From 338d2462d4ba514343a5fd78fe8ba4bdc06bec8a Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 14 May 2007 23:55:11 +0000 Subject: r22872: Add vfs_zfsacl module from Jiri Sasek . Jeremy. (This used to be commit bd80db71e71fc05b8b4875c386d8d58612cdbb06) --- source3/modules/vfs_zfsacl.c | 186 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 186 insertions(+) create mode 100644 source3/modules/vfs_zfsacl.c (limited to 'source3/modules/vfs_zfsacl.c') diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c new file mode 100644 index 0000000000..72dde886bd --- /dev/null +++ b/source3/modules/vfs_zfsacl.c @@ -0,0 +1,186 @@ +/* + * Convert ZFS/NFSv4 acls to NT acls and vice versa. + * + * Copyright (C) Jiri Sasek, 2007 + * based on the foobar.c module which is copyrighted by Volker Lendecke + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * + */ + +#include "includes.h" +#include "nfs4_acls.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_VFS + +#define ZFSACL_MODULE_NAME "zfsacl" + +/* zfs_get_nt_acl() + * read the local file's acls and return it in NT form + * using the NFSv4 format conversion + */ +static size_t zfs_get_nt_acl(struct files_struct *fsp, uint32 security_info, + struct security_descriptor **ppdesc) +{ + int naces, i; + ace_t *acebuf; + SMB4ACL_T *pacl; + TALLOC_CTX *mem_ctx; + + /* read the number of file aces */ + if((naces = acl(fsp->fsp_name, ACE_GETACLCNT, 0, NULL)) == -1) { + if(errno == ENOSYS) { + DEBUG(9, ("acl(ACE_GETACLCNT, %s): Operation is not supported on the filesystem where the file reside")); + } else { + DEBUG(9, ("acl(ACE_GETACLCNT, %s): %s ", fsp->fsp_name, + strerror(errno))); + } + return 0; + } + /* allocate the field of ZFS aces */ + mem_ctx = main_loop_talloc_get(); + acebuf = (ace_t *) talloc_size(mem_ctx, sizeof(ace_t)*naces); + if(acebuf == NULL) { + errno = ENOMEM; + return 0; + } + /* read the aces into the field */ + if(acl(fsp->fsp_name, ACE_GETACL, naces, acebuf) < 0) { + DEBUG(9, ("acl(ACE_GETACL, %s): %s ", fsp->fsp_name, + strerror(errno))); + return 0; + } + /* create SMB4ACL data */ + if((pacl = smb_create_smb4acl()) == NULL) return 0; + for(i=0; i ZFS acl using NFSv4 conv. */ +static BOOL zfs_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl) +{ + int naces = smb_get_naces(smbacl), i; + ace_t *acebuf; + SMB4ACE_T *smbace; + TALLOC_CTX *mem_ctx; + + /* allocate the field of ZFS aces */ + mem_ctx = main_loop_talloc_get(); + acebuf = (ace_t *) talloc_size(mem_ctx, sizeof(ace_t)*naces); + if(acebuf == NULL) { + errno = ENOMEM; + return False; + } + /* handle all aces */ + for(smbace = smb_first_ace4(smbacl), i = 0; + smbace!=NULL; + smbace = smb_next_ace4(smbace), i++) { + SMB_ACE4PROP_T *aceprop = smb_get_ace4(smbace); + + acebuf[i].a_type = aceprop->aceType; + acebuf[i].a_flags = aceprop->aceFlags; + acebuf[i].a_access_mask = aceprop->aceMask; + acebuf[i].a_who = aceprop->who.id; + } + SMB_ASSERT(i == naces); + + /* store acl */ + if(acl(fsp->fsp_name, ACE_SETACL, naces, acebuf)) { + if(errno == ENOSYS) { + DEBUG(9, ("acl(ACE_SETACL, %s): Operation is not supported on the filesystem where the file reside")); + } else { + DEBUG(9, ("acl(ACE_SETACL, %s): %s ", fsp->fsp_name, + strerror(errno))); + } + return 0; + } + + return True; +} + +/* zfs_set_nt_acl() + * set the local file's acls obtaining it in NT form + * using the NFSv4 format conversion + */ +static BOOL zfs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, + uint32 security_info_sent, + struct security_descriptor *psd) +{ + return smb_set_nt_acl_nfs4(fsp, security_info_sent, psd, + zfs_process_smbacl); +} + +size_t zfsacl_fget_nt_acl(struct vfs_handle_struct *handle, + struct files_struct *fsp, + int fd, uint32 security_info, + struct security_descriptor **ppdesc) +{ + return zfs_get_nt_acl(fsp, security_info, ppdesc); +} +size_t zfsacl_get_nt_acl(struct vfs_handle_struct *handle, + struct files_struct *fsp, + const char *name, uint32 security_info, + struct security_descriptor **ppdesc) +{ + return zfs_get_nt_acl(fsp, security_info, ppdesc); +} + +BOOL zfsacl_fset_nt_acl(vfs_handle_struct *handle, + files_struct *fsp, + int fd, uint32 security_info_sent, + SEC_DESC *psd) +{ + return zfs_set_nt_acl(handle, fsp, security_info_sent, psd); +} + +BOOL zfsacl_set_nt_acl(vfs_handle_struct *handle, + files_struct *fsp, + const char *name, uint32 security_info_sent, + SEC_DESC *psd) +{ + return zfs_set_nt_acl(handle, fsp, security_info_sent, psd); +} + +/* VFS operations structure */ + +static vfs_op_tuple zfsacl_ops[] = { + {SMB_VFS_OP(zfsacl_fget_nt_acl), SMB_VFS_OP_FGET_NT_ACL, + SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(zfsacl_get_nt_acl), SMB_VFS_OP_GET_NT_ACL, + SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(zfsacl_fset_nt_acl), SMB_VFS_OP_FSET_NT_ACL, + SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(zfsacl_set_nt_acl), SMB_VFS_OP_SET_NT_ACL, + SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP} +}; + +NTSTATUS vfs_zfsacl_init(void); +NTSTATUS vfs_zfsacl_init(void) +{ + return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "zfsacl", + zfsacl_ops); +} -- cgit From 0ae0d33a3a396cfbd540a86a8c7384cb075bfe0c Mon Sep 17 00:00:00 2001 From: James Peach Date: Fri, 8 Jun 2007 23:08:41 +0000 Subject: r23396: Make VFS callbacks static. Mark operations as OPAQUE because they do not pass through. (This used to be commit b9d6eee5d4d0894ded88455675a470cbf04d8f45) --- source3/modules/vfs_zfsacl.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) (limited to 'source3/modules/vfs_zfsacl.c') diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c index 72dde886bd..79602c2221 100644 --- a/source3/modules/vfs_zfsacl.c +++ b/source3/modules/vfs_zfsacl.c @@ -133,14 +133,15 @@ static BOOL zfs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, zfs_process_smbacl); } -size_t zfsacl_fget_nt_acl(struct vfs_handle_struct *handle, +static size_t zfsacl_fget_nt_acl(struct vfs_handle_struct *handle, struct files_struct *fsp, int fd, uint32 security_info, struct security_descriptor **ppdesc) { return zfs_get_nt_acl(fsp, security_info, ppdesc); } -size_t zfsacl_get_nt_acl(struct vfs_handle_struct *handle, + +static size_t zfsacl_get_nt_acl(struct vfs_handle_struct *handle, struct files_struct *fsp, const char *name, uint32 security_info, struct security_descriptor **ppdesc) @@ -148,7 +149,7 @@ size_t zfsacl_get_nt_acl(struct vfs_handle_struct *handle, return zfs_get_nt_acl(fsp, security_info, ppdesc); } -BOOL zfsacl_fset_nt_acl(vfs_handle_struct *handle, +static BOOL zfsacl_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, int fd, uint32 security_info_sent, SEC_DESC *psd) @@ -156,7 +157,7 @@ BOOL zfsacl_fset_nt_acl(vfs_handle_struct *handle, return zfs_set_nt_acl(handle, fsp, security_info_sent, psd); } -BOOL zfsacl_set_nt_acl(vfs_handle_struct *handle, +static BOOL zfsacl_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info_sent, SEC_DESC *psd) @@ -168,13 +169,13 @@ BOOL zfsacl_set_nt_acl(vfs_handle_struct *handle, static vfs_op_tuple zfsacl_ops[] = { {SMB_VFS_OP(zfsacl_fget_nt_acl), SMB_VFS_OP_FGET_NT_ACL, - SMB_VFS_LAYER_TRANSPARENT}, + SMB_VFS_LAYER_OPAQUE}, {SMB_VFS_OP(zfsacl_get_nt_acl), SMB_VFS_OP_GET_NT_ACL, - SMB_VFS_LAYER_TRANSPARENT}, + SMB_VFS_LAYER_OPAQUE}, {SMB_VFS_OP(zfsacl_fset_nt_acl), SMB_VFS_OP_FSET_NT_ACL, - SMB_VFS_LAYER_TRANSPARENT}, + SMB_VFS_LAYER_OPAQUE}, {SMB_VFS_OP(zfsacl_set_nt_acl), SMB_VFS_OP_SET_NT_ACL, - SMB_VFS_LAYER_TRANSPARENT}, + SMB_VFS_LAYER_OPAQUE}, {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP} }; -- cgit From a0ac7a7f4c0290787cdadb5866272cee2bd61b8a Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 26 Jun 2007 22:49:10 +0000 Subject: r23620: Convert set_nt_acl to return NTSTATUS. Also fix the chown return to correctly return NT_STATUS_INVALID_OWNER if it should be disallowed. Matches better what W2K3R3 does. NFSv4 ACL module owners, please examine these changes. Jeremy. (This used to be commit fc6899a5506b272f8cd5f5837ca13300b4e69a5f) --- source3/modules/vfs_zfsacl.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/modules/vfs_zfsacl.c') diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c index 79602c2221..a68258cfdb 100644 --- a/source3/modules/vfs_zfsacl.c +++ b/source3/modules/vfs_zfsacl.c @@ -125,7 +125,7 @@ static BOOL zfs_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl) * set the local file's acls obtaining it in NT form * using the NFSv4 format conversion */ -static BOOL zfs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, +static NTSTATUS zfs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, struct security_descriptor *psd) { @@ -149,7 +149,7 @@ static size_t zfsacl_get_nt_acl(struct vfs_handle_struct *handle, return zfs_get_nt_acl(fsp, security_info, ppdesc); } -static BOOL zfsacl_fset_nt_acl(vfs_handle_struct *handle, +static NTSTATUS zfsacl_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, int fd, uint32 security_info_sent, SEC_DESC *psd) @@ -157,7 +157,7 @@ static BOOL zfsacl_fset_nt_acl(vfs_handle_struct *handle, return zfs_set_nt_acl(handle, fsp, security_info_sent, psd); } -static BOOL zfsacl_set_nt_acl(vfs_handle_struct *handle, +static NTSTATUS zfsacl_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info_sent, SEC_DESC *psd) -- cgit From d824b98f80ba186030cbb70b3a1e5daf80469ecd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 9 Jul 2007 19:25:36 +0000 Subject: r23779: Change from v2 or later to v3 or later. Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3) --- source3/modules/vfs_zfsacl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/modules/vfs_zfsacl.c') diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c index a68258cfdb..bb10debd3e 100644 --- a/source3/modules/vfs_zfsacl.c +++ b/source3/modules/vfs_zfsacl.c @@ -6,7 +6,7 @@ * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, -- cgit From 153cfb9c83534b09f15cc16205d7adb19b394928 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 05:23:25 +0000 Subject: r23801: The FSF has moved around a lot. This fixes their Mass Ave address. (This used to be commit 87c91e4362c51819032bfbebbb273c52e203b227) --- source3/modules/vfs_zfsacl.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/modules/vfs_zfsacl.c') diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c index bb10debd3e..18904cd819 100644 --- a/source3/modules/vfs_zfsacl.c +++ b/source3/modules/vfs_zfsacl.c @@ -15,8 +15,7 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * along with this program; if not, see . * */ -- cgit From 79a9f6dcb86703fd48d1321e50ff2b678ce39664 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 12 Jul 2007 18:49:44 +0000 Subject: r23856: Add Jiri.Sasek@Sun.COM;s fix from Axel Apitz for ZFS ACLs. Jeremy. (This used to be commit 6ba12b6cb9f69297731c73071b627e8d7fbc6d73) --- source3/modules/vfs_zfsacl.c | 51 ++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 49 insertions(+), 2 deletions(-) (limited to 'source3/modules/vfs_zfsacl.c') diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c index 18904cd819..9217d4c8bc 100644 --- a/source3/modules/vfs_zfsacl.c +++ b/source3/modules/vfs_zfsacl.c @@ -4,6 +4,9 @@ * Copyright (C) Jiri Sasek, 2007 * based on the foobar.c module which is copyrighted by Volker Lendecke * + * Many thanks to Axel Apitz for help to fix the special ace's handling + * issues. + * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or @@ -71,7 +74,19 @@ static size_t zfs_get_nt_acl(struct files_struct *fsp, uint32 security_info, aceprop.aceFlags = (uint32) acebuf[i].a_flags; aceprop.aceMask = (uint32) acebuf[i].a_access_mask; aceprop.who.id = (uint32) acebuf[i].a_who; - aceprop.flags = 0; + + if(aceprop.aceFlags & ACE_OWNER) { + aceprop.flags = SMB_ACE4_ID_SPECIAL; + aceprop.who.special_id = SMB_ACE4_WHO_OWNER; + } else if(aceprop.aceFlags & ACE_GROUP) { + aceprop.flags = SMB_ACE4_ID_SPECIAL; + aceprop.who.special_id = SMB_ACE4_WHO_GROUP; + } else if(aceprop.aceFlags & ACE_EVERYONE) { + aceprop.flags = SMB_ACE4_ID_SPECIAL; + aceprop.who.special_id = SMB_ACE4_WHO_EVERYONE; + } else { + aceprop.flags = 0; + } if(smb_add_ace4(pacl, &aceprop) == NULL) return 0; } @@ -103,6 +118,23 @@ static BOOL zfs_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl) acebuf[i].a_flags = aceprop->aceFlags; acebuf[i].a_access_mask = aceprop->aceMask; acebuf[i].a_who = aceprop->who.id; + if(aceprop->flags & SMB_ACE4_ID_SPECIAL) { + switch(aceprop->who.special_id) { + case SMB_ACE4_WHO_EVERYONE: + acebuf[i].a_flags |= ACE_EVERYONE; + break; + case SMB_ACE4_WHO_OWNER: + acebuf[i].a_flags |= ACE_OWNER; + break; + case SMB_ACE4_WHO_GROUP: + acebuf[i].a_flags |= ACE_GROUP; + break; + default: + DEBUG(8, ("unsupported special_id %d\n", \ + aceprop->who.special_id)); + continue; /* don't add it !!! */ + } + } } SMB_ASSERT(i == naces); @@ -178,8 +210,23 @@ static vfs_op_tuple zfsacl_ops[] = { {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP} }; +/* != 0 if this module will be compiled as static */ + +#define STATIC 0 + +#if STATIC NTSTATUS vfs_zfsacl_init(void); -NTSTATUS vfs_zfsacl_init(void) +#else +NTSTATUS init_module(void); +#endif + +NTSTATUS +#if STATIC + vfs_zfsacl_init +#else + init_module +#endif + (void) { return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "zfsacl", zfsacl_ops); -- cgit From 929e1d99209e20a9c2c95c8bdfc8eaa37b2c2291 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 30 Aug 2007 19:48:31 +0000 Subject: r24809: Consolidate the use of temporary talloc contexts. This adds the two functions talloc_stackframe() and talloc_tos(). * When a new talloc stackframe is allocated with talloc_stackframe(), then * the TALLOC_CTX returned with talloc_tos() is reset to that new * frame. Whenever that stack frame is TALLOC_FREE()'ed, then the reverse * happens: The previous talloc_tos() is restored. * * This API is designed to be robust in the sense that if someone forgets to * TALLOC_FREE() a stackframe, then the next outer one correctly cleans up and * resets the talloc_tos(). The original motivation for this patch was to get rid of the sid_string_static & friends buffers. Explicitly passing talloc context everywhere clutters code too much for my taste, so an implicit talloc_tos() is introduced here. Many of these static buffers are replaced by a single static pointer. The intended use would thus be that low-level functions can rather freely push stuff to talloc_tos, the upper layers clean up by freeing the stackframe. The more of these stackframes are used and correctly freed the more exact the memory cleanup happens. This patch removes the main_loop_talloc_ctx, tmp_talloc_ctx and lp_talloc_ctx (did I forget any?) So, never do a tmp_ctx = talloc_init("foo"); anymore, instead, use tmp_ctx = talloc_stackframe() :-) Volker (This used to be commit 6585ea2cb7f417e14540495b9c7380fe9c8c717b) --- source3/modules/vfs_zfsacl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/modules/vfs_zfsacl.c') diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c index 9217d4c8bc..fd057fa089 100644 --- a/source3/modules/vfs_zfsacl.c +++ b/source3/modules/vfs_zfsacl.c @@ -53,7 +53,7 @@ static size_t zfs_get_nt_acl(struct files_struct *fsp, uint32 security_info, return 0; } /* allocate the field of ZFS aces */ - mem_ctx = main_loop_talloc_get(); + mem_ctx = talloc_tos(); acebuf = (ace_t *) talloc_size(mem_ctx, sizeof(ace_t)*naces); if(acebuf == NULL) { errno = ENOMEM; @@ -102,7 +102,7 @@ static BOOL zfs_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl) TALLOC_CTX *mem_ctx; /* allocate the field of ZFS aces */ - mem_ctx = main_loop_talloc_get(); + mem_ctx = talloc_tos(); acebuf = (ace_t *) talloc_size(mem_ctx, sizeof(ace_t)*naces); if(acebuf == NULL) { errno = ENOMEM; -- cgit From 30191d1a5704ad2b158386b511558972d539ce47 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 18 Oct 2007 17:40:25 -0700 Subject: RIP BOOL. Convert BOOL -> bool. I found a few interesting bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f) --- source3/modules/vfs_zfsacl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/modules/vfs_zfsacl.c') diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c index fd057fa089..a817022032 100644 --- a/source3/modules/vfs_zfsacl.c +++ b/source3/modules/vfs_zfsacl.c @@ -94,7 +94,7 @@ static size_t zfs_get_nt_acl(struct files_struct *fsp, uint32 security_info, } /* call-back function processing the NT acl -> ZFS acl using NFSv4 conv. */ -static BOOL zfs_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl) +static bool zfs_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl) { int naces = smb_get_naces(smbacl), i; ace_t *acebuf; -- cgit From 15953b82eb3b49d736b4b835b1d0d3cf0da0bff8 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 13 Oct 2007 21:06:49 +0200 Subject: Make [f]get_nt_acl return NTSTATUS (This used to be commit dcbe1bf942d017a3cd5084c6ef605a13912f795b) --- source3/modules/vfs_zfsacl.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'source3/modules/vfs_zfsacl.c') diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c index a817022032..d265931cf2 100644 --- a/source3/modules/vfs_zfsacl.c +++ b/source3/modules/vfs_zfsacl.c @@ -34,7 +34,7 @@ * read the local file's acls and return it in NT form * using the NFSv4 format conversion */ -static size_t zfs_get_nt_acl(struct files_struct *fsp, uint32 security_info, +static NTSTATUS zfs_get_nt_acl(struct files_struct *fsp, uint32 security_info, struct security_descriptor **ppdesc) { int naces, i; @@ -50,20 +50,19 @@ static size_t zfs_get_nt_acl(struct files_struct *fsp, uint32 security_info, DEBUG(9, ("acl(ACE_GETACLCNT, %s): %s ", fsp->fsp_name, strerror(errno))); } - return 0; + return map_nt_error_from_unix(errno); } /* allocate the field of ZFS aces */ mem_ctx = talloc_tos(); acebuf = (ace_t *) talloc_size(mem_ctx, sizeof(ace_t)*naces); if(acebuf == NULL) { - errno = ENOMEM; - return 0; + return NT_STATUS_NO_MEMORY; } /* read the aces into the field */ if(acl(fsp->fsp_name, ACE_GETACL, naces, acebuf) < 0) { DEBUG(9, ("acl(ACE_GETACL, %s): %s ", fsp->fsp_name, strerror(errno))); - return 0; + return map_nt_error_from_unix(errno); } /* create SMB4ACL data */ if((pacl = smb_create_smb4acl()) == NULL) return 0; @@ -87,7 +86,8 @@ static size_t zfs_get_nt_acl(struct files_struct *fsp, uint32 security_info, } else { aceprop.flags = 0; } - if(smb_add_ace4(pacl, &aceprop) == NULL) return 0; + if(smb_add_ace4(pacl, &aceprop) == NULL) + return NT_STATUS_NO_MEMORY; } return smb_get_nt_acl_nfs4(fsp, security_info, ppdesc, pacl); @@ -164,7 +164,7 @@ static NTSTATUS zfs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, zfs_process_smbacl); } -static size_t zfsacl_fget_nt_acl(struct vfs_handle_struct *handle, +static NTSTATUS zfsacl_fget_nt_acl(struct vfs_handle_struct *handle, struct files_struct *fsp, int fd, uint32 security_info, struct security_descriptor **ppdesc) @@ -172,7 +172,7 @@ static size_t zfsacl_fget_nt_acl(struct vfs_handle_struct *handle, return zfs_get_nt_acl(fsp, security_info, ppdesc); } -static size_t zfsacl_get_nt_acl(struct vfs_handle_struct *handle, +static NTSTATUS zfsacl_get_nt_acl(struct vfs_handle_struct *handle, struct files_struct *fsp, const char *name, uint32 security_info, struct security_descriptor **ppdesc) -- cgit From b2f942cfe2672fac9449ce730b18cf7b5fc6e1f0 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 12 Nov 2007 12:49:40 +0100 Subject: Fix build of the zfs_acl module. There was one caller of smb_get_nt_acl_nfs4() forgotten in the change of return value. Michael (This used to be commit 4d3e84a3b3a39d3d2c9b86affa16c8124b1496e5) --- source3/modules/vfs_zfsacl.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source3/modules/vfs_zfsacl.c') diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c index d265931cf2..0fe21b2909 100644 --- a/source3/modules/vfs_zfsacl.c +++ b/source3/modules/vfs_zfsacl.c @@ -65,7 +65,9 @@ static NTSTATUS zfs_get_nt_acl(struct files_struct *fsp, uint32 security_info, return map_nt_error_from_unix(errno); } /* create SMB4ACL data */ - if((pacl = smb_create_smb4acl()) == NULL) return 0; + if((pacl = smb_create_smb4acl()) == NULL) { + return NT_STATUS_NO_MEMORY; + } for(i=0; i Date: Thu, 15 Nov 2007 00:46:20 +0100 Subject: Split smb_get_nt_acl_nfs4 into two (f- and non-f-variant). This is the next step in preparation of a get_nt_acl prototype change. Michael (This used to be commit 7afeb1c6cb1bdb58d1e61c54ae215d947d8dc3ea) --- source3/modules/vfs_zfsacl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/modules/vfs_zfsacl.c') diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c index 0fe21b2909..88cd0879cf 100644 --- a/source3/modules/vfs_zfsacl.c +++ b/source3/modules/vfs_zfsacl.c @@ -92,7 +92,7 @@ static NTSTATUS zfs_get_nt_acl(struct files_struct *fsp, uint32 security_info, return NT_STATUS_NO_MEMORY; } - return smb_get_nt_acl_nfs4(fsp, security_info, ppdesc, pacl); + return smb_fget_nt_acl_nfs4(fsp, security_info, ppdesc, pacl); } /* call-back function processing the NT acl -> ZFS acl using NFSv4 conv. */ -- cgit From c8fc49ff1b18606577c12fd0d89b94378c25f0be Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 16 Nov 2007 18:33:39 +0100 Subject: Prepare the zfs acl module for the api change in get_nt_acl(). Michael (This used to be commit 04258231dc654df077638edb7cb08542e39b7547) --- source3/modules/vfs_zfsacl.c | 37 ++++++++++++++++++++++++++++--------- 1 file changed, 28 insertions(+), 9 deletions(-) (limited to 'source3/modules/vfs_zfsacl.c') diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c index 88cd0879cf..e4b38f88ab 100644 --- a/source3/modules/vfs_zfsacl.c +++ b/source3/modules/vfs_zfsacl.c @@ -34,8 +34,9 @@ * read the local file's acls and return it in NT form * using the NFSv4 format conversion */ -static NTSTATUS zfs_get_nt_acl(struct files_struct *fsp, uint32 security_info, - struct security_descriptor **ppdesc) +static NTSTATUS zfs_get_nt_acl_common(const char *name, + uint32 security_info, + SMB4ACL_T **ppacl) { int naces, i; ace_t *acebuf; @@ -43,11 +44,11 @@ static NTSTATUS zfs_get_nt_acl(struct files_struct *fsp, uint32 security_info, TALLOC_CTX *mem_ctx; /* read the number of file aces */ - if((naces = acl(fsp->fsp_name, ACE_GETACLCNT, 0, NULL)) == -1) { + if((naces = acl(name, ACE_GETACLCNT, 0, NULL)) == -1) { if(errno == ENOSYS) { DEBUG(9, ("acl(ACE_GETACLCNT, %s): Operation is not supported on the filesystem where the file reside")); } else { - DEBUG(9, ("acl(ACE_GETACLCNT, %s): %s ", fsp->fsp_name, + DEBUG(9, ("acl(ACE_GETACLCNT, %s): %s ", name, strerror(errno))); } return map_nt_error_from_unix(errno); @@ -59,8 +60,8 @@ static NTSTATUS zfs_get_nt_acl(struct files_struct *fsp, uint32 security_info, return NT_STATUS_NO_MEMORY; } /* read the aces into the field */ - if(acl(fsp->fsp_name, ACE_GETACL, naces, acebuf) < 0) { - DEBUG(9, ("acl(ACE_GETACL, %s): %s ", fsp->fsp_name, + if(acl(name, ACE_GETACL, naces, acebuf) < 0) { + DEBUG(9, ("acl(ACE_GETACL, %s): %s ", name, strerror(errno))); return map_nt_error_from_unix(errno); } @@ -92,7 +93,8 @@ static NTSTATUS zfs_get_nt_acl(struct files_struct *fsp, uint32 security_info, return NT_STATUS_NO_MEMORY; } - return smb_fget_nt_acl_nfs4(fsp, security_info, ppdesc, pacl); + *ppacl = pacl; + return NT_STATUS_OK; } /* call-back function processing the NT acl -> ZFS acl using NFSv4 conv. */ @@ -171,7 +173,15 @@ static NTSTATUS zfsacl_fget_nt_acl(struct vfs_handle_struct *handle, int fd, uint32 security_info, struct security_descriptor **ppdesc) { - return zfs_get_nt_acl(fsp, security_info, ppdesc); + SMB4ACL_T *pacl; + NTSTATUS status; + + status = zfs_get_nt_acl_common(fsp->fsp_name, security_info, &pacl); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + return smb_fget_nt_acl_nfs4(fsp, security_info, ppdesc, pacl); } static NTSTATUS zfsacl_get_nt_acl(struct vfs_handle_struct *handle, @@ -179,7 +189,16 @@ static NTSTATUS zfsacl_get_nt_acl(struct vfs_handle_struct *handle, const char *name, uint32 security_info, struct security_descriptor **ppdesc) { - return zfs_get_nt_acl(fsp, security_info, ppdesc); + SMB4ACL_T *pacl; + NTSTATUS status; + + status = zfs_get_nt_acl_common(name, security_info, &pacl); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + return smb_get_nt_acl_nfs4(handle->conn, name, security_info, ppdesc, + pacl); } static NTSTATUS zfsacl_fset_nt_acl(vfs_handle_struct *handle, -- cgit From 35f13ae58958e00aeb81bfe6cb5cf3c9dec3f62f Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 4 Dec 2007 08:19:40 +0100 Subject: Reformatting: wrap long lines and remove trailing spaces. Michael (This used to be commit f6db5a0d0571130f765d8a0fb4e20e61cc8b2487) --- source3/modules/vfs_zfsacl.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'source3/modules/vfs_zfsacl.c') diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c index e4b38f88ab..307fa9977f 100644 --- a/source3/modules/vfs_zfsacl.c +++ b/source3/modules/vfs_zfsacl.c @@ -46,7 +46,9 @@ static NTSTATUS zfs_get_nt_acl_common(const char *name, /* read the number of file aces */ if((naces = acl(name, ACE_GETACLCNT, 0, NULL)) == -1) { if(errno == ENOSYS) { - DEBUG(9, ("acl(ACE_GETACLCNT, %s): Operation is not supported on the filesystem where the file reside")); + DEBUG(9, ("acl(ACE_GETACLCNT, %s): Operation is not " + "supported on the filesystem where the file " + "reside")); } else { DEBUG(9, ("acl(ACE_GETACLCNT, %s): %s ", name, strerror(errno))); @@ -145,7 +147,9 @@ static bool zfs_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl) /* store acl */ if(acl(fsp->fsp_name, ACE_SETACL, naces, acebuf)) { if(errno == ENOSYS) { - DEBUG(9, ("acl(ACE_SETACL, %s): Operation is not supported on the filesystem where the file reside")); + DEBUG(9, ("acl(ACE_SETACL, %s): Operation is not " + "supported on the filesystem where the file " + "reside")); } else { DEBUG(9, ("acl(ACE_SETACL, %s): %s ", fsp->fsp_name, strerror(errno))); @@ -219,7 +223,7 @@ static NTSTATUS zfsacl_set_nt_acl(vfs_handle_struct *handle, /* VFS operations structure */ -static vfs_op_tuple zfsacl_ops[] = { +static vfs_op_tuple zfsacl_ops[] = { {SMB_VFS_OP(zfsacl_fget_nt_acl), SMB_VFS_OP_FGET_NT_ACL, SMB_VFS_LAYER_OPAQUE}, {SMB_VFS_OP(zfsacl_get_nt_acl), SMB_VFS_OP_GET_NT_ACL, -- cgit From 65b3065a4b31102e332de7d6008941847d5f97b3 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 4 Dec 2007 08:25:21 +0100 Subject: Fix two debug statements: Add missing printf parameter. Michael (This used to be commit 1c4f74551f48429ee3af2022101a97679e25cdea) --- source3/modules/vfs_zfsacl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/modules/vfs_zfsacl.c') diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c index 307fa9977f..83893c7aea 100644 --- a/source3/modules/vfs_zfsacl.c +++ b/source3/modules/vfs_zfsacl.c @@ -48,7 +48,7 @@ static NTSTATUS zfs_get_nt_acl_common(const char *name, if(errno == ENOSYS) { DEBUG(9, ("acl(ACE_GETACLCNT, %s): Operation is not " "supported on the filesystem where the file " - "reside")); + "reside", name)); } else { DEBUG(9, ("acl(ACE_GETACLCNT, %s): %s ", name, strerror(errno))); @@ -149,7 +149,7 @@ static bool zfs_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl) if(errno == ENOSYS) { DEBUG(9, ("acl(ACE_SETACL, %s): Operation is not " "supported on the filesystem where the file " - "reside")); + "reside", fsp->fsp_name)); } else { DEBUG(9, ("acl(ACE_SETACL, %s): %s ", fsp->fsp_name, strerror(errno))); -- cgit From 233eb0e560acb26f8706fd3ab96d4c6379458414 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 5 Dec 2007 09:53:10 +0100 Subject: Change the prototype of the vfs function get_nt_acl(). Up to now, get_nt_acl() took a files_struct pointer (fsp) and a file name. All the underlying functions should need and now do need (after the previous preparatory work), is a connection_struct and a file name. The connection_struct is already there in the vfs_handle passed to the vfs functions. So the files_struct argument can be eliminated. This eliminates the need of calling open_file_stat in a couple of places to produce the fsp needed. Michael (This used to be commit b5f600fab53c9d159a958c59795db3ba4a8acc63) --- source3/modules/vfs_zfsacl.c | 1 - 1 file changed, 1 deletion(-) (limited to 'source3/modules/vfs_zfsacl.c') diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c index 83893c7aea..060d64cffb 100644 --- a/source3/modules/vfs_zfsacl.c +++ b/source3/modules/vfs_zfsacl.c @@ -189,7 +189,6 @@ static NTSTATUS zfsacl_fget_nt_acl(struct vfs_handle_struct *handle, } static NTSTATUS zfsacl_get_nt_acl(struct vfs_handle_struct *handle, - struct files_struct *fsp, const char *name, uint32 security_info, struct security_descriptor **ppdesc) { -- cgit From ee24c629a68e13764f78064121a6aea3d0e9240c Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sat, 5 Jan 2008 02:16:15 +0100 Subject: Remove superfluous fd parameter from SMB_VFS_FGET_NT_ACL(). Michael (This used to be commit c0c7c1223da29c68359dac64a340c1c710d5f3d2) --- source3/modules/vfs_zfsacl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/modules/vfs_zfsacl.c') diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c index 060d64cffb..6bf8352efd 100644 --- a/source3/modules/vfs_zfsacl.c +++ b/source3/modules/vfs_zfsacl.c @@ -174,7 +174,7 @@ static NTSTATUS zfs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, static NTSTATUS zfsacl_fget_nt_acl(struct vfs_handle_struct *handle, struct files_struct *fsp, - int fd, uint32 security_info, + uint32 security_info, struct security_descriptor **ppdesc) { SMB4ACL_T *pacl; -- cgit From 05352cf2cb7f9710444d340f3f14ac6917fb0416 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sun, 6 Jan 2008 18:48:02 +0100 Subject: Remove superfluous parameter fd from SMB_VFS_FSET_NT_ACL(). Michael (This used to be commit 4f2d139a186048f08180378a877b69d2f80ad51f) --- source3/modules/vfs_zfsacl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/modules/vfs_zfsacl.c') diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c index 6bf8352efd..ce2e28771f 100644 --- a/source3/modules/vfs_zfsacl.c +++ b/source3/modules/vfs_zfsacl.c @@ -206,7 +206,7 @@ static NTSTATUS zfsacl_get_nt_acl(struct vfs_handle_struct *handle, static NTSTATUS zfsacl_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, - int fd, uint32 security_info_sent, + uint32 security_info_sent, SEC_DESC *psd) { return zfs_set_nt_acl(handle, fsp, security_info_sent, psd); -- cgit From 00b2cdf75e9bea25034440054b4acd91a179c86d Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 8 May 2008 18:09:07 -0700 Subject: Yay ! Remove a VFS entry. Removed the set_nt_acl() call, this can only be done via fset_nt_acl() using an open file/directory handle. I'd like to do the same with get_nt_acl() but am concerned about efficiency problems with "hide unreadable/hide unwritable" when doing a directory listing (this would mean opening every file in the dir on list). Moving closer to rationalizing the ACL model and maybe moving the POSIX calls into a posix_acl VFS module rather than having them as first class citizens of the VFS. Jeremy. (This used to be commit f487f742cb903a06fbf2be006ddc9ce9063339ed) --- source3/modules/vfs_zfsacl.c | 10 ---------- 1 file changed, 10 deletions(-) (limited to 'source3/modules/vfs_zfsacl.c') diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c index ce2e28771f..e8a0507aa4 100644 --- a/source3/modules/vfs_zfsacl.c +++ b/source3/modules/vfs_zfsacl.c @@ -212,14 +212,6 @@ static NTSTATUS zfsacl_fset_nt_acl(vfs_handle_struct *handle, return zfs_set_nt_acl(handle, fsp, security_info_sent, psd); } -static NTSTATUS zfsacl_set_nt_acl(vfs_handle_struct *handle, - files_struct *fsp, - const char *name, uint32 security_info_sent, - SEC_DESC *psd) -{ - return zfs_set_nt_acl(handle, fsp, security_info_sent, psd); -} - /* VFS operations structure */ static vfs_op_tuple zfsacl_ops[] = { @@ -229,8 +221,6 @@ static vfs_op_tuple zfsacl_ops[] = { SMB_VFS_LAYER_OPAQUE}, {SMB_VFS_OP(zfsacl_fset_nt_acl), SMB_VFS_OP_FSET_NT_ACL, SMB_VFS_LAYER_OPAQUE}, - {SMB_VFS_OP(zfsacl_set_nt_acl), SMB_VFS_OP_SET_NT_ACL, - SMB_VFS_LAYER_OPAQUE}, {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP} }; -- cgit From bdd815e554fba73804ec69043ea2e4fb119f75fe Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 18 Jul 2008 10:01:39 +0200 Subject: Fix the build of vfs_zfsacl.c (cherry picked from commit b83beeda44e1c8d485c2ad6bb8ee539cdcbe8bda) (This used to be commit b46ce28039e8829f5188574ebe84ff3b7d9e65bc) --- source3/modules/vfs_zfsacl.c | 17 +---------------- 1 file changed, 1 insertion(+), 16 deletions(-) (limited to 'source3/modules/vfs_zfsacl.c') diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c index e8a0507aa4..e933e47317 100644 --- a/source3/modules/vfs_zfsacl.c +++ b/source3/modules/vfs_zfsacl.c @@ -224,23 +224,8 @@ static vfs_op_tuple zfsacl_ops[] = { {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP} }; -/* != 0 if this module will be compiled as static */ - -#define STATIC 0 - -#if STATIC NTSTATUS vfs_zfsacl_init(void); -#else -NTSTATUS init_module(void); -#endif - -NTSTATUS -#if STATIC - vfs_zfsacl_init -#else - init_module -#endif - (void) +NTSTATUS vfs_zfsacl_init(void) { return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "zfsacl", zfsacl_ops); -- cgit