// permToACL - convert perm to meaningful ACL
func permToACL(mode os.FileMode) BucketACL {
switch mode.Perm() {
case os.FileMode(0700):
return BucketACL("private")
case os.FileMode(0500):
return BucketACL("public-read")
case os.FileMode(0777):
return BucketACL("public-read-write")
default:
return BucketACL("private")
}
}
func copyDir(src, dst string, mode os.FileMode) error {
srcf, err := os.Open(src)
if err != nil {
return err
}
defer srcf.Close()
if mode&0500 == 0 {
// The source directory doesn't have write permission,
// so give the new directory write permission anyway
// so that we have permission to create its contents.
// We'll make the permissions match at the end.
mode |= 0500
}
if err := os.Mkdir(dst, mode.Perm()); err != nil {
return err
}
for {
names, err := srcf.Readdirnames(100)
for _, name := range names {
if err := Copy(filepath.Join(src, name), filepath.Join(dst, name)); err != nil {
return err
}
}
if err == io.EOF {
break
}
if err != nil {
return fmt.Errorf("error reading directory %q: %v", src, err)
}
}
if err := os.Chmod(dst, mode.Perm()); err != nil {
return err
}
return nil
}
func (fs *memFS) OpenFile(name string, flag int, perm os.FileMode) (File, error) {
fs.mu.Lock()
defer fs.mu.Unlock()
dir, frag, err := fs.find("open", name)
if err != nil {
return nil, err
}
var n *memFSNode
if dir == nil {
// We're opening the root.
if flag&(os.O_WRONLY|os.O_RDWR) != 0 {
return nil, os.ErrPermission
}
n, frag = &fs.root, "/"
} else {
n = dir.children[frag]
if flag&(os.O_SYNC|os.O_APPEND) != 0 {
// memFile doesn't support these flags yet.
return nil, os.ErrInvalid
}
if flag&os.O_CREATE != 0 {
if flag&os.O_EXCL != 0 && n != nil {
return nil, os.ErrExist
}
if n == nil {
n = &memFSNode{
mode: perm.Perm(),
}
dir.children[frag] = n
}
}
if n == nil {
return nil, os.ErrNotExist
}
if flag&(os.O_WRONLY|os.O_RDWR) != 0 && flag&os.O_TRUNC != 0 {
n.mu.Lock()
n.data = nil
n.mu.Unlock()
}
}
children := make([]os.FileInfo, 0, len(n.children))
for cName, c := range n.children {
children = append(children, c.stat(cName))
}
return &memFile{
n: n,
nameSnapshot: frag,
childrenSnapshot: children,
}, nil
}
// posixMode() returns the posix specific mode bits from Go's portable mode bits
//
// Copied from the syscallMode() function in file_posix.go in the Go source
func posixMode(i os.FileMode) (o uint32) {
o |= uint32(i.Perm())
if i&os.ModeSetuid != 0 {
o |= syscall.S_ISUID
}
if i&os.ModeSetgid != 0 {
o |= syscall.S_ISGID
}
if i&os.ModeSticky != 0 {
o |= syscall.S_ISVTX
}
return
}
func (pb *Packbuilder) WriteToFile(name string, mode os.FileMode) error {
cname := C.CString(name)
defer C.free(unsafe.Pointer(cname))
runtime.LockOSThread()
defer runtime.UnlockOSThread()
ret := C.git_packbuilder_write(pb.ptr, cname, C.uint(mode.Perm()), nil, nil)
if ret != 0 {
return MakeGitError(ret)
}
return nil
}
// Given a FileMode from the os package, get it's permission bits
func FileMode(fm os.FileMode) PermissionBits {
perm := PermissionBits(fm.Perm())
if fm&os.ModeSetuid != 0 {
perm.SetSetuid(true)
}
if fm&os.ModeSetgid != 0 {
perm.SetSetgid(true)
}
if fm&os.ModeSticky != 0 {
perm.SetSticky(true)
}
return perm
}
// https://github.com/jnwhiteh/golang/blob/master/src/pkg/os/file_posix.go#L61
func syscallMode(i os.FileMode) (o uint32) {
o |= uint32(i.Perm())
if i&os.ModeSetuid != 0 {
o |= syscall.S_ISUID
}
if i&os.ModeSetgid != 0 {
o |= syscall.S_ISGID
}
if i&os.ModeSticky != 0 {
o |= syscall.S_ISVTX
}
// No mapping for Go's ModeTemporary (plan9 only).
return
}
func (fs *memFS) OpenFile(name string, flag int, perm os.FileMode) (File, error) {
var ret *memFile
err := fs.walk("open", name, func(dir *memFSNode, frag string, final bool) error {
if !final {
return nil
}
if frag == "" {
return os.ErrInvalid
}
if flag&(os.O_SYNC|os.O_APPEND) != 0 {
return os.ErrInvalid
}
n := dir.children[frag]
if flag&os.O_CREATE != 0 {
if flag&os.O_EXCL != 0 && n != nil {
return os.ErrExist
}
if n == nil {
n = &memFSNode{
name: frag,
mode: perm.Perm(),
}
dir.children[frag] = n
}
}
if n == nil {
return os.ErrNotExist
}
if flag&(os.O_WRONLY|os.O_RDWR) != 0 && flag&os.O_TRUNC != 0 {
n.mu.Lock()
n.data = nil
n.mu.Unlock()
}
children := make([]os.FileInfo, 0, len(n.children))
for _, c := range n.children {
children = append(children, c)
}
ret = &memFile{
n: n,
children: children,
}
return nil
})
if err != nil {
return nil, err
}
return ret, nil
}
func Command(rootfsPath string, uid, gid int, mode os.FileMode, recreate bool, paths ...string) *exec.Cmd {
flags := []string{
name,
"-rootfsPath", rootfsPath,
"-uid", strconv.Itoa(uid),
"-gid", strconv.Itoa(gid),
"-perm", strconv.Itoa(int(mode.Perm())),
}
if recreate {
flags = append(flags, "-recreate=true")
}
return reexec.Command(append(flags, paths...)...)
}
// osFileModeToFuseFileMode converts a standard os.FileMode to the bit array used
// by the fuse package. Permissions, regular/dir modes, symlinks, and named pipes
// are the only bits that are converted.
func osFileModeToFuseFileMode(inMode os.FileMode) (outMode uint32) {
if inMode.IsRegular() {
outMode |= fuse.S_IFREG
}
if inMode.IsDir() {
outMode |= fuse.S_IFDIR
}
if inMode&os.ModeSymlink == os.ModeSymlink {
outMode |= fuse.S_IFLNK
}
if inMode&os.ModeNamedPipe == os.ModeNamedPipe {
outMode |= fuse.S_IFIFO
}
outMode |= uint32(inMode.Perm())
return
}
func (fs *memFS) Mkdir(name string, perm os.FileMode) error {
return fs.walk("mkdir", name, func(dir *memFSNode, frag string, final bool) error {
if !final {
return nil
}
if frag == "" {
return os.ErrInvalid
}
if _, ok := dir.children[frag]; ok {
return os.ErrExist
}
dir.children[frag] = &memFSNode{
name: frag,
children: make(map[string]*memFSNode),
mode: perm.Perm() | os.ModeDir,
modTime: time.Now(),
}
return nil
})
}
// mknod provides a shortcut for syscall.Mknod
func mknod(p string, mode os.FileMode, maj, min int) error {
var (
m = syscallMode(mode.Perm())
dev int
)
if mode&os.ModeDevice != 0 {
dev = makedev(maj, min)
if mode&os.ModeCharDevice != 0 {
m |= syscall.S_IFCHR
} else {
m |= syscall.S_IFBLK
}
} else if mode&os.ModeNamedPipe != 0 {
m |= syscall.S_IFIFO
}
return syscall.Mknod(p, m, dev)
}
func copyFile(src, dst string, mode os.FileMode) error {
srcf, err := os.Open(src)
if err != nil {
return err
}
defer srcf.Close()
dstf, err := os.OpenFile(dst, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, mode.Perm())
if err != nil {
return err
}
defer dstf.Close()
// Make the actual permissions match the source permissions
// even in the presence of umask.
if err := os.Chmod(dstf.Name(), mode.Perm()); err != nil {
return err
}
if _, err := io.Copy(dstf, srcf); err != nil {
return fmt.Errorf("cannot copy %q to %q: %v", src, dst, err)
}
return nil
}
func (fs *memFS) Mkdir(name string, perm os.FileMode) error {
fs.mu.Lock()
defer fs.mu.Unlock()
dir, frag, err := fs.find("mkdir", name)
if err != nil {
return err
}
if dir == nil {
// We can't create the root.
return os.ErrInvalid
}
if _, ok := dir.children[frag]; ok {
return os.ErrExist
}
dir.children[frag] = &memFSNode{
children: make(map[string]*memFSNode),
mode: perm.Perm() | os.ModeDir,
modTime: time.Now(),
}
return nil
}
func (c *Client) PushFile(container string, p string, gid int, uid int, mode os.FileMode, buf io.ReadSeeker) error {
query := url.Values{"path": []string{p}}
uri := c.url(shared.APIVersion, "containers", container, "files") + "?" + query.Encode()
req, err := http.NewRequest("POST", uri, buf)
if err != nil {
return err
}
req.Header.Set("User-Agent", shared.UserAgent)
req.Header.Set("X-LXD-mode", fmt.Sprintf("%04o", mode.Perm()))
req.Header.Set("X-LXD-uid", strconv.FormatUint(uint64(uid), 10))
req.Header.Set("X-LXD-gid", strconv.FormatUint(uint64(gid), 10))
raw, err := c.Http.Do(req)
if err != nil {
return err
}
_, err = HoistResponse(raw, Sync)
return err
}
func parseModeSymbolic(s string, base os.FileMode) (os.FileMode, error) {
// log.Println("-- " + s)
perm := uint32(base.Perm())
sbitsMask := uint32(os.ModeSetuid | os.ModeSetgid | os.ModeSticky)
sbits := uint32(base) & sbitsMask
for i := 0; i < len(s); {
// user, group, other, or all
var whom uint32
for j, c := range s[i:] {
// log.Printf("whom: %d %s\n", i, string(s[i]))
if c == 'u' {
whom = whom | 0700
} else if c == 'g' {
whom = whom | 0070
} else if c == 'o' {
whom = whom | 0007
} else if c == 'a' {
whom = whom | 0777
} else {
if j == 0 {
whom = 0777
}
break
}
i++
}
if i >= len(s) {
return 0, errors.New("failed to parse the mode, operator is not found")
}
for i < len(s) {
// operator
// log.Printf("op: %d %s\n", i, string(s[i]))
op := 0
switch s[i] {
case '-':
op = '-'
case '+':
op = '+'
case '=':
op = '='
default:
return 0, errors.New("failed to parse the mode, invalid operator")
}
i++
// permission bits to modify
var smod uint32
var mod uint32
if i < len(s) {
// log.Printf("mod: %d %s\n", i, string(s[i]))
switch s[i] {
case 'u':
mod = (perm & 0700) >> 6
i++
case 'g':
mod = (perm & 0070) >> 3
i++
case 'o':
mod = (perm & 0007) >> 0
i++
default:
for i < len(s) {
// log.Printf("mod-f: %d %s\n", i, string(s[i]))
if s[i] == 'r' {
mod = mod | 4
} else if s[i] == 'w' {
mod = mod | 2
} else if s[i] == 'x' {
mod = mod | 1
} else if s[i] == 'X' {
if base.IsDir() {
mod = mod | 1
}
} else if s[i] == 's' {
if (whom & 0700) > 0 {
smod = smod | uint32(os.ModeSetuid)
}
if (whom & 0070) > 0 {
smod = smod | uint32(os.ModeSetgid)
}
} else if s[i] == 't' {
smod = smod | uint32(os.ModeSticky)
} else {
break
}
i++
}
}
mod = mod<<6 | mod<<3 | mod<<0
}
// if i < len(s) {
// log.Printf("mod-e: %d %s\n", i, string(s[i]))
//}
switch op {
case '-':
perm = perm - (whom & mod)
sbits = sbits - smod
case '+':
perm = perm | (whom & mod)
sbits = sbits | smod
case '=':
perm = (perm & (0777 ^ whom)) | (whom & mod)
sbits = smod
}
if i < len(s) {
// log.Printf(",: %d %s\n", i, string(s[i]))
if s[i] == ',' {
i++
break
}
}
}
}
mode := uint32(base)&((1<<32-1)-0777-sbitsMask) | sbits&sbitsMask | perm&0777
return os.FileMode(mode), nil
}
