summaryrefslogtreecommitdiff
path: root/source3/modules/vfs_aixacl2.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/modules/vfs_aixacl2.c')
-rw-r--r--source3/modules/vfs_aixacl2.c538
1 files changed, 0 insertions, 538 deletions
diff --git a/source3/modules/vfs_aixacl2.c b/source3/modules/vfs_aixacl2.c
deleted file mode 100644
index 96ec3a3574..0000000000
--- a/source3/modules/vfs_aixacl2.c
+++ /dev/null
@@ -1,538 +0,0 @@
-/*
- * Convert JFS2 NFS4/AIXC acls to NT acls and vice versa.
- *
- * Copyright (C) Volker Lendecke, 2006
- * Major code contributions from Peter Somogyi, somogyi@de.ibm.com
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- */
-
-#include "includes.h"
-#include "nfs4_acls.c"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_VFS
-
-#define AIXACL2_MODULE_NAME "aixacl2"
-
-extern struct current_user current_user;
-extern int try_chown(connection_struct *conn, const char *fname, uid_t uid, gid_t gid);
-extern BOOL unpack_nt_owners(int snum, uid_t *puser, gid_t *pgrp,
- uint32 security_info_sent, SEC_DESC *psd);
-
-extern SMB_ACL_T aixacl_to_smbacl( struct acl *file_acl);
-extern struct acl *aixacl_smb_to_aixacl(SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl);
-
-typedef union aixjfs2_acl_t {
- nfs4_acl_int_t jfs2_acl[1];
- aixc_acl_t aixc_acl[1];
-}AIXJFS2_ACL_T;
-
-static int32_t aixacl2_getlen(AIXJFS2_ACL_T *acl, acl_type_t *type)
-{
- int32_t len;
-
- if(type->u64 == ACL_NFS4) {
- len = acl->jfs2_acl[0].aclLength;
- }
- else {
- if(type->u64 == ACL_AIXC) {
- len = acl->aixc_acl[0].acl_len;
- } else {
- DEBUG(0,("aixacl2_getlen:unknown type:%d\n",type->u64));
- return False;
- }
- }
- DEBUG(10,("aixacl2_getlen:%d\n",len));
- return len;
-}
-
-static AIXJFS2_ACL_T *aixjfs2_getacl_alloc(const char *fname, acl_type_t *type)
-{
- AIXJFS2_ACL_T *acl;
- size_t len = 200;
- mode_t mode;
- int ret;
- uint64_t ctl_flag=0;
- TALLOC_CTX *mem_ctx;
-
- mem_ctx = main_loop_talloc_get();
- acl = (AIXJFS2_ACL_T *)talloc_size(mem_ctx, len);
- if (acl == NULL) {
- errno = ENOMEM;
- return NULL;
- }
-
- if(type->u64 == ACL_ANY) {
- ctl_flag = ctl_flag | GET_ACLINFO_ONLY;
- }
-
- ret = aclx_get((char *)fname, ctl_flag, type, acl, &len, &mode);
- if ((ret != 0) && (errno == ENOSPC)) {
- len = aixacl2_getlen(acl, type) + sizeof(AIXJFS2_ACL_T);
- DEBUG(10,("aixjfs2_getacl_alloc - acl_len:%d\n",len));
-
- acl = (AIXJFS2_ACL_T *)talloc_size(mem_ctx, len);
- if (acl == NULL) {
- errno = ENOMEM;
- return NULL;
- }
-
- ret = aclx_get((char *)fname, ctl_flag, type, acl, &len, &mode);
- }
- if (ret != 0) {
- DEBUG(8, ("aclx_get failed with %s\n", strerror(errno)));
- return NULL;
- }
-
- return acl;
-}
-
-static BOOL aixjfs2_get_nfs4_acl(files_struct *fsp,
- SMB4ACL_T **ppacl, BOOL *pretryPosix)
-{
- int32_t i;
-
- AIXJFS2_ACL_T *pacl = NULL;
- nfs4_acl_int_t *jfs2_acl = NULL;
- nfs4_ace_int_t *jfs2_ace = NULL;
- acl_type_t type;
-
- DEBUG(10,("jfs2 get_nt_acl invoked for %s\n", fsp->fsp_name));
-
- memset(&type, 0, sizeof(acl_type_t));
- type.u64 = ACL_NFS4;
-
- pacl = aixjfs2_getacl_alloc(fsp->fsp_name, &type);
- if (pacl == NULL) {
- DEBUG(9, ("aixjfs2_getacl_alloc failed for %s with %s\n",
- fsp->fsp_name, strerror(errno)));
- if (errno==ENOSYS)
- *pretryPosix = True;
- return False;
- }
-
- jfs2_acl = &pacl->jfs2_acl[0];
- DEBUG(10, ("len: %d, version: %d, nace: %d, type: 0x%x\n",
- jfs2_acl->aclLength, jfs2_acl->aclVersion, jfs2_acl->aclEntryN, type.u64));
-
- *ppacl = smb_create_smb4acl();
- if (*ppacl==NULL)
- return False;
-
- jfs2_ace = &jfs2_acl->aclEntry[0];
- for (i=0; i<jfs2_acl->aclEntryN; i++) {
- SMB_ACE4PROP_T aceprop;
-
- DEBUG(10, ("type: %d, iflags: %x, flags: %x, mask: %x, "
- "who: %d, aclLen: %d\n", jfs2_ace->aceType, jfs2_ace->flags,
- jfs2_ace->aceFlags, jfs2_ace->aceMask, jfs2_ace->aceWho.id, jfs2_ace->entryLen));
-
- aceprop.aceType = jfs2_ace->aceType;
- aceprop.aceFlags = jfs2_ace->aceFlags;
- aceprop.aceMask = jfs2_ace->aceMask;
- aceprop.flags = (jfs2_ace->flags&ACE4_ID_SPECIAL) ? SMB_ACE4_ID_SPECIAL : 0;
-
- /* don't care it's real content is only 16 or 32 bit */
- aceprop.who.id = jfs2_ace->aceWho.id;
-
- if (smb_add_ace4(*ppacl, &aceprop)==NULL)
- return False;
-
- /* iterate to the next jfs2 ace */
- jfs2_ace = (nfs4_ace_int_t *)(((char *)jfs2_ace) + jfs2_ace->entryLen);
- }
-
- DEBUG(10,("jfs2 get_nt_acl finished successfully\n"));
-
- return True;
-}
-
-static size_t aixjfs2_get_nt_acl_common(files_struct *fsp,
- uint32 security_info, SEC_DESC **ppdesc)
-{
- SMB4ACL_T *pacl = NULL;
- BOOL result;
- BOOL retryPosix = False;
-
- *ppdesc = NULL;
- result = aixjfs2_get_nfs4_acl(fsp, &pacl, &retryPosix);
- if (retryPosix)
- {
- DEBUG(10, ("retrying with posix acl...\n"));
- return get_nt_acl(fsp, security_info, ppdesc);
- }
- if (result==False)
- return 0;
-
- return smb_get_nt_acl_nfs4(fsp, security_info, ppdesc, pacl);
-}
-
-size_t aixjfs2_fget_nt_acl(vfs_handle_struct *handle,
- files_struct *fsp, int fd, uint32 security_info,
- SEC_DESC **ppdesc)
-{
- return aixjfs2_get_nt_acl_common(fsp, security_info, ppdesc);
-}
-
-size_t aixjfs2_get_nt_acl(vfs_handle_struct *handle,
- files_struct *fsp, const char *name,
- uint32 security_info, SEC_DESC **ppdesc)
-{
- return aixjfs2_get_nt_acl_common(fsp, security_info, ppdesc);
-}
-
-static SMB_ACL_T aixjfs2_get_posix_acl(const char *path, acl_type_t type)
-{
- aixc_acl_t *pacl;
- AIXJFS2_ACL_T *acl;
- SMB_ACL_T result = NULL;
- int ret;
-
- acl = aixjfs2_getacl_alloc(path, &type);
-
- if (acl == NULL) {
- DEBUG(10, ("aixjfs2_getacl failed for %s with %s\n",
- path, strerror(errno)));
- if (errno == 0) {
- errno = EINVAL;
- }
- goto done;
- }
-
- pacl = &acl->aixc_acl[0];
- DEBUG(10, ("len: %d, mode: %d\n",
- pacl->acl_len, pacl->acl_mode));
-
- result = aixacl_to_smbacl(pacl);
- if (result == NULL) {
- goto done;
- }
-
- done:
- if (errno != 0) {
- SAFE_FREE(result);
- }
- return result;
-}
-
-SMB_ACL_T aixjfs2_sys_acl_get_file(vfs_handle_struct *handle,
- const char *path_p,
- SMB_ACL_TYPE_T type)
-{
- acl_type_t aixjfs2_type;
-
- switch(type) {
- case SMB_ACL_TYPE_ACCESS:
- aixjfs2_type.u64 = ACL_AIXC;
- break;
- case SMB_ACL_TYPE_DEFAULT:
- DEBUG(0, ("Got AIX JFS2 unsupported type: %d\n", type));
- return NULL;
- default:
- DEBUG(0, ("Got invalid type: %d\n", type));
- smb_panic("exiting");
- }
-
- return aixjfs2_get_posix_acl(path_p, aixjfs2_type);
-}
-
-SMB_ACL_T aixjfs2_sys_acl_get_fd(vfs_handle_struct *handle,
- files_struct *fsp,
- int fd)
-{
- acl_type_t aixjfs2_type;
- aixjfs2_type.u64 = ACL_AIXC;
-
- return aixjfs2_get_posix_acl(fsp->fsp_name, aixjfs2_type);
-}
-
-/*
- * Test whether we have that aclType support on the given path
- */
-static int aixjfs2_query_acl_support(
- char *filepath,
- uint64_t aclType,
- acl_type_t *pacl_type_info
-)
-{
- acl_types_list_t acl_type_list;
- size_t acl_type_list_len = sizeof(acl_types_list_t);
- uint32_t i;
-
- memset(&acl_type_list, 0, sizeof(acl_type_list));
-
- if (aclx_gettypes(filepath, &acl_type_list, &acl_type_list_len)) {
- DEBUG(2, ("aclx_gettypes failed with error %s for %s\n",
- strerror(errno), filepath));
- return -1;
- }
-
- for(i=0; i<acl_type_list.num_entries; i++) {
- if (acl_type_list.entries[i].u64==aclType) {
- memcpy(pacl_type_info, acl_type_list.entries + i, sizeof(acl_type_t));
- DEBUG(10, ("found %s ACL support for %s\n",
- pacl_type_info->acl_type, filepath));
- return 0;
- }
- }
-
- return 1; /* haven't found that ACL type. */
-}
-
-static BOOL aixjfs2_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl)
-{
- SMB4ACE_T *smbace;
- TALLOC_CTX *mem_ctx;
- nfs4_acl_int_t *jfs2acl;
- int32_t entryLen;
- uint32 aclLen, naces;
- int rc;
- acl_type_t acltype;
-
- DEBUG(10, ("jfs2_process_smbacl invoked on %s\n", fsp->fsp_name));
-
- /* no need to be freed which is alloced with mem_ctx */
- mem_ctx = main_loop_talloc_get();
-
- entryLen = sizeof(nfs4_ace_int_t);
- if (entryLen & 0x03)
- entryLen = entryLen + 4 - (entryLen%4);
-
- naces = smb_get_naces(smbacl);
- aclLen = ACL_V4_SIZ + naces * entryLen;
- jfs2acl = (nfs4_acl_int_t *)talloc_size(mem_ctx, aclLen);
- if (jfs2acl==NULL) {
- DEBUG(0, ("talloc_size failed\n"));
- errno = ENOMEM;
- return False;
- }
-
- jfs2acl->aclLength = ACL_V4_SIZ;
- jfs2acl->aclVersion = NFS4_ACL_INT_STRUCT_VERSION;
- jfs2acl->aclEntryN = 0;
-
- for(smbace = smb_first_ace4(smbacl); smbace!=NULL; smbace = smb_next_ace4(smbace))
- {
- SMB_ACE4PROP_T *aceprop = smb_get_ace4(smbace);
- nfs4_ace_int_t *jfs2_ace = (nfs4_ace_int_t *)(((char *)jfs2acl) + jfs2acl->aclLength);
-
- memset(jfs2_ace, 0, entryLen);
- jfs2_ace->entryLen = entryLen; /* won't store textual "who" */
- jfs2_ace->aceType = aceprop->aceType; /* only ACCES|DENY supported by jfs2 */
- jfs2_ace->aceFlags = aceprop->aceFlags;
- jfs2_ace->aceMask = aceprop->aceMask;
- jfs2_ace->flags = (aceprop->flags&SMB_ACE4_ID_SPECIAL) ? ACE4_ID_SPECIAL : 0;
-
- /* don't care it's real content is only 16 or 32 bit */
- jfs2_ace->aceWho.id = aceprop->who.id;
-
- /* iterate to the next jfs2 ace */
- jfs2acl->aclLength += jfs2_ace->entryLen;
- jfs2acl->aclEntryN++;
- }
- SMB_ASSERT(jfs2acl->aclEntryN==naces);
-
- /* Don't query it (again) */
- memset(&acltype, 0, sizeof(acl_type_t));
- acltype.u64 = ACL_NFS4;
-
- /* won't set S_ISUID - the only one JFS2/NFS4 accepts */
- rc = aclx_put(
- fsp->fsp_name,
- SET_ACL, /* set only the ACL, not mode bits */
- acltype, /* not a pointer !!! */
- jfs2acl,
- jfs2acl->aclLength,
- 0 /* don't set here mode bits */
- );
- if (rc) {
- DEBUG(8, ("aclx_put failed with %s\n", strerror(errno)));
- return False;
- }
-
- DEBUG(10, ("jfs2_process_smbacl succeeded.\n"));
- return True;
-}
-
-static BOOL aixjfs2_set_nt_acl_common(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
-{
- acl_type_t acl_type_info;
- BOOL result = False;
- int rc;
-
- rc = aixjfs2_query_acl_support(
- fsp->fsp_name,
- ACL_NFS4,
- &acl_type_info);
-
- if (rc==0)
- {
- result = smb_set_nt_acl_nfs4(
- fsp, security_info_sent, psd,
- aixjfs2_process_smbacl);
- } else if (rc==1) { /* assume POSIX ACL - by default... */
- result = set_nt_acl(fsp, security_info_sent, psd);
- } else
- result = False; /* query failed */
-
- return result;
-}
-
-BOOL aixjfs2_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, int fd, uint32 security_info_sent, SEC_DESC *psd)
-{
- return aixjfs2_set_nt_acl_common(fsp, security_info_sent, psd);
-}
-
-BOOL aixjfs2_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info_sent, SEC_DESC *psd)
-{
- return aixjfs2_set_nt_acl_common(fsp, security_info_sent, psd);
-}
-
-int aixjfs2_sys_acl_set_file(vfs_handle_struct *handle,
- const char *name,
- SMB_ACL_TYPE_T type,
- SMB_ACL_T theacl)
-{
- struct acl *acl_aixc;
- acl_type_t acl_type_info;
- int rc;
-
- DEBUG(10, ("aixjfs2_sys_acl_set_file invoked for %s", name));
-
- rc = aixjfs2_query_acl_support((char *)name, ACL_AIXC, &acl_type_info);
- if (rc) {
- DEBUG(8, ("jfs2_set_nt_acl: AIXC support not found\n"));
- return -1;
- }
-
- acl_aixc = aixacl_smb_to_aixacl(type, theacl);
- if (!acl_aixc)
- return -1;
-
- rc = aclx_put(
- (char *)name,
- SET_ACL, /* set only the ACL, not mode bits */
- acl_type_info,
- acl_aixc,
- acl_aixc->acl_len,
- 0
- );
- if (rc) {
- DEBUG(2, ("aclx_put failed with %s for %s\n",
- strerror(errno), name));
- return -1;
- }
-
- return 0;
-}
-
-int aixjfs2_sys_acl_set_fd(vfs_handle_struct *handle,
- files_struct *fsp,
- int fd, SMB_ACL_T theacl)
-{
- struct acl *acl_aixc;
- acl_type_t acl_type_info;
- int rc;
-
- DEBUG(10, ("aixjfs2_sys_acl_set_fd invoked for %s", fsp->fsp_name));
-
- rc = aixjfs2_query_acl_support(fsp->fsp_name, ACL_AIXC, &acl_type_info);
- if (rc) {
- DEBUG(8, ("jfs2_set_nt_acl: AIXC support not found\n"));
- return -1;
- }
-
- acl_aixc = aixacl_smb_to_aixacl(SMB_ACL_TYPE_ACCESS, theacl);
- if (!acl_aixc)
- return -1;
-
- rc = aclx_fput(
- fd,
- SET_ACL, /* set only the ACL, not mode bits */
- acl_type_info,
- acl_aixc,
- acl_aixc->acl_len,
- 0
- );
- if (rc) {
- DEBUG(2, ("aclx_fput failed with %s for %s\n",
- strerror(errno), fsp->fsp_name));
- return -1;
- }
-
- return 0;
-}
-
-int aixjfs2_sys_acl_delete_def_file(vfs_handle_struct *handle,
- const char *path)
-{
- /* Not available under AIXC ACL */
- /* Don't report here any error otherwise */
- /* upper layer will break the normal execution */
- return 0;
-}
-
-
-/* VFS operations structure */
-
-static vfs_op_tuple aixjfs2_ops[] =
-{
- {SMB_VFS_OP(aixjfs2_fget_nt_acl),
- SMB_VFS_OP_FGET_NT_ACL,
- SMB_VFS_LAYER_TRANSPARENT},
-
- {SMB_VFS_OP(aixjfs2_get_nt_acl),
- SMB_VFS_OP_GET_NT_ACL,
- SMB_VFS_LAYER_TRANSPARENT},
-
- {SMB_VFS_OP(aixjfs2_fset_nt_acl),
- SMB_VFS_OP_FSET_NT_ACL,
- SMB_VFS_LAYER_TRANSPARENT},
-
- {SMB_VFS_OP(aixjfs2_set_nt_acl),
- SMB_VFS_OP_SET_NT_ACL,
- SMB_VFS_LAYER_TRANSPARENT},
-
- {SMB_VFS_OP(aixjfs2_sys_acl_get_file),
- SMB_VFS_OP_SYS_ACL_GET_FILE,
- SMB_VFS_LAYER_TRANSPARENT},
-
- {SMB_VFS_OP(aixjfs2_sys_acl_get_fd),
- SMB_VFS_OP_SYS_ACL_GET_FD,
- SMB_VFS_LAYER_TRANSPARENT},
-
- {SMB_VFS_OP(aixjfs2_sys_acl_set_file),
- SMB_VFS_OP_SYS_ACL_SET_FILE,
- SMB_VFS_LAYER_TRANSPARENT},
-
- {SMB_VFS_OP(aixjfs2_sys_acl_set_fd),
- SMB_VFS_OP_SYS_ACL_SET_FD,
- SMB_VFS_LAYER_TRANSPARENT},
-
- {SMB_VFS_OP(aixjfs2_sys_acl_delete_def_file),
- SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE,
- SMB_VFS_LAYER_TRANSPARENT},
-
- {SMB_VFS_OP(NULL),
- SMB_VFS_OP_NOOP,
- SMB_VFS_LAYER_NOOP}
-};
-
-NTSTATUS vfs_aixacl2_init(void)
-{
- return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, AIXACL2_MODULE_NAME,
- aixjfs2_ops);
-}