2013-04-14 14:06:57 +04:00
/*
* Convert NFSv4 acls stored per http : //www.suse.de/~agruen/nfs4acl/ to NT acls and vice versa.
*
* Copyright ( C ) Jiri Sasek , 2007
* based on the foobar . c module which is copyrighted by Volker Lendecke
* based on pvfs_acl_nfs4 . c Copyright ( C ) Andrew Tridgell 2006
*
* based on vfs_fake_acls :
* Copyright ( C ) Tim Potter , 1999 - 2000
* Copyright ( C ) Alexander Bokovoy , 2002
* Copyright ( C ) Andrew Bartlett , 2002 , 2012
2017-10-19 17:34:44 +03:00
* Copyright ( C ) Ralph Boehme 2017
2013-04-14 14:06:57 +04:00
*
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation ; either version 3 of the License , or
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
* along with this program ; if not , see < http : //www.gnu.org/licenses/>.
*
*/
# include "includes.h"
# include "system/filesys.h"
# include "smbd/smbd.h"
2017-10-18 21:45:05 +03:00
# include "libcli/security/security_token.h"
2018-12-08 17:37:21 +03:00
# include "libcli/security/dom_sid.h"
2013-04-14 14:06:57 +04:00
# include "nfs4_acls.h"
# include "librpc/gen_ndr/ndr_nfs4acl.h"
2017-10-19 17:34:44 +03:00
# include "nfs4acl_xattr.h"
2017-10-17 13:02:53 +03:00
# include "nfs4acl_xattr_ndr.h"
2017-10-18 21:48:37 +03:00
# include "nfs4acl_xattr_xdr.h"
2018-11-29 13:01:59 +03:00
# include "nfs4acl_xattr_nfs.h"
2013-04-14 14:06:57 +04:00
# undef DBGC_CLASS
# define DBGC_CLASS DBGC_VFS
2017-10-19 17:34:44 +03:00
static const struct enum_list nfs4acl_encoding [ ] = {
{ NFS4ACL_ENCODING_NDR , " ndr " } ,
{ NFS4ACL_ENCODING_XDR , " xdr " } ,
2018-11-29 13:01:59 +03:00
{ NFS4ACL_ENCODING_NFS , " nfs " } ,
2017-10-19 17:34:44 +03:00
} ;
2017-10-18 21:45:05 +03:00
/*
* Check if someone changed the POSIX mode , for files we expect 0666 , for
* directories 0777. Discard the ACL blob if the mode is different .
*/
static bool nfs4acl_validate_blob ( vfs_handle_struct * handle ,
2021-04-01 23:33:35 +03:00
files_struct * fsp )
2017-10-18 21:45:05 +03:00
{
struct nfs4acl_config * config = NULL ;
mode_t expected_mode ;
int ret ;
SMB_VFS_HANDLE_GET_DATA ( handle , config ,
struct nfs4acl_config ,
return false ) ;
2018-11-29 13:01:59 +03:00
if ( ! config - > validate_mode ) {
return true ;
}
2021-04-01 23:33:35 +03:00
if ( S_ISDIR ( fsp - > fsp_name - > st . st_ex_mode ) ) {
2017-10-18 21:45:05 +03:00
expected_mode = 0777 ;
} else {
expected_mode = 0666 ;
}
2021-04-01 23:33:35 +03:00
if ( ( fsp - > fsp_name - > st . st_ex_mode & expected_mode ) = = expected_mode ) {
2017-10-18 21:45:05 +03:00
return true ;
}
2021-04-01 23:33:35 +03:00
ret = SMB_VFS_NEXT_FREMOVEXATTR ( handle ,
fsp ,
2017-10-18 21:45:05 +03:00
config - > xattr_name ) ;
if ( ret ! = 0 & & errno ! = ENOATTR ) {
DBG_ERR ( " Removing NFS4 xattr failed: %s \n " , strerror ( errno ) ) ;
return false ;
}
return true ;
}
2017-10-23 17:35:52 +03:00
static NTSTATUS nfs4acl_get_blob ( struct vfs_handle_struct * handle ,
files_struct * fsp ,
TALLOC_CTX * mem_ctx ,
DATA_BLOB * blob )
{
struct nfs4acl_config * config = NULL ;
size_t allocsize = 256 ;
ssize_t length ;
bool ok ;
SMB_VFS_HANDLE_GET_DATA ( handle , config ,
struct nfs4acl_config ,
return NT_STATUS_INTERNAL_ERROR ) ;
* blob = data_blob_null ;
2021-04-01 23:33:35 +03:00
ok = nfs4acl_validate_blob ( handle , fsp ) ;
2017-10-18 21:45:05 +03:00
if ( ! ok ) {
return NT_STATUS_INTERNAL_ERROR ;
}
2017-10-23 17:35:52 +03:00
do {
2017-10-23 15:15:12 +03:00
2017-10-23 17:35:52 +03:00
allocsize * = 4 ;
ok = data_blob_realloc ( mem_ctx , blob , allocsize ) ;
if ( ! ok ) {
return NT_STATUS_NO_MEMORY ;
}
2021-04-01 23:22:15 +03:00
length = SMB_VFS_NEXT_FGETXATTR ( handle ,
fsp ,
config - > xattr_name ,
blob - > data ,
blob - > length ) ;
2017-10-23 17:35:52 +03:00
} while ( length = = - 1 & & errno = = ERANGE & & allocsize < = 65536 ) ;
if ( length = = - 1 ) {
return map_nt_error_from_unix ( errno ) ;
}
return NT_STATUS_OK ;
}
2017-10-16 19:05:51 +03:00
static NTSTATUS nfs4acl_xattr_default_sd (
struct vfs_handle_struct * handle ,
const struct smb_filename * smb_fname ,
TALLOC_CTX * mem_ctx ,
struct security_descriptor * * sd )
2013-04-16 16:11:27 +04:00
{
2017-10-16 19:05:51 +03:00
struct nfs4acl_config * config = NULL ;
enum default_acl_style default_acl_style ;
mode_t required_mode ;
SMB_STRUCT_STAT sbuf = smb_fname - > st ;
2013-04-16 16:11:27 +04:00
int ret ;
2017-10-16 19:05:51 +03:00
SMB_VFS_HANDLE_GET_DATA ( handle , config ,
struct nfs4acl_config ,
return NT_STATUS_INTERNAL_ERROR ) ;
2013-04-16 16:11:27 +04:00
2017-10-16 19:05:51 +03:00
default_acl_style = config - > default_acl_style ;
2013-04-16 16:11:27 +04:00
2017-10-16 19:05:51 +03:00
if ( ! VALID_STAT ( sbuf ) ) {
ret = vfs_stat_smb_basename ( handle - > conn ,
smb_fname ,
& sbuf ) ;
if ( ret ! = 0 ) {
return map_nt_error_from_unix ( errno ) ;
2013-04-16 16:11:27 +04:00
}
}
2017-10-16 19:05:51 +03:00
if ( S_ISDIR ( sbuf . st_ex_mode ) ) {
required_mode = 0777 ;
} else {
required_mode = 0666 ;
}
if ( ( sbuf . st_ex_mode & required_mode ) ! = required_mode ) {
default_acl_style = DEFAULT_ACL_POSIX ;
2013-04-16 16:11:27 +04:00
}
2017-10-16 19:05:51 +03:00
return make_default_filesystem_acl ( mem_ctx ,
default_acl_style ,
smb_fname - > base_name ,
& sbuf ,
sd ) ;
2013-04-14 14:06:57 +04:00
}
2017-10-23 17:35:52 +03:00
static NTSTATUS nfs4acl_blob_to_smb4 ( struct vfs_handle_struct * handle ,
DATA_BLOB * blob ,
TALLOC_CTX * mem_ctx ,
struct SMB4ACL_T * * smb4acl )
{
struct nfs4acl_config * config = NULL ;
NTSTATUS status ;
SMB_VFS_HANDLE_GET_DATA ( handle , config ,
struct nfs4acl_config ,
return NT_STATUS_INTERNAL_ERROR ) ;
switch ( config - > encoding ) {
case NFS4ACL_ENCODING_NDR :
status = nfs4acl_ndr_blob_to_smb4 ( handle , mem_ctx , blob , smb4acl ) ;
break ;
2017-10-18 21:48:37 +03:00
case NFS4ACL_ENCODING_XDR :
status = nfs4acl_xdr_blob_to_smb4 ( handle , mem_ctx , blob , smb4acl ) ;
break ;
2018-11-29 13:01:59 +03:00
case NFS4ACL_ENCODING_NFS :
status = nfs4acl_nfs_blob_to_smb4 ( handle , mem_ctx , blob , smb4acl ) ;
break ;
2017-10-23 17:35:52 +03:00
default :
status = NT_STATUS_INTERNAL_ERROR ;
break ;
}
return status ;
}
2013-04-14 14:06:57 +04:00
static NTSTATUS nfs4acl_xattr_fget_nt_acl ( struct vfs_handle_struct * handle ,
struct files_struct * fsp ,
2015-05-03 06:11:02 +03:00
uint32_t security_info ,
2013-04-14 14:06:57 +04:00
TALLOC_CTX * mem_ctx ,
2017-10-19 22:53:40 +03:00
struct security_descriptor * * sd )
2013-04-14 14:06:57 +04:00
{
2017-10-19 22:53:40 +03:00
struct SMB4ACL_T * smb4acl = NULL ;
2013-04-14 14:06:57 +04:00
TALLOC_CTX * frame = talloc_stackframe ( ) ;
2017-10-23 17:35:52 +03:00
DATA_BLOB blob ;
2017-10-19 22:53:40 +03:00
NTSTATUS status ;
2013-04-14 14:06:57 +04:00
2021-04-01 23:22:15 +03:00
status = nfs4acl_get_blob ( handle , fsp , frame , & blob ) ;
2013-04-16 16:11:27 +04:00
if ( NT_STATUS_EQUAL ( status , NT_STATUS_NOT_FOUND ) ) {
2017-10-16 19:05:51 +03:00
TALLOC_FREE ( frame ) ;
return nfs4acl_xattr_default_sd (
2017-10-19 22:53:40 +03:00
handle , fsp - > fsp_name , mem_ctx , sd ) ;
2013-04-16 16:11:27 +04:00
}
2017-10-16 19:05:51 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2013-04-14 14:06:57 +04:00
TALLOC_FREE ( frame ) ;
return status ;
}
2017-10-23 17:35:52 +03:00
status = nfs4acl_blob_to_smb4 ( handle , & blob , frame , & smb4acl ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
TALLOC_FREE ( frame ) ;
return status ;
}
2016-08-09 12:07:38 +03:00
status = smb_fget_nt_acl_nfs4 ( fsp , NULL , security_info , mem_ctx ,
2017-10-19 22:53:40 +03:00
sd , smb4acl ) ;
2013-04-14 14:06:57 +04:00
TALLOC_FREE ( frame ) ;
return status ;
}
2020-04-14 00:04:28 +03:00
static NTSTATUS nfs4acl_xattr_get_nt_acl_at ( struct vfs_handle_struct * handle ,
struct files_struct * dirfsp ,
const struct smb_filename * smb_fname ,
uint32_t security_info ,
TALLOC_CTX * mem_ctx ,
struct security_descriptor * * sd )
{
struct SMB4ACL_T * smb4acl = NULL ;
TALLOC_CTX * frame = talloc_stackframe ( ) ;
DATA_BLOB blob ;
2021-04-01 23:16:34 +03:00
struct smb_filename * pathref = NULL ;
2020-04-14 00:04:28 +03:00
NTSTATUS status ;
SMB_ASSERT ( dirfsp = = handle - > conn - > cwd_fsp ) ;
2021-04-01 23:16:34 +03:00
/*
* FIXME . One place where this ( smb_fname - > fsp = = NULL )
* can happen is from open when checking parent
* directory ACL - check_parent_access ( ) currently
* isn ' t always passed a smb_fname with a valid
* fsp and check_parent_access ( ) currently doesn ' t
* open a pathref smb_fname - > fsp itself ( eventually
* it should be passed in a pathref from the caller ) .
*
* There are also a few other places inside smbd
* that call smbd_check_access_rights ( ) also without
* a pathref fsp .
*
* This check should be moved into the
* callers inside smbd to ensure that smb_fname - > fsp
* is always valid here , and in a later patchset
* I will do just that . - - jra .
*
* Ultimately it may be possible to remove
* pathname based SMB_VFS_GET_NT_ACL_AT ( ) , this
* requires further investigation .
*/
if ( smb_fname - > fsp = = NULL ) {
DBG_DEBUG ( " FIXME: file %s doesn't have a pathref fsp \n " ,
smb_fname_str_dbg ( smb_fname ) ) ;
status = synthetic_pathref ( frame ,
dirfsp ,
smb_fname - > base_name ,
NULL ,
NULL ,
smb_fname - > twrp ,
smb_fname - > flags ,
& pathref ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
TALLOC_FREE ( frame ) ;
return status ;
}
smb_fname = pathref ;
}
if ( fsp_get_pathref_fd ( smb_fname - > fsp ) = = - 1 ) {
/*
* This is a POSIX open on a symlink .
* Return not found to catch the
* special casing in open_file ( ) .
*/
DBG_DEBUG ( " file %s pathref fd == -1 \n " ,
smb_fname_str_dbg ( smb_fname ) ) ;
2020-04-14 00:04:28 +03:00
TALLOC_FREE ( frame ) ;
2021-04-01 23:16:34 +03:00
return NT_STATUS_OBJECT_NAME_NOT_FOUND ;
}
status = nfs4acl_get_blob ( handle ,
smb_fname - > fsp ,
frame ,
& blob ) ;
if ( NT_STATUS_EQUAL ( status , NT_STATUS_NOT_FOUND ) ) {
status = nfs4acl_xattr_default_sd (
2020-04-14 00:04:28 +03:00
handle , smb_fname , mem_ctx , sd ) ;
2021-04-01 23:16:34 +03:00
TALLOC_FREE ( frame ) ;
return status ;
2020-04-14 00:04:28 +03:00
}
if ( ! NT_STATUS_IS_OK ( status ) ) {
TALLOC_FREE ( frame ) ;
return status ;
}
status = nfs4acl_blob_to_smb4 ( handle , & blob , frame , & smb4acl ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
TALLOC_FREE ( frame ) ;
return status ;
}
status = smb_get_nt_acl_nfs4 ( handle - > conn , smb_fname , NULL ,
security_info , mem_ctx , sd ,
smb4acl ) ;
TALLOC_FREE ( frame ) ;
return status ;
}
2017-10-23 17:35:52 +03:00
static bool nfs4acl_smb4acl_set_fn ( vfs_handle_struct * handle ,
files_struct * fsp ,
struct SMB4ACL_T * smb4acl )
{
struct nfs4acl_config * config = NULL ;
DATA_BLOB blob ;
NTSTATUS status ;
2017-10-23 15:15:12 +03:00
int saved_errno = 0 ;
2017-10-23 17:35:52 +03:00
int ret ;
SMB_VFS_HANDLE_GET_DATA ( handle , config ,
struct nfs4acl_config ,
return false ) ;
switch ( config - > encoding ) {
case NFS4ACL_ENCODING_NDR :
status = nfs4acl_smb4acl_to_ndr_blob ( handle , talloc_tos ( ) ,
smb4acl , & blob ) ;
break ;
2017-10-18 21:48:37 +03:00
case NFS4ACL_ENCODING_XDR :
status = nfs4acl_smb4acl_to_xdr_blob ( handle , talloc_tos ( ) ,
smb4acl , & blob ) ;
break ;
2018-11-29 13:01:59 +03:00
case NFS4ACL_ENCODING_NFS :
status = nfs4acl_smb4acl_to_nfs_blob ( handle , talloc_tos ( ) ,
smb4acl , & blob ) ;
break ;
2017-10-23 17:35:52 +03:00
default :
status = NT_STATUS_INTERNAL_ERROR ;
break ;
}
if ( ! NT_STATUS_IS_OK ( status ) ) {
return false ;
}
2021-02-19 17:47:07 +03:00
ret = SMB_VFS_NEXT_FSETXATTR ( handle , fsp , config - > xattr_name ,
blob . data , blob . length , 0 ) ;
2017-10-23 15:15:12 +03:00
if ( ret ! = 0 ) {
saved_errno = errno ;
}
2017-10-23 17:35:52 +03:00
data_blob_free ( & blob ) ;
2017-10-23 15:15:12 +03:00
if ( saved_errno ! = 0 ) {
errno = saved_errno ;
}
2017-10-23 17:35:52 +03:00
if ( ret ! = 0 ) {
DBG_ERR ( " can't store acl in xattr: %s \n " , strerror ( errno ) ) ;
return false ;
}
return true ;
}
2013-04-14 14:06:57 +04:00
static NTSTATUS nfs4acl_xattr_fset_nt_acl ( vfs_handle_struct * handle ,
files_struct * fsp ,
2015-05-03 06:11:02 +03:00
uint32_t security_info_sent ,
2013-04-14 14:06:57 +04:00
const struct security_descriptor * psd )
{
2017-10-23 17:35:52 +03:00
struct nfs4acl_config * config = NULL ;
2017-10-23 13:46:07 +03:00
const struct security_token * token = NULL ;
2017-10-18 21:45:05 +03:00
mode_t existing_mode ;
mode_t expected_mode ;
mode_t restored_mode ;
2017-10-23 13:46:07 +03:00
bool chown_needed = false ;
2018-12-08 17:37:21 +03:00
struct dom_sid_buf buf ;
2017-10-18 21:45:05 +03:00
NTSTATUS status ;
int ret ;
2017-10-23 17:35:52 +03:00
SMB_VFS_HANDLE_GET_DATA ( handle , config ,
struct nfs4acl_config ,
return NT_STATUS_INTERNAL_ERROR ) ;
2017-10-18 21:45:05 +03:00
if ( ! VALID_STAT ( fsp - > fsp_name - > st ) ) {
DBG_ERR ( " Invalid stat info on [%s] \n " , fsp_str_dbg ( fsp ) ) ;
return NT_STATUS_INTERNAL_ERROR ;
}
existing_mode = fsp - > fsp_name - > st . st_ex_mode ;
if ( S_ISDIR ( existing_mode ) ) {
expected_mode = 0777 ;
} else {
expected_mode = 0666 ;
}
2018-11-29 13:01:59 +03:00
if ( ! config - > validate_mode ) {
existing_mode = 0 ;
expected_mode = 0 ;
}
2017-10-18 21:45:05 +03:00
if ( ( existing_mode & expected_mode ) ! = expected_mode ) {
restored_mode = existing_mode | expected_mode ;
2021-04-08 13:10:54 +03:00
ret = SMB_VFS_NEXT_FCHMOD ( handle ,
fsp ,
restored_mode ) ;
2017-10-18 21:45:05 +03:00
if ( ret ! = 0 ) {
DBG_ERR ( " Resetting POSIX mode on [%s] from [0%o]: %s \n " ,
fsp_str_dbg ( fsp ) , existing_mode ,
strerror ( errno ) ) ;
return map_nt_error_from_unix ( errno ) ;
}
}
status = smb_set_nt_acl_nfs4 ( handle ,
fsp ,
& config - > nfs4_params ,
security_info_sent ,
psd ,
nfs4acl_smb4acl_set_fn ) ;
2017-10-23 13:46:07 +03:00
if ( NT_STATUS_IS_OK ( status ) ) {
return NT_STATUS_OK ;
2017-10-18 21:45:05 +03:00
}
2018-11-29 13:17:08 +03:00
if ( ! NT_STATUS_EQUAL ( status , NT_STATUS_ACCESS_DENIED ) ) {
return status ;
}
2017-10-18 21:45:05 +03:00
2017-10-23 13:46:07 +03:00
/*
* We got access denied . If we ' re already root , or we didn ' t
* need to do a chown , or the fsp isn ' t open with WRITE_OWNER
* access , just return .
*/
if ( ( security_info_sent & SECINFO_OWNER ) & &
( psd - > owner_sid ! = NULL ) )
{
chown_needed = true ;
}
if ( ( security_info_sent & SECINFO_GROUP ) & &
( psd - > group_sid ! = NULL ) )
{
chown_needed = true ;
}
if ( get_current_uid ( handle - > conn ) = = 0 | |
chown_needed = = false | |
! ( fsp - > access_mask & SEC_STD_WRITE_OWNER ) )
{
return NT_STATUS_ACCESS_DENIED ;
}
/*
* Only allow take - ownership , not give - ownership . That ' s the way Windows
* implements SEC_STD_WRITE_OWNER . MS - FSA 2.1 .5 .16 just states : If
* InputBuffer . OwnerSid is not a valid owner SID for a file in the
* objectstore , as determined in an implementation specific manner , the
* object store MUST return STATUS_INVALID_OWNER .
*/
token = get_current_nttok ( fsp - > conn ) ;
if ( ! security_token_is_sid ( token , psd - > owner_sid ) ) {
return NT_STATUS_INVALID_OWNER ;
}
DBG_DEBUG ( " overriding chown on file %s for sid %s \n " ,
2018-12-08 17:37:21 +03:00
fsp_str_dbg ( fsp ) ,
dom_sid_str_buf ( psd - > owner_sid , & buf ) ) ;
2017-10-23 13:46:07 +03:00
status = smb_set_nt_acl_nfs4 ( handle ,
fsp ,
& config - > nfs4_params ,
security_info_sent ,
psd ,
nfs4acl_smb4acl_set_fn ) ;
return status ;
2013-04-14 14:06:57 +04:00
}
2017-10-19 17:34:44 +03:00
static int nfs4acl_connect ( struct vfs_handle_struct * handle ,
const char * service ,
const char * user )
{
2019-10-15 15:00:29 +03:00
const struct loadparm_substitution * lp_sub =
loadparm_s3_global_substitution ( ) ;
2017-10-19 17:34:44 +03:00
struct nfs4acl_config * config = NULL ;
const struct enum_list * default_acl_style_list = NULL ;
const char * default_xattr_name = NULL ;
2018-11-29 13:01:59 +03:00
bool default_validate_mode = true ;
2017-10-19 17:34:44 +03:00
int enumval ;
unsigned nfs_version ;
int ret ;
default_acl_style_list = get_default_acl_style_list ( ) ;
config = talloc_zero ( handle - > conn , struct nfs4acl_config ) ;
if ( config = = NULL ) {
DBG_ERR ( " talloc_zero() failed \n " ) ;
return - 1 ;
}
ret = SMB_VFS_NEXT_CONNECT ( handle , service , user ) ;
if ( ret < 0 ) {
TALLOC_FREE ( config ) ;
return ret ;
}
ret = smbacl4_get_vfs_params ( handle - > conn , & config - > nfs4_params ) ;
if ( ret < 0 ) {
TALLOC_FREE ( config ) ;
return ret ;
}
enumval = lp_parm_enum ( SNUM ( handle - > conn ) ,
" nfs4acl_xattr " ,
" encoding " ,
nfs4acl_encoding ,
NFS4ACL_ENCODING_NDR ) ;
if ( enumval = = - 1 ) {
DBG_ERR ( " Invalid \" nfs4acl_xattr:encoding \" parameter \n " ) ;
return - 1 ;
}
config - > encoding = ( enum nfs4acl_encoding ) enumval ;
switch ( config - > encoding ) {
2017-10-18 21:48:37 +03:00
case NFS4ACL_ENCODING_XDR :
default_xattr_name = NFS4ACL_XDR_XATTR_NAME ;
break ;
2018-11-29 13:01:59 +03:00
case NFS4ACL_ENCODING_NFS :
default_xattr_name = NFS4ACL_NFS_XATTR_NAME ;
default_validate_mode = false ;
break ;
2017-10-19 17:34:44 +03:00
case NFS4ACL_ENCODING_NDR :
default :
default_xattr_name = NFS4ACL_NDR_XATTR_NAME ;
break ;
}
nfs_version = ( unsigned ) lp_parm_int ( SNUM ( handle - > conn ) ,
" nfs4acl_xattr " ,
" version " ,
2017-11-02 14:45:48 +03:00
41 ) ;
2017-10-19 17:34:44 +03:00
switch ( nfs_version ) {
case 40 :
config - > nfs_version = ACL4_XATTR_VERSION_40 ;
break ;
2017-10-19 16:40:52 +03:00
case 41 :
config - > nfs_version = ACL4_XATTR_VERSION_41 ;
break ;
2017-10-19 17:34:44 +03:00
default :
config - > nfs_version = ACL4_XATTR_VERSION_DEFAULT ;
break ;
}
config - > default_acl_style = lp_parm_enum ( SNUM ( handle - > conn ) ,
" nfs4acl_xattr " ,
" default acl style " ,
default_acl_style_list ,
DEFAULT_ACL_EVERYONE ) ;
2019-10-15 15:00:29 +03:00
config - > xattr_name = lp_parm_substituted_string ( config , lp_sub ,
2017-10-19 17:34:44 +03:00
SNUM ( handle - > conn ) ,
" nfs4acl_xattr " ,
" xattr_name " ,
default_xattr_name ) ;
2018-11-29 13:01:59 +03:00
config - > nfs4_id_numeric = lp_parm_bool ( SNUM ( handle - > conn ) ,
" nfs4acl_xattr " ,
" nfs4_id_numeric " ,
false ) ;
config - > validate_mode = lp_parm_bool ( SNUM ( handle - > conn ) ,
" nfs4acl_xattr " ,
" validate_mode " ,
default_validate_mode ) ;
2017-10-19 17:34:44 +03:00
SMB_VFS_HANDLE_SET_DATA ( handle , config , NULL , struct nfs4acl_config ,
return - 1 ) ;
2017-10-16 19:05:51 +03:00
/*
* Ensure we have the parameters correct if we ' re using this module .
*/
DBG_NOTICE ( " Setting 'inherit acls = true', "
" 'dos filemode = true', "
" 'force unknown acl user = true', "
" 'create mask = 0666', "
" 'directory mask = 0777' and "
" 'store dos attributes = yes' "
" for service [%s] \n " , service ) ;
lp_do_parameter ( SNUM ( handle - > conn ) , " inherit acls " , " true " ) ;
lp_do_parameter ( SNUM ( handle - > conn ) , " dos filemode " , " true " ) ;
lp_do_parameter ( SNUM ( handle - > conn ) , " force unknown acl user " , " true " ) ;
lp_do_parameter ( SNUM ( handle - > conn ) , " create mask " , " 0666 " ) ;
lp_do_parameter ( SNUM ( handle - > conn ) , " directory mask " , " 0777 " ) ;
lp_do_parameter ( SNUM ( handle - > conn ) , " store dos attributes " , " yes " ) ;
2017-10-19 17:34:44 +03:00
return 0 ;
}
2013-04-14 14:06:57 +04:00
/*
As long as Samba does not support an exiplicit method for a module
to define conflicting vfs methods , we should override all conflicting
methods here . That way , we know we are using the NFSv4 storage
Function declarations taken from vfs_solarisacl
*/
static SMB_ACL_T nfs4acl_xattr_fail__sys_acl_get_file ( vfs_handle_struct * handle ,
2017-05-24 03:11:18 +03:00
const struct smb_filename * smb_fname ,
SMB_ACL_TYPE_T type ,
TALLOC_CTX * mem_ctx )
2013-04-14 14:06:57 +04:00
{
return ( SMB_ACL_T ) NULL ;
}
static SMB_ACL_T nfs4acl_xattr_fail__sys_acl_get_fd ( vfs_handle_struct * handle ,
files_struct * fsp ,
TALLOC_CTX * mem_ctx )
{
return ( SMB_ACL_T ) NULL ;
}
static int nfs4acl_xattr_fail__sys_acl_set_fd ( vfs_handle_struct * handle ,
files_struct * fsp ,
2020-12-14 18:28:26 +03:00
SMB_ACL_TYPE_T type ,
2013-04-14 14:06:57 +04:00
SMB_ACL_T theacl )
{
return - 1 ;
}
2021-05-15 01:12:50 +03:00
static int nfs4acl_xattr_fail__sys_acl_delete_def_fd ( vfs_handle_struct * handle ,
files_struct * fsp )
{
return - 1 ;
}
2017-05-24 03:35:59 +03:00
static int nfs4acl_xattr_fail__sys_acl_blob_get_file ( vfs_handle_struct * handle ,
const struct smb_filename * smb_fname ,
TALLOC_CTX * mem_ctx ,
char * * blob_description ,
DATA_BLOB * blob )
2013-04-14 14:06:57 +04:00
{
return - 1 ;
}
static int nfs4acl_xattr_fail__sys_acl_blob_get_fd ( vfs_handle_struct * handle , files_struct * fsp , TALLOC_CTX * mem_ctx , char * * blob_description , DATA_BLOB * blob )
{
return - 1 ;
}
/* VFS operations structure */
static struct vfs_fn_pointers nfs4acl_xattr_fns = {
2017-10-19 17:34:44 +03:00
. connect_fn = nfs4acl_connect ,
2017-10-19 16:50:07 +03:00
. fget_nt_acl_fn = nfs4acl_xattr_fget_nt_acl ,
2020-04-14 00:04:28 +03:00
. get_nt_acl_at_fn = nfs4acl_xattr_get_nt_acl_at ,
2017-10-19 16:50:07 +03:00
. fset_nt_acl_fn = nfs4acl_xattr_fset_nt_acl ,
2013-04-14 14:06:57 +04:00
. sys_acl_get_file_fn = nfs4acl_xattr_fail__sys_acl_get_file ,
. sys_acl_get_fd_fn = nfs4acl_xattr_fail__sys_acl_get_fd ,
. sys_acl_blob_get_file_fn = nfs4acl_xattr_fail__sys_acl_blob_get_file ,
. sys_acl_blob_get_fd_fn = nfs4acl_xattr_fail__sys_acl_blob_get_fd ,
. sys_acl_set_fd_fn = nfs4acl_xattr_fail__sys_acl_set_fd ,
2021-05-15 01:12:50 +03:00
. sys_acl_delete_def_fd_fn = nfs4acl_xattr_fail__sys_acl_delete_def_fd ,
2013-04-14 14:06:57 +04:00
} ;
2017-12-16 01:32:12 +03:00
static_decl_vfs ;
2017-04-20 22:24:43 +03:00
NTSTATUS vfs_nfs4acl_xattr_init ( TALLOC_CTX * ctx )
2013-04-14 14:06:57 +04:00
{
return smb_register_vfs ( SMB_VFS_INTERFACE_VERSION , " nfs4acl_xattr " ,
& nfs4acl_xattr_fns ) ;
}