From b1f81610062c49847fce019a70889485f051dd06 Mon Sep 17 00:00:00 2001 From: Thomas Schmitt Date: Sun, 8 Feb 2009 12:45:15 +0100 Subject: [PATCH] Correct group permission bits with iso_read_opts_set_no_aaip(,1) and node import from image with ACLs. --- doc/susp_aaip_0_2.txt | 14 ++++ libisofs/builder.c | 2 - libisofs/fs_image.c | 30 +++++++-- libisofs/node.c | 147 ------------------------------------------ 4 files changed, 40 insertions(+), 153 deletions(-) diff --git a/doc/susp_aaip_0_2.txt b/doc/susp_aaip_0_2.txt index 724c39e..156d650 100644 --- a/doc/susp_aaip_0_2.txt +++ b/doc/susp_aaip_0_2.txt @@ -361,3 +361,17 @@ Pending considerations: - shall the tag types ACL_USER and ACL_GROUP with non-numeric qualifier be revoked ? +- define short indicators for namespaces "user" and "system". + Idea: + Reserved start bytes of name + 0x00 to 0x1F + have a meaning + 0x00 builtin ACL + 0x01 escape reserved character at start of name + 0x02 namespace "system" + 0x03 namespace "user" + 0x04 namespace "libisofs" + 0x05 to 0x1F shall not be used yet. If encountered then they map to name + space "user" and the name gets prefixed "aaipXY_" with XY being two hex + digits describint the encountered short indicator value. + diff --git a/libisofs/builder.c b/libisofs/builder.c index 434ddf7..78a5a3f 100644 --- a/libisofs/builder.c +++ b/libisofs/builder.c @@ -202,8 +202,6 @@ int default_create_node(IsoNodeBuilder *builder, IsoImage *image, if (a_text != NULL) { aaip_cleanout_st_mode(a_text, &(info.st_mode), 4 | 16); iso_node_set_perms_internal(new, info.st_mode, 1); - free(a_text); - a_text = 0; } iso_aa_get_acl_text(aa_string, info.st_mode, &a_text, &d_text, 1 << 15); /* free ACL texts */ diff --git a/libisofs/fs_image.c b/libisofs/fs_image.c index d03927b..1b6e434 100644 --- a/libisofs/fs_image.c +++ b/libisofs/fs_image.c @@ -1336,7 +1336,10 @@ int iso_file_source_new_ifs(IsoImageFilesystem *fs, IsoFileSource *parent, #ifdef Libisofs_with_aaiP /* ts A90115 */ - } else if (SUSP_SIG(sue, 'A', 'A') && fsdata->aaip_load == 1) { + /* Need to read AA in any case so it is available for S_IRWXG + mapping in case that fsdata->aaip_load != 1 + */ + } else if (SUSP_SIG(sue, 'A', 'A')) { ret = read_aaip_AA(sue, &aa_string, &aa_size, &aa_len, &prev_field, &aa_done, 0); @@ -2583,9 +2586,28 @@ int image_builder_create_node(IsoNodeBuilder *builder, IsoImage *image, /* obtain ownership of eventual AA string */ ret = iso_file_source_get_aa_string(src, &aa_string, 1); if (ret == 1 && aa_string != NULL) { - ret = iso_node_add_xinfo(new, aaip_xinfo_func, aa_string); - if (ret < 0) - return ret; + _ImageFsData *fsdata = data->fs->data; + char *a_text = NULL, *d_text = NULL; + + if (fsdata->aaip_load == 1) { + ret = iso_node_add_xinfo(new, aaip_xinfo_func, aa_string); + if (ret < 0) + return ret; + } else { + + /* ts A90208 */ + /* Look for ACL and perform S_IRWXG mapping */ + if (aa_string != NULL) + iso_aa_get_acl_text(aa_string, info.st_mode, &a_text, &d_text, + 16); + if (a_text != NULL) + aaip_cleanout_st_mode(a_text, &(new->mode), 4 | 16); + /* Dispose ACL a_text and d_text */ + iso_aa_get_acl_text(aa_string, info.st_mode, &a_text, &d_text, + 1 << 15); + /* Dispose aa_string */ + aaip_xinfo_func(aa_string, 1); + } } #endif /* Libisofs_with_aaiP */ diff --git a/libisofs/node.c b/libisofs/node.c index 8a13ba0..0905f67 100644 --- a/libisofs/node.c +++ b/libisofs/node.c @@ -1461,71 +1461,6 @@ int iso_node_get_attrs(IsoNode *node, size_t *num_attrs, #ifdef Libisofs_with_aaiP -#ifdef NIX - - void *xipt; - struct aaip_state *aaip= NULL; - unsigned char *rpt, *aa_string; - size_t len, todo, consumed; - int is_done = 0, first_round= 1, ret; - - if (flag & (1 << 15)) - aaip_get_decoded_attrs(&aaip, num_attrs, names, - value_lengths, values, 1 << 15); - *num_attrs = 0; - *names = NULL; - *value_lengths = NULL; - *values = NULL; - if (flag & (1 << 15)) - return 1; - - ret = iso_node_get_xinfo(node, aaip_xinfo_func, &xipt); - if (ret != 1) - return 1; - - aa_string = rpt = (unsigned char *) xipt; - len = aaip_count_bytes(rpt, 0); - while (!is_done) { - todo = len - (rpt - aa_string); - if (todo > 2048) - todo = 2048; - if (todo == 0) { - /* Out of data while still prompted to submit */ - return ISO_AAIP_BAD_AASTRING; - } - /* Allow 1 million bytes of memory consumption, 100,000 attributes */ - ret = aaip_decode_attrs(&aaip, (size_t) 1000000, (size_t) 100000, - rpt, todo, &consumed, first_round); - rpt+= consumed; - first_round= 0; - if (ret == 1) - continue; - if (ret == 2) - break; - - /* aaip_decode_attrs() reports error */ - return ISO_AAIP_BAD_AASTRING; - } - - if (rpt - aa_string != len) { - /* aaip_decode_attrs() returns 2 but still bytes are left */ - return ISO_AAIP_BAD_AASTRING; - } - - ret = aaip_get_decoded_attrs(&aaip, num_attrs, names, - value_lengths, values, 0); - if (ret != 1) { - /* aaip_get_decoded_attrs() failed */ - return ISO_AAIP_BAD_AASTRING; - } - if (!(flag & 1)) { - /* Clean out eventual ACL attribute resp. all other xattr */ - attrs_cleanout_name("", num_attrs, *names, *value_lengths, *values, - !!(flag & 4)); - } - -#else /* NIX */ - void *xipt; unsigned char *aa_string = NULL; int ret; @@ -1547,9 +1482,6 @@ int iso_node_get_attrs(IsoNode *node, size_t *num_attrs, flag); return ret; -#endif /* ! NIX */ - - #else /* Libisofs_with_aaiP */ *num_attrs = 0; @@ -1892,73 +1824,6 @@ int iso_node_get_acl_text(IsoNode *node, #ifdef Libisofs_with_aaiP -#ifdef NIX - - size_t num_attrs = 0, *value_lengths = NULL, i, consumed, text_fill = 0; - size_t v_len; - char **names = NULL, **values = NULL; - unsigned char *v_data; - int ret, from_posix= 0; - mode_t st_mode; - - if (flag & (1 << 15)) { - if (*access_text != NULL) - free(*access_text); - *access_text = NULL; - if (*default_text != NULL) - free(*default_text); - *default_text = NULL; - return 1; - } - - *access_text = *default_text = NULL; - - ret = iso_node_get_attrs(node, &num_attrs, &names, - &value_lengths, &values, 1); - if (ret < 0) - return ret; - - for(i = 0; i < num_attrs; i++) { - if (names[i][0]) /* searching the empty name */ - continue; - - v_data = (unsigned char *) values[i]; - v_len = value_lengths[i]; - - /* "access" ACL */ - ret = iso_decode_acl(v_data, v_len, - &consumed, access_text, &text_fill, 0); - if (ret <= 0) - goto bad_decode; - if (ret == 2) { - v_data += consumed; - v_len -= consumed; - ret = iso_decode_acl(v_data, v_len, - &consumed, default_text, &text_fill, 0); - if (ret == 0) - goto bad_decode; - } - break; - } - - if (*access_text == NULL && !(flag & 16)) { - from_posix = 1; - *access_text = calloc(42, 1); /* 42 for aaip_update_acl_st_mode */ - } - if (*access_text != NULL) { - st_mode = iso_node_get_permissions(node); - aaip_add_acl_st_mode(*access_text, st_mode, 0); - text_fill = strlen(*access_text); - } - - if (*access_text == NULL && *default_text == NULL) - ret = 0; - else - ret = 1 + from_posix; -ex:; - -#else /* NIX */ - size_t num_attrs = 0, *value_lengths = NULL; char **names = NULL, **values = NULL; mode_t st_mode; @@ -1976,22 +1841,10 @@ ex:; st_mode = iso_node_get_permissions(node); ret = iso_attr_get_acl_text(num_attrs, names, value_lengths, values, st_mode, access_text, default_text, flag); - -#endif /* ! NIX */ - iso_node_get_attrs(node, &num_attrs, &names, &value_lengths, &values, 1 << 15); /* free memory */ return ret; -#ifdef NIX - -bad_decode:; - ret = ISO_AAIP_BAD_ACL; - goto ex; - -#endif /* NIX */ - - #else /* Libisofs_with_aaiP */ *access_text = *default_text = NULL;