+/*
+ Bacula® - The Network Backup Solution
+
+ Copyright (C) 2004-2008 Free Software Foundation Europe e.V.
+
+ The main author of Bacula is Kern Sibbald, with contributions from
+ many others, a complete list can be found in the file AUTHORS.
+ This program is Free Software; you can redistribute it and/or
+ modify it under the terms of version two of the GNU General Public
+ License as published by the Free Software Foundation and included
+ in the file LICENSE.
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ 02110-1301, USA.
+
+ Bacula® is a registered trademark of Kern Sibbald.
+ The licensor of Bacula is the Free Software Foundation Europe
+ (FSFE), Fiduciary Program, Sumatrastrasse 25, 8006 Zürich,
+ Switzerland, email:ftf@fsfeurope.org.
+*/
/*
* Functions to handle ACL for bacula.
*
*
* Version $Id$
*/
-/*
- Copyright (C) 2004-2006 Kern Sibbald
-
- This program is free software; you can redistribute it and/or
- modify it under the terms of the GNU General Public License
- version 2 as amended with additional clauses defined in the
- file LICENSE in the main source directory.
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- the file LICENSE for additional details.
-
- */
#ifndef TEST_PROGRAM
*/
#if !defined(HAVE_ACL) /* ACL support is required, of course */ \
|| !( defined(HAVE_AIX_OS) /* man page -- may need flags */ \
- || defined(HAVE_FREEBSD_OS) /* tested -- compile wihtout flags */ \
- || defined(HAVE_DARWIN_OS) /* tested -- compile wihtout flags */ \
+ || defined(HAVE_FREEBSD_OS) /* tested -- compile without flags */ \
+ || defined(HAVE_DARWIN_OS) /* tested -- compile without flags */ \
|| defined(HAVE_IRIX_OS) /* man page -- compile without flags */ \
|| defined(HAVE_OSF1_OS) /* man page -- may need -lpacl */ \
|| defined(HAVE_LINUX_OS) /* tested -- compile with -lacl */ \
* with what we have and give all ACL streams a new number/type.
*/
#endif
+
#if !defined(HAVE_ACL) \
|| !( defined(HAVE_LINUX_OS) \
|| defined(HAVE_FREEBSD_OS) \
#endif
#ifdef BACL_ALTERNATE_TEXT
#include <acl/libacl.h>
-#define acl_to_text(acl,len) ((len), acl_to_any_text((acl), NULL, ',', BACL_ALTERNATE_TEXT))
+#define acl_to_text(acl,len) (acl_to_any_text((acl), NULL, ',', BACL_ALTERNATE_TEXT))
#endif
#endif
acl = acl_get_file(jcr->last_fname, ostype);
if (acl) {
+#if defined(HAVE_IRIX_OS)
+ /*
+ * From observation, IRIX's acl_get_file() seems to return a
+ * non-NULL acl with a count field of -1 when a file has no ACL
+ * defined, while IRIX's acl_to_text() returns NULL when presented
+ * with such an ACL.
+ *
+ * Checking the count in the acl structure before calling
+ * acl_to_text() lets us avoid error messages about files
+ * with no ACLs, without modifying the flow of the code used for
+ * other operating systems, and it saves making some calls
+ * to acl_to_text() besides.
+ */
+ if (acl->acl_cnt <= 0) {
+ acl_free(acl);
+ return 0;
+ }
+#endif
if ((acl_text = acl_to_text(acl, NULL)) != NULL) {
len = pm_strcpy(jcr->acl_text, acl_text);
acl_free(acl);
acl_free(acl_text);
return len;
}
+ berrno be;
+ Jmsg2(jcr, M_ERROR, 0, _("acl_to_text error on file \"%s\": ERR=%s\n"),
+ jcr->last_fname, be.bstrerror());
+ Dmsg3(100, "acl_to_text error acl=%s file=%s ERR=%s\n",
+ jcr->acl_text, jcr->last_fname, be.bstrerror());
acl_free(acl);
#ifndef HAVE_OSF1_OS /* BACL_ENOTSUP not defined for OSF1 */
} else if (errno == BACL_ENOTSUP) {
}
berrno be;
Jmsg2(jcr, M_ERROR, 0, _("acl_delete_def_file error on file \"%s\": ERR=%s\n"),
- jcr->last_fname, be.strerror());
+ jcr->last_fname, be.bstrerror());
return -1;
}
if (acl == NULL) {
berrno be;
Jmsg2(jcr, M_ERROR, 0, _("acl_from_text error on file \"%s\": ERR=%s\n"),
- jcr->last_fname, be.strerror());
+ jcr->last_fname, be.bstrerror());
Dmsg3(100, "acl_from_text error acl=%s file=%s ERR=%s\n",
- jcr->acl_text, jcr->last_fname, be.strerror());
+ jcr->acl_text, jcr->last_fname, be.bstrerror());
return -1;
}
*/
#ifndef HAVE_FREEBSD_OS
if (acl_valid(acl) != 0) {
+ berrno be;
+ Jmsg2(jcr, M_ERROR, 0, _("ac_valid error on file \"%s\": ERR=%s\n"),
+ jcr->last_fname, be.bstrerror());
+ Dmsg3(100, "acl_valid error acl=%s file=%s ERR=%s\n",
+ jcr->acl_text, jcr->last_fname, be.bstrerror());
acl_free(acl);
return -1;
}
#endif
- if (acl_set_file(jcr->last_fname, ostype, acl) != 0) {
+ /*
+ * Restore the ACLs, but don't complain about links which really should
+ * not have attributes, and the file it is linked to may not yet be restored.
+ */
+ if (acl_set_file(jcr->last_fname, ostype, acl) != 0 && jcr->last_type != FT_LNK) {
berrno be;
Jmsg2(jcr, M_ERROR, 0, _("acl_set_file error on file \"%s\": ERR=%s\n"),
- jcr->last_fname, be.strerror());
+ jcr->last_fname, be.bstrerror());
Dmsg3(100, "acl_set_file error acl=%s file=%s ERR=%s\n",
- jcr->acl_text, jcr->last_fname, be.strerror());
+ jcr->acl_text, jcr->last_fname, be.bstrerror());
acl_free(acl);
return -1;
}
actuallyfree(acl_text);
return len;
}
+ berrno be;
+ Jmsg2(jcr, M_ERROR, 0, _("acltostr error on file \"%s\": ERR=%s\n"),
+ jcr->last_fname, be.bstrerror());
+ Dmsg3(100, "acltostr error acl=%s file=%s ERR=%s\n",
+ jcr->acl_text, jcr->last_fname, be.bstrerror());
+ return -1;
}
return -1;
}
n = strtoacl(jcr->acl_text, 0, NACLENTRIES, acls, ACL_FILEOWNER, ACL_FILEGROUP);
if (n <= 0) {
+ berrno be;
+ Jmsg2(jcr, M_ERROR, 0, _("strtoacl error on file \"%s\": ERR=%s\n"),
+ jcr->last_fname, be.bstrerror());
+ Dmsg3(100, "strtoacl error acl=%s file=%s ERR=%s\n",
+ jcr->acl_text, jcr->last_fname, be.bstrerror());
return -1;
}
if (strtoacl(jcr->acl_text, n, NACLENTRIES, acls, ACL_FILEOWNER, ACL_FILEGROUP) != n) {
+ berrno be;
+ Jmsg2(jcr, M_ERROR, 0, _("strtoacl error on file \"%s\": ERR=%s\n"),
+ jcr->last_fname, be.bstrerror());
+ Dmsg3(100, "strtoacl error acl=%s file=%s ERR=%s\n",
+ jcr->acl_text, jcr->last_fname, be.bstrerror());
return -1;
}
- if (setacl(jcr->last_fname, n, acls) != 0) {
+ /*
+ * Restore the ACLs, but don't complain about links which really should
+ * not have attributes, and the file it is linked to may not yet be restored.
+ */
+ if (setacl(jcr->last_fname, n, acls) != 0 && jcr->last_type != FT_LNK) {
+ berrno be;
+ Jmsg2(jcr, M_ERROR, 0, _("setacl error on file \"%s\": ERR=%s\n"),
+ jcr->last_fname, be.bstrerror());
+ Dmsg3(100, "setacl error acl=%s file=%s ERR=%s\n",
+ jcr->acl_text, jcr->last_fname, be.bstrerror());
return -1;
}
return 0;
#elif defined(HAVE_SUN_OS)
#include <sys/acl.h>
+/*
+ * As the new libsec interface with acl_totext and acl_fromtext also handles
+ * the old format from acltotext we can use the new functions even
+ * for acls retrieved and stored in the database with older fd versions. If the
+ * new interface is not defined (Solaris 9 and older we fall back to the old code)
+ */
+#if defined(HAVE_EXTENDED_ACL)
+int bacl_get(JCR *jcr, int acltype)
+{
+ int len, flags;
+ acl_t *aclp;
+ char *acl_text;
+
+ /*
+ * Get ACL info: don't bother allocating space if there is only a trivial ACL.
+ */
+ if (acl_get(jcr->last_fname, ACL_NO_TRIVIAL, &aclp) != 0)
+ return -1;
+
+ if (aclp == NULL) {
+ /* The ACLs simply reflect the (already known) standard permissions */
+ return pm_strcpy(jcr->acl_text, "");
+ }
+
+#if defined(ACL_SID_FMT)
+ /*
+ * New format flag added in newer Solaris versions.
+ */
+ flags = ACL_APPEND_ID | ACL_COMPACT_FMT | ACL_SID_FMT;
+#else
+ flags = ACL_APPEND_ID | ACL_COMPACT_FMT;
+#endif /* ACL_SID_FMT */
+
+ if ((acl_text = acl_totext(aclp, flags)) != NULL) {
+ len = pm_strcpy(jcr->acl_text, acl_text);
+ actuallyfree(acl_text);
+
+ acl_free(aclp);
+
+ return len;
+ }
+
+ acl_free(aclp);
+
+ return -1;
+}
+
+/*
+ * As the header acl.h doesn't seem to define this one we need to.
+ */
+extern "C" {
+char *acl_strerror(int);
+}
+
+int bacl_set(JCR *jcr, int acltype)
+{
+ acl_t *aclp;
+ int error;
+
+ if ((error = acl_fromtext(jcr->acl_text, &aclp)) != 0) {
+ Jmsg2(jcr, M_ERROR, 0, _("acl_fromtext error on file \"%s\": ERR=%s\n"),
+ jcr->last_fname, acl_strerror(error));
+ Dmsg3(100, "acl_fromtext error acl=%s file=%s ERR=%s\n",
+ jcr->acl_text, jcr->last_fname, acl_strerror(error));
+ return -1;
+ }
+
+ /*
+ * Restore the ACLs, but don't complain about links which really should
+ * not have attributes, and the file it is linked to may not yet be restored.
+ */
+ if ((error = acl_set(jcr->last_fname, aclp)) == -1 && jcr->last_type != FT_LNK) {
+ Jmsg2(jcr, M_ERROR, 0, _("acl_set error on file \"%s\": ERR=%s\n"),
+ jcr->last_fname, acl_strerror(error));
+ Dmsg3(100, "acl_set error acl=%s file=%s ERR=%s\n",
+ jcr->acl_text, jcr->last_fname, acl_strerror(error));
+
+ acl_free(aclp);
+ return -1;
+ }
+
+ acl_free(aclp);
+ return 0;
+}
+
+#else /* HAVE_EXTENDED_ACL */
+
int bacl_get(JCR *jcr, int acltype)
{
int n, len;
free(acls);
return len;
}
+ berrno be;
+ Jmsg2(jcr, M_ERROR, 0, _("acltotext error on file \"%s\": ERR=%s\n"),
+ jcr->last_fname, be.bstrerror());
+ Dmsg3(100, "acltotext error acl=%s file=%s ERR=%s\n",
+ jcr->acl_text, jcr->last_fname, be.bstrerror());
}
free(acls);
return -1;
acls = aclfromtext(jcr->acl_text, &n);
if (!acls) {
+ berrno be;
+ Jmsg2(jcr, M_ERROR, 0, _("aclfromtext error on file \"%s\": ERR=%s\n"),
+ jcr->last_fname, be.bstrerror());
+ Dmsg3(100, "aclfromtext error acl=%s file=%s ERR=%s\n",
+ jcr->acl_text, jcr->last_fname, be.bstrerror());
return -1;
}
- if (acl(jcr->last_fname, SETACL, n, acls) == -1) {
+ /*
+ * Restore the ACLs, but don't complain about links which really should
+ * not have attributes, and the file it is linked to may not yet be restored.
+ */
+ if (acl(jcr->last_fname, SETACL, n, acls) == -1 && jcr->last_type != FT_LNK) {
+ berrno be;
+ Jmsg2(jcr, M_ERROR, 0, _("acl(SETACL) error on file \"%s\": ERR=%s\n"),
+ jcr->last_fname, be.bstrerror());
+ Dmsg3(100, "acl(SETACL) error acl=%s file=%s ERR=%s\n",
+ jcr->acl_text, jcr->last_fname, be.bstrerror());
actuallyfree(acls);
return -1;
}
return 0;
}
-#endif
+#endif /* HAVE_EXTENDED_ACL */
+#endif /* HAVE_SUN_OS */
#ifdef TEST_PROGRAM
return EXIT_FAILURE;
}
- prgname = strrchr(argv[0], '/');
+ prgname = last_path_separator(argv[0]);
if (prgname == NULL || *++prgname == '\0') {
prgname = argv[0];
}