Ticket #632: acl.2.patch

xapian-applications/omega/Makefile.am

@@ -154 +154 @@
 if NEED_MKDTEMP
 omindex_SOURCES += portability/mkdtemp.cc
 endif
-omindex_LDADD = $(MAGIC_LIBS) $(XAPIAN_LIBS)
+omindex_LDADD = $(MAGIC_LIBS) $(XAPIAN_LIBS) $(ACL_LIBS)
 
 scriptindex_SOURCES = scriptindex.cc myhtmlparse.cc htmlparse.cc\
  common/getopt.cc commonhelp.cc utils.cc hashterm.cc loadfile.cc\

xapian-applications/omega/configure.ac

@@ -155 +155 @@
     AC_DEFINE([GETGROUPLIST_TAKES_INT_P], 1, [Define if getgrouplist takes int *]))
 fi
 
+dnl ACL permission checks.
+AC_CHECK_HEADERS([acl/libacl.h])
+
+dnl Check ACL library
+AC_SUBST(ACL_LIBS, [])
+AC_CHECK_LIB(acl, acl_get_perm,        [AC_DEFINE([HAVE_ACL_GET_PERM], [],
+     [acl_get_perm is available]) AC_SUBST(ACL_LIBS, [-lacl])],)
+
 dnl Check for lstat() (not available under mingw for example).
 AC_CHECK_FUNCS(lstat)
 

xapian-applications/omega/diritor.h

@@ -56 +56 @@
     const std::string & what() const { return msg; }
 };
 
+#ifdef HAVE_ACL_LIBACL_H
+#include <sys/acl.h>
+#include <acl/libacl.h>
+#include <map>
+#include <string>
+using std::string;
+using std::map;
+#endif
+
 class DirectoryIterator {
 #if defined O_NOATIME && O_NOATIME != 0
     static uid_t euid;
@@ -167 +176 @@
         return statbuf.st_mtime;
     }
 
+#ifndef __WIN32__
+    const char * get_user_name(uid_t uid) {
+        struct passwd * pwentry = getpwuid(uid);
+        return pwentry ? pwentry->pw_name : "";
+    }
+    const char * get_group_name(gid_t gid) {
+        struct group * grentry = getgrgid(gid);
+        return grentry ? grentry->gr_name : "";
+    }
+#endif
+
     const char * get_owner() {
 #ifndef __WIN32__
         ensure_statbuf_valid();
-        struct passwd * pwentry = getpwuid(statbuf.st_uid);
-        return pwentry ? pwentry->pw_name : NULL;
+        return get_user_name(statbuf.st_uid);
 #else
         return NULL;
 #endif
     }
 
+#ifdef HAVE_ACL_LIBACL_H
+    int is_acl_readable(acl_entry_t acl_entry)
+    {
+        acl_permset_t permset;
+        acl_get_permset(acl_entry, &permset);
+        if (acl_get_perm(permset, ACL_READ) != 0)
+            return 1;
+        return 0;
+    }
+    void get_acls(map<string, int> *acl_users, map<string, int> *acl_groups) {
+        void* ptr_acl;
+        uid_t *acl_uid;
+        gid_t *acl_gid;
+        acl_t acl;
+        acl_entry_t acl_entry;
+        int entry_id=ACL_FIRST_ENTRY;
+        map<string, int>::const_iterator user;
+
+        acl = acl_get_file(path.c_str(), ACL_TYPE_ACCESS);
+        while (acl_get_entry(acl, entry_id, &acl_entry) == 1) {
+            acl_tag_t tag_type;
+            if (acl_get_tag_type(acl_entry, &tag_type) < 0)
+                break;
+            ptr_acl = acl_get_qualifier(acl_entry);
+            switch (tag_type) {
+                case ACL_USER:
+                    acl_uid = (uid_t*) ptr_acl;
+                    if (!acl_uid)
+                        break;
+                    (*acl_users)[get_user_name(*acl_uid)] = is_acl_readable(acl_entry);
+                    break;
+                case ACL_GROUP:
+                    acl_gid = (gid_t*) ptr_acl;
+                    if (!acl_gid)
+                        break;
+                    (*acl_groups)[get_group_name(*acl_gid)] = is_acl_readable(acl_entry);
+                    break;
+            }
+            entry_id = ACL_NEXT_ENTRY;
+        }
+        acl_free(ptr_acl);
+        acl_free(acl);
+    }
+#endif
+
     const char * get_group() {
 #ifndef __WIN32__
-        ensure_statbuf_valid();
-        struct group * grentry = getgrgid(statbuf.st_gid);
-        return grentry ? grentry->gr_name : NULL;
+        ensure_statbuf_valid();
+        return get_group_name(statbuf.st_gid);
 #else
-        return NULL;
+        return "";
 #endif
     }
 

xapian-applications/omega/omindex.cc

@@ -319 +319 @@
 {
     string ext;
     const char * dot_ptr = strrchr(d.leafname(), '.');
+#ifdef HAVE_ACL_LIBACL_H
+    map<string, int> acl_users;
+    map<string, int> acl_groups;
+    map<string, int>::iterator acl;
+#endif
+
     if (dot_ptr) {
         ext.assign(dot_ptr + 1);
         if (ext.size() > max_ext_len)
@@ -941 +947 @@
         newdocument.add_value(VALUE_SIZE,
                               Xapian::sortable_serialise(d.get_size()));
 
-        bool inc_tag_added = false;
-        if (d.is_other_readable()) {
-            inc_tag_added = true;
+        if (d.is_other_readable())
             newdocument.add_boolean_term("I*");
-        } else if (d.is_group_readable()) {
-            const char * group = d.get_group();
-            if (group) {
-                newdocument.add_boolean_term(string("I#") + group);
-            }
+
+        const char * group = d.get_group();
+        if (group) {
+            newdocument.add_boolean_term(string("G") + group);
+            if (d.is_group_readable())
+                newdocument.add_boolean_term(string("I#") + group);
         }
         const char * owner = d.get_owner();
         if (owner) {
             newdocument.add_boolean_term(string("O") + owner);
-            if (!inc_tag_added && d.is_owner_readable())
-                newdocument.add_boolean_term(string("I@") + owner);
+            if (d.is_owner_readable())
+                newdocument.add_boolean_term(string("I@") + owner);
         }
 
+#ifdef HAVE_ACL_LIBACL_H
+        d.get_acls(&acl_users, &acl_groups);
+        for (acl = acl_users.begin(); acl != acl_users.end(); ++acl) {
+            newdocument.add_boolean_term(string("O") + acl->first);
+            if (acl->second == 1)
+                newdocument.add_boolean_term(string("I@") + acl->first);
+        }
+        for (acl = acl_groups.begin(); acl != acl_groups.end(); ++acl) {
+            newdocument.add_boolean_term(string("G") + acl->first);
+            if (acl->second == 1)
+                newdocument.add_boolean_term(string("I#") + acl->first);
+        }
+#endif
         string ext_term("E");
         for (string::const_iterator i = ext.begin(); i != ext.end(); ++i) {
             char ch = *i;