smbclnt/chacl/chacl.c

bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross/*
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross * CDDL HEADER START
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross *
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross * The contents of this file are subject to the terms of the
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross * Common Development and Distribution License (the "License").
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross * You may not use this file except in compliance with the License.
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross *
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross * or http://www.opensolaris.org/os/licensing.
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross * See the License for the specific language governing permissions
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross * and limitations under the License.
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross *
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross * When distributing Covered Code, include this CDDL HEADER in each
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross * If applicable, add the following below this CDDL HEADER, with the
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross * fields enclosed by brackets "[]" replaced with your own identifying
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross * information: Portions Copyright [yyyy] [name of copyright owner]
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross *
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross * CDDL HEADER END
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross */
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross/*
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross * Use is subject to license terms.
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross */
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross/*
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross * This is the smbfs/chacl command.
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross * (just for testing - not installed)
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross *
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross * Works like chmod(1), but only supporting A=... forms.
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross * i.e. chacl A=everyone@:full_set:fd:allow /mnt/foo
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross *
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross * Some more test cases:
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross *  /usr/lib/fs/smbfs/chacl -v
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross *  A=user:2147483649:rwxpdDaARWcCos::allow,
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross *  user:2147483653:raRcs::allow,
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross *  everyone@:raRcs::allow
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross */
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross#include <sys/types.h>
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross#include <sys/errno.h>
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross#include <sys/stat.h>
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross#include <sys/acl.h>
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross#include <sys/acl_impl.h>
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross#include <fcntl.h>
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross#include <stdio.h>
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross#include <stdlib.h>
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross#include <unistd.h>
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross#include <string.h>
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross#include <aclutils.h>
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross#include <netsmb/smbfs_acl.h>
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Rosschar *progname;
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Rossint Vflag;
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Rossvoid chacl(char *, uint32_t, uid_t, gid_t, acl_t *);
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Rossstatic const char Usage[] =
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    "Usage: %s [-v] [-u UID] [-g GID] A=ACL... file ...\n"
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    "\twhere A=ACL is like chmod(1)\n";
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Rossvoid
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Rossusage(void)
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross{
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    fprintf(stderr, Usage, progname);
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    exit(1);
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross}
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Rossint
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Rossmain(int argc, char **argv)
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross{
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    uid_t uid = (uid_t)-1;
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    gid_t gid = (gid_t)-1;
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    acl_t *acl = NULL;
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    char *acl_arg;
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    ulong_t tl;
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    int c, error;
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    uint32_t selector;
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    progname = argv[0];
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    while ((c = getopt(argc, argv, "vu:g:")) != -1) {
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross        switch (c) {
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross        case 'v':
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross            Vflag++;
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross            break;
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross        case 'u':
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross            tl = strtoul(optarg, NULL, 10);
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross            if (tl == 0)
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross                goto badopt;
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross            uid = (uid_t)tl;
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross            break;
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross        case 'g':
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross            tl = strtoul(optarg, NULL, 10);
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross            if (tl == 0)
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross                goto badopt;
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross            gid = (gid_t)tl;
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross            break;
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross        case ':':
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross            fprintf(stderr, "%s: option %c requires arg\n",
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross                progname, c);
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross            usage();
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross            break;
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross        badopt:
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross        default:
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross            fprintf(stderr, "%s: bad option: %c\n",
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross                progname, c);
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross            usage();
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross            break;
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross        }
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    }
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    if (optind + 1 > argc)
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross        usage();
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    acl_arg = argv[optind++];
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    /*
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross     * Ask libsec to parse the ACL arg.
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross     */
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    if (strncmp(acl_arg, "A=", 2) != 0)
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross        usage();
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    error = acl_parse(acl_arg + 2, &acl);
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    if (error) {
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross        fprintf(stderr, "%s: can not parse ACL: %s\n",
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross            progname, acl_arg);
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross        exit(1);
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    }
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    if (acl->acl_type != ACE_T) {
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross        fprintf(stderr, "%s: ACL not ACE_T type: %s\n",
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross            progname, acl_arg);
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross        exit(1);
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    }
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    /*
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross     * Which parts of the SD are being modified?
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross     */
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    selector = 0;
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    if (acl)
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross        selector |= DACL_SECURITY_INFORMATION;
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    if (uid != (uid_t)-1)
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross        selector |= OWNER_SECURITY_INFORMATION;
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    if (gid != (gid_t)-1)
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross        selector |= GROUP_SECURITY_INFORMATION;
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    if (optind == argc)
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross        usage();
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    for (; optind < argc; optind++)
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross        chacl(argv[optind], selector, uid, gid, acl);
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Rossdone:
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    acl_free(acl);
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    return (0);
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross}
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Rossvoid
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Rosschacl(char *file, uint32_t selector, uid_t uid, gid_t gid, acl_t *acl)
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross{
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    struct stat st;
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    struct i_ntsd *sd = NULL;
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    int error, fd;
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    /*
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross     * OK, try setting the ACL (via ioctl).  Open
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross     * read-only because we're NOT writing data.
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross     * The driver will re-open with the necessary
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross     * access rights to set the ACL.
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross     */
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    fd = open(file, O_RDONLY, 0);
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    if (fd < 0) {
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross        perror(file);
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross        exit(1);
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    }
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    if (uid == (uid_t)-1 || gid == (gid_t)-1) {
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross        /*
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross         * If not setting owner or group, we need the
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross         * current owner and group for translating
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross         * references via owner@ or group@ ACEs.
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross         */
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross        if (fstat(fd, &st) != 0) {
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross            perror(file);
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross            exit(1);
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross        }
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross        if (uid == (uid_t)-1)
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross            uid = st.st_uid;
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross        if (gid == (gid_t)-1)
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross            gid = st.st_gid;
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    }
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    /*
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross     * Convert the ZFS ACL to an NT SD.
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross     */
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    error = smbfs_acl_zfs2sd(acl, uid, gid, selector, &sd);
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    if (error) {
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross        fprintf(stderr, "%s: failed to convert ACL\n", progname);
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross        exit(1);
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    }
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    if (Vflag) {
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross        /*
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross         * Print the SD in ZFS form.
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross         */
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross        printf("Solaris security data:\n");
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross        if (uid == (uid_t)-1)
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross            printf("owner: -1\n");
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross        else
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross            printf("owner: %u\n", uid);
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross        if (gid == (gid_t)-1)
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross            printf("group: -1\n");
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross        else
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross            printf("group: %u\n", gid);
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross        acl_printacl(acl, 80, 1);
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross        printf("\n");
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross        /*
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross         * Print the SD in Windows form.
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross         */
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross        printf("CIFS security data:\n");
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross        smbfs_acl_print_sd(stdout, sd);
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross        printf("\n");
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    }
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    error = smbfs_acl_setsd(fd, selector, sd);
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    (void) close(fd);
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    if (error) {
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross        fprintf(stderr, "%s: ACL set failed, %s\n",
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross            file, strerror(error));
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross        exit(1);
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    }
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross    smbfs_acl_free_sd(sd);
bd7c6f51f14365fc31d408903b38c02177384d3dGordon Ross}