source/modules/vfs_gpfs.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    Wrap gpfs calls in vfs functions.
   4
   5    Copyright (C) Christian Ambach <cambach1@de.ibm.com> 2006
   6
   7    Major code contributions by Chetan Shringarpure <chetan.sh@in.ibm.com>
   8                             and Gomati Mohanan <gomati.mohanan@in.ibm.com>
   9
  10    This program is free software; you can redistribute it and/or modify
  11    it under the terms of the GNU General Public License as published by
  12    the Free Software Foundation; either version 3 of the License, or
  13    (at your option) any later version.
  14
  15    This program is distributed in the hope that it will be useful,
  16    but WITHOUT ANY WARRANTY; without even the implied warranty of
  17    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  18    GNU General Public License for more details.
  19
  20    You should have received a copy of the GNU General Public License
  21    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  22 */
  23
  24 #include "includes.h"
  25
  26 #undef DBGC_CLASS
  27 #define DBGC_CLASS DBGC_VFS
  28
  29 #include <gpfs_gpl.h>
  30 #include "nfs4_acls.h"
  31 #include "vfs_gpfs.h"
  32
  33 static int vfs_gpfs_kernel_flock(vfs_handle_struct *handle, files_struct *fsp,
  34                                  uint32 share_mode)
  35 {
  36
  37         START_PROFILE(syscall_kernel_flock);
  38
  39         kernel_flock(fsp->fh->fd, share_mode);
  40
  41         if (!set_gpfs_sharemode(fsp, fsp->access_mask, fsp->share_access)) {
  42
  43                 return -1;
  44
  45         }
  46
  47         END_PROFILE(syscall_kernel_flock);
  48
  49         return 0;
  50 }
  51
  52 static int vfs_gpfs_setlease(vfs_handle_struct *handle, files_struct *fsp,
  53                              int leasetype)
  54 {
  55         int ret;
  56
  57         START_PROFILE(syscall_linux_setlease);
  58
  59         if ( linux_set_lease_sighandler(fsp->fh->fd) == -1)
  60                 return -1;
  61
  62         ret = set_gpfs_lease(fsp->fh->fd,leasetype);
  63
  64         if ( ret < 0 ) {
  65                 /* This must have come from GPFS not being available */
  66                 /* or some other error, hence call the default */
  67                 ret = linux_setlease(fsp->fh->fd, leasetype);
  68         }
  69
  70         END_PROFILE(syscall_linux_setlease);
  71
  72         return ret;
  73 }
  74
  75
  76
  77 static void gpfs_dumpacl(int level, struct gpfs_acl *gacl)
  78 {
  79         int     i;
  80         if (gacl==NULL)
  81         {
  82                 DEBUG(0, ("gpfs acl is NULL\n"));
  83                 return;
  84         }
  85
  86         DEBUG(level, ("gpfs acl: nace: %d, type:%d, version:%d, level:%d, len:%d\n",
  87                 gacl->acl_nace, gacl->acl_type, gacl->acl_version, gacl->acl_level, gacl->acl_len));
  88         for(i=0; i<gacl->acl_nace; i++)
  89         {
  90                 struct gpfs_ace_v4 *gace = gacl->ace_v4 + i;
  91                 DEBUG(level, ("\tace[%d]: type:%d, flags:0x%x, mask:0x%x, iflags:0x%x, who:%u\n",
  92                         i, gace->aceType, gace->aceFlags, gace->aceMask,
  93                         gace->aceIFlags, gace->aceWho));
  94         }
  95 }
  96
  97 static struct gpfs_acl *gpfs_getacl_alloc(const char *fname, gpfs_aclType_t type)
  98 {
  99         struct gpfs_acl *acl;
 100         size_t len = 200;
 101         int ret;
 102         TALLOC_CTX *mem_ctx = talloc_tos();
 103
 104         acl = (struct gpfs_acl *)TALLOC_SIZE(mem_ctx, len);
 105         if (acl == NULL) {
 106                 errno = ENOMEM;
 107                 return NULL;
 108         }
 109
 110         acl->acl_len = len;
 111         acl->acl_level = 0;
 112         acl->acl_version = 0;
 113         acl->acl_type = type;
 114
 115         ret = smbd_gpfs_getacl((char *)fname, GPFS_GETACL_STRUCT | GPFS_ACL_SAMBA, acl);
 116         if ((ret != 0) && (errno == ENOSPC)) {
 117                 struct gpfs_acl *new_acl = (struct gpfs_acl *)TALLOC_SIZE(
 118                         mem_ctx, acl->acl_len + sizeof(struct gpfs_acl));
 119                 if (new_acl == NULL) {
 120                         errno = ENOMEM;
 121                         return NULL;
 122                 }
 123
 124                 new_acl->acl_len = acl->acl_len;
 125                 new_acl->acl_level = acl->acl_level;
 126                 new_acl->acl_version = acl->acl_version;
 127                 new_acl->acl_type = acl->acl_type;
 128                 acl = new_acl;
 129
 130                 ret = smbd_gpfs_getacl((char *)fname, GPFS_GETACL_STRUCT | GPFS_ACL_SAMBA, acl);
 131         }
 132         if (ret != 0)
 133         {
 134                 DEBUG(8, ("smbd_gpfs_getacl failed with %s\n",strerror(errno)));
 135                 return NULL;
 136         }
 137
 138         return acl;
 139 }
 140
 141 /* Tries to get nfs4 acls and returns SMB ACL allocated.
 142  * On failure returns 1 if it got non-NFSv4 ACL to prompt
 143  * retry with POSIX ACL checks.
 144  * On failure returns -1 if there is system (GPFS) error, check errno.
 145  * Returns 0 on success
 146  */
 147 static int gpfs_get_nfs4_acl(const char *fname, SMB4ACL_T **ppacl)
 148 {
 149         int i;
 150         struct gpfs_acl *gacl = NULL;
 151         DEBUG(10, ("gpfs_get_nfs4_acl invoked for %s\n", fname));
 152
 153         /* First get the real acl length */
 154         gacl = gpfs_getacl_alloc(fname, 0);
 155         if (gacl == NULL) {
 156                 DEBUG(9, ("gpfs_getacl failed for %s with %s\n",
 157                            fname, strerror(errno)));
 158                 return -1;
 159         }
 160
 161         if (gacl->acl_type != GPFS_ACL_TYPE_NFS4) {
 162                 DEBUG(10, ("Got non-nfsv4 acl\n"));
 163                 /* Retry with POSIX ACLs check */
 164                 return 1;
 165         }
 166
 167         *ppacl = smb_create_smb4acl();
 168
 169         DEBUG(10, ("len: %d, level: %d, version: %d, nace: %d\n",
 170                    gacl->acl_len, gacl->acl_level, gacl->acl_version,
 171                    gacl->acl_nace));
 172
 173         for (i=0; i<gacl->acl_nace; i++) {
 174                 struct gpfs_ace_v4 *gace = &gacl->ace_v4[i];
 175                 SMB_ACE4PROP_T smbace;
 176                 DEBUG(10, ("type: %d, iflags: %x, flags: %x, mask: %x, "
 177                            "who: %d\n", gace->aceType, gace->aceIFlags,
 178                            gace->aceFlags, gace->aceMask, gace->aceWho));
 179
 180                 ZERO_STRUCT(smbace);
 181                 if (gace->aceIFlags & ACE4_IFLAG_SPECIAL_ID) {
 182                         smbace.flags |= SMB_ACE4_ID_SPECIAL;
 183                         switch (gace->aceWho) {
 184                         case ACE4_SPECIAL_OWNER:
 185                                 smbace.who.special_id = SMB_ACE4_WHO_OWNER;
 186                                 break;
 187                         case ACE4_SPECIAL_GROUP:
 188                                 smbace.who.special_id = SMB_ACE4_WHO_GROUP;
 189                                 break;
 190                         case ACE4_SPECIAL_EVERYONE:
 191                                 smbace.who.special_id = SMB_ACE4_WHO_EVERYONE;
 192                                 break;
 193                         default:
 194                                 DEBUG(8, ("invalid special gpfs id %d "
 195                                           "ignored\n", gace->aceWho));
 196                                 continue; /* don't add it */
 197                         }
 198                 } else {
 199                         if (gace->aceFlags & ACE4_FLAG_GROUP_ID)
 200                                 smbace.who.gid = gace->aceWho;
 201                         else
 202                                 smbace.who.uid = gace->aceWho;
 203                 }
 204
 205                 /* remove redundent deny entries */
 206                 if (i > 0 && gace->aceType == SMB_ACE4_ACCESS_DENIED_ACE_TYPE) {
 207                         struct gpfs_ace_v4 *prev = &gacl->ace_v4[i-1];
 208                         if (prev->aceType == SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE &&
 209                             prev->aceFlags == gace->aceFlags &&
 210                             prev->aceIFlags == gace->aceIFlags &&
 211                             (gace->aceMask & prev->aceMask) == 0 &&
 212                             gace->aceWho == prev->aceWho) {
 213                                 /* its redundent - skip it */
 214                                 continue;
 215                         }
 216                 }
 217
 218                 smbace.aceType = gace->aceType;
 219                 smbace.aceFlags = gace->aceFlags;
 220                 smbace.aceMask = gace->aceMask;
 221                 smb_add_ace4(*ppacl, &smbace);
 222         }
 223
 224         return 0;
 225 }
 226
 227 static NTSTATUS gpfsacl_fget_nt_acl(vfs_handle_struct *handle,
 228         files_struct *fsp, uint32 security_info,
 229         SEC_DESC **ppdesc)
 230 {
 231         SMB4ACL_T *pacl = NULL;
 232         int     result;
 233
 234         *ppdesc = NULL;
 235         result = gpfs_get_nfs4_acl(fsp->fsp_name, &pacl);
 236
 237         if (result == 0)
 238                 return smb_fget_nt_acl_nfs4(fsp, security_info, ppdesc, pacl);
 239
 240         if (result > 0) {
 241                 DEBUG(10, ("retrying with posix acl...\n"));
 242                 return posix_fget_nt_acl(fsp, security_info, ppdesc);
 243         }
 244
 245         /* GPFS ACL was not read, something wrong happened, error code is set in errno */
 246         return map_nt_error_from_unix(errno);
 247 }
 248
 249 static NTSTATUS gpfsacl_get_nt_acl(vfs_handle_struct *handle,
 250         const char *name,
 251         uint32 security_info, SEC_DESC **ppdesc)
 252 {
 253         SMB4ACL_T *pacl = NULL;
 254         int     result;
 255
 256         *ppdesc = NULL;
 257         result = gpfs_get_nfs4_acl(name, &pacl);
 258
 259         if (result == 0)
 260                 return smb_get_nt_acl_nfs4(handle->conn, name, security_info, ppdesc, pacl);
 261
 262         if (result > 0) {
 263                 DEBUG(10, ("retrying with posix acl...\n"));
 264                 return posix_get_nt_acl(handle->conn, name, security_info, ppdesc);
 265         }
 266
 267         /* GPFS ACL was not read, something wrong happened, error code is set in errno */
 268         return map_nt_error_from_unix(errno);
 269 }
 270
 271 static bool gpfsacl_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl)
 272 {
 273         int ret;
 274         gpfs_aclLen_t gacl_len;
 275         SMB4ACE_T       *smbace;
 276         struct gpfs_acl *gacl;
 277         TALLOC_CTX *mem_ctx  = talloc_tos();
 278
 279         gacl_len = sizeof(struct gpfs_acl) +
 280                 (smb_get_naces(smbacl)-1)*sizeof(gpfs_ace_v4_t);
 281
 282         gacl = TALLOC_SIZE(mem_ctx, gacl_len);
 283         if (gacl == NULL) {
 284                 DEBUG(0, ("talloc failed\n"));
 285                 errno = ENOMEM;
 286                 return False;
 287         }
 288
 289         gacl->acl_len = gacl_len;
 290         gacl->acl_level = 0;
 291         gacl->acl_version = GPFS_ACL_VERSION_NFS4;
 292         gacl->acl_type = GPFS_ACL_TYPE_NFS4;
 293         gacl->acl_nace = 0; /* change later... */
 294
 295         for (smbace=smb_first_ace4(smbacl); smbace!=NULL; smbace = smb_next_ace4(smbace)) {
 296                 struct gpfs_ace_v4 *gace = &gacl->ace_v4[gacl->acl_nace];
 297                 SMB_ACE4PROP_T  *aceprop = smb_get_ace4(smbace);
 298
 299                 gace->aceType = aceprop->aceType;
 300                 gace->aceFlags = aceprop->aceFlags;
 301                 gace->aceMask = aceprop->aceMask;
 302
 303                 /*
 304                  * GPFS can't distinguish between WRITE and APPEND on
 305                  * files, so one being set without the other is an
 306                  * error. Sorry for the many ()'s :-)
 307                  */
 308
 309                 if (!fsp->is_directory
 310                     &&
 311                     ((((gace->aceMask & ACE4_MASK_WRITE) == 0)
 312                       && ((gace->aceMask & ACE4_MASK_APPEND) != 0))
 313                      ||
 314                      (((gace->aceMask & ACE4_MASK_WRITE) != 0)
 315                       && ((gace->aceMask & ACE4_MASK_APPEND) == 0)))
 316                     &&
 317                     lp_parm_bool(fsp->conn->params->service, "gpfs",
 318                                  "merge_writeappend", True)) {
 319                         DEBUG(2, ("vfs_gpfs.c: file [%s]: ACE contains "
 320                                   "WRITE^APPEND, setting WRITE|APPEND\n",
 321                                   fsp->fsp_name));
 322                         gace->aceMask |= ACE4_MASK_WRITE|ACE4_MASK_APPEND;
 323                 }
 324
 325                 gace->aceIFlags = (aceprop->flags&SMB_ACE4_ID_SPECIAL) ? ACE4_IFLAG_SPECIAL_ID : 0;
 326
 327                 if (aceprop->flags&SMB_ACE4_ID_SPECIAL)
 328                 {
 329                         switch(aceprop->who.special_id)
 330                         {
 331                         case SMB_ACE4_WHO_EVERYONE:
 332                                 gace->aceWho = ACE4_SPECIAL_EVERYONE;
 333                                 break;
 334                         case SMB_ACE4_WHO_OWNER:
 335                                 gace->aceWho = ACE4_SPECIAL_OWNER;
 336                                 break;
 337                         case SMB_ACE4_WHO_GROUP:
 338                                 gace->aceWho = ACE4_SPECIAL_GROUP;
 339                                 break;
 340                         default:
 341                                 DEBUG(8, ("unsupported special_id %d\n", aceprop->who.special_id));
 342                                 continue; /* don't add it !!! */
 343                         }
 344                 } else {
 345                         /* just only for the type safety... */
 346                         if (aceprop->aceFlags&SMB_ACE4_IDENTIFIER_GROUP)
 347                                 gace->aceWho = aceprop->who.gid;
 348                         else
 349                                 gace->aceWho = aceprop->who.uid;
 350                 }
 351
 352                 gacl->acl_nace++;
 353         }
 354
 355         ret = smbd_gpfs_putacl(fsp->fsp_name, GPFS_PUTACL_STRUCT | GPFS_ACL_SAMBA, gacl);
 356         if (ret != 0) {
 357                 DEBUG(8, ("gpfs_putacl failed with %s\n", strerror(errno)));
 358                 gpfs_dumpacl(8, gacl);
 359                 return False;
 360         }
 361
 362         DEBUG(10, ("gpfs_putacl succeeded\n"));
 363         return True;
 364 }
 365
 366 static NTSTATUS gpfsacl_set_nt_acl_internal(files_struct *fsp, uint32 security_info_sent, const SEC_DESC *psd)
 367 {
 368         struct gpfs_acl *acl;
 369         NTSTATUS result = NT_STATUS_ACCESS_DENIED;
 370
 371         acl = gpfs_getacl_alloc(fsp->fsp_name, 0);
 372         if (acl == NULL)
 373                 return result;
 374
 375         if (acl->acl_version&GPFS_ACL_VERSION_NFS4)
 376         {
 377                 result = smb_set_nt_acl_nfs4(
 378                         fsp, security_info_sent, psd,
 379                         gpfsacl_process_smbacl);
 380         } else { /* assume POSIX ACL - by default... */
 381                 result = set_nt_acl(fsp, security_info_sent, psd);
 382         }
 383
 384         return result;
 385 }
 386
 387 static NTSTATUS gpfsacl_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, const SEC_DESC *psd)
 388 {
 389         return gpfsacl_set_nt_acl_internal(fsp, security_info_sent, psd);
 390 }
 391
 392 static SMB_ACL_T gpfs2smb_acl(const struct gpfs_acl *pacl)
 393 {
 394         SMB_ACL_T result;
 395         int i;
 396
 397         result = sys_acl_init(pacl->acl_nace);
 398         if (result == NULL) {
 399                 errno = ENOMEM;
 400                 return NULL;
 401         }
 402
 403         result->count = pacl->acl_nace;
 404
 405         for (i=0; i<pacl->acl_nace; i++) {
 406                 struct smb_acl_entry *ace = &result->acl[i];
 407                 const struct gpfs_ace_v1 *g_ace = &pacl->ace_v1[i];
 408
 409                 DEBUG(10, ("Converting type %d id %lu perm %x\n",
 410                            (int)g_ace->ace_type, (unsigned long)g_ace->ace_who,
 411                            (int)g_ace->ace_perm));
 412
 413                 switch (g_ace->ace_type) {
 414                 case GPFS_ACL_USER:
 415                         ace->a_type = SMB_ACL_USER;
 416                         ace->uid = (uid_t)g_ace->ace_who;
 417                         break;
 418                 case GPFS_ACL_USER_OBJ:
 419                         ace->a_type = SMB_ACL_USER_OBJ;
 420                         break;
 421                 case GPFS_ACL_GROUP:
 422                         ace->a_type = SMB_ACL_GROUP;
 423                         ace->gid = (gid_t)g_ace->ace_who;
 424                         break;
 425                 case GPFS_ACL_GROUP_OBJ:
 426                         ace->a_type = SMB_ACL_GROUP_OBJ;
 427                         break;
 428                 case GPFS_ACL_OTHER:
 429                         ace->a_type = SMB_ACL_OTHER;
 430                         break;
 431                 case GPFS_ACL_MASK:
 432                         ace->a_type = SMB_ACL_MASK;
 433                         break;
 434                 default:
 435                         DEBUG(10, ("Got invalid ace_type: %d\n",
 436                                    g_ace->ace_type));
 437                         errno = EINVAL;
 438                         SAFE_FREE(result);
 439                         return NULL;
 440                 }
 441
 442                 ace->a_perm = 0;
 443                 ace->a_perm |= (g_ace->ace_perm & ACL_PERM_READ) ?
 444                         SMB_ACL_READ : 0;
 445                 ace->a_perm |= (g_ace->ace_perm & ACL_PERM_WRITE) ?
 446                         SMB_ACL_WRITE : 0;
 447                 ace->a_perm |= (g_ace->ace_perm & ACL_PERM_EXECUTE) ?
 448                         SMB_ACL_EXECUTE : 0;
 449
 450                 DEBUGADD(10, ("Converted to %d perm %x\n",
 451                               ace->a_type, ace->a_perm));
 452         }
 453
 454         return result;
 455 }
 456
 457 static SMB_ACL_T gpfsacl_get_posix_acl(const char *path, gpfs_aclType_t type)
 458 {
 459         struct gpfs_acl *pacl;
 460         SMB_ACL_T result = NULL;
 461
 462         pacl = gpfs_getacl_alloc(path, type);
 463
 464         if (pacl == NULL) {
 465                 DEBUG(10, ("gpfs_getacl failed for %s with %s\n",
 466                            path, strerror(errno)));
 467                 if (errno == 0) {
 468                         errno = EINVAL;
 469                 }
 470                 goto done;
 471         }
 472
 473         if (pacl->acl_version != GPFS_ACL_VERSION_POSIX) {
 474                 DEBUG(10, ("Got acl version %d, expected %d\n",
 475                            pacl->acl_version, GPFS_ACL_VERSION_POSIX));
 476                 errno = EINVAL;
 477                 goto done;
 478         }
 479
 480         DEBUG(10, ("len: %d, level: %d, version: %d, nace: %d\n",
 481                    pacl->acl_len, pacl->acl_level, pacl->acl_version,
 482                    pacl->acl_nace));
 483
 484         result = gpfs2smb_acl(pacl);
 485         if (result == NULL) {
 486                 goto done;
 487         }
 488
 489  done:
 490
 491         if (errno != 0) {
 492                 SAFE_FREE(result);
 493         }
 494         return result;
 495 }
 496
 497 SMB_ACL_T gpfsacl_sys_acl_get_file(vfs_handle_struct *handle,
 498                                     const char *path_p,
 499                                     SMB_ACL_TYPE_T type)
 500 {
 501         gpfs_aclType_t gpfs_type;
 502
 503         switch(type) {
 504         case SMB_ACL_TYPE_ACCESS:
 505                 gpfs_type = GPFS_ACL_TYPE_ACCESS;
 506                 break;
 507         case SMB_ACL_TYPE_DEFAULT:
 508                 gpfs_type = GPFS_ACL_TYPE_DEFAULT;
 509                 break;
 510         default:
 511                 DEBUG(0, ("Got invalid type: %d\n", type));
 512                 smb_panic("exiting");
 513         }
 514
 515         return gpfsacl_get_posix_acl(path_p, gpfs_type);
 516 }
 517
 518 SMB_ACL_T gpfsacl_sys_acl_get_fd(vfs_handle_struct *handle,
 519                                  files_struct *fsp)
 520 {
 521         return gpfsacl_get_posix_acl(fsp->fsp_name, GPFS_ACL_TYPE_ACCESS);
 522 }
 523
 524 static struct gpfs_acl *smb2gpfs_acl(const SMB_ACL_T pacl,
 525                                      SMB_ACL_TYPE_T type)
 526 {
 527         gpfs_aclLen_t len;
 528         struct gpfs_acl *result;
 529         int i;
 530         union gpfs_ace_union
 531         {
 532                 gpfs_ace_v1_t  ace_v1[1]; /* when GPFS_ACL_VERSION_POSIX */
 533                 gpfs_ace_v4_t  ace_v4[1]; /* when GPFS_ACL_VERSION_NFS4  */
 534         };
 535
 536         DEBUG(10, ("smb2gpfs_acl: Got ACL with %d entries\n", pacl->count));
 537
 538         len = sizeof(struct gpfs_acl) - sizeof(union gpfs_ace_union) +
 539                 (pacl->count)*sizeof(gpfs_ace_v1_t);
 540
 541         result = SMB_MALLOC(len);
 542         if (result == NULL) {
 543                 errno = ENOMEM;
 544                 return result;
 545         }
 546
 547         result->acl_len = len;
 548         result->acl_level = 0;
 549         result->acl_version = GPFS_ACL_VERSION_POSIX;
 550         result->acl_type = (type == SMB_ACL_TYPE_DEFAULT) ?
 551                 GPFS_ACL_TYPE_DEFAULT : GPFS_ACL_TYPE_ACCESS;
 552         result->acl_nace = pacl->count;
 553
 554         for (i=0; i<pacl->count; i++) {
 555                 const struct smb_acl_entry *ace = &pacl->acl[i];
 556                 struct gpfs_ace_v1 *g_ace = &result->ace_v1[i];
 557
 558                 DEBUG(10, ("Converting type %d perm %x\n",
 559                            (int)ace->a_type, (int)ace->a_perm));
 560
 561                 g_ace->ace_perm = 0;
 562
 563                 switch(ace->a_type) {
 564                 case SMB_ACL_USER:
 565                         g_ace->ace_type = GPFS_ACL_USER;
 566                         g_ace->ace_who = (gpfs_uid_t)ace->uid;
 567                         break;
 568                 case SMB_ACL_USER_OBJ:
 569                         g_ace->ace_type = GPFS_ACL_USER_OBJ;
 570                         g_ace->ace_perm |= ACL_PERM_CONTROL;
 571                         g_ace->ace_who = 0;
 572                         break;
 573                 case SMB_ACL_GROUP:
 574                         g_ace->ace_type = GPFS_ACL_GROUP;
 575                         g_ace->ace_who = (gpfs_uid_t)ace->gid;
 576                         break;
 577                 case SMB_ACL_GROUP_OBJ:
 578                         g_ace->ace_type = GPFS_ACL_GROUP_OBJ;
 579                         g_ace->ace_who = 0;
 580                         break;
 581                 case SMB_ACL_MASK:
 582                         g_ace->ace_type = GPFS_ACL_MASK;
 583                         g_ace->ace_perm = 0x8f;
 584                         g_ace->ace_who = 0;
 585                         break;
 586                 case SMB_ACL_OTHER:
 587                         g_ace->ace_type = GPFS_ACL_OTHER;
 588                         g_ace->ace_who = 0;
 589                         break;
 590                 default:
 591                         DEBUG(10, ("Got invalid ace_type: %d\n", ace->a_type));
 592                         errno = EINVAL;
 593                         SAFE_FREE(result);
 594                         return NULL;
 595                 }
 596
 597                 g_ace->ace_perm |= (ace->a_perm & SMB_ACL_READ) ?
 598                         ACL_PERM_READ : 0;
 599                 g_ace->ace_perm |= (ace->a_perm & SMB_ACL_WRITE) ?
 600                         ACL_PERM_WRITE : 0;
 601                 g_ace->ace_perm |= (ace->a_perm & SMB_ACL_EXECUTE) ?
 602                         ACL_PERM_EXECUTE : 0;
 603
 604                 DEBUGADD(10, ("Converted to %d id %d perm %x\n",
 605                               g_ace->ace_type, g_ace->ace_who, g_ace->ace_perm));
 606         }
 607
 608         return result;
 609 }
 610
 611 int gpfsacl_sys_acl_set_file(vfs_handle_struct *handle,
 612                               const char *name,
 613                               SMB_ACL_TYPE_T type,
 614                               SMB_ACL_T theacl)
 615 {
 616         struct gpfs_acl *gpfs_acl;
 617         int result;
 618
 619         gpfs_acl = smb2gpfs_acl(theacl, type);
 620         if (gpfs_acl == NULL) {
 621                 return -1;
 622         }
 623
 624         result = smbd_gpfs_putacl((char *)name, GPFS_PUTACL_STRUCT | GPFS_ACL_SAMBA, gpfs_acl);
 625
 626         SAFE_FREE(gpfs_acl);
 627         return result;
 628 }
 629
 630 int gpfsacl_sys_acl_set_fd(vfs_handle_struct *handle,
 631                             files_struct *fsp,
 632                             SMB_ACL_T theacl)
 633 {
 634         return gpfsacl_sys_acl_set_file(handle, fsp->fsp_name, SMB_ACL_TYPE_ACCESS, theacl);
 635 }
 636
 637 int gpfsacl_sys_acl_delete_def_file(vfs_handle_struct *handle,
 638                                      const char *path)
 639 {
 640         errno = ENOTSUP;
 641         return -1;
 642 }
 643
 644 /*
 645  * Assumed: mode bits are shiftable and standard
 646  * Output: the new aceMask field for an smb nfs4 ace
 647  */
 648 static uint32 gpfsacl_mask_filter(uint32 aceType, uint32 aceMask, uint32 rwx)
 649 {
 650         const uint32 posix_nfs4map[3] = {
 651                 SMB_ACE4_EXECUTE, /* execute */
 652                 SMB_ACE4_WRITE_DATA | SMB_ACE4_APPEND_DATA, /* write; GPFS specific */
 653                 SMB_ACE4_READ_DATA /* read */
 654         };
 655         int     i;
 656         uint32_t        posix_mask = 0x01;
 657         uint32_t        posix_bit;
 658         uint32_t        nfs4_bits;
 659
 660         for(i=0; i<3; i++) {
 661                 nfs4_bits = posix_nfs4map[i];
 662                 posix_bit = rwx & posix_mask;
 663
 664                 if (aceType==SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE) {
 665                         if (posix_bit)
 666                                 aceMask |= nfs4_bits;
 667                         else
 668                                 aceMask &= ~nfs4_bits;
 669                 } else {
 670                         /* add deny bits when suitable */
 671                         if (!posix_bit)
 672                                 aceMask |= nfs4_bits;
 673                         else
 674                                 aceMask &= ~nfs4_bits;
 675                 } /* other ace types are unexpected */
 676
 677                 posix_mask <<= 1;
 678         }
 679
 680         return aceMask;
 681 }
 682
 683 static int gpfsacl_emu_chmod(const char *path, mode_t mode)
 684 {
 685         SMB4ACL_T *pacl = NULL;
 686         int     result;
 687         bool    haveAllowEntry[SMB_ACE4_WHO_EVERYONE + 1] = {False, False, False, False};
 688         int     i;
 689         files_struct    fake_fsp; /* TODO: rationalize parametrization */
 690         SMB4ACE_T       *smbace;
 691
 692         DEBUG(10, ("gpfsacl_emu_chmod invoked for %s mode %o\n", path, mode));
 693
 694         result = gpfs_get_nfs4_acl(path, &pacl);
 695         if (result)
 696                 return result;
 697
 698         if (mode & ~(S_IRWXU | S_IRWXG | S_IRWXO)) {
 699                 DEBUG(2, ("WARNING: cutting extra mode bits %o on %s\n", mode, path));
 700         }
 701
 702         for (smbace=smb_first_ace4(pacl); smbace!=NULL; smbace = smb_next_ace4(smbace)) {
 703                 SMB_ACE4PROP_T  *ace = smb_get_ace4(smbace);
 704                 uint32_t        specid = ace->who.special_id;
 705
 706                 if (ace->flags&SMB_ACE4_ID_SPECIAL &&
 707                     ace->aceType<=SMB_ACE4_ACCESS_DENIED_ACE_TYPE &&
 708                     specid <= SMB_ACE4_WHO_EVERYONE) {
 709
 710                         uint32_t newMask;
 711
 712                         if (ace->aceType==SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE)
 713                                 haveAllowEntry[specid] = True;
 714
 715                         /* mode >> 6 for @owner, mode >> 3 for @group,
 716                          * mode >> 0 for @everyone */
 717                         newMask = gpfsacl_mask_filter(ace->aceType, ace->aceMask,
 718                                                       mode >> ((SMB_ACE4_WHO_EVERYONE - specid) * 3));
 719                         if (ace->aceMask!=newMask) {
 720                                 DEBUG(10, ("ace changed for %s (%o -> %o) id=%d\n",
 721                                            path, ace->aceMask, newMask, specid));
 722                         }
 723                         ace->aceMask = newMask;
 724                 }
 725         }
 726
 727         /* make sure we have at least ALLOW entries
 728          * for all the 3 special ids (@EVERYONE, @OWNER, @GROUP)
 729          * - if necessary
 730          */
 731         for(i = SMB_ACE4_WHO_OWNER; i<=SMB_ACE4_WHO_EVERYONE; i++) {
 732                 SMB_ACE4PROP_T  ace;
 733
 734                 if (haveAllowEntry[i]==True)
 735                         continue;
 736
 737                 ZERO_STRUCT(ace);
 738                 ace.aceType = SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE;
 739                 ace.flags |= SMB_ACE4_ID_SPECIAL;
 740                 ace.who.special_id = i;
 741
 742                 if (i==SMB_ACE4_WHO_GROUP) /* not sure it's necessary... */
 743                         ace.aceFlags |= SMB_ACE4_IDENTIFIER_GROUP;
 744
 745                 ace.aceMask = gpfsacl_mask_filter(ace.aceType, ace.aceMask,
 746                                                   mode >> ((SMB_ACE4_WHO_EVERYONE - i) * 3));
 747
 748                 /* don't add unnecessary aces */
 749                 if (!ace.aceMask)
 750                         continue;
 751
 752                 /* we add it to the END - as windows expects allow aces */
 753                 smb_add_ace4(pacl, &ace);
 754                 DEBUG(10, ("Added ALLOW ace for %s, mode=%o, id=%d, aceMask=%x\n",
 755                            path, mode, i, ace.aceMask));
 756         }
 757
 758         /* don't add complementary DENY ACEs here */
 759         ZERO_STRUCT(fake_fsp);
 760         fake_fsp.fsp_name = (char *)path; /* no file_new is needed here */
 761
 762         /* put the acl */
 763         if (gpfsacl_process_smbacl(&fake_fsp, pacl) == False)
 764                 return -1;
 765         return 0; /* ok for [f]chmod */
 766 }
 767
 768 static int vfs_gpfs_chmod(vfs_handle_struct *handle, const char *path, mode_t mode)
 769 {
 770                  SMB_STRUCT_STAT st;
 771                  int rc;
 772
 773                  if (SMB_VFS_NEXT_STAT(handle, path, &st) != 0) {
 774                          return -1;
 775                  }
 776
 777                  /* avoid chmod() if possible, to preserve acls */
 778                  if ((st.st_mode & ~S_IFMT) == mode) {
 779                          return 0;
 780                  }
 781
 782                  rc = gpfsacl_emu_chmod(path, mode);
 783                  if (rc == 1)
 784                          return SMB_VFS_NEXT_CHMOD(handle, path, mode);
 785                  return rc;
 786 }
 787
 788 static int vfs_gpfs_fchmod(vfs_handle_struct *handle, files_struct *fsp, mode_t mode)
 789 {
 790                  SMB_STRUCT_STAT st;
 791                  int rc;
 792
 793                  if (SMB_VFS_NEXT_FSTAT(handle, fsp, &st) != 0) {
 794                          return -1;
 795                  }
 796
 797                  /* avoid chmod() if possible, to preserve acls */
 798                  if ((st.st_mode & ~S_IFMT) == mode) {
 799                          return 0;
 800                  }
 801
 802                  rc = gpfsacl_emu_chmod(fsp->fsp_name, mode);
 803                  if (rc == 1)
 804                          return SMB_VFS_NEXT_FCHMOD(handle, fsp, mode);
 805                  return rc;
 806 }
 807
 808 /* VFS operations structure */
 809
 810 static vfs_op_tuple gpfs_op_tuples[] = {
 811
 812         { SMB_VFS_OP(vfs_gpfs_kernel_flock),
 813           SMB_VFS_OP_KERNEL_FLOCK,
 814           SMB_VFS_LAYER_OPAQUE },
 815
 816         { SMB_VFS_OP(vfs_gpfs_setlease),
 817           SMB_VFS_OP_LINUX_SETLEASE,
 818           SMB_VFS_LAYER_OPAQUE },
 819
 820         { SMB_VFS_OP(gpfsacl_fget_nt_acl),
 821           SMB_VFS_OP_FGET_NT_ACL,
 822           SMB_VFS_LAYER_TRANSPARENT },
 823
 824         { SMB_VFS_OP(gpfsacl_get_nt_acl),
 825           SMB_VFS_OP_GET_NT_ACL,
 826           SMB_VFS_LAYER_TRANSPARENT },
 827
 828         { SMB_VFS_OP(gpfsacl_fset_nt_acl),
 829           SMB_VFS_OP_FSET_NT_ACL,
 830           SMB_VFS_LAYER_TRANSPARENT },
 831
 832         { SMB_VFS_OP(gpfsacl_sys_acl_get_file),
 833           SMB_VFS_OP_SYS_ACL_GET_FILE,
 834           SMB_VFS_LAYER_TRANSPARENT },
 835
 836         { SMB_VFS_OP(gpfsacl_sys_acl_get_fd),
 837           SMB_VFS_OP_SYS_ACL_GET_FD,
 838           SMB_VFS_LAYER_TRANSPARENT },
 839
 840         { SMB_VFS_OP(gpfsacl_sys_acl_set_file),
 841           SMB_VFS_OP_SYS_ACL_SET_FILE,
 842           SMB_VFS_LAYER_TRANSPARENT },
 843
 844         { SMB_VFS_OP(gpfsacl_sys_acl_set_fd),
 845           SMB_VFS_OP_SYS_ACL_SET_FD,
 846           SMB_VFS_LAYER_TRANSPARENT },
 847
 848         { SMB_VFS_OP(gpfsacl_sys_acl_delete_def_file),
 849           SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE,
 850           SMB_VFS_LAYER_TRANSPARENT },
 851
 852         { SMB_VFS_OP(vfs_gpfs_chmod),
 853           SMB_VFS_OP_CHMOD,
 854           SMB_VFS_LAYER_TRANSPARENT },
 855
 856         { SMB_VFS_OP(vfs_gpfs_fchmod),
 857           SMB_VFS_OP_FCHMOD,
 858           SMB_VFS_LAYER_TRANSPARENT },
 859
 860         { SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP }
 861
 862 };
 863
 864
 865 NTSTATUS vfs_gpfs_init(void);
 866 NTSTATUS vfs_gpfs_init(void)
 867 {
 868         init_gpfs();
 869
 870         return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "gpfs",
 871                                 gpfs_op_tuples);
 872 }