New option -setfacl_list

This commit is contained in:
Thomas Schmitt 2009-01-29 16:53:45 +00:00
parent 78a3402bf3
commit 4bc34cc0ed
4 changed files with 352 additions and 195 deletions

View File

@ -2,7 +2,7 @@
.\" First parameter, NAME, should be all caps .\" First parameter, NAME, should be all caps
.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection .\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
.\" other parameters are allowed: see man(7), man(1) .\" other parameters are allowed: see man(7), man(1)
.TH XORRISO 1 "Jan 25, 2008" .TH XORRISO 1 "Jan 28, 2008"
.\" Please adjust this date whenever revising the manpage. .\" Please adjust this date whenever revising the manpage.
.\" .\"
.\" Some roff macros, for reference: .\" Some roff macros, for reference:
@ -938,17 +938,17 @@ existing ACLs.
If acl_text is empty, or contains the text "clear" or the text If acl_text is empty, or contains the text "clear" or the text
"--remove-all", then the existing ACLs will be removed and no new ones will be "--remove-all", then the existing ACLs will be removed and no new ones will be
attached. Any other content of acl_text will be interpreted as a list of attached. Any other content of acl_text will be interpreted as a list of
ACL entries. It may be in the long format as put out by -getfacl but may also ACL entries. It may be in the long multi-line format as put out by -getfacl
be abbreviated as follows: but may also be abbreviated as follows:
.br .br
ACL entries are separated by comma or newline. If an entry is empty text or ACL entries are separated by comma or newline. If an entry is empty text or
begins with "#" then it will be gracefully ignored. A valid entry has to begin begins with "#" then it will be ignored. A valid entry has to begin
by a letter out of {ugom} for "user", "group", "other", "mask". It has to by a letter out of {ugom} for "user", "group", "other", "mask". It has to
contain two colons ":". A non-empty text between those two gives a user id contain two colons ":". A non-empty text between those ":" gives a user id
resp. group id. After the second ":" there may be letters out of {rwx-}. resp. group id. After the second ":" there may be letters out of {rwx- #}.
Letter "-" is ignored. The other three give read, write resp. The first three give read, write resp. execute permission.
execute permission. Letters "-", " " and TAB are ignored. "#" causes the rest of the entry to
Letter "X" or any other letters are not supported. Examples: be ignored. Letter "X" or any other letters are not supported. Examples:
.br .br
g:toolies:rw,u:lisa:rw,u:1001:rw,u::wr,g::r,o::r,m::rw g:toolies:rw,u:lisa:rw,u:1001:rw,u::wr,g::r,o::r,m::rw
.br .br
@ -956,11 +956,21 @@ Letter "X" or any other letters are not supported. Examples:
.br .br
A valid entry may be prefixed by "d", some following characters and ":". A valid entry may be prefixed by "d", some following characters and ":".
This indicates that the entry goes to the "default" ACL rather than to the This indicates that the entry goes to the "default" ACL rather than to the
"access" ACL. "access" ACL. Example:
.br
u::rwx,g::rx,o::,d:u::rwx,d:g::rx,d:o::,d:u:lisa:rwx,d:m::rwx
.TP .TP
\fB\-setfacl_r\fR acl_text iso_rr_path [***] \fB\-setfacl_r\fR acl_text iso_rr_path [***]
Like -setfacl but affecting all files below eventual directories. Like -setfacl but affecting all files below eventual directories.
.TP .TP
\fB\-setfacl_list\fR disk_path
Read the output of -getfacl_r or shell command getfacl -R and apply it to the
iso_rr_paths as given in lines beginning with "# file:". This will change
ownership, group and ACL of the given files.
.br
Since -getfacl and getfacl strip leading "/" from file paths, the setting of
-cd does always matter.
.TP
\fB\-alter_date\fR type timestring iso_rr_path [***] \fB\-alter_date\fR type timestring iso_rr_path [***]
Alter the date entries of a file in the ISO image. type is Alter the date entries of a file in the ISO image. type is
one of "a", "m", "b" for access time, modification time, one of "a", "m", "b" for access time, modification time,
@ -1449,7 +1459,7 @@ permissible.
.B Settings for result writing: .B Settings for result writing:
.TP .TP
Rock Ridge info will be generated by the program unconditionally. Rock Ridge info will be generated by the program unconditionally.
ACL will be written according to the setting of option -acl. ACLs will be written according to the setting of option -acl.
.TP .TP
\fB\-joliet\fR "on"|"off" \fB\-joliet\fR "on"|"off"
If enabled by "on", generate Joliet info additional to Rock Ridge info. If enabled by "on", generate Joliet info additional to Rock Ridge info.

View File

@ -10758,6 +10758,216 @@ ex:
} }
/* Normalize ACL and sort apart "access" ACL from "default" ACL.
*/
int Xorriso_normalize_acl_text(struct XorrisO *xorriso, char *in_text,
char **access_acl_text, char **default_acl_text, int flag)
{
int ret, access_count= 0, default_count= 0, pass, is_default, line_len;
int was_error= 0, line_count= 0, perms;
char *acl_text= NULL, *cpt, *npt, *access_wpt= NULL, *default_wpt= NULL;
char *dpt, *ddpt, **wpt, *ppt;
if(in_text[0] == 0 || strcmp(in_text, "clear") == 0 ||
strcmp(in_text, "--remove-all") == 0) {
*access_acl_text= *default_acl_text= NULL;
return(1);
} else if (strcmp(in_text, "--remove-default") == 0) {
/* >>> protect Access-ACL and delete Default-ACL */;
/* <<< */
return(0);
}
acl_text= strdup(in_text);
if(acl_text == NULL) {
Xorriso_no_malloc_memory(xorriso, NULL, 0);
{ret= -1; goto ex;}
}
/* From comma to newline */
for(cpt= strchr(acl_text, ','); cpt != NULL; cpt= strchr(cpt + 1, ','))
*cpt= '\n';
/* Normalize to long text form
and sort apart "access" ACL from "default" ACL */;
for(pass= 0; pass < 2; pass++) {
line_count= 0;
for(cpt= acl_text; cpt != NULL; cpt= npt) {
line_count++;
npt= strchr(cpt, '\n');
if(npt != NULL)
npt++;
if(*cpt == '#' || *cpt == '\n' || *cpt == 0)
continue;
is_default= 0;
wpt= &access_wpt;
if(*cpt == 'd') {
is_default= 1;
if(pass == 1)
wpt= &default_wpt;
cpt= strchr(cpt, ':');
if(cpt == NULL) {
was_error= line_count;
continue;
}
cpt++;
}
line_len= 0;
dpt= strchr(cpt, ':');
if(dpt != NULL)
ddpt= strchr(dpt + 1, ':');
if(dpt == NULL || ddpt == NULL) {
was_error= line_count;
continue;
}
if(*cpt == 'u') {
if(pass == 0) {
line_len+= 5;
line_len+= ddpt - dpt;
} else {
strcpy(*wpt, "user:");
strncpy(*wpt + 5, dpt + 1, ddpt - dpt);
(*wpt)+= 5 + (ddpt - dpt);
}
} else if(*cpt == 'g') {
if(pass == 0) {
line_len+= 6 + (ddpt - dpt);
} else {
strcpy(*wpt, "group:");
strncpy(*wpt + 6, dpt + 1, ddpt - dpt);
(*wpt)+= 6 + (ddpt - dpt);
}
} else if(*cpt == 'o') {
if(pass == 0) {
if(ddpt - dpt > 1) {
was_error= line_count;
continue;
}
line_len+= 6 + (ddpt - dpt);
} else {
strcpy(*wpt, "other:");
strncpy(*wpt + 6, dpt + 1, ddpt - dpt);
(*wpt)+= 6 + (ddpt - dpt);
}
} else if(*cpt == 'm') {
if(pass == 0) {
if(ddpt - dpt > 1) {
was_error= line_count;
continue;
}
line_len+= 5 + (ddpt - dpt);
} else {
strcpy(*wpt, "mask:");
strncpy(*wpt + 5, dpt + 1, ddpt - dpt);
(*wpt)+= 5 + (ddpt - dpt);
}
} else {
/* Unknown tag type */
was_error= line_count;
continue;
}
/* Examine permissions at ddpt + 1 */;
perms= 0;
for(ppt= ddpt + 1; *ppt != 0 && *ppt != '\n'; ppt++) {
if(*ppt == 'r')
perms|= 4;
else if(*ppt == 'w')
perms|= 2;
else if(*ppt == 'x')
perms|= 1;
else if(*ppt == '-' || *ppt == ' ' || *ppt == '\t')
;
else if(*ppt == '#')
break;
else {
was_error= line_count;
break;
}
}
if(pass == 0) {
line_len+= 4;
} else {
sprintf(*wpt, "%c%c%c\n",
perms & 4 ? 'r' : '-', perms & 2 ? 'w' : '-', perms & 1 ? 'x' : '-');
(*wpt)+= 4;
}
if(pass == 0) {
if(is_default)
default_count+= line_len;
else
access_count+= line_len;
}
}
if(pass == 0) {
*access_acl_text= calloc(access_count + 1, 1);
*default_acl_text= calloc(default_count + 1, 1);
if(access_acl_text == NULL || *default_acl_text == NULL) {
Xorriso_no_malloc_memory(xorriso, access_acl_text, 0);
{ret= -1; goto ex;}
}
access_wpt= *access_acl_text;
default_wpt= *default_acl_text;
} else {
*access_wpt= 0;
*default_wpt= 0;
}
}
ret= 1;
ex:;
if(acl_text != NULL)
free(acl_text);
if(was_error) {
sprintf(xorriso->info_text,
"Malformed ACL entries encountered. Last one in line number %d.",
was_error);
Xorriso_msgs_submit(xorriso, 0, xorriso->info_text, 0, "FAILURE", 0);
return(0);
}
return(ret);
}
int Xorriso_perform_acl_from_list(struct XorrisO *xorriso, char *file_path,
char *uid, char *gid, char *acl, int flag)
{
int ret, zero= 0;
uid_t uid_number;
gid_t gid_number;
/* Set group and owner */
if(gid[0]) {
ret= Xorriso_convert_gidstring(xorriso, gid, &gid_number, 0);
if(ret<=0)
return(ret);
ret= Xorriso_set_gid(xorriso, file_path, gid_number, 0);
if(ret<=0)
return(ret);
}
if(uid[0]) {
ret= Xorriso_convert_uidstring(xorriso, uid, &uid_number, 0);
if(ret<=0)
return(ret);
ret= Xorriso_set_uid(xorriso, file_path, uid_number, 0);
if(ret<=0)
return(ret);
}
ret= Xorriso_option_setfacli(xorriso, acl, 1, &file_path, &zero, 0);
if(ret <= 0)
return(ret);
return(1);
}
/* ---------------------------- Options API ------------------------ */ /* ---------------------------- Options API ------------------------ */
@ -13338,6 +13548,9 @@ int Xorriso_option_help(struct XorrisO *xorriso, int flag)
" in the ISO image by the ACL which is defined by acl_text.", " in the ISO image by the ACL which is defined by acl_text.",
" -setfacl_r acl_text iso_rr_path [***]", " -setfacl_r acl_text iso_rr_path [***]",
" Like -setfacl but affecting all files below directories.", " Like -setfacl but affecting all files below directories.",
" -setfacl_list disk_path",
" Read output of getfacl from file disk_path. Set owner,",
" group and ACL of the iso_rr_path given by line \"# file:\".",
" -alter_date type timestring iso_rr_path [***]", " -alter_date type timestring iso_rr_path [***]",
" Alter the date entries of a file in the ISO image. type is", " Alter the date entries of a file in the ISO image. type is",
" one of \"a\", \"m\", \"b\" for:", " one of \"a\", \"m\", \"b\" for:",
@ -15224,195 +15437,125 @@ int Xorriso_option_session_log(struct XorrisO *xorriso, char *path, int flag)
} }
/* Normalize ACL and sort apart "access" ACL from "default" ACL. /* Option -setfacl_list alias -setfacl_listi */
*/ int Xorriso_option_setfacl_listi(struct XorrisO *xorriso, char *path, int flag)
int Xorriso_normalize_acl_text(struct XorrisO *xorriso, char *in_text,
char **access_acl_text, char **default_acl_text, int flag)
{ {
int ret, access_count= 0, default_count= 0, pass, is_default, line_len; int ret, eaten;
int was_error= 0, line_count= 0, perms; size_t buf_size= 0, buf_add= 64 * 1024, l, linecount= 0;
char *acl_text= NULL, *cpt, *npt, *access_wpt= NULL, *default_wpt= NULL; char line[SfileadrL * 4], *buf= NULL, *wpt, *new_buf, limit_text[80];
char *dpt, *ddpt, **wpt, *ppt; char file_path[SfileadrL], uid[161], gid[161];
FILE *fp= NULL;
if(in_text[0] == 0 || strcmp(in_text, "clear") == 0 || Xorriso_pacifier_reset(xorriso, 0);
strcmp(in_text, "--remove-all") == 0) { if(path[0]==0) {
*access_acl_text= *default_acl_text= NULL; sprintf(xorriso->info_text, "Empty file name given with -setfacl_list");
return(1);
} else if (strcmp(in_text, "--remove-default") == 0) {
/* >>> protect Access-ACL and delete Default-ACL */;
/* <<< */
return(0);
}
acl_text= strdup(in_text);
if(acl_text == NULL) {
Xorriso_no_malloc_memory(xorriso, NULL, 0);
{ret= -1; goto ex;}
}
/* From comma to newline */
for(cpt= strchr(acl_text, ','); cpt != NULL; cpt= strchr(cpt + 1, ','))
*cpt= '\n';
/* Normalize to long text form
and sort apart "access" ACL from "default" ACL */;
for(pass= 0; pass < 2; pass++) {
for(cpt= acl_text; cpt != NULL; cpt= npt) {
if(pass == 0)
line_count++;
npt= strchr(cpt, '\n');
if(npt != NULL)
npt++;
if(*cpt == '#' || *cpt == '\n' || *cpt == 0)
continue;
is_default= 0;
wpt= &access_wpt;
if(*cpt == 'd') {
is_default= 1;
if(pass == 1)
wpt= &default_wpt;
cpt= strchr(cpt, ':');
if(cpt == NULL) {
was_error= line_count;
continue;
}
}
line_len= 0;
dpt= strchr(cpt, ':');
if(dpt != NULL)
ddpt= strchr(dpt + 1, ':');
if(dpt == NULL || ddpt == NULL) {
was_error= line_count;
continue;
}
if(*cpt == 'u') {
if(pass == 0) {
line_len+= 5;
line_len+= ddpt - dpt;
} else {
strcpy(*wpt, "user:");
strncpy(*wpt + 5, dpt + 1, ddpt - dpt);
(*wpt)+= 5 + (ddpt - dpt);
}
} else if(*cpt == 'g') {
if(pass == 0) {
line_len+= 6 + (ddpt - dpt);
} else {
strcpy(*wpt, "group:");
strncpy(*wpt + 6, dpt + 1, ddpt - dpt);
(*wpt)+= 6 + (ddpt - dpt);
}
} else if(*cpt == 'o') {
if(pass == 0) {
if(ddpt - dpt > 1) {
was_error= line_count;
continue;
}
line_len+= 6 + (ddpt - dpt);
} else {
strcpy(*wpt, "other:");
strncpy(*wpt + 6, dpt + 1, ddpt - dpt);
(*wpt)+= 6 + (ddpt - dpt);
}
} else if(*cpt == 'm') {
if(pass == 0) {
if(ddpt - dpt > 1) {
was_error= line_count;
continue;
}
line_len+= 5 + (ddpt - dpt);
} else {
strcpy(*wpt, "mask:");
strncpy(*wpt + 5, dpt + 1, ddpt - dpt);
(*wpt)+= 5 + (ddpt - dpt);
}
} else {
/* Unknown tag type */
was_error= line_count;
continue;
}
/* Examine permissions at ddpt + 1 */;
perms= 0;
for(ppt= ddpt + 1; *ppt != 0 && *ppt != '\n'; ppt++) {
if(*ppt == 'r')
perms|= 4;
else if(*ppt == 'w')
perms|= 2;
else if(*ppt == 'x')
perms|= 1;
else if(*ppt == '-')
;
else {
was_error= line_count;
continue;
}
}
if(pass == 0) {
line_len+= 4;
} else {
sprintf(*wpt, "%c%c%c\n",
perms & 4 ? 'r' : '-', perms & 2 ? 'w' : '-', perms & 1 ? 'x' : '-');
(*wpt)+= 4;
}
if(pass == 0) {
if(is_default)
default_count+= line_len;
else
access_count+= line_len;
}
}
if(pass == 0) {
*access_acl_text= calloc(access_count + 1, 1);
*default_acl_text= calloc(default_count + 1, 1);
if(access_acl_text == NULL || *default_acl_text == NULL) {
Xorriso_no_malloc_memory(xorriso, access_acl_text, 0);
{ret= -1; goto ex;}
}
access_wpt= *access_acl_text;
default_wpt= *default_acl_text;
} else {
*access_wpt= 0;
*default_wpt= 0;
}
}
ret= 1;
ex:;
if(acl_text != NULL)
free(acl_text);
if(was_error) {
sprintf(xorriso->info_text,
"Malformed ACL entries encountered. Last one in line number %d.",
was_error);
Xorriso_msgs_submit(xorriso, 0, xorriso->info_text, 0, "FAILURE", 0); Xorriso_msgs_submit(xorriso, 0, xorriso->info_text, 0, "FAILURE", 0);
return(0); return(0);
} }
return(ret); ret= Xorriso_afile_fopen(xorriso, path, "rb", &fp, 0);
if(ret <= 0)
return(0);
buf_size= buf_add;
buf= calloc(buf_size, 1);
if(buf == NULL)
goto out_of_mem;
wpt= buf;
uid[0]= gid[0]= 0;
while(1) {
if(Sfile_fgets_n(line, sizeof(line), fp, 0) == NULL)
break;
linecount++;
if(strncmp(line, "# file: ", 8) ==0) {
if(wpt != buf && file_path[0]) {
/* Commit previous list */
ret= Xorriso_perform_acl_from_list(xorriso, file_path,
uid, gid, buf, 0);
if(ret<=0)
goto ex;
wpt= buf;
file_path[0]= uid[0]= gid[0]= 0;
}
/* Unescape line and register as file path */
Sfile_bsl_interpreter(line + 8, strlen(line + 8), &eaten, 0);
if(strlen(line + 8) >= SfileadrL) {
sprintf(xorriso->info_text, "-setfacl_list: Oversized file path");
Xorriso_msgs_submit(xorriso, 0, xorriso->info_text, 0, "FAILURE", 0);
ret= 0; goto ex;
}
strcpy(file_path, line + 8);
continue;
} else if(strncmp(line, "# owner: ", 9) == 0) {
if(strlen(line + 9) > 160) {
sprintf(xorriso->info_text, "-setfacl_list: Oversized owner id");
Xorriso_msgs_submit(xorriso, 0, xorriso->info_text, 0, "FAILURE", 0);
ret= 0; goto ex;
}
strcpy(uid, line + 9);
continue;
} else if(strncmp(line, "# group: ", 9) == 0) {
if(strlen(line + 9) > 160) {
sprintf(xorriso->info_text, "-setfacl_list: Oversized group id");
Xorriso_msgs_submit(xorriso, 0, xorriso->info_text, 0, "FAILURE", 0);
ret= 0; goto ex;
}
strcpy(gid, line + 9);
continue;
} else if(line[0] == '#' || line[0] == 0) {
continue;
} }
/* Register ACL entry */
/* Options -setfacl_list alias -setfacl_listi */ l= strlen(line);
int Xorriso_option_setfacl_listi(struct XorrisO *xorriso, char *path, int flag) if(wpt + l + 2 - buf > buf_size) {
{ if(buf_size + buf_add > xorriso->temp_mem_limit) {
Sfile_scale((double) xorriso->temp_mem_limit, limit_text,5,1e4,1);
/* >>> Open path */; sprintf(xorriso->info_text,
/* >>> Loop over lines */; "-setfacl_list: List entry for a single file exceeds -temp_mem_limit %s",
/* >>> if(strncmp(line, */; limit_text);
/* >>> */; Xorriso_msgs_submit(xorriso, 0, xorriso->info_text, 0, "FAILURE", 0);
/* >>> */; ret= 0; goto ex;
/* >>> */; }
/* >>> */; buf_size+= buf_add;
new_buf= realloc(buf, buf_size);
return(1); if(new_buf == NULL)
goto out_of_mem;
buf= new_buf;
}
memcpy(wpt, line, l);
*(wpt + l)= '\n';
wpt+= l + 1;
*wpt= 0;
}
if(wpt != buf && file_path[0]) {
/* Commit last list */
ret= Xorriso_perform_acl_from_list(xorriso, file_path, uid, gid, buf, 0);
if(ret<=0)
goto ex;
} else {
sprintf(xorriso->info_text, "-setfacl_list: Unexpected end of file ");
Text_shellsafe(path, xorriso->info_text, 1);
Xorriso_msgs_submit(xorriso, 0, xorriso->info_text, 0, "WARNING", 0);
}
ret= 1;
ex:;
if(buf != NULL)
free(buf);
if(fp!=NULL)
fclose(fp);
if(ret <= 0) {
sprintf(xorriso->info_text, "-setfacl_list ");
Text_shellsafe(path, xorriso->info_text, 1);
sprintf(xorriso->info_text + strlen(xorriso->info_text),
" aborted in line %.f\n", (double) linecount);
Xorriso_msgs_submit(xorriso, 0, xorriso->info_text, 0, "FAILURE", 0);
}
return(ret);
out_of_mem:;
Xorriso_no_malloc_memory(xorriso, &buf, 0);
ret= -1;
goto ex;
} }

View File

@ -670,6 +670,10 @@ int Xorriso_option_rom_toc_scan(struct XorrisO *xorriso, char *mode,
/* Option -session_log */ /* Option -session_log */
int Xorriso_option_session_log(struct XorrisO *xorriso, char *path, int flag); int Xorriso_option_session_log(struct XorrisO *xorriso, char *path, int flag);
/* Option -setfacl_list alias -setfacl_listi */
int Xorriso_option_setfacl_listi(struct XorrisO *xorriso, char *disk_path,
int flag);
/* Option -setfacl alias -setfacli , -setfacl_r alias -setfacl_ri */ /* Option -setfacl alias -setfacli , -setfacl_r alias -setfacl_ri */
/* @param flag bit0=recursive -setfacl_r /* @param flag bit0=recursive -setfacl_r
*/ */

View File

@ -1 +1 @@
#define Xorriso_timestamP "2009.01.28.190140" #define Xorriso_timestamP "2009.01.29.165339"