s3: Add the OneFS SMB_VFS_CREATE_FILE implementation

This is the first pass at extending the onefs vfs module to support the CIFS-specific enhancements available on OneFS. Most of this patch is massaging the sama open path to work with ifs_createfile. ifs_createfile is a CIFS-specific syscall for opening/files and directories. It adds support for: - Full in-kernel access checks using a windows access_mask - Cluster-coherent share mode locks - Cluster-coherent oplocks - Streams - Setting security descriptors at create time - Setting dos_attributes at create time This patch does not implement the samba side of the streams support or oplocks support. Tests that expect oplocks to be granted or streams to be supported will fail. This will be remedied in upcoming patches.
author: Tim Prouty <tprouty@samba.org> 2008-12-08 16:57:58 -0800
committer: Tim Prouty <tprouty@samba.org> 2008-12-09 14:51:48 -0800
commit: e0711ffa526e22e3ffe483319ce5d7725d578647 (patch)
tree: 7e5bac5563758ff614b8c45c33ee0f1e8467fbca /source3/modules/onefs_acl.c
parent: 51e7f79b3b4ae0fa830ac176df5ba8229e14f32d (diff)
download: samba-e0711ffa526e22e3ffe483319ce5d7725d578647.tar.gz
samba-e0711ffa526e22e3ffe483319ce5d7725d578647.tar.bz2
samba-e0711ffa526e22e3ffe483319ce5d7725d578647.zip
1 files changed, 81 insertions, 38 deletions
diff --git a/source3/modules/onefs_acl.c b/source3/modules/onefs_acl.c
index 3a692c95ab..5351118a87 100644
--- a/source3/modules/onefs_acl.c
+++ b/source3/modules/onefs_acl.c
@@ -19,20 +19,23 @@
  * along with this program; if not, see <http://www.gnu.org/licenses/>.
  */
 
-#include "includes.h"
+#include "onefs.h"
 
-#include <sys/isi_acl.h>
 #include <isi_acl/isi_acl_util.h>
-#include <sys/isi_oplock.h>
 #include <ifs/ifs_syscalls.h>
 
-#include "onefs.h"
+const struct enum_list enum_onefs_acl_wire_format[] = {
+	{ACL_FORMAT_RAW,  "No Format"},
+	{ACL_FORMAT_WINDOWS_SD, "Format Windows SD"},
+	{ACL_FORMAT_ALWAYS, "Always Format SD"},
+	{-1, NULL}
+};
 
 /**
  * Turn SID into UID/GID and setup a struct ifs_identity
  */
 static bool
-onefs_sid_to_identity(DOM_SID *sid, struct ifs_identity *id, bool is_group)
+onefs_sid_to_identity(const DOM_SID *sid, struct ifs_identity *id, bool is_group)
 {
 	enum ifs_identity_type type = IFS_ID_TYPE_LAST+1;
 	uid_t uid = 0;
@@ -514,15 +517,22 @@ onefs_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
 		if (security_info & SACL_SECURITY_INFORMATION)
 			desired_access |= IFS_RTS_SACL_ACCESS;
 
-		if ((fsp->fh->fd = ifs_createfile(-1,
-						  fsp->fsp_name,
-						  desired_access,
-						  0, 0,
-						  OPLOCK_NONE,
-						  0, NULL, 0,
-						  NULL, 0, NULL)) == -1) {
-			DEBUG(0, ("Error opening file %s. errno=%d\n",
-			    fsp->fsp_name, errno));
+		if ((fsp->fh->fd = onefs_sys_create_file(handle->conn,
+							 -1,
+							 fsp->fsp_name,
+							 desired_access,
+							 desired_access,
+							 0,
+							 0,
+							 0,
+							 0,
+							 INTERNAL_OPEN_ONLY,
+							 0,
+							 NULL,
+							 0,
+							 NULL)) == -1) {
+			DEBUG(0, ("Error opening file %s. errno=%d (%s)\n",
+				  fsp->fsp_name, errno, strerror(errno)));
 			status = map_nt_error_from_unix(errno);
 			goto out;
 		}
@@ -679,22 +689,18 @@ onefs_get_nt_acl(vfs_handle_struct *handle, const char* name,
 }
 
 /**
- * Isilon-specific function for setting an NTFS ACL on an open file.
+ * Isilon-specific function for setting up an ifs_security_descriptor, given a
+ * samba SEC_DESC.
  *
- * @return NT_STATUS_UNSUCCESSFUL for userspace errors, NTSTATUS based off
- * errno on syscall errors
+ * @param[out] sd ifs_security_descriptor to fill in
+ *
+ * @return NTSTATUS_OK if successful
  */
-NTSTATUS
-onefs_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
-		  uint32 security_info_sent, SEC_DESC *psd)
+NTSTATUS onefs_setup_sd(uint32 security_info_sent, SEC_DESC *psd,
+			struct ifs_security_descriptor *sd)
 {
-	struct ifs_security_descriptor sd = {};
 	struct ifs_security_acl dacl, sacl, *daclp, *saclp;
 	struct ifs_identity owner, group, *ownerp, *groupp;
-	int fd;
-	bool fopened = false;
-
-	DEBUG(5,("Setting SD on file %s.\n", fsp->fsp_name ));
 
 	ownerp = NULL;
 	groupp = NULL;
@@ -759,10 +765,37 @@ onefs_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
 
 	/* Setup ifs_security_descriptor */
 	DEBUG(5,("Setting up SD\n"));
-	if (aclu_initialize_sd(&sd, psd->type, ownerp, groupp,
-	    (daclp ? &daclp : NULL), (saclp ? &saclp : NULL), false))
+	if (aclu_initialize_sd(sd, psd->type, ownerp, groupp,
+		(daclp ? &daclp : NULL), (saclp ? &saclp : NULL), false))
 		return NT_STATUS_UNSUCCESSFUL;
 
+	return NT_STATUS_OK;
+}
+
+/**
+ * Isilon-specific function for setting an NTFS ACL on an open file.
+ *
+ * @return NT_STATUS_UNSUCCESSFUL for userspace errors, NTSTATUS based off
+ * errno on syscall errors
+ */
+NTSTATUS
+onefs_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
+		  uint32 security_info_sent, SEC_DESC *psd)
+{
+	struct ifs_security_descriptor sd = {};
+	int fd;
+	bool fopened = false;
+	NTSTATUS status;
+
+	DEBUG(5,("Setting SD on file %s.\n", fsp->fsp_name ));
+
+	status = onefs_setup_sd(security_info_sent, psd, &sd);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(3, ("SD initialization failure: %s", nt_errstr(status)));
+		return status;
+	}
+
 	fd = fsp->fh->fd;
 	if (fd == -1) {
 		enum ifs_ace_rights desired_access = 0;
@@ -775,16 +808,24 @@ onefs_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
 		if (security_info_sent & SACL_SECURITY_INFORMATION)
 			desired_access |= IFS_RTS_SACL_ACCESS;
 
-		if ((fd = ifs_createfile(-1,
-					 fsp->fsp_name,
-					 desired_access,
-					 0, 0,
-					 OPLOCK_NONE,
-					 0, NULL, 0,
-					 NULL, 0, NULL)) == -1) {
-			DEBUG(0, ("Error opening file %s. errno=%d\n",
-			    fsp->fsp_name, errno));
-			return map_nt_error_from_unix(errno);
+		if ((fd = onefs_sys_create_file(handle->conn,
+						-1,
+						fsp->fsp_name,
+						desired_access,
+						desired_access,
+						0,
+						0,
+						0,
+						0,
+						INTERNAL_OPEN_ONLY,
+						0,
+						NULL,
+						0,
+						NULL)) == -1) {
+			DEBUG(0, ("Error opening file %s. errno=%d (%s)\n",
+				  fsp->fsp_name, errno, strerror(errno)));
+			status = map_nt_error_from_unix(errno);
+			goto out;
 		}
 		fopened = true;
 	}
@@ -792,10 +833,12 @@ onefs_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
         errno = 0;
 	if (ifs_set_security_descriptor(fd, security_info_sent, &sd)) {
 		DEBUG(0, ("Error setting security descriptor = %d\n", errno));
+		status = map_nt_error_from_unix(errno);
 		goto out;
 	}
 
 	DEBUG(5, ("Security descriptor set correctly!\n"));
+	status = NT_STATUS_OK;
 
 	/* FALLTHROUGH */
 out:
@@ -803,5 +846,5 @@ out:
 		close(fd);
 
 	aclu_free_sd(&sd, false);
-	return errno ? map_nt_error_from_unix(errno) : NT_STATUS_OK;
+	return status;
 }
author	Tim Prouty <tprouty@samba.org>	2008-12-08 16:57:58 -0800
committer	Tim Prouty <tprouty@samba.org>	2008-12-09 14:51:48 -0800
commit	e0711ffa526e22e3ffe483319ce5d7725d578647 (patch)
tree	7e5bac5563758ff614b8c45c33ee0f1e8467fbca /source3/modules/onefs_acl.c
parent	51e7f79b3b4ae0fa830ac176df5ba8229e14f32d (diff)
download	samba-e0711ffa526e22e3ffe483319ce5d7725d578647.tar.gz samba-e0711ffa526e22e3ffe483319ce5d7725d578647.tar.bz2 samba-e0711ffa526e22e3ffe483319ce5d7725d578647.zip