/*
Bacula® - The Network Backup Solution
- Copyright (C) 2004-2009 Free Software Foundation Europe e.V.
+ Copyright (C) 2004-2010 Free Software Foundation Europe e.V.
The main author of Bacula is Kern Sibbald, with contributions from
many others, a complete list can be found in the file AUTHORS.
(FSFE), Fiduciary Program, Sumatrastrasse 25, 8006 Zürich,
Switzerland, email:ftf@fsfeurope.org.
*/
-/*
+/**
* Functions to handle ACLs for bacula.
*
* We handle two different types of ACLs: access and default ACLS.
*
* Original written by Preben 'Peppe' Guldberg, December MMIV
* Major rewrite by Marco van Wieringen, November MMVIII
- *
- * Version $Id$
*/
#include "bacula.h"
#include "filed.h"
-#include "acl.h"
-#if !defined(HAVE_ACL)
-/*
+#if !defined(HAVE_ACL) && !defined(HAVE_AFS_ACL)
+/**
* Entry points when compiled without support for ACLs or on an unsupported platform.
*/
bacl_exit_code build_acl_streams(JCR *jcr, FF_PKT *ff_pkt)
return bacl_exit_fatal;
}
-bacl_exit_code parse_acl_stream(JCR *jcr, int stream)
+bacl_exit_code parse_acl_streams(JCR *jcr, int stream)
{
return bacl_exit_fatal;
}
#else
-/*
+/**
* Send an ACL stream to the SD.
*/
static bacl_exit_code send_acl_stream(JCR *jcr, int stream)
return bacl_exit_ok;
#endif
- /*
+ /**
* Sanity check
*/
- if (jcr->acl_data_len <= 0)
+ if (jcr->acl_data->content_length <= 0) {
return bacl_exit_ok;
+ }
- /*
+ /**
* Send header
*/
if (!sd->fsend("%ld %d 0", jcr->JobFiles, stream)) {
return bacl_exit_fatal;
}
- /*
+ /**
* Send the buffer to the storage deamon
*/
- Dmsg1(400, "Backing up ACL <%s>\n", jcr->acl_data);
+ Dmsg1(400, "Backing up ACL <%s>\n", jcr->acl_data->content);
msgsave = sd->msg;
- sd->msg = jcr->acl_data;
- sd->msglen = jcr->acl_data_len + 1;
+ sd->msg = jcr->acl_data->content;
+ sd->msglen = jcr->acl_data->content_length + 1;
if (!sd->send()) {
sd->msg = msgsave;
sd->msglen = 0;
return bacl_exit_ok;
}
+/**
+ * First the native ACLs.
+ */
+#if defined(HAVE_ACL)
#if defined(HAVE_AIX_OS)
#include <sys/access.h>
-/*
+/**
* Define the supported ACL streams for this OS
*/
static int os_access_acl_streams[1] = { STREAM_ACL_AIX_TEXT };
char *acl_text;
if ((acl_text = acl_get(jcr->last_fname)) != NULL) {
- jcr->acl_data_len = pm_strcpy(jcr->acl_data, acl_text);
+ jcr->acl_data->content_length = pm_strcpy(jcr->acl_data->content, acl_text);
actuallyfree(acl_text);
return send_acl_stream(jcr, STREAM_ACL_AIX_TEXT);
}
static bacl_exit_code aix_parse_acl_streams(JCR *jcr, int stream)
{
- if (acl_put(jcr->last_fname, jcr->acl_data, 0) != 0) {
+ if (acl_put(jcr->last_fname, jcr->acl_data->content, 0) != 0) {
return bacl_exit_error;
}
return bacl_exit_ok;
}
-/*
+/**
* For this OS setup the build and parse function pointer to the OS specific functions.
*/
static bacl_exit_code (*os_build_acl_streams)(JCR *jcr, FF_PKT *ff_pkt) = aix_build_acl_streams;
#error "configure failed to detect availability of sys/acl.h"
#endif
-/* On IRIX we can get shortened ACLs */
+/**
+ * On IRIX we can get shortened ACLs
+ */
#if defined(HAVE_IRIX_OS) && defined(BACL_WANT_SHORT_ACLS)
#define acl_to_text(acl,len) acl_to_short_text((acl), (len))
#endif
-/* In Linux we can get numeric and/or shorted ACLs */
+/**
+ * In Linux we can get numeric and/or shorted ACLs
+ */
#if defined(HAVE_LINUX_OS)
#if defined(BACL_WANT_SHORT_ACLS) && defined(BACL_WANT_NUMERIC_IDS)
#define BACL_ALTERNATE_TEXT (TEXT_ABBREVIATE|TEXT_NUMERIC_IDS)
#endif
#endif
-/*
+/**
* Some generic functions used by multiple OSes.
*/
static acl_type_t bac_to_os_acltype(bacl_type acltype)
#ifdef ACL_TYPE_DEFAULT_DIR
case BACL_TYPE_DEFAULT_DIR:
- /*
+ /**
* OSF1 has an additional acl type named ACL_TYPE_DEFAULT_DIR.
*/
ostype = ACL_TYPE_DEFAULT_DIR;
#endif
#ifdef ACL_TYPE_EXTENDED
case BACL_TYPE_EXTENDED:
- /*
+ /**
* MacOSX has an additional acl type named ACL_TYPE_EXTENDED.
*/
ostype = ACL_TYPE_EXTENDED;
break;
#endif
default:
- /*
+ /**
* This should never happen, as the per OS version function only tries acl
* types supported on a certain platform.
*/
}
#if !defined(HAVE_DARWIN_OS)
-/*
+/**
* See if an acl is a trivial one (e.g. just the stat bits encoded as acl.)
* There is no need to store those acls as we already store the stat bits too.
*/
static bool acl_is_trivial(acl_t acl)
{
- /*
+ /**
* acl is trivial if it has only the following entries:
* "user::",
* "group::",
entry_available = acl_get_entry(acl, ACL_FIRST_ENTRY, &ace);
while (entry_available == 1) {
- /*
+ /**
* Get the tag type of this acl entry.
* If we fail to get the tagtype we call the acl non-trivial.
*/
if (acl_get_tag_type(ace, &tag) < 0)
return true;
- /*
+ /**
* Anything other the ACL_USER_OBJ, ACL_GROUP_OBJ or ACL_OTHER breaks the spell.
*/
if (tag != ACL_USER_OBJ &&
ace = &acl->acl_entry[n];
tag = ace->ae_tag;
- /*
+ /**
* Anything other the ACL_USER_OBJ, ACL_GROUP_OBJ or ACL_OTHER breaks the spell.
*/
if (tag != ACL_USER_OBJ &&
while (count > 0) {
tag = ace->entry->acl_type;
- /*
+ /**
* Anything other the ACL_USER_OBJ, ACL_GROUP_OBJ or ACL_OTHER breaks the spell.
*/
if (tag != ACL_USER_OBJ &&
tag != ACL_GROUP_OBJ &&
tag != ACL_OTHER)
return false;
- /*
+ /**
* On Tru64, perm can also contain non-standard bits such as
* PERM_INSERT, PERM_DELETE, PERM_MODIFY, PERM_LOOKUP, ...
*/
}
#endif
-/*
+/**
* Generic wrapper around acl_get_file call.
*/
static bacl_exit_code generic_get_acl_from_os(JCR *jcr, bacl_type acltype)
acl = acl_get_file(jcr->last_fname, ostype);
if (acl) {
#if defined(HAVE_IRIX_OS)
- /*
+ /**
* From observation, IRIX's acl_get_file() seems to return a
* non-NULL acl with a count field of -1 when a file has no ACL
* defined, while IRIX's acl_to_text() returns NULL when presented
* to acl_to_text() besides.
*/
if (acl->acl_cnt <= 0) {
- pm_strcpy(jcr->acl_data, "");
- jcr->acl_data_len = 0;
+ pm_strcpy(jcr->acl_data->content, "");
+ jcr->acl_data->content_length = 0;
acl_free(acl);
return bacl_exit_ok;
}
#endif
#if !defined(HAVE_DARWIN_OS)
- /*
+ /**
* Make sure this is not just a trivial ACL.
*/
if (acltype == BACL_TYPE_ACCESS && acl_is_trivial(acl)) {
- /*
+ /**
* The ACLs simply reflect the (already known) standard permissions
* So we don't send an ACL stream to the SD.
*/
- pm_strcpy(jcr->acl_data, "");
- jcr->acl_data_len = 0;
+ pm_strcpy(jcr->acl_data->content, "");
+ jcr->acl_data->content_length = 0;
acl_free(acl);
return bacl_exit_ok;
}
#endif
if ((acl_text = acl_to_text(acl, NULL)) != NULL) {
- jcr->acl_data_len = pm_strcpy(jcr->acl_data, acl_text);
+ jcr->acl_data->content_length = pm_strcpy(jcr->acl_data->content, acl_text);
acl_free(acl);
acl_free(acl_text);
return bacl_exit_ok;
Dmsg2(100, "acl_to_text error file=%s ERR=%s\n",
jcr->last_fname, be.bstrerror());
- pm_strcpy(jcr->acl_data, "");
- jcr->acl_data_len = 0;
+ pm_strcpy(jcr->acl_data->content, "");
+ jcr->acl_data->content_length = 0;
acl_free(acl);
return bacl_exit_error;
}
- /*
+ /**
* Handle errors gracefully.
*/
if (acl == (acl_t)NULL) {
switch (errno) {
#if defined(BACL_ENOTSUP)
case BACL_ENOTSUP:
+ /**
+ * If the filesystem reports it doesn't support ACLs we clear the
+ * BACL_FLAG_SAVE_NATIVE flag so we skip ACL saves on all other files
+ * on the same filesystem. The BACL_FLAG_SAVE_NATIVE flag gets set again
+ * when we change from one filesystem to an other.
+ */
+ jcr->acl_data->flags &= ~BACL_FLAG_SAVE_NATIVE;
break; /* not supported */
#endif
case ENOENT:
- pm_strcpy(jcr->acl_data, "");
- jcr->acl_data_len = 0;
+ pm_strcpy(jcr->acl_data->content, "");
+ jcr->acl_data->content_length = 0;
return bacl_exit_ok;
default:
/* Some real error */
Dmsg2(100, "acl_get_file error file=%s ERR=%s\n",
jcr->last_fname, be.bstrerror());
- pm_strcpy(jcr->acl_data, "");
- jcr->acl_data_len = 0;
+ pm_strcpy(jcr->acl_data->content, "");
+ jcr->acl_data->content_length = 0;
return bacl_exit_error;
}
}
- /*
+
+ /**
* Not supported, just pretend there is nothing to see
*/
- pm_strcpy(jcr->acl_data, "");
- jcr->acl_data_len = 0;
+ pm_strcpy(jcr->acl_data->content, "");
+ jcr->acl_data->content_length = 0;
return bacl_exit_ok;
}
-/*
+/**
* Generic wrapper around acl_set_file call.
*/
static bacl_exit_code generic_set_acl_on_os(JCR *jcr, bacl_type acltype)
acl_type_t ostype;
berrno be;
- /*
+ /**
* If we get empty default ACLs, clear ACLs now
*/
ostype = bac_to_os_acltype(acltype);
- if (ostype == ACL_TYPE_DEFAULT && strlen(jcr->acl_data) == 0) {
+ if (ostype == ACL_TYPE_DEFAULT && strlen(jcr->acl_data->content) == 0) {
if (acl_delete_def_file(jcr->last_fname) == 0) {
return bacl_exit_ok;
}
}
}
- acl = acl_from_text(jcr->acl_data);
+ acl = acl_from_text(jcr->acl_data->content);
if (acl == NULL) {
Mmsg2(jcr->errmsg, _("acl_from_text error on file \"%s\": ERR=%s\n"),
jcr->last_fname, be.bstrerror());
Dmsg3(100, "acl_from_text error acl=%s file=%s ERR=%s\n",
- jcr->acl_data, jcr->last_fname, be.bstrerror());
+ jcr->acl_data->content, jcr->last_fname, be.bstrerror());
return bacl_exit_error;
}
#ifndef HAVE_FREEBSD_OS
- /*
+ /**
* FreeBSD always fails acl_valid() - at least on valid input...
* As it does the right thing, given valid input, just ignore acl_valid().
*/
Mmsg2(jcr->errmsg, _("acl_valid error on file \"%s\": ERR=%s\n"),
jcr->last_fname, be.bstrerror());
Dmsg3(100, "acl_valid error acl=%s file=%s ERR=%s\n",
- jcr->acl_data, jcr->last_fname, be.bstrerror());
+ jcr->acl_data->content, jcr->last_fname, be.bstrerror());
acl_free(acl);
return bacl_exit_error;
}
#endif
- /*
+ /**
* Restore the ACLs, but don't complain about links which really should
* not have attributes, and the file it is linked to may not yet be restored.
* This is only true for the old acl streams as in the new implementation we
Mmsg2(jcr->errmsg, _("acl_set_file error on file \"%s\": ERR=%s\n"),
jcr->last_fname, be.bstrerror());
Dmsg3(100, "acl_set_file error acl=%s file=%s ERR=%s\n",
- jcr->acl_data, jcr->last_fname, be.bstrerror());
+ jcr->acl_data->content, jcr->last_fname, be.bstrerror());
acl_free(acl);
return bacl_exit_error;
}
return bacl_exit_ok;
}
-/*
+/**
* OS specific functions for handling different types of acl streams.
*/
#if defined(HAVE_DARWIN_OS)
-/*
+/**
* Define the supported ACL streams for this OS
*/
static int os_access_acl_streams[1] = { STREAM_ACL_DARWIN_ACCESS_ACL };
static bacl_exit_code darwin_build_acl_streams(JCR *jcr, FF_PKT *ff_pkt)
{
#if defined(ACL_TYPE_EXTENDED)
- /*
+ /**
* On MacOS X, acl_get_file (name, ACL_TYPE_ACCESS)
* and acl_get_file (name, ACL_TYPE_DEFAULT)
* always return NULL / EINVAL. There is no point in making
if (generic_get_acl_from_os(jcr, BACL_TYPE_EXTENDED) == bacl_exit_fatal)
return bacl_exit_fatal;
#else
- /*
+ /**
* Read access ACLs for files, dirs and links
*/
if (generic_get_acl_from_os(jcr, BACL_TYPE_ACCESS) == bacl_exit_fatal)
return bacl_exit_fatal;
#endif
- if (jcr->acl_data_len > 0) {
+ if (jcr->acl_data->content_length > 0) {
return send_acl_stream(jcr, STREAM_ACL_DARWIN_ACCESS_ACL);
}
return bacl_exit_ok;
#endif
}
-/*
+/**
* For this OS setup the build and parse function pointer to the OS specific functions.
*/
static bacl_exit_code (*os_build_acl_streams)(JCR *jcr, FF_PKT *ff_pkt) = darwin_build_acl_streams;
defined(HAVE_IRIX_OS) || \
defined(HAVE_LINUX_OS)
-/*
+/**
* Define the supported ACL streams for these OSes
*/
#if defined(HAVE_FREEBSD_OS)
static bacl_exit_code generic_build_acl_streams(JCR *jcr, FF_PKT *ff_pkt)
{
- /*
+ /**
* Read access ACLs for files, dirs and links
*/
if (generic_get_acl_from_os(jcr, BACL_TYPE_ACCESS) == bacl_exit_fatal)
return bacl_exit_fatal;
- if (jcr->acl_data_len > 0) {
+ if (jcr->acl_data->content_length > 0) {
if (send_acl_stream(jcr, os_access_acl_streams[0]) == bacl_exit_fatal)
return bacl_exit_fatal;
}
- /*
+ /**
* Directories can have default ACLs too
*/
if (ff_pkt->type == FT_DIREND) {
if (generic_get_acl_from_os(jcr, BACL_TYPE_DEFAULT) == bacl_exit_fatal)
return bacl_exit_fatal;
- if (jcr->acl_data_len > 0) {
+ if (jcr->acl_data->content_length > 0) {
if (send_acl_stream(jcr, os_default_acl_streams[0]) == bacl_exit_fatal)
return bacl_exit_fatal;
}
case STREAM_UNIX_DEFAULT_ACL:
return generic_set_acl_on_os(jcr, BACL_TYPE_DEFAULT);
default:
- /*
+ /**
* See what type of acl it is.
*/
for (cnt = 0; cnt < sizeof(os_access_acl_streams) / sizeof(int); cnt++) {
return bacl_exit_error;
}
-/*
+/**
* For this OSes setup the build and parse function pointer to the OS specific functions.
*/
static bacl_exit_code (*os_build_acl_streams)(JCR *jcr, FF_PKT *ff_pkt) = generic_build_acl_streams;
#elif defined(HAVE_OSF1_OS)
-/*
+/**
* Define the supported ACL streams for this OS
*/
static int os_access_acl_streams[1] = { STREAM_ACL_TRU64_ACCESS_ACL };
static bacl_exit_code tru64_build_acl_streams(JCR *jcr, FF_PKT *ff_pkt)
{
- /*
+ /**
* Read access ACLs for files, dirs and links
*/
- if ((jcr->acl_data_len = generic_get_acl_from_os(jcr, BACL_TYPE_ACCESS)) < 0)
+ if ((jcr->acl_data->content_length = generic_get_acl_from_os(jcr, BACL_TYPE_ACCESS)) < 0)
return bacl_exit_error;
- if (jcr->acl_data_len > 0) {
+ if (jcr->acl_data->content_length > 0) {
if (!send_acl_stream(jcr, STREAM_ACL_TRU64_ACCESS_ACL))
return bacl_exit_error;
}
- /*
+ /**
* Directories can have default ACLs too
*/
if (ff_pkt->type == FT_DIREND) {
- if ((jcr->acl_data_len = generic_get_acl_from_os(jcr, BACL_TYPE_DEFAULT)) < 0)
+ if ((jcr->acl_data->content_length = generic_get_acl_from_os(jcr, BACL_TYPE_DEFAULT)) < 0)
return bacl_exit_error;
- if (jcr->acl_data_len > 0) {
+ if (jcr->acl_data->content_length > 0) {
if (!send_acl_stream(jcr, STREAM_ACL_TRU64_DEFAULT_ACL))
return bacl_exit_error;
}
- /*
+ /**
* Tru64 has next to BACL_TYPE_DEFAULT also BACL_TYPE_DEFAULT_DIR acls.
* This is an inherited acl for all subdirs.
* See http://www.helsinki.fi/atk/unix/dec_manuals/DOC_40D/AQ0R2DTE/DOCU_018.HTM
* Section 21.5 Default ACLs
*/
- if ((jcr->acl_data_len = generic_get_acl_from_os(jcr, BACL_TYPE_DEFAULT_DIR)) < 0)
+ if ((jcr->acl_data->content_length = generic_get_acl_from_os(jcr, BACL_TYPE_DEFAULT_DIR)) < 0)
return bacl_exit_error;
- if (jcr->acl_data_len > 0) {
+ if (jcr->acl_data->content_length > 0) {
if (!send_acl_stream(jcr, STREAM_ACL_TRU64_DEFAULT_DIR_ACL))
return bacl_exit_error;
}
return generic_set_acl_on_os(jcr, BACL_TYPE_DEFAULT_DIR);
}
-/*
+/**
* For this OS setup the build and parse function pointer to the OS specific functions.
*/
static bacl_exit_code (*os_build_acl_streams)(JCR *jcr, FF_PKT *ff_pkt) = tru64_build_acl_streams;
#include <acllib.h>
-/*
+/**
* Define the supported ACL streams for this OS
*/
static int os_access_acl_streams[1] = { STREAM_ACL_HPUX_ACL_ENTRY };
static int os_default_acl_streams[1] = { -1 };
-/*
+/**
* See if an acl is a trivial one (e.g. just the stat bits encoded as acl.)
* There is no need to store those acls as we already store the stat bits too.
*/
for (n = 0; n < count; n++) {
ace = entries[n];
- /*
+ /**
* See if this acl just is the stat mode in acl form.
*/
if (!((ace.uid == sb.st_uid && ace.gid == ACL_NSGROUP) ||
return true;
}
-/*
+/**
* OS specific functions for handling different types of acl streams.
*/
static bacl_exit_code hpux_build_acl_streams(JCR *jcr, FF_PKT *ff_pkt)
switch (errno) {
#if defined(BACL_ENOTSUP)
case BACL_ENOTSUP:
- /*
+ /**
* Not supported, just pretend there is nothing to see
+ *
+ * If the filesystem reports it doesn't support ACLs we clear the
+ * BACL_FLAG_SAVE_NATIVE flag so we skip ACL saves on all other files
+ * on the same filesystem. The BACL_FLAG_SAVE_NATIVE flag gets set again
+ * when we change from one filesystem to an other.
*/
- pm_strcpy(jcr->acl_data, "");
- jcr->acl_data_len = 0;
+ jcr->acl_data->flags &= ~BACL_FLAG_SAVE_NATIVE;
+ pm_strcpy(jcr->acl_data->content, "");
+ jcr->acl_data->content_length = 0;
return bacl_exit_ok;
#endif
case ENOENT:
- pm_strcpy(jcr->acl_data, "");
- jcr->acl_data_len = 0;
+ pm_strcpy(jcr->acl_data->content, "");
+ jcr->acl_data->content_length = 0;
return bacl_exit_ok;
default:
Mmsg2(jcr->errmsg, _("getacl error on file \"%s\": ERR=%s\n"),
Dmsg2(100, "getacl error file=%s ERR=%s\n",
jcr->last_fname, be.bstrerror());
- pm_strcpy(jcr->acl_data, "");
- jcr->acl_data_len = 0;
+ pm_strcpy(jcr->acl_data->content, "");
+ jcr->acl_data->content_length = 0;
return bacl_exit_error;
}
}
if (n == 0) {
- pm_strcpy(jcr->acl_data, "");
- jcr->acl_data_len = 0;
+ pm_strcpy(jcr->acl_data->content, "");
+ jcr->acl_data->content_length = 0;
return bacl_exit_ok;
}
if ((n = getacl(jcr->last_fname, n, acls)) > 0) {
if (acl_is_trivial(n, acls, ff_pkt->statp)) {
- /*
+ /**
* The ACLs simply reflect the (already known) standard permissions
* So we don't send an ACL stream to the SD.
*/
- pm_strcpy(jcr->acl_data, "");
- jcr->acl_data_len = 0;
+ pm_strcpy(jcr->acl_data->content, "");
+ jcr->acl_data->content_length = 0;
return bacl_exit_ok;
}
if ((acl_text = acltostr(n, acls, FORM_SHORT)) != NULL) {
- jcr->acl_data_len = pm_strcpy(jcr->acl_data, acl_text);
+ jcr->acl_data->content_length = pm_strcpy(jcr->acl_data->content, acl_text);
actuallyfree(acl_text);
return send_acl_stream(jcr, STREAM_ACL_HPUX_ACL_ENTRY);
Mmsg2(jcr->errmsg, _("acltostr error on file \"%s\": ERR=%s\n"),
jcr->last_fname, be.bstrerror());
Dmsg3(100, "acltostr error acl=%s file=%s ERR=%s\n",
- jcr->acl_data, jcr->last_fname, be.bstrerror());
+ jcr->acl_data->content, jcr->last_fname, be.bstrerror());
return bacl_exit_error;
}
return bacl_exit_error;
struct acl_entry acls[NACLENTRIES];
berrno be;
- n = strtoacl(jcr->acl_data, 0, NACLENTRIES, acls, ACL_FILEOWNER, ACL_FILEGROUP);
+ n = strtoacl(jcr->acl_data->content, 0, NACLENTRIES, acls, ACL_FILEOWNER, ACL_FILEGROUP);
if (n <= 0) {
Mmsg2(jcr->errmsg, _("strtoacl error on file \"%s\": ERR=%s\n"),
jcr->last_fname, be.bstrerror());
Dmsg3(100, "strtoacl error acl=%s file=%s ERR=%s\n",
- jcr->acl_data, jcr->last_fname, be.bstrerror());
+ jcr->acl_data->content, jcr->last_fname, be.bstrerror());
return bacl_exit_error;
}
- if (strtoacl(jcr->acl_data, n, NACLENTRIES, acls, ACL_FILEOWNER, ACL_FILEGROUP) != n) {
+ if (strtoacl(jcr->acl_data->content, n, NACLENTRIES, acls, ACL_FILEOWNER, ACL_FILEGROUP) != n) {
Mmsg2(jcr->errmsg, _("strtoacl error on file \"%s\": ERR=%s\n"),
jcr->last_fname, be.bstrerror());
Dmsg3(100, "strtoacl error acl=%s file=%s ERR=%s\n",
- jcr->acl_data, jcr->last_fname, be.bstrerror());
+ jcr->acl_data->content, jcr->last_fname, be.bstrerror());
return bacl_exit_error;
}
- /*
+ /**
* Restore the ACLs, but don't complain about links which really should
* not have attributes, and the file it is linked to may not yet be restored.
* This is only true for the old acl streams as in the new implementation we
Mmsg2(jcr->errmsg, _("setacl error on file \"%s\": ERR=%s\n"),
jcr->last_fname, be.bstrerror());
Dmsg3(100, "setacl error acl=%s file=%s ERR=%s\n",
- jcr->acl_data, jcr->last_fname, be.bstrerror());
+ jcr->acl_data->content, jcr->last_fname, be.bstrerror());
return bacl_exit_error;
}
}
return bacl_exit_ok;
}
-/*
+/**
* For this OS setup the build and parse function pointer to the OS specific functions.
*/
static bacl_exit_code (*os_build_acl_streams)(JCR *jcr, FF_PKT *ff_pkt) = hpux_build_acl_streams;
#endif
#if defined(HAVE_EXTENDED_ACL)
-/*
+/**
* We define some internals of the Solaris acl libs here as those
* are not exposed yet. Probably because they want us to see the
* acls as opague data. But as we need to support different platforms
} acl_type_t;
#endif
-/*
+/**
* Two external references to functions in the libsec library function not in current include files.
*/
extern "C" {
char *acl_strerror(int);
}
-/*
+/**
* Define the supported ACL streams for this OS
*/
static int os_access_acl_streams[2] = { STREAM_ACL_SOLARIS_ACLENT, STREAM_ACL_SOLARIS_ACE };
static int os_default_acl_streams[1] = { -1 };
-/*
+/**
* As the new libsec interface with acl_totext and acl_fromtext also handles
* the old format from acltotext we can use the new functions even
* for acls retrieved and stored in the database with older fd versions. If the
bacl_exit_code stream_status = bacl_exit_error;
berrno be;
- /*
+ /**
* See if filesystem supports acls.
*/
acl_enabled = pathconf(jcr->last_fname, _PC_ACL_ENABLED);
switch (acl_enabled) {
case 0:
- pm_strcpy(jcr->acl_data, "");
- jcr->acl_data_len = 0;
+ /**
+ * If the filesystem reports it doesn't support ACLs we clear the
+ * BACL_FLAG_SAVE_NATIVE flag so we skip ACL saves on all other files
+ * on the same filesystem. The BACL_FLAG_SAVE_NATIVE flag gets set again
+ * when we change from one filesystem to an other.
+ */
+ jcr->acl_data->flags &= ~BACL_FLAG_SAVE_NATIVE;
+ pm_strcpy(jcr->acl_data->content, "");
+ jcr->acl_data->content_length = 0;
return bacl_exit_ok;
case -1:
switch (errno) {
break;
}
- /*
+ /**
* Get ACL info: don't bother allocating space if there is only a trivial ACL.
*/
if (acl_get(jcr->last_fname, ACL_NO_TRIVIAL, &aclp) != 0) {
}
if (!aclp) {
- /*
+ /**
* The ACLs simply reflect the (already known) standard permissions
* So we don't send an ACL stream to the SD.
*/
- pm_strcpy(jcr->acl_data, "");
- jcr->acl_data_len = 0;
+ pm_strcpy(jcr->acl_data->content, "");
+ jcr->acl_data->content_length = 0;
return bacl_exit_ok;
}
#if defined(ACL_SID_FMT)
- /*
+ /**
* New format flag added in newer Solaris versions.
*/
flags = ACL_APPEND_ID | ACL_COMPACT_FMT | ACL_SID_FMT;
#endif /* ACL_SID_FMT */
if ((acl_text = acl_totext(aclp, flags)) != NULL) {
- jcr->acl_data_len = pm_strcpy(jcr->acl_data, acl_text);
+ jcr->acl_data->content_length = pm_strcpy(jcr->acl_data->content, acl_text);
actuallyfree(acl_text);
switch (acl_type(aclp)) {
case STREAM_UNIX_ACCESS_ACL:
case STREAM_ACL_SOLARIS_ACLENT:
case STREAM_ACL_SOLARIS_ACE:
- /*
+ /**
* First make sure the filesystem supports acls.
*/
acl_enabled = pathconf(jcr->last_fname, _PC_ACL_ENABLED);
Mmsg2(jcr->errmsg, _("pathconf error on file \"%s\": ERR=%s\n"),
jcr->last_fname, be.bstrerror());
Dmsg3(100, "pathconf error acl=%s file=%s ERR=%s\n",
- jcr->acl_data, jcr->last_fname, be.bstrerror());
+ jcr->acl_data->content, jcr->last_fname, be.bstrerror());
return bacl_exit_error;
}
default:
- /*
+ /**
* On a filesystem with ACL support make sure this particilar ACL type can be restored.
*/
switch (stream) {
case STREAM_ACL_SOLARIS_ACLENT:
- /*
+ /**
* An aclent can be restored on filesystems with _ACL_ACLENT_ENABLED or _ACL_ACE_ENABLED support.
*/
if ((acl_enabled & (_ACL_ACLENT_ENABLED | _ACL_ACE_ENABLED)) == 0) {
}
break;
case STREAM_ACL_SOLARIS_ACE:
- /*
+ /**
* An ace can only be restored on a filesystem with _ACL_ACE_ENABLED support.
*/
if ((acl_enabled & _ACL_ACE_ENABLED) == 0) {
}
break;
default:
- /*
+ /**
* Stream id which doesn't describe the type of acl which is encoded.
*/
break;
break;
}
- if ((error = acl_fromtext(jcr->acl_data, &aclp)) != 0) {
+ if ((error = acl_fromtext(jcr->acl_data->content, &aclp)) != 0) {
Mmsg2(jcr->errmsg, _("acl_fromtext error on file \"%s\": ERR=%s\n"),
jcr->last_fname, acl_strerror(error));
Dmsg3(100, "acl_fromtext error acl=%s file=%s ERR=%s\n",
- jcr->acl_data, jcr->last_fname, acl_strerror(error));
+ jcr->acl_data->content, jcr->last_fname, acl_strerror(error));
return bacl_exit_error;
}
- /*
+ /**
* Validate that the conversion gave us the correct acl type.
*/
switch (stream) {
}
break;
default:
- /*
+ /**
* Stream id which doesn't describe the type of acl which is encoded.
*/
break;
}
- /*
+ /**
* Restore the ACLs, but don't complain about links which really should
* not have attributes, and the file it is linked to may not yet be restored.
* This is only true for the old acl streams as in the new implementation we
Mmsg2(jcr->errmsg, _("acl_set error on file \"%s\": ERR=%s\n"),
jcr->last_fname, acl_strerror(error));
Dmsg3(100, "acl_set error acl=%s file=%s ERR=%s\n",
- jcr->acl_data, jcr->last_fname, acl_strerror(error));
+ jcr->acl_data->content, jcr->last_fname, acl_strerror(error));
acl_free(aclp);
return bacl_exit_error;
}
#else /* HAVE_EXTENDED_ACL */
-/*
+/**
* Define the supported ACL streams for this OS
*/
static int os_access_acl_streams[2] = { STREAM_ACL_SOLARIS_ACLENT };
static int os_default_acl_streams[1] = { -1 };
-/*
+/**
* See if an acl is a trivial one (e.g. just the stat bits encoded as acl.)
* There is no need to store those acls as we already store the stat bits too.
*/
return true;
}
-/*
+/**
* OS specific functions for handling different types of acl streams.
*/
static bacl_exit_code solaris_build_acl_streams(JCR *jcr, FF_PKT *ff_pkt)
acls = (aclent_t *)malloc(n * sizeof(aclent_t));
if (acl(jcr->last_fname, GETACL, n, acls) == n) {
if (acl_is_trivial(n, acls)) {
- /*
+ /**
* The ACLs simply reflect the (already known) standard permissions
* So we don't send an ACL stream to the SD.
*/
free(acls);
- pm_strcpy(jcr->acl_data, "");
- jcr->acl_data_len = 0;
+ pm_strcpy(jcr->acl_data->content, "");
+ jcr->acl_data->content_length = 0;
return bacl_exit_ok;
}
if ((acl_text = acltotext(acls, n)) != NULL) {
- jcr->acl_data_len = pm_strcpy(jcr->acl_data, acl_text);
+ jcr->acl_data->content_length = pm_strcpy(jcr->acl_data->content, acl_text);
actuallyfree(acl_text);
free(acls);
return send_acl_stream(jcr, STREAM_ACL_SOLARIS_ACLENT);
Mmsg2(jcr->errmsg, _("acltotext error on file \"%s\": ERR=%s\n"),
jcr->last_fname, be.bstrerror());
Dmsg3(100, "acltotext error acl=%s file=%s ERR=%s\n",
- jcr->acl_data, jcr->last_fname, be.bstrerror());
+ jcr->acl_data->content, jcr->last_fname, be.bstrerror());
}
free(acls);
aclent_t *acls;
berrno be;
- acls = aclfromtext(jcr->acl_data, &n);
+ acls = aclfromtext(jcr->acl_data->content, &n);
if (!acls) {
Mmsg2(jcr->errmsg, _("aclfromtext error on file \"%s\": ERR=%s\n"),
jcr->last_fname, be.bstrerror());
Dmsg3(100, "aclfromtext error acl=%s file=%s ERR=%s\n",
- jcr->acl_data, jcr->last_fname, be.bstrerror());
+ jcr->acl_data->content, jcr->last_fname, be.bstrerror());
return bacl_exit_error;
}
- /*
+ /**
* Restore the ACLs, but don't complain about links which really should
* not have attributes, and the file it is linked to may not yet be restored.
*/
Mmsg2(jcr->errmsg, _("acl(SETACL) error on file \"%s\": ERR=%s\n"),
jcr->last_fname, be.bstrerror());
Dmsg3(100, "acl(SETACL) error acl=%s file=%s ERR=%s\n",
- jcr->acl_data, jcr->last_fname, be.bstrerror());
+ jcr->acl_data->content, jcr->last_fname, be.bstrerror());
actuallyfree(acls);
return bacl_exit_error;
}
}
#endif /* HAVE_EXTENDED_ACL */
-/*
+/**
* For this OS setup the build and parse function pointer to the OS specific functions.
*/
static bacl_exit_code (*os_build_acl_streams)(JCR *jcr, FF_PKT *ff_pkt) = solaris_build_acl_streams;
static bacl_exit_code (*os_parse_acl_streams)(JCR *jcr, int stream) = solaris_parse_acl_streams;
#endif /* HAVE_SUN_OS */
+#endif /* HAVE_ACL */
-/*
+#if defined(HAVE_AFS_ACL)
+
+#include <afs/stds.h>
+#include <afs/afs.h>
+#include <afs/auth.h>
+#include <afs/venus.h>
+#include <afs/prs_fs.h>
+
+/**
+ * External references to functions in the libsys library function not in current include files.
+ */
+extern "C" {
+long pioctl(char *pathp, long opcode, struct ViceIoctl *blobp, int follow);
+}
+
+static bacl_exit_code afs_build_acl_streams(JCR *jcr, FF_PKT *ff_pkt)
+{
+ int error;
+ struct ViceIoctl vip;
+ char acl_text[BUFSIZ];
+ berrno be;
+
+ /**
+ * AFS ACLs can only be set on a directory, so no need to try to
+ * request them for anything other then that.
+ */
+ if (ff_pkt->type != FT_DIREND) {
+ return bacl_exit_ok;
+ }
+
+ vip.in = NULL;
+ vip.in_size = 0;
+ vip.out = acl_text;
+ vip.out_size = sizeof(acl_text);
+ memset((caddr_t)acl_text, 0, sizeof(acl_text));
+
+ if ((error = pioctl(jcr->last_fname, VIOCGETAL, &vip, 0)) < 0) {
+ Mmsg2(jcr->errmsg, _("pioctl VIOCGETAL error on file \"%s\": ERR=%s\n"),
+ jcr->last_fname, be.bstrerror());
+ Dmsg2(100, "pioctl VIOCGETAL error file=%s ERR=%s\n",
+ jcr->last_fname, be.bstrerror());
+ return bacl_exit_error;
+ }
+ jcr->acl_data->content_length = pm_strcpy(jcr->acl_data->content, acl_text);
+ return send_acl_stream(jcr, STREAM_ACL_AFS_TEXT);
+}
+
+static bacl_exit_code afs_parse_acl_stream(JCR *jcr, int stream)
+{
+ int error;
+ struct ViceIoctl vip;
+ berrno be;
+
+ vip.in = jcr->acl_data->content;
+ vip.in_size = jcr->acl_data->content_length;
+ vip.out = NULL;
+ vip.out_size = 0;
+
+ if ((error = pioctl(jcr->last_fname, VIOCSETAL, &vip, 0)) < 0) {
+ Mmsg2(jcr->errmsg, _("pioctl VIOCSETAL error on file \"%s\": ERR=%s\n"),
+ jcr->last_fname, be.bstrerror());
+ Dmsg2(100, "pioctl VIOCSETAL error file=%s ERR=%s\n",
+ jcr->last_fname, be.bstrerror());
+
+ return bacl_exit_error;
+ }
+ return bacl_exit_ok;
+}
+#endif /* HAVE_AFS_ACL */
+
+/**
* Entry points when compiled with support for ACLs on a supported platform.
*/
-/*
+/**
* Read and send an ACL for the last encountered file.
*/
bacl_exit_code build_acl_streams(JCR *jcr, FF_PKT *ff_pkt)
{
- /*
- * Call the appropriate function.
+ /**
+ * See if we are changing from one device to an other.
+ * We save the current device we are scanning and compare
+ * it with the current st_dev in the last stat performed on
+ * the file we are currently storing.
*/
- if (os_build_acl_streams) {
- return (*os_build_acl_streams)(jcr, ff_pkt);
+ if (jcr->acl_data->current_dev != ff_pkt->statp.st_dev) {
+ /**
+ * Reset the acl save flags.
+ */
+ jcr->acl_data->flags = 0;
+
+#if defined(HAVE_AFS_ACL)
+ /**
+ * AFS is a non OS specific filesystem so see if this path is on an AFS filesystem
+ * Set the BACL_FLAG_SAVE_AFS flag if it is. If not set the BACL_FLAG_SAVE_NATIVE flag.
+ */
+ if (fstype_equals(jcr->last_fname, "afs")) {
+ jcr->acl_data->flags |= BACL_FLAG_SAVE_AFS;
+ } else {
+ jcr->acl_data->flags |= BACL_FLAG_SAVE_NATIVE;
+ }
+#else
+ jcr->acl_data->flags |= BACL_FLAG_SAVE_NATIVE;
+#endif
+
+ /**
+ * Save that we started scanning a new filesystem.
+ */
+ jcr->acl_data->current_dev = ff_pkt->statp.st_dev;
+ }
+
+#if defined(HAVE_AFS_ACL)
+ /**
+ * See if the BACL_FLAG_SAVE_AFS flag is set which lets us know if we should
+ * save AFS ACLs.
+ */
+ if (jcr->acl_data->flags & BACL_FLAG_SAVE_AFS) {
+ return afs_build_acl_streams(jcr, ff_pkt);
}
+#endif
+#if defined(HAVE_ACL)
+ /**
+ * See if the BACL_FLAG_SAVE_NATIVE flag is set which lets us know if we should
+ * save native ACLs.
+ */
+ if (jcr->acl_data->flags & BACL_FLAG_SAVE_NATIVE) {
+ /**
+ * Call the appropriate function.
+ */
+ if (os_build_acl_streams) {
+ return (*os_build_acl_streams)(jcr, ff_pkt);
+ }
+ } else {
+ return bacl_exit_ok;
+ }
+#endif
return bacl_exit_error;
}
unsigned int cnt;
switch (stream) {
+#if defined(HAVE_AFS_ACL)
+ case STREAM_ACL_AFS_TEXT:
+ return afs_parse_acl_stream(jcr, stream);
+#endif
+#if defined(HAVE_ACL)
case STREAM_UNIX_ACCESS_ACL:
case STREAM_UNIX_DEFAULT_ACL:
- /*
+ /**
* Handle legacy ACL streams.
*/
if (os_parse_acl_streams) {
break;
default:
if (os_parse_acl_streams) {
- /*
+ /**
* Walk the os_access_acl_streams array with the supported Access ACL streams for this OS.
*/
for (cnt = 0; cnt < sizeof(os_access_acl_streams) / sizeof(int); cnt++) {
return (*os_parse_acl_streams)(jcr, stream);
}
}
- /*
+ /**
* Walk the os_default_acl_streams array with the supported Default ACL streams for this OS.
*/
for (cnt = 0; cnt < sizeof(os_default_acl_streams) / sizeof(int); cnt++) {
}
}
break;
+#else
+ default:
+ break;
+#endif
}
Qmsg2(jcr, M_WARNING, 0,
_("Can't restore ACLs of %s - incompatible acl stream encountered - %d\n"),