Correct group permission bits with iso_read_opts_set_no_aaip(,1)
and node import from image with ACLs.
This commit is contained in:
parent
d7f691d6df
commit
b1f8161006
|
|
@ -361,3 +361,17 @@ Pending considerations:
|
|||
- shall the tag types ACL_USER and ACL_GROUP with non-numeric qualifier be
|
||||
revoked ?
|
||||
|
||||
- define short indicators for namespaces "user" and "system".
|
||||
Idea:
|
||||
Reserved start bytes of name
|
||||
0x00 to 0x1F
|
||||
have a meaning
|
||||
0x00 builtin ACL
|
||||
0x01 escape reserved character at start of name
|
||||
0x02 namespace "system"
|
||||
0x03 namespace "user"
|
||||
0x04 namespace "libisofs"
|
||||
0x05 to 0x1F shall not be used yet. If encountered then they map to name
|
||||
space "user" and the name gets prefixed "aaipXY_" with XY being two hex
|
||||
digits describint the encountered short indicator value.
|
||||
|
||||
|
|
|
|||
|
|
@ -202,8 +202,6 @@ int default_create_node(IsoNodeBuilder *builder, IsoImage *image,
|
|||
if (a_text != NULL) {
|
||||
aaip_cleanout_st_mode(a_text, &(info.st_mode), 4 | 16);
|
||||
iso_node_set_perms_internal(new, info.st_mode, 1);
|
||||
free(a_text);
|
||||
a_text = 0;
|
||||
}
|
||||
iso_aa_get_acl_text(aa_string, info.st_mode, &a_text, &d_text,
|
||||
1 << 15); /* free ACL texts */
|
||||
|
|
|
|||
|
|
@ -1336,7 +1336,10 @@ int iso_file_source_new_ifs(IsoImageFilesystem *fs, IsoFileSource *parent,
|
|||
#ifdef Libisofs_with_aaiP
|
||||
/* ts A90115 */
|
||||
|
||||
} else if (SUSP_SIG(sue, 'A', 'A') && fsdata->aaip_load == 1) {
|
||||
/* Need to read AA in any case so it is available for S_IRWXG
|
||||
mapping in case that fsdata->aaip_load != 1
|
||||
*/
|
||||
} else if (SUSP_SIG(sue, 'A', 'A')) {
|
||||
|
||||
ret = read_aaip_AA(sue, &aa_string, &aa_size, &aa_len,
|
||||
&prev_field, &aa_done, 0);
|
||||
|
|
@ -2583,9 +2586,28 @@ int image_builder_create_node(IsoNodeBuilder *builder, IsoImage *image,
|
|||
/* obtain ownership of eventual AA string */
|
||||
ret = iso_file_source_get_aa_string(src, &aa_string, 1);
|
||||
if (ret == 1 && aa_string != NULL) {
|
||||
ret = iso_node_add_xinfo(new, aaip_xinfo_func, aa_string);
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
_ImageFsData *fsdata = data->fs->data;
|
||||
char *a_text = NULL, *d_text = NULL;
|
||||
|
||||
if (fsdata->aaip_load == 1) {
|
||||
ret = iso_node_add_xinfo(new, aaip_xinfo_func, aa_string);
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
} else {
|
||||
|
||||
/* ts A90208 */
|
||||
/* Look for ACL and perform S_IRWXG mapping */
|
||||
if (aa_string != NULL)
|
||||
iso_aa_get_acl_text(aa_string, info.st_mode, &a_text, &d_text,
|
||||
16);
|
||||
if (a_text != NULL)
|
||||
aaip_cleanout_st_mode(a_text, &(new->mode), 4 | 16);
|
||||
/* Dispose ACL a_text and d_text */
|
||||
iso_aa_get_acl_text(aa_string, info.st_mode, &a_text, &d_text,
|
||||
1 << 15);
|
||||
/* Dispose aa_string */
|
||||
aaip_xinfo_func(aa_string, 1);
|
||||
}
|
||||
}
|
||||
|
||||
#endif /* Libisofs_with_aaiP */
|
||||
|
|
|
|||
147
libisofs/node.c
147
libisofs/node.c
|
|
@ -1461,71 +1461,6 @@ int iso_node_get_attrs(IsoNode *node, size_t *num_attrs,
|
|||
|
||||
#ifdef Libisofs_with_aaiP
|
||||
|
||||
#ifdef NIX
|
||||
|
||||
void *xipt;
|
||||
struct aaip_state *aaip= NULL;
|
||||
unsigned char *rpt, *aa_string;
|
||||
size_t len, todo, consumed;
|
||||
int is_done = 0, first_round= 1, ret;
|
||||
|
||||
if (flag & (1 << 15))
|
||||
aaip_get_decoded_attrs(&aaip, num_attrs, names,
|
||||
value_lengths, values, 1 << 15);
|
||||
*num_attrs = 0;
|
||||
*names = NULL;
|
||||
*value_lengths = NULL;
|
||||
*values = NULL;
|
||||
if (flag & (1 << 15))
|
||||
return 1;
|
||||
|
||||
ret = iso_node_get_xinfo(node, aaip_xinfo_func, &xipt);
|
||||
if (ret != 1)
|
||||
return 1;
|
||||
|
||||
aa_string = rpt = (unsigned char *) xipt;
|
||||
len = aaip_count_bytes(rpt, 0);
|
||||
while (!is_done) {
|
||||
todo = len - (rpt - aa_string);
|
||||
if (todo > 2048)
|
||||
todo = 2048;
|
||||
if (todo == 0) {
|
||||
/* Out of data while still prompted to submit */
|
||||
return ISO_AAIP_BAD_AASTRING;
|
||||
}
|
||||
/* Allow 1 million bytes of memory consumption, 100,000 attributes */
|
||||
ret = aaip_decode_attrs(&aaip, (size_t) 1000000, (size_t) 100000,
|
||||
rpt, todo, &consumed, first_round);
|
||||
rpt+= consumed;
|
||||
first_round= 0;
|
||||
if (ret == 1)
|
||||
continue;
|
||||
if (ret == 2)
|
||||
break;
|
||||
|
||||
/* aaip_decode_attrs() reports error */
|
||||
return ISO_AAIP_BAD_AASTRING;
|
||||
}
|
||||
|
||||
if (rpt - aa_string != len) {
|
||||
/* aaip_decode_attrs() returns 2 but still bytes are left */
|
||||
return ISO_AAIP_BAD_AASTRING;
|
||||
}
|
||||
|
||||
ret = aaip_get_decoded_attrs(&aaip, num_attrs, names,
|
||||
value_lengths, values, 0);
|
||||
if (ret != 1) {
|
||||
/* aaip_get_decoded_attrs() failed */
|
||||
return ISO_AAIP_BAD_AASTRING;
|
||||
}
|
||||
if (!(flag & 1)) {
|
||||
/* Clean out eventual ACL attribute resp. all other xattr */
|
||||
attrs_cleanout_name("", num_attrs, *names, *value_lengths, *values,
|
||||
!!(flag & 4));
|
||||
}
|
||||
|
||||
#else /* NIX */
|
||||
|
||||
void *xipt;
|
||||
unsigned char *aa_string = NULL;
|
||||
int ret;
|
||||
|
|
@ -1547,9 +1482,6 @@ int iso_node_get_attrs(IsoNode *node, size_t *num_attrs,
|
|||
flag);
|
||||
return ret;
|
||||
|
||||
#endif /* ! NIX */
|
||||
|
||||
|
||||
#else /* Libisofs_with_aaiP */
|
||||
|
||||
*num_attrs = 0;
|
||||
|
|
@ -1892,73 +1824,6 @@ int iso_node_get_acl_text(IsoNode *node,
|
|||
|
||||
#ifdef Libisofs_with_aaiP
|
||||
|
||||
#ifdef NIX
|
||||
|
||||
size_t num_attrs = 0, *value_lengths = NULL, i, consumed, text_fill = 0;
|
||||
size_t v_len;
|
||||
char **names = NULL, **values = NULL;
|
||||
unsigned char *v_data;
|
||||
int ret, from_posix= 0;
|
||||
mode_t st_mode;
|
||||
|
||||
if (flag & (1 << 15)) {
|
||||
if (*access_text != NULL)
|
||||
free(*access_text);
|
||||
*access_text = NULL;
|
||||
if (*default_text != NULL)
|
||||
free(*default_text);
|
||||
*default_text = NULL;
|
||||
return 1;
|
||||
}
|
||||
|
||||
*access_text = *default_text = NULL;
|
||||
|
||||
ret = iso_node_get_attrs(node, &num_attrs, &names,
|
||||
&value_lengths, &values, 1);
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
|
||||
for(i = 0; i < num_attrs; i++) {
|
||||
if (names[i][0]) /* searching the empty name */
|
||||
continue;
|
||||
|
||||
v_data = (unsigned char *) values[i];
|
||||
v_len = value_lengths[i];
|
||||
|
||||
/* "access" ACL */
|
||||
ret = iso_decode_acl(v_data, v_len,
|
||||
&consumed, access_text, &text_fill, 0);
|
||||
if (ret <= 0)
|
||||
goto bad_decode;
|
||||
if (ret == 2) {
|
||||
v_data += consumed;
|
||||
v_len -= consumed;
|
||||
ret = iso_decode_acl(v_data, v_len,
|
||||
&consumed, default_text, &text_fill, 0);
|
||||
if (ret == 0)
|
||||
goto bad_decode;
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
if (*access_text == NULL && !(flag & 16)) {
|
||||
from_posix = 1;
|
||||
*access_text = calloc(42, 1); /* 42 for aaip_update_acl_st_mode */
|
||||
}
|
||||
if (*access_text != NULL) {
|
||||
st_mode = iso_node_get_permissions(node);
|
||||
aaip_add_acl_st_mode(*access_text, st_mode, 0);
|
||||
text_fill = strlen(*access_text);
|
||||
}
|
||||
|
||||
if (*access_text == NULL && *default_text == NULL)
|
||||
ret = 0;
|
||||
else
|
||||
ret = 1 + from_posix;
|
||||
ex:;
|
||||
|
||||
#else /* NIX */
|
||||
|
||||
size_t num_attrs = 0, *value_lengths = NULL;
|
||||
char **names = NULL, **values = NULL;
|
||||
mode_t st_mode;
|
||||
|
|
@ -1976,22 +1841,10 @@ ex:;
|
|||
st_mode = iso_node_get_permissions(node);
|
||||
ret = iso_attr_get_acl_text(num_attrs, names, value_lengths, values,
|
||||
st_mode, access_text, default_text, flag);
|
||||
|
||||
#endif /* ! NIX */
|
||||
|
||||
iso_node_get_attrs(node, &num_attrs, &names,
|
||||
&value_lengths, &values, 1 << 15); /* free memory */
|
||||
return ret;
|
||||
|
||||
#ifdef NIX
|
||||
|
||||
bad_decode:;
|
||||
ret = ISO_AAIP_BAD_ACL;
|
||||
goto ex;
|
||||
|
||||
#endif /* NIX */
|
||||
|
||||
|
||||
#else /* Libisofs_with_aaiP */
|
||||
|
||||
*access_text = *default_text = NULL;
|
||||
|
|
|
|||
Loading…
Reference in New Issue