINVAL;
return (NULL);
}
if (le32toh(h->version) != ACL_EA_VERSION) {
errno = EINVAL;
return (NULL);
}
size -= sizeof(*h);
if (size % sizeof(*xe)) {
errno = EINVAL;
return (NULL);
}
entries = size / sizeof(*xe);
a = acl_init(entries);
if (a == NULL)
return (NULL);
for (i = 0; i < entries; i++, xe++) {
acl_create_entry(&a, &e);
if (acl_get_permset(e, &permset) == -1)
psclog_error("get_permset");
acl_clear_perms(permset);
xperms = le16toh(xe->perm);
if (xperms & ACL_READ)
acl_add_perm(permset, ACL_READ);
if (xperms & ACL_WRITE)
acl_add_perm(permset, ACL_WRITE);
if (xperms & ACL_EXECUTE)
acl_add_perm(permset, ACL_EXECUTE);
if (acl_set_permset(e, permset) == -1)
psclog_error("set_permset");
acl_set_tag_type(e, tag = le16toh(xe->tag));
switch (tag) {
case ACL_USER: {
uid_t uid = le32toh(xe->id);
acl_set_qualifier(e, &uid);
break;
}
case ACL_GROUP: {
gid_t gid = le32toh(xe->id);
acl_set_qualifier(e, &gid);
break;
}
}
}
return (a);
}
int
sl_checkacls(acl_t a, struct srt_stat *sstb,
const struct pscfs_creds *pcrp, int accmode)
{
int wh, rv = EACCES, i, rc, prec = 6;
acl_entry_t e, authz = NULL, mask = NULL;
acl_tag_t tag;
gid_t *gp, g;
uid_t *up;
wh = ACL_FIRST_ENTRY;
while ((rc = acl_get_entry(a, wh, &e)) == 1) {
wh = ACL_NEXT_ENTRY;
rc = acl_get_tag_type(e, &tag);
switch (tag) {
case ACL_USER_OBJ:
if (sstb->sst_uid == pcrp->pcr_uid)
ACL_SET_PRECEDENCE(1, prec, e, authz);
break;
case ACL_USER:
up = acl_get_qualifier(e);
if (*up == pcrp->pcr_uid)
ACL_SET_PRECEDENCE(2, prec, e, authz);
break;
case ACL_GROUP_OBJ:
FOREACH_GROUP(g, i, pcrp)
if (g == sstb->sst_gid) {
ACL_SET_PRECEDENCE(3, prec, e,
authz);
break;
}
break;
case ACL_GROUP:
gp = acl_get_qualifier(e);
FOREACH_GROUP(g, i, pcrp)
if (g == *gp) {
ACL_SET_PRECEDENCE(4, prec, e,
authz);
break;
}
break;
case ACL_OTHER:
ACL_SET_PRECEDENCE(5, prec, e, authz);
break;
case ACL_MASK:
mask = e;
break;
default:
psclog_error("acl_get_tag_type");
break;
}
}
if (rc == -1)
psclog_error("acl_get_entry");
else if (authz) {
rv = ACL_AUTH(authz, accmode);
if (prec != 1 && prec != 5 &&
rv == 0 && mask)
rv = ACL_AUTH(mask, accmode);
}
#ifdef SLOPT_POSIX_ACLS_REVERT
else
rv = checkcreds(sstb, pcrp, accmode);
#endif
return (rv);
}
