int chacl_fileproc(void *callerdat, struct file_info *finfo) { CXmlNodePtr acl; /* If someone has specified 'chacl foo' and foo is a directory, you'll get a dirent plus every file in the directory. We only want to set the directory in this case */ if(acl_directory_set && !strcmp(finfo->repository, acl_directory_set)) return 0; Vers_TS *vers = Version_TS (finfo, NULL, NULL, NULL, 0, 0, 0); if(!vers->vn_user && !vers->vn_rcs) { if (!really_quiet) error (0, 0, "nothing known about %s", fn_root(finfo->fullname)); freevers_ts(&vers); return 0; } freevers_ts(&vers); if(!quiet) printf("%sing ACL for file %s\n",parms.del?"delet":"sett",finfo->file); acl = fileattr_getroot(); acl->xpathVariable("name",finfo->file); if(!acl->Lookup("file[cvs:filename(@name,$name)]") || !acl->XPathResultNext()) { acl = fileattr_getroot(); acl->NewNode("file"); acl->NewAttribute("name",finfo->file); } set_acl(acl); return 0; }
/* * XXX TODO: What about ACL types other than ACCESS and DEFAULT? */ int archive_write_disk_set_acls(struct archive *a, int fd, const char *name, struct archive_acl *abstract_acl) { int ret; if (archive_acl_count(abstract_acl, ARCHIVE_ENTRY_ACL_TYPE_POSIX1E) > 0) { ret = set_acl(a, fd, name, abstract_acl, ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_TYPE_ACCESS, "access"); if (ret != ARCHIVE_OK) return (ret); ret = set_acl(a, fd, name, abstract_acl, ACL_TYPE_DEFAULT, ARCHIVE_ENTRY_ACL_TYPE_DEFAULT, "default"); return (ret); #ifdef ACL_TYPE_NFS4 } else if (archive_acl_count(abstract_acl, ARCHIVE_ENTRY_ACL_TYPE_NFS4) > 0) { ret = set_acl(a, fd, name, abstract_acl, ACL_TYPE_NFS4, ARCHIVE_ENTRY_ACL_TYPE_NFS4, "nfs4"); return (ret); #endif } else return ARCHIVE_OK; }
int main (int argc, char *argv[]) { const char *file; int mode; set_program_name (argv[0]); ASSERT (argc == 3); file = argv[1]; mode = strtol (argv[2], NULL, 8); set_acl (file, -1, mode); return 0; }
static Dtype chacl_dirproc (void *callerdat, char *dir, char *repos, char *update_dir, List *entries, const char *virtual_repository, Dtype hint) { CXmlNodePtr curdir; if(hint!=R_PROCESS) return hint; if(!quiet) printf("%sing ACL for directory %s\n",parms.del?"delet":"sett",update_dir); curdir = fileattr_getroot(); if(!curdir->GetChild("directory")) curdir->NewNode("directory"); set_acl(curdir); xfree(acl_directory_set); acl_directory_set = xstrdup(repos); return R_PROCESS; }
static int walk_dir(acl_t acl, acl_t dacl, const char *fname) { int failed = 0; DIR *dir; struct dirent64 *d; char *name; if ((dir = opendir(fname)) == NULL) { if (errno != ENOTDIR) { fprintf(stderr, _("%s: opendir failed: %s\n"), program, strerror(errno)); return(1); } return(0); /* got a file, not an error */ } while ((d = readdir64(dir)) != NULL) { /* skip "." and ".." entries */ if (strcmp(d->d_name, ".") == 0 || strcmp(d->d_name, "..") == 0) continue; name = malloc(strlen(fname) + strlen(d->d_name) + 2); if (name == NULL) { fprintf(stderr, _("%s: malloc failed: %s\n"), program, strerror(errno)); exit(1); } sprintf(name, "%s/%s", fname, d->d_name); failed += set_acl(acl, dacl, name); free(name); } closedir(dir); return(failed); }
static void doit(const char *filename) { int fd; int ret; void *buf; ret = mkdir("bad", 0777); if (ret < 0) err(1, "mkdir bad"); ret = chdir("bad"); if (ret < 0) err(1, "chdir bad"); fd = open(filename, O_RDWR | O_CREAT | O_TRUNC, 0600); if (fd < 0) err(1, "open %s", filename); ret = ftruncate(fd, 1); if (ret < 0) err(1, "ftruncate %s", filename); buf = mmap(NULL, 1, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); if (buf == (void *)MAP_FAILED) err(1, "mmap"); ret = set_acl("."); if (ret < 0) err(1, "setacl failed"); ret = close(fd); if (ret < 0) err(1, "close %s", filename); *((char *)buf) = 0x17; ret = munmap(buf, 1); if (ret < 0) err(1, "munmap"); }
/* Copy the permissions of src_path to dst_path. This includes the file mode permission bits and ACLs. File ownership is not copied. */ int perm_copy_file (const char *src_path, const char *dst_path, struct error_context *ctx) { #if defined(HAVE_ACL_GET_FILE) && defined(HAVE_ACL_SET_FILE) acl_t acl; #endif struct stat st; int ret = 0; ret = stat(src_path, &st); if (ret != 0) { const char *qpath = quote (ctx, src_path); error (ctx, "%s", qpath); quote_free (ctx, qpath); return -1; } #if defined(HAVE_ACL_GET_FILE) && defined(HAVE_ACL_SET_FILE) /* POSIX 1003.1e draft 17 (abandoned) specific version. */ acl = acl_get_file (src_path, ACL_TYPE_ACCESS); if (acl == NULL) { ret = -1; if (errno == ENOSYS || errno == ENOTSUP) ret = set_acl (dst_path, st.st_mode, ctx); else { const char *qpath = quote (ctx, src_path); error (ctx, "%s", qpath); quote_free (ctx, qpath); } return ret; } if (acl_set_file (dst_path, ACL_TYPE_ACCESS, acl) != 0) { int saved_errno = errno; __apply_mask_to_mode(&st.st_mode, acl); ret = chmod (dst_path, st.st_mode); if ((errno != ENOSYS && errno != ENOTSUP) || acl_entries (acl) != 3) { const char *qpath = quote (ctx, dst_path); errno = saved_errno; error (ctx, _("preserving permissions for %s"), qpath); quote_free (ctx, qpath); ret = -1; } } (void) acl_free (acl); if (ret == 0 && S_ISDIR (st.st_mode)) { acl = acl_get_file (src_path, ACL_TYPE_DEFAULT); if (acl == NULL) { const char *qpath = quote (ctx, src_path); error (ctx, "%s", qpath); quote_free (ctx, qpath); return -1; } # if defined(HAVE_ACL_DELETE_DEF_FILE) if (acl_entries(acl) == 0) ret = acl_delete_def_file(dst_path); else ret = acl_set_file (dst_path, ACL_TYPE_DEFAULT, acl); # else ret = acl_set_file (dst_path, ACL_TYPE_DEFAULT, acl); # endif if (ret != 0) { const char *qpath = quote (ctx, dst_path); error (ctx, _("preserving permissions for %s"), qpath); quote_free (ctx, qpath); } (void) acl_free(acl); } return ret; #else /* POSIX.1 version. */ ret = chmod (dst_path, st.st_mode); if (ret != 0) { const char *qpath = quote (ctx, dst_path); error (ctx, _("setting permissions for %s"), qpath); quote_free (ctx, qpath); } return ret; #endif }
int copy_acl (const char *src_name, int source_desc, const char *dst_name, int dest_desc, mode_t mode) { int ret; #if USE_ACL && HAVE_ACL_GET_FILE && HAVE_ACL_SET_FILE && HAVE_ACL_FREE /* POSIX 1003.1e (draft 17 -- abandoned) specific version. */ acl_t acl; if (HAVE_ACL_GET_FD && source_desc != -1) acl = acl_get_fd (source_desc); else acl = acl_get_file (src_name, ACL_TYPE_ACCESS); if (acl == NULL) { if (ACL_NOT_WELL_SUPPORTED (errno)) return set_acl (dst_name, dest_desc, mode); else { error (0, errno, "%s", quote (src_name)); return -1; } } if (HAVE_ACL_SET_FD && dest_desc != -1) ret = acl_set_fd (dest_desc, acl); else ret = acl_set_file (dst_name, ACL_TYPE_ACCESS, acl); if (ret != 0) { int saved_errno = errno; if (ACL_NOT_WELL_SUPPORTED (errno)) { int n = acl_entries (acl); acl_free (acl); if (n == 3) { if (chmod_or_fchmod (dst_name, dest_desc, mode) != 0) saved_errno = errno; else return 0; } else chmod_or_fchmod (dst_name, dest_desc, mode); } else { acl_free (acl); chmod_or_fchmod (dst_name, dest_desc, mode); } error (0, saved_errno, _("preserving permissions for %s"), quote (dst_name)); return -1; } else acl_free (acl); if (mode & (S_ISUID | S_ISGID | S_ISVTX)) { /* We did not call chmod so far, so the special bits have not yet been set. */ if (chmod_or_fchmod (dst_name, dest_desc, mode) != 0) { error (0, errno, _("preserving permissions for %s"), quote (dst_name)); return -1; } } if (S_ISDIR (mode)) { acl = acl_get_file (src_name, ACL_TYPE_DEFAULT); if (acl == NULL) { error (0, errno, "%s", quote (src_name)); return -1; } if (acl_set_file (dst_name, ACL_TYPE_DEFAULT, acl)) { error (0, errno, _("preserving permissions for %s"), quote (dst_name)); acl_free (acl); return -1; } else acl_free (acl); } return 0; #else ret = chmod_or_fchmod (dst_name, dest_desc, mode); if (ret != 0) error (0, errno, _("preserving permissions for %s"), quote (dst_name)); return ret; #endif }
int set_extrameta(const char *path, char cmd, struct stat *statp, const char *extrameta, size_t metalen, struct cntr *cntr) { size_t l=0; char cmdtmp='\0'; unsigned int s=0; const char *metadata=NULL; int errors=0; metadata=extrameta; l=metalen; while(l>0) { char *m=NULL; if((sscanf(metadata, "%c%08X", &cmdtmp, &s))!=2) { logw(cntr, "sscanf of metadata failed for %s: %s\n", path, metadata); return -1; } metadata+=9; l-=9; if(!(m=(char *)malloc(s+1))) { logp("out of memory\n"); return -1; } memcpy(m, metadata, s); m[s]='\0'; metadata+=s; l-=s; switch(cmdtmp) { #if defined(HAVE_LINUX_OS) || \ defined(HAVE_FREEBSD_OS) || \ defined(HAVE_OPENBSD_OS) || \ defined(HAVE_NETBSD_OS) #ifdef HAVE_ACL case META_ACCESS_ACL: if(set_acl(path, statp, m, s, cmdtmp, cntr)) errors++; break; case META_DEFAULT_ACL: if(set_acl(path, statp, m, s, cmdtmp, cntr)) errors++; break; #endif #endif #if defined(HAVE_LINUX_OS) #ifdef HAVE_XATTR case META_XATTR: if(set_xattr(path, statp, m, s, cmdtmp, cntr)) errors++; break; #endif #endif #if defined(HAVE_FREEBSD_OS) || \ defined(HAVE_OPENBSD_OS) || \ defined(HAVE_NETBSD_OS) #ifdef HAVE_XATTR case META_XATTR_BSD: if(set_xattr(path, statp, m, s, cmdtmp, cntr)) errors++; break; #endif #endif default: logp("unknown metadata: %c\n", cmdtmp); logw(cntr, "unknown metadata: %c\n", cmdtmp); errors++; break; } free(m); } return errors; }
int copy_acl (const char *src_name, int source_desc, const char *dst_name, int dest_desc, mode_t mode) { int ret; #if USE_ACL && HAVE_ACL_GET_FILE && HAVE_ACL_SET_FILE && HAVE_ACL_FREE /* POSIX 1003.1e (draft 17 -- abandoned) specific version. */ /* Linux, FreeBSD, MacOS X, IRIX, Tru64 */ acl_t acl; if (HAVE_ACL_GET_FD && source_desc != -1) acl = acl_get_fd (source_desc); else acl = acl_get_file (src_name, ACL_TYPE_ACCESS); if (acl == NULL) { if (ACL_NOT_WELL_SUPPORTED (errno)) return set_acl (dst_name, dest_desc, mode); else { error (0, errno, "%s", quote (src_name)); return -1; } } if (HAVE_ACL_SET_FD && dest_desc != -1) ret = acl_set_fd (dest_desc, acl); else ret = acl_set_file (dst_name, ACL_TYPE_ACCESS, acl); if (ret != 0) { int saved_errno = errno; if (ACL_NOT_WELL_SUPPORTED (errno)) { int n = acl_entries (acl); acl_free (acl); /* On most hosts with MODE_INSIDE_ACL an ACL is trivial if n == 3, and it cannot be less than 3. On IRIX 6.5 it is also trivial if n == -1. For simplicity and safety, assume the ACL is trivial if n <= 3. Also see file-has-acl.c for some of the other possibilities; it's not clear whether that complexity is needed here. */ if (n <= 3 * MODE_INSIDE_ACL) { if (chmod_or_fchmod (dst_name, dest_desc, mode) != 0) saved_errno = errno; else return 0; } else chmod_or_fchmod (dst_name, dest_desc, mode); } else { acl_free (acl); chmod_or_fchmod (dst_name, dest_desc, mode); } error (0, saved_errno, _("preserving permissions for %s"), quote (dst_name)); return -1; } else acl_free (acl); if (!MODE_INSIDE_ACL || (mode & (S_ISUID | S_ISGID | S_ISVTX))) { /* We did not call chmod so far, and either the mode and the ACL are separate or special bits are to be set which don't fit into ACLs. */ if (chmod_or_fchmod (dst_name, dest_desc, mode) != 0) { error (0, errno, _("preserving permissions for %s"), quote (dst_name)); return -1; } } if (S_ISDIR (mode)) { acl = acl_get_file (src_name, ACL_TYPE_DEFAULT); if (acl == NULL) { error (0, errno, "%s", quote (src_name)); return -1; } if (acl_set_file (dst_name, ACL_TYPE_DEFAULT, acl)) { error (0, errno, _("preserving permissions for %s"), quote (dst_name)); acl_free (acl); return -1; } else acl_free (acl); } return 0; #else # if USE_ACL && defined ACL_NO_TRIVIAL /* Solaris 10 NFSv4 ACLs. */ acl_t *aclp = NULL; ret = (source_desc < 0 ? acl_get (src_name, ACL_NO_TRIVIAL, &aclp) : facl_get (source_desc, ACL_NO_TRIVIAL, &aclp)); if (ret != 0 && errno != ENOSYS) { error (0, errno, "%s", quote (src_name)); return ret; } # endif ret = qset_acl (dst_name, dest_desc, mode); if (ret != 0) error (0, errno, _("preserving permissions for %s"), quote (dst_name)); # if USE_ACL && defined ACL_NO_TRIVIAL if (ret == 0 && aclp) { ret = (dest_desc < 0 ? acl_set (dst_name, aclp) : facl_set (dest_desc, aclp)); if (ret != 0) error (0, errno, _("preserving permissions for %s"), quote (dst_name)); acl_free (aclp); } # endif return ret; #endif }
int main(int argc, char *argv[]) { char *file; int switch_flag = 0; /* ensure only one switch is used */ int args_required = 2; int failed = 0; /* exit status */ int c; /* For use by getopt(3) */ int dflag = 0; /* a Default ACL is desired */ int bflag = 0; /* a both ACLs are desired */ int Rflag = 0; /* set to true to remove an acl */ int Dflag = 0; /* set to true to remove default acls */ int Bflag = 0; /* set to true to remove both acls */ int lflag = 0; /* set to true to list acls */ acl_t acl = NULL; /* File ACL */ acl_t dacl = NULL; /* Directory Default ACL */ program = basename(argv[0]); setlocale(LC_CTYPE, ""); setlocale(LC_MESSAGES, ""); bindtextdomain(PACKAGE, LOCALEDIR); textdomain(PACKAGE); /* parse arguments */ while ((c = getopt(argc, argv, "bdlRDBr")) != -1) { if (switch_flag) usage(); switch_flag = 1; switch (c) { case 'b': bflag = 1; args_required = 3; break; case 'd': dflag = 1; args_required = 2; break; case 'R': Rflag = 1; args_required = 1; break; case 'D': Dflag = 1; args_required = 1; break; case 'B': Bflag = 1; args_required = 1; break; case 'l': lflag = 1; args_required = 1; break; case 'r': rflag = 1; args_required = 1; break; default: usage(); break; } } /* if not enough arguments quit */ if ((argc - optind) < args_required) usage(); /* list the acls */ if (lflag) { for (; optind < argc; optind++) { file = argv[optind]; if (!list_acl(file)) failed++; } return(failed); } /* remove the acls */ if (Rflag || Dflag || Bflag) { for (; optind < argc; optind++) { file = argv[optind]; if (!Dflag && (acl_delete_file(file, ACL_TYPE_ACCESS) == -1)) { fprintf(stderr, _( "%s: error removing access acl on \"%s\": %s\n"), program, file, strerror(errno)); failed++; } if (!Rflag && (acl_delete_file(file, ACL_TYPE_DEFAULT) == -1)) { fprintf(stderr, _( "%s: error removing default acl on \"%s\": %s\n"), program, file, strerror(errno)); failed++; } } return(failed); } /* file access acl */ if (! dflag) { acl = acl_from_text(argv[optind]); failed = acl_check(acl, &c); if (failed < 0) { fprintf(stderr, "%s: %s - %s\n", program, argv[optind], strerror(errno)); return 1; } else if (failed > 0) { fprintf(stderr, _( "%s: access ACL '%s': %s at entry %d\n"), program, argv[optind], acl_error(failed), c); return 1; } optind++; } /* directory default acl */ if (bflag || dflag) { dacl = acl_from_text(argv[optind]); failed = acl_check(dacl, &c); if (failed < 0) { fprintf(stderr, "%s: %s - %s\n", program, argv[optind], strerror(errno)); return 1; } else if (failed > 0) { fprintf(stderr, _( "%s: access ACL '%s': %s at entry %d\n"), program, argv[optind], acl_error(failed), c); return 1; } optind++; } /* place acls on files */ for (; optind < argc; optind++) failed += set_acl(acl, dacl, argv[optind]); if (acl) acl_free(acl); if (dacl) acl_free(dacl); return(failed); }
int set_extrameta(struct asfd *asfd, BFILE *bfd, const char *path, struct sbuf *sb, const char *extrameta, size_t metalen, struct conf **confs) { size_t l=0; char cmdtmp='\0'; unsigned int s=0; const char *metadata=NULL; int errors=0; metadata=extrameta; l=metalen; while(l>0) { char *m=NULL; if((sscanf(metadata, "%c%08X", &cmdtmp, &s))!=2) { logw(asfd, confs, "sscanf of metadata failed for %s: %s\n", path, metadata); return -1; } metadata+=9; l-=9; if(!(m=(char *)malloc_w(s+1, __func__))) return -1; memcpy(m, metadata, s); m[s]='\0'; metadata+=s; l-=s; switch(cmdtmp) { #if defined(HAVE_WIN32) case META_VSS: if(set_vss(bfd, m, s, confs)) errors++; break; #endif #if defined(HAVE_LINUX_OS) || \ defined(HAVE_FREEBSD_OS) || \ defined(HAVE_OPENBSD_OS) || \ defined(HAVE_NETBSD_OS) #ifdef HAVE_ACL case META_ACCESS_ACL: if(set_acl(asfd, path, sb, m, s, cmdtmp, confs)) errors++; break; case META_DEFAULT_ACL: if(set_acl(asfd, path, sb, m, s, cmdtmp, confs)) errors++; break; #endif #endif #if defined(HAVE_LINUX_OS) #ifdef HAVE_XATTR case META_XATTR: if(set_xattr(asfd, path, sb, m, s, cmdtmp, confs)) errors++; break; #endif #endif #if defined(HAVE_FREEBSD_OS) || \ defined(HAVE_OPENBSD_OS) || \ defined(HAVE_NETBSD_OS) #ifdef HAVE_XATTR case META_XATTR_BSD: if(set_xattr(asfd, path, sb, m, s, cmdtmp, confs)) errors++; break; #endif #endif default: logp("unknown metadata: %c\n", cmdtmp); logw(asfd, confs, "unknown metadata: %c\n", cmdtmp); errors++; break; } free(m); } return errors; }
int set_wlan_basic(int radio) { int vap_enable; int radio_nvram_enable; int i; int vap_num; int wlan_mode = -1; nvram_get_radio_status(radio, &radio_nvram_enable); nvram_get_wlan_mode(radio, &wlan_mode); if(RADIO_DOWN == radio_nvram_enable) { //Kill all the security daemon first // if(WLAN_MODE_AP == wlan_mode) // { radio_up_down(radio, RADIO_DOWN, wlan_mode); kill_all_authentication_daemon(radio, wlan_mode); //wds for(i=0;i<WDS_VAP_NUM;i++) { set_ap_wds_down(radio, i); } // } // else if(WLAN_MODE_STA == wlan_mode) // { // kill_all_authentication_daemon(radio, wlan_mode); // radio_up_down(radio, RADIO_DOWN, wlan_mode); // } return T_SUCCESS; } // if(WLAN_MODE_AP == wlan_mode) // { //Down all the VAPs first radio_up_down(radio, RADIO_DOWN, wlan_mode); //wds for(i=0;i<WDS_VAP_NUM;i++) { set_ap_wds_down(radio, i); } //Kill all the security daemon first kill_all_authentication_daemon(radio, wlan_mode); // } // else if(WLAN_MODE_STA == wlan_mode) // { //Kill all the security daemon first // kill_all_authentication_daemon(radio, wlan_mode); //Down all the VAPs first // radio_up_down(radio, RADIO_DOWN, wlan_mode); // } /*net mode and channel*/ set_ap_wirelessmode_channel(radio); /*ap isolation*/ vap_num = nvram_get_vap_num(radio); //for(i=1; i < vap_num; i++) for(i=0; i < vap_num; i++) { nvram_get_vap_status(radio, i, &vap_enable); if(VAP_ENABLE == vap_enable) { set_ssid(radio, WLAN_MODE_AP, i);//add by frank set_acl(radio, i); //set_enable_ssid(radio, WLAN_MODE_AP, i); set_hidden_ssid(radio, WLAN_MODE_AP, i);//add by frank set_bss_isolation(radio, WLAN_MODE_AP, i);//add by frank set_ap_security(radio, i); #if defined(VLAN_ENABLE) //Deleted by Mario Huang //set_wlan_vlan(radio,i); //preserve 3 seconds for main VAP #endif if(0==i) { sleep(3); } } else if(VAP_DISABLE == vap_enable) { //set_disable_ssid(radio, WLAN_MODE_AP, i); //vap_up_down(radio, i, WLAN_MODE_AP, VAP_DOWN); } } set_ap_isolation(radio);//add by frank, impl on 2014-02-17 //Deleted by Mario Huang 2014-08-12 //set_ap_wmm(radio, 0); //Added by Mario Huang for VLAN test #if defined(VLAN_ENABLE) updateVlan(); #endif //wds for(i=0;i<WDS_VAP_NUM;i++) { set_ap_wds_up(radio, i); } return T_SUCCESS; }