smbclnt/chacl/chacl.c

/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */

/*
 * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

/*
 * This is the smbfs/chacl command.
 * (just for testing - not installed)
 *
 * Works like chmod(1), but only supporting A=... forms.
 * i.e. chacl A=everyone@:full_set:fd:allow /mnt/foo
 *
 * Some more test cases:
 *  /usr/lib/fs/smbfs/chacl -v
 *  A=user:2147483649:rwxpdDaARWcCos::allow,
 *  user:2147483653:raRcs::allow,
 *  everyone@:raRcs::allow
 */

#include <sys/types.h>
#include <sys/errno.h>
#include <sys/stat.h>
#include <sys/acl.h>
#include <sys/acl_impl.h>

#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <aclutils.h>

#include <netsmb/smbfs_acl.h>

char *progname;
int Vflag;

void chacl(char *, uint32_t, uid_t, gid_t, acl_t *);

static const char Usage[] =
    "Usage: %s [-v] [-u UID] [-g GID] A=ACL... file ...\n"
    "\twhere A=ACL is like chmod(1)\n";

void
usage(void)
{
    fprintf(stderr, Usage, progname);
    exit(1);
}

int
main(int argc, char **argv)
{
    uid_t uid = (uid_t)-1;
    gid_t gid = (gid_t)-1;
    acl_t *acl = NULL;
    char *acl_arg;
    ulong_t tl;
    int c, error;
    uint32_t selector;

    progname = argv[0];

    while ((c = getopt(argc, argv, "vu:g:")) != -1) {
        switch (c) {
        case 'v':
            Vflag++;
            break;
        case 'u':
            tl = strtoul(optarg, NULL, 10);
            if (tl == 0)
                goto badopt;
            uid = (uid_t)tl;
            break;
        case 'g':
            tl = strtoul(optarg, NULL, 10);
            if (tl == 0)
                goto badopt;
            gid = (gid_t)tl;
            break;
        case ':':
            fprintf(stderr, "%s: option %c requires arg\n",
                progname, c);
            usage();
            break;

        badopt:
        default:
            fprintf(stderr, "%s: bad option: %c\n",
                progname, c);
            usage();
            break;
        }
    }

    if (optind + 1 > argc)
        usage();
    acl_arg = argv[optind++];

    /*
     * Ask libsec to parse the ACL arg.
     */
    if (strncmp(acl_arg, "A=", 2) != 0)
        usage();
    error = acl_parse(acl_arg + 2, &acl);
    if (error) {
        fprintf(stderr, "%s: can not parse ACL: %s\n",
            progname, acl_arg);
        exit(1);
    }
    if (acl->acl_type != ACE_T) {
        fprintf(stderr, "%s: ACL not ACE_T type: %s\n",
            progname, acl_arg);
        exit(1);
    }

    /*
     * Which parts of the SD are being modified?
     */
    selector = 0;
    if (acl)
        selector |= DACL_SECURITY_INFORMATION;
    if (uid != (uid_t)-1)
        selector |= OWNER_SECURITY_INFORMATION;
    if (gid != (gid_t)-1)
        selector |= GROUP_SECURITY_INFORMATION;

    if (optind == argc)
        usage();
    for (; optind < argc; optind++)
        chacl(argv[optind], selector, uid, gid, acl);

done:
    acl_free(acl);
    return (0);
}

void
chacl(char *file, uint32_t selector, uid_t uid, gid_t gid, acl_t *acl)
{
    struct stat st;
    struct i_ntsd *sd = NULL;
    int error, fd;

    /*
     * OK, try setting the ACL (via ioctl).  Open
     * read-only because we're NOT writing data.
     * The driver will re-open with the necessary
     * access rights to set the ACL.
     */
    fd = open(file, O_RDONLY, 0);
    if (fd < 0) {
        perror(file);
        exit(1);
    }

    if (uid == (uid_t)-1 || gid == (gid_t)-1) {
        /*
         * If not setting owner or group, we need the
         * current owner and group for translating
         * references via owner@ or group@ ACEs.
         */
        if (fstat(fd, &st) != 0) {
            perror(file);
            exit(1);
        }
        if (uid == (uid_t)-1)
            uid = st.st_uid;
        if (gid == (gid_t)-1)
            gid = st.st_gid;
    }

    /*
     * Convert the ZFS ACL to an NT SD.
     */
    error = smbfs_acl_zfs2sd(acl, uid, gid, selector, &sd);
    if (error) {
        fprintf(stderr, "%s: failed to convert ACL\n", progname);
        exit(1);
    }

    if (Vflag) {

        /*
         * Print the SD in ZFS form.
         */
        printf("Solaris security data:\n");
        if (uid == (uid_t)-1)
            printf("owner: -1\n");
        else
            printf("owner: %u\n", uid);
        if (gid == (gid_t)-1)
            printf("group: -1\n");
        else
            printf("group: %u\n", gid);
        acl_printacl(acl, 80, 1);
        printf("\n");

        /*
         * Print the SD in Windows form.
         */
        printf("CIFS security data:\n");
        smbfs_acl_print_sd(stdout, sd);
        printf("\n");
    }

    error = smbfs_acl_setsd(fd, selector, sd);
    (void) close(fd);

    if (error) {
        fprintf(stderr, "%s: ACL set failed, %s\n",
            file, strerror(error));
        exit(1);
    }

    smbfs_acl_free_sd(sd);
}