search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
pyldb: Modernize test suite
[Samba.git] / source3 / modules / vfs_gpfs.c
blobee4c1f68129d159c46e008e7caabb391f0ece3cf
1 /*
2 * Unix SMB/CIFS implementation.
3 * Samba VFS module for GPFS filesystem
4 * Copyright (C) Christian Ambach <cambach1@de.ibm.com> 2006
5 * Copyright (C) Christof Schmitt 2015
6 * Major code contributions by Chetan Shringarpure <chetan.sh@in.ibm.com>
7 * and Gomati Mohanan <gomati.mohanan@in.ibm.com>
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, see <http://www.gnu.org/licenses/>.
21 */
22
23 #include "includes.h"
24 #include "smbd/smbd.h"
25 #include "librpc/gen_ndr/ndr_xattr.h"
26 #include "include/smbprofile.h"
27 #include "modules/non_posix_acls.h"
28 #include "libcli/security/security.h"
29 #include "nfs4_acls.h"
30 #include "system/filesys.h"
31 #include "auth.h"
32 #include "lib/util/tevent_unix.h"
33 #include "lib/util/gpfswrap.h"
34
35 #undef DBGC_CLASS
36 #define DBGC_CLASS DBGC_VFS
37
38 #ifndef GPFS_GETACL_NATIVE
39 #define GPFS_GETACL_NATIVE 0x00000004
40 #endif
41
42 struct gpfs_config_data {
43 bool sharemodes;
44 bool leases;
45 bool hsm;
46 bool syncio;
47 bool winattr;
48 bool ftruncate;
49 bool getrealfilename;
50 bool dfreequota;
51 bool prealloc;
52 bool acl;
53 bool settimes;
54 bool recalls;
55 };
56
57 struct gpfs_fsp_extension {
58 bool offline;
59 };
60
61 static inline unsigned int gpfs_acl_flags(gpfs_acl_t *gacl)
62 {
63 if (gacl->acl_level == GPFS_ACL_LEVEL_V4FLAGS) {
64 return gacl->v4Level1.acl_flags;
65 }
66 return 0;
67 }
68
69 static inline gpfs_ace_v4_t *gpfs_ace_ptr(gpfs_acl_t *gacl, unsigned int i)
70 {
71 if (gacl->acl_level == GPFS_ACL_LEVEL_V4FLAGS) {
72 return &gacl->v4Level1.ace_v4[i];
73 }
74 return &gacl->ace_v4[i];
75 }
76
77 static bool set_gpfs_sharemode(files_struct *fsp, uint32_t access_mask,
78 uint32_t share_access)
79 {
80 unsigned int allow = GPFS_SHARE_NONE;
81 unsigned int deny = GPFS_DENY_NONE;
82 int result;
83
84 if ((fsp == NULL) || (fsp->fh == NULL) || (fsp->fh->fd < 0)) {
85 /* No real file, don't disturb */
86 return True;
87 }
88
89 allow |= (access_mask & (FILE_WRITE_DATA|FILE_APPEND_DATA|
90 DELETE_ACCESS)) ? GPFS_SHARE_WRITE : 0;
91 allow |= (access_mask & (FILE_READ_DATA|FILE_EXECUTE)) ?
92 GPFS_SHARE_READ : 0;
93
94 if (allow == GPFS_SHARE_NONE) {
95 DEBUG(10, ("special case am=no_access:%x\n",access_mask));
96 }
97 else {
98 deny |= (share_access & FILE_SHARE_WRITE) ?
99 0 : GPFS_DENY_WRITE;
100 deny |= (share_access & (FILE_SHARE_READ)) ?
101 0 : GPFS_DENY_READ;
102 }
103 DEBUG(10, ("am=%x, allow=%d, sa=%x, deny=%d\n",
104 access_mask, allow, share_access, deny));
105
106 result = gpfswrap_set_share(fsp->fh->fd, allow, deny);
107 if (result != 0) {
108 if (errno == ENOSYS) {
109 DEBUG(5, ("VFS module vfs_gpfs loaded, but gpfs "
110 "set_share function support not available. "
111 "Allowing access\n"));
112 return True;
113 } else {
114 DEBUG(10, ("gpfs_set_share failed: %s\n",
115 strerror(errno)));
116 }
117 }
118
119 return (result == 0);
120 }
121
122 static int vfs_gpfs_kernel_flock(vfs_handle_struct *handle, files_struct *fsp,
123 uint32_t share_mode, uint32_t access_mask)
124 {
125
126 struct gpfs_config_data *config;
127 int ret = 0;
128
129 SMB_VFS_HANDLE_GET_DATA(handle, config,
130 struct gpfs_config_data,
131 return -1);
132
133 if(!config->sharemodes) {
134 return 0;
135 }
136
137 /*
138 * A named stream fsp will have the basefile open in the fsp
139 * fd, so lacking a distinct fd for the stream we have to skip
140 * kernel_flock and set_gpfs_sharemode for stream.
141 */
142 if (!is_ntfs_default_stream_smb_fname(fsp->fsp_name)) {
143 DEBUG(2,("%s: kernel_flock on stream\n", fsp_str_dbg(fsp)));
144 return 0;
145 }
146
147 START_PROFILE(syscall_kernel_flock);
148
149 kernel_flock(fsp->fh->fd, share_mode, access_mask);
150
151 if (!set_gpfs_sharemode(fsp, access_mask, fsp->share_access)) {
152 ret = -1;
153 }
154
155 END_PROFILE(syscall_kernel_flock);
156
157 return ret;
158 }
159
160 static int vfs_gpfs_close(vfs_handle_struct *handle, files_struct *fsp)
161 {
162
163 struct gpfs_config_data *config;
164
165 SMB_VFS_HANDLE_GET_DATA(handle, config,
166 struct gpfs_config_data,
167 return -1);
168
169 if (config->sharemodes && (fsp->fh != NULL) && (fsp->fh->fd != -1)) {
170 set_gpfs_sharemode(fsp, 0, 0);
171 }
172
173 return SMB_VFS_NEXT_CLOSE(handle, fsp);
174 }
175
176 static int set_gpfs_lease(int fd, int leasetype)
177 {
178 int gpfs_type = GPFS_LEASE_NONE;
179
180 if (leasetype == F_RDLCK) {
181 gpfs_type = GPFS_LEASE_READ;
182 }
183 if (leasetype == F_WRLCK) {
184 gpfs_type = GPFS_LEASE_WRITE;
185 }
186
187 /* we unconditionally set CAP_LEASE, rather than looking for
188 -1/EACCES as there is a bug in some versions of
189 libgpfs_gpl.so which results in a leaked fd on /dev/ss0
190 each time we try this with the wrong capabilities set
191 */
192 linux_set_lease_capability();
193 return gpfswrap_set_lease(fd, gpfs_type);
194 }
195
196 static int vfs_gpfs_setlease(vfs_handle_struct *handle, files_struct *fsp,
197 int leasetype)
198 {
199 struct gpfs_config_data *config;
200 int ret=0;
201
202 SMB_VFS_HANDLE_GET_DATA(handle, config,
203 struct gpfs_config_data,
204 return -1);
205
206 START_PROFILE(syscall_linux_setlease);
207
208 if (linux_set_lease_sighandler(fsp->fh->fd) == -1) {
209 ret = -1;
210 goto failure;
211 }
212
213 if (config->leases) {
214 /*
215 * Ensure the lease owner is root to allow
216 * correct delivery of lease-break signals.
217 */
218 become_root();
219 ret = set_gpfs_lease(fsp->fh->fd,leasetype);
220 unbecome_root();
221 }
222
223 failure:
224 END_PROFILE(syscall_linux_setlease);
225
226 return ret;
227 }
228
229 static int vfs_gpfs_get_real_filename(struct vfs_handle_struct *handle,
230 const char *path,
231 const char *name,
232 TALLOC_CTX *mem_ctx,
233 char **found_name)
234 {
235 int result;
236 char *full_path;
237 char real_pathname[PATH_MAX+1];
238 int buflen;
239 bool mangled;
240 struct gpfs_config_data *config;
241
242 SMB_VFS_HANDLE_GET_DATA(handle, config,
243 struct gpfs_config_data,
244 return -1);
245
246 if (!config->getrealfilename) {
247 return SMB_VFS_NEXT_GET_REAL_FILENAME(handle, path, name,
248 mem_ctx, found_name);
249 }
250
251 mangled = mangle_is_mangled(name, handle->conn->params);
252 if (mangled) {
253 return SMB_VFS_NEXT_GET_REAL_FILENAME(handle, path, name,
254 mem_ctx, found_name);
255 }
256
257 full_path = talloc_asprintf(talloc_tos(), "%s/%s", path, name);
258 if (full_path == NULL) {
259 errno = ENOMEM;
260 return -1;
261 }
262
263 buflen = sizeof(real_pathname) - 1;
264
265 result = gpfswrap_get_realfilename_path(full_path, real_pathname,
266 &buflen);
267
268 TALLOC_FREE(full_path);
269
270 if ((result == -1) && (errno == ENOSYS)) {
271 return SMB_VFS_NEXT_GET_REAL_FILENAME(
272 handle, path, name, mem_ctx, found_name);
273 }
274
275 if (result == -1) {
276 DEBUG(10, ("smbd_gpfs_get_realfilename_path returned %s\n",
277 strerror(errno)));
278 return -1;
279 }
280
281 /*
282 * GPFS does not necessarily null-terminate the returned path
283 * but instead returns the buffer length in buflen.
284 */
285
286 if (buflen < sizeof(real_pathname)) {
287 real_pathname[buflen] = '\0';
288 } else {
289 real_pathname[sizeof(real_pathname)-1] = '\0';
290 }
291
292 DEBUG(10, ("smbd_gpfs_get_realfilename_path: %s/%s -> %s\n",
293 path, name, real_pathname));
294
295 name = strrchr_m(real_pathname, '/');
296 if (name == NULL) {
297 errno = ENOENT;
298 return -1;
299 }
300
301 *found_name = talloc_strdup(mem_ctx, name+1);
302 if (*found_name == NULL) {
303 errno = ENOMEM;
304 return -1;
305 }
306
307 return 0;
308 }
309
310 static void sd2gpfs_control(uint16_t control, struct gpfs_acl *gacl)
311 {
312 unsigned int gpfs_aclflags = 0;
313 control &= SEC_DESC_DACL_PROTECTED | SEC_DESC_SACL_PROTECTED |
314 SEC_DESC_DACL_AUTO_INHERITED | SEC_DESC_SACL_AUTO_INHERITED |
315 SEC_DESC_DACL_DEFAULTED | SEC_DESC_SACL_DEFAULTED |
316 SEC_DESC_DACL_PRESENT | SEC_DESC_SACL_PRESENT;
317 gpfs_aclflags = control << 8;
318 if (!(control & SEC_DESC_DACL_PRESENT))
319 gpfs_aclflags |= ACL4_FLAG_NULL_DACL;
320 if (!(control & SEC_DESC_SACL_PRESENT))
321 gpfs_aclflags |= ACL4_FLAG_NULL_SACL;
322 gacl->acl_level = GPFS_ACL_LEVEL_V4FLAGS;
323 gacl->v4Level1.acl_flags = gpfs_aclflags;
324 }
325
326 static uint16_t gpfs2sd_control(unsigned int gpfs_aclflags)
327 {
328 uint16_t control = gpfs_aclflags >> 8;
329 control &= SEC_DESC_DACL_PROTECTED | SEC_DESC_SACL_PROTECTED |
330 SEC_DESC_DACL_AUTO_INHERITED | SEC_DESC_SACL_AUTO_INHERITED |
331 SEC_DESC_DACL_DEFAULTED | SEC_DESC_SACL_DEFAULTED |
332 SEC_DESC_DACL_PRESENT | SEC_DESC_SACL_PRESENT;
333 control |= SEC_DESC_SELF_RELATIVE;
334 return control;
335 }
336
337 static void gpfs_dumpacl(int level, struct gpfs_acl *gacl)
338 {
339 gpfs_aclCount_t i;
340 if (gacl==NULL)
341 {
342 DEBUG(0, ("gpfs acl is NULL\n"));
343 return;
344 }
345
346 DEBUG(level, ("len: %d, level: %d, version: %d, nace: %d, "
347 "control: %x\n",
348 gacl->acl_len, gacl->acl_level, gacl->acl_version,
349 gacl->acl_nace, gpfs_acl_flags(gacl)));
350
351 for(i=0; i<gacl->acl_nace; i++)
352 {
353 struct gpfs_ace_v4 *gace = gpfs_ace_ptr(gacl, i);
354 DEBUG(level, ("\tace[%d]: type:%d, flags:0x%x, mask:0x%x, "
355 "iflags:0x%x, who:%u\n",
356 i, gace->aceType, gace->aceFlags, gace->aceMask,
357 gace->aceIFlags, gace->aceWho));
358 }
359 }
360
361 /*
362 * get the ACL from GPFS, allocated on the specified mem_ctx
363 * internally retries when initial buffer was too small
364 *
365 * caller needs to cast result to either
366 * raw = yes: struct gpfs_opaque_acl
367 * raw = no: struct gpfs_acl
368 *
369 */
370 static void *vfs_gpfs_getacl(TALLOC_CTX *mem_ctx,
371 const char *fname,
372 const bool raw,
373 const gpfs_aclType_t type)
374 {
375
376 void *aclbuf;
377 size_t size = 512;
378 int ret, flags;
379 unsigned int *len;
380 size_t struct_size;
381
382 again:
383
384 aclbuf = talloc_zero_size(mem_ctx, size);
385 if (aclbuf == NULL) {
386 errno = ENOMEM;
387 return NULL;
388 }
389
390 if (raw) {
391 struct gpfs_opaque_acl *buf = (struct gpfs_opaque_acl *) aclbuf;
392 buf->acl_type = type;
393 flags = GPFS_GETACL_NATIVE;
394 len = (unsigned int *) &(buf->acl_buffer_len);
395 struct_size = sizeof(struct gpfs_opaque_acl);
396 } else {
397 struct gpfs_acl *buf = (struct gpfs_acl *) aclbuf;
398 buf->acl_type = type;
399 buf->acl_level = GPFS_ACL_LEVEL_V4FLAGS;
400 flags = GPFS_GETACL_STRUCT;
401 len = &(buf->acl_len);
402 /* reserve space for control flags in gpfs 3.5 and beyond */
403 struct_size = sizeof(struct gpfs_acl) + sizeof(unsigned int);
404 }
405
406 /* set the length of the buffer as input value */
407 *len = size;
408
409 errno = 0;
410 ret = gpfswrap_getacl(discard_const_p(char, fname), flags, aclbuf);
411 if ((ret != 0) && (errno == ENOSPC)) {
412 /*
413 * get the size needed to accommodate the complete buffer
414 *
415 * the value returned only applies to the ACL blob in the
416 * struct so make sure to also have headroom for the first
417 * struct members by adding room for the complete struct
418 * (might be a few bytes too much then)
419 */
420 size = *len + struct_size;
421 talloc_free(aclbuf);
422 DEBUG(10, ("Increasing ACL buffer size to %zu\n", size));
423 goto again;
424 }
425
426 if (ret != 0) {
427 DEBUG(5, ("smbd_gpfs_getacl failed with %s\n",
428 strerror(errno)));
429 talloc_free(aclbuf);
430 return NULL;
431 }
432
433 return aclbuf;
434 }
435
436 /* Tries to get nfs4 acls and returns SMB ACL allocated.
437 * On failure returns 1 if it got non-NFSv4 ACL to prompt
438 * retry with POSIX ACL checks.
439 * On failure returns -1 if there is system (GPFS) error, check errno.
440 * Returns 0 on success
441 */
442 static int gpfs_get_nfs4_acl(TALLOC_CTX *mem_ctx, const char *fname,
443 struct SMB4ACL_T **ppacl)
444 {
445 gpfs_aclCount_t i;
446 struct gpfs_acl *gacl = NULL;
447 DEBUG(10, ("gpfs_get_nfs4_acl invoked for %s\n", fname));
448
449 /* Get the ACL */
450 gacl = (struct gpfs_acl*) vfs_gpfs_getacl(talloc_tos(), fname,
451 false, 0);
452 if (gacl == NULL) {
453 DEBUG(9, ("gpfs_getacl failed for %s with %s\n",
454 fname, strerror(errno)));
455 if (errno == ENODATA) {
456 /*
457 * GPFS returns ENODATA for snapshot
458 * directories. Retry with POSIX ACLs check.
459 */
460 return 1;
461 }
462
463 return -1;
464 }
465
466 if (gacl->acl_type != GPFS_ACL_TYPE_NFS4) {
467 DEBUG(10, ("Got non-nfsv4 acl\n"));
468 /* Retry with POSIX ACLs check */
469 talloc_free(gacl);
470 return 1;
471 }
472
473 *ppacl = smb_create_smb4acl(mem_ctx);
474
475 if (gacl->acl_level == GPFS_ACL_LEVEL_V4FLAGS) {
476 uint16_t control = gpfs2sd_control(gpfs_acl_flags(gacl));
477 smbacl4_set_controlflags(*ppacl, control);
478 }
479
480 DEBUG(10, ("len: %d, level: %d, version: %d, nace: %d, control: %x\n",
481 gacl->acl_len, gacl->acl_level, gacl->acl_version,
482 gacl->acl_nace, gpfs_acl_flags(gacl)));
483
484 for (i=0; i<gacl->acl_nace; i++) {
485 struct gpfs_ace_v4 *gace = gpfs_ace_ptr(gacl, i);
486 SMB_ACE4PROP_T smbace = { 0 };
487 DEBUG(10, ("type: %d, iflags: %x, flags: %x, mask: %x, "
488 "who: %d\n", gace->aceType, gace->aceIFlags,
489 gace->aceFlags, gace->aceMask, gace->aceWho));
490
491 if (gace->aceIFlags & ACE4_IFLAG_SPECIAL_ID) {
492 smbace.flags |= SMB_ACE4_ID_SPECIAL;
493 switch (gace->aceWho) {
494 case ACE4_SPECIAL_OWNER:
495 smbace.who.special_id = SMB_ACE4_WHO_OWNER;
496 break;
497 case ACE4_SPECIAL_GROUP:
498 smbace.who.special_id = SMB_ACE4_WHO_GROUP;
499 break;
500 case ACE4_SPECIAL_EVERYONE:
501 smbace.who.special_id = SMB_ACE4_WHO_EVERYONE;
502 break;
503 default:
504 DEBUG(8, ("invalid special gpfs id %d "
505 "ignored\n", gace->aceWho));
506 continue; /* don't add it */
507 }
508 } else {
509 if (gace->aceFlags & ACE4_FLAG_GROUP_ID)
510 smbace.who.gid = gace->aceWho;
511 else
512 smbace.who.uid = gace->aceWho;
513 }
514
515 /* remove redundant deny entries */
516 if (i > 0 && gace->aceType == SMB_ACE4_ACCESS_DENIED_ACE_TYPE) {
517 struct gpfs_ace_v4 *prev = gpfs_ace_ptr(gacl, i - 1);
518 if (prev->aceType == SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE &&
519 prev->aceFlags == gace->aceFlags &&
520 prev->aceIFlags == gace->aceIFlags &&
521 (gace->aceMask & prev->aceMask) == 0 &&
522 gace->aceWho == prev->aceWho) {
523 /* it's redundant - skip it */
524 continue;
525 }
526 }
527
528 smbace.aceType = gace->aceType;
529 smbace.aceFlags = gace->aceFlags;
530 smbace.aceMask = gace->aceMask;
531 smb_add_ace4(*ppacl, &smbace);
532 }
533
534 talloc_free(gacl);
535
536 return 0;
537 }
538
539 static NTSTATUS gpfsacl_fget_nt_acl(vfs_handle_struct *handle,
540 files_struct *fsp, uint32_t security_info,
541 TALLOC_CTX *mem_ctx,
542 struct security_descriptor **ppdesc)
543 {
544 struct SMB4ACL_T *pacl = NULL;
545 int result;
546 struct gpfs_config_data *config;
547 TALLOC_CTX *frame = talloc_stackframe();
548 NTSTATUS status;
549
550 *ppdesc = NULL;
551
552 SMB_VFS_HANDLE_GET_DATA(handle, config,
553 struct gpfs_config_data,
554 return NT_STATUS_INTERNAL_ERROR);
555
556 if (!config->acl) {
557 status = SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info,
558 mem_ctx, ppdesc);
559 TALLOC_FREE(frame);
560 return status;
561 }
562
563 result = gpfs_get_nfs4_acl(frame, fsp->fsp_name->base_name, &pacl);
564
565 if (result == 0) {
566 status = smb_fget_nt_acl_nfs4(fsp, security_info, mem_ctx,
567 ppdesc, pacl);
568 TALLOC_FREE(frame);
569 return status;
570 }
571
572 if (result > 0) {
573 DEBUG(10, ("retrying with posix acl...\n"));
574 status = posix_fget_nt_acl(fsp, security_info,
575 mem_ctx, ppdesc);
576 TALLOC_FREE(frame);
577 return status;
578 }
579
580 TALLOC_FREE(frame);
581
582 /* GPFS ACL was not read, something wrong happened, error code is set in errno */
583 return map_nt_error_from_unix(errno);
584 }
585
586 static NTSTATUS gpfsacl_get_nt_acl(vfs_handle_struct *handle,
587 const char *name,
588 uint32_t security_info,
589 TALLOC_CTX *mem_ctx, struct security_descriptor **ppdesc)
590 {
591 struct SMB4ACL_T *pacl = NULL;
592 int result;
593 struct gpfs_config_data *config;
594 TALLOC_CTX *frame = talloc_stackframe();
595 NTSTATUS status;
596
597 *ppdesc = NULL;
598
599 SMB_VFS_HANDLE_GET_DATA(handle, config,
600 struct gpfs_config_data,
601 return NT_STATUS_INTERNAL_ERROR);
602
603 if (!config->acl) {
604 status = SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info,
605 mem_ctx, ppdesc);
606 TALLOC_FREE(frame);
607 return status;
608 }
609
610 result = gpfs_get_nfs4_acl(frame, name, &pacl);
611
612 if (result == 0) {
613 status = smb_get_nt_acl_nfs4(handle->conn, name, security_info,
614 mem_ctx, ppdesc, pacl);
615 TALLOC_FREE(frame);
616 return status;
617 }
618
619 if (result > 0) {
620 DEBUG(10, ("retrying with posix acl...\n"));
621 status = posix_get_nt_acl(handle->conn, name, security_info,
622 mem_ctx, ppdesc);
623 TALLOC_FREE(frame);
624 return status;
625 }
626
627 /* GPFS ACL was not read, something wrong happened, error code is set in errno */
628 TALLOC_FREE(frame);
629 return map_nt_error_from_unix(errno);
630 }
631
632 static struct gpfs_acl *vfs_gpfs_smbacl2gpfsacl(TALLOC_CTX *mem_ctx,
633 files_struct *fsp,
634 struct SMB4ACL_T *smbacl,
635 bool controlflags)
636 {
637 struct gpfs_acl *gacl;
638 gpfs_aclLen_t gacl_len;
639 struct SMB4ACE_T *smbace;
640
641 gacl_len = offsetof(gpfs_acl_t, ace_v4) + sizeof(unsigned int)
642 + smb_get_naces(smbacl) * sizeof(gpfs_ace_v4_t);
643
644 gacl = (struct gpfs_acl *)TALLOC_SIZE(mem_ctx, gacl_len);
645 if (gacl == NULL) {
646 DEBUG(0, ("talloc failed\n"));
647 errno = ENOMEM;
648 return NULL;
649 }
650
651 gacl->acl_level = GPFS_ACL_LEVEL_BASE;
652 gacl->acl_version = GPFS_ACL_VERSION_NFS4;
653 gacl->acl_type = GPFS_ACL_TYPE_NFS4;
654 gacl->acl_nace = 0; /* change later... */
655
656 if (controlflags) {
657 gacl->acl_level = GPFS_ACL_LEVEL_V4FLAGS;
658 sd2gpfs_control(smbacl4_get_controlflags(smbacl), gacl);
659 }
660
661 for (smbace=smb_first_ace4(smbacl); smbace!=NULL; smbace = smb_next_ace4(smbace)) {
662 struct gpfs_ace_v4 *gace = gpfs_ace_ptr(gacl, gacl->acl_nace);
663 SMB_ACE4PROP_T *aceprop = smb_get_ace4(smbace);
664
665 gace->aceType = aceprop->aceType;
666 gace->aceFlags = aceprop->aceFlags;
667 gace->aceMask = aceprop->aceMask;
668
669 /*
670 * GPFS can't distinguish between WRITE and APPEND on
671 * files, so one being set without the other is an
672 * error. Sorry for the many ()'s :-)
673 */
674
675 if (!fsp->is_directory
676 &&
677 ((((gace->aceMask & ACE4_MASK_WRITE) == 0)
678 && ((gace->aceMask & ACE4_MASK_APPEND) != 0))
679 ||
680 (((gace->aceMask & ACE4_MASK_WRITE) != 0)
681 && ((gace->aceMask & ACE4_MASK_APPEND) == 0)))
682 &&
683 lp_parm_bool(fsp->conn->params->service, "gpfs",
684 "merge_writeappend", True)) {
685 DEBUG(2, ("vfs_gpfs.c: file [%s]: ACE contains "
686 "WRITE^APPEND, setting WRITE|APPEND\n",
687 fsp_str_dbg(fsp)));
688 gace->aceMask |= ACE4_MASK_WRITE|ACE4_MASK_APPEND;
689 }
690
691 gace->aceIFlags = (aceprop->flags&SMB_ACE4_ID_SPECIAL) ? ACE4_IFLAG_SPECIAL_ID : 0;
692
693 if (aceprop->flags&SMB_ACE4_ID_SPECIAL)
694 {
695 switch(aceprop->who.special_id)
696 {
697 case SMB_ACE4_WHO_EVERYONE:
698 gace->aceWho = ACE4_SPECIAL_EVERYONE;
699 break;
700 case SMB_ACE4_WHO_OWNER:
701 gace->aceWho = ACE4_SPECIAL_OWNER;
702 break;
703 case SMB_ACE4_WHO_GROUP:
704 gace->aceWho = ACE4_SPECIAL_GROUP;
705 break;
706 default:
707 DEBUG(8, ("unsupported special_id %d\n", aceprop->who.special_id));
708 continue; /* don't add it !!! */
709 }
710 } else {
711 /* just only for the type safety... */
712 if (aceprop->aceFlags&SMB_ACE4_IDENTIFIER_GROUP)
713 gace->aceWho = aceprop->who.gid;
714 else
715 gace->aceWho = aceprop->who.uid;
716 }
717
718 gacl->acl_nace++;
719 }
720 gacl->acl_len = (char *)gpfs_ace_ptr(gacl, gacl->acl_nace)
721 - (char *)gacl;
722 return gacl;
723 }
724
725 static bool gpfsacl_process_smbacl(vfs_handle_struct *handle,
726 files_struct *fsp,
727 struct SMB4ACL_T *smbacl)
728 {
729 int ret;
730 struct gpfs_acl *gacl;
731 TALLOC_CTX *mem_ctx = talloc_tos();
732
733 gacl = vfs_gpfs_smbacl2gpfsacl(mem_ctx, fsp, smbacl, true);
734 if (gacl == NULL) { /* out of memory */
735 return False;
736 }
737 ret = gpfswrap_putacl(fsp->fsp_name->base_name,
738 GPFS_PUTACL_STRUCT | GPFS_ACL_SAMBA, gacl);
739
740 if ((ret != 0) && (errno == EINVAL)) {
741 DEBUG(10, ("Retry without nfs41 control flags\n"));
742 talloc_free(gacl);
743 gacl = vfs_gpfs_smbacl2gpfsacl(mem_ctx, fsp, smbacl, false);
744 if (gacl == NULL) { /* out of memory */
745 return False;
746 }
747 ret = gpfswrap_putacl(fsp->fsp_name->base_name,
748 GPFS_PUTACL_STRUCT | GPFS_ACL_SAMBA,
749 gacl);
750 }
751
752 if (ret != 0) {
753 DEBUG(8, ("gpfs_putacl failed with %s\n", strerror(errno)));
754 gpfs_dumpacl(8, gacl);
755 return False;
756 }
757
758 DEBUG(10, ("gpfs_putacl succeeded\n"));
759 return True;
760 }
761
762 static NTSTATUS gpfsacl_set_nt_acl_internal(vfs_handle_struct *handle, files_struct *fsp, uint32_t security_info_sent, const struct security_descriptor *psd)
763 {
764 struct gpfs_acl *acl;
765 NTSTATUS result = NT_STATUS_ACCESS_DENIED;
766
767 acl = (struct gpfs_acl*) vfs_gpfs_getacl(talloc_tos(),
768 fsp->fsp_name->base_name,
769 false, 0);
770 if (acl == NULL) {
771 return map_nt_error_from_unix(errno);
772 }
773
774 if (acl->acl_version == GPFS_ACL_VERSION_NFS4) {
775 if (lp_parm_bool(fsp->conn->params->service, "gpfs",
776 "refuse_dacl_protected", false)
777 && (psd->type&SEC_DESC_DACL_PROTECTED)) {
778 DEBUG(2, ("Rejecting unsupported ACL with DACL_PROTECTED bit set\n"));
779 talloc_free(acl);
780 return NT_STATUS_NOT_SUPPORTED;
781 }
782
783 result = smb_set_nt_acl_nfs4(handle,
784 fsp, security_info_sent, psd,
785 gpfsacl_process_smbacl);
786 } else { /* assume POSIX ACL - by default... */
787 result = set_nt_acl(fsp, security_info_sent, psd);
788 }
789
790 talloc_free(acl);
791 return result;
792 }
793
794 static NTSTATUS gpfsacl_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32_t security_info_sent, const struct security_descriptor *psd)
795 {
796 struct gpfs_config_data *config;
797
798 SMB_VFS_HANDLE_GET_DATA(handle, config,
799 struct gpfs_config_data,
800 return NT_STATUS_INTERNAL_ERROR);
801
802 if (!config->acl) {
803 return SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
804 }
805
806 return gpfsacl_set_nt_acl_internal(handle, fsp, security_info_sent, psd);
807 }
808
809 static SMB_ACL_T gpfs2smb_acl(const struct gpfs_acl *pacl, TALLOC_CTX *mem_ctx)
810 {
811 SMB_ACL_T result;
812 gpfs_aclCount_t i;
813
814 result = sys_acl_init(mem_ctx);
815 if (result == NULL) {
816 errno = ENOMEM;
817 return NULL;
818 }
819
820 result->count = pacl->acl_nace;
821 result->acl = talloc_realloc(result, result->acl, struct smb_acl_entry,
822 result->count);
823 if (result->acl == NULL) {
824 TALLOC_FREE(result);
825 errno = ENOMEM;
826 return NULL;
827 }
828
829 for (i=0; i<pacl->acl_nace; i++) {
830 struct smb_acl_entry *ace = &result->acl[i];
831 const struct gpfs_ace_v1 *g_ace = &pacl->ace_v1[i];
832
833 DEBUG(10, ("Converting type %d id %lu perm %x\n",
834 (int)g_ace->ace_type, (unsigned long)g_ace->ace_who,
835 (int)g_ace->ace_perm));
836
837 switch (g_ace->ace_type) {
838 case GPFS_ACL_USER:
839 ace->a_type = SMB_ACL_USER;
840 ace->info.user.uid = (uid_t)g_ace->ace_who;
841 break;
842 case GPFS_ACL_USER_OBJ:
843 ace->a_type = SMB_ACL_USER_OBJ;
844 break;
845 case GPFS_ACL_GROUP:
846 ace->a_type = SMB_ACL_GROUP;
847 ace->info.group.gid = (gid_t)g_ace->ace_who;
848 break;
849 case GPFS_ACL_GROUP_OBJ:
850 ace->a_type = SMB_ACL_GROUP_OBJ;
851 break;
852 case GPFS_ACL_OTHER:
853 ace->a_type = SMB_ACL_OTHER;
854 break;
855 case GPFS_ACL_MASK:
856 ace->a_type = SMB_ACL_MASK;
857 break;
858 default:
859 DEBUG(10, ("Got invalid ace_type: %d\n",
860 g_ace->ace_type));
861 TALLOC_FREE(result);
862 errno = EINVAL;
863 return NULL;
864 }
865
866 ace->a_perm = 0;
867 ace->a_perm |= (g_ace->ace_perm & ACL_PERM_READ) ?
868 SMB_ACL_READ : 0;
869 ace->a_perm |= (g_ace->ace_perm & ACL_PERM_WRITE) ?
870 SMB_ACL_WRITE : 0;
871 ace->a_perm |= (g_ace->ace_perm & ACL_PERM_EXECUTE) ?
872 SMB_ACL_EXECUTE : 0;
873
874 DEBUGADD(10, ("Converted to %d perm %x\n",
875 ace->a_type, ace->a_perm));
876 }
877
878 return result;
879 }
880
881 static SMB_ACL_T gpfsacl_get_posix_acl(const char *path, gpfs_aclType_t type,
882 TALLOC_CTX *mem_ctx)
883 {
884 struct gpfs_acl *pacl;
885 SMB_ACL_T result = NULL;
886
887 pacl = vfs_gpfs_getacl(talloc_tos(), path, false, type);
888
889 if (pacl == NULL) {
890 DEBUG(10, ("vfs_gpfs_getacl failed for %s with %s\n",
891 path, strerror(errno)));
892 if (errno == 0) {
893 errno = EINVAL;
894 }
895 goto done;
896 }
897
898 if (pacl->acl_version != GPFS_ACL_VERSION_POSIX) {
899 DEBUG(10, ("Got acl version %d, expected %d\n",
900 pacl->acl_version, GPFS_ACL_VERSION_POSIX));
901 errno = EINVAL;
902 goto done;
903 }
904
905 DEBUG(10, ("len: %d, level: %d, version: %d, nace: %d\n",
906 pacl->acl_len, pacl->acl_level, pacl->acl_version,
907 pacl->acl_nace));
908
909 result = gpfs2smb_acl(pacl, mem_ctx);
910 if (result != NULL) {
911 errno = 0;
912 }
913
914 done:
915
916 if (pacl != NULL) {
917 talloc_free(pacl);
918 }
919 if (errno != 0) {
920 TALLOC_FREE(result);
921 }
922 return result;
923 }
924
925 static SMB_ACL_T gpfsacl_sys_acl_get_file(vfs_handle_struct *handle,
926 const char *path_p,
927 SMB_ACL_TYPE_T type,
928 TALLOC_CTX *mem_ctx)
929 {
930 gpfs_aclType_t gpfs_type;
931 struct gpfs_config_data *config;
932
933 SMB_VFS_HANDLE_GET_DATA(handle, config,
934 struct gpfs_config_data,
935 return NULL);
936
937 if (!config->acl) {
938 return SMB_VFS_NEXT_SYS_ACL_GET_FILE(handle, path_p,
939 type, mem_ctx);
940 }
941
942 switch(type) {
943 case SMB_ACL_TYPE_ACCESS:
944 gpfs_type = GPFS_ACL_TYPE_ACCESS;
945 break;
946 case SMB_ACL_TYPE_DEFAULT:
947 gpfs_type = GPFS_ACL_TYPE_DEFAULT;
948 break;
949 default:
950 DEBUG(0, ("Got invalid type: %d\n", type));
951 smb_panic("exiting");
952 }
953
954 return gpfsacl_get_posix_acl(path_p, gpfs_type, mem_ctx);
955 }
956
957 static SMB_ACL_T gpfsacl_sys_acl_get_fd(vfs_handle_struct *handle,
958 files_struct *fsp,
959 TALLOC_CTX *mem_ctx)
960 {
961 struct gpfs_config_data *config;
962
963 SMB_VFS_HANDLE_GET_DATA(handle, config,
964 struct gpfs_config_data,
965 return NULL);
966
967 if (!config->acl) {
968 return SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp, mem_ctx);
969 }
970
971 return gpfsacl_get_posix_acl(fsp->fsp_name->base_name,
972 GPFS_ACL_TYPE_ACCESS, mem_ctx);
973 }
974
975 static int gpfsacl_sys_acl_blob_get_file(vfs_handle_struct *handle,
976 const char *path_p,
977 TALLOC_CTX *mem_ctx,
978 char **blob_description,
979 DATA_BLOB *blob)
980 {
981 struct gpfs_config_data *config;
982 struct gpfs_opaque_acl *acl = NULL;
983 DATA_BLOB aclblob;
984 int result;
985
986 SMB_VFS_HANDLE_GET_DATA(handle, config,
987 struct gpfs_config_data,
988 return -1);
989
990 if (!config->acl) {
991 return SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FILE(handle, path_p,
992 mem_ctx,
993 blob_description,
994 blob);
995 }
996
997 errno = 0;
998 acl = (struct gpfs_opaque_acl *)
999 vfs_gpfs_getacl(mem_ctx,
1000 path_p,
1001 true,
1002 GPFS_ACL_TYPE_NFS4);
1003
1004 if (errno) {
1005 DEBUG(5, ("vfs_gpfs_getacl finished with errno %d: %s\n",
1006 errno, strerror(errno)));
1007
1008 /* EINVAL means POSIX ACL, bail out on other cases */
1009 if (errno != EINVAL) {
1010 return -1;
1011 }
1012 }
1013
1014 if (acl != NULL) {
1015 /*
1016 * file has NFSv4 ACL
1017 *
1018 * we only need the actual ACL blob here
1019 * acl_version will always be NFS4 because we asked
1020 * for NFS4
1021 * acl_type is only used for POSIX ACLs
1022 */
1023 aclblob.data = (uint8_t*) acl->acl_var_data;
1024 aclblob.length = acl->acl_buffer_len;
1025
1026 *blob_description = talloc_strdup(mem_ctx, "gpfs_nfs4_acl");
1027 if (!*blob_description) {
1028 talloc_free(acl);
1029 errno = ENOMEM;
1030 return -1;
1031 }
1032
1033 result = non_posix_sys_acl_blob_get_file_helper(handle, path_p,
1034 aclblob,
1035 mem_ctx, blob);
1036
1037 talloc_free(acl);
1038 return result;
1039 }
1040
1041 /* fall back to POSIX ACL */
1042 return posix_sys_acl_blob_get_file(handle, path_p, mem_ctx,
1043 blob_description, blob);
1044 }
1045
1046 static int gpfsacl_sys_acl_blob_get_fd(vfs_handle_struct *handle,
1047 files_struct *fsp,
1048 TALLOC_CTX *mem_ctx,
1049 char **blob_description,
1050 DATA_BLOB *blob)
1051 {
1052 struct gpfs_config_data *config;
1053 struct gpfs_opaque_acl *acl = NULL;
1054 DATA_BLOB aclblob;
1055 int result;
1056
1057 SMB_VFS_HANDLE_GET_DATA(handle, config,
1058 struct gpfs_config_data,
1059 return -1);
1060
1061 if (!config->acl) {
1062 return SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FD(handle, fsp, mem_ctx,
1063 blob_description, blob);
1064 }
1065
1066 errno = 0;
1067 acl = (struct gpfs_opaque_acl *) vfs_gpfs_getacl(mem_ctx,
1068 fsp->fsp_name->base_name,
1069 true,
1070 GPFS_ACL_TYPE_NFS4);
1071
1072 if (errno) {
1073 DEBUG(5, ("vfs_gpfs_getacl finished with errno %d: %s\n",
1074 errno, strerror(errno)));
1075
1076 /* EINVAL means POSIX ACL, bail out on other cases */
1077 if (errno != EINVAL) {
1078 return -1;
1079 }
1080 }
1081
1082 if (acl != NULL) {
1083 /*
1084 * file has NFSv4 ACL
1085 *
1086 * we only need the actual ACL blob here
1087 * acl_version will always be NFS4 because we asked
1088 * for NFS4
1089 * acl_type is only used for POSIX ACLs
1090 */
1091 aclblob.data = (uint8_t*) acl->acl_var_data;
1092 aclblob.length = acl->acl_buffer_len;
1093
1094 *blob_description = talloc_strdup(mem_ctx, "gpfs_nfs4_acl");
1095 if (!*blob_description) {
1096 talloc_free(acl);
1097 errno = ENOMEM;
1098 return -1;
1099 }
1100
1101 result = non_posix_sys_acl_blob_get_fd_helper(handle, fsp,
1102 aclblob, mem_ctx,
1103 blob);
1104
1105 talloc_free(acl);
1106 return result;
1107 }
1108
1109 /* fall back to POSIX ACL */
1110 return posix_sys_acl_blob_get_fd(handle, fsp, mem_ctx,
1111 blob_description, blob);
1112 }
1113
1114 static struct gpfs_acl *smb2gpfs_acl(const SMB_ACL_T pacl,
1115 SMB_ACL_TYPE_T type)
1116 {
1117 gpfs_aclLen_t len;
1118 struct gpfs_acl *result;
1119 int i;
1120
1121 DEBUG(10, ("smb2gpfs_acl: Got ACL with %d entries\n", pacl->count));
1122
1123 len = offsetof(gpfs_acl_t, ace_v1) + (pacl->count) *
1124 sizeof(gpfs_ace_v1_t);
1125
1126 result = (struct gpfs_acl *)SMB_MALLOC(len);
1127 if (result == NULL) {
1128 errno = ENOMEM;
1129 return result;
1130 }
1131
1132 result->acl_len = len;
1133 result->acl_level = 0;
1134 result->acl_version = GPFS_ACL_VERSION_POSIX;
1135 result->acl_type = (type == SMB_ACL_TYPE_DEFAULT) ?
1136 GPFS_ACL_TYPE_DEFAULT : GPFS_ACL_TYPE_ACCESS;
1137 result->acl_nace = pacl->count;
1138
1139 for (i=0; i<pacl->count; i++) {
1140 const struct smb_acl_entry *ace = &pacl->acl[i];
1141 struct gpfs_ace_v1 *g_ace = &result->ace_v1[i];
1142
1143 DEBUG(10, ("Converting type %d perm %x\n",
1144 (int)ace->a_type, (int)ace->a_perm));
1145
1146 g_ace->ace_perm = 0;
1147
1148 switch(ace->a_type) {
1149 case SMB_ACL_USER:
1150 g_ace->ace_type = GPFS_ACL_USER;
1151 g_ace->ace_who = (gpfs_uid_t)ace->info.user.uid;
1152 break;
1153 case SMB_ACL_USER_OBJ:
1154 g_ace->ace_type = GPFS_ACL_USER_OBJ;
1155 g_ace->ace_perm |= ACL_PERM_CONTROL;
1156 g_ace->ace_who = 0;
1157 break;
1158 case SMB_ACL_GROUP:
1159 g_ace->ace_type = GPFS_ACL_GROUP;
1160 g_ace->ace_who = (gpfs_uid_t)ace->info.group.gid;
1161 break;
1162 case SMB_ACL_GROUP_OBJ:
1163 g_ace->ace_type = GPFS_ACL_GROUP_OBJ;
1164 g_ace->ace_who = 0;
1165 break;
1166 case SMB_ACL_MASK:
1167 g_ace->ace_type = GPFS_ACL_MASK;
1168 g_ace->ace_perm = 0x8f;
1169 g_ace->ace_who = 0;
1170 break;
1171 case SMB_ACL_OTHER:
1172 g_ace->ace_type = GPFS_ACL_OTHER;
1173 g_ace->ace_who = 0;
1174 break;
1175 default:
1176 DEBUG(10, ("Got invalid ace_type: %d\n", ace->a_type));
1177 errno = EINVAL;
1178 SAFE_FREE(result);
1179 return NULL;
1180 }
1181
1182 g_ace->ace_perm |= (ace->a_perm & SMB_ACL_READ) ?
1183 ACL_PERM_READ : 0;
1184 g_ace->ace_perm |= (ace->a_perm & SMB_ACL_WRITE) ?
1185 ACL_PERM_WRITE : 0;
1186 g_ace->ace_perm |= (ace->a_perm & SMB_ACL_EXECUTE) ?
1187 ACL_PERM_EXECUTE : 0;
1188
1189 DEBUGADD(10, ("Converted to %d id %d perm %x\n",
1190 g_ace->ace_type, g_ace->ace_who, g_ace->ace_perm));
1191 }
1192
1193 return result;
1194 }
1195
1196 static int gpfsacl_sys_acl_set_file(vfs_handle_struct *handle,
1197 const char *name,
1198 SMB_ACL_TYPE_T type,
1199 SMB_ACL_T theacl)
1200 {
1201 struct gpfs_acl *gpfs_acl;
1202 int result;
1203 struct gpfs_config_data *config;
1204
1205 SMB_VFS_HANDLE_GET_DATA(handle, config,
1206 struct gpfs_config_data,
1207 return -1);
1208
1209 if (!config->acl) {
1210 return SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle, name, type, theacl);
1211 }
1212
1213 gpfs_acl = smb2gpfs_acl(theacl, type);
1214 if (gpfs_acl == NULL) {
1215 return -1;
1216 }
1217
1218 result = gpfswrap_putacl(discard_const_p(char, name),
1219 GPFS_PUTACL_STRUCT|GPFS_ACL_SAMBA, gpfs_acl);
1220
1221 SAFE_FREE(gpfs_acl);
1222 return result;
1223 }
1224
1225 static int gpfsacl_sys_acl_set_fd(vfs_handle_struct *handle,
1226 files_struct *fsp,
1227 SMB_ACL_T theacl)
1228 {
1229 struct gpfs_config_data *config;
1230
1231 SMB_VFS_HANDLE_GET_DATA(handle, config,
1232 struct gpfs_config_data,
1233 return -1);
1234
1235 if (!config->acl) {
1236 return SMB_VFS_NEXT_SYS_ACL_SET_FD(handle, fsp, theacl);
1237 }
1238
1239 return gpfsacl_sys_acl_set_file(handle, fsp->fsp_name->base_name,
1240 SMB_ACL_TYPE_ACCESS, theacl);
1241 }
1242
1243 static int gpfsacl_sys_acl_delete_def_file(vfs_handle_struct *handle,
1244 const char *path)
1245 {
1246 struct gpfs_config_data *config;
1247
1248 SMB_VFS_HANDLE_GET_DATA(handle, config,
1249 struct gpfs_config_data,
1250 return -1);
1251
1252 if (!config->acl) {
1253 return SMB_VFS_NEXT_SYS_ACL_DELETE_DEF_FILE(handle, path);
1254 }
1255
1256 errno = ENOTSUP;
1257 return -1;
1258 }
1259
1260 /*
1261 * Assumed: mode bits are shiftable and standard
1262 * Output: the new aceMask field for an smb nfs4 ace
1263 */
1264 static uint32_t gpfsacl_mask_filter(uint32_t aceType, uint32_t aceMask, uint32_t rwx)
1265 {
1266 const uint32_t posix_nfs4map[3] = {
1267 SMB_ACE4_EXECUTE, /* execute */
1268 SMB_ACE4_WRITE_DATA | SMB_ACE4_APPEND_DATA, /* write; GPFS specific */
1269 SMB_ACE4_READ_DATA /* read */
1270 };
1271 int i;
1272 uint32_t posix_mask = 0x01;
1273 uint32_t posix_bit;
1274 uint32_t nfs4_bits;
1275
1276 for(i=0; i<3; i++) {
1277 nfs4_bits = posix_nfs4map[i];
1278 posix_bit = rwx & posix_mask;
1279
1280 if (aceType==SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE) {
1281 if (posix_bit)
1282 aceMask |= nfs4_bits;
1283 else
1284 aceMask &= ~nfs4_bits;
1285 } else {
1286 /* add deny bits when suitable */
1287 if (!posix_bit)
1288 aceMask |= nfs4_bits;
1289 else
1290 aceMask &= ~nfs4_bits;
1291 } /* other ace types are unexpected */
1292
1293 posix_mask <<= 1;
1294 }
1295
1296 return aceMask;
1297 }
1298
1299 static int gpfsacl_emu_chmod(vfs_handle_struct *handle,
1300 const char *path, mode_t mode)
1301 {
1302 struct SMB4ACL_T *pacl = NULL;
1303 int result;
1304 bool haveAllowEntry[SMB_ACE4_WHO_EVERYONE + 1] = {False, False, False, False};
1305 int i;
1306 files_struct fake_fsp = { 0 }; /* TODO: rationalize parametrization */
1307 struct SMB4ACE_T *smbace;
1308 TALLOC_CTX *frame = talloc_stackframe();
1309
1310 DEBUG(10, ("gpfsacl_emu_chmod invoked for %s mode %o\n", path, mode));
1311
1312 result = gpfs_get_nfs4_acl(frame, path, &pacl);
1313 if (result) {
1314 TALLOC_FREE(frame);
1315 return result;
1316 }
1317
1318 if (mode & ~(S_IRWXU | S_IRWXG | S_IRWXO)) {
1319 DEBUG(2, ("WARNING: cutting extra mode bits %o on %s\n", mode, path));
1320 }
1321
1322 for (smbace=smb_first_ace4(pacl); smbace!=NULL; smbace = smb_next_ace4(smbace)) {
1323 SMB_ACE4PROP_T *ace = smb_get_ace4(smbace);
1324 uint32_t specid = ace->who.special_id;
1325
1326 if (ace->flags&SMB_ACE4_ID_SPECIAL &&
1327 ace->aceType<=SMB_ACE4_ACCESS_DENIED_ACE_TYPE &&
1328 specid <= SMB_ACE4_WHO_EVERYONE) {
1329
1330 uint32_t newMask;
1331
1332 if (ace->aceType==SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE)
1333 haveAllowEntry[specid] = True;
1334
1335 /* mode >> 6 for @owner, mode >> 3 for @group,
1336 * mode >> 0 for @everyone */
1337 newMask = gpfsacl_mask_filter(ace->aceType, ace->aceMask,
1338 mode >> ((SMB_ACE4_WHO_EVERYONE - specid) * 3));
1339 if (ace->aceMask!=newMask) {
1340 DEBUG(10, ("ace changed for %s (%o -> %o) id=%d\n",
1341 path, ace->aceMask, newMask, specid));
1342 }
1343 ace->aceMask = newMask;
1344 }
1345 }
1346
1347 /* make sure we have at least ALLOW entries
1348 * for all the 3 special ids (@EVERYONE, @OWNER, @GROUP)
1349 * - if necessary
1350 */
1351 for(i = SMB_ACE4_WHO_OWNER; i<=SMB_ACE4_WHO_EVERYONE; i++) {
1352 SMB_ACE4PROP_T ace = { 0 };
1353
1354 if (haveAllowEntry[i]==True)
1355 continue;
1356
1357 ace.aceType = SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE;
1358 ace.flags |= SMB_ACE4_ID_SPECIAL;
1359 ace.who.special_id = i;
1360
1361 if (i==SMB_ACE4_WHO_GROUP) /* not sure it's necessary... */
1362 ace.aceFlags |= SMB_ACE4_IDENTIFIER_GROUP;
1363
1364 ace.aceMask = gpfsacl_mask_filter(ace.aceType, ace.aceMask,
1365 mode >> ((SMB_ACE4_WHO_EVERYONE - i) * 3));
1366
1367 /* don't add unnecessary aces */
1368 if (!ace.aceMask)
1369 continue;
1370
1371 /* we add it to the END - as windows expects allow aces */
1372 smb_add_ace4(pacl, &ace);
1373 DEBUG(10, ("Added ALLOW ace for %s, mode=%o, id=%d, aceMask=%x\n",
1374 path, mode, i, ace.aceMask));
1375 }
1376
1377 /* don't add complementary DENY ACEs here */
1378 fake_fsp.fsp_name = synthetic_smb_fname(
1379 frame, path, NULL, NULL);
1380 if (fake_fsp.fsp_name == NULL) {
1381 errno = ENOMEM;
1382 TALLOC_FREE(frame);
1383 return -1;
1384 }
1385 /* put the acl */
1386 if (gpfsacl_process_smbacl(handle, &fake_fsp, pacl) == False) {
1387 TALLOC_FREE(frame);
1388 return -1;
1389 }
1390
1391 TALLOC_FREE(frame);
1392 return 0; /* ok for [f]chmod */
1393 }
1394
1395 static int vfs_gpfs_chmod(vfs_handle_struct *handle, const char *path, mode_t mode)
1396 {
1397 struct smb_filename *smb_fname_cpath;
1398 int rc;
1399
1400 smb_fname_cpath = synthetic_smb_fname(talloc_tos(), path, NULL, NULL);
1401 if (smb_fname_cpath == NULL) {
1402 errno = ENOMEM;
1403 return -1;
1404 }
1405
1406 if (SMB_VFS_NEXT_STAT(handle, smb_fname_cpath) != 0) {
1407 return -1;
1408 }
1409
1410 /* avoid chmod() if possible, to preserve acls */
1411 if ((smb_fname_cpath->st.st_ex_mode & ~S_IFMT) == mode) {
1412 return 0;
1413 }
1414
1415 rc = gpfsacl_emu_chmod(handle, path, mode);
1416 if (rc == 1)
1417 return SMB_VFS_NEXT_CHMOD(handle, path, mode);
1418 return rc;
1419 }
1420
1421 static int vfs_gpfs_fchmod(vfs_handle_struct *handle, files_struct *fsp, mode_t mode)
1422 {
1423 SMB_STRUCT_STAT st;
1424 int rc;
1425
1426 if (SMB_VFS_NEXT_FSTAT(handle, fsp, &st) != 0) {
1427 return -1;
1428 }
1429
1430 /* avoid chmod() if possible, to preserve acls */
1431 if ((st.st_ex_mode & ~S_IFMT) == mode) {
1432 return 0;
1433 }
1434
1435 rc = gpfsacl_emu_chmod(handle, fsp->fsp_name->base_name,
1436 mode);
1437 if (rc == 1)
1438 return SMB_VFS_NEXT_FCHMOD(handle, fsp, mode);
1439 return rc;
1440 }
1441
1442 static int gpfs_set_xattr(struct vfs_handle_struct *handle, const char *path,
1443 const char *name, const void *value, size_t size, int flags){
1444 struct xattr_DOSATTRIB dosattrib;
1445 enum ndr_err_code ndr_err;
1446 DATA_BLOB blob;
1447 unsigned int dosmode=0;
1448 struct gpfs_winattr attrs;
1449 int ret = 0;
1450 struct gpfs_config_data *config;
1451
1452 SMB_VFS_HANDLE_GET_DATA(handle, config,
1453 struct gpfs_config_data,
1454 return -1);
1455
1456 if (!config->winattr) {
1457 DEBUG(10, ("gpfs_set_xattr:name is %s -> next\n",name));
1458 return SMB_VFS_NEXT_SETXATTR(handle,path,name,value,size,flags);
1459 }
1460
1461 DEBUG(10, ("gpfs_set_xattr: %s \n",path));
1462
1463 /* Only handle DOS Attributes */
1464 if (strcmp(name,SAMBA_XATTR_DOS_ATTRIB) != 0){
1465 DEBUG(5, ("gpfs_set_xattr:name is %s\n",name));
1466 return SMB_VFS_NEXT_SETXATTR(handle,path,name,value,size,flags);
1467 }
1468
1469 blob.data = discard_const_p(uint8_t, value);
1470 blob.length = size;
1471
1472 ndr_err = ndr_pull_struct_blob(&blob, talloc_tos(), &dosattrib,
1473 (ndr_pull_flags_fn_t)ndr_pull_xattr_DOSATTRIB);
1474
1475 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1476 DEBUG(1, ("gpfs_set_xattr: bad ndr decode "
1477 "from EA on file %s: Error = %s\n",
1478 path, ndr_errstr(ndr_err)));
1479 return false;
1480 }
1481
1482 if (dosattrib.version != 3) {
1483 DEBUG(1, ("gpfs_set_xattr: expected dosattrib version 3, got "
1484 "%d\n", (int)dosattrib.version));
1485 return false;
1486 }
1487 if (!(dosattrib.info.info3.valid_flags & XATTR_DOSINFO_ATTRIB)) {
1488 DEBUG(10, ("gpfs_set_xattr: XATTR_DOSINFO_ATTRIB not "
1489 "valid, ignoring\n"));
1490 return true;
1491 }
1492
1493 dosmode = dosattrib.info.info3.attrib;
1494
1495 attrs.winAttrs = 0;
1496 /*Just map RD_ONLY, ARCHIVE, SYSTEM HIDDEN and SPARSE. Ignore the others*/
1497 if (dosmode & FILE_ATTRIBUTE_ARCHIVE){
1498 attrs.winAttrs |= GPFS_WINATTR_ARCHIVE;
1499 }
1500 if (dosmode & FILE_ATTRIBUTE_HIDDEN){
1501 attrs.winAttrs |= GPFS_WINATTR_HIDDEN;
1502 }
1503 if (dosmode & FILE_ATTRIBUTE_SYSTEM){
1504 attrs.winAttrs |= GPFS_WINATTR_SYSTEM;
1505 }
1506 if (dosmode & FILE_ATTRIBUTE_READONLY){
1507 attrs.winAttrs |= GPFS_WINATTR_READONLY;
1508 }
1509 if (dosmode & FILE_ATTRIBUTE_SPARSE) {
1510 attrs.winAttrs |= GPFS_WINATTR_SPARSE_FILE;
1511 }
1512
1513
1514 ret = gpfswrap_set_winattrs_path(discard_const_p(char, path),
1515 GPFS_WINATTR_SET_ATTRS, &attrs);
1516 if ( ret == -1){
1517 if (errno == ENOSYS) {
1518 return SMB_VFS_NEXT_SETXATTR(handle, path, name, value,
1519 size, flags);
1520 }
1521
1522 DEBUG(1, ("gpfs_set_xattr:Set GPFS attributes failed %d\n",ret));
1523 return -1;
1524 }
1525
1526 DEBUG(10, ("gpfs_set_xattr:Set attributes: 0x%x\n",attrs.winAttrs));
1527 return 0;
1528 }
1529
1530 static ssize_t gpfs_get_xattr(struct vfs_handle_struct *handle, const char *path,
1531 const char *name, void *value, size_t size){
1532 char *attrstr = value;
1533 unsigned int dosmode = 0;
1534 struct gpfs_winattr attrs;
1535 int ret = 0;
1536 struct gpfs_config_data *config;
1537
1538 SMB_VFS_HANDLE_GET_DATA(handle, config,
1539 struct gpfs_config_data,
1540 return -1);
1541
1542 if (!config->winattr) {
1543 DEBUG(10, ("gpfs_get_xattr:name is %s -> next\n",name));
1544 return SMB_VFS_NEXT_GETXATTR(handle,path,name,value,size);
1545 }
1546
1547 DEBUG(10, ("gpfs_get_xattr: %s \n",path));
1548
1549 /* Only handle DOS Attributes */
1550 if (strcmp(name,SAMBA_XATTR_DOS_ATTRIB) != 0){
1551 DEBUG(5, ("gpfs_get_xattr:name is %s\n",name));
1552 return SMB_VFS_NEXT_GETXATTR(handle,path,name,value,size);
1553 }
1554
1555 ret = gpfswrap_get_winattrs_path(discard_const_p(char, path), &attrs);
1556 if ( ret == -1){
1557 int dbg_lvl;
1558
1559 if (errno == ENOSYS) {
1560 return SMB_VFS_NEXT_GETXATTR(handle, path, name, value,
1561 size);
1562 }
1563
1564 if (errno != EPERM && errno != EACCES) {
1565 dbg_lvl = 1;
1566 } else {
1567 dbg_lvl = 5;
1568 }
1569 DEBUG(dbg_lvl, ("gpfs_get_xattr: Get GPFS attributes failed: "
1570 "%d (%s)\n", ret, strerror(errno)));
1571 return -1;
1572 }
1573
1574 DEBUG(10, ("gpfs_get_xattr:Got attributes: 0x%x\n",attrs.winAttrs));
1575
1576 /*Just map RD_ONLY, ARCHIVE, SYSTEM, HIDDEN and SPARSE. Ignore the others*/
1577 if (attrs.winAttrs & GPFS_WINATTR_ARCHIVE){
1578 dosmode |= FILE_ATTRIBUTE_ARCHIVE;
1579 }
1580 if (attrs.winAttrs & GPFS_WINATTR_HIDDEN){
1581 dosmode |= FILE_ATTRIBUTE_HIDDEN;
1582 }
1583 if (attrs.winAttrs & GPFS_WINATTR_SYSTEM){
1584 dosmode |= FILE_ATTRIBUTE_SYSTEM;
1585 }
1586 if (attrs.winAttrs & GPFS_WINATTR_READONLY){
1587 dosmode |= FILE_ATTRIBUTE_READONLY;
1588 }
1589 if (attrs.winAttrs & GPFS_WINATTR_SPARSE_FILE) {
1590 dosmode |= FILE_ATTRIBUTE_SPARSE;
1591 }
1592
1593 snprintf(attrstr, size, "0x%2.2x",
1594 (unsigned int)(dosmode & SAMBA_ATTRIBUTES_MASK));
1595 DEBUG(10, ("gpfs_get_xattr: returning %s\n",attrstr));
1596 return 4;
1597 }
1598
1599 #if defined(HAVE_FSTATAT)
1600 static int stat_with_capability(struct vfs_handle_struct *handle,
1601 struct smb_filename *smb_fname, int flag)
1602 {
1603 int fd = -1;
1604 bool b;
1605 char *dir_name;
1606 const char *rel_name = NULL;
1607 struct stat st;
1608 int ret = -1;
1609
1610 b = parent_dirname(talloc_tos(), smb_fname->base_name,
1611 &dir_name, &rel_name);
1612 if (!b) {
1613 errno = ENOMEM;
1614 return -1;
1615 }
1616
1617 fd = open(dir_name, O_RDONLY, 0);
1618 TALLOC_FREE(dir_name);
1619 if (fd == -1) {
1620 return -1;
1621 }
1622
1623 set_effective_capability(DAC_OVERRIDE_CAPABILITY);
1624 ret = fstatat(fd, rel_name, &st, flag);
1625 drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
1626
1627 close(fd);
1628
1629 if (ret == 0) {
1630 init_stat_ex_from_stat(
1631 &smb_fname->st, &st,
1632 lp_fake_directory_create_times(SNUM(handle->conn)));
1633 }
1634
1635 return ret;
1636 }
1637 #endif
1638
1639 static int vfs_gpfs_stat(struct vfs_handle_struct *handle,
1640 struct smb_filename *smb_fname)
1641 {
1642 struct gpfs_winattr attrs;
1643 char *fname = NULL;
1644 NTSTATUS status;
1645 int ret;
1646 struct gpfs_config_data *config;
1647
1648 SMB_VFS_HANDLE_GET_DATA(handle, config,
1649 struct gpfs_config_data,
1650 return -1);
1651
1652 ret = SMB_VFS_NEXT_STAT(handle, smb_fname);
1653 #if defined(HAVE_FSTATAT)
1654 if (ret == -1 && errno == EACCES) {
1655 DEBUG(10, ("Trying stat with capability for %s\n",
1656 smb_fname->base_name));
1657 ret = stat_with_capability(handle, smb_fname, 0);
1658 }
1659 #endif
1660 if (ret == -1) {
1661 return -1;
1662 }
1663
1664 if (!config->winattr) {
1665 return 0;
1666 }
1667
1668 status = get_full_smb_filename(talloc_tos(), smb_fname, &fname);
1669 if (!NT_STATUS_IS_OK(status)) {
1670 errno = map_errno_from_nt_status(status);
1671 return -1;
1672 }
1673 ret = gpfswrap_get_winattrs_path(discard_const_p(char, fname), &attrs);
1674 TALLOC_FREE(fname);
1675 if (ret == 0) {
1676 smb_fname->st.st_ex_calculated_birthtime = false;
1677 smb_fname->st.st_ex_btime.tv_sec = attrs.creationTime.tv_sec;
1678 smb_fname->st.st_ex_btime.tv_nsec = attrs.creationTime.tv_nsec;
1679 }
1680 return 0;
1681 }
1682
1683 static int vfs_gpfs_fstat(struct vfs_handle_struct *handle,
1684 struct files_struct *fsp, SMB_STRUCT_STAT *sbuf)
1685 {
1686 struct gpfs_winattr attrs;
1687 int ret;
1688 struct gpfs_config_data *config;
1689
1690 SMB_VFS_HANDLE_GET_DATA(handle, config,
1691 struct gpfs_config_data,
1692 return -1);
1693
1694 ret = SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf);
1695 if (ret == -1) {
1696 return -1;
1697 }
1698 if ((fsp->fh == NULL) || (fsp->fh->fd == -1)) {
1699 return 0;
1700 }
1701 if (!config->winattr) {
1702 return 0;
1703 }
1704
1705 ret = gpfswrap_get_winattrs(fsp->fh->fd, &attrs);
1706 if (ret == 0) {
1707 sbuf->st_ex_calculated_birthtime = false;
1708 sbuf->st_ex_btime.tv_sec = attrs.creationTime.tv_sec;
1709 sbuf->st_ex_btime.tv_nsec = attrs.creationTime.tv_nsec;
1710 }
1711 return 0;
1712 }
1713
1714 static int vfs_gpfs_lstat(struct vfs_handle_struct *handle,
1715 struct smb_filename *smb_fname)
1716 {
1717 struct gpfs_winattr attrs;
1718 char *path = NULL;
1719 NTSTATUS status;
1720 int ret;
1721 struct gpfs_config_data *config;
1722
1723 SMB_VFS_HANDLE_GET_DATA(handle, config,
1724 struct gpfs_config_data,
1725 return -1);
1726
1727 ret = SMB_VFS_NEXT_LSTAT(handle, smb_fname);
1728 #if defined(HAVE_FSTATAT)
1729 if (ret == -1 && errno == EACCES) {
1730 DEBUG(10, ("Trying lstat with capability for %s\n",
1731 smb_fname->base_name));
1732 ret = stat_with_capability(handle, smb_fname,
1733 AT_SYMLINK_NOFOLLOW);
1734 }
1735 #endif
1736
1737 if (ret == -1) {
1738 return -1;
1739 }
1740 if (!config->winattr) {
1741 return 0;
1742 }
1743
1744 status = get_full_smb_filename(talloc_tos(), smb_fname, &path);
1745 if (!NT_STATUS_IS_OK(status)) {
1746 errno = map_errno_from_nt_status(status);
1747 return -1;
1748 }
1749 ret = gpfswrap_get_winattrs_path(discard_const_p(char, path), &attrs);
1750 TALLOC_FREE(path);
1751 if (ret == 0) {
1752 smb_fname->st.st_ex_calculated_birthtime = false;
1753 smb_fname->st.st_ex_btime.tv_sec = attrs.creationTime.tv_sec;
1754 smb_fname->st.st_ex_btime.tv_nsec = attrs.creationTime.tv_nsec;
1755 }
1756 return 0;
1757 }
1758
1759 static void timespec_to_gpfs_time(struct timespec ts, gpfs_timestruc_t *gt,
1760 int idx, int *flags)
1761 {
1762 if (!null_timespec(ts)) {
1763 *flags |= 1 << idx;
1764 gt[idx].tv_sec = ts.tv_sec;
1765 gt[idx].tv_nsec = ts.tv_nsec;
1766 DEBUG(10, ("Setting GPFS time %d, flags 0x%x\n", idx, *flags));
1767 }
1768 }
1769
1770 static int smbd_gpfs_set_times_path(char *path, struct smb_file_time *ft)
1771 {
1772 gpfs_timestruc_t gpfs_times[4];
1773 int flags = 0;
1774 int rc;
1775
1776 ZERO_ARRAY(gpfs_times);
1777 timespec_to_gpfs_time(ft->atime, gpfs_times, 0, &flags);
1778 timespec_to_gpfs_time(ft->mtime, gpfs_times, 1, &flags);
1779 /* No good mapping from LastChangeTime to ctime, not storing */
1780 timespec_to_gpfs_time(ft->create_time, gpfs_times, 3, &flags);
1781
1782 if (!flags) {
1783 DEBUG(10, ("nothing to do, return to avoid EINVAL\n"));
1784 return 0;
1785 }
1786
1787 rc = gpfswrap_set_times_path(path, flags, gpfs_times);
1788
1789 if (rc != 0 && errno != ENOSYS) {
1790 DEBUG(1,("gpfs_set_times() returned with error %s\n",
1791 strerror(errno)));
1792 }
1793
1794 return rc;
1795 }
1796
1797 static int vfs_gpfs_ntimes(struct vfs_handle_struct *handle,
1798 const struct smb_filename *smb_fname,
1799 struct smb_file_time *ft)
1800 {
1801
1802 struct gpfs_winattr attrs;
1803 int ret;
1804 char *path = NULL;
1805 NTSTATUS status;
1806 struct gpfs_config_data *config;
1807
1808 SMB_VFS_HANDLE_GET_DATA(handle, config,
1809 struct gpfs_config_data,
1810 return -1);
1811
1812 status = get_full_smb_filename(talloc_tos(), smb_fname, &path);
1813 if (!NT_STATUS_IS_OK(status)) {
1814 errno = map_errno_from_nt_status(status);
1815 return -1;
1816 }
1817
1818 /* Try to use gpfs_set_times if it is enabled and available */
1819 if (config->settimes) {
1820 ret = smbd_gpfs_set_times_path(path, ft);
1821
1822 if (ret == 0 || (ret == -1 && errno != ENOSYS)) {
1823 return ret;
1824 }
1825 }
1826
1827 DEBUG(10,("gpfs_set_times() not available or disabled, "
1828 "use ntimes and winattr\n"));
1829
1830 ret = SMB_VFS_NEXT_NTIMES(handle, smb_fname, ft);
1831 if(ret == -1){
1832 /* don't complain if access was denied */
1833 if (errno != EPERM && errno != EACCES) {
1834 DEBUG(1,("vfs_gpfs_ntimes: SMB_VFS_NEXT_NTIMES failed:"
1835 "%s", strerror(errno)));
1836 }
1837 return -1;
1838 }
1839
1840 if(null_timespec(ft->create_time)){
1841 DEBUG(10,("vfs_gpfs_ntimes:Create Time is NULL\n"));
1842 return 0;
1843 }
1844
1845 if (!config->winattr) {
1846 return 0;
1847 }
1848
1849 attrs.winAttrs = 0;
1850 attrs.creationTime.tv_sec = ft->create_time.tv_sec;
1851 attrs.creationTime.tv_nsec = ft->create_time.tv_nsec;
1852
1853 ret = gpfswrap_set_winattrs_path(discard_const_p(char, path),
1854 GPFS_WINATTR_SET_CREATION_TIME,
1855 &attrs);
1856 if(ret == -1 && errno != ENOSYS){
1857 DEBUG(1,("vfs_gpfs_ntimes: set GPFS ntimes failed %d\n",ret));
1858 return -1;
1859 }
1860 return 0;
1861
1862 }
1863
1864 static int vfs_gpfs_fallocate(struct vfs_handle_struct *handle,
1865 struct files_struct *fsp, uint32_t mode,
1866 off_t offset, off_t len)
1867 {
1868 int ret;
1869 struct gpfs_config_data *config;
1870
1871 SMB_VFS_HANDLE_GET_DATA(handle, config,
1872 struct gpfs_config_data,
1873 return -1);
1874
1875 if (!config->prealloc) {
1876 /* you should better not run fallocate() on GPFS at all */
1877 errno = ENOTSUP;
1878 return -1;
1879 }
1880
1881 if (mode != 0) {
1882 DEBUG(10, ("unmapped fallocate flags: %lx\n",
1883 (unsigned long)mode));
1884 errno = ENOTSUP;
1885 return -1;
1886 }
1887
1888 ret = gpfswrap_prealloc(fsp->fh->fd, offset, len);
1889
1890 if (ret == -1 && errno != ENOSYS) {
1891 DEBUG(0, ("GPFS prealloc failed: %s\n", strerror(errno)));
1892 } else if (ret == -1 && errno == ENOSYS) {
1893 DEBUG(10, ("GPFS prealloc not supported.\n"));
1894 } else {
1895 DEBUG(10, ("GPFS prealloc succeeded.\n"));
1896 }
1897
1898 return ret;
1899 }
1900
1901 static int vfs_gpfs_ftruncate(vfs_handle_struct *handle, files_struct *fsp,
1902 off_t len)
1903 {
1904 int result;
1905 struct gpfs_config_data *config;
1906
1907 SMB_VFS_HANDLE_GET_DATA(handle, config,
1908 struct gpfs_config_data,
1909 return -1);
1910
1911 if (!config->ftruncate) {
1912 return SMB_VFS_NEXT_FTRUNCATE(handle, fsp, len);
1913 }
1914
1915 result = gpfswrap_ftruncate(fsp->fh->fd, len);
1916 if ((result == -1) && (errno == ENOSYS)) {
1917 return SMB_VFS_NEXT_FTRUNCATE(handle, fsp, len);
1918 }
1919 return result;
1920 }
1921
1922 static bool vfs_gpfs_is_offline(struct vfs_handle_struct *handle,
1923 const struct smb_filename *fname,
1924 SMB_STRUCT_STAT *sbuf)
1925 {
1926 struct gpfs_winattr attrs;
1927 char *path = NULL;
1928 NTSTATUS status;
1929 struct gpfs_config_data *config;
1930 int ret;
1931
1932 SMB_VFS_HANDLE_GET_DATA(handle, config,
1933 struct gpfs_config_data,
1934 return -1);
1935
1936 if (!config->winattr) {
1937 return SMB_VFS_NEXT_IS_OFFLINE(handle, fname, sbuf);
1938 }
1939
1940 status = get_full_smb_filename(talloc_tos(), fname, &path);
1941 if (!NT_STATUS_IS_OK(status)) {
1942 errno = map_errno_from_nt_status(status);
1943 return -1;
1944 }
1945
1946 ret = gpfswrap_get_winattrs_path(path, &attrs);
1947 if (ret == -1) {
1948 TALLOC_FREE(path);
1949 return false;
1950 }
1951
1952 if ((attrs.winAttrs & GPFS_WINATTR_OFFLINE) != 0) {
1953 DEBUG(10, ("%s is offline\n", path));
1954 TALLOC_FREE(path);
1955 return true;
1956 }
1957 DEBUG(10, ("%s is online\n", path));
1958 TALLOC_FREE(path);
1959 return SMB_VFS_NEXT_IS_OFFLINE(handle, fname, sbuf);
1960 }
1961
1962 static bool vfs_gpfs_fsp_is_offline(struct vfs_handle_struct *handle,
1963 struct files_struct *fsp)
1964 {
1965 struct gpfs_fsp_extension *ext;
1966
1967 ext = VFS_FETCH_FSP_EXTENSION(handle, fsp);
1968 if (ext == NULL) {
1969 /*
1970 * Something bad happened, always ask.
1971 */
1972 return vfs_gpfs_is_offline(handle, fsp->fsp_name,
1973 &fsp->fsp_name->st);
1974 }
1975
1976 if (ext->offline) {
1977 /*
1978 * As long as it's offline, ask.
1979 */
1980 ext->offline = vfs_gpfs_is_offline(handle, fsp->fsp_name,
1981 &fsp->fsp_name->st);
1982 }
1983
1984 return ext->offline;
1985 }
1986
1987 static bool vfs_gpfs_aio_force(struct vfs_handle_struct *handle,
1988 struct files_struct *fsp)
1989 {
1990 return vfs_gpfs_fsp_is_offline(handle, fsp);
1991 }
1992
1993 static ssize_t vfs_gpfs_sendfile(vfs_handle_struct *handle, int tofd,
1994 files_struct *fsp, const DATA_BLOB *hdr,
1995 off_t offset, size_t n)
1996 {
1997 if (vfs_gpfs_fsp_is_offline(handle, fsp)) {
1998 errno = ENOSYS;
1999 return -1;
2000 }
2001 return SMB_VFS_NEXT_SENDFILE(handle, tofd, fsp, hdr, offset, n);
2002 }
2003
2004 static int vfs_gpfs_connect(struct vfs_handle_struct *handle,
2005 const char *service, const char *user)
2006 {
2007 struct gpfs_config_data *config;
2008 int ret;
2009
2010 gpfswrap_lib_init(0);
2011
2012 config = talloc_zero(handle->conn, struct gpfs_config_data);
2013 if (!config) {
2014 DEBUG(0, ("talloc_zero() failed\n"));
2015 errno = ENOMEM;
2016 return -1;
2017 }
2018
2019 ret = SMB_VFS_NEXT_CONNECT(handle, service, user);
2020 if (ret < 0) {
2021 TALLOC_FREE(config);
2022 return ret;
2023 }
2024
2025 config->sharemodes = lp_parm_bool(SNUM(handle->conn), "gpfs",
2026 "sharemodes", true);
2027
2028 config->leases = lp_parm_bool(SNUM(handle->conn), "gpfs",
2029 "leases", true);
2030
2031 config->hsm = lp_parm_bool(SNUM(handle->conn), "gpfs",
2032 "hsm", false);
2033
2034 config->syncio = lp_parm_bool(SNUM(handle->conn), "gpfs",
2035 "syncio", false);
2036
2037 config->winattr = lp_parm_bool(SNUM(handle->conn), "gpfs",
2038 "winattr", false);
2039
2040 config->ftruncate = lp_parm_bool(SNUM(handle->conn), "gpfs",
2041 "ftruncate", true);
2042
2043 config->getrealfilename = lp_parm_bool(SNUM(handle->conn), "gpfs",
2044 "getrealfilename", true);
2045
2046 config->dfreequota = lp_parm_bool(SNUM(handle->conn), "gpfs",
2047 "dfreequota", false);
2048
2049 config->prealloc = lp_parm_bool(SNUM(handle->conn), "gpfs",
2050 "prealloc", true);
2051
2052 config->acl = lp_parm_bool(SNUM(handle->conn), "gpfs", "acl", true);
2053
2054 config->settimes = lp_parm_bool(SNUM(handle->conn), "gpfs",
2055 "settimes", true);
2056 config->recalls = lp_parm_bool(SNUM(handle->conn), "gpfs",
2057 "recalls", true);
2058
2059 SMB_VFS_HANDLE_SET_DATA(handle, config,
2060 NULL, struct gpfs_config_data,
2061 return -1);
2062
2063 if (config->leases) {
2064 /*
2065 * GPFS lease code is based on kernel oplock code
2066 * so make sure it is turned on
2067 */
2068 if (!lp_kernel_oplocks(SNUM(handle->conn))) {
2069 DEBUG(5, ("Enabling kernel oplocks for "
2070 "gpfs:leases to work\n"));
2071 lp_do_parameter(SNUM(handle->conn), "kernel oplocks",
2072 "true");
2073 }
2074
2075 /*
2076 * as the kernel does not properly support Level II oplocks
2077 * and GPFS leases code is based on kernel infrastructure, we
2078 * need to turn off Level II oplocks if gpfs:leases is enabled
2079 */
2080 if (lp_level2_oplocks(SNUM(handle->conn))) {
2081 DEBUG(5, ("gpfs:leases are enabled, disabling "
2082 "Level II oplocks\n"));
2083 lp_do_parameter(SNUM(handle->conn), "level2 oplocks",
2084 "false");
2085 }
2086 }
2087
2088 return 0;
2089 }
2090
2091 static int get_gpfs_quota(const char *pathname, int type, int id,
2092 struct gpfs_quotaInfo *qi)
2093 {
2094 int ret;
2095
2096 ret = gpfswrap_quotactl(discard_const_p(char, pathname),
2097 GPFS_QCMD(Q_GETQUOTA, type), id, qi);
2098
2099 if (ret) {
2100 if (errno == GPFS_E_NO_QUOTA_INST) {
2101 DEBUG(10, ("Quotas disabled on GPFS filesystem.\n"));
2102 } else if (errno != ENOSYS) {
2103 DEBUG(0, ("Get quota failed, type %d, id, %d, "
2104 "errno %d.\n", type, id, errno));
2105 }
2106
2107 return ret;
2108 }
2109
2110 DEBUG(10, ("quota type %d, id %d, blk u:%lld h:%lld s:%lld gt:%u\n",
2111 type, id, qi->blockUsage, qi->blockHardLimit,
2112 qi->blockSoftLimit, qi->blockGraceTime));
2113
2114 return ret;
2115 }
2116
2117 static void vfs_gpfs_disk_free_quota(struct gpfs_quotaInfo qi, time_t cur_time,
2118 uint64_t *dfree, uint64_t *dsize)
2119 {
2120 uint64_t usage, limit;
2121
2122 /*
2123 * The quota reporting is done in units of 1024 byte blocks, but
2124 * sys_fsusage uses units of 512 byte blocks, adjust the block number
2125 * accordingly. Also filter possibly negative usage counts from gpfs.
2126 */
2127 usage = qi.blockUsage < 0 ? 0 : (uint64_t)qi.blockUsage * 2;
2128 limit = (uint64_t)qi.blockHardLimit * 2;
2129
2130 /*
2131 * When the grace time for the exceeded soft block quota has been
2132 * exceeded, the soft block quota becomes an additional hard limit.
2133 */
2134 if (qi.blockSoftLimit &&
2135 qi.blockGraceTime && cur_time > qi.blockGraceTime) {
2136 /* report disk as full */
2137 *dfree = 0;
2138 *dsize = MIN(*dsize, usage);
2139 }
2140
2141 if (!qi.blockHardLimit)
2142 return;
2143
2144 if (usage >= limit) {
2145 /* report disk as full */
2146 *dfree = 0;
2147 *dsize = MIN(*dsize, usage);
2148
2149 } else {
2150 /* limit has not been reached, determine "free space" */
2151 *dfree = MIN(*dfree, limit - usage);
2152 *dsize = MIN(*dsize, limit);
2153 }
2154 }
2155
2156 static uint64_t vfs_gpfs_disk_free(vfs_handle_struct *handle, const char *path,
2157 uint64_t *bsize,
2158 uint64_t *dfree, uint64_t *dsize)
2159 {
2160 struct security_unix_token *utok;
2161 struct gpfs_quotaInfo qi_user = { 0 }, qi_group = { 0 };
2162 struct gpfs_config_data *config;
2163 int err;
2164 time_t cur_time;
2165
2166 SMB_VFS_HANDLE_GET_DATA(handle, config, struct gpfs_config_data,
2167 return (uint64_t)-1);
2168 if (!config->dfreequota) {
2169 return SMB_VFS_NEXT_DISK_FREE(handle, path,
2170 bsize, dfree, dsize);
2171 }
2172
2173 err = sys_fsusage(path, dfree, dsize);
2174 if (err) {
2175 DEBUG (0, ("Could not get fs usage, errno %d\n", errno));
2176 return SMB_VFS_NEXT_DISK_FREE(handle, path,
2177 bsize, dfree, dsize);
2178 }
2179
2180 /* sys_fsusage returns units of 512 bytes */
2181 *bsize = 512;
2182
2183 DEBUG(10, ("fs dfree %llu, dsize %llu\n",
2184 (unsigned long long)*dfree, (unsigned long long)*dsize));
2185
2186 utok = handle->conn->session_info->unix_token;
2187
2188 err = get_gpfs_quota(path, GPFS_USRQUOTA, utok->uid, &qi_user);
2189 if (err) {
2190 return SMB_VFS_NEXT_DISK_FREE(handle, path,
2191 bsize, dfree, dsize);
2192 }
2193
2194 err = get_gpfs_quota(path, GPFS_GRPQUOTA, utok->gid, &qi_group);
2195 if (err) {
2196 return SMB_VFS_NEXT_DISK_FREE(handle, path,
2197 bsize, dfree, dsize);
2198 }
2199
2200 cur_time = time(NULL);
2201
2202 /* Adjust free space and size according to quota limits. */
2203 vfs_gpfs_disk_free_quota(qi_user, cur_time, dfree, dsize);
2204 vfs_gpfs_disk_free_quota(qi_group, cur_time, dfree, dsize);
2205
2206 disk_norm(bsize, dfree, dsize);
2207 return *dfree;
2208 }
2209
2210 static uint32_t vfs_gpfs_capabilities(struct vfs_handle_struct *handle,
2211 enum timestamp_set_resolution *p_ts_res)
2212 {
2213 struct gpfs_config_data *config;
2214 uint32_t next;
2215
2216 next = SMB_VFS_NEXT_FS_CAPABILITIES(handle, p_ts_res);
2217
2218 SMB_VFS_HANDLE_GET_DATA(handle, config,
2219 struct gpfs_config_data,
2220 return next);
2221
2222 if (config->hsm) {
2223 next |= FILE_SUPPORTS_REMOTE_STORAGE;
2224 }
2225 return next;
2226 }
2227
2228 static int vfs_gpfs_open(struct vfs_handle_struct *handle,
2229 struct smb_filename *smb_fname, files_struct *fsp,
2230 int flags, mode_t mode)
2231 {
2232 struct gpfs_config_data *config;
2233 int ret;
2234 struct gpfs_fsp_extension *ext;
2235
2236 SMB_VFS_HANDLE_GET_DATA(handle, config,
2237 struct gpfs_config_data,
2238 return -1);
2239
2240 if (config->hsm && !config->recalls &&
2241 vfs_gpfs_fsp_is_offline(handle, fsp)) {
2242 DEBUG(10, ("Refusing access to offline file %s\n",
2243 fsp_str_dbg(fsp)));
2244 errno = EACCES;
2245 return -1;
2246 }
2247
2248 if (config->syncio) {
2249 flags |= O_SYNC;
2250 }
2251
2252 ext = VFS_ADD_FSP_EXTENSION(handle, fsp, struct gpfs_fsp_extension,
2253 NULL);
2254 if (ext == NULL) {
2255 errno = ENOMEM;
2256 return -1;
2257 }
2258
2259 /*
2260 * Assume the file is offline until gpfs tells us it's online.
2261 */
2262 *ext = (struct gpfs_fsp_extension) { .offline = true };
2263
2264 ret = SMB_VFS_NEXT_OPEN(handle, smb_fname, fsp, flags, mode);
2265 if (ret == -1) {
2266 VFS_REMOVE_FSP_EXTENSION(handle, fsp);
2267 }
2268 return ret;
2269 }
2270
2271 static ssize_t vfs_gpfs_pread(vfs_handle_struct *handle, files_struct *fsp,
2272 void *data, size_t n, off_t offset)
2273 {
2274 ssize_t ret;
2275 bool was_offline;
2276
2277 was_offline = vfs_gpfs_fsp_is_offline(handle, fsp);
2278
2279 ret = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset);
2280
2281 if ((ret != -1) && was_offline) {
2282 notify_fname(handle->conn, NOTIFY_ACTION_MODIFIED,
2283 FILE_NOTIFY_CHANGE_ATTRIBUTES,
2284 fsp->fsp_name->base_name);
2285 }
2286
2287 return ret;
2288 }
2289
2290 struct vfs_gpfs_pread_state {
2291 struct files_struct *fsp;
2292 ssize_t ret;
2293 int err;
2294 bool was_offline;
2295 };
2296
2297 static void vfs_gpfs_pread_done(struct tevent_req *subreq);
2298
2299 static struct tevent_req *vfs_gpfs_pread_send(struct vfs_handle_struct *handle,
2300 TALLOC_CTX *mem_ctx,
2301 struct tevent_context *ev,
2302 struct files_struct *fsp,
2303 void *data, size_t n,
2304 off_t offset)
2305 {
2306 struct tevent_req *req, *subreq;
2307 struct vfs_gpfs_pread_state *state;
2308
2309 req = tevent_req_create(mem_ctx, &state, struct vfs_gpfs_pread_state);
2310 if (req == NULL) {
2311 return NULL;
2312 }
2313 state->was_offline = vfs_gpfs_fsp_is_offline(handle, fsp);
2314 state->fsp = fsp;
2315 subreq = SMB_VFS_NEXT_PREAD_SEND(state, ev, handle, fsp, data,
2316 n, offset);
2317 if (tevent_req_nomem(subreq, req)) {
2318 return tevent_req_post(req, ev);
2319 }
2320 tevent_req_set_callback(subreq, vfs_gpfs_pread_done, req);
2321 return req;
2322 }
2323
2324 static void vfs_gpfs_pread_done(struct tevent_req *subreq)
2325 {
2326 struct tevent_req *req = tevent_req_callback_data(
2327 subreq, struct tevent_req);
2328 struct vfs_gpfs_pread_state *state = tevent_req_data(
2329 req, struct vfs_gpfs_pread_state);
2330
2331 state->ret = SMB_VFS_PREAD_RECV(subreq, &state->err);
2332 TALLOC_FREE(subreq);
2333 tevent_req_done(req);
2334 }
2335
2336 static ssize_t vfs_gpfs_pread_recv(struct tevent_req *req, int *err)
2337 {
2338 struct vfs_gpfs_pread_state *state = tevent_req_data(
2339 req, struct vfs_gpfs_pread_state);
2340 struct files_struct *fsp = state->fsp;
2341
2342 if (tevent_req_is_unix_error(req, err)) {
2343 return -1;
2344 }
2345 *err = state->err;
2346
2347 if ((state->ret != -1) && state->was_offline) {
2348 DEBUG(10, ("sending notify\n"));
2349 notify_fname(fsp->conn, NOTIFY_ACTION_MODIFIED,
2350 FILE_NOTIFY_CHANGE_ATTRIBUTES,
2351 fsp->fsp_name->base_name);
2352 }
2353
2354 return state->ret;
2355 }
2356
2357 static ssize_t vfs_gpfs_pwrite(vfs_handle_struct *handle, files_struct *fsp,
2358 const void *data, size_t n, off_t offset)
2359 {
2360 ssize_t ret;
2361 bool was_offline;
2362
2363 was_offline = vfs_gpfs_fsp_is_offline(handle, fsp);
2364
2365 ret = SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset);
2366
2367 if ((ret != -1) && was_offline) {
2368 notify_fname(handle->conn, NOTIFY_ACTION_MODIFIED,
2369 FILE_NOTIFY_CHANGE_ATTRIBUTES,
2370 fsp->fsp_name->base_name);
2371 }
2372
2373 return ret;
2374 }
2375
2376 struct vfs_gpfs_pwrite_state {
2377 struct files_struct *fsp;
2378 ssize_t ret;
2379 int err;
2380 bool was_offline;
2381 };
2382
2383 static void vfs_gpfs_pwrite_done(struct tevent_req *subreq);
2384
2385 static struct tevent_req *vfs_gpfs_pwrite_send(
2386 struct vfs_handle_struct *handle,
2387 TALLOC_CTX *mem_ctx,
2388 struct tevent_context *ev,
2389 struct files_struct *fsp,
2390 const void *data, size_t n,
2391 off_t offset)
2392 {
2393 struct tevent_req *req, *subreq;
2394 struct vfs_gpfs_pwrite_state *state;
2395
2396 req = tevent_req_create(mem_ctx, &state, struct vfs_gpfs_pwrite_state);
2397 if (req == NULL) {
2398 return NULL;
2399 }
2400 state->was_offline = vfs_gpfs_fsp_is_offline(handle, fsp);
2401 state->fsp = fsp;
2402 subreq = SMB_VFS_NEXT_PWRITE_SEND(state, ev, handle, fsp, data,
2403 n, offset);
2404 if (tevent_req_nomem(subreq, req)) {
2405 return tevent_req_post(req, ev);
2406 }
2407 tevent_req_set_callback(subreq, vfs_gpfs_pwrite_done, req);
2408 return req;
2409 }
2410
2411 static void vfs_gpfs_pwrite_done(struct tevent_req *subreq)
2412 {
2413 struct tevent_req *req = tevent_req_callback_data(
2414 subreq, struct tevent_req);
2415 struct vfs_gpfs_pwrite_state *state = tevent_req_data(
2416 req, struct vfs_gpfs_pwrite_state);
2417
2418 state->ret = SMB_VFS_PWRITE_RECV(subreq, &state->err);
2419 TALLOC_FREE(subreq);
2420 tevent_req_done(req);
2421 }
2422
2423 static ssize_t vfs_gpfs_pwrite_recv(struct tevent_req *req, int *err)
2424 {
2425 struct vfs_gpfs_pwrite_state *state = tevent_req_data(
2426 req, struct vfs_gpfs_pwrite_state);
2427 struct files_struct *fsp = state->fsp;
2428
2429 if (tevent_req_is_unix_error(req, err)) {
2430 return -1;
2431 }
2432 *err = state->err;
2433
2434 if ((state->ret != -1) && state->was_offline) {
2435 DEBUG(10, ("sending notify\n"));
2436 notify_fname(fsp->conn, NOTIFY_ACTION_MODIFIED,
2437 FILE_NOTIFY_CHANGE_ATTRIBUTES,
2438 fsp->fsp_name->base_name);
2439 }
2440
2441 return state->ret;
2442 }
2443
2444
2445 static struct vfs_fn_pointers vfs_gpfs_fns = {
2446 .connect_fn = vfs_gpfs_connect,
2447 .disk_free_fn = vfs_gpfs_disk_free,
2448 .fs_capabilities_fn = vfs_gpfs_capabilities,
2449 .kernel_flock_fn = vfs_gpfs_kernel_flock,
2450 .linux_setlease_fn = vfs_gpfs_setlease,
2451 .get_real_filename_fn = vfs_gpfs_get_real_filename,
2452 .fget_nt_acl_fn = gpfsacl_fget_nt_acl,
2453 .get_nt_acl_fn = gpfsacl_get_nt_acl,
2454 .fset_nt_acl_fn = gpfsacl_fset_nt_acl,
2455 .sys_acl_get_file_fn = gpfsacl_sys_acl_get_file,
2456 .sys_acl_get_fd_fn = gpfsacl_sys_acl_get_fd,
2457 .sys_acl_blob_get_file_fn = gpfsacl_sys_acl_blob_get_file,
2458 .sys_acl_blob_get_fd_fn = gpfsacl_sys_acl_blob_get_fd,
2459 .sys_acl_set_file_fn = gpfsacl_sys_acl_set_file,
2460 .sys_acl_set_fd_fn = gpfsacl_sys_acl_set_fd,
2461 .sys_acl_delete_def_file_fn = gpfsacl_sys_acl_delete_def_file,
2462 .chmod_fn = vfs_gpfs_chmod,
2463 .fchmod_fn = vfs_gpfs_fchmod,
2464 .close_fn = vfs_gpfs_close,
2465 .setxattr_fn = gpfs_set_xattr,
2466 .getxattr_fn = gpfs_get_xattr,
2467 .stat_fn = vfs_gpfs_stat,
2468 .fstat_fn = vfs_gpfs_fstat,
2469 .lstat_fn = vfs_gpfs_lstat,
2470 .ntimes_fn = vfs_gpfs_ntimes,
2471 .is_offline_fn = vfs_gpfs_is_offline,
2472 .aio_force_fn = vfs_gpfs_aio_force,
2473 .sendfile_fn = vfs_gpfs_sendfile,
2474 .fallocate_fn = vfs_gpfs_fallocate,
2475 .open_fn = vfs_gpfs_open,
2476 .pread_fn = vfs_gpfs_pread,
2477 .pread_send_fn = vfs_gpfs_pread_send,
2478 .pread_recv_fn = vfs_gpfs_pread_recv,
2479 .pwrite_fn = vfs_gpfs_pwrite,
2480 .pwrite_send_fn = vfs_gpfs_pwrite_send,
2481 .pwrite_recv_fn = vfs_gpfs_pwrite_recv,
2482 .ftruncate_fn = vfs_gpfs_ftruncate
2483 };
2484
2485 NTSTATUS vfs_gpfs_init(void);
2486 NTSTATUS vfs_gpfs_init(void)
2487 {
2488 int ret;
2489
2490 ret = gpfswrap_init();
2491 if (ret != 0) {
2492 DEBUG(1, ("Could not initialize GPFS library wrapper\n"));
2493 }
2494
2495 return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "gpfs",
2496 &vfs_gpfs_fns);
2497 }
Samba GIT mirror