xref: /titanic_52/usr/src/cmd/fs.d/smbclnt/chacl/chacl.c (revision 174bc6499d233e329ecd3d98a880a7b07df16bfa)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 /*
28  * This is the smbfs/chacl command.
29  * (just for testing - not installed)
30  *
31  * Works like chmod(1), but only supporting A=... forms.
32  * i.e. chacl A=everyone@:full_set:fd:allow /mnt/foo
33  *
34  * Some more test cases:
35  *	/usr/lib/fs/smbfs/chacl -v
36  *	A=user:2147483649:rwxpdDaARWcCos::allow,
37  *	user:2147483653:raRcs::allow,
38  *	everyone@:raRcs::allow
39  */
40 
41 #include <sys/types.h>
42 #include <sys/errno.h>
43 #include <sys/stat.h>
44 #include <sys/acl.h>
45 #include <sys/acl_impl.h>
46 
47 #include <fcntl.h>
48 #include <stdio.h>
49 #include <stdlib.h>
50 #include <unistd.h>
51 #include <string.h>
52 #include <aclutils.h>
53 
54 #include <netsmb/smbfs_acl.h>
55 
56 char *progname;
57 int Vflag;
58 
59 void chacl(char *, uint32_t, uid_t, gid_t, acl_t *);
60 
61 static const char Usage[] =
62 	"Usage: %s [-v] [-u UID] [-g GID] A=ACL... file ...\n"
63 	"\twhere A=ACL is like chmod(1)\n";
64 
65 void
66 usage(void)
67 {
68 	fprintf(stderr, Usage, progname);
69 	exit(1);
70 }
71 
72 int
73 main(int argc, char **argv)
74 {
75 	uid_t uid = (uid_t)-1;
76 	gid_t gid = (gid_t)-1;
77 	acl_t *acl = NULL;
78 	char *acl_arg;
79 	ulong_t tl;
80 	int c, error;
81 	uint32_t selector;
82 
83 	progname = argv[0];
84 
85 	while ((c = getopt(argc, argv, "vu:g:")) != -1) {
86 		switch (c) {
87 		case 'v':
88 			Vflag++;
89 			break;
90 		case 'u':
91 			tl = strtoul(optarg, NULL, 10);
92 			if (tl == 0)
93 				goto badopt;
94 			uid = (uid_t)tl;
95 			break;
96 		case 'g':
97 			tl = strtoul(optarg, NULL, 10);
98 			if (tl == 0)
99 				goto badopt;
100 			gid = (gid_t)tl;
101 			break;
102 		case ':':
103 			fprintf(stderr, "%s: option %c requires arg\n",
104 			    progname, c);
105 			usage();
106 			break;
107 
108 		badopt:
109 		default:
110 			fprintf(stderr, "%s: bad option: %c\n",
111 			    progname, c);
112 			usage();
113 			break;
114 		}
115 	}
116 
117 	if (optind + 1 > argc)
118 		usage();
119 	acl_arg = argv[optind++];
120 
121 	/*
122 	 * Ask libsec to parse the ACL arg.
123 	 */
124 	if (strncmp(acl_arg, "A=", 2) != 0)
125 		usage();
126 	error = acl_parse(acl_arg + 2, &acl);
127 	if (error) {
128 		fprintf(stderr, "%s: can not parse ACL: %s\n",
129 		    progname, acl_arg);
130 		exit(1);
131 	}
132 	if (acl->acl_type != ACE_T) {
133 		fprintf(stderr, "%s: ACL not ACE_T type: %s\n",
134 		    progname, acl_arg);
135 		exit(1);
136 	}
137 
138 	/*
139 	 * Which parts of the SD are being modified?
140 	 */
141 	selector = 0;
142 	if (acl)
143 		selector |= DACL_SECURITY_INFORMATION;
144 	if (uid != (uid_t)-1)
145 		selector |= OWNER_SECURITY_INFORMATION;
146 	if (gid != (gid_t)-1)
147 		selector |= GROUP_SECURITY_INFORMATION;
148 
149 	if (optind == argc)
150 		usage();
151 	for (; optind < argc; optind++)
152 		chacl(argv[optind], selector, uid, gid, acl);
153 
154 done:
155 	acl_free(acl);
156 	return (0);
157 }
158 
159 void
160 chacl(char *file, uint32_t selector, uid_t uid, gid_t gid, acl_t *acl)
161 {
162 	struct stat st;
163 	struct i_ntsd *sd = NULL;
164 	int error, fd;
165 
166 	/*
167 	 * OK, try setting the ACL (via ioctl).  Open
168 	 * read-only because we're NOT writing data.
169 	 * The driver will re-open with the necessary
170 	 * access rights to set the ACL.
171 	 */
172 	fd = open(file, O_RDONLY, 0);
173 	if (fd < 0) {
174 		perror(file);
175 		exit(1);
176 	}
177 
178 	if (uid == (uid_t)-1 || gid == (gid_t)-1) {
179 		/*
180 		 * If not setting owner or group, we need the
181 		 * current owner and group for translating
182 		 * references via owner@ or group@ ACEs.
183 		 */
184 		if (fstat(fd, &st) != 0) {
185 			perror(file);
186 			exit(1);
187 		}
188 		if (uid == (uid_t)-1)
189 			uid = st.st_uid;
190 		if (gid == (gid_t)-1)
191 			gid = st.st_gid;
192 	}
193 
194 	/*
195 	 * Convert the ZFS ACL to an NT SD.
196 	 */
197 	error = smbfs_acl_zfs2sd(acl, uid, gid, selector, &sd);
198 	if (error) {
199 		fprintf(stderr, "%s: failed to convert ACL\n", progname);
200 		exit(1);
201 	}
202 
203 	if (Vflag) {
204 
205 		/*
206 		 * Print the SD in ZFS form.
207 		 */
208 		printf("Solaris security data:\n");
209 		if (uid == (uid_t)-1)
210 			printf("owner: -1\n");
211 		else
212 			printf("owner: %u\n", uid);
213 		if (gid == (gid_t)-1)
214 			printf("group: -1\n");
215 		else
216 			printf("group: %u\n", gid);
217 		acl_printacl(acl, 80, 1);
218 		printf("\n");
219 
220 		/*
221 		 * Print the SD in Windows form.
222 		 */
223 		printf("CIFS security data:\n");
224 		smbfs_acl_print_sd(stdout, sd);
225 		printf("\n");
226 	}
227 
228 	error = smbfs_acl_setsd(fd, selector, sd);
229 	(void) close(fd);
230 
231 	if (error) {
232 		fprintf(stderr, "%s: ACL set failed, %s\n",
233 		    file, strerror(error));
234 		exit(1);
235 	}
236 
237 	smbfs_acl_free_sd(sd);
238 }
239