summaryrefslogtreecommitdiff
path: root/source3/modules/vfs_gpfs.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/modules/vfs_gpfs.c')
-rw-r--r--source3/modules/vfs_gpfs.c155
1 files changed, 94 insertions, 61 deletions
diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c
index 932b5000c8..3795a5d4a6 100644
--- a/source3/modules/vfs_gpfs.c
+++ b/source3/modules/vfs_gpfs.c
@@ -141,28 +141,30 @@ static struct gpfs_acl *gpfs_getacl_alloc(const char *fname, gpfs_aclType_t type
return acl;
}
-static BOOL gpfs_get_nfs4_acl(struct files_struct *fsp, SMB4ACL_T **ppacl, BOOL *pretryPosix)
+/* Tries to get nfs4 acls and returns SMB ACL allocated.
+ * On failure returns 1 if it got non-NFSv4 ACL to prompt
+ * retry with POSIX ACL checks.
+ * On failure returns -1 if there is system (GPFS) error, check errno.
+ * Returns 0 on success
+ */
+static int gpfs_get_nfs4_acl(const char *fname, SMB4ACL_T **ppacl)
{
- TALLOC_CTX *mem_ctx;
int i;
struct gpfs_acl *gacl = NULL;
-
- mem_ctx = main_loop_talloc_get();
-
- DEBUG(10, ("gpfs_get_nfs4_acl invoked for %s\n", fsp->fsp_name));
+ DEBUG(10, ("gpfs_get_nfs4_acl invoked for %s\n", fname));
/* First get the real acl length */
- gacl = gpfs_getacl_alloc(fsp->fsp_name, GPFS_ACL_TYPE_NFS4);
+ gacl = gpfs_getacl_alloc(fname, GPFS_ACL_TYPE_NFS4);
if (gacl == NULL) {
DEBUG(9, ("gpfs_getacl failed for %s with %s\n",
- fsp->fsp_name, strerror(errno)));
- return False;
+ fname, strerror(errno)));
+ return -1;
}
if (gacl->acl_type != GPFS_ACL_TYPE_NFS4) {
DEBUG(10, ("Got non-nfsv4 acl\n"));
- *pretryPosix = True;
- return False;
+ /* Retry with POSIX ACLs check */
+ return 1;
}
*ppacl = smb_create_smb4acl();
@@ -174,12 +176,11 @@ static BOOL gpfs_get_nfs4_acl(struct files_struct *fsp, SMB4ACL_T **ppacl, BOOL
for (i=0; i<gacl->acl_nace; i++) {
struct gpfs_ace_v4 *gace = &gacl->ace_v4[i];
SMB_ACE4PROP_T smbace;
- memset(&smbace, 0, sizeof(SMB4ACE_T));
-
DEBUG(10, ("type: %d, iflags: %x, flags: %x, mask: %x, "
"who: %d\n", gace->aceType, gace->aceIFlags,
gace->aceFlags, gace->aceMask, gace->aceWho));
+ memset(&smbace, 0, sizeof(SMB4ACE_T));
if (gace->aceIFlags & ACE4_IFLAG_SPECIAL_ID) {
smbace.flags |= SMB_ACE4_ID_SPECIAL;
switch (gace->aceWho) {
@@ -204,35 +205,47 @@ static BOOL gpfs_get_nfs4_acl(struct files_struct *fsp, SMB4ACL_T **ppacl, BOOL
smbace.who.uid = gace->aceWho;
}
+ /* remove redundent deny entries */
+ if (i > 0 && gace->aceType == SMB_ACE4_ACCESS_DENIED_ACE_TYPE) {
+ struct gpfs_ace_v4 *prev = &gacl->ace_v4[i-1];
+ if (prev->aceType == SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE &&
+ prev->aceFlags == gace->aceFlags &&
+ prev->aceIFlags == gace->aceIFlags &&
+ (gace->aceMask & prev->aceMask) == 0 &&
+ gace->aceWho == prev->aceWho) {
+ /* its redundent - skip it */
+ continue;
+ }
+ }
+
smbace.aceType = gace->aceType;
smbace.aceFlags = gace->aceFlags;
smbace.aceMask = gace->aceMask;
- smbace.flags = (gace->aceIFlags&ACE4_IFLAG_SPECIAL_ID) ? SMB_ACE4_ID_SPECIAL : 0;
-
smb_add_ace4(*ppacl, &smbace);
}
- return True;
+ return 0;
}
static size_t gpfsacl_get_nt_acl_common(files_struct *fsp,
uint32 security_info, SEC_DESC **ppdesc)
{
SMB4ACL_T *pacl = NULL;
- BOOL result;
- BOOL retryPosix = False;
+ int result;
*ppdesc = NULL;
- result = gpfs_get_nfs4_acl(fsp, &pacl, &retryPosix);
- if (retryPosix)
- {
+ result = gpfs_get_nfs4_acl(fsp->fsp_name, &pacl);
+
+ if (result == 0)
+ return smb_get_nt_acl_nfs4(fsp, security_info, ppdesc, pacl);
+
+ if (result > 0) {
DEBUG(10, ("retrying with posix acl...\n"));
return get_nt_acl(fsp, security_info, ppdesc);
}
- if (result==False)
- return 0;
-
- return smb_get_nt_acl_nfs4(fsp, security_info, ppdesc, pacl);
+
+ /* GPFS ACL was not read, something wrong happened, error code is set in errno */
+ return 0;
}
size_t gpfsacl_fget_nt_acl(vfs_handle_struct *handle,
@@ -608,57 +621,77 @@ int gpfsacl_sys_acl_delete_def_file(vfs_handle_struct *handle,
return -1;
}
+static int vfs_gpfs_chmod(vfs_handle_struct *handle, const char *path, mode_t mode)
+{
+ SMB_STRUCT_STAT st;
+ if (SMB_VFS_NEXT_STAT(handle, path, &st) != 0) {
+ return -1;
+ }
+ /* avoid chmod() if possible, to preserve acls */
+ if ((st.st_mode & ~S_IFMT) == mode) {
+ return 0;
+ }
+ return SMB_VFS_NEXT_CHMOD(handle, path, mode);
+}
+
+static int vfs_gpfs_fchmod(vfs_handle_struct *handle, files_struct *fsp, int fd, mode_t mode)
+{
+ SMB_STRUCT_STAT st;
+ if (SMB_VFS_NEXT_FSTAT(handle, fsp, fd, &st) != 0) {
+ return -1;
+ }
+ /* avoid chmod() if possible, to preserve acls */
+ if ((st.st_mode & ~S_IFMT) == mode) {
+ return 0;
+ }
+ return SMB_VFS_NEXT_FCHMOD(handle, fsp, fd, mode);
+}
+
/* VFS operations structure */
static vfs_op_tuple gpfs_op_tuples[] = {
- {SMB_VFS_OP(vfs_gpfs_kernel_flock),
- SMB_VFS_OP_KERNEL_FLOCK,
- SMB_VFS_LAYER_OPAQUE},
+ { SMB_VFS_OP(vfs_gpfs_kernel_flock), SMB_VFS_OP_KERNEL_FLOCK,
+ SMB_VFS_LAYER_OPAQUE },
+
+ { SMB_VFS_OP(vfs_gpfs_setlease), SMB_VFS_OP_LINUX_SETLEASE,
+ SMB_VFS_LAYER_OPAQUE },
+
+ { SMB_VFS_OP(gpfsacl_fget_nt_acl), SMB_VFS_OP_FGET_NT_ACL,
+ SMB_VFS_LAYER_TRANSPARENT },
- {SMB_VFS_OP(vfs_gpfs_setlease),
- SMB_VFS_OP_LINUX_SETLEASE,
- SMB_VFS_LAYER_OPAQUE},
+ { SMB_VFS_OP(gpfsacl_get_nt_acl), SMB_VFS_OP_GET_NT_ACL,
+ SMB_VFS_LAYER_TRANSPARENT },
- {SMB_VFS_OP(gpfsacl_fget_nt_acl),
- SMB_VFS_OP_FGET_NT_ACL,
- SMB_VFS_LAYER_TRANSPARENT},
+ { SMB_VFS_OP(gpfsacl_fset_nt_acl), SMB_VFS_OP_FSET_NT_ACL,
+ SMB_VFS_LAYER_TRANSPARENT },
- {SMB_VFS_OP(gpfsacl_get_nt_acl),
- SMB_VFS_OP_GET_NT_ACL,
- SMB_VFS_LAYER_TRANSPARENT},
+ { SMB_VFS_OP(gpfsacl_set_nt_acl), SMB_VFS_OP_SET_NT_ACL,
+ SMB_VFS_LAYER_TRANSPARENT },
- {SMB_VFS_OP(gpfsacl_fset_nt_acl),
- SMB_VFS_OP_FSET_NT_ACL,
- SMB_VFS_LAYER_TRANSPARENT},
+ { SMB_VFS_OP(gpfsacl_sys_acl_get_file), SMB_VFS_OP_SYS_ACL_GET_FILE,
+ SMB_VFS_LAYER_TRANSPARENT },
- {SMB_VFS_OP(gpfsacl_set_nt_acl),
- SMB_VFS_OP_SET_NT_ACL,
- SMB_VFS_LAYER_TRANSPARENT},
+ { SMB_VFS_OP(gpfsacl_sys_acl_get_fd), SMB_VFS_OP_SYS_ACL_GET_FD,
+ SMB_VFS_LAYER_TRANSPARENT },
- {SMB_VFS_OP(gpfsacl_sys_acl_get_file),
- SMB_VFS_OP_SYS_ACL_GET_FILE,
- SMB_VFS_LAYER_TRANSPARENT},
+ { SMB_VFS_OP(gpfsacl_sys_acl_set_file), SMB_VFS_OP_SYS_ACL_SET_FILE,
+ SMB_VFS_LAYER_TRANSPARENT },
- {SMB_VFS_OP(gpfsacl_sys_acl_get_fd),
- SMB_VFS_OP_SYS_ACL_GET_FD,
- SMB_VFS_LAYER_TRANSPARENT},
+ { SMB_VFS_OP(gpfsacl_sys_acl_set_fd), SMB_VFS_OP_SYS_ACL_SET_FD,
+ SMB_VFS_LAYER_TRANSPARENT },
- {SMB_VFS_OP(gpfsacl_sys_acl_set_file),
- SMB_VFS_OP_SYS_ACL_SET_FILE,
- SMB_VFS_LAYER_TRANSPARENT},
+ { SMB_VFS_OP(gpfsacl_sys_acl_delete_def_file),
+ SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE,
+ SMB_VFS_LAYER_TRANSPARENT },
- {SMB_VFS_OP(gpfsacl_sys_acl_set_fd),
- SMB_VFS_OP_SYS_ACL_SET_FD,
- SMB_VFS_LAYER_TRANSPARENT},
+ { SMB_VFS_OP(vfs_gpfs_chmod), SMB_VFS_OP_CHMOD,
+ SMB_VFS_LAYER_TRANSPARENT },
- {SMB_VFS_OP(gpfsacl_sys_acl_delete_def_file),
- SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE,
- SMB_VFS_LAYER_TRANSPARENT},
+ { SMB_VFS_OP(vfs_gpfs_fchmod), SMB_VFS_OP_FCHMOD,
+ SMB_VFS_LAYER_TRANSPARENT },
- {SMB_VFS_OP(NULL),
- SMB_VFS_OP_NOOP,
- SMB_VFS_LAYER_NOOP}
+ { SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP }
};