2 Bacula® - The Network Backup Solution
4 Copyright (C) 2004-2010 Free Software Foundation Europe e.V.
6 The main author of Bacula is Kern Sibbald, with contributions from
7 many others, a complete list can be found in the file AUTHORS.
8 This program is Free Software; you can redistribute it and/or
9 modify it under the terms of version three of the GNU Affero General Public
10 License as published by the Free Software Foundation and included
13 This program is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 General Public License for more details.
18 You should have received a copy of the GNU Affero General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
23 Bacula® is a registered trademark of Kern Sibbald.
24 The licensor of Bacula is the Free Software Foundation Europe
25 (FSFE), Fiduciary Program, Sumatrastrasse 25, 8006 Zürich,
26 Switzerland, email:ftf@fsfeurope.org.
29 * Functions to handle ACLs for bacula.
31 * Currently we support the following OSes:
32 * - AIX (pre-5.3 and post 5.3 acls, acl_get and aclx_get interface)
34 * - FreeBSD (POSIX and NFSv4/ZFS acls)
38 * - Solaris (POSIX and NFSv4/ZFS acls)
41 * Next to OS specific acls we support AFS acls using the pioctl interface.
43 * We handle two different types of ACLs: access and default ACLS.
44 * On most systems that support default ACLs they only apply to directories.
46 * On some systems (eg. linux and FreeBSD) we must obtain the two ACLs
47 * independently, while others (eg. Solaris) provide both in one call.
49 * The Filed saves ACLs in their native format and uses different streams
50 * for all different platforms. Currently we only allow ACLs to be restored
51 * which were saved in the native format of the platform they are extracted
52 * on. Later on we might add conversion functions for mapping from one
53 * platform to an other or allow restores of systems that use the same
56 * Its also interesting to see what the exact format of acl text is on
57 * certain platforms and if they use they same encoding we might allow
58 * different platform streams to be decoded on an other similar platform.
60 * Original written by Preben 'Peppe' Guldberg, December MMIV
61 * Major rewrite by Marco van Wieringen, November MMVIII
67 #if !defined(HAVE_ACL) && !defined(HAVE_AFS_ACL)
69 * Entry points when compiled without support for ACLs or on an unsupported platform.
71 bacl_exit_code build_acl_streams(JCR *jcr, FF_PKT *ff_pkt)
73 return bacl_exit_fatal;
76 bacl_exit_code parse_acl_streams(JCR *jcr, int stream)
78 return bacl_exit_fatal;
82 * Send an ACL stream to the SD.
84 static bacl_exit_code send_acl_stream(JCR *jcr, int stream)
86 BSOCK *sd = jcr->store_bsock;
88 #ifdef FD_NO_SEND_TEST
95 if (jcr->acl_data->content_length <= 0) {
102 if (!sd->fsend("%ld %d 0", jcr->JobFiles, stream)) {
103 Jmsg1(jcr, M_FATAL, 0, _("Network send error to SD. ERR=%s\n"),
105 return bacl_exit_fatal;
109 * Send the buffer to the storage deamon
111 Dmsg1(400, "Backing up ACL <%s>\n", jcr->acl_data->content);
113 sd->msg = jcr->acl_data->content;
114 sd->msglen = jcr->acl_data->content_length + 1;
118 Jmsg1(jcr, M_FATAL, 0, _("Network send error to SD. ERR=%s\n"),
120 return bacl_exit_fatal;
123 jcr->JobBytes += sd->msglen;
125 if (!sd->signal(BNET_EOD)) {
126 Jmsg1(jcr, M_FATAL, 0, _("Network send error to SD. ERR=%s\n"),
128 return bacl_exit_fatal;
131 Dmsg1(200, "ACL of file: %s successfully backed up!\n", jcr->last_fname);
136 * First the native ACLs.
138 #if defined(HAVE_ACL)
139 #if defined(HAVE_AIX_OS)
141 #if defined(HAVE_EXTENDED_ACL)
143 #include <sys/access.h>
146 static bool acl_is_trivial(struct acl *acl)
148 return (acl_last(acl) != acl->acl_ext ? false : true);
151 static bool acl_nfs4_is_trivial(nfs4_acl_int_t *acl)
153 return (acl->aclEntryN > 0 ? false : true);
157 * Define the supported ACL streams for this OS
159 static int os_access_acl_streams[3] = { STREAM_ACL_AIX_TEXT, STREAM_ACL_AIX_AIXC, STREAM_ACL_AIX_NFS4 };
160 static int os_default_acl_streams[1] = { -1 };
162 static bacl_exit_code aix_build_acl_streams(JCR *jcr, FF_PKT *ff_pkt)
167 size_t aclsize, acltxtsize;
168 bacl_exit_code retval = bacl_exit_error;
169 POOLMEM *aclbuf = get_pool_memory(PM_MESSAGE);
172 * First see how big the buffers should be.
175 if (aclx_get(jcr->last_fname, GET_ACLINFO_ONLY, &type, NULL, &aclsize, NULL) < 0) {
178 retval = bacl_exit_ok;
181 Mmsg2(jcr->errmsg, _("aclx_get error on file \"%s\": ERR=%s\n"),
182 jcr->last_fname, be.bstrerror());
183 Dmsg2(100, "aclx_get error file=%s ERR=%s\n",
184 jcr->last_fname, be.bstrerror());
190 * Make sure the buffers are big enough.
192 aclbuf = check_pool_memory_size(aclbuf, aclsize + 1);
195 * Retrieve the ACL info.
197 if (aclx_get(jcr->last_fname, 0, &type, aclbuf, &aclsize, &mode) < 0) {
200 retval = bacl_exit_ok;
203 Mmsg2(jcr->errmsg, _("aclx_get error on file \"%s\": ERR=%s\n"),
204 jcr->last_fname, be.bstrerror());
205 Dmsg2(100, "aclx_get error file=%s ERR=%s\n",
206 jcr->last_fname, be.bstrerror());
212 * See if the acl is non trivial.
216 if (acl_is_trivial((struct acl *)aclbuf)) {
217 retval = bacl_exit_ok;
222 if (acl_nfs4_is_trivial((nfs4_acl_int_t *)aclbuf)) {
223 retval = bacl_exit_ok;
228 Mmsg2(jcr->errmsg, _("Unknown acl type encountered on file \"%s\": %ld\n"),
229 jcr->last_fname, type.u64);
230 Dmsg2(100, "Unknown acl type encountered on file \"%s\": %ld\n",
231 jcr->last_fname, type.u64);
236 * We have a non-trivial acl lets convert it into some ASCII form.
238 acltxtsize = sizeof_pool_memory(jcr->acl_data->content);
239 if (aclx_printStr(jcr->acl_data->content, &acltxtsize, aclbuf,
240 aclsize, type, jcr->last_fname, 0) < 0) {
244 * Our buffer is not big enough, acltxtsize should be updated with the value
245 * the aclx_printStr really need. So we increase the buffer and try again.
247 jcr->acl_data->content = check_pool_memory_size(jcr->acl_data->content, acltxtsize + 1);
248 if (aclx_printStr(jcr->acl_data->content, &acltxtsize, aclbuf,
249 aclsize, type, jcr->last_fname, 0) < 0) {
250 Mmsg1(jcr->errmsg, _("Failed to convert acl into text on file \"%s\"\n"),
252 Dmsg2(100, "Failed to convert acl into text on file \"%s\": %ld\n",
253 jcr->last_fname, type.u64);
258 Mmsg1(jcr->errmsg, _("Failed to convert acl into text on file \"%s\"\n"),
260 Dmsg2(100, "Failed to convert acl into text on file \"%s\": %ld\n",
261 jcr->last_fname, type.u64);
266 jcr->acl_data->content_length = strlen(jcr->acl_data->content) + 1;
269 retval = send_acl_stream(jcr, STREAM_ACL_AIX_AIXC);
271 retval = send_acl_stream(jcr, STREAM_ACL_AIX_NFS4);
275 free_pool_memory(aclbuf);
280 static bacl_exit_code aix_parse_acl_streams(JCR *jcr, int stream)
286 bacl_exit_code retval = bacl_exit_error;
287 POOLMEM *aclbuf = get_pool_memory(PM_MESSAGE);
290 case STREAM_ACL_AIX_TEXT:
292 * Handle the old stream using the old system call for now.
294 if (acl_put(jcr->last_fname, jcr->acl_data->content, 0) != 0) {
295 retval = bacl_exit_error;
298 retval = bacl_exit_ok;
300 case STREAM_ACL_AIX_AIXC:
303 case STREAM_ACL_AIX_NFS4:
308 } /* end switch (stream) */
311 * Set the acl buffer to an initial size. For now we set it
312 * to the same size as the ASCII representation.
314 aclbuf = check_pool_memory_size(aclbuf, jcr->acl_data->content_length);
315 aclsize = jcr->acl_data->content_length;
316 if (aclx_scanStr(jcr->acl_data->content, aclbuf, &aclsize, type) < 0) {
320 * The buffer isn't big enough. The man page doesn't say that aclsize
321 * is updated to the needed size as what is done with aclx_printStr.
322 * So for now we try to increase the buffer a maximum of 3 times
323 * and retry the conversion.
325 for (cnt = 0; cnt < 3; cnt++) {
326 aclsize = 2 * aclsize;
327 aclbuf = check_pool_memory_size(aclbuf, aclsize);
329 if (aclx_scanStr(jcr->acl_data->content, aclbuf, &aclsize, type) == 0) {
334 * See why we failed this time, ENOSPC retry if max retries not met,
344 Mmsg2(jcr->errmsg, _("aclx_scanStr error on file \"%s\": ERR=%s\n"),
345 jcr->last_fname, be.bstrerror());
346 Dmsg2(100, "aclx_scanStr error file=%s ERR=%s\n",
347 jcr->last_fname, be.bstrerror());
353 Mmsg2(jcr->errmsg, _("aclx_scanStr error on file \"%s\": ERR=%s\n"),
354 jcr->last_fname, be.bstrerror());
355 Dmsg2(100, "aclx_scanStr error file=%s ERR=%s\n",
356 jcr->last_fname, be.bstrerror());
360 if (aclx_put(jcr->last_fname, SET_ACL, type, aclbuf, aclsize, 0) < 0) {
363 retval = bacl_exit_ok;
366 Mmsg2(jcr->errmsg, _("aclx_put error on file \"%s\": ERR=%s\n"),
367 jcr->last_fname, be.bstrerror());
368 Dmsg2(100, "aclx_put error file=%s ERR=%s\n",
369 jcr->last_fname, be.bstrerror());
374 retval = bacl_exit_ok;
377 free_pool_memory(aclbuf);
382 #else /* HAVE_EXTENDED_ACL */
384 #include <sys/access.h>
387 * Define the supported ACL streams for this OS
389 static int os_access_acl_streams[1] = { STREAM_ACL_AIX_TEXT };
390 static int os_default_acl_streams[1] = { -1 };
392 static bacl_exit_code aix_build_acl_streams(JCR *jcr, FF_PKT *ff_pkt)
396 if ((acl_text = acl_get(jcr->last_fname)) != NULL) {
397 jcr->acl_data->content_length = pm_strcpy(jcr->acl_data->content, acl_text);
398 actuallyfree(acl_text);
399 return send_acl_stream(jcr, STREAM_ACL_AIX_TEXT);
401 return bacl_exit_error;
404 static bacl_exit_code aix_parse_acl_streams(JCR *jcr, int stream)
406 if (acl_put(jcr->last_fname, jcr->acl_data->content, 0) != 0) {
407 return bacl_exit_error;
411 #endif /* HAVE_EXTENDED_ACL */
414 * For this OS setup the build and parse function pointer to the OS specific functions.
416 static bacl_exit_code (*os_build_acl_streams)(JCR *jcr, FF_PKT *ff_pkt) = aix_build_acl_streams;
417 static bacl_exit_code (*os_parse_acl_streams)(JCR *jcr, int stream) = aix_parse_acl_streams;
419 #elif defined(HAVE_DARWIN_OS) || \
420 defined(HAVE_FREEBSD_OS) || \
421 defined(HAVE_IRIX_OS) || \
422 defined(HAVE_OSF1_OS) || \
423 defined(HAVE_LINUX_OS)
425 #include <sys/types.h>
427 #ifdef HAVE_SYS_ACL_H
430 #error "configure failed to detect availability of sys/acl.h"
434 * On IRIX we can get shortened ACLs
436 #if defined(HAVE_IRIX_OS) && defined(BACL_WANT_SHORT_ACLS)
437 #define acl_to_text(acl,len) acl_to_short_text((acl), (len))
441 * On Linux we can get numeric and/or shorted ACLs
443 #if defined(HAVE_LINUX_OS)
444 #if defined(BACL_WANT_SHORT_ACLS) && defined(BACL_WANT_NUMERIC_IDS)
445 #define BACL_ALTERNATE_TEXT (TEXT_ABBREVIATE|TEXT_NUMERIC_IDS)
446 #elif defined(BACL_WANT_SHORT_ACLS)
447 #define BACL_ALTERNATE_TEXT TEXT_ABBREVIATE
448 #elif defined(BACL_WANT_NUMERIC_IDS)
449 #define BACL_ALTERNATE_TEXT TEXT_NUMERIC_IDS
451 #ifdef BACL_ALTERNATE_TEXT
452 #include <acl/libacl.h>
453 #define acl_to_text(acl,len) (acl_to_any_text((acl), NULL, ',', BACL_ALTERNATE_TEXT))
458 * On FreeBSD we can get numeric ACLs
460 #if defined(HAVE_FREEBSD_OS)
461 #if defined(BACL_WANT_NUMERIC_IDS)
462 #define BACL_ALTERNATE_TEXT ACL_TEXT_NUMERIC_IDS
464 #ifdef BACL_ALTERNATE_TEXT
465 #define acl_to_text(acl,len) (acl_to_text_np((acl), (len), BACL_ALTERNATE_TEXT))
470 * Some generic functions used by multiple OSes.
472 static acl_type_t bac_to_os_acltype(bacl_type acltype)
477 case BACL_TYPE_ACCESS:
478 ostype = ACL_TYPE_ACCESS;
480 case BACL_TYPE_DEFAULT:
481 ostype = ACL_TYPE_DEFAULT;
483 #ifdef HAVE_ACL_TYPE_NFS4
485 * FreeBSD has an additional acl type named ACL_TYPE_NFS4.
488 ostype = ACL_TYPE_NFS4;
491 #ifdef HAVE_ACL_TYPE_DEFAULT_DIR
492 case BACL_TYPE_DEFAULT_DIR:
494 * TRU64 has an additional acl type named ACL_TYPE_DEFAULT_DIR.
496 ostype = ACL_TYPE_DEFAULT_DIR;
499 #ifdef HAVE_ACL_TYPE_EXTENDED
500 case BACL_TYPE_EXTENDED:
502 * MacOSX has an additional acl type named ACL_TYPE_EXTENDED.
504 ostype = ACL_TYPE_EXTENDED;
509 * This should never happen, as the per OS version function only tries acl
510 * types supported on a certain platform.
512 ostype = (acl_type_t)ACL_TYPE_NONE;
518 #if !defined(HAVE_DARWIN_OS)
520 * See if an acl is a trivial one (e.g. just the stat bits encoded as acl.)
521 * There is no need to store those acls as we already store the stat bits too.
523 static bool acl_is_trivial(acl_t acl)
526 * acl is trivial if it has only the following entries:
533 #if defined(HAVE_FREEBSD_OS) || \
534 defined(HAVE_LINUX_OS)
537 entry_available = acl_get_entry(acl, ACL_FIRST_ENTRY, &ace);
538 while (entry_available == 1) {
540 * Get the tag type of this acl entry.
541 * If we fail to get the tagtype we call the acl non-trivial.
543 if (acl_get_tag_type(ace, &tag) < 0)
546 * Anything other the ACL_USER_OBJ, ACL_GROUP_OBJ or ACL_OTHER breaks the spell.
548 if (tag != ACL_USER_OBJ &&
549 tag != ACL_GROUP_OBJ &&
552 entry_available = acl_get_entry(acl, ACL_NEXT_ENTRY, &ace);
555 #elif defined(HAVE_IRIX_OS)
558 for (n = 0; n < acl->acl_cnt; n++) {
559 ace = &acl->acl_entry[n];
563 * Anything other the ACL_USER_OBJ, ACL_GROUP_OBJ or ACL_OTHER breaks the spell.
565 if (tag != ACL_USER_OBJ &&
566 tag != ACL_GROUP_OBJ &&
567 tag != ACL_OTHER_OBJ)
571 #elif defined(HAVE_OSF1_OS)
574 ace = acl->acl_first;
575 count = acl->acl_num;
578 tag = ace->entry->acl_type;
580 * Anything other the ACL_USER_OBJ, ACL_GROUP_OBJ or ACL_OTHER breaks the spell.
582 if (tag != ACL_USER_OBJ &&
583 tag != ACL_GROUP_OBJ &&
587 * On Tru64, perm can also contain non-standard bits such as
588 * PERM_INSERT, PERM_DELETE, PERM_MODIFY, PERM_LOOKUP, ...
590 if ((ace->entry->acl_perm & ~(ACL_READ | ACL_WRITE | ACL_EXECUTE)))
601 * Generic wrapper around acl_get_file call.
603 static bacl_exit_code generic_get_acl_from_os(JCR *jcr, bacl_type acltype)
610 ostype = bac_to_os_acltype(acltype);
611 acl = acl_get_file(jcr->last_fname, ostype);
613 #if defined(HAVE_IRIX_OS)
615 * From observation, IRIX's acl_get_file() seems to return a
616 * non-NULL acl with a count field of -1 when a file has no ACL
617 * defined, while IRIX's acl_to_text() returns NULL when presented
620 * Checking the count in the acl structure before calling
621 * acl_to_text() lets us avoid error messages about files
622 * with no ACLs, without modifying the flow of the code used for
623 * other operating systems, and it saves making some calls
624 * to acl_to_text() besides.
626 if (acl->acl_cnt <= 0) {
627 pm_strcpy(jcr->acl_data->content, "");
628 jcr->acl_data->content_length = 0;
635 * Make sure this is not just a trivial ACL.
637 #if !defined(HAVE_DARWIN_OS)
638 if (acltype == BACL_TYPE_ACCESS && acl_is_trivial(acl)) {
640 * The ACLs simply reflect the (already known) standard permissions
641 * So we don't send an ACL stream to the SD.
643 pm_strcpy(jcr->acl_data->content, "");
644 jcr->acl_data->content_length = 0;
649 #if defined(HAVE_FREEBSD_OS) && defined(_PC_ACL_NFS4)
650 if (acltype == BACL_TYPE_NFS4) {
652 if (acl_is_trivial_np(acl, &trivial) == 0) {
655 * The ACLs simply reflect the (already known) standard permissions
656 * So we don't send an ACL stream to the SD.
658 pm_strcpy(jcr->acl_data->content, "");
659 jcr->acl_data->content_length = 0;
667 if ((acl_text = acl_to_text(acl, NULL)) != NULL) {
668 jcr->acl_data->content_length = pm_strcpy(jcr->acl_data->content, acl_text);
674 Mmsg2(jcr->errmsg, _("acl_to_text error on file \"%s\": ERR=%s\n"),
675 jcr->last_fname, be.bstrerror());
676 Dmsg2(100, "acl_to_text error file=%s ERR=%s\n",
677 jcr->last_fname, be.bstrerror());
679 pm_strcpy(jcr->acl_data->content, "");
680 jcr->acl_data->content_length = 0;
682 return bacl_exit_error;
685 * Handle errors gracefully.
688 #if defined(BACL_ENOTSUP)
691 * If the filesystem reports it doesn't support ACLs we clear the
692 * BACL_FLAG_SAVE_NATIVE flag so we skip ACL saves on all other files
693 * on the same filesystem. The BACL_FLAG_SAVE_NATIVE flag gets set again
694 * when we change from one filesystem to an other.
696 jcr->acl_data->flags &= ~BACL_FLAG_SAVE_NATIVE;
697 pm_strcpy(jcr->acl_data->content, "");
698 jcr->acl_data->content_length = 0;
702 pm_strcpy(jcr->acl_data->content, "");
703 jcr->acl_data->content_length = 0;
706 /* Some real error */
707 Mmsg2(jcr->errmsg, _("acl_get_file error on file \"%s\": ERR=%s\n"),
708 jcr->last_fname, be.bstrerror());
709 Dmsg2(100, "acl_get_file error file=%s ERR=%s\n",
710 jcr->last_fname, be.bstrerror());
712 pm_strcpy(jcr->acl_data->content, "");
713 jcr->acl_data->content_length = 0;
714 return bacl_exit_error;
720 * Generic wrapper around acl_set_file call.
722 static bacl_exit_code generic_set_acl_on_os(JCR *jcr, bacl_type acltype)
729 * If we get empty default ACLs, clear ACLs now
731 ostype = bac_to_os_acltype(acltype);
732 if (ostype == ACL_TYPE_DEFAULT && strlen(jcr->acl_data->content) == 0) {
733 if (acl_delete_def_file(jcr->last_fname) == 0) {
740 Mmsg2(jcr->errmsg, _("acl_delete_def_file error on file \"%s\": ERR=%s\n"),
741 jcr->last_fname, be.bstrerror());
742 return bacl_exit_error;
746 acl = acl_from_text(jcr->acl_data->content);
748 Mmsg2(jcr->errmsg, _("acl_from_text error on file \"%s\": ERR=%s\n"),
749 jcr->last_fname, be.bstrerror());
750 Dmsg3(100, "acl_from_text error acl=%s file=%s ERR=%s\n",
751 jcr->acl_data->content, jcr->last_fname, be.bstrerror());
752 return bacl_exit_error;
755 #ifndef HAVE_FREEBSD_OS
757 * FreeBSD always fails acl_valid() - at least on valid input...
758 * As it does the right thing, given valid input, just ignore acl_valid().
760 if (acl_valid(acl) != 0) {
761 Mmsg2(jcr->errmsg, _("acl_valid error on file \"%s\": ERR=%s\n"),
762 jcr->last_fname, be.bstrerror());
763 Dmsg3(100, "acl_valid error acl=%s file=%s ERR=%s\n",
764 jcr->acl_data->content, jcr->last_fname, be.bstrerror());
766 return bacl_exit_error;
771 * Restore the ACLs, but don't complain about links which really should
772 * not have attributes, and the file it is linked to may not yet be restored.
773 * This is only true for the old acl streams as in the new implementation we
774 * don't save acls of symlinks (which cannot have acls anyhow)
776 if (acl_set_file(jcr->last_fname, ostype, acl) != 0 && jcr->last_type != FT_LNK) {
782 Mmsg2(jcr->errmsg, _("acl_set_file error on file \"%s\": ERR=%s\n"),
783 jcr->last_fname, be.bstrerror());
784 Dmsg3(100, "acl_set_file error acl=%s file=%s ERR=%s\n",
785 jcr->acl_data->content, jcr->last_fname, be.bstrerror());
787 return bacl_exit_error;
795 * OS specific functions for handling different types of acl streams.
797 #if defined(HAVE_DARWIN_OS)
799 * Define the supported ACL streams for this OS
801 static int os_access_acl_streams[1] = { STREAM_ACL_DARWIN_ACCESS_ACL };
802 static int os_default_acl_streams[1] = { -1 };
804 static bacl_exit_code darwin_build_acl_streams(JCR *jcr, FF_PKT *ff_pkt)
806 #if defined(HAVE_ACL_TYPE_EXTENDED)
808 * On MacOS X, acl_get_file (name, ACL_TYPE_ACCESS)
809 * and acl_get_file (name, ACL_TYPE_DEFAULT)
810 * always return NULL / EINVAL. There is no point in making
811 * these two useless calls. The real ACL is retrieved through
812 * acl_get_file (name, ACL_TYPE_EXTENDED).
814 * Read access ACLs for files, dirs and links
816 if (generic_get_acl_from_os(jcr, BACL_TYPE_EXTENDED) == bacl_exit_fatal)
817 return bacl_exit_fatal;
820 * Read access ACLs for files, dirs and links
822 if (generic_get_acl_from_os(jcr, BACL_TYPE_ACCESS) == bacl_exit_fatal)
823 return bacl_exit_fatal;
826 if (jcr->acl_data->content_length > 0) {
827 return send_acl_stream(jcr, STREAM_ACL_DARWIN_ACCESS_ACL);
832 static bacl_exit_code darwin_parse_acl_streams(JCR *jcr, int stream)
834 #if defined(HAVE_ACL_TYPE_EXTENDED)
835 return generic_set_acl_on_os(jcr, BACL_TYPE_EXTENDED);
837 return generic_set_acl_on_os(jcr, BACL_TYPE_ACCESS);
842 * For this OS setup the build and parse function pointer to the OS specific functions.
844 static bacl_exit_code (*os_build_acl_streams)(JCR *jcr, FF_PKT *ff_pkt) = darwin_build_acl_streams;
845 static bacl_exit_code (*os_parse_acl_streams)(JCR *jcr, int stream) = darwin_parse_acl_streams;
847 #elif defined(HAVE_FREEBSD_OS)
849 * Define the supported ACL streams for these OSes
851 static int os_access_acl_streams[2] = { STREAM_ACL_FREEBSD_ACCESS_ACL, STREAM_ACL_FREEBSD_NFS4_ACL };
852 static int os_default_acl_streams[1] = { STREAM_ACL_FREEBSD_DEFAULT_ACL };
854 static bacl_exit_code freebsd_build_acl_streams(JCR *jcr, FF_PKT *ff_pkt)
857 bacl_type acltype = BACL_TYPE_NONE;
860 #if defined(_PC_ACL_NFS4)
862 * See if filesystem supports NFS4 acls.
864 acl_enabled = pathconf(jcr->last_fname, _PC_ACL_NFS4);
865 switch (acl_enabled) {
871 Mmsg2(jcr->errmsg, _("pathconf error on file \"%s\": ERR=%s\n"),
872 jcr->last_fname, be.bstrerror());
873 Dmsg2(100, "pathconf error file=%s ERR=%s\n",
874 jcr->last_fname, be.bstrerror());
875 return bacl_exit_error;
880 acltype = BACL_TYPE_NFS4;
885 if (acl_enabled == 0) {
887 * See if filesystem supports POSIX acls.
889 acl_enabled = pathconf(jcr->last_fname, _PC_ACL_EXTENDED);
890 switch (acl_enabled) {
896 Mmsg2(jcr->errmsg, _("pathconf error on file \"%s\": ERR=%s\n"),
897 jcr->last_fname, be.bstrerror());
898 Dmsg2(100, "pathconf error file=%s ERR=%s\n",
899 jcr->last_fname, be.bstrerror());
900 return bacl_exit_error;
905 acltype = BACL_TYPE_ACCESS;
911 * If the filesystem reports it doesn't support ACLs we clear the
912 * BACL_FLAG_SAVE_NATIVE flag so we skip ACL saves on all other files
913 * on the same filesystem. The BACL_FLAG_SAVE_NATIVE flag gets set again
914 * when we change from one filesystem to an other.
916 if (acl_enabled == 0) {
917 jcr->acl_data->flags &= ~BACL_FLAG_SAVE_NATIVE;
918 pm_strcpy(jcr->acl_data->content, "");
919 jcr->acl_data->content_length = 0;
924 * Based on the supported ACLs retrieve and store them.
929 * Read NFS4 ACLs for files, dirs and links
931 if (generic_get_acl_from_os(jcr, BACL_TYPE_NFS4) == bacl_exit_fatal)
932 return bacl_exit_fatal;
934 if (jcr->acl_data->content_length > 0) {
935 if (send_acl_stream(jcr, STREAM_ACL_FREEBSD_NFS4_ACL) == bacl_exit_fatal)
936 return bacl_exit_fatal;
939 case BACL_TYPE_ACCESS:
941 * Read access ACLs for files, dirs and links
943 if (generic_get_acl_from_os(jcr, BACL_TYPE_ACCESS) == bacl_exit_fatal)
944 return bacl_exit_fatal;
946 if (jcr->acl_data->content_length > 0) {
947 if (send_acl_stream(jcr, STREAM_ACL_FREEBSD_ACCESS_ACL) == bacl_exit_fatal)
948 return bacl_exit_fatal;
952 * Directories can have default ACLs too
954 if (ff_pkt->type == FT_DIREND) {
955 if (generic_get_acl_from_os(jcr, BACL_TYPE_DEFAULT) == bacl_exit_fatal)
956 return bacl_exit_fatal;
957 if (jcr->acl_data->content_length > 0) {
958 if (send_acl_stream(jcr, STREAM_ACL_FREEBSD_DEFAULT_ACL) == bacl_exit_fatal)
959 return bacl_exit_fatal;
970 static bacl_exit_code freebsd_parse_acl_streams(JCR *jcr, int stream)
973 const char *acl_type_name;
977 * First make sure the filesystem supports acls.
980 case STREAM_UNIX_ACCESS_ACL:
981 case STREAM_ACL_FREEBSD_ACCESS_ACL:
982 case STREAM_UNIX_DEFAULT_ACL:
983 case STREAM_ACL_FREEBSD_DEFAULT_ACL:
984 acl_enabled = pathconf(jcr->last_fname, _PC_ACL_EXTENDED);
985 acl_type_name = "POSIX";
987 case STREAM_ACL_FREEBSD_NFS4_ACL:
988 #if defined(_PC_ACL_NFS4)
989 acl_enabled = pathconf(jcr->last_fname, _PC_ACL_NFS4);
991 acl_type_name = "NFS4";
994 acl_type_name = "unknown";
998 switch (acl_enabled) {
1002 return bacl_exit_ok;
1004 Mmsg2(jcr->errmsg, _("pathconf error on file \"%s\": ERR=%s\n"),
1005 jcr->last_fname, be.bstrerror());
1006 Dmsg3(100, "pathconf error acl=%s file=%s ERR=%s\n",
1007 jcr->acl_data->content, jcr->last_fname, be.bstrerror());
1008 return bacl_exit_error;
1011 Mmsg2(jcr->errmsg, _("Trying to restore acl on file \"%s\" on filesystem without %s acl support\n"),
1012 jcr->last_fname, acl_type_name);
1013 return bacl_exit_error;
1022 case STREAM_UNIX_ACCESS_ACL:
1023 case STREAM_ACL_FREEBSD_ACCESS_ACL:
1024 return generic_set_acl_on_os(jcr, BACL_TYPE_ACCESS);
1025 case STREAM_UNIX_DEFAULT_ACL:
1026 case STREAM_ACL_FREEBSD_DEFAULT_ACL:
1027 return generic_set_acl_on_os(jcr, BACL_TYPE_DEFAULT);
1028 case STREAM_ACL_FREEBSD_NFS4_ACL:
1029 return generic_set_acl_on_os(jcr, BACL_TYPE_NFS4);
1033 return bacl_exit_error;
1037 * For this OSes setup the build and parse function pointer to the OS specific functions.
1039 static bacl_exit_code (*os_build_acl_streams)(JCR *jcr, FF_PKT *ff_pkt) = freebsd_build_acl_streams;
1040 static bacl_exit_code (*os_parse_acl_streams)(JCR *jcr, int stream) = freebsd_parse_acl_streams;
1042 #elif defined(HAVE_IRIX_OS) || \
1043 defined(HAVE_LINUX_OS)
1045 * Define the supported ACL streams for these OSes
1047 #if defined(HAVE_IRIX_OS)
1048 static int os_access_acl_streams[1] = { STREAM_ACL_IRIX_ACCESS_ACL };
1049 static int os_default_acl_streams[1] = { STREAM_ACL_IRIX_DEFAULT_ACL };
1050 #elif defined(HAVE_LINUX_OS)
1051 static int os_access_acl_streams[1] = { STREAM_ACL_LINUX_ACCESS_ACL };
1052 static int os_default_acl_streams[1] = { STREAM_ACL_LINUX_DEFAULT_ACL };
1055 static bacl_exit_code generic_build_acl_streams(JCR *jcr, FF_PKT *ff_pkt)
1058 * Read access ACLs for files, dirs and links
1060 if (generic_get_acl_from_os(jcr, BACL_TYPE_ACCESS) == bacl_exit_fatal)
1061 return bacl_exit_fatal;
1063 if (jcr->acl_data->content_length > 0) {
1064 if (send_acl_stream(jcr, os_access_acl_streams[0]) == bacl_exit_fatal)
1065 return bacl_exit_fatal;
1069 * Directories can have default ACLs too
1071 if (ff_pkt->type == FT_DIREND) {
1072 if (generic_get_acl_from_os(jcr, BACL_TYPE_DEFAULT) == bacl_exit_fatal)
1073 return bacl_exit_fatal;
1074 if (jcr->acl_data->content_length > 0) {
1075 if (send_acl_stream(jcr, os_default_acl_streams[0]) == bacl_exit_fatal)
1076 return bacl_exit_fatal;
1079 return bacl_exit_ok;
1082 static bacl_exit_code generic_parse_acl_streams(JCR *jcr, int stream)
1087 case STREAM_UNIX_ACCESS_ACL:
1088 return generic_set_acl_on_os(jcr, BACL_TYPE_ACCESS);
1089 case STREAM_UNIX_DEFAULT_ACL:
1090 return generic_set_acl_on_os(jcr, BACL_TYPE_DEFAULT);
1093 * See what type of acl it is.
1095 for (cnt = 0; cnt < sizeof(os_access_acl_streams) / sizeof(int); cnt++) {
1096 if (os_access_acl_streams[cnt] == stream) {
1097 return generic_set_acl_on_os(jcr, BACL_TYPE_ACCESS);
1100 for (cnt = 0; cnt < sizeof(os_default_acl_streams) / sizeof(int); cnt++) {
1101 if (os_default_acl_streams[cnt] == stream) {
1102 return generic_set_acl_on_os(jcr, BACL_TYPE_DEFAULT);
1107 return bacl_exit_error;
1111 * For this OSes setup the build and parse function pointer to the OS specific functions.
1113 static bacl_exit_code (*os_build_acl_streams)(JCR *jcr, FF_PKT *ff_pkt) = generic_build_acl_streams;
1114 static bacl_exit_code (*os_parse_acl_streams)(JCR *jcr, int stream) = generic_parse_acl_streams;
1116 #elif defined(HAVE_OSF1_OS)
1119 * Define the supported ACL streams for this OS
1121 static int os_access_acl_streams[1] = { STREAM_ACL_TRU64_ACCESS_ACL };
1122 static int os_default_acl_streams[2] = { STREAM_ACL_TRU64_DEFAULT_ACL, STREAM_ACL_TRU64_DEFAULT_DIR_ACL };
1124 static bacl_exit_code tru64_build_acl_streams(JCR *jcr, FF_PKT *ff_pkt)
1127 * Read access ACLs for files, dirs and links
1129 if ((jcr->acl_data->content_length = generic_get_acl_from_os(jcr, BACL_TYPE_ACCESS)) < 0)
1130 return bacl_exit_error;
1131 if (jcr->acl_data->content_length > 0) {
1132 if (!send_acl_stream(jcr, STREAM_ACL_TRU64_ACCESS_ACL))
1133 return bacl_exit_error;
1136 * Directories can have default ACLs too
1138 if (ff_pkt->type == FT_DIREND) {
1139 if ((jcr->acl_data->content_length = generic_get_acl_from_os(jcr, BACL_TYPE_DEFAULT)) < 0)
1140 return bacl_exit_error;
1141 if (jcr->acl_data->content_length > 0) {
1142 if (!send_acl_stream(jcr, STREAM_ACL_TRU64_DEFAULT_ACL))
1143 return bacl_exit_error;
1146 * Tru64 has next to BACL_TYPE_DEFAULT also BACL_TYPE_DEFAULT_DIR acls.
1147 * This is an inherited acl for all subdirs.
1148 * See http://www.helsinki.fi/atk/unix/dec_manuals/DOC_40D/AQ0R2DTE/DOCU_018.HTM
1149 * Section 21.5 Default ACLs
1151 if ((jcr->acl_data->content_length = generic_get_acl_from_os(jcr, BACL_TYPE_DEFAULT_DIR)) < 0)
1152 return bacl_exit_error;
1153 if (jcr->acl_data->content_length > 0) {
1154 if (!send_acl_stream(jcr, STREAM_ACL_TRU64_DEFAULT_DIR_ACL))
1155 return bacl_exit_error;
1158 return bacl_exit_ok;
1161 static bacl_exit_code tru64_parse_acl_streams(JCR *jcr, int stream)
1164 case STREAM_UNIX_ACCESS_ACL:
1165 case STREAM_ACL_TRU64_ACCESS_ACL:
1166 return generic_set_acl_on_os(jcr, BACL_TYPE_ACCESS);
1167 case STREAM_UNIX_DEFAULT_ACL:
1168 case STREAM_ACL_TRU64_DEFAULT_ACL:
1169 return generic_set_acl_on_os(jcr, BACL_TYPE_DEFAULT);
1170 case STREAM_ACL_TRU64_DEFAULT_DIR_ACL:
1171 return generic_set_acl_on_os(jcr, BACL_TYPE_DEFAULT_DIR);
1175 * For this OS setup the build and parse function pointer to the OS specific functions.
1177 static bacl_exit_code (*os_build_acl_streams)(JCR *jcr, FF_PKT *ff_pkt) = tru64_build_acl_streams;
1178 static bacl_exit_code (*os_parse_acl_streams)(JCR *jcr, int stream) = tru64_parse_acl_streams;
1182 #elif defined(HAVE_HPUX_OS)
1183 #ifdef HAVE_SYS_ACL_H
1184 #include <sys/acl.h>
1186 #error "configure failed to detect availability of sys/acl.h"
1192 * Define the supported ACL streams for this OS
1194 static int os_access_acl_streams[1] = { STREAM_ACL_HPUX_ACL_ENTRY };
1195 static int os_default_acl_streams[1] = { -1 };
1198 * See if an acl is a trivial one (e.g. just the stat bits encoded as acl.)
1199 * There is no need to store those acls as we already store the stat bits too.
1201 static bool acl_is_trivial(int count, struct acl_entry *entries, struct stat sb)
1204 struct acl_entry ace
1206 for (n = 0; n < count; n++) {
1209 * See if this acl just is the stat mode in acl form.
1211 if (!((ace.uid == sb.st_uid && ace.gid == ACL_NSGROUP) ||
1212 (ace.uid == ACL_NSUSER && ace.gid == sb.st_gid) ||
1213 (ace.uid == ACL_NSUSER && ace.gid == ACL_NSGROUP)))
1220 * OS specific functions for handling different types of acl streams.
1222 static bacl_exit_code hpux_build_acl_streams(JCR *jcr, FF_PKT *ff_pkt)
1225 struct acl_entry acls[NACLENTRIES];
1229 if ((n = getacl(jcr->last_fname, 0, acls)) < 0) {
1231 #if defined(BACL_ENOTSUP)
1234 * Not supported, just pretend there is nothing to see
1236 * If the filesystem reports it doesn't support ACLs we clear the
1237 * BACL_FLAG_SAVE_NATIVE flag so we skip ACL saves on all other files
1238 * on the same filesystem. The BACL_FLAG_SAVE_NATIVE flag gets set again
1239 * when we change from one filesystem to an other.
1241 jcr->acl_data->flags &= ~BACL_FLAG_SAVE_NATIVE;
1242 pm_strcpy(jcr->acl_data->content, "");
1243 jcr->acl_data->content_length = 0;
1244 return bacl_exit_ok;
1247 pm_strcpy(jcr->acl_data->content, "");
1248 jcr->acl_data->content_length = 0;
1249 return bacl_exit_ok;
1251 Mmsg2(jcr->errmsg, _("getacl error on file \"%s\": ERR=%s\n"),
1252 jcr->last_fname, be.bstrerror());
1253 Dmsg2(100, "getacl error file=%s ERR=%s\n",
1254 jcr->last_fname, be.bstrerror());
1256 pm_strcpy(jcr->acl_data->content, "");
1257 jcr->acl_data->content_length = 0;
1258 return bacl_exit_error;
1262 pm_strcpy(jcr->acl_data->content, "");
1263 jcr->acl_data->content_length = 0;
1264 return bacl_exit_ok;
1266 if ((n = getacl(jcr->last_fname, n, acls)) > 0) {
1267 if (acl_is_trivial(n, acls, ff_pkt->statp)) {
1269 * The ACLs simply reflect the (already known) standard permissions
1270 * So we don't send an ACL stream to the SD.
1272 pm_strcpy(jcr->acl_data->content, "");
1273 jcr->acl_data->content_length = 0;
1274 return bacl_exit_ok;
1276 if ((acl_text = acltostr(n, acls, FORM_SHORT)) != NULL) {
1277 jcr->acl_data->content_length = pm_strcpy(jcr->acl_data->content, acl_text);
1278 actuallyfree(acl_text);
1280 return send_acl_stream(jcr, STREAM_ACL_HPUX_ACL_ENTRY);
1282 Mmsg2(jcr->errmsg, _("acltostr error on file \"%s\": ERR=%s\n"),
1283 jcr->last_fname, be.bstrerror());
1284 Dmsg3(100, "acltostr error acl=%s file=%s ERR=%s\n",
1285 jcr->acl_data->content, jcr->last_fname, be.bstrerror());
1286 return bacl_exit_error;
1288 return bacl_exit_error;
1291 static bacl_exit_code hpux_parse_acl_streams(JCR *jcr, int stream)
1294 struct acl_entry acls[NACLENTRIES];
1297 n = strtoacl(jcr->acl_data->content, 0, NACLENTRIES, acls, ACL_FILEOWNER, ACL_FILEGROUP);
1299 Mmsg2(jcr->errmsg, _("strtoacl error on file \"%s\": ERR=%s\n"),
1300 jcr->last_fname, be.bstrerror());
1301 Dmsg3(100, "strtoacl error acl=%s file=%s ERR=%s\n",
1302 jcr->acl_data->content, jcr->last_fname, be.bstrerror());
1303 return bacl_exit_error;
1305 if (strtoacl(jcr->acl_data->content, n, NACLENTRIES, acls, ACL_FILEOWNER, ACL_FILEGROUP) != n) {
1306 Mmsg2(jcr->errmsg, _("strtoacl error on file \"%s\": ERR=%s\n"),
1307 jcr->last_fname, be.bstrerror());
1308 Dmsg3(100, "strtoacl error acl=%s file=%s ERR=%s\n",
1309 jcr->acl_data->content, jcr->last_fname, be.bstrerror());
1311 return bacl_exit_error;
1314 * Restore the ACLs, but don't complain about links which really should
1315 * not have attributes, and the file it is linked to may not yet be restored.
1316 * This is only true for the old acl streams as in the new implementation we
1317 * don't save acls of symlinks (which cannot have acls anyhow)
1319 if (setacl(jcr->last_fname, n, acls) != 0 && jcr->last_type != FT_LNK) {
1322 return bacl_exit_ok;
1324 Mmsg2(jcr->errmsg, _("setacl error on file \"%s\": ERR=%s\n"),
1325 jcr->last_fname, be.bstrerror());
1326 Dmsg3(100, "setacl error acl=%s file=%s ERR=%s\n",
1327 jcr->acl_data->content, jcr->last_fname, be.bstrerror());
1328 return bacl_exit_error;
1331 return bacl_exit_ok;
1335 * For this OS setup the build and parse function pointer to the OS specific functions.
1337 static bacl_exit_code (*os_build_acl_streams)(JCR *jcr, FF_PKT *ff_pkt) = hpux_build_acl_streams;
1338 static bacl_exit_code (*os_parse_acl_streams)(JCR *jcr, int stream) = hpux_parse_acl_streams;
1340 #elif defined(HAVE_SUN_OS)
1341 #ifdef HAVE_SYS_ACL_H
1342 #include <sys/acl.h>
1344 #error "configure failed to detect availability of sys/acl.h"
1347 #if defined(HAVE_EXTENDED_ACL)
1349 * We define some internals of the Solaris acl libs here as those
1350 * are not exposed yet. Probably because they want us to see the
1351 * acls as opague data. But as we need to support different platforms
1352 * and versions of Solaris we need to expose some data to be able
1353 * to determine the type of acl used to stuff it into the correct
1354 * data stream. I know this is far from portable, but maybe the
1355 * proper interface is exposed later on and we can get ride of
1356 * this kludge. Newer versions of Solaris include sys/acl_impl.h
1357 * which has implementation details of acls, if thats included we
1358 * don't have to define it ourself.
1360 #if !defined(_SYS_ACL_IMPL_H)
1361 typedef enum acl_type {
1368 * Two external references to functions in the libsec library function not in current include files.
1371 int acl_type(acl_t *);
1372 char *acl_strerror(int);
1376 * Define the supported ACL streams for this OS
1378 static int os_access_acl_streams[2] = { STREAM_ACL_SOLARIS_ACLENT, STREAM_ACL_SOLARIS_ACE };
1379 static int os_default_acl_streams[1] = { -1 };
1382 * As the new libsec interface with acl_totext and acl_fromtext also handles
1383 * the old format from acltotext we can use the new functions even
1384 * for acls retrieved and stored in the database with older fd versions. If the
1385 * new interface is not defined (Solaris 9 and older we fall back to the old code)
1387 static bacl_exit_code solaris_build_acl_streams(JCR *jcr, FF_PKT *ff_pkt)
1389 int acl_enabled, flags;
1392 bacl_exit_code stream_status = bacl_exit_error;
1396 * See if filesystem supports acls.
1398 acl_enabled = pathconf(jcr->last_fname, _PC_ACL_ENABLED);
1399 switch (acl_enabled) {
1402 * If the filesystem reports it doesn't support ACLs we clear the
1403 * BACL_FLAG_SAVE_NATIVE flag so we skip ACL saves on all other files
1404 * on the same filesystem. The BACL_FLAG_SAVE_NATIVE flag gets set again
1405 * when we change from one filesystem to an other.
1407 jcr->acl_data->flags &= ~BACL_FLAG_SAVE_NATIVE;
1408 pm_strcpy(jcr->acl_data->content, "");
1409 jcr->acl_data->content_length = 0;
1410 return bacl_exit_ok;
1414 return bacl_exit_ok;
1416 Mmsg2(jcr->errmsg, _("pathconf error on file \"%s\": ERR=%s\n"),
1417 jcr->last_fname, be.bstrerror());
1418 Dmsg2(100, "pathconf error file=%s ERR=%s\n",
1419 jcr->last_fname, be.bstrerror());
1420 return bacl_exit_error;
1427 * Get ACL info: don't bother allocating space if there is only a trivial ACL.
1429 if (acl_get(jcr->last_fname, ACL_NO_TRIVIAL, &aclp) != 0) {
1432 return bacl_exit_ok;
1434 Mmsg2(jcr->errmsg, _("acl_get error on file \"%s\": ERR=%s\n"),
1435 jcr->last_fname, acl_strerror(errno));
1436 Dmsg2(100, "acl_get error file=%s ERR=%s\n",
1437 jcr->last_fname, acl_strerror(errno));
1438 return bacl_exit_error;
1444 * The ACLs simply reflect the (already known) standard permissions
1445 * So we don't send an ACL stream to the SD.
1447 pm_strcpy(jcr->acl_data->content, "");
1448 jcr->acl_data->content_length = 0;
1449 return bacl_exit_ok;
1452 #if defined(ACL_SID_FMT)
1454 * New format flag added in newer Solaris versions.
1456 flags = ACL_APPEND_ID | ACL_COMPACT_FMT | ACL_SID_FMT;
1458 flags = ACL_APPEND_ID | ACL_COMPACT_FMT;
1459 #endif /* ACL_SID_FMT */
1461 if ((acl_text = acl_totext(aclp, flags)) != NULL) {
1462 jcr->acl_data->content_length = pm_strcpy(jcr->acl_data->content, acl_text);
1463 actuallyfree(acl_text);
1465 switch (acl_type(aclp)) {
1467 stream_status = send_acl_stream(jcr, STREAM_ACL_SOLARIS_ACLENT);
1470 stream_status = send_acl_stream(jcr, STREAM_ACL_SOLARIS_ACE);
1478 return stream_status;
1481 static bacl_exit_code solaris_parse_acl_streams(JCR *jcr, int stream)
1484 int acl_enabled, error;
1488 case STREAM_UNIX_ACCESS_ACL:
1489 case STREAM_ACL_SOLARIS_ACLENT:
1490 case STREAM_ACL_SOLARIS_ACE:
1492 * First make sure the filesystem supports acls.
1494 acl_enabled = pathconf(jcr->last_fname, _PC_ACL_ENABLED);
1495 switch (acl_enabled) {
1497 Mmsg1(jcr->errmsg, _("Trying to restore acl on file \"%s\" on filesystem without acl support\n"),
1499 return bacl_exit_error;
1503 return bacl_exit_ok;
1505 Mmsg2(jcr->errmsg, _("pathconf error on file \"%s\": ERR=%s\n"),
1506 jcr->last_fname, be.bstrerror());
1507 Dmsg3(100, "pathconf error acl=%s file=%s ERR=%s\n",
1508 jcr->acl_data->content, jcr->last_fname, be.bstrerror());
1509 return bacl_exit_error;
1513 * On a filesystem with ACL support make sure this particular ACL type can be restored.
1516 case STREAM_ACL_SOLARIS_ACLENT:
1518 * An aclent can be restored on filesystems with _ACL_ACLENT_ENABLED or _ACL_ACE_ENABLED support.
1520 if ((acl_enabled & (_ACL_ACLENT_ENABLED | _ACL_ACE_ENABLED)) == 0) {
1521 Mmsg1(jcr->errmsg, _("Trying to restore acl on file \"%s\" on filesystem without aclent acl support\n"),
1523 return bacl_exit_error;
1526 case STREAM_ACL_SOLARIS_ACE:
1528 * An ace can only be restored on a filesystem with _ACL_ACE_ENABLED support.
1530 if ((acl_enabled & _ACL_ACE_ENABLED) == 0) {
1531 Mmsg1(jcr->errmsg, _("Trying to restore acl on file \"%s\" on filesystem without ace acl support\n"),
1533 return bacl_exit_error;
1538 * Stream id which doesn't describe the type of acl which is encoded.
1545 if ((error = acl_fromtext(jcr->acl_data->content, &aclp)) != 0) {
1546 Mmsg2(jcr->errmsg, _("acl_fromtext error on file \"%s\": ERR=%s\n"),
1547 jcr->last_fname, acl_strerror(error));
1548 Dmsg3(100, "acl_fromtext error acl=%s file=%s ERR=%s\n",
1549 jcr->acl_data->content, jcr->last_fname, acl_strerror(error));
1550 return bacl_exit_error;
1554 * Validate that the conversion gave us the correct acl type.
1557 case STREAM_ACL_SOLARIS_ACLENT:
1558 if (acl_type(aclp) != ACLENT_T) {
1559 Mmsg1(jcr->errmsg, _("wrong encoding of acl type in acl stream on file \"%s\"\n"),
1561 return bacl_exit_error;
1564 case STREAM_ACL_SOLARIS_ACE:
1565 if (acl_type(aclp) != ACE_T) {
1566 Mmsg1(jcr->errmsg, _("wrong encoding of acl type in acl stream on file \"%s\"\n"),
1568 return bacl_exit_error;
1573 * Stream id which doesn't describe the type of acl which is encoded.
1579 * Restore the ACLs, but don't complain about links which really should
1580 * not have attributes, and the file it is linked to may not yet be restored.
1581 * This is only true for the old acl streams as in the new implementation we
1582 * don't save acls of symlinks (which cannot have acls anyhow)
1584 if ((error = acl_set(jcr->last_fname, aclp)) == -1 && jcr->last_type != FT_LNK) {
1588 return bacl_exit_ok;
1590 Mmsg2(jcr->errmsg, _("acl_set error on file \"%s\": ERR=%s\n"),
1591 jcr->last_fname, acl_strerror(error));
1592 Dmsg3(100, "acl_set error acl=%s file=%s ERR=%s\n",
1593 jcr->acl_data->content, jcr->last_fname, acl_strerror(error));
1595 return bacl_exit_error;
1600 return bacl_exit_ok;
1602 return bacl_exit_error;
1603 } /* end switch (stream) */
1606 #else /* HAVE_EXTENDED_ACL */
1609 * Define the supported ACL streams for this OS
1611 static int os_access_acl_streams[2] = { STREAM_ACL_SOLARIS_ACLENT };
1612 static int os_default_acl_streams[1] = { -1 };
1615 * See if an acl is a trivial one (e.g. just the stat bits encoded as acl.)
1616 * There is no need to store those acls as we already store the stat bits too.
1618 static bool acl_is_trivial(int count, aclent_t *entries)
1623 for (n = 0; n < count; n++) {
1626 if (!(ace->a_type == USER_OBJ ||
1627 ace->a_type == GROUP_OBJ ||
1628 ace->a_type == OTHER_OBJ ||
1629 ace->a_type == CLASS_OBJ))
1636 * OS specific functions for handling different types of acl streams.
1638 static bacl_exit_code solaris_build_acl_streams(JCR *jcr, FF_PKT *ff_pkt)
1645 n = acl(jcr->last_fname, GETACLCNT, 0, NULL);
1646 if (n < MIN_ACL_ENTRIES)
1647 return bacl_exit_error;
1649 acls = (aclent_t *)malloc(n * sizeof(aclent_t));
1650 if (acl(jcr->last_fname, GETACL, n, acls) == n) {
1651 if (acl_is_trivial(n, acls)) {
1653 * The ACLs simply reflect the (already known) standard permissions
1654 * So we don't send an ACL stream to the SD.
1657 pm_strcpy(jcr->acl_data->content, "");
1658 jcr->acl_data->content_length = 0;
1659 return bacl_exit_ok;
1662 if ((acl_text = acltotext(acls, n)) != NULL) {
1663 jcr->acl_data->content_length = pm_strcpy(jcr->acl_data->content, acl_text);
1664 actuallyfree(acl_text);
1666 return send_acl_stream(jcr, STREAM_ACL_SOLARIS_ACLENT);
1669 Mmsg2(jcr->errmsg, _("acltotext error on file \"%s\": ERR=%s\n"),
1670 jcr->last_fname, be.bstrerror());
1671 Dmsg3(100, "acltotext error acl=%s file=%s ERR=%s\n",
1672 jcr->acl_data->content, jcr->last_fname, be.bstrerror());
1676 return bacl_exit_error;
1679 static bacl_exit_code solaris_parse_acl_streams(JCR *jcr, int stream)
1685 acls = aclfromtext(jcr->acl_data->content, &n);
1687 Mmsg2(jcr->errmsg, _("aclfromtext error on file \"%s\": ERR=%s\n"),
1688 jcr->last_fname, be.bstrerror());
1689 Dmsg3(100, "aclfromtext error acl=%s file=%s ERR=%s\n",
1690 jcr->acl_data->content, jcr->last_fname, be.bstrerror());
1691 return bacl_exit_error;
1695 * Restore the ACLs, but don't complain about links which really should
1696 * not have attributes, and the file it is linked to may not yet be restored.
1698 if (acl(jcr->last_fname, SETACL, n, acls) == -1 && jcr->last_type != FT_LNK) {
1702 return bacl_exit_ok;
1704 Mmsg2(jcr->errmsg, _("acl(SETACL) error on file \"%s\": ERR=%s\n"),
1705 jcr->last_fname, be.bstrerror());
1706 Dmsg3(100, "acl(SETACL) error acl=%s file=%s ERR=%s\n",
1707 jcr->acl_data->content, jcr->last_fname, be.bstrerror());
1709 return bacl_exit_error;
1713 return bacl_exit_ok;
1715 #endif /* HAVE_EXTENDED_ACL */
1718 * For this OS setup the build and parse function pointer to the OS specific functions.
1720 static bacl_exit_code (*os_build_acl_streams)(JCR *jcr, FF_PKT *ff_pkt) = solaris_build_acl_streams;
1721 static bacl_exit_code (*os_parse_acl_streams)(JCR *jcr, int stream) = solaris_parse_acl_streams;
1723 #endif /* HAVE_SUN_OS */
1724 #endif /* HAVE_ACL */
1727 * Entry points when compiled with support for ACLs on a supported platform.
1731 * Read and send an ACL for the last encountered file.
1733 bacl_exit_code build_acl_streams(JCR *jcr, FF_PKT *ff_pkt)
1736 * See if we are changing from one device to an other.
1737 * We save the current device we are scanning and compare
1738 * it with the current st_dev in the last stat performed on
1739 * the file we are currently storing.
1741 if (jcr->acl_data->current_dev != ff_pkt->statp.st_dev) {
1743 * Reset the acl save flags.
1745 jcr->acl_data->flags = 0;
1747 jcr->acl_data->flags |= BACL_FLAG_SAVE_NATIVE;
1750 * Save that we started scanning a new filesystem.
1752 jcr->acl_data->current_dev = ff_pkt->statp.st_dev;
1755 #if defined(HAVE_ACL)
1757 * See if the BACL_FLAG_SAVE_NATIVE flag is set which lets us know if we should
1760 if (jcr->acl_data->flags & BACL_FLAG_SAVE_NATIVE) {
1762 * Call the appropriate function.
1764 if (os_build_acl_streams) {
1765 return (*os_build_acl_streams)(jcr, ff_pkt);
1768 return bacl_exit_ok;
1771 return bacl_exit_error;
1774 bacl_exit_code parse_acl_streams(JCR *jcr, int stream)
1779 #if defined(HAVE_ACL)
1780 case STREAM_UNIX_ACCESS_ACL:
1781 case STREAM_UNIX_DEFAULT_ACL:
1783 * Handle legacy ACL streams.
1785 if (os_parse_acl_streams) {
1786 return (*os_parse_acl_streams)(jcr, stream);
1790 if (os_parse_acl_streams) {
1792 * Walk the os_access_acl_streams array with the supported Access ACL streams for this OS.
1794 for (cnt = 0; cnt < sizeof(os_access_acl_streams) / sizeof(int); cnt++) {
1795 if (os_access_acl_streams[cnt] == stream) {
1796 return (*os_parse_acl_streams)(jcr, stream);
1800 * Walk the os_default_acl_streams array with the supported Default ACL streams for this OS.
1802 for (cnt = 0; cnt < sizeof(os_default_acl_streams) / sizeof(int); cnt++) {
1803 if (os_default_acl_streams[cnt] == stream) {
1804 return (*os_parse_acl_streams)(jcr, stream);
1814 Qmsg2(jcr, M_WARNING, 0,
1815 _("Can't restore ACLs of %s - incompatible acl stream encountered - %d\n"),
1816 jcr->last_fname, stream);
1817 return bacl_exit_error;
projects / bacula / bacula / blob