search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
vfs_acl_common: check for ignore_system_acls before fetching filesystem ACL
[Samba.git] / source3 / modules / vfs_gpfs.c
blob2216d1d15db0332bdabd7dffde77f895e4f9e306
1 /*
2 * Unix SMB/CIFS implementation.
3 * Samba VFS module for GPFS filesystem
4 * Copyright (C) Christian Ambach <cambach1@de.ibm.com> 2006
5 * Copyright (C) Christof Schmitt 2015
6 * Major code contributions by Chetan Shringarpure <chetan.sh@in.ibm.com>
7 * and Gomati Mohanan <gomati.mohanan@in.ibm.com>
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, see <http://www.gnu.org/licenses/>.
21 */
22
23 #include "includes.h"
24 #include "smbd/smbd.h"
25 #include "librpc/gen_ndr/ndr_xattr.h"
26 #include "include/smbprofile.h"
27 #include "modules/non_posix_acls.h"
28 #include "libcli/security/security.h"
29 #include "nfs4_acls.h"
30 #include "system/filesys.h"
31 #include "auth.h"
32 #include "lib/util/tevent_unix.h"
33 #include "lib/util/gpfswrap.h"
34
35 #undef DBGC_CLASS
36 #define DBGC_CLASS DBGC_VFS
37
38 #ifndef GPFS_GETACL_NATIVE
39 #define GPFS_GETACL_NATIVE 0x00000004
40 #endif
41
42 struct gpfs_config_data {
43 bool sharemodes;
44 bool leases;
45 bool hsm;
46 bool syncio;
47 bool winattr;
48 bool ftruncate;
49 bool getrealfilename;
50 bool dfreequota;
51 bool prealloc;
52 bool acl;
53 bool settimes;
54 bool recalls;
55 };
56
57 struct gpfs_fsp_extension {
58 bool offline;
59 };
60
61 static inline unsigned int gpfs_acl_flags(gpfs_acl_t *gacl)
62 {
63 if (gacl->acl_level == GPFS_ACL_LEVEL_V4FLAGS) {
64 return gacl->v4Level1.acl_flags;
65 }
66 return 0;
67 }
68
69 static inline gpfs_ace_v4_t *gpfs_ace_ptr(gpfs_acl_t *gacl, unsigned int i)
70 {
71 if (gacl->acl_level == GPFS_ACL_LEVEL_V4FLAGS) {
72 return &gacl->v4Level1.ace_v4[i];
73 }
74 return &gacl->ace_v4[i];
75 }
76
77 static bool set_gpfs_sharemode(files_struct *fsp, uint32_t access_mask,
78 uint32_t share_access)
79 {
80 unsigned int allow = GPFS_SHARE_NONE;
81 unsigned int deny = GPFS_DENY_NONE;
82 int result;
83
84 if ((fsp == NULL) || (fsp->fh == NULL) || (fsp->fh->fd < 0)) {
85 /* No real file, don't disturb */
86 return True;
87 }
88
89 allow |= (access_mask & (FILE_WRITE_DATA|FILE_APPEND_DATA|
90 DELETE_ACCESS)) ? GPFS_SHARE_WRITE : 0;
91 allow |= (access_mask & (FILE_READ_DATA|FILE_EXECUTE)) ?
92 GPFS_SHARE_READ : 0;
93
94 if (allow == GPFS_SHARE_NONE) {
95 DEBUG(10, ("special case am=no_access:%x\n",access_mask));
96 }
97 else {
98 deny |= (share_access & FILE_SHARE_WRITE) ?
99 0 : GPFS_DENY_WRITE;
100 deny |= (share_access & (FILE_SHARE_READ)) ?
101 0 : GPFS_DENY_READ;
102 }
103 DEBUG(10, ("am=%x, allow=%d, sa=%x, deny=%d\n",
104 access_mask, allow, share_access, deny));
105
106 result = gpfswrap_set_share(fsp->fh->fd, allow, deny);
107 if (result != 0) {
108 if (errno == ENOSYS) {
109 DEBUG(5, ("VFS module vfs_gpfs loaded, but gpfs "
110 "set_share function support not available. "
111 "Allowing access\n"));
112 return True;
113 } else {
114 DEBUG(10, ("gpfs_set_share failed: %s\n",
115 strerror(errno)));
116 }
117 }
118
119 return (result == 0);
120 }
121
122 static int vfs_gpfs_kernel_flock(vfs_handle_struct *handle, files_struct *fsp,
123 uint32_t share_mode, uint32_t access_mask)
124 {
125
126 struct gpfs_config_data *config;
127 int ret = 0;
128
129 START_PROFILE(syscall_kernel_flock);
130
131 SMB_VFS_HANDLE_GET_DATA(handle, config,
132 struct gpfs_config_data,
133 return -1);
134
135 if(!config->sharemodes) {
136 return 0;
137 }
138
139 /*
140 * A named stream fsp will have the basefile open in the fsp
141 * fd, so lacking a distinct fd for the stream we have to skip
142 * kernel_flock and set_gpfs_sharemode for stream.
143 */
144 if (is_ntfs_stream_smb_fname(fsp->fsp_name) &&
145 !is_ntfs_default_stream_smb_fname(fsp->fsp_name)) {
146 DEBUG(2,("%s: kernel_flock on stream\n", fsp_str_dbg(fsp)));
147 return 0;
148 }
149
150 kernel_flock(fsp->fh->fd, share_mode, access_mask);
151
152 if (!set_gpfs_sharemode(fsp, access_mask, fsp->share_access)) {
153 ret = -1;
154 }
155
156 END_PROFILE(syscall_kernel_flock);
157
158 return ret;
159 }
160
161 static int vfs_gpfs_close(vfs_handle_struct *handle, files_struct *fsp)
162 {
163
164 struct gpfs_config_data *config;
165
166 SMB_VFS_HANDLE_GET_DATA(handle, config,
167 struct gpfs_config_data,
168 return -1);
169
170 if (config->sharemodes && (fsp->fh != NULL) && (fsp->fh->fd != -1)) {
171 set_gpfs_sharemode(fsp, 0, 0);
172 }
173
174 return SMB_VFS_NEXT_CLOSE(handle, fsp);
175 }
176
177 static int set_gpfs_lease(int fd, int leasetype)
178 {
179 int gpfs_type = GPFS_LEASE_NONE;
180
181 if (leasetype == F_RDLCK) {
182 gpfs_type = GPFS_LEASE_READ;
183 }
184 if (leasetype == F_WRLCK) {
185 gpfs_type = GPFS_LEASE_WRITE;
186 }
187
188 /* we unconditionally set CAP_LEASE, rather than looking for
189 -1/EACCES as there is a bug in some versions of
190 libgpfs_gpl.so which results in a leaked fd on /dev/ss0
191 each time we try this with the wrong capabilities set
192 */
193 linux_set_lease_capability();
194 return gpfswrap_set_lease(fd, gpfs_type);
195 }
196
197 static int vfs_gpfs_setlease(vfs_handle_struct *handle, files_struct *fsp,
198 int leasetype)
199 {
200 struct gpfs_config_data *config;
201 int ret=0;
202
203 START_PROFILE(syscall_linux_setlease);
204
205 SMB_VFS_HANDLE_GET_DATA(handle, config,
206 struct gpfs_config_data,
207 return -1);
208
209 if (linux_set_lease_sighandler(fsp->fh->fd) == -1) {
210 ret = -1;
211 goto failure;
212 }
213
214 if (config->leases) {
215 /*
216 * Ensure the lease owner is root to allow
217 * correct delivery of lease-break signals.
218 */
219 become_root();
220 ret = set_gpfs_lease(fsp->fh->fd,leasetype);
221 unbecome_root();
222 }
223
224 failure:
225 END_PROFILE(syscall_linux_setlease);
226
227 return ret;
228 }
229
230 static int vfs_gpfs_get_real_filename(struct vfs_handle_struct *handle,
231 const char *path,
232 const char *name,
233 TALLOC_CTX *mem_ctx,
234 char **found_name)
235 {
236 int result;
237 char *full_path;
238 char real_pathname[PATH_MAX+1];
239 int buflen;
240 bool mangled;
241 struct gpfs_config_data *config;
242
243 SMB_VFS_HANDLE_GET_DATA(handle, config,
244 struct gpfs_config_data,
245 return -1);
246
247 if (!config->getrealfilename) {
248 return SMB_VFS_NEXT_GET_REAL_FILENAME(handle, path, name,
249 mem_ctx, found_name);
250 }
251
252 mangled = mangle_is_mangled(name, handle->conn->params);
253 if (mangled) {
254 return SMB_VFS_NEXT_GET_REAL_FILENAME(handle, path, name,
255 mem_ctx, found_name);
256 }
257
258 full_path = talloc_asprintf(talloc_tos(), "%s/%s", path, name);
259 if (full_path == NULL) {
260 errno = ENOMEM;
261 return -1;
262 }
263
264 buflen = sizeof(real_pathname) - 1;
265
266 result = gpfswrap_get_realfilename_path(full_path, real_pathname,
267 &buflen);
268
269 TALLOC_FREE(full_path);
270
271 if ((result == -1) && (errno == ENOSYS)) {
272 return SMB_VFS_NEXT_GET_REAL_FILENAME(
273 handle, path, name, mem_ctx, found_name);
274 }
275
276 if (result == -1) {
277 DEBUG(10, ("smbd_gpfs_get_realfilename_path returned %s\n",
278 strerror(errno)));
279 return -1;
280 }
281
282 /*
283 * GPFS does not necessarily null-terminate the returned path
284 * but instead returns the buffer length in buflen.
285 */
286
287 if (buflen < sizeof(real_pathname)) {
288 real_pathname[buflen] = '\0';
289 } else {
290 real_pathname[sizeof(real_pathname)-1] = '\0';
291 }
292
293 DEBUG(10, ("smbd_gpfs_get_realfilename_path: %s/%s -> %s\n",
294 path, name, real_pathname));
295
296 name = strrchr_m(real_pathname, '/');
297 if (name == NULL) {
298 errno = ENOENT;
299 return -1;
300 }
301
302 *found_name = talloc_strdup(mem_ctx, name+1);
303 if (*found_name == NULL) {
304 errno = ENOMEM;
305 return -1;
306 }
307
308 return 0;
309 }
310
311 static void sd2gpfs_control(uint16_t control, struct gpfs_acl *gacl)
312 {
313 unsigned int gpfs_aclflags = 0;
314 control &= SEC_DESC_DACL_PROTECTED | SEC_DESC_SACL_PROTECTED |
315 SEC_DESC_DACL_AUTO_INHERITED | SEC_DESC_SACL_AUTO_INHERITED |
316 SEC_DESC_DACL_DEFAULTED | SEC_DESC_SACL_DEFAULTED |
317 SEC_DESC_DACL_PRESENT | SEC_DESC_SACL_PRESENT;
318 gpfs_aclflags = control << 8;
319 if (!(control & SEC_DESC_DACL_PRESENT))
320 gpfs_aclflags |= ACL4_FLAG_NULL_DACL;
321 if (!(control & SEC_DESC_SACL_PRESENT))
322 gpfs_aclflags |= ACL4_FLAG_NULL_SACL;
323 gacl->acl_level = GPFS_ACL_LEVEL_V4FLAGS;
324 gacl->v4Level1.acl_flags = gpfs_aclflags;
325 }
326
327 static uint16_t gpfs2sd_control(unsigned int gpfs_aclflags)
328 {
329 uint16_t control = gpfs_aclflags >> 8;
330 control &= SEC_DESC_DACL_PROTECTED | SEC_DESC_SACL_PROTECTED |
331 SEC_DESC_DACL_AUTO_INHERITED | SEC_DESC_SACL_AUTO_INHERITED |
332 SEC_DESC_DACL_DEFAULTED | SEC_DESC_SACL_DEFAULTED |
333 SEC_DESC_DACL_PRESENT | SEC_DESC_SACL_PRESENT;
334 control |= SEC_DESC_SELF_RELATIVE;
335 return control;
336 }
337
338 static void gpfs_dumpacl(int level, struct gpfs_acl *gacl)
339 {
340 gpfs_aclCount_t i;
341 if (gacl==NULL)
342 {
343 DEBUG(0, ("gpfs acl is NULL\n"));
344 return;
345 }
346
347 DEBUG(level, ("len: %d, level: %d, version: %d, nace: %d, "
348 "control: %x\n",
349 gacl->acl_len, gacl->acl_level, gacl->acl_version,
350 gacl->acl_nace, gpfs_acl_flags(gacl)));
351
352 for(i=0; i<gacl->acl_nace; i++)
353 {
354 struct gpfs_ace_v4 *gace = gpfs_ace_ptr(gacl, i);
355 DEBUG(level, ("\tace[%d]: type:%d, flags:0x%x, mask:0x%x, "
356 "iflags:0x%x, who:%u\n",
357 i, gace->aceType, gace->aceFlags, gace->aceMask,
358 gace->aceIFlags, gace->aceWho));
359 }
360 }
361
362 /*
363 * get the ACL from GPFS, allocated on the specified mem_ctx
364 * internally retries when initial buffer was too small
365 *
366 * caller needs to cast result to either
367 * raw = yes: struct gpfs_opaque_acl
368 * raw = no: struct gpfs_acl
369 *
370 */
371 static void *vfs_gpfs_getacl(TALLOC_CTX *mem_ctx,
372 const char *fname,
373 const bool raw,
374 const gpfs_aclType_t type)
375 {
376
377 void *aclbuf;
378 size_t size = 512;
379 int ret, flags;
380 unsigned int *len;
381 size_t struct_size;
382
383 again:
384
385 aclbuf = talloc_zero_size(mem_ctx, size);
386 if (aclbuf == NULL) {
387 errno = ENOMEM;
388 return NULL;
389 }
390
391 if (raw) {
392 struct gpfs_opaque_acl *buf = (struct gpfs_opaque_acl *) aclbuf;
393 buf->acl_type = type;
394 flags = GPFS_GETACL_NATIVE;
395 len = (unsigned int *) &(buf->acl_buffer_len);
396 struct_size = sizeof(struct gpfs_opaque_acl);
397 } else {
398 struct gpfs_acl *buf = (struct gpfs_acl *) aclbuf;
399 buf->acl_type = type;
400 buf->acl_level = GPFS_ACL_LEVEL_V4FLAGS;
401 flags = GPFS_GETACL_STRUCT;
402 len = &(buf->acl_len);
403 /* reserve space for control flags in gpfs 3.5 and beyond */
404 struct_size = sizeof(struct gpfs_acl) + sizeof(unsigned int);
405 }
406
407 /* set the length of the buffer as input value */
408 *len = size;
409
410 errno = 0;
411 ret = gpfswrap_getacl(discard_const_p(char, fname), flags, aclbuf);
412 if ((ret != 0) && (errno == ENOSPC)) {
413 /*
414 * get the size needed to accommodate the complete buffer
415 *
416 * the value returned only applies to the ACL blob in the
417 * struct so make sure to also have headroom for the first
418 * struct members by adding room for the complete struct
419 * (might be a few bytes too much then)
420 */
421 size = *len + struct_size;
422 talloc_free(aclbuf);
423 DEBUG(10, ("Increasing ACL buffer size to %zu\n", size));
424 goto again;
425 }
426
427 if (ret != 0) {
428 DEBUG(5, ("smbd_gpfs_getacl failed with %s\n",
429 strerror(errno)));
430 talloc_free(aclbuf);
431 return NULL;
432 }
433
434 return aclbuf;
435 }
436
437 /* Tries to get nfs4 acls and returns SMB ACL allocated.
438 * On failure returns 1 if it got non-NFSv4 ACL to prompt
439 * retry with POSIX ACL checks.
440 * On failure returns -1 if there is system (GPFS) error, check errno.
441 * Returns 0 on success
442 */
443 static int gpfs_get_nfs4_acl(TALLOC_CTX *mem_ctx, const char *fname,
444 struct SMB4ACL_T **ppacl)
445 {
446 gpfs_aclCount_t i;
447 struct gpfs_acl *gacl = NULL;
448 DEBUG(10, ("gpfs_get_nfs4_acl invoked for %s\n", fname));
449
450 /* Get the ACL */
451 gacl = (struct gpfs_acl*) vfs_gpfs_getacl(talloc_tos(), fname,
452 false, 0);
453 if (gacl == NULL) {
454 DEBUG(9, ("gpfs_getacl failed for %s with %s\n",
455 fname, strerror(errno)));
456 if (errno == ENODATA) {
457 /*
458 * GPFS returns ENODATA for snapshot
459 * directories. Retry with POSIX ACLs check.
460 */
461 return 1;
462 }
463
464 return -1;
465 }
466
467 if (gacl->acl_type != GPFS_ACL_TYPE_NFS4) {
468 DEBUG(10, ("Got non-nfsv4 acl\n"));
469 /* Retry with POSIX ACLs check */
470 talloc_free(gacl);
471 return 1;
472 }
473
474 *ppacl = smb_create_smb4acl(mem_ctx);
475
476 if (gacl->acl_level == GPFS_ACL_LEVEL_V4FLAGS) {
477 uint16_t control = gpfs2sd_control(gpfs_acl_flags(gacl));
478 smbacl4_set_controlflags(*ppacl, control);
479 }
480
481 DEBUG(10, ("len: %d, level: %d, version: %d, nace: %d, control: %x\n",
482 gacl->acl_len, gacl->acl_level, gacl->acl_version,
483 gacl->acl_nace, gpfs_acl_flags(gacl)));
484
485 for (i=0; i<gacl->acl_nace; i++) {
486 struct gpfs_ace_v4 *gace = gpfs_ace_ptr(gacl, i);
487 SMB_ACE4PROP_T smbace = { 0 };
488 DEBUG(10, ("type: %d, iflags: %x, flags: %x, mask: %x, "
489 "who: %d\n", gace->aceType, gace->aceIFlags,
490 gace->aceFlags, gace->aceMask, gace->aceWho));
491
492 if (gace->aceIFlags & ACE4_IFLAG_SPECIAL_ID) {
493 smbace.flags |= SMB_ACE4_ID_SPECIAL;
494 switch (gace->aceWho) {
495 case ACE4_SPECIAL_OWNER:
496 smbace.who.special_id = SMB_ACE4_WHO_OWNER;
497 break;
498 case ACE4_SPECIAL_GROUP:
499 smbace.who.special_id = SMB_ACE4_WHO_GROUP;
500 break;
501 case ACE4_SPECIAL_EVERYONE:
502 smbace.who.special_id = SMB_ACE4_WHO_EVERYONE;
503 break;
504 default:
505 DEBUG(8, ("invalid special gpfs id %d "
506 "ignored\n", gace->aceWho));
507 continue; /* don't add it */
508 }
509 } else {
510 if (gace->aceFlags & ACE4_FLAG_GROUP_ID)
511 smbace.who.gid = gace->aceWho;
512 else
513 smbace.who.uid = gace->aceWho;
514 }
515
516 /* remove redundant deny entries */
517 if (i > 0 && gace->aceType == SMB_ACE4_ACCESS_DENIED_ACE_TYPE) {
518 struct gpfs_ace_v4 *prev = gpfs_ace_ptr(gacl, i - 1);
519 if (prev->aceType == SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE &&
520 prev->aceFlags == gace->aceFlags &&
521 prev->aceIFlags == gace->aceIFlags &&
522 (gace->aceMask & prev->aceMask) == 0 &&
523 gace->aceWho == prev->aceWho) {
524 /* it's redundant - skip it */
525 continue;
526 }
527 }
528
529 smbace.aceType = gace->aceType;
530 smbace.aceFlags = gace->aceFlags;
531 smbace.aceMask = gace->aceMask;
532 smb_add_ace4(*ppacl, &smbace);
533 }
534
535 talloc_free(gacl);
536
537 return 0;
538 }
539
540 static NTSTATUS gpfsacl_fget_nt_acl(vfs_handle_struct *handle,
541 files_struct *fsp, uint32_t security_info,
542 TALLOC_CTX *mem_ctx,
543 struct security_descriptor **ppdesc)
544 {
545 struct SMB4ACL_T *pacl = NULL;
546 int result;
547 struct gpfs_config_data *config;
548 TALLOC_CTX *frame = talloc_stackframe();
549 NTSTATUS status;
550
551 *ppdesc = NULL;
552
553 SMB_VFS_HANDLE_GET_DATA(handle, config,
554 struct gpfs_config_data,
555 return NT_STATUS_INTERNAL_ERROR);
556
557 if (!config->acl) {
558 status = SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info,
559 mem_ctx, ppdesc);
560 TALLOC_FREE(frame);
561 return status;
562 }
563
564 result = gpfs_get_nfs4_acl(frame, fsp->fsp_name->base_name, &pacl);
565
566 if (result == 0) {
567 status = smb_fget_nt_acl_nfs4(fsp, security_info, mem_ctx,
568 ppdesc, pacl);
569 TALLOC_FREE(frame);
570 return status;
571 }
572
573 if (result > 0) {
574 DEBUG(10, ("retrying with posix acl...\n"));
575 status = posix_fget_nt_acl(fsp, security_info,
576 mem_ctx, ppdesc);
577 TALLOC_FREE(frame);
578 return status;
579 }
580
581 TALLOC_FREE(frame);
582
583 /* GPFS ACL was not read, something wrong happened, error code is set in errno */
584 return map_nt_error_from_unix(errno);
585 }
586
587 static NTSTATUS gpfsacl_get_nt_acl(vfs_handle_struct *handle,
588 const char *name,
589 uint32_t security_info,
590 TALLOC_CTX *mem_ctx, struct security_descriptor **ppdesc)
591 {
592 struct SMB4ACL_T *pacl = NULL;
593 int result;
594 struct gpfs_config_data *config;
595 TALLOC_CTX *frame = talloc_stackframe();
596 NTSTATUS status;
597
598 *ppdesc = NULL;
599
600 SMB_VFS_HANDLE_GET_DATA(handle, config,
601 struct gpfs_config_data,
602 return NT_STATUS_INTERNAL_ERROR);
603
604 if (!config->acl) {
605 status = SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info,
606 mem_ctx, ppdesc);
607 TALLOC_FREE(frame);
608 return status;
609 }
610
611 result = gpfs_get_nfs4_acl(frame, name, &pacl);
612
613 if (result == 0) {
614 status = smb_get_nt_acl_nfs4(handle->conn, name, security_info,
615 mem_ctx, ppdesc, pacl);
616 TALLOC_FREE(frame);
617 return status;
618 }
619
620 if (result > 0) {
621 DEBUG(10, ("retrying with posix acl...\n"));
622 status = posix_get_nt_acl(handle->conn, name, security_info,
623 mem_ctx, ppdesc);
624 TALLOC_FREE(frame);
625 return status;
626 }
627
628 /* GPFS ACL was not read, something wrong happened, error code is set in errno */
629 TALLOC_FREE(frame);
630 return map_nt_error_from_unix(errno);
631 }
632
633 static struct gpfs_acl *vfs_gpfs_smbacl2gpfsacl(TALLOC_CTX *mem_ctx,
634 files_struct *fsp,
635 struct SMB4ACL_T *smbacl,
636 bool controlflags)
637 {
638 struct gpfs_acl *gacl;
639 gpfs_aclLen_t gacl_len;
640 struct SMB4ACE_T *smbace;
641
642 gacl_len = offsetof(gpfs_acl_t, ace_v4) + sizeof(unsigned int)
643 + smb_get_naces(smbacl) * sizeof(gpfs_ace_v4_t);
644
645 gacl = (struct gpfs_acl *)TALLOC_SIZE(mem_ctx, gacl_len);
646 if (gacl == NULL) {
647 DEBUG(0, ("talloc failed\n"));
648 errno = ENOMEM;
649 return NULL;
650 }
651
652 gacl->acl_level = GPFS_ACL_LEVEL_BASE;
653 gacl->acl_version = GPFS_ACL_VERSION_NFS4;
654 gacl->acl_type = GPFS_ACL_TYPE_NFS4;
655 gacl->acl_nace = 0; /* change later... */
656
657 if (controlflags) {
658 gacl->acl_level = GPFS_ACL_LEVEL_V4FLAGS;
659 sd2gpfs_control(smbacl4_get_controlflags(smbacl), gacl);
660 }
661
662 for (smbace=smb_first_ace4(smbacl); smbace!=NULL; smbace = smb_next_ace4(smbace)) {
663 struct gpfs_ace_v4 *gace = gpfs_ace_ptr(gacl, gacl->acl_nace);
664 SMB_ACE4PROP_T *aceprop = smb_get_ace4(smbace);
665
666 gace->aceType = aceprop->aceType;
667 gace->aceFlags = aceprop->aceFlags;
668 gace->aceMask = aceprop->aceMask;
669
670 /*
671 * GPFS can't distinguish between WRITE and APPEND on
672 * files, so one being set without the other is an
673 * error. Sorry for the many ()'s :-)
674 */
675
676 if (!fsp->is_directory
677 &&
678 ((((gace->aceMask & ACE4_MASK_WRITE) == 0)
679 && ((gace->aceMask & ACE4_MASK_APPEND) != 0))
680 ||
681 (((gace->aceMask & ACE4_MASK_WRITE) != 0)
682 && ((gace->aceMask & ACE4_MASK_APPEND) == 0)))
683 &&
684 lp_parm_bool(fsp->conn->params->service, "gpfs",
685 "merge_writeappend", True)) {
686 DEBUG(2, ("vfs_gpfs.c: file [%s]: ACE contains "
687 "WRITE^APPEND, setting WRITE|APPEND\n",
688 fsp_str_dbg(fsp)));
689 gace->aceMask |= ACE4_MASK_WRITE|ACE4_MASK_APPEND;
690 }
691
692 gace->aceIFlags = (aceprop->flags&SMB_ACE4_ID_SPECIAL) ? ACE4_IFLAG_SPECIAL_ID : 0;
693
694 if (aceprop->flags&SMB_ACE4_ID_SPECIAL)
695 {
696 switch(aceprop->who.special_id)
697 {
698 case SMB_ACE4_WHO_EVERYONE:
699 gace->aceWho = ACE4_SPECIAL_EVERYONE;
700 break;
701 case SMB_ACE4_WHO_OWNER:
702 gace->aceWho = ACE4_SPECIAL_OWNER;
703 break;
704 case SMB_ACE4_WHO_GROUP:
705 gace->aceWho = ACE4_SPECIAL_GROUP;
706 break;
707 default:
708 DEBUG(8, ("unsupported special_id %d\n", aceprop->who.special_id));
709 continue; /* don't add it !!! */
710 }
711 } else {
712 /* just only for the type safety... */
713 if (aceprop->aceFlags&SMB_ACE4_IDENTIFIER_GROUP)
714 gace->aceWho = aceprop->who.gid;
715 else
716 gace->aceWho = aceprop->who.uid;
717 }
718
719 gacl->acl_nace++;
720 }
721 gacl->acl_len = (char *)gpfs_ace_ptr(gacl, gacl->acl_nace)
722 - (char *)gacl;
723 return gacl;
724 }
725
726 static bool gpfsacl_process_smbacl(vfs_handle_struct *handle,
727 files_struct *fsp,
728 struct SMB4ACL_T *smbacl)
729 {
730 int ret;
731 struct gpfs_acl *gacl;
732 TALLOC_CTX *mem_ctx = talloc_tos();
733
734 gacl = vfs_gpfs_smbacl2gpfsacl(mem_ctx, fsp, smbacl, true);
735 if (gacl == NULL) { /* out of memory */
736 return False;
737 }
738 ret = gpfswrap_putacl(fsp->fsp_name->base_name,
739 GPFS_PUTACL_STRUCT | GPFS_ACL_SAMBA, gacl);
740
741 if ((ret != 0) && (errno == EINVAL)) {
742 DEBUG(10, ("Retry without nfs41 control flags\n"));
743 talloc_free(gacl);
744 gacl = vfs_gpfs_smbacl2gpfsacl(mem_ctx, fsp, smbacl, false);
745 if (gacl == NULL) { /* out of memory */
746 return False;
747 }
748 ret = gpfswrap_putacl(fsp->fsp_name->base_name,
749 GPFS_PUTACL_STRUCT | GPFS_ACL_SAMBA,
750 gacl);
751 }
752
753 if (ret != 0) {
754 DEBUG(8, ("gpfs_putacl failed with %s\n", strerror(errno)));
755 gpfs_dumpacl(8, gacl);
756 return False;
757 }
758
759 DEBUG(10, ("gpfs_putacl succeeded\n"));
760 return True;
761 }
762
763 static NTSTATUS gpfsacl_set_nt_acl_internal(vfs_handle_struct *handle, files_struct *fsp, uint32_t security_info_sent, const struct security_descriptor *psd)
764 {
765 struct gpfs_acl *acl;
766 NTSTATUS result = NT_STATUS_ACCESS_DENIED;
767
768 acl = (struct gpfs_acl*) vfs_gpfs_getacl(talloc_tos(),
769 fsp->fsp_name->base_name,
770 false, 0);
771 if (acl == NULL) {
772 return map_nt_error_from_unix(errno);
773 }
774
775 if (acl->acl_version == GPFS_ACL_VERSION_NFS4) {
776 if (lp_parm_bool(fsp->conn->params->service, "gpfs",
777 "refuse_dacl_protected", false)
778 && (psd->type&SEC_DESC_DACL_PROTECTED)) {
779 DEBUG(2, ("Rejecting unsupported ACL with DACL_PROTECTED bit set\n"));
780 talloc_free(acl);
781 return NT_STATUS_NOT_SUPPORTED;
782 }
783
784 result = smb_set_nt_acl_nfs4(handle,
785 fsp, security_info_sent, psd,
786 gpfsacl_process_smbacl);
787 } else { /* assume POSIX ACL - by default... */
788 result = set_nt_acl(fsp, security_info_sent, psd);
789 }
790
791 talloc_free(acl);
792 return result;
793 }
794
795 static NTSTATUS gpfsacl_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32_t security_info_sent, const struct security_descriptor *psd)
796 {
797 struct gpfs_config_data *config;
798
799 SMB_VFS_HANDLE_GET_DATA(handle, config,
800 struct gpfs_config_data,
801 return NT_STATUS_INTERNAL_ERROR);
802
803 if (!config->acl) {
804 return SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
805 }
806
807 return gpfsacl_set_nt_acl_internal(handle, fsp, security_info_sent, psd);
808 }
809
810 static SMB_ACL_T gpfs2smb_acl(const struct gpfs_acl *pacl, TALLOC_CTX *mem_ctx)
811 {
812 SMB_ACL_T result;
813 gpfs_aclCount_t i;
814
815 result = sys_acl_init(mem_ctx);
816 if (result == NULL) {
817 errno = ENOMEM;
818 return NULL;
819 }
820
821 result->count = pacl->acl_nace;
822 result->acl = talloc_realloc(result, result->acl, struct smb_acl_entry,
823 result->count);
824 if (result->acl == NULL) {
825 TALLOC_FREE(result);
826 errno = ENOMEM;
827 return NULL;
828 }
829
830 for (i=0; i<pacl->acl_nace; i++) {
831 struct smb_acl_entry *ace = &result->acl[i];
832 const struct gpfs_ace_v1 *g_ace = &pacl->ace_v1[i];
833
834 DEBUG(10, ("Converting type %d id %lu perm %x\n",
835 (int)g_ace->ace_type, (unsigned long)g_ace->ace_who,
836 (int)g_ace->ace_perm));
837
838 switch (g_ace->ace_type) {
839 case GPFS_ACL_USER:
840 ace->a_type = SMB_ACL_USER;
841 ace->info.user.uid = (uid_t)g_ace->ace_who;
842 break;
843 case GPFS_ACL_USER_OBJ:
844 ace->a_type = SMB_ACL_USER_OBJ;
845 break;
846 case GPFS_ACL_GROUP:
847 ace->a_type = SMB_ACL_GROUP;
848 ace->info.group.gid = (gid_t)g_ace->ace_who;
849 break;
850 case GPFS_ACL_GROUP_OBJ:
851 ace->a_type = SMB_ACL_GROUP_OBJ;
852 break;
853 case GPFS_ACL_OTHER:
854 ace->a_type = SMB_ACL_OTHER;
855 break;
856 case GPFS_ACL_MASK:
857 ace->a_type = SMB_ACL_MASK;
858 break;
859 default:
860 DEBUG(10, ("Got invalid ace_type: %d\n",
861 g_ace->ace_type));
862 TALLOC_FREE(result);
863 errno = EINVAL;
864 return NULL;
865 }
866
867 ace->a_perm = 0;
868 ace->a_perm |= (g_ace->ace_perm & ACL_PERM_READ) ?
869 SMB_ACL_READ : 0;
870 ace->a_perm |= (g_ace->ace_perm & ACL_PERM_WRITE) ?
871 SMB_ACL_WRITE : 0;
872 ace->a_perm |= (g_ace->ace_perm & ACL_PERM_EXECUTE) ?
873 SMB_ACL_EXECUTE : 0;
874
875 DEBUGADD(10, ("Converted to %d perm %x\n",
876 ace->a_type, ace->a_perm));
877 }
878
879 return result;
880 }
881
882 static SMB_ACL_T gpfsacl_get_posix_acl(const char *path, gpfs_aclType_t type,
883 TALLOC_CTX *mem_ctx)
884 {
885 struct gpfs_acl *pacl;
886 SMB_ACL_T result = NULL;
887
888 pacl = vfs_gpfs_getacl(talloc_tos(), path, false, type);
889
890 if (pacl == NULL) {
891 DEBUG(10, ("vfs_gpfs_getacl failed for %s with %s\n",
892 path, strerror(errno)));
893 if (errno == 0) {
894 errno = EINVAL;
895 }
896 goto done;
897 }
898
899 if (pacl->acl_version != GPFS_ACL_VERSION_POSIX) {
900 DEBUG(10, ("Got acl version %d, expected %d\n",
901 pacl->acl_version, GPFS_ACL_VERSION_POSIX));
902 errno = EINVAL;
903 goto done;
904 }
905
906 DEBUG(10, ("len: %d, level: %d, version: %d, nace: %d\n",
907 pacl->acl_len, pacl->acl_level, pacl->acl_version,
908 pacl->acl_nace));
909
910 result = gpfs2smb_acl(pacl, mem_ctx);
911 if (result != NULL) {
912 errno = 0;
913 }
914
915 done:
916
917 if (pacl != NULL) {
918 talloc_free(pacl);
919 }
920 if (errno != 0) {
921 TALLOC_FREE(result);
922 }
923 return result;
924 }
925
926 static SMB_ACL_T gpfsacl_sys_acl_get_file(vfs_handle_struct *handle,
927 const char *path_p,
928 SMB_ACL_TYPE_T type,
929 TALLOC_CTX *mem_ctx)
930 {
931 gpfs_aclType_t gpfs_type;
932 struct gpfs_config_data *config;
933
934 SMB_VFS_HANDLE_GET_DATA(handle, config,
935 struct gpfs_config_data,
936 return NULL);
937
938 if (!config->acl) {
939 return SMB_VFS_NEXT_SYS_ACL_GET_FILE(handle, path_p,
940 type, mem_ctx);
941 }
942
943 switch(type) {
944 case SMB_ACL_TYPE_ACCESS:
945 gpfs_type = GPFS_ACL_TYPE_ACCESS;
946 break;
947 case SMB_ACL_TYPE_DEFAULT:
948 gpfs_type = GPFS_ACL_TYPE_DEFAULT;
949 break;
950 default:
951 DEBUG(0, ("Got invalid type: %d\n", type));
952 smb_panic("exiting");
953 }
954
955 return gpfsacl_get_posix_acl(path_p, gpfs_type, mem_ctx);
956 }
957
958 static SMB_ACL_T gpfsacl_sys_acl_get_fd(vfs_handle_struct *handle,
959 files_struct *fsp,
960 TALLOC_CTX *mem_ctx)
961 {
962 struct gpfs_config_data *config;
963
964 SMB_VFS_HANDLE_GET_DATA(handle, config,
965 struct gpfs_config_data,
966 return NULL);
967
968 if (!config->acl) {
969 return SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp, mem_ctx);
970 }
971
972 return gpfsacl_get_posix_acl(fsp->fsp_name->base_name,
973 GPFS_ACL_TYPE_ACCESS, mem_ctx);
974 }
975
976 static int gpfsacl_sys_acl_blob_get_file(vfs_handle_struct *handle,
977 const char *path_p,
978 TALLOC_CTX *mem_ctx,
979 char **blob_description,
980 DATA_BLOB *blob)
981 {
982 struct gpfs_config_data *config;
983 struct gpfs_opaque_acl *acl = NULL;
984 DATA_BLOB aclblob;
985 int result;
986
987 SMB_VFS_HANDLE_GET_DATA(handle, config,
988 struct gpfs_config_data,
989 return -1);
990
991 if (!config->acl) {
992 return SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FILE(handle, path_p,
993 mem_ctx,
994 blob_description,
995 blob);
996 }
997
998 errno = 0;
999 acl = (struct gpfs_opaque_acl *)
1000 vfs_gpfs_getacl(mem_ctx,
1001 path_p,
1002 true,
1003 GPFS_ACL_TYPE_NFS4);
1004
1005 if (errno) {
1006 DEBUG(5, ("vfs_gpfs_getacl finished with errno %d: %s\n",
1007 errno, strerror(errno)));
1008
1009 /* EINVAL means POSIX ACL, bail out on other cases */
1010 if (errno != EINVAL) {
1011 return -1;
1012 }
1013 }
1014
1015 if (acl != NULL) {
1016 /*
1017 * file has NFSv4 ACL
1018 *
1019 * we only need the actual ACL blob here
1020 * acl_version will always be NFS4 because we asked
1021 * for NFS4
1022 * acl_type is only used for POSIX ACLs
1023 */
1024 aclblob.data = (uint8_t*) acl->acl_var_data;
1025 aclblob.length = acl->acl_buffer_len;
1026
1027 *blob_description = talloc_strdup(mem_ctx, "gpfs_nfs4_acl");
1028 if (!*blob_description) {
1029 talloc_free(acl);
1030 errno = ENOMEM;
1031 return -1;
1032 }
1033
1034 result = non_posix_sys_acl_blob_get_file_helper(handle, path_p,
1035 aclblob,
1036 mem_ctx, blob);
1037
1038 talloc_free(acl);
1039 return result;
1040 }
1041
1042 /* fall back to POSIX ACL */
1043 return posix_sys_acl_blob_get_file(handle, path_p, mem_ctx,
1044 blob_description, blob);
1045 }
1046
1047 static int gpfsacl_sys_acl_blob_get_fd(vfs_handle_struct *handle,
1048 files_struct *fsp,
1049 TALLOC_CTX *mem_ctx,
1050 char **blob_description,
1051 DATA_BLOB *blob)
1052 {
1053 struct gpfs_config_data *config;
1054 struct gpfs_opaque_acl *acl = NULL;
1055 DATA_BLOB aclblob;
1056 int result;
1057
1058 SMB_VFS_HANDLE_GET_DATA(handle, config,
1059 struct gpfs_config_data,
1060 return -1);
1061
1062 if (!config->acl) {
1063 return SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FD(handle, fsp, mem_ctx,
1064 blob_description, blob);
1065 }
1066
1067 errno = 0;
1068 acl = (struct gpfs_opaque_acl *) vfs_gpfs_getacl(mem_ctx,
1069 fsp->fsp_name->base_name,
1070 true,
1071 GPFS_ACL_TYPE_NFS4);
1072
1073 if (errno) {
1074 DEBUG(5, ("vfs_gpfs_getacl finished with errno %d: %s\n",
1075 errno, strerror(errno)));
1076
1077 /* EINVAL means POSIX ACL, bail out on other cases */
1078 if (errno != EINVAL) {
1079 return -1;
1080 }
1081 }
1082
1083 if (acl != NULL) {
1084 /*
1085 * file has NFSv4 ACL
1086 *
1087 * we only need the actual ACL blob here
1088 * acl_version will always be NFS4 because we asked
1089 * for NFS4
1090 * acl_type is only used for POSIX ACLs
1091 */
1092 aclblob.data = (uint8_t*) acl->acl_var_data;
1093 aclblob.length = acl->acl_buffer_len;
1094
1095 *blob_description = talloc_strdup(mem_ctx, "gpfs_nfs4_acl");
1096 if (!*blob_description) {
1097 talloc_free(acl);
1098 errno = ENOMEM;
1099 return -1;
1100 }
1101
1102 result = non_posix_sys_acl_blob_get_fd_helper(handle, fsp,
1103 aclblob, mem_ctx,
1104 blob);
1105
1106 talloc_free(acl);
1107 return result;
1108 }
1109
1110 /* fall back to POSIX ACL */
1111 return posix_sys_acl_blob_get_fd(handle, fsp, mem_ctx,
1112 blob_description, blob);
1113 }
1114
1115 static struct gpfs_acl *smb2gpfs_acl(const SMB_ACL_T pacl,
1116 SMB_ACL_TYPE_T type)
1117 {
1118 gpfs_aclLen_t len;
1119 struct gpfs_acl *result;
1120 int i;
1121
1122 DEBUG(10, ("smb2gpfs_acl: Got ACL with %d entries\n", pacl->count));
1123
1124 len = offsetof(gpfs_acl_t, ace_v1) + (pacl->count) *
1125 sizeof(gpfs_ace_v1_t);
1126
1127 result = (struct gpfs_acl *)SMB_MALLOC(len);
1128 if (result == NULL) {
1129 errno = ENOMEM;
1130 return result;
1131 }
1132
1133 result->acl_len = len;
1134 result->acl_level = 0;
1135 result->acl_version = GPFS_ACL_VERSION_POSIX;
1136 result->acl_type = (type == SMB_ACL_TYPE_DEFAULT) ?
1137 GPFS_ACL_TYPE_DEFAULT : GPFS_ACL_TYPE_ACCESS;
1138 result->acl_nace = pacl->count;
1139
1140 for (i=0; i<pacl->count; i++) {
1141 const struct smb_acl_entry *ace = &pacl->acl[i];
1142 struct gpfs_ace_v1 *g_ace = &result->ace_v1[i];
1143
1144 DEBUG(10, ("Converting type %d perm %x\n",
1145 (int)ace->a_type, (int)ace->a_perm));
1146
1147 g_ace->ace_perm = 0;
1148
1149 switch(ace->a_type) {
1150 case SMB_ACL_USER:
1151 g_ace->ace_type = GPFS_ACL_USER;
1152 g_ace->ace_who = (gpfs_uid_t)ace->info.user.uid;
1153 break;
1154 case SMB_ACL_USER_OBJ:
1155 g_ace->ace_type = GPFS_ACL_USER_OBJ;
1156 g_ace->ace_perm |= ACL_PERM_CONTROL;
1157 g_ace->ace_who = 0;
1158 break;
1159 case SMB_ACL_GROUP:
1160 g_ace->ace_type = GPFS_ACL_GROUP;
1161 g_ace->ace_who = (gpfs_uid_t)ace->info.group.gid;
1162 break;
1163 case SMB_ACL_GROUP_OBJ:
1164 g_ace->ace_type = GPFS_ACL_GROUP_OBJ;
1165 g_ace->ace_who = 0;
1166 break;
1167 case SMB_ACL_MASK:
1168 g_ace->ace_type = GPFS_ACL_MASK;
1169 g_ace->ace_perm = 0x8f;
1170 g_ace->ace_who = 0;
1171 break;
1172 case SMB_ACL_OTHER:
1173 g_ace->ace_type = GPFS_ACL_OTHER;
1174 g_ace->ace_who = 0;
1175 break;
1176 default:
1177 DEBUG(10, ("Got invalid ace_type: %d\n", ace->a_type));
1178 errno = EINVAL;
1179 SAFE_FREE(result);
1180 return NULL;
1181 }
1182
1183 g_ace->ace_perm |= (ace->a_perm & SMB_ACL_READ) ?
1184 ACL_PERM_READ : 0;
1185 g_ace->ace_perm |= (ace->a_perm & SMB_ACL_WRITE) ?
1186 ACL_PERM_WRITE : 0;
1187 g_ace->ace_perm |= (ace->a_perm & SMB_ACL_EXECUTE) ?
1188 ACL_PERM_EXECUTE : 0;
1189
1190 DEBUGADD(10, ("Converted to %d id %d perm %x\n",
1191 g_ace->ace_type, g_ace->ace_who, g_ace->ace_perm));
1192 }
1193
1194 return result;
1195 }
1196
1197 static int gpfsacl_sys_acl_set_file(vfs_handle_struct *handle,
1198 const char *name,
1199 SMB_ACL_TYPE_T type,
1200 SMB_ACL_T theacl)
1201 {
1202 struct gpfs_acl *gpfs_acl;
1203 int result;
1204 struct gpfs_config_data *config;
1205
1206 SMB_VFS_HANDLE_GET_DATA(handle, config,
1207 struct gpfs_config_data,
1208 return -1);
1209
1210 if (!config->acl) {
1211 return SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle, name, type, theacl);
1212 }
1213
1214 gpfs_acl = smb2gpfs_acl(theacl, type);
1215 if (gpfs_acl == NULL) {
1216 return -1;
1217 }
1218
1219 result = gpfswrap_putacl(discard_const_p(char, name),
1220 GPFS_PUTACL_STRUCT|GPFS_ACL_SAMBA, gpfs_acl);
1221
1222 SAFE_FREE(gpfs_acl);
1223 return result;
1224 }
1225
1226 static int gpfsacl_sys_acl_set_fd(vfs_handle_struct *handle,
1227 files_struct *fsp,
1228 SMB_ACL_T theacl)
1229 {
1230 struct gpfs_config_data *config;
1231
1232 SMB_VFS_HANDLE_GET_DATA(handle, config,
1233 struct gpfs_config_data,
1234 return -1);
1235
1236 if (!config->acl) {
1237 return SMB_VFS_NEXT_SYS_ACL_SET_FD(handle, fsp, theacl);
1238 }
1239
1240 return gpfsacl_sys_acl_set_file(handle, fsp->fsp_name->base_name,
1241 SMB_ACL_TYPE_ACCESS, theacl);
1242 }
1243
1244 static int gpfsacl_sys_acl_delete_def_file(vfs_handle_struct *handle,
1245 const char *path)
1246 {
1247 struct gpfs_config_data *config;
1248
1249 SMB_VFS_HANDLE_GET_DATA(handle, config,
1250 struct gpfs_config_data,
1251 return -1);
1252
1253 if (!config->acl) {
1254 return SMB_VFS_NEXT_SYS_ACL_DELETE_DEF_FILE(handle, path);
1255 }
1256
1257 errno = ENOTSUP;
1258 return -1;
1259 }
1260
1261 /*
1262 * Assumed: mode bits are shiftable and standard
1263 * Output: the new aceMask field for an smb nfs4 ace
1264 */
1265 static uint32_t gpfsacl_mask_filter(uint32_t aceType, uint32_t aceMask, uint32_t rwx)
1266 {
1267 const uint32_t posix_nfs4map[3] = {
1268 SMB_ACE4_EXECUTE, /* execute */
1269 SMB_ACE4_WRITE_DATA | SMB_ACE4_APPEND_DATA, /* write; GPFS specific */
1270 SMB_ACE4_READ_DATA /* read */
1271 };
1272 int i;
1273 uint32_t posix_mask = 0x01;
1274 uint32_t posix_bit;
1275 uint32_t nfs4_bits;
1276
1277 for(i=0; i<3; i++) {
1278 nfs4_bits = posix_nfs4map[i];
1279 posix_bit = rwx & posix_mask;
1280
1281 if (aceType==SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE) {
1282 if (posix_bit)
1283 aceMask |= nfs4_bits;
1284 else
1285 aceMask &= ~nfs4_bits;
1286 } else {
1287 /* add deny bits when suitable */
1288 if (!posix_bit)
1289 aceMask |= nfs4_bits;
1290 else
1291 aceMask &= ~nfs4_bits;
1292 } /* other ace types are unexpected */
1293
1294 posix_mask <<= 1;
1295 }
1296
1297 return aceMask;
1298 }
1299
1300 static int gpfsacl_emu_chmod(vfs_handle_struct *handle,
1301 const char *path, mode_t mode)
1302 {
1303 struct SMB4ACL_T *pacl = NULL;
1304 int result;
1305 bool haveAllowEntry[SMB_ACE4_WHO_EVERYONE + 1] = {False, False, False, False};
1306 int i;
1307 files_struct fake_fsp = { 0 }; /* TODO: rationalize parametrization */
1308 struct SMB4ACE_T *smbace;
1309 TALLOC_CTX *frame = talloc_stackframe();
1310
1311 DEBUG(10, ("gpfsacl_emu_chmod invoked for %s mode %o\n", path, mode));
1312
1313 result = gpfs_get_nfs4_acl(frame, path, &pacl);
1314 if (result) {
1315 TALLOC_FREE(frame);
1316 return result;
1317 }
1318
1319 if (mode & ~(S_IRWXU | S_IRWXG | S_IRWXO)) {
1320 DEBUG(2, ("WARNING: cutting extra mode bits %o on %s\n", mode, path));
1321 }
1322
1323 for (smbace=smb_first_ace4(pacl); smbace!=NULL; smbace = smb_next_ace4(smbace)) {
1324 SMB_ACE4PROP_T *ace = smb_get_ace4(smbace);
1325 uint32_t specid = ace->who.special_id;
1326
1327 if (ace->flags&SMB_ACE4_ID_SPECIAL &&
1328 ace->aceType<=SMB_ACE4_ACCESS_DENIED_ACE_TYPE &&
1329 specid <= SMB_ACE4_WHO_EVERYONE) {
1330
1331 uint32_t newMask;
1332
1333 if (ace->aceType==SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE)
1334 haveAllowEntry[specid] = True;
1335
1336 /* mode >> 6 for @owner, mode >> 3 for @group,
1337 * mode >> 0 for @everyone */
1338 newMask = gpfsacl_mask_filter(ace->aceType, ace->aceMask,
1339 mode >> ((SMB_ACE4_WHO_EVERYONE - specid) * 3));
1340 if (ace->aceMask!=newMask) {
1341 DEBUG(10, ("ace changed for %s (%o -> %o) id=%d\n",
1342 path, ace->aceMask, newMask, specid));
1343 }
1344 ace->aceMask = newMask;
1345 }
1346 }
1347
1348 /* make sure we have at least ALLOW entries
1349 * for all the 3 special ids (@EVERYONE, @OWNER, @GROUP)
1350 * - if necessary
1351 */
1352 for(i = SMB_ACE4_WHO_OWNER; i<=SMB_ACE4_WHO_EVERYONE; i++) {
1353 SMB_ACE4PROP_T ace = { 0 };
1354
1355 if (haveAllowEntry[i]==True)
1356 continue;
1357
1358 ace.aceType = SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE;
1359 ace.flags |= SMB_ACE4_ID_SPECIAL;
1360 ace.who.special_id = i;
1361
1362 if (i==SMB_ACE4_WHO_GROUP) /* not sure it's necessary... */
1363 ace.aceFlags |= SMB_ACE4_IDENTIFIER_GROUP;
1364
1365 ace.aceMask = gpfsacl_mask_filter(ace.aceType, ace.aceMask,
1366 mode >> ((SMB_ACE4_WHO_EVERYONE - i) * 3));
1367
1368 /* don't add unnecessary aces */
1369 if (!ace.aceMask)
1370 continue;
1371
1372 /* we add it to the END - as windows expects allow aces */
1373 smb_add_ace4(pacl, &ace);
1374 DEBUG(10, ("Added ALLOW ace for %s, mode=%o, id=%d, aceMask=%x\n",
1375 path, mode, i, ace.aceMask));
1376 }
1377
1378 /* don't add complementary DENY ACEs here */
1379 fake_fsp.fsp_name = synthetic_smb_fname(
1380 frame, path, NULL, NULL);
1381 if (fake_fsp.fsp_name == NULL) {
1382 errno = ENOMEM;
1383 TALLOC_FREE(frame);
1384 return -1;
1385 }
1386 /* put the acl */
1387 if (gpfsacl_process_smbacl(handle, &fake_fsp, pacl) == False) {
1388 TALLOC_FREE(frame);
1389 return -1;
1390 }
1391
1392 TALLOC_FREE(frame);
1393 return 0; /* ok for [f]chmod */
1394 }
1395
1396 static int vfs_gpfs_chmod(vfs_handle_struct *handle, const char *path, mode_t mode)
1397 {
1398 struct smb_filename *smb_fname_cpath;
1399 int rc;
1400
1401 smb_fname_cpath = synthetic_smb_fname(talloc_tos(), path, NULL, NULL);
1402 if (smb_fname_cpath == NULL) {
1403 errno = ENOMEM;
1404 return -1;
1405 }
1406
1407 if (SMB_VFS_NEXT_STAT(handle, smb_fname_cpath) != 0) {
1408 return -1;
1409 }
1410
1411 /* avoid chmod() if possible, to preserve acls */
1412 if ((smb_fname_cpath->st.st_ex_mode & ~S_IFMT) == mode) {
1413 return 0;
1414 }
1415
1416 rc = gpfsacl_emu_chmod(handle, path, mode);
1417 if (rc == 1)
1418 return SMB_VFS_NEXT_CHMOD(handle, path, mode);
1419 return rc;
1420 }
1421
1422 static int vfs_gpfs_fchmod(vfs_handle_struct *handle, files_struct *fsp, mode_t mode)
1423 {
1424 SMB_STRUCT_STAT st;
1425 int rc;
1426
1427 if (SMB_VFS_NEXT_FSTAT(handle, fsp, &st) != 0) {
1428 return -1;
1429 }
1430
1431 /* avoid chmod() if possible, to preserve acls */
1432 if ((st.st_ex_mode & ~S_IFMT) == mode) {
1433 return 0;
1434 }
1435
1436 rc = gpfsacl_emu_chmod(handle, fsp->fsp_name->base_name,
1437 mode);
1438 if (rc == 1)
1439 return SMB_VFS_NEXT_FCHMOD(handle, fsp, mode);
1440 return rc;
1441 }
1442
1443 static int gpfs_set_xattr(struct vfs_handle_struct *handle, const char *path,
1444 const char *name, const void *value, size_t size, int flags){
1445 struct xattr_DOSATTRIB dosattrib;
1446 enum ndr_err_code ndr_err;
1447 DATA_BLOB blob;
1448 unsigned int dosmode=0;
1449 struct gpfs_winattr attrs;
1450 int ret = 0;
1451 struct gpfs_config_data *config;
1452
1453 SMB_VFS_HANDLE_GET_DATA(handle, config,
1454 struct gpfs_config_data,
1455 return -1);
1456
1457 if (!config->winattr) {
1458 DEBUG(10, ("gpfs_set_xattr:name is %s -> next\n",name));
1459 return SMB_VFS_NEXT_SETXATTR(handle,path,name,value,size,flags);
1460 }
1461
1462 DEBUG(10, ("gpfs_set_xattr: %s \n",path));
1463
1464 /* Only handle DOS Attributes */
1465 if (strcmp(name,SAMBA_XATTR_DOS_ATTRIB) != 0){
1466 DEBUG(5, ("gpfs_set_xattr:name is %s\n",name));
1467 return SMB_VFS_NEXT_SETXATTR(handle,path,name,value,size,flags);
1468 }
1469
1470 blob.data = discard_const_p(uint8_t, value);
1471 blob.length = size;
1472
1473 ndr_err = ndr_pull_struct_blob(&blob, talloc_tos(), &dosattrib,
1474 (ndr_pull_flags_fn_t)ndr_pull_xattr_DOSATTRIB);
1475
1476 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1477 DEBUG(1, ("gpfs_set_xattr: bad ndr decode "
1478 "from EA on file %s: Error = %s\n",
1479 path, ndr_errstr(ndr_err)));
1480 return false;
1481 }
1482
1483 if (dosattrib.version != 3) {
1484 DEBUG(1, ("gpfs_set_xattr: expected dosattrib version 3, got "
1485 "%d\n", (int)dosattrib.version));
1486 return false;
1487 }
1488 if (!(dosattrib.info.info3.valid_flags & XATTR_DOSINFO_ATTRIB)) {
1489 DEBUG(10, ("gpfs_set_xattr: XATTR_DOSINFO_ATTRIB not "
1490 "valid, ignoring\n"));
1491 return true;
1492 }
1493
1494 dosmode = dosattrib.info.info3.attrib;
1495
1496 attrs.winAttrs = 0;
1497 /*Just map RD_ONLY, ARCHIVE, SYSTEM HIDDEN and SPARSE. Ignore the others*/
1498 if (dosmode & FILE_ATTRIBUTE_ARCHIVE){
1499 attrs.winAttrs |= GPFS_WINATTR_ARCHIVE;
1500 }
1501 if (dosmode & FILE_ATTRIBUTE_HIDDEN){
1502 attrs.winAttrs |= GPFS_WINATTR_HIDDEN;
1503 }
1504 if (dosmode & FILE_ATTRIBUTE_SYSTEM){
1505 attrs.winAttrs |= GPFS_WINATTR_SYSTEM;
1506 }
1507 if (dosmode & FILE_ATTRIBUTE_READONLY){
1508 attrs.winAttrs |= GPFS_WINATTR_READONLY;
1509 }
1510 if (dosmode & FILE_ATTRIBUTE_SPARSE) {
1511 attrs.winAttrs |= GPFS_WINATTR_SPARSE_FILE;
1512 }
1513
1514
1515 ret = gpfswrap_set_winattrs_path(discard_const_p(char, path),
1516 GPFS_WINATTR_SET_ATTRS, &attrs);
1517 if ( ret == -1){
1518 if (errno == ENOSYS) {
1519 return SMB_VFS_NEXT_SETXATTR(handle, path, name, value,
1520 size, flags);
1521 }
1522
1523 DEBUG(1, ("gpfs_set_xattr:Set GPFS attributes failed %d\n",ret));
1524 return -1;
1525 }
1526
1527 DEBUG(10, ("gpfs_set_xattr:Set attributes: 0x%x\n",attrs.winAttrs));
1528 return 0;
1529 }
1530
1531 static ssize_t gpfs_get_xattr(struct vfs_handle_struct *handle, const char *path,
1532 const char *name, void *value, size_t size){
1533 char *attrstr = value;
1534 unsigned int dosmode = 0;
1535 struct gpfs_winattr attrs;
1536 int ret = 0;
1537 struct gpfs_config_data *config;
1538
1539 SMB_VFS_HANDLE_GET_DATA(handle, config,
1540 struct gpfs_config_data,
1541 return -1);
1542
1543 if (!config->winattr) {
1544 DEBUG(10, ("gpfs_get_xattr:name is %s -> next\n",name));
1545 return SMB_VFS_NEXT_GETXATTR(handle,path,name,value,size);
1546 }
1547
1548 DEBUG(10, ("gpfs_get_xattr: %s \n",path));
1549
1550 /* Only handle DOS Attributes */
1551 if (strcmp(name,SAMBA_XATTR_DOS_ATTRIB) != 0){
1552 DEBUG(5, ("gpfs_get_xattr:name is %s\n",name));
1553 return SMB_VFS_NEXT_GETXATTR(handle,path,name,value,size);
1554 }
1555
1556 ret = gpfswrap_get_winattrs_path(discard_const_p(char, path), &attrs);
1557 if ( ret == -1){
1558 int dbg_lvl;
1559
1560 if (errno == ENOSYS) {
1561 return SMB_VFS_NEXT_GETXATTR(handle, path, name, value,
1562 size);
1563 }
1564
1565 if (errno != EPERM && errno != EACCES) {
1566 dbg_lvl = 1;
1567 } else {
1568 dbg_lvl = 5;
1569 }
1570 DEBUG(dbg_lvl, ("gpfs_get_xattr: Get GPFS attributes failed: "
1571 "%d (%s)\n", ret, strerror(errno)));
1572 return -1;
1573 }
1574
1575 DEBUG(10, ("gpfs_get_xattr:Got attributes: 0x%x\n",attrs.winAttrs));
1576
1577 /*Just map RD_ONLY, ARCHIVE, SYSTEM, HIDDEN and SPARSE. Ignore the others*/
1578 if (attrs.winAttrs & GPFS_WINATTR_ARCHIVE){
1579 dosmode |= FILE_ATTRIBUTE_ARCHIVE;
1580 }
1581 if (attrs.winAttrs & GPFS_WINATTR_HIDDEN){
1582 dosmode |= FILE_ATTRIBUTE_HIDDEN;
1583 }
1584 if (attrs.winAttrs & GPFS_WINATTR_SYSTEM){
1585 dosmode |= FILE_ATTRIBUTE_SYSTEM;
1586 }
1587 if (attrs.winAttrs & GPFS_WINATTR_READONLY){
1588 dosmode |= FILE_ATTRIBUTE_READONLY;
1589 }
1590 if (attrs.winAttrs & GPFS_WINATTR_SPARSE_FILE) {
1591 dosmode |= FILE_ATTRIBUTE_SPARSE;
1592 }
1593
1594 snprintf(attrstr, size, "0x%2.2x",
1595 (unsigned int)(dosmode & SAMBA_ATTRIBUTES_MASK));
1596 DEBUG(10, ("gpfs_get_xattr: returning %s\n",attrstr));
1597 return 4;
1598 }
1599
1600 #if defined(HAVE_FSTATAT)
1601 static int stat_with_capability(struct vfs_handle_struct *handle,
1602 struct smb_filename *smb_fname, int flag)
1603 {
1604 int fd = -1;
1605 bool b;
1606 char *dir_name;
1607 const char *rel_name = NULL;
1608 struct stat st;
1609 int ret = -1;
1610
1611 b = parent_dirname(talloc_tos(), smb_fname->base_name,
1612 &dir_name, &rel_name);
1613 if (!b) {
1614 errno = ENOMEM;
1615 return -1;
1616 }
1617
1618 fd = open(dir_name, O_RDONLY, 0);
1619 TALLOC_FREE(dir_name);
1620 if (fd == -1) {
1621 return -1;
1622 }
1623
1624 set_effective_capability(DAC_OVERRIDE_CAPABILITY);
1625 ret = fstatat(fd, rel_name, &st, flag);
1626 drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
1627
1628 close(fd);
1629
1630 if (ret == 0) {
1631 init_stat_ex_from_stat(
1632 &smb_fname->st, &st,
1633 lp_fake_directory_create_times(SNUM(handle->conn)));
1634 }
1635
1636 return ret;
1637 }
1638 #endif
1639
1640 static int vfs_gpfs_stat(struct vfs_handle_struct *handle,
1641 struct smb_filename *smb_fname)
1642 {
1643 struct gpfs_winattr attrs;
1644 char *fname = NULL;
1645 NTSTATUS status;
1646 int ret;
1647 struct gpfs_config_data *config;
1648
1649 SMB_VFS_HANDLE_GET_DATA(handle, config,
1650 struct gpfs_config_data,
1651 return -1);
1652
1653 ret = SMB_VFS_NEXT_STAT(handle, smb_fname);
1654 #if defined(HAVE_FSTATAT)
1655 if (ret == -1 && errno == EACCES) {
1656 DEBUG(10, ("Trying stat with capability for %s\n",
1657 smb_fname->base_name));
1658 ret = stat_with_capability(handle, smb_fname, 0);
1659 }
1660 #endif
1661 if (ret == -1) {
1662 return -1;
1663 }
1664
1665 if (!config->winattr) {
1666 return 0;
1667 }
1668
1669 status = get_full_smb_filename(talloc_tos(), smb_fname, &fname);
1670 if (!NT_STATUS_IS_OK(status)) {
1671 errno = map_errno_from_nt_status(status);
1672 return -1;
1673 }
1674 ret = gpfswrap_get_winattrs_path(discard_const_p(char, fname), &attrs);
1675 TALLOC_FREE(fname);
1676 if (ret == 0) {
1677 smb_fname->st.st_ex_calculated_birthtime = false;
1678 smb_fname->st.st_ex_btime.tv_sec = attrs.creationTime.tv_sec;
1679 smb_fname->st.st_ex_btime.tv_nsec = attrs.creationTime.tv_nsec;
1680 }
1681 return 0;
1682 }
1683
1684 static int vfs_gpfs_fstat(struct vfs_handle_struct *handle,
1685 struct files_struct *fsp, SMB_STRUCT_STAT *sbuf)
1686 {
1687 struct gpfs_winattr attrs;
1688 int ret;
1689 struct gpfs_config_data *config;
1690
1691 SMB_VFS_HANDLE_GET_DATA(handle, config,
1692 struct gpfs_config_data,
1693 return -1);
1694
1695 ret = SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf);
1696 if (ret == -1) {
1697 return -1;
1698 }
1699 if ((fsp->fh == NULL) || (fsp->fh->fd == -1)) {
1700 return 0;
1701 }
1702 if (!config->winattr) {
1703 return 0;
1704 }
1705
1706 ret = gpfswrap_get_winattrs(fsp->fh->fd, &attrs);
1707 if (ret == 0) {
1708 sbuf->st_ex_calculated_birthtime = false;
1709 sbuf->st_ex_btime.tv_sec = attrs.creationTime.tv_sec;
1710 sbuf->st_ex_btime.tv_nsec = attrs.creationTime.tv_nsec;
1711 }
1712 return 0;
1713 }
1714
1715 static int vfs_gpfs_lstat(struct vfs_handle_struct *handle,
1716 struct smb_filename *smb_fname)
1717 {
1718 struct gpfs_winattr attrs;
1719 char *path = NULL;
1720 NTSTATUS status;
1721 int ret;
1722 struct gpfs_config_data *config;
1723
1724 SMB_VFS_HANDLE_GET_DATA(handle, config,
1725 struct gpfs_config_data,
1726 return -1);
1727
1728 ret = SMB_VFS_NEXT_LSTAT(handle, smb_fname);
1729 #if defined(HAVE_FSTATAT)
1730 if (ret == -1 && errno == EACCES) {
1731 DEBUG(10, ("Trying lstat with capability for %s\n",
1732 smb_fname->base_name));
1733 ret = stat_with_capability(handle, smb_fname,
1734 AT_SYMLINK_NOFOLLOW);
1735 }
1736 #endif
1737
1738 if (ret == -1) {
1739 return -1;
1740 }
1741 if (!config->winattr) {
1742 return 0;
1743 }
1744
1745 status = get_full_smb_filename(talloc_tos(), smb_fname, &path);
1746 if (!NT_STATUS_IS_OK(status)) {
1747 errno = map_errno_from_nt_status(status);
1748 return -1;
1749 }
1750 ret = gpfswrap_get_winattrs_path(discard_const_p(char, path), &attrs);
1751 TALLOC_FREE(path);
1752 if (ret == 0) {
1753 smb_fname->st.st_ex_calculated_birthtime = false;
1754 smb_fname->st.st_ex_btime.tv_sec = attrs.creationTime.tv_sec;
1755 smb_fname->st.st_ex_btime.tv_nsec = attrs.creationTime.tv_nsec;
1756 }
1757 return 0;
1758 }
1759
1760 static void timespec_to_gpfs_time(struct timespec ts, gpfs_timestruc_t *gt,
1761 int idx, int *flags)
1762 {
1763 if (!null_timespec(ts)) {
1764 *flags |= 1 << idx;
1765 gt[idx].tv_sec = ts.tv_sec;
1766 gt[idx].tv_nsec = ts.tv_nsec;
1767 DEBUG(10, ("Setting GPFS time %d, flags 0x%x\n", idx, *flags));
1768 }
1769 }
1770
1771 static int smbd_gpfs_set_times_path(char *path, struct smb_file_time *ft)
1772 {
1773 gpfs_timestruc_t gpfs_times[4];
1774 int flags = 0;
1775 int rc;
1776
1777 ZERO_ARRAY(gpfs_times);
1778 timespec_to_gpfs_time(ft->atime, gpfs_times, 0, &flags);
1779 timespec_to_gpfs_time(ft->mtime, gpfs_times, 1, &flags);
1780 /* No good mapping from LastChangeTime to ctime, not storing */
1781 timespec_to_gpfs_time(ft->create_time, gpfs_times, 3, &flags);
1782
1783 if (!flags) {
1784 DEBUG(10, ("nothing to do, return to avoid EINVAL\n"));
1785 return 0;
1786 }
1787
1788 rc = gpfswrap_set_times_path(path, flags, gpfs_times);
1789
1790 if (rc != 0 && errno != ENOSYS) {
1791 DEBUG(1,("gpfs_set_times() returned with error %s\n",
1792 strerror(errno)));
1793 }
1794
1795 return rc;
1796 }
1797
1798 static int vfs_gpfs_ntimes(struct vfs_handle_struct *handle,
1799 const struct smb_filename *smb_fname,
1800 struct smb_file_time *ft)
1801 {
1802
1803 struct gpfs_winattr attrs;
1804 int ret;
1805 char *path = NULL;
1806 NTSTATUS status;
1807 struct gpfs_config_data *config;
1808
1809 SMB_VFS_HANDLE_GET_DATA(handle, config,
1810 struct gpfs_config_data,
1811 return -1);
1812
1813 status = get_full_smb_filename(talloc_tos(), smb_fname, &path);
1814 if (!NT_STATUS_IS_OK(status)) {
1815 errno = map_errno_from_nt_status(status);
1816 return -1;
1817 }
1818
1819 /* Try to use gpfs_set_times if it is enabled and available */
1820 if (config->settimes) {
1821 ret = smbd_gpfs_set_times_path(path, ft);
1822
1823 if (ret == 0 || (ret == -1 && errno != ENOSYS)) {
1824 return ret;
1825 }
1826 }
1827
1828 DEBUG(10,("gpfs_set_times() not available or disabled, "
1829 "use ntimes and winattr\n"));
1830
1831 ret = SMB_VFS_NEXT_NTIMES(handle, smb_fname, ft);
1832 if(ret == -1){
1833 /* don't complain if access was denied */
1834 if (errno != EPERM && errno != EACCES) {
1835 DEBUG(1,("vfs_gpfs_ntimes: SMB_VFS_NEXT_NTIMES failed:"
1836 "%s", strerror(errno)));
1837 }
1838 return -1;
1839 }
1840
1841 if(null_timespec(ft->create_time)){
1842 DEBUG(10,("vfs_gpfs_ntimes:Create Time is NULL\n"));
1843 return 0;
1844 }
1845
1846 if (!config->winattr) {
1847 return 0;
1848 }
1849
1850 attrs.winAttrs = 0;
1851 attrs.creationTime.tv_sec = ft->create_time.tv_sec;
1852 attrs.creationTime.tv_nsec = ft->create_time.tv_nsec;
1853
1854 ret = gpfswrap_set_winattrs_path(discard_const_p(char, path),
1855 GPFS_WINATTR_SET_CREATION_TIME,
1856 &attrs);
1857 if(ret == -1 && errno != ENOSYS){
1858 DEBUG(1,("vfs_gpfs_ntimes: set GPFS ntimes failed %d\n",ret));
1859 return -1;
1860 }
1861 return 0;
1862
1863 }
1864
1865 static int vfs_gpfs_fallocate(struct vfs_handle_struct *handle,
1866 struct files_struct *fsp, uint32_t mode,
1867 off_t offset, off_t len)
1868 {
1869 int ret;
1870 struct gpfs_config_data *config;
1871
1872 SMB_VFS_HANDLE_GET_DATA(handle, config,
1873 struct gpfs_config_data,
1874 return -1);
1875
1876 if (!config->prealloc) {
1877 /* you should better not run fallocate() on GPFS at all */
1878 errno = ENOTSUP;
1879 return -1;
1880 }
1881
1882 if (mode != 0) {
1883 DEBUG(10, ("unmapped fallocate flags: %lx\n",
1884 (unsigned long)mode));
1885 errno = ENOTSUP;
1886 return -1;
1887 }
1888
1889 ret = gpfswrap_prealloc(fsp->fh->fd, offset, len);
1890
1891 if (ret == -1 && errno != ENOSYS) {
1892 DEBUG(0, ("GPFS prealloc failed: %s\n", strerror(errno)));
1893 } else if (ret == -1 && errno == ENOSYS) {
1894 DEBUG(10, ("GPFS prealloc not supported.\n"));
1895 } else {
1896 DEBUG(10, ("GPFS prealloc succeeded.\n"));
1897 }
1898
1899 return ret;
1900 }
1901
1902 static int vfs_gpfs_ftruncate(vfs_handle_struct *handle, files_struct *fsp,
1903 off_t len)
1904 {
1905 int result;
1906 struct gpfs_config_data *config;
1907
1908 SMB_VFS_HANDLE_GET_DATA(handle, config,
1909 struct gpfs_config_data,
1910 return -1);
1911
1912 if (!config->ftruncate) {
1913 return SMB_VFS_NEXT_FTRUNCATE(handle, fsp, len);
1914 }
1915
1916 result = gpfswrap_ftruncate(fsp->fh->fd, len);
1917 if ((result == -1) && (errno == ENOSYS)) {
1918 return SMB_VFS_NEXT_FTRUNCATE(handle, fsp, len);
1919 }
1920 return result;
1921 }
1922
1923 static bool vfs_gpfs_is_offline(struct vfs_handle_struct *handle,
1924 const struct smb_filename *fname,
1925 SMB_STRUCT_STAT *sbuf)
1926 {
1927 struct gpfs_winattr attrs;
1928 char *path = NULL;
1929 NTSTATUS status;
1930 struct gpfs_config_data *config;
1931 int ret;
1932
1933 SMB_VFS_HANDLE_GET_DATA(handle, config,
1934 struct gpfs_config_data,
1935 return -1);
1936
1937 if (!config->winattr) {
1938 return SMB_VFS_NEXT_IS_OFFLINE(handle, fname, sbuf);
1939 }
1940
1941 status = get_full_smb_filename(talloc_tos(), fname, &path);
1942 if (!NT_STATUS_IS_OK(status)) {
1943 errno = map_errno_from_nt_status(status);
1944 return -1;
1945 }
1946
1947 ret = gpfswrap_get_winattrs_path(path, &attrs);
1948 if (ret == -1) {
1949 TALLOC_FREE(path);
1950 return false;
1951 }
1952
1953 if ((attrs.winAttrs & GPFS_WINATTR_OFFLINE) != 0) {
1954 DEBUG(10, ("%s is offline\n", path));
1955 TALLOC_FREE(path);
1956 return true;
1957 }
1958 DEBUG(10, ("%s is online\n", path));
1959 TALLOC_FREE(path);
1960 return SMB_VFS_NEXT_IS_OFFLINE(handle, fname, sbuf);
1961 }
1962
1963 static bool vfs_gpfs_fsp_is_offline(struct vfs_handle_struct *handle,
1964 struct files_struct *fsp)
1965 {
1966 struct gpfs_fsp_extension *ext;
1967
1968 ext = VFS_FETCH_FSP_EXTENSION(handle, fsp);
1969 if (ext == NULL) {
1970 /*
1971 * Something bad happened, always ask.
1972 */
1973 return vfs_gpfs_is_offline(handle, fsp->fsp_name,
1974 &fsp->fsp_name->st);
1975 }
1976
1977 if (ext->offline) {
1978 /*
1979 * As long as it's offline, ask.
1980 */
1981 ext->offline = vfs_gpfs_is_offline(handle, fsp->fsp_name,
1982 &fsp->fsp_name->st);
1983 }
1984
1985 return ext->offline;
1986 }
1987
1988 static bool vfs_gpfs_aio_force(struct vfs_handle_struct *handle,
1989 struct files_struct *fsp)
1990 {
1991 return vfs_gpfs_fsp_is_offline(handle, fsp);
1992 }
1993
1994 static ssize_t vfs_gpfs_sendfile(vfs_handle_struct *handle, int tofd,
1995 files_struct *fsp, const DATA_BLOB *hdr,
1996 off_t offset, size_t n)
1997 {
1998 if (vfs_gpfs_fsp_is_offline(handle, fsp)) {
1999 errno = ENOSYS;
2000 return -1;
2001 }
2002 return SMB_VFS_NEXT_SENDFILE(handle, tofd, fsp, hdr, offset, n);
2003 }
2004
2005 static int vfs_gpfs_connect(struct vfs_handle_struct *handle,
2006 const char *service, const char *user)
2007 {
2008 struct gpfs_config_data *config;
2009 int ret;
2010
2011 gpfswrap_lib_init(0);
2012
2013 config = talloc_zero(handle->conn, struct gpfs_config_data);
2014 if (!config) {
2015 DEBUG(0, ("talloc_zero() failed\n"));
2016 errno = ENOMEM;
2017 return -1;
2018 }
2019
2020 ret = SMB_VFS_NEXT_CONNECT(handle, service, user);
2021 if (ret < 0) {
2022 TALLOC_FREE(config);
2023 return ret;
2024 }
2025
2026 config->sharemodes = lp_parm_bool(SNUM(handle->conn), "gpfs",
2027 "sharemodes", true);
2028
2029 config->leases = lp_parm_bool(SNUM(handle->conn), "gpfs",
2030 "leases", true);
2031
2032 config->hsm = lp_parm_bool(SNUM(handle->conn), "gpfs",
2033 "hsm", false);
2034
2035 config->syncio = lp_parm_bool(SNUM(handle->conn), "gpfs",
2036 "syncio", false);
2037
2038 config->winattr = lp_parm_bool(SNUM(handle->conn), "gpfs",
2039 "winattr", false);
2040
2041 config->ftruncate = lp_parm_bool(SNUM(handle->conn), "gpfs",
2042 "ftruncate", true);
2043
2044 config->getrealfilename = lp_parm_bool(SNUM(handle->conn), "gpfs",
2045 "getrealfilename", true);
2046
2047 config->dfreequota = lp_parm_bool(SNUM(handle->conn), "gpfs",
2048 "dfreequota", false);
2049
2050 config->prealloc = lp_parm_bool(SNUM(handle->conn), "gpfs",
2051 "prealloc", true);
2052
2053 config->acl = lp_parm_bool(SNUM(handle->conn), "gpfs", "acl", true);
2054
2055 config->settimes = lp_parm_bool(SNUM(handle->conn), "gpfs",
2056 "settimes", true);
2057 config->recalls = lp_parm_bool(SNUM(handle->conn), "gpfs",
2058 "recalls", true);
2059
2060 SMB_VFS_HANDLE_SET_DATA(handle, config,
2061 NULL, struct gpfs_config_data,
2062 return -1);
2063
2064 if (config->leases) {
2065 /*
2066 * GPFS lease code is based on kernel oplock code
2067 * so make sure it is turned on
2068 */
2069 if (!lp_kernel_oplocks(SNUM(handle->conn))) {
2070 DEBUG(5, ("Enabling kernel oplocks for "
2071 "gpfs:leases to work\n"));
2072 lp_do_parameter(SNUM(handle->conn), "kernel oplocks",
2073 "true");
2074 }
2075
2076 /*
2077 * as the kernel does not properly support Level II oplocks
2078 * and GPFS leases code is based on kernel infrastructure, we
2079 * need to turn off Level II oplocks if gpfs:leases is enabled
2080 */
2081 if (lp_level2_oplocks(SNUM(handle->conn))) {
2082 DEBUG(5, ("gpfs:leases are enabled, disabling "
2083 "Level II oplocks\n"));
2084 lp_do_parameter(SNUM(handle->conn), "level2 oplocks",
2085 "false");
2086 }
2087 }
2088
2089 return 0;
2090 }
2091
2092 static int get_gpfs_quota(const char *pathname, int type, int id,
2093 struct gpfs_quotaInfo *qi)
2094 {
2095 int ret;
2096
2097 ret = gpfswrap_quotactl(discard_const_p(char, pathname),
2098 GPFS_QCMD(Q_GETQUOTA, type), id, qi);
2099
2100 if (ret) {
2101 if (errno == GPFS_E_NO_QUOTA_INST) {
2102 DEBUG(10, ("Quotas disabled on GPFS filesystem.\n"));
2103 } else if (errno != ENOSYS) {
2104 DEBUG(0, ("Get quota failed, type %d, id, %d, "
2105 "errno %d.\n", type, id, errno));
2106 }
2107
2108 return ret;
2109 }
2110
2111 DEBUG(10, ("quota type %d, id %d, blk u:%lld h:%lld s:%lld gt:%u\n",
2112 type, id, qi->blockUsage, qi->blockHardLimit,
2113 qi->blockSoftLimit, qi->blockGraceTime));
2114
2115 return ret;
2116 }
2117
2118 static void vfs_gpfs_disk_free_quota(struct gpfs_quotaInfo qi, time_t cur_time,
2119 uint64_t *dfree, uint64_t *dsize)
2120 {
2121 uint64_t usage, limit;
2122
2123 /*
2124 * The quota reporting is done in units of 1024 byte blocks, but
2125 * sys_fsusage uses units of 512 byte blocks, adjust the block number
2126 * accordingly. Also filter possibly negative usage counts from gpfs.
2127 */
2128 usage = qi.blockUsage < 0 ? 0 : (uint64_t)qi.blockUsage * 2;
2129 limit = (uint64_t)qi.blockHardLimit * 2;
2130
2131 /*
2132 * When the grace time for the exceeded soft block quota has been
2133 * exceeded, the soft block quota becomes an additional hard limit.
2134 */
2135 if (qi.blockSoftLimit &&
2136 qi.blockGraceTime && cur_time > qi.blockGraceTime) {
2137 /* report disk as full */
2138 *dfree = 0;
2139 *dsize = MIN(*dsize, usage);
2140 }
2141
2142 if (!qi.blockHardLimit)
2143 return;
2144
2145 if (usage >= limit) {
2146 /* report disk as full */
2147 *dfree = 0;
2148 *dsize = MIN(*dsize, usage);
2149
2150 } else {
2151 /* limit has not been reached, determine "free space" */
2152 *dfree = MIN(*dfree, limit - usage);
2153 *dsize = MIN(*dsize, limit);
2154 }
2155 }
2156
2157 static uint64_t vfs_gpfs_disk_free(vfs_handle_struct *handle, const char *path,
2158 uint64_t *bsize,
2159 uint64_t *dfree, uint64_t *dsize)
2160 {
2161 struct security_unix_token *utok;
2162 struct gpfs_quotaInfo qi_user = { 0 }, qi_group = { 0 };
2163 struct gpfs_config_data *config;
2164 int err;
2165 time_t cur_time;
2166
2167 SMB_VFS_HANDLE_GET_DATA(handle, config, struct gpfs_config_data,
2168 return (uint64_t)-1);
2169 if (!config->dfreequota) {
2170 return SMB_VFS_NEXT_DISK_FREE(handle, path,
2171 bsize, dfree, dsize);
2172 }
2173
2174 err = sys_fsusage(path, dfree, dsize);
2175 if (err) {
2176 DEBUG (0, ("Could not get fs usage, errno %d\n", errno));
2177 return SMB_VFS_NEXT_DISK_FREE(handle, path,
2178 bsize, dfree, dsize);
2179 }
2180
2181 /* sys_fsusage returns units of 512 bytes */
2182 *bsize = 512;
2183
2184 DEBUG(10, ("fs dfree %llu, dsize %llu\n",
2185 (unsigned long long)*dfree, (unsigned long long)*dsize));
2186
2187 utok = handle->conn->session_info->unix_token;
2188
2189 err = get_gpfs_quota(path, GPFS_USRQUOTA, utok->uid, &qi_user);
2190 if (err) {
2191 return SMB_VFS_NEXT_DISK_FREE(handle, path,
2192 bsize, dfree, dsize);
2193 }
2194
2195 err = get_gpfs_quota(path, GPFS_GRPQUOTA, utok->gid, &qi_group);
2196 if (err) {
2197 return SMB_VFS_NEXT_DISK_FREE(handle, path,
2198 bsize, dfree, dsize);
2199 }
2200
2201 cur_time = time(NULL);
2202
2203 /* Adjust free space and size according to quota limits. */
2204 vfs_gpfs_disk_free_quota(qi_user, cur_time, dfree, dsize);
2205 vfs_gpfs_disk_free_quota(qi_group, cur_time, dfree, dsize);
2206
2207 return *dfree / 2;
2208 }
2209
2210 static int vfs_gpfs_get_quota(vfs_handle_struct *handle, const char *path,
2211 enum SMB_QUOTA_TYPE qtype, unid_t id,
2212 SMB_DISK_QUOTA *dq)
2213 {
2214 switch(qtype) {
2215 /*
2216 * User/group quota are being used for disk-free
2217 * determination, which in this module is done directly
2218 * by the disk-free function. It's important that this
2219 * module does not return wrong quota values by mistake,
2220 * which would modify the correct values set by disk-free.
2221 * User/group quota are also being used for processing
2222 * NT_TRANSACT_GET_USER_QUOTA in smb1 protocol, which is
2223 * currently not supported by this module.
2224 */
2225 case SMB_USER_QUOTA_TYPE:
2226 case SMB_GROUP_QUOTA_TYPE:
2227 errno = ENOSYS;
2228 return -1;
2229 default:
2230 return SMB_VFS_NEXT_GET_QUOTA(handle, path, qtype, id, dq);
2231 }
2232 }
2233
2234 static uint32_t vfs_gpfs_capabilities(struct vfs_handle_struct *handle,
2235 enum timestamp_set_resolution *p_ts_res)
2236 {
2237 struct gpfs_config_data *config;
2238 uint32_t next;
2239
2240 next = SMB_VFS_NEXT_FS_CAPABILITIES(handle, p_ts_res);
2241
2242 SMB_VFS_HANDLE_GET_DATA(handle, config,
2243 struct gpfs_config_data,
2244 return next);
2245
2246 if (config->hsm) {
2247 next |= FILE_SUPPORTS_REMOTE_STORAGE;
2248 }
2249 return next;
2250 }
2251
2252 static int vfs_gpfs_open(struct vfs_handle_struct *handle,
2253 struct smb_filename *smb_fname, files_struct *fsp,
2254 int flags, mode_t mode)
2255 {
2256 struct gpfs_config_data *config;
2257 int ret;
2258 struct gpfs_fsp_extension *ext;
2259
2260 SMB_VFS_HANDLE_GET_DATA(handle, config,
2261 struct gpfs_config_data,
2262 return -1);
2263
2264 if (config->hsm && !config->recalls &&
2265 vfs_gpfs_fsp_is_offline(handle, fsp)) {
2266 DEBUG(10, ("Refusing access to offline file %s\n",
2267 fsp_str_dbg(fsp)));
2268 errno = EACCES;
2269 return -1;
2270 }
2271
2272 if (config->syncio) {
2273 flags |= O_SYNC;
2274 }
2275
2276 ext = VFS_ADD_FSP_EXTENSION(handle, fsp, struct gpfs_fsp_extension,
2277 NULL);
2278 if (ext == NULL) {
2279 errno = ENOMEM;
2280 return -1;
2281 }
2282
2283 /*
2284 * Assume the file is offline until gpfs tells us it's online.
2285 */
2286 *ext = (struct gpfs_fsp_extension) { .offline = true };
2287
2288 ret = SMB_VFS_NEXT_OPEN(handle, smb_fname, fsp, flags, mode);
2289 if (ret == -1) {
2290 VFS_REMOVE_FSP_EXTENSION(handle, fsp);
2291 }
2292 return ret;
2293 }
2294
2295 static ssize_t vfs_gpfs_pread(vfs_handle_struct *handle, files_struct *fsp,
2296 void *data, size_t n, off_t offset)
2297 {
2298 ssize_t ret;
2299 bool was_offline;
2300
2301 was_offline = vfs_gpfs_fsp_is_offline(handle, fsp);
2302
2303 ret = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset);
2304
2305 if ((ret != -1) && was_offline) {
2306 notify_fname(handle->conn, NOTIFY_ACTION_MODIFIED,
2307 FILE_NOTIFY_CHANGE_ATTRIBUTES,
2308 fsp->fsp_name->base_name);
2309 }
2310
2311 return ret;
2312 }
2313
2314 struct vfs_gpfs_pread_state {
2315 struct files_struct *fsp;
2316 ssize_t ret;
2317 int err;
2318 bool was_offline;
2319 };
2320
2321 static void vfs_gpfs_pread_done(struct tevent_req *subreq);
2322
2323 static struct tevent_req *vfs_gpfs_pread_send(struct vfs_handle_struct *handle,
2324 TALLOC_CTX *mem_ctx,
2325 struct tevent_context *ev,
2326 struct files_struct *fsp,
2327 void *data, size_t n,
2328 off_t offset)
2329 {
2330 struct tevent_req *req, *subreq;
2331 struct vfs_gpfs_pread_state *state;
2332
2333 req = tevent_req_create(mem_ctx, &state, struct vfs_gpfs_pread_state);
2334 if (req == NULL) {
2335 return NULL;
2336 }
2337 state->was_offline = vfs_gpfs_fsp_is_offline(handle, fsp);
2338 state->fsp = fsp;
2339 subreq = SMB_VFS_NEXT_PREAD_SEND(state, ev, handle, fsp, data,
2340 n, offset);
2341 if (tevent_req_nomem(subreq, req)) {
2342 return tevent_req_post(req, ev);
2343 }
2344 tevent_req_set_callback(subreq, vfs_gpfs_pread_done, req);
2345 return req;
2346 }
2347
2348 static void vfs_gpfs_pread_done(struct tevent_req *subreq)
2349 {
2350 struct tevent_req *req = tevent_req_callback_data(
2351 subreq, struct tevent_req);
2352 struct vfs_gpfs_pread_state *state = tevent_req_data(
2353 req, struct vfs_gpfs_pread_state);
2354
2355 state->ret = SMB_VFS_PREAD_RECV(subreq, &state->err);
2356 TALLOC_FREE(subreq);
2357 tevent_req_done(req);
2358 }
2359
2360 static ssize_t vfs_gpfs_pread_recv(struct tevent_req *req, int *err)
2361 {
2362 struct vfs_gpfs_pread_state *state = tevent_req_data(
2363 req, struct vfs_gpfs_pread_state);
2364 struct files_struct *fsp = state->fsp;
2365
2366 if (tevent_req_is_unix_error(req, err)) {
2367 return -1;
2368 }
2369 *err = state->err;
2370
2371 if ((state->ret != -1) && state->was_offline) {
2372 DEBUG(10, ("sending notify\n"));
2373 notify_fname(fsp->conn, NOTIFY_ACTION_MODIFIED,
2374 FILE_NOTIFY_CHANGE_ATTRIBUTES,
2375 fsp->fsp_name->base_name);
2376 }
2377
2378 return state->ret;
2379 }
2380
2381 static ssize_t vfs_gpfs_pwrite(vfs_handle_struct *handle, files_struct *fsp,
2382 const void *data, size_t n, off_t offset)
2383 {
2384 ssize_t ret;
2385 bool was_offline;
2386
2387 was_offline = vfs_gpfs_fsp_is_offline(handle, fsp);
2388
2389 ret = SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset);
2390
2391 if ((ret != -1) && was_offline) {
2392 notify_fname(handle->conn, NOTIFY_ACTION_MODIFIED,
2393 FILE_NOTIFY_CHANGE_ATTRIBUTES,
2394 fsp->fsp_name->base_name);
2395 }
2396
2397 return ret;
2398 }
2399
2400 struct vfs_gpfs_pwrite_state {
2401 struct files_struct *fsp;
2402 ssize_t ret;
2403 int err;
2404 bool was_offline;
2405 };
2406
2407 static void vfs_gpfs_pwrite_done(struct tevent_req *subreq);
2408
2409 static struct tevent_req *vfs_gpfs_pwrite_send(
2410 struct vfs_handle_struct *handle,
2411 TALLOC_CTX *mem_ctx,
2412 struct tevent_context *ev,
2413 struct files_struct *fsp,
2414 const void *data, size_t n,
2415 off_t offset)
2416 {
2417 struct tevent_req *req, *subreq;
2418 struct vfs_gpfs_pwrite_state *state;
2419
2420 req = tevent_req_create(mem_ctx, &state, struct vfs_gpfs_pwrite_state);
2421 if (req == NULL) {
2422 return NULL;
2423 }
2424 state->was_offline = vfs_gpfs_fsp_is_offline(handle, fsp);
2425 state->fsp = fsp;
2426 subreq = SMB_VFS_NEXT_PWRITE_SEND(state, ev, handle, fsp, data,
2427 n, offset);
2428 if (tevent_req_nomem(subreq, req)) {
2429 return tevent_req_post(req, ev);
2430 }
2431 tevent_req_set_callback(subreq, vfs_gpfs_pwrite_done, req);
2432 return req;
2433 }
2434
2435 static void vfs_gpfs_pwrite_done(struct tevent_req *subreq)
2436 {
2437 struct tevent_req *req = tevent_req_callback_data(
2438 subreq, struct tevent_req);
2439 struct vfs_gpfs_pwrite_state *state = tevent_req_data(
2440 req, struct vfs_gpfs_pwrite_state);
2441
2442 state->ret = SMB_VFS_PWRITE_RECV(subreq, &state->err);
2443 TALLOC_FREE(subreq);
2444 tevent_req_done(req);
2445 }
2446
2447 static ssize_t vfs_gpfs_pwrite_recv(struct tevent_req *req, int *err)
2448 {
2449 struct vfs_gpfs_pwrite_state *state = tevent_req_data(
2450 req, struct vfs_gpfs_pwrite_state);
2451 struct files_struct *fsp = state->fsp;
2452
2453 if (tevent_req_is_unix_error(req, err)) {
2454 return -1;
2455 }
2456 *err = state->err;
2457
2458 if ((state->ret != -1) && state->was_offline) {
2459 DEBUG(10, ("sending notify\n"));
2460 notify_fname(fsp->conn, NOTIFY_ACTION_MODIFIED,
2461 FILE_NOTIFY_CHANGE_ATTRIBUTES,
2462 fsp->fsp_name->base_name);
2463 }
2464
2465 return state->ret;
2466 }
2467
2468
2469 static struct vfs_fn_pointers vfs_gpfs_fns = {
2470 .connect_fn = vfs_gpfs_connect,
2471 .disk_free_fn = vfs_gpfs_disk_free,
2472 .get_quota_fn = vfs_gpfs_get_quota,
2473 .fs_capabilities_fn = vfs_gpfs_capabilities,
2474 .kernel_flock_fn = vfs_gpfs_kernel_flock,
2475 .linux_setlease_fn = vfs_gpfs_setlease,
2476 .get_real_filename_fn = vfs_gpfs_get_real_filename,
2477 .fget_nt_acl_fn = gpfsacl_fget_nt_acl,
2478 .get_nt_acl_fn = gpfsacl_get_nt_acl,
2479 .fset_nt_acl_fn = gpfsacl_fset_nt_acl,
2480 .sys_acl_get_file_fn = gpfsacl_sys_acl_get_file,
2481 .sys_acl_get_fd_fn = gpfsacl_sys_acl_get_fd,
2482 .sys_acl_blob_get_file_fn = gpfsacl_sys_acl_blob_get_file,
2483 .sys_acl_blob_get_fd_fn = gpfsacl_sys_acl_blob_get_fd,
2484 .sys_acl_set_file_fn = gpfsacl_sys_acl_set_file,
2485 .sys_acl_set_fd_fn = gpfsacl_sys_acl_set_fd,
2486 .sys_acl_delete_def_file_fn = gpfsacl_sys_acl_delete_def_file,
2487 .chmod_fn = vfs_gpfs_chmod,
2488 .fchmod_fn = vfs_gpfs_fchmod,
2489 .close_fn = vfs_gpfs_close,
2490 .setxattr_fn = gpfs_set_xattr,
2491 .getxattr_fn = gpfs_get_xattr,
2492 .stat_fn = vfs_gpfs_stat,
2493 .fstat_fn = vfs_gpfs_fstat,
2494 .lstat_fn = vfs_gpfs_lstat,
2495 .ntimes_fn = vfs_gpfs_ntimes,
2496 .is_offline_fn = vfs_gpfs_is_offline,
2497 .aio_force_fn = vfs_gpfs_aio_force,
2498 .sendfile_fn = vfs_gpfs_sendfile,
2499 .fallocate_fn = vfs_gpfs_fallocate,
2500 .open_fn = vfs_gpfs_open,
2501 .pread_fn = vfs_gpfs_pread,
2502 .pread_send_fn = vfs_gpfs_pread_send,
2503 .pread_recv_fn = vfs_gpfs_pread_recv,
2504 .pwrite_fn = vfs_gpfs_pwrite,
2505 .pwrite_send_fn = vfs_gpfs_pwrite_send,
2506 .pwrite_recv_fn = vfs_gpfs_pwrite_recv,
2507 .ftruncate_fn = vfs_gpfs_ftruncate
2508 };
2509
2510 NTSTATUS vfs_gpfs_init(void);
2511 NTSTATUS vfs_gpfs_init(void)
2512 {
2513 int ret;
2514
2515 ret = gpfswrap_init();
2516 if (ret != 0) {
2517 DEBUG(1, ("Could not initialize GPFS library wrapper\n"));
2518 }
2519
2520 return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "gpfs",
2521 &vfs_gpfs_fns);
2522 }
Samba GIT mirror