/*
* copy_dir - copy a directory
*
* Copy a directory (recursively) from src to dst.
*
* statp, mt, uid, gid are used to set the access and modification and the
* access rights.
*
* Return 0 on success, -1 on error.
*/
static int copy_dir (const char *src, const char *dst,
const struct stat *statp, const struct timeval mt[],
long int uid, long int gid)
{
int err = 0;
/*
* Create a new target directory, make it owned by
* the user and then recursively copy that directory.
*/
#ifdef WITH_SELINUX
selinux_file_context (dst);
#endif
if ( (mkdir (dst, statp->st_mode) != 0)
|| (chown (dst,
(uid == - 1) ? statp->st_uid : (uid_t) uid,
(gid == - 1) ? statp->st_gid : (gid_t) gid) != 0)
|| (chmod (dst, statp->st_mode) != 0)
|| (copy_tree (src, dst, uid, gid) != 0)
|| (utimes (dst, mt) != 0)) {
err = -1;
}
return err;
}
/*
* copy_file - copy a file
*
* Copy a file from src to dst.
*
* statp, mt, uid, gid are used to set the access and modification and the
* access rights.
*
* Return 0 on success, -1 on error.
*/
static int copy_file (const char *src, const char *dst,
const struct stat *statp, const struct timeval mt[],
long int uid, long int gid)
{
int err = 0;
int ifd;
int ofd;
char buf[1024];
ssize_t cnt;
ifd = open (src, O_RDONLY);
if (ifd < 0) {
return -1;
}
#ifdef WITH_SELINUX
selinux_file_context (dst);
#endif
ofd = open (dst, O_WRONLY | O_CREAT | O_TRUNC, statp->st_mode & 07777);
if ( (ofd < 0)
|| (fchown (ofd,
(uid == -1) ? statp->st_uid : (uid_t) uid,
(gid == -1) ? statp->st_gid : (gid_t) gid) != 0)
|| (fchmod (ofd, statp->st_mode & 07777) != 0)) {
(void) close (ifd);
return -1;
}
while ((cnt = read (ifd, buf, sizeof buf)) > 0) {
if (write (ofd, buf, (size_t)cnt) != cnt) {
return -1;
}
}
(void) close (ifd);
#ifdef HAVE_FUTIMES
if (futimes (ofd, mt) != 0) {
return -1;
}
#endif
if (close (ofd) != 0) {
return -1;
}
#ifndef HAVE_FUTIMES
if (utimes(dst, mt) != 0) {
return -1;
}
#endif
return err;
}
int create_homedir(TALLOC_CTX *mem_ctx,
const char *skeldir,
const char *homedir,
const char *username,
uid_t uid,
gid_t gid,
mode_t default_umask)
{
int ret;
selinux_file_context(homedir);
ret = mkdir(homedir, 0);
if (ret != 0) {
ret = errno;
DEBUG(1, ("Cannot create user's home directory: [%d][%s].\n",
ret, strerror(ret)));
goto done;
}
ret = chown(homedir, uid, gid);
if (ret != 0) {
ret = errno;
DEBUG(1, ("Cannot chown user's home directory: [%d][%s].\n",
ret, strerror(ret)));
goto done;
}
ret = chmod(homedir, 0777 & ~default_umask);
if (ret != 0) {
ret = errno;
DEBUG(1, ("Cannot chmod user's home directory: [%d][%s].\n",
ret, strerror(ret)));
goto done;
}
reset_selinux_file_context();
ret = copy_tree(skeldir, homedir, uid, gid);
if (ret != EOK) {
DEBUG(1, ("Cannot populate user's home directory: [%d][%s].\n",
ret, strerror(ret)));
goto done;
}
done:
reset_selinux_file_context();
return ret;
}
int create_homedir(const char *skeldir,
const char *homedir,
uid_t uid,
gid_t gid,
mode_t default_umask)
{
int ret;
selinux_file_context(homedir);
ret = copy_tree(skeldir, homedir, 0777 & ~default_umask, uid, gid);
if (ret != EOK) {
DEBUG(1, ("Cannot populate user's home directory: [%d][%s].\n",
ret, strerror(ret)));
goto done;
}
done:
reset_selinux_file_context();
return ret;
}
/*
* copy_special - copy a special file
*
* Copy a special file from src to dst.
*
* statp, mt, uid, gid are used to set the access and modification and the
* access rights.
*
* Return 0 on success, -1 on error.
*/
static int copy_special (const char *dst,
const struct stat *statp, const struct timeval mt[],
long int uid, long int gid)
{
int err = 0;
#ifdef WITH_SELINUX
selinux_file_context (dst);
#endif
if ( (mknod (dst, statp->st_mode & ~07777, statp->st_rdev) != 0)
|| (chown (dst,
(uid == -1) ? statp->st_uid : (uid_t) uid,
(gid == -1) ? statp->st_gid : (gid_t) gid) != 0)
|| (chmod (dst, statp->st_mode & 07777) != 0)
|| (utimes (dst, mt) != 0)) {
err = -1;
}
return err;
}
int copy_tree (const char *src_root, const char *dst_root, uid_t uid, gid_t gid)
{
char src_name[1024];
char dst_name[1024];
char buf[1024];
int ifd;
int ofd;
int err = 0;
int cnt;
int set_orig = 0;
struct DIRECT *ent;
struct stat sb;
struct link_name *lp;
DIR *dir;
/*
* Make certain both directories exist. This routine is called
* after the home directory is created, or recursively after the
* target is created. It assumes the target directory exists.
*/
if (access (src_root, F_OK) != 0 || access (dst_root, F_OK) != 0)
return -1;
/*
* Open the source directory and read each entry. Every file
* entry in the directory is copied with the UID and GID set
* to the provided values. As an added security feature only
* regular files (and directories ...) are copied, and no file
* is made set-ID.
*/
if (!(dir = opendir (src_root)))
return -1;
if (src_orig == 0) {
src_orig = src_root;
dst_orig = dst_root;
set_orig++;
}
while ((ent = readdir (dir))) {
/*
* Skip the "." and ".." entries
*/
if (strcmp (ent->d_name, ".") == 0 ||
strcmp (ent->d_name, "..") == 0)
continue;
/*
* Make the filename for both the source and the
* destination files.
*/
if (strlen (src_root) + strlen (ent->d_name) + 2 >
sizeof src_name) {
err++;
break;
}
snprintf (src_name, sizeof src_name, "%s/%s", src_root,
ent->d_name);
if (strlen (dst_root) + strlen (ent->d_name) + 2 >
sizeof dst_name) {
err++;
break;
}
snprintf (dst_name, sizeof dst_name, "%s/%s", dst_root,
ent->d_name);
if (LSTAT (src_name, &sb) == -1)
continue;
if (S_ISDIR (sb.st_mode)) {
/*
* Create a new target directory, make it owned by
* the user and then recursively copy that directory.
*/
#ifdef WITH_SELINUX
selinux_file_context (dst_name);
#endif
mkdir (dst_name, sb.st_mode & 0777);
chown (dst_name,
uid == (uid_t) - 1 ? sb.st_uid : uid,
gid == (gid_t) - 1 ? sb.st_gid : gid);
if (copy_tree (src_name, dst_name, uid, gid)) {
err++;
break;
}
continue;
}
#ifdef S_IFLNK
/*
* Copy any symbolic links
*/
if (S_ISLNK (sb.st_mode)) {
char oldlink[1024];
char dummy[1024];
int len;
/*
* Get the name of the file which the link points
* to. If that name begins with the original
* source directory name, that part of the link
* name will be replaced with the original
* destinateion directory name.
*/
if ((len =
readlink (src_name, oldlink,
sizeof (oldlink) - 1)) < 0) {
err++;
break;
}
oldlink[len] = '\0'; /* readlink() does not NUL-terminate */
if (!strncmp (oldlink, src_orig, strlen (src_orig))) {
snprintf (dummy, sizeof dummy, "%s%s",
dst_orig,
oldlink + strlen (src_orig));
strcpy (oldlink, dummy);
}
#ifdef WITH_SELINUX
selinux_file_context (dst_name);
#endif
if (symlink (oldlink, dst_name) ||
lchown (dst_name,
uid == (uid_t) - 1 ? sb.st_uid : uid,
gid == (gid_t) - 1 ? sb.st_gid : gid)) {
err++;
break;
}
continue;
}
#endif
/*
* See if this is a previously copied link
*/
if ((lp = check_link (src_name, &sb))) {
if (link (lp->ln_name, dst_name)) {
err++;
break;
}
if (unlink (src_name)) {
err++;
break;
}
if (--lp->ln_count <= 0)
remove_link (lp);
continue;
}
/*
* Deal with FIFOs and special files. The user really
* shouldn't have any of these, but it seems like it
* would be nice to copy everything ...
*/
if (!S_ISREG (sb.st_mode)) {
#ifdef WITH_SELINUX
selinux_file_context (dst_name);
#endif
if (mknod (dst_name, sb.st_mode & ~07777, sb.st_rdev)
|| chown (dst_name,
uid == (uid_t) - 1 ? sb.st_uid : uid,
gid == (gid_t) - 1 ? sb.st_gid : gid)
|| chmod (dst_name, sb.st_mode & 07777)) {
err++;
break;
}
continue;
}
/*
* Create the new file and copy the contents. The new
* file will be owned by the provided UID and GID values.
*/
if ((ifd = open (src_name, O_RDONLY)) < 0) {
err++;
break;
}
#ifdef WITH_SELINUX
selinux_file_context (dst_name);
#endif
if ((ofd =
open (dst_name, O_WRONLY | O_CREAT | O_TRUNC, 0)) < 0
|| chown (dst_name,
uid == (uid_t) - 1 ? sb.st_uid : uid,
gid == (gid_t) - 1 ? sb.st_gid : gid)
|| chmod (dst_name, sb.st_mode & 07777)) {
close (ifd);
err++;
break;
}
while ((cnt = read (ifd, buf, sizeof buf)) > 0) {
if (write (ofd, buf, cnt) != cnt) {
cnt = -1;
break;
}
}
close (ifd);
close (ofd);
if (cnt == -1) {
err++;
break;
}
}
closedir (dir);
if (set_orig) {
src_orig = 0;
dst_orig = 0;
}
return err ? -1 : 0;
}
/* The reason for not putting this into create_homedir
* is better granularity when it comes to reporting error
* messages and tracebacks in pysss
*/
int create_mail_spool(TALLOC_CTX *mem_ctx,
const char *username,
const char *maildir,
uid_t uid, gid_t gid)
{
char *spool_file = NULL;
int fd = -1;
int ret;
spool_file = talloc_asprintf(mem_ctx, "%s/%s", maildir, username);
if (spool_file == NULL) {
ret = ENOMEM;
goto fail;
}
selinux_file_context(spool_file);
fd = open(spool_file, O_CREAT | O_WRONLY | O_EXCL, 0);
if (fd < 0) {
ret = errno;
DEBUG(1, ("Cannot open() the spool file: [%d][%s]\n",
ret, strerror(ret)));
goto fail;
}
ret = fchmod(fd, 0600);
if (ret != 0) {
ret = errno;
DEBUG(1, ("Cannot fchmod() the spool file: [%d][%s]\n",
ret, strerror(ret)));
goto fail;
}
ret = fchown(fd, uid, gid);
if (ret != 0) {
ret = errno;
DEBUG(1, ("Cannot fchown() the spool file: [%d][%s]\n",
ret, strerror(ret)));
goto fail;
}
ret = fsync(fd);
if (ret != 0) {
ret = errno;
DEBUG(1, ("Cannot fsync() the spool file: [%d][%s]\n",
ret, strerror(ret)));
}
fail:
if (fd >= 0) {
ret = close(fd);
if (ret != 0) {
ret = errno;
DEBUG(1, ("Cannot close() the spool file: [%d][%s]\n",
ret, strerror(ret)));
}
}
reset_selinux_file_context();
talloc_free(spool_file);
return ret;
}
/*
* copy_symlink - copy a symlink
*
* Copy a symlink from src to dst.
*
* statp, mt, uid, gid are used to set the access and modification and the
* access rights.
*
* Return 0 on success, -1 on error.
*/
static int copy_symlink (const char *src, const char *dst,
const struct stat *statp, const struct timeval mt[],
long int uid, long int gid)
{
char *oldlink;
/* copy_tree () must be the entry point */
assert (NULL != src_orig);
assert (NULL != dst_orig);
/*
* Get the name of the file which the link points
* to. If that name begins with the original
* source directory name, that part of the link
* name will be replaced with the original
* destination directory name.
*/
oldlink = readlink_malloc (src);
if (NULL == oldlink) {
return -1;
}
/* If src was a link to an entry of the src_orig directory itself,
* create a link to the corresponding entry in the dst_orig
* directory.
* FIXME: This may change a relative link to an absolute link
*/
if (strncmp (oldlink, src_orig, strlen (src_orig)) == 0) {
size_t len = strlen (dst_orig) + strlen (oldlink) - strlen (src_orig) + 1;
char *dummy = (char *) malloc (len);
snprintf (dummy, len, "%s%s",
dst_orig,
oldlink + strlen (src_orig));
free (oldlink);
oldlink = dummy;
}
#ifdef WITH_SELINUX
selinux_file_context (dst);
#endif
if ( (symlink (oldlink, dst) != 0)
|| (lchown (dst,
(uid == -1) ? statp->st_uid : (uid_t) uid,
(gid == -1) ? statp->st_gid : (gid_t) gid) != 0)) {
free (oldlink);
return -1;
}
free (oldlink);
#ifdef HAVE_LUTIMES
/* 2007-10-18: We don't care about
* exit status of lutimes because
* it returns ENOSYS on many system
* - not implemented
*/
lutimes (dst, mt);
#endif
return 0;
}