#include "smbd/globals.h"
#include "messages.h"
#include "libcli/security/security.h"
+#include "../libcli/smb/smb2_create_ctx.h"
+#include "lib/sys_rw.h"
/*
* Enhanced OS X and Netatalk compatibility
enum fruit_meta meta;
enum fruit_locking locking;
enum fruit_encoding encoding;
+ bool use_aapl;
+ bool readdir_attr_enabled;
+ bool unix_info_enabled;
+ bool veto_appledouble;
+
+ /*
+ * Additional options, all enabled by default,
+ * possibly useful for analyzing performance. The associated
+ * operations with each of them may be expensive, so having
+ * the chance to disable them individually gives a chance
+ * tweaking the setup for the particular usecase.
+ */
+ bool readdir_attr_rsize;
+ bool readdir_attr_finder_info;
+ bool readdir_attr_max_access;
};
static const struct enum_list fruit_rsrc[] = {
offset += ADEDLEN_NENTRIES;
for (eid = 0, nent = 0; eid < ADEID_MAX; eid++) {
- if ((ad->ad_eid[eid].ade_off == 0)) {
+ if (ad->ad_eid[eid].ade_off == 0) {
/*
* ade_off is also used as indicator whether a
* specific entry is used or not
/**
* Unpack an AppleDouble blob into a struct adoble
**/
-static bool ad_unpack(struct adouble *ad, const int nentries)
+static bool ad_unpack(struct adouble *ad, const int nentries, size_t filesize)
{
size_t bufsize = talloc_get_size(ad->ad_data);
int adentries, i;
return false;
}
+ /*
+ * All entries other than the resource fork are
+ * expected to be read into the ad_data buffer, so
+ * ensure the specified offset is within that bound
+ */
if ((off > bufsize) && (eid != ADEID_RFORK)) {
DEBUG(1, ("bogus eid %d: off: %" PRIu32 ", len: %" PRIu32 "\n",
eid, off, len));
return false;
}
+
+ /*
+ * All entries besides FinderInfo and resource fork
+ * must fit into the buffer. FinderInfo is special as
+ * it may be larger then the default 32 bytes (if it
+ * contains marshalled xattrs), but we will fixup that
+ * in ad_convert(). And the resource fork is never
+ * accessed directly by the ad_data buf (also see
+ * comment above) anyway.
+ */
if ((eid != ADEID_RFORK) &&
(eid != ADEID_FINDERI) &&
((off + len) > bufsize)) {
return false;
}
+ /*
+ * That would be obviously broken
+ */
+ if (off > filesize) {
+ DEBUG(1, ("bogus eid %d: off: %" PRIu32 ", len: %" PRIu32 "\n",
+ eid, off, len));
+ return false;
+ }
+
+ /*
+ * Check for any entry that has its end beyond the
+ * filesize.
+ */
+ if (off + len < off) {
+ DEBUG(1, ("offset wrap in eid %d: off: %" PRIu32
+ ", len: %" PRIu32 "\n",
+ eid, off, len));
+ return false;
+
+ }
+ if (off + len > filesize) {
+ /*
+ * If this is the resource fork entry, we fix
+ * up the length, for any other entry we bail
+ * out.
+ */
+ if (eid != ADEID_RFORK) {
+ DEBUG(1, ("bogus eid %d: off: %" PRIu32
+ ", len: %" PRIu32 "\n",
+ eid, off, len));
+ return false;
+ }
+
+ /*
+ * Fixup the resource fork entry by limiting
+ * the size to entryoffset - filesize.
+ */
+ len = filesize - off;
+ DEBUG(1, ("Limiting ADEID_RFORK: off: %" PRIu32
+ ", len: %" PRIu32 "\n", off, len));
+ }
+
ad->ad_eid[eid].ade_off = off;
ad->ad_eid[eid].ade_len = len;
}
ad_getentrylen(ad, ADEID_RFORK);
/* FIXME: direct use of mmap(), vfs_aio_fork does it too */
- map = mmap(NULL, origlen, PROT_WRITE, MAP_SHARED, fd, 0);
+ map = mmap(NULL, origlen, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
if (map == MAP_FAILED) {
DEBUG(2, ("mmap AppleDouble: %s\n", strerror(errno)));
rc = -1;
goto exit;
}
- memmove(map + ad_getentryoff(ad, ADEID_FINDERI) + ADEDLEN_FINDERI,
- map + ad_getentryoff(ad, ADEID_RFORK),
- ad_getentrylen(ad, ADEID_RFORK));
+ if (ad_getentrylen(ad, ADEID_RFORK) > 0) {
+ memmove(map + ad_getentryoff(ad, ADEID_FINDERI) + ADEDLEN_FINDERI,
+ map + ad_getentryoff(ad, ADEID_RFORK),
+ ad_getentrylen(ad, ADEID_RFORK));
+ }
ad_setentrylen(ad, ADEID_FINDERI, ADEDLEN_FINDERI);
ad_setentryoff(ad, ADEID_RFORK,
}
/* Now parse entries */
- ok = ad_unpack(ad, ADEID_NUM_XATTR);
+ ok = ad_unpack(ad, ADEID_NUM_XATTR, AD_DATASZ_XATTR);
if (!ok) {
DEBUG(2, ("invalid AppleDouble metadata xattr\n"));
errno = EINVAL;
struct adouble *meta_ad = NULL;
SMB_STRUCT_STAT sbuf;
bool ok;
- int saved_errno;
+ int saved_errno = 0;
SMB_VFS_HANDLE_GET_DATA(ad->ad_handle, config,
struct fruit_config_data, return -1);
+ /* Try rw first so we can use the fd in ad_convert() */
+ mode = O_RDWR;
+
if (ad->ad_fsp && ad->ad_fsp->fh && (ad->ad_fsp->fh->fd != -1)) {
fd = ad->ad_fsp->fh->fd;
} else {
}
}
- /* Try rw first so we can use the fd in ad_convert() */
- mode = O_RDWR;
-
retry:
if (config->rsrc == FRUIT_RSRC_XATTR) {
#ifndef HAVE_ATTROPEN
lp_fake_directory_create_times(
SNUM(ad->ad_handle->conn)));
if (rc != 0) {
- rc = -1;
goto exit;
}
- ad_setentrylen(ad, ADEID_RFORK, sbuf.st_ex_size);
+ len = sbuf.st_ex_size;
+ ad_setentrylen(ad, ADEID_RFORK, len);
} else {
/* FIXME: direct sys_pread(), don't have an fsp */
len = sys_pread(fd, ad->ad_data, AD_DATASZ_DOT_UND, 0);
goto exit;
}
+ /* FIXME: direct sys_fstat(), we don't have an fsp */
+ rc = sys_fstat(fd, &sbuf,
+ lp_fake_directory_create_times(
+ SNUM(ad->ad_handle->conn)));
+ if (rc != 0) {
+ goto exit;
+ }
+
/* Now parse entries */
- ok = ad_unpack(ad, ADEID_NUM_DOT_UND);
+ ok = ad_unpack(ad, ADEID_NUM_DOT_UND, sbuf.st_ex_size);
if (!ok) {
DEBUG(1, ("invalid AppleDouble ressource %s\n", path));
errno = EINVAL;
}
config->encoding = (enum fruit_encoding)enumval;
+ if (lp_parm_bool(SNUM(handle->conn),
+ FRUIT_PARAM_TYPE_NAME, "veto_appledouble", true)) {
+ config->veto_appledouble = true;
+ }
+
+ if (lp_parm_bool(-1, FRUIT_PARAM_TYPE_NAME, "aapl", true)) {
+ config->use_aapl = true;
+ }
+
+ if (lp_parm_bool(-1, FRUIT_PARAM_TYPE_NAME, "nfs_aces", true)) {
+ config->unix_info_enabled = true;
+ }
+
+ if (lp_parm_bool(SNUM(handle->conn),
+ "readdir_attr", "aapl_rsize", true)) {
+ config->readdir_attr_rsize = true;
+ }
+
+ if (lp_parm_bool(SNUM(handle->conn),
+ "readdir_attr", "aapl_finder_info", true)) {
+ config->readdir_attr_finder_info = true;
+ }
+
+ if (lp_parm_bool(SNUM(handle->conn),
+ "readdir_attr", "aapl_max_access", true)) {
+ config->readdir_attr_max_access = true;
+ }
+
SMB_VFS_HANDLE_SET_DATA(handle, config,
NULL, struct fruit_config_data,
return -1);
static int adouble_path(TALLOC_CTX *ctx, const char *path_in, char **path_out)
{
char *parent;
- const char *basename;
+ const char *base;
- if (!parent_dirname(ctx, path_in, &parent, &basename)) {
+ if (!parent_dirname(ctx, path_in, &parent, &base)) {
return -1;
}
- *path_out = talloc_asprintf(ctx, "%s/._%s", parent, basename);
+ *path_out = talloc_asprintf(ctx, "%s/._%s", parent, base);
if (*path_out == NULL) {
return -1;
}
/**
* Map an access mask to a Netatalk single byte byte range lock
**/
-static off_t access_to_netatalk_brl(enum apple_fork fork,
+static off_t access_to_netatalk_brl(enum apple_fork fork_type,
uint32_t access_mask)
{
off_t offset;
break;
}
- if (fork == APPLE_FORK_RSRC) {
+ if (fork_type == APPLE_FORK_RSRC) {
if (offset == AD_FILELOCK_OPEN_NONE) {
offset = AD_FILELOCK_RSRC_OPEN_NONE;
} else {
/**
* Map a deny mode to a Netatalk brl
**/
-static off_t denymode_to_netatalk_brl(enum apple_fork fork,
+static off_t denymode_to_netatalk_brl(enum apple_fork fork_type,
uint32_t deny_mode)
{
off_t offset;
smb_panic("denymode_to_netatalk_brl: bad deny mode\n");
}
- if (fork == APPLE_FORK_RSRC) {
+ if (fork_type == APPLE_FORK_RSRC) {
offset += 2;
}
off_t off;
/* FIXME: hardcoded data fork, add resource fork */
- enum apple_fork fork = APPLE_FORK_DATA;
+ enum apple_fork fork_type = APPLE_FORK_DATA;
DEBUG(10, ("fruit_check_access: %s, am: %s/%s, dm: %s/%s\n",
fsp_str_dbg(fsp),
if ((access_mask & FILE_READ_DATA) || (deny_mode & DENY_READ)) {
/* Check access */
open_for_reading = test_netatalk_lock(
- fsp, access_to_netatalk_brl(fork, FILE_READ_DATA));
+ fsp, access_to_netatalk_brl(fork_type, FILE_READ_DATA));
deny_read = test_netatalk_lock(
- fsp, denymode_to_netatalk_brl(fork, DENY_READ));
+ fsp, denymode_to_netatalk_brl(fork_type, DENY_READ));
DEBUG(10, ("read: %s, deny_write: %s\n",
open_for_reading == true ? "yes" : "no",
/* Set locks */
if (access_mask & FILE_READ_DATA) {
- off = access_to_netatalk_brl(fork, FILE_READ_DATA);
+ off = access_to_netatalk_brl(fork_type, FILE_READ_DATA);
br_lck = do_lock(
handle->conn->sconn->msg_ctx, fsp,
fsp->op->global->open_persistent_id, 1, off,
}
if (deny_mode & DENY_READ) {
- off = denymode_to_netatalk_brl(fork, DENY_READ);
+ off = denymode_to_netatalk_brl(fork_type, DENY_READ);
br_lck = do_lock(
handle->conn->sconn->msg_ctx, fsp,
fsp->op->global->open_persistent_id, 1, off,
if ((access_mask & FILE_WRITE_DATA) || (deny_mode & DENY_WRITE)) {
/* Check access */
open_for_writing = test_netatalk_lock(
- fsp, access_to_netatalk_brl(fork, FILE_WRITE_DATA));
+ fsp, access_to_netatalk_brl(fork_type, FILE_WRITE_DATA));
deny_write = test_netatalk_lock(
- fsp, denymode_to_netatalk_brl(fork, DENY_WRITE));
+ fsp, denymode_to_netatalk_brl(fork_type, DENY_WRITE));
DEBUG(10, ("write: %s, deny_write: %s\n",
open_for_writing == true ? "yes" : "no",
/* Set locks */
if (access_mask & FILE_WRITE_DATA) {
- off = access_to_netatalk_brl(fork, FILE_WRITE_DATA);
+ off = access_to_netatalk_brl(fork_type, FILE_WRITE_DATA);
br_lck = do_lock(
handle->conn->sconn->msg_ctx, fsp,
fsp->op->global->open_persistent_id, 1, off,
}
if (deny_mode & DENY_WRITE) {
- off = denymode_to_netatalk_brl(fork, DENY_WRITE);
+ off = denymode_to_netatalk_brl(fork_type, DENY_WRITE);
br_lck = do_lock(
handle->conn->sconn->msg_ctx, fsp,
fsp->op->global->open_persistent_id, 1, off,
return status;
}
+static NTSTATUS check_aapl(vfs_handle_struct *handle,
+ struct smb_request *req,
+ const struct smb2_create_blobs *in_context_blobs,
+ struct smb2_create_blobs *out_context_blobs)
+{
+ struct fruit_config_data *config;
+ NTSTATUS status;
+ struct smb2_create_blob *aapl = NULL;
+ uint32_t cmd;
+ bool ok;
+ uint8_t p[16];
+ DATA_BLOB blob = data_blob_talloc(req, NULL, 0);
+ uint64_t req_bitmap, client_caps;
+ uint64_t server_caps = SMB2_CRTCTX_AAPL_UNIX_BASED;
+ smb_ucs2_t *model;
+ size_t modellen;
+
+ SMB_VFS_HANDLE_GET_DATA(handle, config, struct fruit_config_data,
+ return NT_STATUS_UNSUCCESSFUL);
+
+ if (!config->use_aapl
+ || in_context_blobs == NULL
+ || out_context_blobs == NULL) {
+ return NT_STATUS_OK;
+ }
+
+ aapl = smb2_create_blob_find(in_context_blobs,
+ SMB2_CREATE_TAG_AAPL);
+ if (aapl == NULL) {
+ return NT_STATUS_OK;
+ }
+
+ if (aapl->data.length != 24) {
+ DEBUG(1, ("unexpected AAPL ctxt legnth: %ju\n",
+ (uintmax_t)aapl->data.length));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ cmd = IVAL(aapl->data.data, 0);
+ if (cmd != SMB2_CRTCTX_AAPL_SERVER_QUERY) {
+ DEBUG(1, ("unsupported AAPL cmd: %d\n", cmd));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ req_bitmap = BVAL(aapl->data.data, 8);
+ client_caps = BVAL(aapl->data.data, 16);
+
+ SIVAL(p, 0, SMB2_CRTCTX_AAPL_SERVER_QUERY);
+ SIVAL(p, 4, 0);
+ SBVAL(p, 8, req_bitmap);
+ ok = data_blob_append(req, &blob, p, 16);
+ if (!ok) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ if (req_bitmap & SMB2_CRTCTX_AAPL_SERVER_CAPS) {
+ if ((client_caps & SMB2_CRTCTX_AAPL_SUPPORTS_READ_DIR_ATTR) &&
+ (handle->conn->tcon->compat->fs_capabilities & FILE_NAMED_STREAMS)) {
+ server_caps |= SMB2_CRTCTX_AAPL_SUPPORTS_READ_DIR_ATTR;
+ config->readdir_attr_enabled = true;
+ }
+
+ /*
+ * The client doesn't set the flag, so we can't check
+ * for it and just set it unconditionally
+ */
+ if (config->unix_info_enabled) {
+ server_caps |= SMB2_CRTCTX_AAPL_SUPPORTS_NFS_ACE;
+ }
+
+ SBVAL(p, 0, server_caps);
+ ok = data_blob_append(req, &blob, p, 8);
+ if (!ok) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ }
+
+ if (req_bitmap & SMB2_CRTCTX_AAPL_VOLUME_CAPS) {
+ SBVAL(p, 0,
+ lp_case_sensitive(SNUM(handle->conn->tcon->compat)) ?
+ SMB2_CRTCTX_AAPL_CASE_SENSITIVE : 0);
+ ok = data_blob_append(req, &blob, p, 8);
+ if (!ok) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ }
+
+ if (req_bitmap & SMB2_CRTCTX_AAPL_MODEL_INFO) {
+ ok = convert_string_talloc(req,
+ CH_UNIX, CH_UTF16LE,
+ "Samba", strlen("Samba"),
+ &model, &modellen);
+ if (!ok) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ SIVAL(p, 0, 0);
+ SIVAL(p + 4, 0, modellen);
+ ok = data_blob_append(req, &blob, p, 8);
+ if (!ok) {
+ talloc_free(model);
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ ok = data_blob_append(req, &blob, model, modellen);
+ talloc_free(model);
+ if (!ok) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ }
+
+ status = smb2_create_blob_add(out_context_blobs,
+ out_context_blobs,
+ SMB2_CREATE_TAG_AAPL,
+ blob);
+
+ return status;
+}
+
+static NTSTATUS readdir_attr_macmeta(struct vfs_handle_struct *handle,
+ const struct smb_filename *smb_fname,
+ struct readdir_attr_data *attr_data)
+{
+ NTSTATUS status = NT_STATUS_OK;
+ uint32_t date_added;
+ struct adouble *ad = NULL;
+ struct fruit_config_data *config = NULL;
+
+ SMB_VFS_HANDLE_GET_DATA(handle, config,
+ struct fruit_config_data,
+ return NT_STATUS_UNSUCCESSFUL);
+
+
+ /* Ensure we return a default value in the creation_date field */
+ RSIVAL(&attr_data->attr_data.aapl.finder_info, 12, AD_DATE_START);
+
+ /*
+ * Resource fork length
+ */
+
+ if (config->readdir_attr_rsize) {
+ ad = ad_get(talloc_tos(), handle, smb_fname->base_name,
+ ADOUBLE_RSRC);
+ if (ad) {
+ attr_data->attr_data.aapl.rfork_size = ad_getentrylen(
+ ad, ADEID_RFORK);
+ TALLOC_FREE(ad);
+ }
+ }
+
+ /*
+ * FinderInfo
+ */
+
+ if (config->readdir_attr_finder_info) {
+ ad = ad_get(talloc_tos(), handle, smb_fname->base_name,
+ ADOUBLE_META);
+ if (ad) {
+ if (S_ISREG(smb_fname->st.st_ex_mode)) {
+ /* finder_type */
+ memcpy(&attr_data->attr_data.aapl.finder_info[0],
+ ad_entry(ad, ADEID_FINDERI), 4);
+
+ /* finder_creator */
+ memcpy(&attr_data->attr_data.aapl.finder_info[0] + 4,
+ ad_entry(ad, ADEID_FINDERI) + 4, 4);
+ }
+
+ /* finder_flags */
+ memcpy(&attr_data->attr_data.aapl.finder_info[0] + 8,
+ ad_entry(ad, ADEID_FINDERI) + 8, 2);
+
+ /* finder_ext_flags */
+ memcpy(&attr_data->attr_data.aapl.finder_info[0] + 10,
+ ad_entry(ad, ADEID_FINDERI) + 24, 2);
+
+ /* creation date */
+ date_added = convert_time_t_to_uint32_t(
+ smb_fname->st.st_ex_btime.tv_sec - AD_DATE_DELTA);
+ RSIVAL(&attr_data->attr_data.aapl.finder_info[0], 12, date_added);
+
+ TALLOC_FREE(ad);
+ }
+ }
+
+ TALLOC_FREE(ad);
+ return status;
+}
+
+/* Search MS NFS style ACE with UNIX mode */
+static NTSTATUS check_ms_nfs(vfs_handle_struct *handle,
+ files_struct *fsp,
+ const struct security_descriptor *psd,
+ mode_t *pmode,
+ bool *pdo_chmod)
+{
+ int i;
+ struct fruit_config_data *config = NULL;
+
+ *pdo_chmod = false;
+
+ SMB_VFS_HANDLE_GET_DATA(handle, config,
+ struct fruit_config_data,
+ return NT_STATUS_UNSUCCESSFUL);
+
+ if (psd->dacl == NULL || !config->unix_info_enabled) {
+ return NT_STATUS_OK;
+ }
+
+ for (i = 0; i < psd->dacl->num_aces; i++) {
+ if (dom_sid_compare_domain(
+ &global_sid_Unix_NFS_Mode,
+ &psd->dacl->aces[i].trustee) == 0) {
+ *pmode = (mode_t)psd->dacl->aces[i].trustee.sub_auths[2];
+ *pmode &= (S_IRWXU | S_IRWXG | S_IRWXO);
+ *pdo_chmod = true;
+
+ DEBUG(10, ("MS NFS chmod request %s, %04o\n",
+ fsp_str_dbg(fsp), (unsigned)(*pmode)));
+ break;
+ }
+ }
+
+ return NT_STATUS_OK;
+}
+
/****************************************************************************
* VFS ops
****************************************************************************/
return rc;
}
- list = lp_veto_files(talloc_tos(), SNUM(handle->conn));
-
- if (list) {
- if (strstr(list, "/" ADOUBLE_NAME_PREFIX "*/") == NULL) {
- newlist = talloc_asprintf(
- list,
- "%s/" ADOUBLE_NAME_PREFIX "*/",
- list);
- lp_do_parameter(SNUM(handle->conn),
- "veto files",
- newlist);
- }
- } else {
- lp_do_parameter(SNUM(handle->conn),
- "veto files",
- "/" ADOUBLE_NAME_PREFIX "*/");
- }
-
- TALLOC_FREE(list);
-
rc = init_fruit_config(handle);
if (rc != 0) {
return rc;
SMB_VFS_HANDLE_GET_DATA(handle, config,
struct fruit_config_data, return -1);
+ if (config->veto_appledouble) {
+ list = lp_veto_files(talloc_tos(), SNUM(handle->conn));
+
+ if (list) {
+ if (strstr(list, "/" ADOUBLE_NAME_PREFIX "*/") == NULL) {
+ newlist = talloc_asprintf(
+ list,
+ "%s/" ADOUBLE_NAME_PREFIX "*/",
+ list);
+ lp_do_parameter(SNUM(handle->conn),
+ "veto files",
+ newlist);
+ }
+ } else {
+ lp_do_parameter(SNUM(handle->conn),
+ "veto files",
+ "/" ADOUBLE_NAME_PREFIX "*/");
+ }
+
+ TALLOC_FREE(list);
+ }
+
if (config->encoding == FRUIT_ENC_NATIVE) {
lp_do_parameter(
SNUM(handle->conn),
"catia:mappings",
+ "0x01:0xf001,0x02:0xf002,0x03:0xf003,0x04:0xf004,"
+ "0x05:0xf005,0x06:0xf006,0x07:0xf007,0x08:0xf008,"
+ "0x09:0xf009,0x0a:0xf00a,0x0b:0xf00b,0x0c:0xf00c,"
+ "0x0d:0xf00d,0x0e:0xf00e,0x0f:0xf00f,0x10:0xf010,"
+ "0x11:0xf011,0x12:0xf012,0x13:0xf013,0x14:0xf014,"
+ "0x15:0xf015,0x16:0xf016,0x17:0xf017,0x18:0xf018,"
+ "0x19:0xf019,0x1a:0xf01a,0x1b:0xf01b,0x1c:0xf01c,"
+ "0x1d:0xf01d,0x1e:0xf01e,0x1f:0xf01f,"
"0x22:0xf020,0x2a:0xf021,0x3a:0xf022,0x3c:0xf023,"
"0x3e:0xf024,0x3f:0xf025,0x5c:0xf026,0x7c:0xf027,"
"0x0d:0xf00d");
fsp->base_fsp->fsp_name->base_name,
vfs_translate_to_unix,
talloc_tos(), &name);
- if (!NT_STATUS_IS_OK(status)) {
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) {
+ name = talloc_strdup(talloc_tos(), tmp_base_name);
+ if (name == NULL) {
+ rc = -1;
+ goto exit;
+ }
+ } else if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
rc = -1;
goto exit;
fsp->base_fsp->fsp_name->base_name,
vfs_translate_to_unix,
talloc_tos(), &name);
- if (!NT_STATUS_IS_OK(status)) {
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) {
+ name = talloc_strdup(talloc_tos(), tmp_base_name);
+ if (name == NULL) {
+ rc = -1;
+ goto exit;
+ }
+ } else if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
rc = -1;
goto exit;
smb_fname_str_dbg(fsp->fsp_name)));
if (fsp->base_fsp) {
- tmp_base_name = fsp->fsp_name->base_name;
+ tmp_base_name = fsp->base_fsp->fsp_name->base_name;
/* fsp_name is not converted with vfs_catia */
status = SMB_VFS_TRANSLATE_NAME(
handle->conn,
vfs_translate_to_unix,
talloc_tos(), &name);
- if (!NT_STATUS_IS_OK(status)) {
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) {
+ name = talloc_strdup(talloc_tos(), tmp_base_name);
+ if (name == NULL) {
+ rc = -1;
+ goto exit;
+ }
+ } else if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
rc = -1;
goto exit;
static int fruit_fallocate(struct vfs_handle_struct *handle,
struct files_struct *fsp,
- enum vfs_fallocate_mode mode,
+ uint32_t mode,
off_t offset,
off_t len)
{
}
if (!fruit_fsp_recheck(ad, fsp)) {
- return errno;
+ return -1;
}
/* Let the pwrite code path handle it. */
- return ENOSYS;
+ errno = ENOSYS;
+ return -1;
}
static int fruit_ftruncate(struct vfs_handle_struct *handle,
rc = SMB_VFS_NEXT_FTRUNCATE(
handle, fsp,
offset + ad_getentryoff(ad, ADEID_RFORK));
+ if (rc != 0) {
+ return -1;
+ }
+ ad_setentrylen(ad, ADEID_RFORK, offset);
+ rc = ad_write(ad, NULL);
+ if (rc != 0) {
+ return -1;
+ }
}
break;
default:
struct security_descriptor *sd,
struct ea_list *ea_list,
files_struct **result,
- int *pinfo)
+ int *pinfo,
+ const struct smb2_create_blobs *in_context_blobs,
+ struct smb2_create_blobs *out_context_blobs)
{
NTSTATUS status;
struct fruit_config_data *config = NULL;
+ status = check_aapl(handle, req, in_context_blobs, out_context_blobs);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ SMB_VFS_HANDLE_GET_DATA(handle, config, struct fruit_config_data,
+ return NT_STATUS_UNSUCCESSFUL);
+
status = SMB_VFS_NEXT_CREATE_FILE(
handle, req, root_dir_fid, smb_fname,
access_mask, share_access,
lease,
allocation_size, private_flags,
sd, ea_list, result,
- pinfo);
-
+ pinfo, in_context_blobs, out_context_blobs);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
return status;
}
- SMB_VFS_HANDLE_GET_DATA(handle, config, struct fruit_config_data,
- return NT_STATUS_UNSUCCESSFUL);
-
if (config->locking == FRUIT_LOCKING_NETATALK) {
status = fruit_check_access(
handle, *result,
return status;
}
+static NTSTATUS fruit_readdir_attr(struct vfs_handle_struct *handle,
+ const struct smb_filename *fname,
+ TALLOC_CTX *mem_ctx,
+ struct readdir_attr_data **pattr_data)
+{
+ struct fruit_config_data *config = NULL;
+ struct readdir_attr_data *attr_data;
+ NTSTATUS status;
+
+ SMB_VFS_HANDLE_GET_DATA(handle, config,
+ struct fruit_config_data,
+ return NT_STATUS_UNSUCCESSFUL);
+
+ if (!config->use_aapl) {
+ return SMB_VFS_NEXT_READDIR_ATTR(handle, fname, mem_ctx, pattr_data);
+ }
+
+ DEBUG(10, ("fruit_readdir_attr %s\n", fname->base_name));
+
+ *pattr_data = talloc_zero(mem_ctx, struct readdir_attr_data);
+ if (*pattr_data == NULL) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ attr_data = *pattr_data;
+ attr_data->type = RDATTR_AAPL;
+
+ /*
+ * Mac metadata: compressed FinderInfo, resource fork length
+ * and creation date
+ */
+ status = readdir_attr_macmeta(handle, fname, attr_data);
+ if (!NT_STATUS_IS_OK(status)) {
+ /*
+ * Error handling is tricky: if we return failure from
+ * this function, the corresponding directory entry
+ * will to be passed to the client, so we really just
+ * want to error out on fatal errors.
+ */
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
+ goto fail;
+ }
+ }
+
+ /*
+ * UNIX mode
+ */
+ if (config->unix_info_enabled) {
+ attr_data->attr_data.aapl.unix_mode = fname->st.st_ex_mode;
+ }
+
+ /*
+ * max_access
+ */
+ if (!config->readdir_attr_max_access) {
+ attr_data->attr_data.aapl.max_access = FILE_GENERIC_ALL;
+ } else {
+ status = smbd_calculate_access_mask(
+ handle->conn,
+ fname,
+ false,
+ SEC_FLAG_MAXIMUM_ALLOWED,
+ &attr_data->attr_data.aapl.max_access);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+ }
+
+ return NT_STATUS_OK;
+
+fail:
+ DEBUG(1, ("fruit_readdir_attr %s, error: %s\n",
+ fname->base_name, nt_errstr(status)));
+ TALLOC_FREE(*pattr_data);
+ return status;
+}
+
+static NTSTATUS fruit_fget_nt_acl(vfs_handle_struct *handle,
+ files_struct *fsp,
+ uint32_t security_info,
+ TALLOC_CTX *mem_ctx,
+ struct security_descriptor **ppdesc)
+{
+ NTSTATUS status;
+ struct security_ace ace;
+ struct dom_sid sid;
+ struct fruit_config_data *config;
+
+ SMB_VFS_HANDLE_GET_DATA(handle, config,
+ struct fruit_config_data,
+ return NT_STATUS_UNSUCCESSFUL);
+
+ status = SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info,
+ mem_ctx, ppdesc);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ /*
+ * Add MS NFS style ACEs with uid, gid and mode
+ */
+ if (!config->unix_info_enabled) {
+ return NT_STATUS_OK;
+ }
+
+ /* MS NFS style mode */
+ sid_compose(&sid, &global_sid_Unix_NFS_Mode, fsp->fsp_name->st.st_ex_mode);
+ init_sec_ace(&ace, &sid, SEC_ACE_TYPE_ACCESS_DENIED, 0, 0);
+ status = security_descriptor_dacl_add(*ppdesc, &ace);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1,("failed to add MS NFS style ACE\n"));
+ return status;
+ }
+
+ /* MS NFS style uid */
+ sid_compose(&sid, &global_sid_Unix_NFS_Users, fsp->fsp_name->st.st_ex_uid);
+ init_sec_ace(&ace, &sid, SEC_ACE_TYPE_ACCESS_DENIED, 0, 0);
+ status = security_descriptor_dacl_add(*ppdesc, &ace);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1,("failed to add MS NFS style ACE\n"));
+ return status;
+ }
+
+ /* MS NFS style gid */
+ sid_compose(&sid, &global_sid_Unix_NFS_Groups, fsp->fsp_name->st.st_ex_gid);
+ init_sec_ace(&ace, &sid, SEC_ACE_TYPE_ACCESS_DENIED, 0, 0);
+ status = security_descriptor_dacl_add(*ppdesc, &ace);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1,("failed to add MS NFS style ACE\n"));
+ return status;
+ }
+
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS fruit_fset_nt_acl(vfs_handle_struct *handle,
+ files_struct *fsp,
+ uint32_t security_info_sent,
+ const struct security_descriptor *psd)
+{
+ NTSTATUS status;
+ bool do_chmod;
+ mode_t ms_nfs_mode;
+ int result;
+
+ DEBUG(1, ("fruit_fset_nt_acl: %s\n", fsp_str_dbg(fsp)));
+
+ status = check_ms_nfs(handle, fsp, psd, &ms_nfs_mode, &do_chmod);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("fruit_fset_nt_acl: check_ms_nfs failed%s\n", fsp_str_dbg(fsp)));
+ return status;
+ }
+
+ status = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("fruit_fset_nt_acl: SMB_VFS_NEXT_FSET_NT_ACL failed%s\n", fsp_str_dbg(fsp)));
+ return status;
+ }
+
+ if (do_chmod) {
+ if (fsp->fh->fd != -1) {
+ DEBUG(1, ("fchmod: %s\n", fsp_str_dbg(fsp)));
+ result = SMB_VFS_FCHMOD(fsp, ms_nfs_mode);
+ } else {
+ DEBUG(1, ("chmod: %s\n", fsp_str_dbg(fsp)));
+ result = SMB_VFS_CHMOD(fsp->conn,
+ fsp->fsp_name->base_name,
+ ms_nfs_mode);
+ }
+
+ if (result != 0) {
+ DEBUG(1, ("chmod: %s, result: %d, %04o error %s\n", fsp_str_dbg(fsp),
+ result, (unsigned)ms_nfs_mode,
+ strerror(errno)));
+ status = map_nt_error_from_unix(errno);
+ return status;
+ }
+ }
+
+ return NT_STATUS_OK;
+}
+
static struct vfs_fn_pointers vfs_fruit_fns = {
.connect_fn = fruit_connect,
.fstat_fn = fruit_fstat,
.streaminfo_fn = fruit_streaminfo,
.ntimes_fn = fruit_ntimes,
- .unlink_fn = fruit_unlink,
.ftruncate_fn = fruit_ftruncate,
.fallocate_fn = fruit_fallocate,
.create_file_fn = fruit_create_file,
+ .readdir_attr_fn = fruit_readdir_attr,
+
+ /* NT ACL operations */
+ .fget_nt_acl_fn = fruit_fget_nt_acl,
+ .fset_nt_acl_fn = fruit_fset_nt_acl,
};
NTSTATUS vfs_fruit_init(void);