search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s3:idmap_ad: add support for ADS_AUTH_SASL_{STARTTLS,LDAPS}
[Samba.git] / source3 / modules / vfs_gpfs.c
bloba8b4e38ff88c00c61285258f92c4f4a67de152a2
1 /*
2 * Unix SMB/CIFS implementation.
3 * Samba VFS module for GPFS filesystem
4 * Copyright (C) Christian Ambach <cambach1@de.ibm.com> 2006
5 * Copyright (C) Christof Schmitt 2015
6 * Major code contributions by Chetan Shringarpure <chetan.sh@in.ibm.com>
7 * and Gomati Mohanan <gomati.mohanan@in.ibm.com>
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, see <http://www.gnu.org/licenses/>.
21 */
22
23 #include "includes.h"
24 #include "smbd/smbd.h"
25 #include "include/smbprofile.h"
26 #include "modules/non_posix_acls.h"
27 #include "libcli/security/security.h"
28 #include "nfs4_acls.h"
29 #include "system/filesys.h"
30 #include "auth.h"
31 #include "lib/util/tevent_unix.h"
32 #include "lib/util/gpfswrap.h"
33
34 #include <gnutls/gnutls.h>
35 #include <gnutls/crypto.h>
36 #include "lib/crypto/gnutls_helpers.h"
37
38 #undef DBGC_CLASS
39 #define DBGC_CLASS DBGC_VFS
40
41 #ifndef GPFS_GETACL_NATIVE
42 #define GPFS_GETACL_NATIVE 0x00000004
43 #endif
44
45 struct gpfs_config_data {
46 struct smbacl4_vfs_params nfs4_params;
47 bool sharemodes;
48 bool leases;
49 bool hsm;
50 bool syncio;
51 bool winattr;
52 bool ftruncate;
53 bool getrealfilename;
54 bool dfreequota;
55 bool acl;
56 bool settimes;
57 bool recalls;
58 struct {
59 bool gpfs_fstat_x;
60 } pathref_ok;
61 };
62
63 struct gpfs_fsp_extension {
64 bool offline;
65 };
66
67 static inline unsigned int gpfs_acl_flags(gpfs_acl_t *gacl)
68 {
69 if (gacl->acl_level == GPFS_ACL_LEVEL_V4FLAGS) {
70 return gacl->v4Level1.acl_flags;
71 }
72 return 0;
73 }
74
75 static inline gpfs_ace_v4_t *gpfs_ace_ptr(gpfs_acl_t *gacl, unsigned int i)
76 {
77 if (gacl->acl_level == GPFS_ACL_LEVEL_V4FLAGS) {
78 return &gacl->v4Level1.ace_v4[i];
79 }
80 return &gacl->ace_v4[i];
81 }
82
83 static unsigned int vfs_gpfs_access_mask_to_allow(uint32_t access_mask)
84 {
85 unsigned int allow = GPFS_SHARE_NONE;
86
87 if (access_mask & (FILE_WRITE_DATA|FILE_APPEND_DATA)) {
88 allow |= GPFS_SHARE_WRITE;
89 }
90 if (access_mask & (FILE_READ_DATA|FILE_EXECUTE)) {
91 allow |= GPFS_SHARE_READ;
92 }
93
94 return allow;
95 }
96
97 static unsigned int vfs_gpfs_share_access_to_deny(uint32_t share_access)
98 {
99 unsigned int deny = GPFS_DENY_NONE;
100
101 if (!(share_access & FILE_SHARE_WRITE)) {
102 deny |= GPFS_DENY_WRITE;
103 }
104 if (!(share_access & FILE_SHARE_READ)) {
105 deny |= GPFS_DENY_READ;
106 }
107
108 /*
109 * GPFS_DENY_DELETE can only be set together with either
110 * GPFS_DENY_WRITE or GPFS_DENY_READ.
111 */
112 if ((deny & (GPFS_DENY_WRITE|GPFS_DENY_READ)) &&
113 !(share_access & FILE_SHARE_DELETE)) {
114 deny |= GPFS_DENY_DELETE;
115 }
116
117 return deny;
118 }
119
120 static int set_gpfs_sharemode(files_struct *fsp, uint32_t access_mask,
121 uint32_t share_access)
122 {
123 unsigned int allow = GPFS_SHARE_NONE;
124 unsigned int deny = GPFS_DENY_NONE;
125 int result;
126
127 if (access_mask == 0) {
128 DBG_DEBUG("Clearing file system share mode.\n");
129 } else {
130 allow = vfs_gpfs_access_mask_to_allow(access_mask);
131 deny = vfs_gpfs_share_access_to_deny(share_access);
132 }
133 DBG_DEBUG("access_mask=0x%x, allow=0x%x, share_access=0x%x, "
134 "deny=0x%x\n", access_mask, allow, share_access, deny);
135
136 result = gpfswrap_set_share(fsp_get_io_fd(fsp), allow, deny);
137 if (result == 0) {
138 return 0;
139 }
140
141 if (errno == EACCES) {
142 DBG_NOTICE("GPFS share mode denied for %s/%s.\n",
143 fsp->conn->connectpath,
144 fsp->fsp_name->base_name);
145 } else if (errno == EPERM) {
146 DBG_ERR("Samba requested GPFS sharemode for %s/%s, but the "
147 "GPFS file system is not configured accordingly. "
148 "Configure file system with mmchfs -D nfs4 or "
149 "set gpfs:sharemodes=no in Samba.\n",
150 fsp->conn->connectpath,
151 fsp->fsp_name->base_name);
152 } else {
153 DBG_ERR("gpfs_set_share failed: %s\n", strerror(errno));
154 }
155
156 return result;
157 }
158
159 static int vfs_gpfs_filesystem_sharemode(vfs_handle_struct *handle,
160 files_struct *fsp,
161 uint32_t share_access,
162 uint32_t access_mask)
163 {
164
165 struct gpfs_config_data *config;
166 int ret = 0;
167
168 SMB_VFS_HANDLE_GET_DATA(handle, config,
169 struct gpfs_config_data,
170 return -1);
171
172 if(!config->sharemodes) {
173 return 0;
174 }
175
176 /*
177 * A named stream fsp will have the basefile open in the fsp
178 * fd, so lacking a distinct fd for the stream we have to skip
179 * set_gpfs_sharemode for stream.
180 */
181 if (fsp_is_alternate_stream(fsp)) {
182 DBG_NOTICE("Not requesting GPFS sharemode on stream: %s/%s\n",
183 fsp->conn->connectpath,
184 fsp_str_dbg(fsp));
185 return 0;
186 }
187
188 ret = set_gpfs_sharemode(fsp, access_mask, share_access);
189
190 return ret;
191 }
192
193 static int vfs_gpfs_close(vfs_handle_struct *handle, files_struct *fsp)
194 {
195
196 struct gpfs_config_data *config;
197
198 SMB_VFS_HANDLE_GET_DATA(handle, config,
199 struct gpfs_config_data,
200 return -1);
201
202 if (config->sharemodes &&
203 (fsp->fsp_flags.kernel_share_modes_taken))
204 {
205 /*
206 * Always clear GPFS sharemode in case the actual
207 * close gets deferred due to outstanding POSIX locks
208 * (see fd_close_posix)
209 */
210 int ret = gpfswrap_set_share(fsp_get_io_fd(fsp), 0, 0);
211 if (ret != 0) {
212 DBG_ERR("Clearing GPFS sharemode on close failed for "
213 " %s/%s: %s\n",
214 fsp->conn->connectpath,
215 fsp->fsp_name->base_name,
216 strerror(errno));
217 }
218 }
219
220 return SMB_VFS_NEXT_CLOSE(handle, fsp);
221 }
222
223 #ifdef HAVE_KERNEL_OPLOCKS_LINUX
224 static int lease_type_to_gpfs(int leasetype)
225 {
226 if (leasetype == F_RDLCK) {
227 return GPFS_LEASE_READ;
228 }
229
230 if (leasetype == F_WRLCK) {
231 return GPFS_LEASE_WRITE;
232 }
233
234 return GPFS_LEASE_NONE;
235 }
236
237 static int vfs_gpfs_setlease(vfs_handle_struct *handle,
238 files_struct *fsp,
239 int leasetype)
240 {
241 struct gpfs_config_data *config;
242 int ret=0;
243
244 START_PROFILE(syscall_linux_setlease);
245
246 SMB_VFS_HANDLE_GET_DATA(handle, config,
247 struct gpfs_config_data,
248 return -1);
249
250 ret = linux_set_lease_sighandler(fsp_get_io_fd(fsp));
251 if (ret == -1) {
252 goto failure;
253 }
254
255 if (config->leases) {
256 int gpfs_lease_type = lease_type_to_gpfs(leasetype);
257 int saved_errno = 0;
258
259 /*
260 * Ensure the lease owner is root to allow
261 * correct delivery of lease-break signals.
262 */
263 become_root();
264 ret = gpfswrap_set_lease(fsp_get_io_fd(fsp), gpfs_lease_type);
265 if (ret < 0) {
266 saved_errno = errno;
267 }
268 unbecome_root();
269
270 if (saved_errno != 0) {
271 errno = saved_errno;
272 }
273 }
274
275 failure:
276 END_PROFILE(syscall_linux_setlease);
277
278 return ret;
279 }
280
281 #else /* HAVE_KERNEL_OPLOCKS_LINUX */
282
283 static int vfs_gpfs_setlease(vfs_handle_struct *handle,
284 files_struct *fsp,
285 int leasetype)
286 {
287 return ENOSYS;
288 }
289 #endif /* HAVE_KERNEL_OPLOCKS_LINUX */
290
291 static NTSTATUS vfs_gpfs_get_real_filename_at(struct vfs_handle_struct *handle,
292 struct files_struct *dirfsp,
293 const char *name,
294 TALLOC_CTX *mem_ctx,
295 char **found_name)
296 {
297 int result;
298 char *full_path = NULL;
299 char *to_free = NULL;
300 char real_pathname[PATH_MAX+1], tmpbuf[PATH_MAX];
301 size_t full_path_len;
302 int buflen;
303 bool mangled;
304 struct gpfs_config_data *config;
305
306 SMB_VFS_HANDLE_GET_DATA(handle, config,
307 struct gpfs_config_data,
308 return NT_STATUS_INTERNAL_ERROR);
309
310 if (!config->getrealfilename) {
311 return SMB_VFS_NEXT_GET_REAL_FILENAME_AT(
312 handle, dirfsp, name, mem_ctx, found_name);
313 }
314
315 mangled = mangle_is_mangled(name, handle->conn->params);
316 if (mangled) {
317 return SMB_VFS_NEXT_GET_REAL_FILENAME_AT(
318 handle, dirfsp, name, mem_ctx, found_name);
319 }
320
321 full_path_len = full_path_tos(dirfsp->fsp_name->base_name, name,
322 tmpbuf, sizeof(tmpbuf),
323 &full_path, &to_free);
324 if (full_path_len == -1) {
325 return NT_STATUS_NO_MEMORY;
326 }
327
328 buflen = sizeof(real_pathname) - 1;
329
330 result = gpfswrap_get_realfilename_path(full_path, real_pathname,
331 &buflen);
332
333 TALLOC_FREE(to_free);
334
335 if ((result == -1) && (errno == ENOSYS)) {
336 return SMB_VFS_NEXT_GET_REAL_FILENAME_AT(
337 handle, dirfsp, name, mem_ctx, found_name);
338 }
339
340 if (result == -1) {
341 DEBUG(10, ("smbd_gpfs_get_realfilename_path returned %s\n",
342 strerror(errno)));
343 return map_nt_error_from_unix(errno);
344 }
345
346 /*
347 * GPFS does not necessarily null-terminate the returned path
348 * but instead returns the buffer length in buflen.
349 */
350
351 if (buflen < sizeof(real_pathname)) {
352 real_pathname[buflen] = '\0';
353 } else {
354 real_pathname[sizeof(real_pathname)-1] = '\0';
355 }
356
357 DBG_DEBUG("%s/%s -> %s\n",
358 fsp_str_dbg(dirfsp),
359 name,
360 real_pathname);
361
362 name = strrchr_m(real_pathname, '/');
363 if (name == NULL) {
364 return NT_STATUS_OBJECT_NAME_NOT_FOUND;
365 }
366
367 *found_name = talloc_strdup(mem_ctx, name+1);
368 if (*found_name == NULL) {
369 return NT_STATUS_NO_MEMORY;
370 }
371
372 return NT_STATUS_OK;
373 }
374
375 static void sd2gpfs_control(uint16_t control, struct gpfs_acl *gacl)
376 {
377 unsigned int gpfs_aclflags = 0;
378 control &= SEC_DESC_DACL_PROTECTED | SEC_DESC_SACL_PROTECTED |
379 SEC_DESC_DACL_AUTO_INHERITED | SEC_DESC_SACL_AUTO_INHERITED |
380 SEC_DESC_DACL_DEFAULTED | SEC_DESC_SACL_DEFAULTED |
381 SEC_DESC_DACL_PRESENT | SEC_DESC_SACL_PRESENT;
382 gpfs_aclflags = control << 8;
383 if (!(control & SEC_DESC_DACL_PRESENT))
384 gpfs_aclflags |= ACL4_FLAG_NULL_DACL;
385 if (!(control & SEC_DESC_SACL_PRESENT))
386 gpfs_aclflags |= ACL4_FLAG_NULL_SACL;
387 gacl->acl_level = GPFS_ACL_LEVEL_V4FLAGS;
388 gacl->v4Level1.acl_flags = gpfs_aclflags;
389 }
390
391 static uint16_t gpfs2sd_control(unsigned int gpfs_aclflags)
392 {
393 uint16_t control = gpfs_aclflags >> 8;
394 control &= SEC_DESC_DACL_PROTECTED | SEC_DESC_SACL_PROTECTED |
395 SEC_DESC_DACL_AUTO_INHERITED | SEC_DESC_SACL_AUTO_INHERITED |
396 SEC_DESC_DACL_DEFAULTED | SEC_DESC_SACL_DEFAULTED |
397 SEC_DESC_DACL_PRESENT | SEC_DESC_SACL_PRESENT;
398 control |= SEC_DESC_SELF_RELATIVE;
399 return control;
400 }
401
402 static void gpfs_dumpacl(int level, struct gpfs_acl *gacl)
403 {
404 gpfs_aclCount_t i;
405 if (gacl==NULL)
406 {
407 DEBUG(0, ("gpfs acl is NULL\n"));
408 return;
409 }
410
411 DEBUG(level, ("len: %d, level: %d, version: %d, nace: %d, "
412 "control: %x\n",
413 gacl->acl_len, gacl->acl_level, gacl->acl_version,
414 gacl->acl_nace, gpfs_acl_flags(gacl)));
415
416 for(i=0; i<gacl->acl_nace; i++)
417 {
418 struct gpfs_ace_v4 *gace = gpfs_ace_ptr(gacl, i);
419 DEBUG(level, ("\tace[%d]: type:%d, flags:0x%x, mask:0x%x, "
420 "iflags:0x%x, who:%u\n",
421 i, gace->aceType, gace->aceFlags, gace->aceMask,
422 gace->aceIFlags, gace->aceWho));
423 }
424 }
425
426 static int gpfs_getacl_with_capability(struct files_struct *fsp,
427 int flags,
428 void *buf)
429 {
430 int ret, saved_errno;
431
432 set_effective_capability(DAC_OVERRIDE_CAPABILITY);
433
434 ret = gpfswrap_fgetacl(fsp_get_pathref_fd(fsp), flags, buf);
435 saved_errno = errno;
436
437 drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
438
439 errno = saved_errno;
440 return ret;
441 }
442
443 /*
444 * get the ACL from GPFS, allocated on the specified mem_ctx
445 * internally retries when initial buffer was too small
446 *
447 * caller needs to cast result to either
448 * raw = yes: struct gpfs_opaque_acl
449 * raw = no: struct gpfs_acl
450 *
451 */
452 static void *vfs_gpfs_getacl(TALLOC_CTX *mem_ctx,
453 struct files_struct *fsp,
454 const bool raw,
455 const gpfs_aclType_t type)
456 {
457 const char *fname = fsp->fsp_name->base_name;
458 void *aclbuf;
459 size_t size = 512;
460 int ret, flags;
461 unsigned int *len;
462 size_t struct_size;
463 bool use_capability = false;
464
465 again:
466
467 aclbuf = talloc_zero_size(mem_ctx, size);
468 if (aclbuf == NULL) {
469 errno = ENOMEM;
470 return NULL;
471 }
472
473 if (raw) {
474 struct gpfs_opaque_acl *buf = (struct gpfs_opaque_acl *) aclbuf;
475 buf->acl_type = type;
476 flags = GPFS_GETACL_NATIVE;
477 len = (unsigned int *) &(buf->acl_buffer_len);
478 struct_size = sizeof(struct gpfs_opaque_acl);
479 } else {
480 struct gpfs_acl *buf = (struct gpfs_acl *) aclbuf;
481 buf->acl_type = type;
482 buf->acl_level = GPFS_ACL_LEVEL_V4FLAGS;
483 flags = GPFS_GETACL_STRUCT;
484 len = &(buf->acl_len);
485 /* reserve space for control flags in gpfs 3.5 and beyond */
486 struct_size = sizeof(struct gpfs_acl) + sizeof(unsigned int);
487 }
488
489 /* set the length of the buffer as input value */
490 *len = size;
491
492 if (use_capability) {
493 ret = gpfs_getacl_with_capability(fsp, flags, aclbuf);
494 } else {
495 ret = gpfswrap_fgetacl(fsp_get_pathref_fd(fsp), flags, aclbuf);
496 if ((ret != 0) && (errno == EACCES)) {
497 DBG_DEBUG("Retry with DAC capability for %s\n", fname);
498 use_capability = true;
499 ret = gpfs_getacl_with_capability(fsp, flags, aclbuf);
500 }
501 }
502
503 if ((ret != 0) && (errno == ENOSPC)) {
504 /*
505 * get the size needed to accommodate the complete buffer
506 *
507 * the value returned only applies to the ACL blob in the
508 * struct so make sure to also have headroom for the first
509 * struct members by adding room for the complete struct
510 * (might be a few bytes too much then)
511 */
512 size = *len + struct_size;
513 talloc_free(aclbuf);
514 DEBUG(10, ("Increasing ACL buffer size to %zu\n", size));
515 goto again;
516 }
517
518 if (ret != 0) {
519 DEBUG(5, ("smbd_gpfs_getacl failed with %s\n",
520 strerror(errno)));
521 talloc_free(aclbuf);
522 return NULL;
523 }
524
525 return aclbuf;
526 }
527
528 /* Tries to get nfs4 acls and returns SMB ACL allocated.
529 * On failure returns 1 if it got non-NFSv4 ACL to prompt
530 * retry with POSIX ACL checks.
531 * On failure returns -1 if there is system (GPFS) error, check errno.
532 * Returns 0 on success
533 */
534 static int gpfs_get_nfs4_acl(TALLOC_CTX *mem_ctx,
535 struct files_struct *fsp,
536 struct SMB4ACL_T **ppacl)
537 {
538 const char *fname = fsp->fsp_name->base_name;
539 gpfs_aclCount_t i;
540 struct gpfs_acl *gacl = NULL;
541 DEBUG(10, ("gpfs_get_nfs4_acl invoked for %s\n", fname));
542
543 /* Get the ACL */
544 gacl = (struct gpfs_acl*) vfs_gpfs_getacl(talloc_tos(), fsp,
545 false, 0);
546 if (gacl == NULL) {
547 DEBUG(9, ("gpfs_getacl failed for %s with %s\n",
548 fname, strerror(errno)));
549 if (errno == ENODATA) {
550 /*
551 * GPFS returns ENODATA for snapshot
552 * directories. Retry with POSIX ACLs check.
553 */
554 return 1;
555 }
556
557 return -1;
558 }
559
560 if (gacl->acl_type != GPFS_ACL_TYPE_NFS4) {
561 DEBUG(10, ("Got non-nfsv4 acl\n"));
562 /* Retry with POSIX ACLs check */
563 talloc_free(gacl);
564 return 1;
565 }
566
567 *ppacl = smb_create_smb4acl(mem_ctx);
568
569 if (gacl->acl_level == GPFS_ACL_LEVEL_V4FLAGS) {
570 uint16_t control = gpfs2sd_control(gpfs_acl_flags(gacl));
571 smbacl4_set_controlflags(*ppacl, control);
572 }
573
574 DEBUG(10, ("len: %d, level: %d, version: %d, nace: %d, control: %x\n",
575 gacl->acl_len, gacl->acl_level, gacl->acl_version,
576 gacl->acl_nace, gpfs_acl_flags(gacl)));
577
578 for (i=0; i<gacl->acl_nace; i++) {
579 struct gpfs_ace_v4 *gace = gpfs_ace_ptr(gacl, i);
580 SMB_ACE4PROP_T smbace = { 0 };
581 DEBUG(10, ("type: %d, iflags: %x, flags: %x, mask: %x, "
582 "who: %d\n", gace->aceType, gace->aceIFlags,
583 gace->aceFlags, gace->aceMask, gace->aceWho));
584
585 if (gace->aceIFlags & ACE4_IFLAG_SPECIAL_ID) {
586 smbace.flags |= SMB_ACE4_ID_SPECIAL;
587 switch (gace->aceWho) {
588 case ACE4_SPECIAL_OWNER:
589 smbace.who.special_id = SMB_ACE4_WHO_OWNER;
590 break;
591 case ACE4_SPECIAL_GROUP:
592 smbace.who.special_id = SMB_ACE4_WHO_GROUP;
593 break;
594 case ACE4_SPECIAL_EVERYONE:
595 smbace.who.special_id = SMB_ACE4_WHO_EVERYONE;
596 break;
597 default:
598 DEBUG(8, ("invalid special gpfs id %d "
599 "ignored\n", gace->aceWho));
600 continue; /* don't add it */
601 }
602 } else {
603 if (gace->aceFlags & ACE4_FLAG_GROUP_ID)
604 smbace.who.gid = gace->aceWho;
605 else
606 smbace.who.uid = gace->aceWho;
607 }
608
609 /* remove redundant deny entries */
610 if (i > 0 && gace->aceType == SMB_ACE4_ACCESS_DENIED_ACE_TYPE) {
611 struct gpfs_ace_v4 *prev = gpfs_ace_ptr(gacl, i - 1);
612 if (prev->aceType == SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE &&
613 prev->aceFlags == gace->aceFlags &&
614 prev->aceIFlags == gace->aceIFlags &&
615 (gace->aceMask & prev->aceMask) == 0 &&
616 gace->aceWho == prev->aceWho) {
617 /* it's redundant - skip it */
618 continue;
619 }
620 }
621
622 smbace.aceType = gace->aceType;
623 smbace.aceFlags = gace->aceFlags;
624 smbace.aceMask = gace->aceMask;
625 smb_add_ace4(*ppacl, &smbace);
626 }
627
628 talloc_free(gacl);
629
630 return 0;
631 }
632
633 static NTSTATUS gpfsacl_fget_nt_acl(vfs_handle_struct *handle,
634 files_struct *fsp, uint32_t security_info,
635 TALLOC_CTX *mem_ctx,
636 struct security_descriptor **ppdesc)
637 {
638 struct SMB4ACL_T *pacl = NULL;
639 int result;
640 struct gpfs_config_data *config;
641 TALLOC_CTX *frame = talloc_stackframe();
642 NTSTATUS status;
643
644 *ppdesc = NULL;
645
646 SMB_VFS_HANDLE_GET_DATA(handle, config,
647 struct gpfs_config_data,
648 return NT_STATUS_INTERNAL_ERROR);
649
650 if (!config->acl) {
651 status = SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info,
652 mem_ctx, ppdesc);
653 TALLOC_FREE(frame);
654 return status;
655 }
656
657 result = gpfs_get_nfs4_acl(frame, fsp, &pacl);
658
659 if (result == 0) {
660 status = smb_fget_nt_acl_nfs4(fsp, &config->nfs4_params,
661 security_info,
662 mem_ctx, ppdesc, pacl);
663 TALLOC_FREE(frame);
664 return status;
665 }
666
667 if (result > 0) {
668 DEBUG(10, ("retrying with posix acl...\n"));
669 status = posix_fget_nt_acl(fsp, security_info,
670 mem_ctx, ppdesc);
671 TALLOC_FREE(frame);
672 return status;
673 }
674
675 TALLOC_FREE(frame);
676
677 /* GPFS ACL was not read, something wrong happened, error code is set in errno */
678 return map_nt_error_from_unix(errno);
679 }
680
681 static bool vfs_gpfs_nfs4_ace_to_gpfs_ace(SMB_ACE4PROP_T *nfs4_ace,
682 struct gpfs_ace_v4 *gace,
683 uid_t owner_uid)
684 {
685 gace->aceType = nfs4_ace->aceType;
686 gace->aceFlags = nfs4_ace->aceFlags;
687 gace->aceMask = nfs4_ace->aceMask;
688
689 if (nfs4_ace->flags & SMB_ACE4_ID_SPECIAL) {
690 switch(nfs4_ace->who.special_id) {
691 case SMB_ACE4_WHO_EVERYONE:
692 gace->aceIFlags = ACE4_IFLAG_SPECIAL_ID;
693 gace->aceWho = ACE4_SPECIAL_EVERYONE;
694 break;
695 case SMB_ACE4_WHO_OWNER:
696 /*
697 * With GPFS it is not possible to deny ACL or
698 * attribute access to the owner. Setting an
699 * ACL with such an entry is not possible.
700 * Denying ACL or attribute access for the
701 * owner through a named ACL entry can be
702 * stored in an ACL, it is just not effective.
703 *
704 * Map this case to a named entry to allow at
705 * least setting this ACL, which will be
706 * enforced by the smbd permission check. Do
707 * not do this for an inheriting OWNER entry,
708 * as this represents a CREATOR OWNER ACE. The
709 * remaining limitation is that CREATOR OWNER
710 * cannot deny ACL or attribute access.
711 */
712 if (!nfs_ace_is_inherit(nfs4_ace) &&
713 nfs4_ace->aceType ==
714 SMB_ACE4_ACCESS_DENIED_ACE_TYPE &&
715 nfs4_ace->aceMask & (SMB_ACE4_READ_ATTRIBUTES|
716 SMB_ACE4_WRITE_ATTRIBUTES|
717 SMB_ACE4_READ_ACL|
718 SMB_ACE4_WRITE_ACL)) {
719 gace->aceIFlags = 0;
720 gace->aceWho = owner_uid;
721 } else {
722 gace->aceIFlags = ACE4_IFLAG_SPECIAL_ID;
723 gace->aceWho = ACE4_SPECIAL_OWNER;
724 }
725 break;
726 case SMB_ACE4_WHO_GROUP:
727 gace->aceIFlags = ACE4_IFLAG_SPECIAL_ID;
728 gace->aceWho = ACE4_SPECIAL_GROUP;
729 break;
730 default:
731 DBG_WARNING("Unsupported special_id %d\n",
732 nfs4_ace->who.special_id);
733 return false;
734 }
735
736 return true;
737 }
738
739 gace->aceIFlags = 0;
740 gace->aceWho = (nfs4_ace->aceFlags & SMB_ACE4_IDENTIFIER_GROUP) ?
741 nfs4_ace->who.gid : nfs4_ace->who.uid;
742
743 return true;
744 }
745
746 static struct gpfs_acl *vfs_gpfs_smbacl2gpfsacl(TALLOC_CTX *mem_ctx,
747 files_struct *fsp,
748 struct SMB4ACL_T *smbacl,
749 bool controlflags)
750 {
751 struct gpfs_acl *gacl;
752 gpfs_aclLen_t gacl_len;
753 struct SMB4ACE_T *smbace;
754
755 gacl_len = offsetof(gpfs_acl_t, ace_v4) + sizeof(unsigned int)
756 + smb_get_naces(smbacl) * sizeof(gpfs_ace_v4_t);
757
758 gacl = (struct gpfs_acl *)TALLOC_SIZE(mem_ctx, gacl_len);
759 if (gacl == NULL) {
760 DEBUG(0, ("talloc failed\n"));
761 errno = ENOMEM;
762 return NULL;
763 }
764
765 gacl->acl_level = GPFS_ACL_LEVEL_BASE;
766 gacl->acl_version = GPFS_ACL_VERSION_NFS4;
767 gacl->acl_type = GPFS_ACL_TYPE_NFS4;
768 gacl->acl_nace = 0; /* change later... */
769
770 if (controlflags) {
771 gacl->acl_level = GPFS_ACL_LEVEL_V4FLAGS;
772 sd2gpfs_control(smbacl4_get_controlflags(smbacl), gacl);
773 }
774
775 for (smbace=smb_first_ace4(smbacl); smbace!=NULL; smbace = smb_next_ace4(smbace)) {
776 struct gpfs_ace_v4 *gace = gpfs_ace_ptr(gacl, gacl->acl_nace);
777 SMB_ACE4PROP_T *aceprop = smb_get_ace4(smbace);
778 bool add_ace;
779
780 add_ace = vfs_gpfs_nfs4_ace_to_gpfs_ace(aceprop, gace,
781 fsp->fsp_name->st.st_ex_uid);
782 if (!add_ace) {
783 continue;
784 }
785
786 gacl->acl_nace++;
787 }
788 gacl->acl_len = (char *)gpfs_ace_ptr(gacl, gacl->acl_nace)
789 - (char *)gacl;
790 return gacl;
791 }
792
793 static bool gpfsacl_process_smbacl(vfs_handle_struct *handle,
794 files_struct *fsp,
795 struct SMB4ACL_T *smbacl)
796 {
797 int ret;
798 struct gpfs_acl *gacl;
799 TALLOC_CTX *mem_ctx = talloc_tos();
800
801 gacl = vfs_gpfs_smbacl2gpfsacl(mem_ctx, fsp, smbacl, true);
802 if (gacl == NULL) { /* out of memory */
803 return False;
804 }
805 ret = gpfswrap_putacl(fsp->fsp_name->base_name,
806 GPFS_PUTACL_STRUCT | GPFS_ACL_SAMBA, gacl);
807
808 if ((ret != 0) && (errno == EINVAL)) {
809 DEBUG(10, ("Retry without nfs41 control flags\n"));
810 talloc_free(gacl);
811 gacl = vfs_gpfs_smbacl2gpfsacl(mem_ctx, fsp, smbacl, false);
812 if (gacl == NULL) { /* out of memory */
813 return False;
814 }
815 ret = gpfswrap_putacl(fsp->fsp_name->base_name,
816 GPFS_PUTACL_STRUCT | GPFS_ACL_SAMBA,
817 gacl);
818 }
819
820 if (ret != 0) {
821 DEBUG(8, ("gpfs_putacl failed with %s\n", strerror(errno)));
822 gpfs_dumpacl(8, gacl);
823 return False;
824 }
825
826 DEBUG(10, ("gpfs_putacl succeeded\n"));
827 return True;
828 }
829
830 static NTSTATUS gpfsacl_set_nt_acl_internal(vfs_handle_struct *handle, files_struct *fsp, uint32_t security_info_sent, const struct security_descriptor *psd)
831 {
832 struct gpfs_acl *acl;
833 NTSTATUS result = NT_STATUS_ACCESS_DENIED;
834
835 acl = (struct gpfs_acl*) vfs_gpfs_getacl(talloc_tos(),
836 fsp,
837 false, 0);
838 if (acl == NULL) {
839 return map_nt_error_from_unix(errno);
840 }
841
842 if (acl->acl_version == GPFS_ACL_VERSION_NFS4) {
843 struct gpfs_config_data *config;
844
845 SMB_VFS_HANDLE_GET_DATA(handle, config,
846 struct gpfs_config_data,
847 return NT_STATUS_INTERNAL_ERROR);
848
849 result = smb_set_nt_acl_nfs4(handle,
850 fsp, &config->nfs4_params, security_info_sent, psd,
851 gpfsacl_process_smbacl);
852 } else { /* assume POSIX ACL - by default... */
853 result = set_nt_acl(fsp, security_info_sent, psd);
854 }
855
856 talloc_free(acl);
857 return result;
858 }
859
860 static NTSTATUS gpfsacl_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32_t security_info_sent, const struct security_descriptor *psd)
861 {
862 struct gpfs_config_data *config;
863
864 SMB_VFS_HANDLE_GET_DATA(handle, config,
865 struct gpfs_config_data,
866 return NT_STATUS_INTERNAL_ERROR);
867
868 if (!config->acl) {
869 return SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
870 }
871
872 return gpfsacl_set_nt_acl_internal(handle, fsp, security_info_sent, psd);
873 }
874
875 static SMB_ACL_T gpfs2smb_acl(const struct gpfs_acl *pacl, TALLOC_CTX *mem_ctx)
876 {
877 SMB_ACL_T result;
878 gpfs_aclCount_t i;
879
880 result = sys_acl_init(mem_ctx);
881 if (result == NULL) {
882 errno = ENOMEM;
883 return NULL;
884 }
885
886 result->count = pacl->acl_nace;
887 result->acl = talloc_realloc(result, result->acl, struct smb_acl_entry,
888 result->count);
889 if (result->acl == NULL) {
890 TALLOC_FREE(result);
891 errno = ENOMEM;
892 return NULL;
893 }
894
895 for (i=0; i<pacl->acl_nace; i++) {
896 struct smb_acl_entry *ace = &result->acl[i];
897 const struct gpfs_ace_v1 *g_ace = &pacl->ace_v1[i];
898
899 DEBUG(10, ("Converting type %d id %lu perm %x\n",
900 (int)g_ace->ace_type, (unsigned long)g_ace->ace_who,
901 (int)g_ace->ace_perm));
902
903 switch (g_ace->ace_type) {
904 case GPFS_ACL_USER:
905 ace->a_type = SMB_ACL_USER;
906 ace->info.user.uid = (uid_t)g_ace->ace_who;
907 break;
908 case GPFS_ACL_USER_OBJ:
909 ace->a_type = SMB_ACL_USER_OBJ;
910 break;
911 case GPFS_ACL_GROUP:
912 ace->a_type = SMB_ACL_GROUP;
913 ace->info.group.gid = (gid_t)g_ace->ace_who;
914 break;
915 case GPFS_ACL_GROUP_OBJ:
916 ace->a_type = SMB_ACL_GROUP_OBJ;
917 break;
918 case GPFS_ACL_OTHER:
919 ace->a_type = SMB_ACL_OTHER;
920 break;
921 case GPFS_ACL_MASK:
922 ace->a_type = SMB_ACL_MASK;
923 break;
924 default:
925 DEBUG(10, ("Got invalid ace_type: %d\n",
926 g_ace->ace_type));
927 TALLOC_FREE(result);
928 errno = EINVAL;
929 return NULL;
930 }
931
932 ace->a_perm = 0;
933 ace->a_perm |= (g_ace->ace_perm & ACL_PERM_READ) ?
934 SMB_ACL_READ : 0;
935 ace->a_perm |= (g_ace->ace_perm & ACL_PERM_WRITE) ?
936 SMB_ACL_WRITE : 0;
937 ace->a_perm |= (g_ace->ace_perm & ACL_PERM_EXECUTE) ?
938 SMB_ACL_EXECUTE : 0;
939
940 DEBUGADD(10, ("Converted to %d perm %x\n",
941 ace->a_type, ace->a_perm));
942 }
943
944 return result;
945 }
946
947 static SMB_ACL_T gpfsacl_get_posix_acl(struct files_struct *fsp,
948 gpfs_aclType_t type,
949 TALLOC_CTX *mem_ctx)
950 {
951 struct gpfs_acl *pacl;
952 SMB_ACL_T result = NULL;
953
954 pacl = vfs_gpfs_getacl(talloc_tos(), fsp, false, type);
955
956 if (pacl == NULL) {
957 DBG_DEBUG("vfs_gpfs_getacl failed for %s with %s\n",
958 fsp_str_dbg(fsp), strerror(errno));
959 if (errno == 0) {
960 errno = EINVAL;
961 }
962 goto done;
963 }
964
965 if (pacl->acl_version != GPFS_ACL_VERSION_POSIX) {
966 DEBUG(10, ("Got acl version %d, expected %d\n",
967 pacl->acl_version, GPFS_ACL_VERSION_POSIX));
968 errno = EINVAL;
969 goto done;
970 }
971
972 DEBUG(10, ("len: %d, level: %d, version: %d, nace: %d\n",
973 pacl->acl_len, pacl->acl_level, pacl->acl_version,
974 pacl->acl_nace));
975
976 result = gpfs2smb_acl(pacl, mem_ctx);
977 if (result != NULL) {
978 errno = 0;
979 }
980
981 done:
982
983 if (pacl != NULL) {
984 talloc_free(pacl);
985 }
986 if (errno != 0) {
987 TALLOC_FREE(result);
988 }
989 return result;
990 }
991
992 static SMB_ACL_T gpfsacl_sys_acl_get_fd(vfs_handle_struct *handle,
993 files_struct *fsp,
994 SMB_ACL_TYPE_T type,
995 TALLOC_CTX *mem_ctx)
996 {
997 gpfs_aclType_t gpfs_type;
998 struct gpfs_config_data *config;
999
1000 SMB_VFS_HANDLE_GET_DATA(handle, config,
1001 struct gpfs_config_data,
1002 return NULL);
1003
1004 if (!config->acl) {
1005 return SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp, type, mem_ctx);
1006 }
1007
1008 switch(type) {
1009 case SMB_ACL_TYPE_ACCESS:
1010 gpfs_type = GPFS_ACL_TYPE_ACCESS;
1011 break;
1012 case SMB_ACL_TYPE_DEFAULT:
1013 gpfs_type = GPFS_ACL_TYPE_DEFAULT;
1014 break;
1015 default:
1016 DEBUG(0, ("Got invalid type: %d\n", type));
1017 smb_panic("exiting");
1018 }
1019 return gpfsacl_get_posix_acl(fsp, gpfs_type, mem_ctx);
1020 }
1021
1022 static int gpfsacl_sys_acl_blob_get_fd(vfs_handle_struct *handle,
1023 files_struct *fsp,
1024 TALLOC_CTX *mem_ctx,
1025 char **blob_description,
1026 DATA_BLOB *blob)
1027 {
1028 struct gpfs_config_data *config;
1029 struct gpfs_opaque_acl *acl = NULL;
1030 DATA_BLOB aclblob;
1031 int result;
1032
1033 SMB_VFS_HANDLE_GET_DATA(handle, config,
1034 struct gpfs_config_data,
1035 return -1);
1036
1037 if (!config->acl) {
1038 return SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FD(handle, fsp, mem_ctx,
1039 blob_description, blob);
1040 }
1041
1042 errno = 0;
1043 acl = (struct gpfs_opaque_acl *) vfs_gpfs_getacl(mem_ctx,
1044 fsp,
1045 true,
1046 GPFS_ACL_TYPE_NFS4);
1047
1048 if (errno) {
1049 DEBUG(5, ("vfs_gpfs_getacl finished with errno %d: %s\n",
1050 errno, strerror(errno)));
1051
1052 /* EINVAL means POSIX ACL, bail out on other cases */
1053 if (errno != EINVAL) {
1054 return -1;
1055 }
1056 }
1057
1058 if (acl != NULL) {
1059 /*
1060 * file has NFSv4 ACL
1061 *
1062 * we only need the actual ACL blob here
1063 * acl_version will always be NFS4 because we asked
1064 * for NFS4
1065 * acl_type is only used for POSIX ACLs
1066 */
1067 aclblob.data = (uint8_t*) acl->acl_var_data;
1068 aclblob.length = acl->acl_buffer_len;
1069
1070 *blob_description = talloc_strdup(mem_ctx, "gpfs_nfs4_acl");
1071 if (!*blob_description) {
1072 talloc_free(acl);
1073 errno = ENOMEM;
1074 return -1;
1075 }
1076
1077 result = non_posix_sys_acl_blob_get_fd_helper(handle, fsp,
1078 aclblob, mem_ctx,
1079 blob);
1080
1081 talloc_free(acl);
1082 return result;
1083 }
1084
1085 /* fall back to POSIX ACL */
1086 return posix_sys_acl_blob_get_fd(handle, fsp, mem_ctx,
1087 blob_description, blob);
1088 }
1089
1090 static struct gpfs_acl *smb2gpfs_acl(const SMB_ACL_T pacl,
1091 SMB_ACL_TYPE_T type)
1092 {
1093 gpfs_aclLen_t len;
1094 struct gpfs_acl *result;
1095 int i;
1096
1097 DEBUG(10, ("smb2gpfs_acl: Got ACL with %d entries\n", pacl->count));
1098
1099 len = offsetof(gpfs_acl_t, ace_v1) + (pacl->count) *
1100 sizeof(gpfs_ace_v1_t);
1101
1102 result = (struct gpfs_acl *)SMB_MALLOC(len);
1103 if (result == NULL) {
1104 errno = ENOMEM;
1105 return result;
1106 }
1107
1108 result->acl_len = len;
1109 result->acl_level = 0;
1110 result->acl_version = GPFS_ACL_VERSION_POSIX;
1111 result->acl_type = (type == SMB_ACL_TYPE_DEFAULT) ?
1112 GPFS_ACL_TYPE_DEFAULT : GPFS_ACL_TYPE_ACCESS;
1113 result->acl_nace = pacl->count;
1114
1115 for (i=0; i<pacl->count; i++) {
1116 const struct smb_acl_entry *ace = &pacl->acl[i];
1117 struct gpfs_ace_v1 *g_ace = &result->ace_v1[i];
1118
1119 DEBUG(10, ("Converting type %d perm %x\n",
1120 (int)ace->a_type, (int)ace->a_perm));
1121
1122 g_ace->ace_perm = 0;
1123
1124 switch(ace->a_type) {
1125 case SMB_ACL_USER:
1126 g_ace->ace_type = GPFS_ACL_USER;
1127 g_ace->ace_who = (gpfs_uid_t)ace->info.user.uid;
1128 break;
1129 case SMB_ACL_USER_OBJ:
1130 g_ace->ace_type = GPFS_ACL_USER_OBJ;
1131 g_ace->ace_perm |= ACL_PERM_CONTROL;
1132 g_ace->ace_who = 0;
1133 break;
1134 case SMB_ACL_GROUP:
1135 g_ace->ace_type = GPFS_ACL_GROUP;
1136 g_ace->ace_who = (gpfs_uid_t)ace->info.group.gid;
1137 break;
1138 case SMB_ACL_GROUP_OBJ:
1139 g_ace->ace_type = GPFS_ACL_GROUP_OBJ;
1140 g_ace->ace_who = 0;
1141 break;
1142 case SMB_ACL_MASK:
1143 g_ace->ace_type = GPFS_ACL_MASK;
1144 g_ace->ace_perm = 0x8f;
1145 g_ace->ace_who = 0;
1146 break;
1147 case SMB_ACL_OTHER:
1148 g_ace->ace_type = GPFS_ACL_OTHER;
1149 g_ace->ace_who = 0;
1150 break;
1151 default:
1152 DEBUG(10, ("Got invalid ace_type: %d\n", ace->a_type));
1153 errno = EINVAL;
1154 SAFE_FREE(result);
1155 return NULL;
1156 }
1157
1158 g_ace->ace_perm |= (ace->a_perm & SMB_ACL_READ) ?
1159 ACL_PERM_READ : 0;
1160 g_ace->ace_perm |= (ace->a_perm & SMB_ACL_WRITE) ?
1161 ACL_PERM_WRITE : 0;
1162 g_ace->ace_perm |= (ace->a_perm & SMB_ACL_EXECUTE) ?
1163 ACL_PERM_EXECUTE : 0;
1164
1165 DEBUGADD(10, ("Converted to %d id %d perm %x\n",
1166 g_ace->ace_type, g_ace->ace_who, g_ace->ace_perm));
1167 }
1168
1169 return result;
1170 }
1171
1172 static int gpfsacl_sys_acl_set_fd(vfs_handle_struct *handle,
1173 files_struct *fsp,
1174 SMB_ACL_TYPE_T type,
1175 SMB_ACL_T theacl)
1176 {
1177 struct gpfs_config_data *config;
1178 struct gpfs_acl *gpfs_acl = NULL;
1179 int result;
1180
1181 SMB_VFS_HANDLE_GET_DATA(handle, config,
1182 struct gpfs_config_data,
1183 return -1);
1184
1185 if (!config->acl) {
1186 return SMB_VFS_NEXT_SYS_ACL_SET_FD(handle, fsp, type, theacl);
1187 }
1188
1189 gpfs_acl = smb2gpfs_acl(theacl, type);
1190 if (gpfs_acl == NULL) {
1191 return -1;
1192 }
1193
1194 /*
1195 * This is no longer a handle based call.
1196 */
1197 result = gpfswrap_putacl(fsp->fsp_name->base_name,
1198 GPFS_PUTACL_STRUCT|GPFS_ACL_SAMBA,
1199 gpfs_acl);
1200 SAFE_FREE(gpfs_acl);
1201 return result;
1202 }
1203
1204 static int gpfsacl_sys_acl_delete_def_fd(vfs_handle_struct *handle,
1205 files_struct *fsp)
1206 {
1207 struct gpfs_config_data *config;
1208
1209 SMB_VFS_HANDLE_GET_DATA(handle, config,
1210 struct gpfs_config_data,
1211 return -1);
1212
1213 if (!config->acl) {
1214 return SMB_VFS_NEXT_SYS_ACL_DELETE_DEF_FD(handle, fsp);
1215 }
1216
1217 errno = ENOTSUP;
1218 return -1;
1219 }
1220
1221
1222 /*
1223 * Assumed: mode bits are shiftable and standard
1224 * Output: the new aceMask field for an smb nfs4 ace
1225 */
1226 static uint32_t gpfsacl_mask_filter(uint32_t aceType, uint32_t aceMask, uint32_t rwx)
1227 {
1228 const uint32_t posix_nfs4map[3] = {
1229 SMB_ACE4_EXECUTE, /* execute */
1230 SMB_ACE4_WRITE_DATA | SMB_ACE4_APPEND_DATA, /* write; GPFS specific */
1231 SMB_ACE4_READ_DATA /* read */
1232 };
1233 int i;
1234 uint32_t posix_mask = 0x01;
1235 uint32_t posix_bit;
1236 uint32_t nfs4_bits;
1237
1238 for(i=0; i<3; i++) {
1239 nfs4_bits = posix_nfs4map[i];
1240 posix_bit = rwx & posix_mask;
1241
1242 if (aceType==SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE) {
1243 if (posix_bit)
1244 aceMask |= nfs4_bits;
1245 else
1246 aceMask &= ~nfs4_bits;
1247 } else {
1248 /* add deny bits when suitable */
1249 if (!posix_bit)
1250 aceMask |= nfs4_bits;
1251 else
1252 aceMask &= ~nfs4_bits;
1253 } /* other ace types are unexpected */
1254
1255 posix_mask <<= 1;
1256 }
1257
1258 return aceMask;
1259 }
1260
1261 static int gpfsacl_emu_chmod(vfs_handle_struct *handle,
1262 struct files_struct *fsp,
1263 mode_t mode)
1264 {
1265 struct smb_filename *fname = fsp->fsp_name;
1266 char *path = fsp->fsp_name->base_name;
1267 struct SMB4ACL_T *pacl = NULL;
1268 int result;
1269 bool haveAllowEntry[SMB_ACE4_WHO_EVERYONE + 1] = {False, False, False, False};
1270 int i;
1271 files_struct fake_fsp = { 0 }; /* TODO: rationalize parametrization */
1272 struct SMB4ACE_T *smbace;
1273 TALLOC_CTX *frame = talloc_stackframe();
1274
1275 DEBUG(10, ("gpfsacl_emu_chmod invoked for %s mode %o\n", path, mode));
1276
1277 result = gpfs_get_nfs4_acl(frame, fsp, &pacl);
1278 if (result) {
1279 TALLOC_FREE(frame);
1280 return result;
1281 }
1282
1283 if (mode & ~(S_IRWXU | S_IRWXG | S_IRWXO)) {
1284 DEBUG(2, ("WARNING: cutting extra mode bits %o on %s\n", mode, path));
1285 }
1286
1287 for (smbace=smb_first_ace4(pacl); smbace!=NULL; smbace = smb_next_ace4(smbace)) {
1288 SMB_ACE4PROP_T *ace = smb_get_ace4(smbace);
1289 uint32_t specid = ace->who.special_id;
1290
1291 if (ace->flags&SMB_ACE4_ID_SPECIAL &&
1292 ace->aceType<=SMB_ACE4_ACCESS_DENIED_ACE_TYPE &&
1293 specid <= SMB_ACE4_WHO_EVERYONE) {
1294
1295 uint32_t newMask;
1296
1297 if (ace->aceType==SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE)
1298 haveAllowEntry[specid] = True;
1299
1300 /* mode >> 6 for @owner, mode >> 3 for @group,
1301 * mode >> 0 for @everyone */
1302 newMask = gpfsacl_mask_filter(ace->aceType, ace->aceMask,
1303 mode >> ((SMB_ACE4_WHO_EVERYONE - specid) * 3));
1304 if (ace->aceMask!=newMask) {
1305 DEBUG(10, ("ace changed for %s (%o -> %o) id=%d\n",
1306 path, ace->aceMask, newMask, specid));
1307 }
1308 ace->aceMask = newMask;
1309 }
1310 }
1311
1312 /* make sure we have at least ALLOW entries
1313 * for all the 3 special ids (@EVERYONE, @OWNER, @GROUP)
1314 * - if necessary
1315 */
1316 for(i = SMB_ACE4_WHO_OWNER; i<=SMB_ACE4_WHO_EVERYONE; i++) {
1317 SMB_ACE4PROP_T ace = { 0 };
1318
1319 if (haveAllowEntry[i]==True)
1320 continue;
1321
1322 ace.aceType = SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE;
1323 ace.flags |= SMB_ACE4_ID_SPECIAL;
1324 ace.who.special_id = i;
1325
1326 if (i==SMB_ACE4_WHO_GROUP) /* not sure it's necessary... */
1327 ace.aceFlags |= SMB_ACE4_IDENTIFIER_GROUP;
1328
1329 ace.aceMask = gpfsacl_mask_filter(ace.aceType, ace.aceMask,
1330 mode >> ((SMB_ACE4_WHO_EVERYONE - i) * 3));
1331
1332 /* don't add unnecessary aces */
1333 if (!ace.aceMask)
1334 continue;
1335
1336 /* we add it to the END - as windows expects allow aces */
1337 smb_add_ace4(pacl, &ace);
1338 DEBUG(10, ("Added ALLOW ace for %s, mode=%o, id=%d, aceMask=%x\n",
1339 path, mode, i, ace.aceMask));
1340 }
1341
1342 /* don't add complementary DENY ACEs here */
1343 fake_fsp.fsp_name = synthetic_smb_fname(frame,
1344 path,
1345 NULL,
1346 NULL,
1347 fname->twrp,
1348 0);
1349 if (fake_fsp.fsp_name == NULL) {
1350 errno = ENOMEM;
1351 TALLOC_FREE(frame);
1352 return -1;
1353 }
1354 /* put the acl */
1355 if (gpfsacl_process_smbacl(handle, &fake_fsp, pacl) == False) {
1356 TALLOC_FREE(frame);
1357 return -1;
1358 }
1359
1360 TALLOC_FREE(frame);
1361 return 0; /* ok for [f]chmod */
1362 }
1363
1364 static int vfs_gpfs_fchmod(vfs_handle_struct *handle, files_struct *fsp, mode_t mode)
1365 {
1366 SMB_STRUCT_STAT st;
1367 int rc;
1368
1369 rc = SMB_VFS_NEXT_FSTAT(handle, fsp, &st);
1370 if (rc != 0) {
1371 return -1;
1372 }
1373
1374 /* avoid chmod() if possible, to preserve acls */
1375 if ((st.st_ex_mode & ~S_IFMT) == mode) {
1376 return 0;
1377 }
1378
1379 rc = gpfsacl_emu_chmod(handle, fsp, mode);
1380 if (rc == 1) {
1381 return SMB_VFS_NEXT_FCHMOD(handle, fsp, mode);
1382 }
1383 return rc;
1384 }
1385
1386 static uint32_t vfs_gpfs_winattrs_to_dosmode(unsigned int winattrs)
1387 {
1388 uint32_t dosmode = 0;
1389
1390 if (winattrs & GPFS_WINATTR_ARCHIVE){
1391 dosmode |= FILE_ATTRIBUTE_ARCHIVE;
1392 }
1393 if (winattrs & GPFS_WINATTR_HIDDEN){
1394 dosmode |= FILE_ATTRIBUTE_HIDDEN;
1395 }
1396 if (winattrs & GPFS_WINATTR_SYSTEM){
1397 dosmode |= FILE_ATTRIBUTE_SYSTEM;
1398 }
1399 if (winattrs & GPFS_WINATTR_READONLY){
1400 dosmode |= FILE_ATTRIBUTE_READONLY;
1401 }
1402 if (winattrs & GPFS_WINATTR_SPARSE_FILE) {
1403 dosmode |= FILE_ATTRIBUTE_SPARSE;
1404 }
1405 if (winattrs & GPFS_WINATTR_OFFLINE) {
1406 dosmode |= FILE_ATTRIBUTE_OFFLINE;
1407 }
1408
1409 return dosmode;
1410 }
1411
1412 static unsigned int vfs_gpfs_dosmode_to_winattrs(uint32_t dosmode)
1413 {
1414 unsigned int winattrs = 0;
1415
1416 if (dosmode & FILE_ATTRIBUTE_ARCHIVE){
1417 winattrs |= GPFS_WINATTR_ARCHIVE;
1418 }
1419 if (dosmode & FILE_ATTRIBUTE_HIDDEN){
1420 winattrs |= GPFS_WINATTR_HIDDEN;
1421 }
1422 if (dosmode & FILE_ATTRIBUTE_SYSTEM){
1423 winattrs |= GPFS_WINATTR_SYSTEM;
1424 }
1425 if (dosmode & FILE_ATTRIBUTE_READONLY){
1426 winattrs |= GPFS_WINATTR_READONLY;
1427 }
1428 if (dosmode & FILE_ATTRIBUTE_SPARSE) {
1429 winattrs |= GPFS_WINATTR_SPARSE_FILE;
1430 }
1431 if (dosmode & FILE_ATTRIBUTE_OFFLINE) {
1432 winattrs |= GPFS_WINATTR_OFFLINE;
1433 }
1434
1435 return winattrs;
1436 }
1437
1438 static struct timespec gpfs_timestruc64_to_timespec(struct gpfs_timestruc64 g)
1439 {
1440 return (struct timespec) { .tv_sec = g.tv_sec, .tv_nsec = g.tv_nsec };
1441 }
1442
1443 static NTSTATUS vfs_gpfs_fget_dos_attributes(struct vfs_handle_struct *handle,
1444 struct files_struct *fsp,
1445 uint32_t *dosmode)
1446 {
1447 struct gpfs_config_data *config;
1448 int fd = fsp_get_pathref_fd(fsp);
1449 struct sys_proc_fd_path_buf buf;
1450 const char *p = NULL;
1451 struct gpfs_iattr64 iattr = { };
1452 unsigned int litemask = 0;
1453 struct timespec ts;
1454 int ret;
1455
1456 SMB_VFS_HANDLE_GET_DATA(handle, config,
1457 struct gpfs_config_data,
1458 return NT_STATUS_INTERNAL_ERROR);
1459
1460 if (!config->winattr) {
1461 return SMB_VFS_NEXT_FGET_DOS_ATTRIBUTES(handle, fsp, dosmode);
1462 }
1463
1464 if (fsp->fsp_flags.is_pathref && !config->pathref_ok.gpfs_fstat_x) {
1465 if (fsp->fsp_flags.have_proc_fds) {
1466 p = sys_proc_fd_path(fd, &buf);
1467 } else {
1468 p = fsp->fsp_name->base_name;
1469 }
1470 }
1471
1472 if (p != NULL) {
1473 ret = gpfswrap_stat_x(p, &litemask, &iattr, sizeof(iattr));
1474 } else {
1475 ret = gpfswrap_fstat_x(fd, &litemask, &iattr, sizeof(iattr));
1476 }
1477 if (ret == -1 && errno == ENOSYS) {
1478 return SMB_VFS_NEXT_FGET_DOS_ATTRIBUTES(handle, fsp, dosmode);
1479 }
1480
1481 if (ret == -1 && errno == EACCES) {
1482 int saved_errno = 0;
1483
1484 /*
1485 * According to MS-FSA 2.1.5.1.2.1 "Algorithm to Check Access to
1486 * an Existing File" FILE_LIST_DIRECTORY on a directory implies
1487 * FILE_READ_ATTRIBUTES for directory entries. Being able to
1488 * open a file implies FILE_LIST_DIRECTORY.
1489 */
1490
1491 set_effective_capability(DAC_OVERRIDE_CAPABILITY);
1492
1493 if (p != NULL) {
1494 ret = gpfswrap_stat_x(p,
1495 &litemask,
1496 &iattr,
1497 sizeof(iattr));
1498 } else {
1499 ret = gpfswrap_fstat_x(fd,
1500 &litemask,
1501 &iattr,
1502 sizeof(iattr));
1503 }
1504 if (ret == -1) {
1505 saved_errno = errno;
1506 }
1507
1508 drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
1509
1510 if (saved_errno != 0) {
1511 errno = saved_errno;
1512 }
1513 }
1514
1515 if (ret == -1) {
1516 DBG_WARNING("Getting winattrs failed for %s: %s\n",
1517 fsp->fsp_name->base_name, strerror(errno));
1518 return map_nt_error_from_unix(errno);
1519 }
1520
1521 ts = gpfs_timestruc64_to_timespec(iattr.ia_createtime);
1522
1523 *dosmode |= vfs_gpfs_winattrs_to_dosmode(iattr.ia_winflags);
1524 update_stat_ex_create_time(&fsp->fsp_name->st, ts);
1525
1526 return NT_STATUS_OK;
1527 }
1528
1529 static NTSTATUS vfs_gpfs_fset_dos_attributes(struct vfs_handle_struct *handle,
1530 struct files_struct *fsp,
1531 uint32_t dosmode)
1532 {
1533 struct gpfs_config_data *config;
1534 struct gpfs_winattr attrs = { };
1535 int ret;
1536
1537 SMB_VFS_HANDLE_GET_DATA(handle, config,
1538 struct gpfs_config_data,
1539 return NT_STATUS_INTERNAL_ERROR);
1540
1541 if (!config->winattr) {
1542 return SMB_VFS_NEXT_FSET_DOS_ATTRIBUTES(handle, fsp, dosmode);
1543 }
1544
1545 attrs.winAttrs = vfs_gpfs_dosmode_to_winattrs(dosmode);
1546
1547 if (!fsp->fsp_flags.is_pathref) {
1548 ret = gpfswrap_set_winattrs(fsp_get_io_fd(fsp),
1549 GPFS_WINATTR_SET_ATTRS, &attrs);
1550 if (ret == -1) {
1551 DBG_WARNING("Setting winattrs failed for %s: %s\n",
1552 fsp_str_dbg(fsp), strerror(errno));
1553 return map_nt_error_from_unix(errno);
1554 }
1555 return NT_STATUS_OK;
1556 }
1557
1558 if (fsp->fsp_flags.have_proc_fds) {
1559 int fd = fsp_get_pathref_fd(fsp);
1560 struct sys_proc_fd_path_buf buf;
1561
1562 ret = gpfswrap_set_winattrs_path(sys_proc_fd_path(fd, &buf),
1563 GPFS_WINATTR_SET_ATTRS,
1564 &attrs);
1565 if (ret == -1) {
1566 DBG_WARNING("Setting winattrs failed for "
1567 "[%s][%s]: %s\n",
1568 buf.buf,
1569 fsp_str_dbg(fsp),
1570 strerror(errno));
1571 return map_nt_error_from_unix(errno);
1572 }
1573 return NT_STATUS_OK;
1574 }
1575
1576 /*
1577 * This is no longer a handle based call.
1578 */
1579 ret = gpfswrap_set_winattrs_path(fsp->fsp_name->base_name,
1580 GPFS_WINATTR_SET_ATTRS,
1581 &attrs);
1582 if (ret == -1) {
1583 DBG_WARNING("Setting winattrs failed for [%s]: %s\n",
1584 fsp_str_dbg(fsp), strerror(errno));
1585 return map_nt_error_from_unix(errno);
1586 }
1587
1588 return NT_STATUS_OK;
1589 }
1590
1591 static int timespec_to_gpfs_time(
1592 struct timespec ts, gpfs_timestruc_t *gt, int idx, int *flags)
1593 {
1594 if (is_omit_timespec(&ts)) {
1595 return 0;
1596 }
1597
1598 if (ts.tv_sec < 0 || ts.tv_sec > UINT32_MAX) {
1599 DBG_NOTICE("GPFS uses 32-bit unsigned timestamps "
1600 "and cannot handle %jd.\n",
1601 (intmax_t)ts.tv_sec);
1602 errno = ERANGE;
1603 return -1;
1604 }
1605
1606 *flags |= 1 << idx;
1607 gt[idx].tv_sec = ts.tv_sec;
1608 gt[idx].tv_nsec = ts.tv_nsec;
1609 DBG_DEBUG("Setting GPFS time %d, flags 0x%x\n", idx, *flags);
1610
1611 return 0;
1612 }
1613
1614 static int smbd_gpfs_set_times(struct files_struct *fsp,
1615 struct smb_file_time *ft)
1616 {
1617 gpfs_timestruc_t gpfs_times[4];
1618 int flags = 0;
1619 int rc;
1620
1621 ZERO_ARRAY(gpfs_times);
1622 rc = timespec_to_gpfs_time(ft->atime, gpfs_times, 0, &flags);
1623 if (rc != 0) {
1624 return rc;
1625 }
1626
1627 rc = timespec_to_gpfs_time(ft->mtime, gpfs_times, 1, &flags);
1628 if (rc != 0) {
1629 return rc;
1630 }
1631
1632 /* No good mapping from LastChangeTime to ctime, not storing */
1633 rc = timespec_to_gpfs_time(ft->create_time, gpfs_times, 3, &flags);
1634 if (rc != 0) {
1635 return rc;
1636 }
1637
1638 if (!flags) {
1639 DBG_DEBUG("nothing to do, return to avoid EINVAL\n");
1640 return 0;
1641 }
1642
1643 if (!fsp->fsp_flags.is_pathref) {
1644 rc = gpfswrap_set_times(fsp_get_io_fd(fsp), flags, gpfs_times);
1645 if (rc != 0) {
1646 DBG_WARNING("gpfs_set_times(%s) failed: %s\n",
1647 fsp_str_dbg(fsp), strerror(errno));
1648 }
1649 return rc;
1650 }
1651
1652
1653 if (fsp->fsp_flags.have_proc_fds) {
1654 int fd = fsp_get_pathref_fd(fsp);
1655 struct sys_proc_fd_path_buf buf;
1656
1657 rc = gpfswrap_set_times_path(sys_proc_fd_path(fd, &buf),
1658 flags,
1659 gpfs_times);
1660 if (rc != 0) {
1661 DBG_WARNING("gpfs_set_times_path(%s,%s) failed: %s\n",
1662 fsp_str_dbg(fsp),
1663 buf.buf,
1664 strerror(errno));
1665 }
1666 return rc;
1667 }
1668
1669 /*
1670 * This is no longer a handle based call.
1671 */
1672
1673 rc = gpfswrap_set_times_path(fsp->fsp_name->base_name,
1674 flags,
1675 gpfs_times);
1676 if (rc != 0) {
1677 DBG_WARNING("gpfs_set_times_path(%s) failed: %s\n",
1678 fsp_str_dbg(fsp), strerror(errno));
1679 }
1680 return rc;
1681 }
1682
1683 static int vfs_gpfs_fntimes(struct vfs_handle_struct *handle,
1684 files_struct *fsp,
1685 struct smb_file_time *ft)
1686 {
1687
1688 struct gpfs_winattr attrs;
1689 int ret;
1690 struct gpfs_config_data *config;
1691
1692 SMB_VFS_HANDLE_GET_DATA(handle,
1693 config,
1694 struct gpfs_config_data,
1695 return -1);
1696
1697 /* Try to use gpfs_set_times if it is enabled and available */
1698 if (config->settimes) {
1699 return smbd_gpfs_set_times(fsp, ft);
1700 }
1701
1702 DBG_DEBUG("gpfs_set_times() not available or disabled, "
1703 "use ntimes and winattr\n");
1704
1705 ret = SMB_VFS_NEXT_FNTIMES(handle, fsp, ft);
1706 if (ret == -1) {
1707 /* don't complain if access was denied */
1708 if (errno != EPERM && errno != EACCES) {
1709 DBG_WARNING("SMB_VFS_NEXT_FNTIMES failed: %s\n",
1710 strerror(errno));
1711 }
1712 return -1;
1713 }
1714
1715 if (is_omit_timespec(&ft->create_time)) {
1716 DBG_DEBUG("Create Time is NULL\n");
1717 return 0;
1718 }
1719
1720 if (!config->winattr) {
1721 return 0;
1722 }
1723
1724 attrs.winAttrs = 0;
1725 attrs.creationTime.tv_sec = ft->create_time.tv_sec;
1726 attrs.creationTime.tv_nsec = ft->create_time.tv_nsec;
1727
1728 if (!fsp->fsp_flags.is_pathref) {
1729 ret = gpfswrap_set_winattrs(fsp_get_io_fd(fsp),
1730 GPFS_WINATTR_SET_CREATION_TIME,
1731 &attrs);
1732 if (ret == -1 && errno != ENOSYS) {
1733 DBG_WARNING("Set GPFS ntimes failed %d\n", ret);
1734 return -1;
1735 }
1736 return ret;
1737 }
1738
1739 if (fsp->fsp_flags.have_proc_fds) {
1740 int fd = fsp_get_pathref_fd(fsp);
1741 struct sys_proc_fd_path_buf buf;
1742
1743 ret = gpfswrap_set_winattrs_path(
1744 sys_proc_fd_path(fd, &buf),
1745 GPFS_WINATTR_SET_CREATION_TIME,
1746 &attrs);
1747 if (ret == -1 && errno != ENOSYS) {
1748 DBG_WARNING("Set GPFS ntimes failed %d\n", ret);
1749 return -1;
1750 }
1751 return ret;
1752 }
1753
1754 /*
1755 * This is no longer a handle based call.
1756 */
1757 ret = gpfswrap_set_winattrs_path(fsp->fsp_name->base_name,
1758 GPFS_WINATTR_SET_CREATION_TIME,
1759 &attrs);
1760 if (ret == -1 && errno != ENOSYS) {
1761 DBG_WARNING("Set GPFS ntimes failed %d\n", ret);
1762 return -1;
1763 }
1764
1765 return 0;
1766 }
1767
1768 static int vfs_gpfs_fallocate(struct vfs_handle_struct *handle,
1769 struct files_struct *fsp, uint32_t mode,
1770 off_t offset, off_t len)
1771 {
1772 if (mode == (VFS_FALLOCATE_FL_PUNCH_HOLE|VFS_FALLOCATE_FL_KEEP_SIZE) &&
1773 !fsp->fsp_flags.is_sparse &&
1774 lp_strict_allocate(SNUM(fsp->conn))) {
1775 /*
1776 * This is from a ZERO_DATA request on a non-sparse
1777 * file. GPFS does not support FL_KEEP_SIZE and thus
1778 * cannot fill the whole again in the subsequent
1779 * fallocate(FL_KEEP_SIZE). Deny this FL_PUNCH_HOLE
1780 * call to not end up with a hole in a non-sparse
1781 * file.
1782 */
1783 errno = ENOTSUP;
1784 return -1;
1785 }
1786
1787 return SMB_VFS_NEXT_FALLOCATE(handle, fsp, mode, offset, len);
1788 }
1789
1790 static int vfs_gpfs_ftruncate(vfs_handle_struct *handle, files_struct *fsp,
1791 off_t len)
1792 {
1793 int result;
1794 struct gpfs_config_data *config;
1795
1796 SMB_VFS_HANDLE_GET_DATA(handle, config,
1797 struct gpfs_config_data,
1798 return -1);
1799
1800 if (!config->ftruncate) {
1801 return SMB_VFS_NEXT_FTRUNCATE(handle, fsp, len);
1802 }
1803
1804 result = gpfswrap_ftruncate(fsp_get_io_fd(fsp), len);
1805 if ((result == -1) && (errno == ENOSYS)) {
1806 return SMB_VFS_NEXT_FTRUNCATE(handle, fsp, len);
1807 }
1808 return result;
1809 }
1810
1811 static bool vfs_gpfs_is_offline(struct vfs_handle_struct *handle,
1812 struct files_struct *fsp,
1813 SMB_STRUCT_STAT *sbuf)
1814 {
1815 struct gpfs_winattr attrs;
1816 struct gpfs_config_data *config;
1817 int ret;
1818
1819 SMB_VFS_HANDLE_GET_DATA(handle, config,
1820 struct gpfs_config_data,
1821 return false);
1822
1823 if (!config->winattr) {
1824 return false;
1825 }
1826
1827 ret = gpfswrap_get_winattrs(fsp_get_pathref_fd(fsp), &attrs);
1828 if (ret == -1) {
1829 return false;
1830 }
1831
1832 if ((attrs.winAttrs & GPFS_WINATTR_OFFLINE) != 0) {
1833 DBG_DEBUG("%s is offline\n", fsp_str_dbg(fsp));
1834 return true;
1835 }
1836
1837 DBG_DEBUG("%s is online\n", fsp_str_dbg(fsp));
1838 return false;
1839 }
1840
1841 static bool vfs_gpfs_fsp_is_offline(struct vfs_handle_struct *handle,
1842 struct files_struct *fsp)
1843 {
1844 struct gpfs_fsp_extension *ext;
1845
1846 ext = VFS_FETCH_FSP_EXTENSION(handle, fsp);
1847 if (ext == NULL) {
1848 /*
1849 * Something bad happened, always ask.
1850 */
1851 return vfs_gpfs_is_offline(handle, fsp,
1852 &fsp->fsp_name->st);
1853 }
1854
1855 if (ext->offline) {
1856 /*
1857 * As long as it's offline, ask.
1858 */
1859 ext->offline = vfs_gpfs_is_offline(handle, fsp,
1860 &fsp->fsp_name->st);
1861 }
1862
1863 return ext->offline;
1864 }
1865
1866 static bool vfs_gpfs_aio_force(struct vfs_handle_struct *handle,
1867 struct files_struct *fsp)
1868 {
1869 return vfs_gpfs_fsp_is_offline(handle, fsp);
1870 }
1871
1872 static ssize_t vfs_gpfs_sendfile(vfs_handle_struct *handle, int tofd,
1873 files_struct *fsp, const DATA_BLOB *hdr,
1874 off_t offset, size_t n)
1875 {
1876 if (vfs_gpfs_fsp_is_offline(handle, fsp)) {
1877 errno = ENOSYS;
1878 return -1;
1879 }
1880 return SMB_VFS_NEXT_SENDFILE(handle, tofd, fsp, hdr, offset, n);
1881 }
1882
1883 #ifdef O_PATH
1884 static int vfs_gpfs_check_pathref_fstat_x(struct gpfs_config_data *config,
1885 struct connection_struct *conn)
1886 {
1887 struct gpfs_iattr64 iattr = {0};
1888 unsigned int litemask = 0;
1889 int saved_errno;
1890 int fd;
1891 int ret;
1892
1893 fd = open(conn->connectpath, O_PATH);
1894 if (fd == -1) {
1895 DBG_ERR("openat() of share with O_PATH failed: %s\n",
1896 strerror(errno));
1897 return -1;
1898 }
1899
1900 ret = gpfswrap_fstat_x(fd, &litemask, &iattr, sizeof(iattr));
1901 if (ret == 0) {
1902 close(fd);
1903 config->pathref_ok.gpfs_fstat_x = true;
1904 return 0;
1905 }
1906
1907 saved_errno = errno;
1908 ret = close(fd);
1909 if (ret != 0) {
1910 DBG_ERR("close failed: %s\n", strerror(errno));
1911 return -1;
1912 }
1913
1914 if (saved_errno != EBADF) {
1915 DBG_ERR("gpfswrap_fstat_x() of O_PATH handle failed: %s\n",
1916 strerror(saved_errno));
1917 return -1;
1918 }
1919
1920 return 0;
1921 }
1922 #endif
1923
1924 static int vfs_gpfs_check_pathref(struct gpfs_config_data *config,
1925 struct connection_struct *conn)
1926 {
1927 #ifndef O_PATH
1928 /*
1929 * This code path leaves all struct gpfs_config_data.pathref_ok members
1930 * initialized to false.
1931 */
1932 return 0;
1933 #else
1934 int ret;
1935
1936 ret = vfs_gpfs_check_pathref_fstat_x(config, conn);
1937 if (ret != 0) {
1938 return -1;
1939 }
1940
1941 return 0;
1942 #endif
1943 }
1944
1945 static int vfs_gpfs_connect(struct vfs_handle_struct *handle,
1946 const char *service, const char *user)
1947 {
1948 struct gpfs_config_data *config;
1949 int ret;
1950 bool check_fstype;
1951
1952 ret = SMB_VFS_NEXT_CONNECT(handle, service, user);
1953 if (ret < 0) {
1954 return ret;
1955 }
1956
1957 if (IS_IPC(handle->conn)) {
1958 return 0;
1959 }
1960
1961 ret = gpfswrap_init();
1962 if (ret < 0) {
1963 DBG_ERR("Could not load GPFS library.\n");
1964 return ret;
1965 }
1966
1967 ret = gpfswrap_lib_init(0);
1968 if (ret < 0) {
1969 DBG_ERR("Could not open GPFS device file: %s\n",
1970 strerror(errno));
1971 return ret;
1972 }
1973
1974 ret = gpfswrap_register_cifs_export();
1975 if (ret < 0) {
1976 DBG_ERR("Failed to register with GPFS: %s\n", strerror(errno));
1977 return ret;
1978 }
1979
1980 config = talloc_zero(handle->conn, struct gpfs_config_data);
1981 if (!config) {
1982 DEBUG(0, ("talloc_zero() failed\n"));
1983 errno = ENOMEM;
1984 return -1;
1985 }
1986
1987 check_fstype = lp_parm_bool(SNUM(handle->conn), "gpfs",
1988 "check_fstype", true);
1989
1990 if (check_fstype) {
1991 const char *connectpath = handle->conn->connectpath;
1992 struct statfs buf = { 0 };
1993
1994 ret = statfs(connectpath, &buf);
1995 if (ret != 0) {
1996 DBG_ERR("statfs failed for share %s at path %s: %s\n",
1997 service, connectpath, strerror(errno));
1998 TALLOC_FREE(config);
1999 return ret;
2000 }
2001
2002 if (buf.f_type != GPFS_SUPER_MAGIC) {
2003 DBG_ERR("SMB share %s, path %s not in GPFS file system."
2004 " statfs magic: 0x%jx\n",
2005 service,
2006 connectpath,
2007 (uintmax_t)buf.f_type);
2008 errno = EINVAL;
2009 TALLOC_FREE(config);
2010 return -1;
2011 }
2012 }
2013
2014 ret = smbacl4_get_vfs_params(handle->conn, &config->nfs4_params);
2015 if (ret < 0) {
2016 TALLOC_FREE(config);
2017 return ret;
2018 }
2019
2020 config->sharemodes = lp_parm_bool(SNUM(handle->conn), "gpfs",
2021 "sharemodes", true);
2022
2023 config->leases = lp_parm_bool(SNUM(handle->conn), "gpfs",
2024 "leases", true);
2025
2026 config->hsm = lp_parm_bool(SNUM(handle->conn), "gpfs",
2027 "hsm", false);
2028
2029 config->syncio = lp_parm_bool(SNUM(handle->conn), "gpfs",
2030 "syncio", false);
2031
2032 config->winattr = lp_parm_bool(SNUM(handle->conn), "gpfs",
2033 "winattr", false);
2034
2035 config->ftruncate = lp_parm_bool(SNUM(handle->conn), "gpfs",
2036 "ftruncate", true);
2037
2038 config->getrealfilename = lp_parm_bool(SNUM(handle->conn), "gpfs",
2039 "getrealfilename", true);
2040
2041 config->dfreequota = lp_parm_bool(SNUM(handle->conn), "gpfs",
2042 "dfreequota", false);
2043
2044 config->acl = lp_parm_bool(SNUM(handle->conn), "gpfs", "acl", true);
2045
2046 config->settimes = lp_parm_bool(SNUM(handle->conn), "gpfs",
2047 "settimes", true);
2048 config->recalls = lp_parm_bool(SNUM(handle->conn), "gpfs",
2049 "recalls", true);
2050
2051 ret = vfs_gpfs_check_pathref(config, handle->conn);
2052 if (ret != 0) {
2053 DBG_ERR("vfs_gpfs_check_pathref() on [%s] failed\n",
2054 handle->conn->connectpath);
2055 TALLOC_FREE(config);
2056 return -1;
2057 }
2058
2059 SMB_VFS_HANDLE_SET_DATA(handle, config,
2060 NULL, struct gpfs_config_data,
2061 return -1);
2062
2063 if (config->leases) {
2064 /*
2065 * GPFS lease code is based on kernel oplock code
2066 * so make sure it is turned on
2067 */
2068 if (!lp_kernel_oplocks(SNUM(handle->conn))) {
2069 DEBUG(5, ("Enabling kernel oplocks for "
2070 "gpfs:leases to work\n"));
2071 lp_do_parameter(SNUM(handle->conn), "kernel oplocks",
2072 "true");
2073 }
2074
2075 /*
2076 * as the kernel does not properly support Level II oplocks
2077 * and GPFS leases code is based on kernel infrastructure, we
2078 * need to turn off Level II oplocks if gpfs:leases is enabled
2079 */
2080 if (lp_level2_oplocks(SNUM(handle->conn))) {
2081 DEBUG(5, ("gpfs:leases are enabled, disabling "
2082 "Level II oplocks\n"));
2083 lp_do_parameter(SNUM(handle->conn), "level2 oplocks",
2084 "false");
2085 }
2086 }
2087
2088 /*
2089 * Unless we have an async implementation of get_dos_attributes turn
2090 * this off.
2091 */
2092 lp_do_parameter(SNUM(handle->conn), "smbd async dosmode", "false");
2093
2094 return 0;
2095 }
2096
2097 static int get_gpfs_quota(const char *pathname, int type, int id,
2098 struct gpfs_quotaInfo *qi)
2099 {
2100 int ret;
2101
2102 ret = gpfswrap_quotactl(pathname, GPFS_QCMD(Q_GETQUOTA, type), id, qi);
2103
2104 if (ret) {
2105 if (errno == GPFS_E_NO_QUOTA_INST) {
2106 DEBUG(10, ("Quotas disabled on GPFS filesystem.\n"));
2107 } else if (errno != ENOSYS) {
2108 DEBUG(0, ("Get quota failed, type %d, id, %d, "
2109 "errno %d.\n", type, id, errno));
2110 }
2111
2112 return ret;
2113 }
2114
2115 DEBUG(10, ("quota type %d, id %d, blk u:%lld h:%lld s:%lld gt:%u\n",
2116 type, id, qi->blockUsage, qi->blockHardLimit,
2117 qi->blockSoftLimit, qi->blockGraceTime));
2118
2119 return ret;
2120 }
2121
2122 static void vfs_gpfs_disk_free_quota(struct gpfs_quotaInfo qi, time_t cur_time,
2123 uint64_t *dfree, uint64_t *dsize)
2124 {
2125 uint64_t usage, limit;
2126
2127 /*
2128 * The quota reporting is done in units of 1024 byte blocks, but
2129 * sys_fsusage uses units of 512 byte blocks, adjust the block number
2130 * accordingly. Also filter possibly negative usage counts from gpfs.
2131 */
2132 usage = qi.blockUsage < 0 ? 0 : (uint64_t)qi.blockUsage * 2;
2133 limit = (uint64_t)qi.blockHardLimit * 2;
2134
2135 /*
2136 * When the grace time for the exceeded soft block quota has been
2137 * exceeded, the soft block quota becomes an additional hard limit.
2138 */
2139 if (qi.blockSoftLimit &&
2140 qi.blockGraceTime && cur_time > qi.blockGraceTime) {
2141 /* report disk as full */
2142 *dfree = 0;
2143 *dsize = MIN(*dsize, usage);
2144 }
2145
2146 if (!qi.blockHardLimit)
2147 return;
2148
2149 if (usage >= limit) {
2150 /* report disk as full */
2151 *dfree = 0;
2152 *dsize = MIN(*dsize, usage);
2153
2154 } else {
2155 /* limit has not been reached, determine "free space" */
2156 *dfree = MIN(*dfree, limit - usage);
2157 *dsize = MIN(*dsize, limit);
2158 }
2159 }
2160
2161 static uint64_t vfs_gpfs_disk_free(vfs_handle_struct *handle,
2162 const struct smb_filename *smb_fname,
2163 uint64_t *bsize,
2164 uint64_t *dfree,
2165 uint64_t *dsize)
2166 {
2167 struct security_unix_token *utok;
2168 struct gpfs_quotaInfo qi_user = { 0 }, qi_group = { 0 };
2169 struct gpfs_config_data *config;
2170 int err;
2171 time_t cur_time;
2172
2173 SMB_VFS_HANDLE_GET_DATA(handle, config, struct gpfs_config_data,
2174 return (uint64_t)-1);
2175 if (!config->dfreequota) {
2176 return SMB_VFS_NEXT_DISK_FREE(handle, smb_fname,
2177 bsize, dfree, dsize);
2178 }
2179
2180 err = sys_fsusage(smb_fname->base_name, dfree, dsize);
2181 if (err) {
2182 DEBUG (0, ("Could not get fs usage, errno %d\n", errno));
2183 return SMB_VFS_NEXT_DISK_FREE(handle, smb_fname,
2184 bsize, dfree, dsize);
2185 }
2186
2187 /* sys_fsusage returns units of 512 bytes */
2188 *bsize = 512;
2189
2190 DEBUG(10, ("fs dfree %llu, dsize %llu\n",
2191 (unsigned long long)*dfree, (unsigned long long)*dsize));
2192
2193 utok = handle->conn->session_info->unix_token;
2194
2195 err = get_gpfs_quota(smb_fname->base_name,
2196 GPFS_USRQUOTA, utok->uid, &qi_user);
2197 if (err) {
2198 return SMB_VFS_NEXT_DISK_FREE(handle, smb_fname,
2199 bsize, dfree, dsize);
2200 }
2201
2202 /*
2203 * If new files created under this folder get this folder's
2204 * GID, then available space is governed by the quota of the
2205 * folder's GID, not the primary group of the creating user.
2206 */
2207 if (VALID_STAT(smb_fname->st) &&
2208 S_ISDIR(smb_fname->st.st_ex_mode) &&
2209 smb_fname->st.st_ex_mode & S_ISGID) {
2210 become_root();
2211 err = get_gpfs_quota(smb_fname->base_name, GPFS_GRPQUOTA,
2212 smb_fname->st.st_ex_gid, &qi_group);
2213 unbecome_root();
2214
2215 } else {
2216 err = get_gpfs_quota(smb_fname->base_name, GPFS_GRPQUOTA,
2217 utok->gid, &qi_group);
2218 }
2219
2220 if (err) {
2221 return SMB_VFS_NEXT_DISK_FREE(handle, smb_fname,
2222 bsize, dfree, dsize);
2223 }
2224
2225 cur_time = time(NULL);
2226
2227 /* Adjust free space and size according to quota limits. */
2228 vfs_gpfs_disk_free_quota(qi_user, cur_time, dfree, dsize);
2229 vfs_gpfs_disk_free_quota(qi_group, cur_time, dfree, dsize);
2230
2231 return *dfree / 2;
2232 }
2233
2234 static int vfs_gpfs_get_quota(vfs_handle_struct *handle,
2235 const struct smb_filename *smb_fname,
2236 enum SMB_QUOTA_TYPE qtype,
2237 unid_t id,
2238 SMB_DISK_QUOTA *dq)
2239 {
2240 switch(qtype) {
2241 /*
2242 * User/group quota are being used for disk-free
2243 * determination, which in this module is done directly
2244 * by the disk-free function. It's important that this
2245 * module does not return wrong quota values by mistake,
2246 * which would modify the correct values set by disk-free.
2247 * User/group quota are also being used for processing
2248 * NT_TRANSACT_GET_USER_QUOTA in smb1 protocol, which is
2249 * currently not supported by this module.
2250 */
2251 case SMB_USER_QUOTA_TYPE:
2252 case SMB_GROUP_QUOTA_TYPE:
2253 errno = ENOSYS;
2254 return -1;
2255 default:
2256 return SMB_VFS_NEXT_GET_QUOTA(handle, smb_fname,
2257 qtype, id, dq);
2258 }
2259 }
2260
2261 static uint32_t vfs_gpfs_capabilities(struct vfs_handle_struct *handle,
2262 enum timestamp_set_resolution *p_ts_res)
2263 {
2264 struct gpfs_config_data *config;
2265 uint32_t next;
2266
2267 next = SMB_VFS_NEXT_FS_CAPABILITIES(handle, p_ts_res);
2268
2269 SMB_VFS_HANDLE_GET_DATA(handle, config,
2270 struct gpfs_config_data,
2271 return next);
2272
2273 if (config->hsm) {
2274 next |= FILE_SUPPORTS_REMOTE_STORAGE;
2275 }
2276 return next;
2277 }
2278
2279 static int vfs_gpfs_openat(struct vfs_handle_struct *handle,
2280 const struct files_struct *dirfsp,
2281 const struct smb_filename *smb_fname,
2282 files_struct *fsp,
2283 const struct vfs_open_how *_how)
2284 {
2285 struct vfs_open_how how = *_how;
2286 struct gpfs_config_data *config = NULL;
2287 struct gpfs_fsp_extension *ext = NULL;
2288 int ret;
2289
2290 SMB_VFS_HANDLE_GET_DATA(handle, config,
2291 struct gpfs_config_data,
2292 return -1);
2293
2294 if (config->hsm && !config->recalls &&
2295 !fsp->fsp_flags.is_pathref &&
2296 vfs_gpfs_fsp_is_offline(handle, fsp))
2297 {
2298 DBG_DEBUG("Refusing access to offline file %s\n",
2299 fsp_str_dbg(fsp));
2300 errno = EACCES;
2301 return -1;
2302 }
2303
2304 if (config->syncio) {
2305 how.flags |= O_SYNC;
2306 }
2307
2308 ext = VFS_ADD_FSP_EXTENSION(handle, fsp, struct gpfs_fsp_extension,
2309 NULL);
2310 if (ext == NULL) {
2311 errno = ENOMEM;
2312 return -1;
2313 }
2314
2315 /*
2316 * Assume the file is offline until gpfs tells us it's online.
2317 */
2318 *ext = (struct gpfs_fsp_extension) { .offline = true };
2319
2320 ret = SMB_VFS_NEXT_OPENAT(handle, dirfsp, smb_fname, fsp, &how);
2321 if (ret == -1) {
2322 VFS_REMOVE_FSP_EXTENSION(handle, fsp);
2323 }
2324 return ret;
2325 }
2326
2327 static ssize_t vfs_gpfs_pread(vfs_handle_struct *handle, files_struct *fsp,
2328 void *data, size_t n, off_t offset)
2329 {
2330 ssize_t ret;
2331 bool was_offline;
2332
2333 was_offline = vfs_gpfs_fsp_is_offline(handle, fsp);
2334
2335 ret = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset);
2336
2337 if ((ret != -1) && was_offline) {
2338 notify_fname(handle->conn, NOTIFY_ACTION_MODIFIED,
2339 FILE_NOTIFY_CHANGE_ATTRIBUTES,
2340 fsp->fsp_name->base_name);
2341 }
2342
2343 return ret;
2344 }
2345
2346 struct vfs_gpfs_pread_state {
2347 struct files_struct *fsp;
2348 ssize_t ret;
2349 bool was_offline;
2350 struct vfs_aio_state vfs_aio_state;
2351 };
2352
2353 static void vfs_gpfs_pread_done(struct tevent_req *subreq);
2354
2355 static struct tevent_req *vfs_gpfs_pread_send(struct vfs_handle_struct *handle,
2356 TALLOC_CTX *mem_ctx,
2357 struct tevent_context *ev,
2358 struct files_struct *fsp,
2359 void *data, size_t n,
2360 off_t offset)
2361 {
2362 struct tevent_req *req, *subreq;
2363 struct vfs_gpfs_pread_state *state;
2364
2365 req = tevent_req_create(mem_ctx, &state, struct vfs_gpfs_pread_state);
2366 if (req == NULL) {
2367 return NULL;
2368 }
2369 state->was_offline = vfs_gpfs_fsp_is_offline(handle, fsp);
2370 state->fsp = fsp;
2371 subreq = SMB_VFS_NEXT_PREAD_SEND(state, ev, handle, fsp, data,
2372 n, offset);
2373 if (tevent_req_nomem(subreq, req)) {
2374 return tevent_req_post(req, ev);
2375 }
2376 tevent_req_set_callback(subreq, vfs_gpfs_pread_done, req);
2377 return req;
2378 }
2379
2380 static void vfs_gpfs_pread_done(struct tevent_req *subreq)
2381 {
2382 struct tevent_req *req = tevent_req_callback_data(
2383 subreq, struct tevent_req);
2384 struct vfs_gpfs_pread_state *state = tevent_req_data(
2385 req, struct vfs_gpfs_pread_state);
2386
2387 state->ret = SMB_VFS_PREAD_RECV(subreq, &state->vfs_aio_state);
2388 TALLOC_FREE(subreq);
2389 tevent_req_done(req);
2390 }
2391
2392 static ssize_t vfs_gpfs_pread_recv(struct tevent_req *req,
2393 struct vfs_aio_state *vfs_aio_state)
2394 {
2395 struct vfs_gpfs_pread_state *state = tevent_req_data(
2396 req, struct vfs_gpfs_pread_state);
2397 struct files_struct *fsp = state->fsp;
2398
2399 if (tevent_req_is_unix_error(req, &vfs_aio_state->error)) {
2400 return -1;
2401 }
2402 *vfs_aio_state = state->vfs_aio_state;
2403
2404 if ((state->ret != -1) && state->was_offline) {
2405 DEBUG(10, ("sending notify\n"));
2406 notify_fname(fsp->conn, NOTIFY_ACTION_MODIFIED,
2407 FILE_NOTIFY_CHANGE_ATTRIBUTES,
2408 fsp->fsp_name->base_name);
2409 }
2410
2411 return state->ret;
2412 }
2413
2414 static ssize_t vfs_gpfs_pwrite(vfs_handle_struct *handle, files_struct *fsp,
2415 const void *data, size_t n, off_t offset)
2416 {
2417 ssize_t ret;
2418 bool was_offline;
2419
2420 was_offline = vfs_gpfs_fsp_is_offline(handle, fsp);
2421
2422 ret = SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset);
2423
2424 if ((ret != -1) && was_offline) {
2425 notify_fname(handle->conn, NOTIFY_ACTION_MODIFIED,
2426 FILE_NOTIFY_CHANGE_ATTRIBUTES,
2427 fsp->fsp_name->base_name);
2428 }
2429
2430 return ret;
2431 }
2432
2433 struct vfs_gpfs_pwrite_state {
2434 struct files_struct *fsp;
2435 ssize_t ret;
2436 bool was_offline;
2437 struct vfs_aio_state vfs_aio_state;
2438 };
2439
2440 static void vfs_gpfs_pwrite_done(struct tevent_req *subreq);
2441
2442 static struct tevent_req *vfs_gpfs_pwrite_send(
2443 struct vfs_handle_struct *handle,
2444 TALLOC_CTX *mem_ctx,
2445 struct tevent_context *ev,
2446 struct files_struct *fsp,
2447 const void *data, size_t n,
2448 off_t offset)
2449 {
2450 struct tevent_req *req, *subreq;
2451 struct vfs_gpfs_pwrite_state *state;
2452
2453 req = tevent_req_create(mem_ctx, &state, struct vfs_gpfs_pwrite_state);
2454 if (req == NULL) {
2455 return NULL;
2456 }
2457 state->was_offline = vfs_gpfs_fsp_is_offline(handle, fsp);
2458 state->fsp = fsp;
2459 subreq = SMB_VFS_NEXT_PWRITE_SEND(state, ev, handle, fsp, data,
2460 n, offset);
2461 if (tevent_req_nomem(subreq, req)) {
2462 return tevent_req_post(req, ev);
2463 }
2464 tevent_req_set_callback(subreq, vfs_gpfs_pwrite_done, req);
2465 return req;
2466 }
2467
2468 static void vfs_gpfs_pwrite_done(struct tevent_req *subreq)
2469 {
2470 struct tevent_req *req = tevent_req_callback_data(
2471 subreq, struct tevent_req);
2472 struct vfs_gpfs_pwrite_state *state = tevent_req_data(
2473 req, struct vfs_gpfs_pwrite_state);
2474
2475 state->ret = SMB_VFS_PWRITE_RECV(subreq, &state->vfs_aio_state);
2476 TALLOC_FREE(subreq);
2477 tevent_req_done(req);
2478 }
2479
2480 static ssize_t vfs_gpfs_pwrite_recv(struct tevent_req *req,
2481 struct vfs_aio_state *vfs_aio_state)
2482 {
2483 struct vfs_gpfs_pwrite_state *state = tevent_req_data(
2484 req, struct vfs_gpfs_pwrite_state);
2485 struct files_struct *fsp = state->fsp;
2486
2487 if (tevent_req_is_unix_error(req, &vfs_aio_state->error)) {
2488 return -1;
2489 }
2490 *vfs_aio_state = state->vfs_aio_state;
2491
2492 if ((state->ret != -1) && state->was_offline) {
2493 DEBUG(10, ("sending notify\n"));
2494 notify_fname(fsp->conn, NOTIFY_ACTION_MODIFIED,
2495 FILE_NOTIFY_CHANGE_ATTRIBUTES,
2496 fsp->fsp_name->base_name);
2497 }
2498
2499 return state->ret;
2500 }
2501
2502
2503 static struct vfs_fn_pointers vfs_gpfs_fns = {
2504 .connect_fn = vfs_gpfs_connect,
2505 .disk_free_fn = vfs_gpfs_disk_free,
2506 .get_quota_fn = vfs_gpfs_get_quota,
2507 .fs_capabilities_fn = vfs_gpfs_capabilities,
2508 .filesystem_sharemode_fn = vfs_gpfs_filesystem_sharemode,
2509 .linux_setlease_fn = vfs_gpfs_setlease,
2510 .get_real_filename_at_fn = vfs_gpfs_get_real_filename_at,
2511 .get_dos_attributes_send_fn = vfs_not_implemented_get_dos_attributes_send,
2512 .get_dos_attributes_recv_fn = vfs_not_implemented_get_dos_attributes_recv,
2513 .fget_dos_attributes_fn = vfs_gpfs_fget_dos_attributes,
2514 .fset_dos_attributes_fn = vfs_gpfs_fset_dos_attributes,
2515 .fget_nt_acl_fn = gpfsacl_fget_nt_acl,
2516 .fset_nt_acl_fn = gpfsacl_fset_nt_acl,
2517 .sys_acl_get_fd_fn = gpfsacl_sys_acl_get_fd,
2518 .sys_acl_blob_get_fd_fn = gpfsacl_sys_acl_blob_get_fd,
2519 .sys_acl_set_fd_fn = gpfsacl_sys_acl_set_fd,
2520 .sys_acl_delete_def_fd_fn = gpfsacl_sys_acl_delete_def_fd,
2521 .fchmod_fn = vfs_gpfs_fchmod,
2522 .close_fn = vfs_gpfs_close,
2523 .stat_fn = nfs4_acl_stat,
2524 .fstat_fn = nfs4_acl_fstat,
2525 .lstat_fn = nfs4_acl_lstat,
2526 .fstatat_fn = nfs4_acl_fstatat,
2527 .fntimes_fn = vfs_gpfs_fntimes,
2528 .aio_force_fn = vfs_gpfs_aio_force,
2529 .sendfile_fn = vfs_gpfs_sendfile,
2530 .fallocate_fn = vfs_gpfs_fallocate,
2531 .openat_fn = vfs_gpfs_openat,
2532 .pread_fn = vfs_gpfs_pread,
2533 .pread_send_fn = vfs_gpfs_pread_send,
2534 .pread_recv_fn = vfs_gpfs_pread_recv,
2535 .pwrite_fn = vfs_gpfs_pwrite,
2536 .pwrite_send_fn = vfs_gpfs_pwrite_send,
2537 .pwrite_recv_fn = vfs_gpfs_pwrite_recv,
2538 .ftruncate_fn = vfs_gpfs_ftruncate
2539 };
2540
2541 static_decl_vfs;
2542 NTSTATUS vfs_gpfs_init(TALLOC_CTX *ctx)
2543 {
2544 return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "gpfs",
2545 &vfs_gpfs_fns);
2546 }
Samba GIT mirror