1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 
  22 /*
  23  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
  24  * Use is subject to license terms.
  25  */
  26 
  27 /*
  28  * Copyright (c) 2018, Joyent, Inc.
  29  */
  30 
  31 /*
  32  * This is the smbfs/chacl command.
  33  * (just for testing - not installed)
  34  *
  35  * Works like chmod(1), but only supporting A=... forms.
  36  * i.e. chacl A=everyone@:full_set:fd:allow /mnt/foo
  37  *
  38  * Some more test cases:
  39  *      /usr/lib/fs/smbfs/chacl -v
  40  *      A=user:2147483649:rwxpdDaARWcCos::allow,
  41  *      user:2147483653:raRcs::allow,
  42  *      everyone@:raRcs::allow
  43  */
  44 
  45 #include <sys/types.h>
  46 #include <sys/errno.h>
  47 #include <sys/stat.h>
  48 #include <sys/acl.h>
  49 #include <sys/acl_impl.h>
  50 
  51 #include <fcntl.h>
  52 #include <stdio.h>
  53 #include <stdlib.h>
  54 #include <unistd.h>
  55 #include <string.h>
  56 #include <aclutils.h>
  57 
  58 #include <netsmb/smbfs_acl.h>
  59 
  60 char *progname;
  61 int Vflag;
  62 
  63 void chacl(char *, uint32_t, uid_t, gid_t, acl_t *);
  64 
  65 static const char Usage[] =
  66         "Usage: %s [-v] [-u UID] [-g GID] A=ACL... file ...\n"
  67         "\twhere A=ACL is like chmod(1)\n";
  68 
  69 void
  70 usage(void)
  71 {
  72         fprintf(stderr, Usage, progname);
  73         exit(1);
  74 }
  75 
  76 int
  77 main(int argc, char **argv)
  78 {
  79         uid_t uid = (uid_t)-1;
  80         gid_t gid = (gid_t)-1;
  81         acl_t *acl = NULL;
  82         char *acl_arg;
  83         ulong_t tl;
  84         int c, error;
  85         uint32_t selector;
  86 
  87         progname = argv[0];
  88 
  89         while ((c = getopt(argc, argv, "vu:g:")) != -1) {
  90                 switch (c) {
  91                 case 'v':
  92                         Vflag++;
  93                         break;
  94                 case 'u':
  95                         tl = strtoul(optarg, NULL, 10);
  96                         if (tl == 0)
  97                                 goto badopt;
  98                         uid = (uid_t)tl;
  99                         break;
 100                 case 'g':
 101                         tl = strtoul(optarg, NULL, 10);
 102                         if (tl == 0)
 103                                 goto badopt;
 104                         gid = (gid_t)tl;
 105                         break;
 106                 case ':':
 107                         fprintf(stderr, "%s: option %c requires arg\n",
 108                             progname, c);
 109                         usage();
 110                         break;
 111 
 112                 badopt:
 113                 default:
 114                         fprintf(stderr, "%s: bad option: %c\n",
 115                             progname, c);
 116                         usage();
 117                         break;
 118                 }
 119         }
 120 
 121         if (optind + 1 > argc)
 122                 usage();
 123         acl_arg = argv[optind++];
 124 
 125         /*
 126          * Ask libsec to parse the ACL arg.
 127          */
 128         if (strncmp(acl_arg, "A=", 2) != 0)
 129                 usage();
 130         error = acl_parse(acl_arg + 2, &acl);
 131         if (error) {
 132                 fprintf(stderr, "%s: can not parse ACL: %s\n",
 133                     progname, acl_arg);
 134                 exit(1);
 135         }
 136         if (acl->acl_type != ACE_T) {
 137                 fprintf(stderr, "%s: ACL not ACE_T type: %s\n",
 138                     progname, acl_arg);
 139                 exit(1);
 140         }
 141 
 142         /*
 143          * Which parts of the SD are being modified?
 144          */
 145         selector = DACL_SECURITY_INFORMATION;
 146 
 147         if (uid != (uid_t)-1)
 148                 selector |= OWNER_SECURITY_INFORMATION;
 149         if (gid != (gid_t)-1)
 150                 selector |= GROUP_SECURITY_INFORMATION;
 151 
 152         if (optind == argc)
 153                 usage();
 154         for (; optind < argc; optind++)
 155                 chacl(argv[optind], selector, uid, gid, acl);
 156 
 157 done:
 158         acl_free(acl);
 159         return (0);
 160 }
 161 
 162 void
 163 chacl(char *file, uint32_t selector, uid_t uid, gid_t gid, acl_t *acl)
 164 {
 165         struct stat st;
 166         struct i_ntsd *sd = NULL;
 167         int error, fd;
 168 
 169         /*
 170          * OK, try setting the ACL (via ioctl).  Open
 171          * read-only because we're NOT writing data.
 172          * The driver will re-open with the necessary
 173          * access rights to set the ACL.
 174          */
 175         fd = open(file, O_RDONLY, 0);
 176         if (fd < 0) {
 177                 perror(file);
 178                 exit(1);
 179         }
 180 
 181         if (uid == (uid_t)-1 || gid == (gid_t)-1) {
 182                 /*
 183                  * If not setting owner or group, we need the
 184                  * current owner and group for translating
 185                  * references via owner@ or group@ ACEs.
 186                  */
 187                 if (fstat(fd, &st) != 0) {
 188                         perror(file);
 189                         exit(1);
 190                 }
 191                 if (uid == (uid_t)-1)
 192                         uid = st.st_uid;
 193                 if (gid == (gid_t)-1)
 194                         gid = st.st_gid;
 195         }
 196 
 197         /*
 198          * Convert the ZFS ACL to an NT SD.
 199          */
 200         error = smbfs_acl_zfs2sd(acl, uid, gid, selector, &sd);
 201         if (error) {
 202                 fprintf(stderr, "%s: failed to convert ACL\n", progname);
 203                 exit(1);
 204         }
 205 
 206         if (Vflag) {
 207 
 208                 /*
 209                  * Print the SD in ZFS form.
 210                  */
 211                 printf("Solaris security data:\n");
 212                 if (uid == (uid_t)-1)
 213                         printf("owner: -1\n");
 214                 else
 215                         printf("owner: %u\n", uid);
 216                 if (gid == (gid_t)-1)
 217                         printf("group: -1\n");
 218                 else
 219                         printf("group: %u\n", gid);
 220                 acl_printacl(acl, 80, 1);
 221                 printf("\n");
 222 
 223                 /*
 224                  * Print the SD in Windows form.
 225                  */
 226                 printf("CIFS security data:\n");
 227                 smbfs_acl_print_sd(stdout, sd);
 228                 printf("\n");
 229         }
 230 
 231         error = smbfs_acl_setsd(fd, selector, sd);
 232         (void) close(fd);
 233 
 234         if (error) {
 235                 fprintf(stderr, "%s: ACL set failed, %s\n",
 236                     file, strerror(error));
 237                 exit(1);
 238         }
 239 
 240         smbfs_acl_free_sd(sd);
 241 }