root/source3/modules/vfs_aixacl2.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. aixacl2_getlen
  2. aixjfs2_getacl_alloc
  3. aixjfs2_get_nfs4_acl
  4. aixjfs2_fget_nt_acl
  5. aixjfs2_get_nt_acl
  6. aixjfs2_get_posix_acl
  7. aixjfs2_sys_acl_get_file
  8. aixjfs2_sys_acl_get_fd
  9. aixjfs2_query_acl_support
  10. aixjfs2_process_smbacl
  11. aixjfs2_set_nt_acl_common
  12. aixjfs2_fset_nt_acl
  13. aixjfs2_sys_acl_set_file
  14. aixjfs2_sys_acl_set_fd
  15. aixjfs2_sys_acl_delete_def_file
  16. vfs_aixacl2_init

   1 /*
   2  * Convert JFS2 NFS4/AIXC acls to NT acls and vice versa.
   3  *
   4  * Copyright (C) Volker Lendecke, 2006
   5  *
   6  * This program is free software; you can redistribute it and/or modify
   7  * it under the terms of the GNU General Public License as published by
   8  * the Free Software Foundation; either version 3 of the License, or
   9  * (at your option) any later version.
  10  *
  11  * This program is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14  * GNU General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU General Public License
  17  * along with this program; if not, see <http://www.gnu.org/licenses/>.
  18  */
  19 
  20 #include "includes.h"
  21 #include "nfs4_acls.h"
  22 
  23 #undef DBGC_CLASS
  24 #define DBGC_CLASS DBGC_VFS
  25 
  26 #define AIXACL2_MODULE_NAME "aixacl2"
  27 
  28 extern SMB_ACL_T aixacl_to_smbacl( struct acl *file_acl);
  29 extern struct acl *aixacl_smb_to_aixacl(SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl);
  30 
  31 typedef union aixjfs2_acl_t {
  32         nfs4_acl_int_t jfs2_acl[1];
  33         aixc_acl_t aixc_acl[1];
  34 }AIXJFS2_ACL_T;
  35 
  36 static int32_t aixacl2_getlen(AIXJFS2_ACL_T *acl, acl_type_t *type)
     /* [<][>][^][v][top][bottom][index][help] */
  37 {
  38         int32_t len;
  39  
  40                 if(type->u64 == ACL_NFS4) {
  41                         len = acl->jfs2_acl[0].aclLength;
  42                 }       
  43                 else {
  44                         if(type->u64 == ACL_AIXC) {
  45                                 len = acl->aixc_acl[0].acl_len;
  46                         } else {
  47                                 DEBUG(0,("aixacl2_getlen:unknown type:%d\n",type->u64));
  48                                 return False;
  49                         }       
  50                 }               
  51                 DEBUG(10,("aixacl2_getlen:%d\n",len));
  52         return len;
  53 }
  54 
  55 static AIXJFS2_ACL_T *aixjfs2_getacl_alloc(const char *fname, acl_type_t *type)
     /* [<][>][^][v][top][bottom][index][help] */
  56 {
  57         AIXJFS2_ACL_T *acl;
  58         size_t len = 200;
  59         mode_t mode;
  60         int ret;
  61         uint64_t ctl_flag=0;
  62         TALLOC_CTX      *mem_ctx;
  63 
  64         mem_ctx = talloc_tos();
  65         acl = (AIXJFS2_ACL_T *)TALLOC_SIZE(mem_ctx, len);
  66         if (acl == NULL) {
  67                 errno = ENOMEM;
  68                 return NULL;
  69         }
  70 
  71         if(type->u64 == ACL_ANY) {
  72                 ctl_flag = ctl_flag | GET_ACLINFO_ONLY;
  73         }
  74 
  75         ret = aclx_get((char *)fname, ctl_flag, type, acl, &len, &mode);
  76         if ((ret != 0) && (errno == ENOSPC)) {
  77                 len = aixacl2_getlen(acl, type) + sizeof(AIXJFS2_ACL_T);
  78                 DEBUG(10,("aixjfs2_getacl_alloc - acl_len:%d\n",len));
  79 
  80                 acl = (AIXJFS2_ACL_T *)TALLOC_SIZE(mem_ctx, len);
  81                 if (acl == NULL) {
  82                         errno = ENOMEM;
  83                         return NULL;
  84                 }
  85 
  86                 ret = aclx_get((char *)fname, ctl_flag, type, acl, &len, &mode);
  87         }
  88         if (ret != 0) {
  89                 DEBUG(8, ("aclx_get failed with %s\n", strerror(errno)));
  90                 return NULL;
  91         }
  92 
  93         return acl;
  94 }
  95 
  96 static bool aixjfs2_get_nfs4_acl(const char *name,
     /* [<][>][^][v][top][bottom][index][help] */
  97         SMB4ACL_T **ppacl, bool *pretryPosix)
  98 {
  99         int32_t i;
 100         
 101         AIXJFS2_ACL_T *pacl = NULL;
 102         nfs4_acl_int_t *jfs2_acl = NULL;
 103         nfs4_ace_int_t *jfs2_ace = NULL;
 104         acl_type_t type;
 105 
 106         DEBUG(10,("jfs2 get_nt_acl invoked for %s\n", name));
 107 
 108         memset(&type, 0, sizeof(acl_type_t));
 109         type.u64 = ACL_NFS4;
 110 
 111         pacl = aixjfs2_getacl_alloc(name, &type);
 112         if (pacl == NULL) {
 113                 DEBUG(9, ("aixjfs2_getacl_alloc failed for %s with %s\n",
 114                                 name, strerror(errno)));
 115                 if (errno==ENOSYS)
 116                         *pretryPosix = True;
 117                 return False;
 118         }
 119 
 120         jfs2_acl = &pacl->jfs2_acl[0];
 121         DEBUG(10, ("len: %d, version: %d, nace: %d, type: 0x%x\n",
 122                         jfs2_acl->aclLength, jfs2_acl->aclVersion, jfs2_acl->aclEntryN, type.u64));
 123 
 124         *ppacl = smb_create_smb4acl();
 125         if (*ppacl==NULL)
 126                 return False;
 127 
 128         jfs2_ace = &jfs2_acl->aclEntry[0];
 129         for (i=0; i<jfs2_acl->aclEntryN; i++) {
 130                 SMB_ACE4PROP_T aceprop;
 131 
 132                 DEBUG(10, ("type: %d, iflags: %x, flags: %x, mask: %x, "
 133                                 "who: %d, aclLen: %d\n", jfs2_ace->aceType, jfs2_ace->flags,
 134                                 jfs2_ace->aceFlags, jfs2_ace->aceMask, jfs2_ace->aceWho.id, jfs2_ace->entryLen));
 135 
 136                 aceprop.aceType = jfs2_ace->aceType;
 137                 aceprop.aceFlags = jfs2_ace->aceFlags;
 138                 aceprop.aceMask = jfs2_ace->aceMask;
 139                 aceprop.flags = (jfs2_ace->flags&ACE4_ID_SPECIAL) ? SMB_ACE4_ID_SPECIAL : 0;
 140 
 141                 /* don't care it's real content is only 16 or 32 bit */
 142                 aceprop.who.id = jfs2_ace->aceWho.id;
 143 
 144                 if (smb_add_ace4(*ppacl, &aceprop)==NULL)
 145                         return False;
 146 
 147                 /* iterate to the next jfs2 ace */
 148                 jfs2_ace = (nfs4_ace_int_t *)(((char *)jfs2_ace) + jfs2_ace->entryLen);
 149         }
 150 
 151         DEBUG(10,("jfs2 get_nt_acl finished successfully\n"));
 152 
 153         return True;
 154 }
 155 
 156 static NTSTATUS aixjfs2_fget_nt_acl(vfs_handle_struct *handle,
     /* [<][>][^][v][top][bottom][index][help] */
 157         files_struct *fsp, uint32 security_info,
 158         SEC_DESC **ppdesc)
 159 {
 160         SMB4ACL_T *pacl = NULL;
 161         bool    result;
 162         bool    retryPosix = False;
 163 
 164         *ppdesc = NULL;
 165         result = aixjfs2_get_nfs4_acl(fsp->fsp_name, &pacl, &retryPosix);
 166         if (retryPosix)
 167         {
 168                 DEBUG(10, ("retrying with posix acl...\n"));
 169                 return posix_fget_nt_acl(fsp, security_info, ppdesc);
 170         }
 171         if (result==False)
 172                 return NT_STATUS_ACCESS_DENIED;
 173 
 174         return smb_fget_nt_acl_nfs4(fsp, security_info, ppdesc, pacl);
 175 }
 176 
 177 static NTSTATUS aixjfs2_get_nt_acl(vfs_handle_struct *handle,
     /* [<][>][^][v][top][bottom][index][help] */
 178         const char *name,
 179         uint32 security_info, SEC_DESC **ppdesc)
 180 {
 181         SMB4ACL_T *pacl = NULL;
 182         bool    result;
 183         bool    retryPosix = False;
 184 
 185         *ppdesc = NULL;
 186         result = aixjfs2_get_nfs4_acl(name, &pacl, &retryPosix);
 187         if (retryPosix)
 188         {
 189                 DEBUG(10, ("retrying with posix acl...\n"));
 190                 return posix_get_nt_acl(handle->conn, name, security_info,
 191                                         ppdesc);
 192         }
 193         if (result==False)
 194                 return NT_STATUS_ACCESS_DENIED;
 195 
 196         return smb_get_nt_acl_nfs4(handle->conn, name, security_info, ppdesc,
 197                                    pacl);
 198 }
 199 
 200 static SMB_ACL_T aixjfs2_get_posix_acl(const char *path, acl_type_t type)
     /* [<][>][^][v][top][bottom][index][help] */
 201 {
 202         aixc_acl_t *pacl;
 203         AIXJFS2_ACL_T *acl;
 204         SMB_ACL_T result = NULL;
 205         int ret;
 206 
 207         acl = aixjfs2_getacl_alloc(path, &type);
 208 
 209         if (acl == NULL) {
 210                 DEBUG(10, ("aixjfs2_getacl failed for %s with %s\n",
 211                            path, strerror(errno)));
 212                 if (errno == 0) {
 213                         errno = EINVAL;
 214                 }
 215                 goto done;
 216         }
 217 
 218         pacl = &acl->aixc_acl[0];
 219         DEBUG(10, ("len: %d, mode: %d\n",
 220                    pacl->acl_len, pacl->acl_mode));
 221 
 222         result = aixacl_to_smbacl(pacl);
 223         if (result == NULL) {
 224                 goto done;
 225         }
 226 
 227  done:
 228         if (errno != 0) {
 229                 SAFE_FREE(result);
 230         }
 231         return result;
 232 }
 233 
 234 SMB_ACL_T aixjfs2_sys_acl_get_file(vfs_handle_struct *handle,
     /* [<][>][^][v][top][bottom][index][help] */
 235                                     const char *path_p,
 236                                     SMB_ACL_TYPE_T type)
 237 {
 238         acl_type_t aixjfs2_type;
 239 
 240         switch(type) {
 241         case SMB_ACL_TYPE_ACCESS:
 242                 aixjfs2_type.u64 = ACL_AIXC;
 243                 break;
 244         case SMB_ACL_TYPE_DEFAULT:
 245                 DEBUG(0, ("Got AIX JFS2 unsupported type: %d\n", type));
 246                 return NULL;
 247         default:
 248                 DEBUG(0, ("Got invalid type: %d\n", type));
 249                 smb_panic("exiting");
 250         }
 251 
 252         return aixjfs2_get_posix_acl(path_p, aixjfs2_type);
 253 }
 254 
 255 SMB_ACL_T aixjfs2_sys_acl_get_fd(vfs_handle_struct *handle,
     /* [<][>][^][v][top][bottom][index][help] */
 256                                   files_struct *fsp)
 257 {
 258         acl_type_t aixjfs2_type;
 259         aixjfs2_type.u64 = ACL_AIXC;
 260 
 261         return aixjfs2_get_posix_acl(fsp->fsp_name, aixjfs2_type);
 262 }
 263 
 264 /*
 265  * Test whether we have that aclType support on the given path
 266  */
 267 static int aixjfs2_query_acl_support(
     /* [<][>][^][v][top][bottom][index][help] */
 268         char *filepath,
 269         uint64_t aclType,
 270         acl_type_t *pacl_type_info
 271 )
 272 {
 273         acl_types_list_t        acl_type_list;
 274         size_t  acl_type_list_len = sizeof(acl_types_list_t);
 275         uint32_t        i;
 276 
 277         memset(&acl_type_list, 0, sizeof(acl_type_list));
 278 
 279         if (aclx_gettypes(filepath, &acl_type_list, &acl_type_list_len)) {
 280                 DEBUG(2, ("aclx_gettypes failed with error %s for %s\n",
 281                         strerror(errno), filepath));
 282                 return -1;
 283         }
 284 
 285         for(i=0; i<acl_type_list.num_entries; i++) {
 286                 if (acl_type_list.entries[i].u64==aclType) {
 287                         memcpy(pacl_type_info, acl_type_list.entries + i, sizeof(acl_type_t));
 288                         DEBUG(10, ("found %s ACL support for %s\n",
 289                                 pacl_type_info->acl_type, filepath));
 290                         return 0;
 291                 }
 292         }
 293 
 294         return 1; /* haven't found that ACL type. */
 295 }
 296 
 297 static bool aixjfs2_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl)
     /* [<][>][^][v][top][bottom][index][help] */
 298 {
 299         SMB4ACE_T       *smbace;
 300         TALLOC_CTX      *mem_ctx;
 301         nfs4_acl_int_t  *jfs2acl;
 302         int32_t entryLen;
 303         uint32  aclLen, naces;
 304         int     rc;
 305         acl_type_t      acltype;
 306 
 307         DEBUG(10, ("jfs2_process_smbacl invoked on %s\n", fsp->fsp_name));
 308 
 309         /* no need to be freed which is alloced with mem_ctx */
 310         mem_ctx = talloc_tos();
 311 
 312         entryLen = sizeof(nfs4_ace_int_t);
 313         if (entryLen & 0x03)
 314                 entryLen = entryLen + 4 - (entryLen%4);
 315 
 316         naces = smb_get_naces(smbacl);
 317         aclLen = ACL_V4_SIZ + naces * entryLen;
 318         jfs2acl = (nfs4_acl_int_t *)TALLOC_SIZE(mem_ctx, aclLen);
 319         if (jfs2acl==NULL) {
 320                 DEBUG(0, ("TALLOC_SIZE failed\n"));
 321                 errno = ENOMEM;
 322                 return False;
 323         }
 324 
 325         jfs2acl->aclLength = ACL_V4_SIZ;
 326         jfs2acl->aclVersion = NFS4_ACL_INT_STRUCT_VERSION;
 327         jfs2acl->aclEntryN = 0;
 328 
 329         for(smbace = smb_first_ace4(smbacl); smbace!=NULL; smbace = smb_next_ace4(smbace))
 330         {
 331                 SMB_ACE4PROP_T *aceprop = smb_get_ace4(smbace);
 332                 nfs4_ace_int_t *jfs2_ace = (nfs4_ace_int_t *)(((char *)jfs2acl) + jfs2acl->aclLength);
 333 
 334                 memset(jfs2_ace, 0, entryLen);
 335                 jfs2_ace->entryLen = entryLen; /* won't store textual "who" */
 336                 jfs2_ace->aceType = aceprop->aceType; /* only ACCES|DENY supported by jfs2 */
 337                 jfs2_ace->aceFlags = aceprop->aceFlags;
 338                 jfs2_ace->aceMask = aceprop->aceMask;
 339                 jfs2_ace->flags = (aceprop->flags&SMB_ACE4_ID_SPECIAL) ? ACE4_ID_SPECIAL : 0;
 340 
 341                 /* don't care it's real content is only 16 or 32 bit */
 342                 jfs2_ace->aceWho.id = aceprop->who.id;
 343 
 344                 /* iterate to the next jfs2 ace */
 345                 jfs2acl->aclLength += jfs2_ace->entryLen;
 346                 jfs2acl->aclEntryN++;
 347         }
 348         SMB_ASSERT(jfs2acl->aclEntryN==naces);
 349 
 350         /* Don't query it (again) */
 351         memset(&acltype, 0, sizeof(acl_type_t));
 352         acltype.u64 = ACL_NFS4;
 353 
 354         /* won't set S_ISUID - the only one JFS2/NFS4 accepts */
 355         rc = aclx_put(
 356                 fsp->fsp_name,
 357                 SET_ACL, /* set only the ACL, not mode bits */
 358                 acltype, /* not a pointer !!! */
 359                 jfs2acl,
 360                 jfs2acl->aclLength,
 361                 0 /* don't set here mode bits */
 362         );
 363         if (rc) {
 364                 DEBUG(8, ("aclx_put failed with %s\n", strerror(errno)));
 365                 return False;
 366         }
 367 
 368         DEBUG(10, ("jfs2_process_smbacl succeeded.\n"));
 369         return True;
 370 }
 371 
 372 static NTSTATUS aixjfs2_set_nt_acl_common(files_struct *fsp, uint32 security_info_sent, const SEC_DESC *psd)
     /* [<][>][^][v][top][bottom][index][help] */
 373 {
 374         acl_type_t      acl_type_info;
 375         NTSTATUS        result = NT_STATUS_ACCESS_DENIED;
 376         int     rc;
 377 
 378         rc = aixjfs2_query_acl_support(
 379                 fsp->fsp_name,
 380                 ACL_NFS4,
 381                 &acl_type_info);
 382 
 383         if (rc==0)
 384         {
 385                 result = smb_set_nt_acl_nfs4(
 386                         fsp, security_info_sent, psd,
 387                         aixjfs2_process_smbacl);
 388         } else if (rc==1) { /* assume POSIX ACL - by default... */
 389                 result = set_nt_acl(fsp, security_info_sent, psd);
 390         } else
 391                 result = map_nt_error_from_unix(errno); /* query failed */
 392         
 393         return result;
 394 }
 395 
 396 NTSTATUS aixjfs2_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, const SEC_DESC *psd)
     /* [<][>][^][v][top][bottom][index][help] */
 397 {
 398         return aixjfs2_set_nt_acl_common(fsp, security_info_sent, psd);
 399 }
 400 
 401 int aixjfs2_sys_acl_set_file(vfs_handle_struct *handle,
     /* [<][>][^][v][top][bottom][index][help] */
 402                               const char *name,
 403                               SMB_ACL_TYPE_T type,
 404                               SMB_ACL_T theacl)
 405 {
 406         struct acl      *acl_aixc;
 407         acl_type_t      acl_type_info;
 408         int     rc;
 409 
 410         DEBUG(10, ("aixjfs2_sys_acl_set_file invoked for %s", name));
 411 
 412         rc = aixjfs2_query_acl_support((char *)name, ACL_AIXC, &acl_type_info);
 413         if (rc) {
 414                 DEBUG(8, ("jfs2_set_nt_acl: AIXC support not found\n"));
 415                 return -1;
 416         }
 417 
 418         acl_aixc = aixacl_smb_to_aixacl(type, theacl);
 419         if (!acl_aixc)
 420                 return -1;
 421 
 422         rc = aclx_put(
 423                 (char *)name,
 424                 SET_ACL, /* set only the ACL, not mode bits */
 425                 acl_type_info,
 426                 acl_aixc,
 427                 acl_aixc->acl_len,
 428                 0
 429         );
 430         if (rc) {
 431                 DEBUG(2, ("aclx_put failed with %s for %s\n",
 432                         strerror(errno), name));
 433                 return -1;
 434         }
 435 
 436         return 0;
 437 }
 438 
 439 int aixjfs2_sys_acl_set_fd(vfs_handle_struct *handle,
     /* [<][>][^][v][top][bottom][index][help] */
 440                             files_struct *fsp,
 441                             SMB_ACL_T theacl)
 442 {
 443         struct acl      *acl_aixc;
 444         acl_type_t      acl_type_info;
 445         int     rc;
 446 
 447         DEBUG(10, ("aixjfs2_sys_acl_set_fd invoked for %s", fsp->fsp_name));
 448 
 449         rc = aixjfs2_query_acl_support(fsp->fsp_name, ACL_AIXC, &acl_type_info);
 450         if (rc) {
 451                 DEBUG(8, ("jfs2_set_nt_acl: AIXC support not found\n"));
 452                 return -1;
 453         }
 454 
 455         acl_aixc = aixacl_smb_to_aixacl(SMB_ACL_TYPE_ACCESS, theacl);
 456         if (!acl_aixc)
 457                 return -1;
 458 
 459         rc = aclx_fput(
 460                 fsp->fh->fd,
 461                 SET_ACL, /* set only the ACL, not mode bits */
 462                 acl_type_info,
 463                 acl_aixc,
 464                 acl_aixc->acl_len,
 465                 0
 466         );
 467         if (rc) {
 468                 DEBUG(2, ("aclx_fput failed with %s for %s\n",
 469                         strerror(errno), fsp->fsp_name));
 470                 return -1;
 471         }
 472 
 473         return 0;
 474 }
 475 
 476 int aixjfs2_sys_acl_delete_def_file(vfs_handle_struct *handle,
     /* [<][>][^][v][top][bottom][index][help] */
 477                                      const char *path)
 478 {
 479         /* Not available under AIXC ACL */
 480         /* Don't report here any error otherwise */
 481         /* upper layer will break the normal execution */
 482         return 0;
 483 }
 484 
 485 
 486 /* VFS operations structure */
 487 
 488 static vfs_op_tuple aixjfs2_ops[] =
 489 {
 490         {SMB_VFS_OP(aixjfs2_fget_nt_acl),
 491         SMB_VFS_OP_FGET_NT_ACL,
 492         SMB_VFS_LAYER_TRANSPARENT},
 493 
 494         {SMB_VFS_OP(aixjfs2_get_nt_acl),
 495         SMB_VFS_OP_GET_NT_ACL,
 496         SMB_VFS_LAYER_TRANSPARENT},
 497 
 498         {SMB_VFS_OP(aixjfs2_fset_nt_acl),
 499         SMB_VFS_OP_FSET_NT_ACL,
 500         SMB_VFS_LAYER_TRANSPARENT},
 501 
 502         {SMB_VFS_OP(aixjfs2_sys_acl_get_file),
 503         SMB_VFS_OP_SYS_ACL_GET_FILE,
 504         SMB_VFS_LAYER_TRANSPARENT},
 505 
 506         {SMB_VFS_OP(aixjfs2_sys_acl_get_fd),
 507         SMB_VFS_OP_SYS_ACL_GET_FD,
 508         SMB_VFS_LAYER_TRANSPARENT},
 509 
 510         {SMB_VFS_OP(aixjfs2_sys_acl_set_file),
 511         SMB_VFS_OP_SYS_ACL_SET_FILE,
 512         SMB_VFS_LAYER_TRANSPARENT},
 513 
 514         {SMB_VFS_OP(aixjfs2_sys_acl_set_fd),
 515         SMB_VFS_OP_SYS_ACL_SET_FD,
 516         SMB_VFS_LAYER_TRANSPARENT},
 517 
 518         {SMB_VFS_OP(aixjfs2_sys_acl_delete_def_file),
 519         SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE,
 520         SMB_VFS_LAYER_TRANSPARENT},
 521 
 522         {SMB_VFS_OP(NULL),
 523         SMB_VFS_OP_NOOP,
 524         SMB_VFS_LAYER_NOOP}
 525 };
 526 
 527 NTSTATUS vfs_aixacl2_init(void);
 528 NTSTATUS vfs_aixacl2_init(void)
     /* [<][>][^][v][top][bottom][index][help] */
 529 {
 530         return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, AIXACL2_MODULE_NAME,
 531                                 aixjfs2_ops);
 532 }

/* [<][>][^][v][top][bottom][index][help] */