2 * Unix SMB/CIFS implementation.
3 * Samba VFS module for GPFS filesystem
4 * Copyright (C) Christian Ambach <cambach1@de.ibm.com> 2006
5 * Copyright (C) Christof Schmitt 2015
6 * Major code contributions by Chetan Shringarpure <chetan.sh@in.ibm.com>
7 * and Gomati Mohanan <gomati.mohanan@in.ibm.com>
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, see <http://www.gnu.org/licenses/>.
24 #include "smbd/smbd.h"
25 #include "include/smbprofile.h"
26 #include "modules/non_posix_acls.h"
27 #include "libcli/security/security.h"
28 #include "nfs4_acls.h"
29 #include "system/filesys.h"
31 #include "lib/util/tevent_unix.h"
32 #include "lib/util/gpfswrap.h"
34 #include <gnutls/gnutls.h>
35 #include <gnutls/crypto.h>
36 #include "lib/crypto/gnutls_helpers.h"
39 #define DBGC_CLASS DBGC_VFS
41 #ifndef GPFS_GETACL_NATIVE
42 #define GPFS_GETACL_NATIVE 0x00000004
45 struct gpfs_config_data {
46 struct smbacl4_vfs_params nfs4_params;
60 struct gpfs_fsp_extension {
64 static inline unsigned int gpfs_acl_flags(gpfs_acl_t *gacl)
66 if (gacl->acl_level == GPFS_ACL_LEVEL_V4FLAGS) {
67 return gacl->v4Level1.acl_flags;
72 static inline gpfs_ace_v4_t *gpfs_ace_ptr(gpfs_acl_t *gacl, unsigned int i)
74 if (gacl->acl_level == GPFS_ACL_LEVEL_V4FLAGS) {
75 return &gacl->v4Level1.ace_v4[i];
77 return &gacl->ace_v4[i];
80 static unsigned int vfs_gpfs_access_mask_to_allow(uint32_t access_mask)
82 unsigned int allow = GPFS_SHARE_NONE;
84 if (access_mask & (FILE_WRITE_DATA|FILE_APPEND_DATA)) {
85 allow |= GPFS_SHARE_WRITE;
87 if (access_mask & (FILE_READ_DATA|FILE_EXECUTE)) {
88 allow |= GPFS_SHARE_READ;
94 static unsigned int vfs_gpfs_share_access_to_deny(uint32_t share_access)
96 unsigned int deny = GPFS_DENY_NONE;
98 if (!(share_access & FILE_SHARE_WRITE)) {
99 deny |= GPFS_DENY_WRITE;
101 if (!(share_access & FILE_SHARE_READ)) {
102 deny |= GPFS_DENY_READ;
106 * GPFS_DENY_DELETE can only be set together with either
107 * GPFS_DENY_WRITE or GPFS_DENY_READ.
109 if ((deny & (GPFS_DENY_WRITE|GPFS_DENY_READ)) &&
110 !(share_access & FILE_SHARE_DELETE)) {
111 deny |= GPFS_DENY_DELETE;
117 static int set_gpfs_sharemode(files_struct *fsp, uint32_t access_mask,
118 uint32_t share_access)
120 unsigned int allow = GPFS_SHARE_NONE;
121 unsigned int deny = GPFS_DENY_NONE;
124 if (access_mask == 0) {
125 DBG_DEBUG("Clearing file system share mode.\n");
127 allow = vfs_gpfs_access_mask_to_allow(access_mask);
128 deny = vfs_gpfs_share_access_to_deny(share_access);
130 DBG_DEBUG("access_mask=0x%x, allow=0x%x, share_access=0x%x, "
131 "deny=0x%x\n", access_mask, allow, share_access, deny);
133 result = gpfswrap_set_share(fsp->fh->fd, allow, deny);
138 if (errno == EACCES) {
139 DBG_NOTICE("GPFS share mode denied for %s/%s.\n",
140 fsp->conn->connectpath,
141 fsp->fsp_name->base_name);
142 } else if (errno == EPERM) {
143 DBG_ERR("Samba requested GPFS sharemode for %s/%s, but the "
144 "GPFS file system is not configured accordingly. "
145 "Configure file system with mmchfs -D nfs4 or "
146 "set gpfs:sharemodes=no in Samba.\n",
147 fsp->conn->connectpath,
148 fsp->fsp_name->base_name);
150 DBG_ERR("gpfs_set_share failed: %s\n", strerror(errno));
156 static int vfs_gpfs_kernel_flock(vfs_handle_struct *handle, files_struct *fsp,
157 uint32_t share_access, uint32_t access_mask)
160 struct gpfs_config_data *config;
163 START_PROFILE(syscall_kernel_flock);
165 SMB_VFS_HANDLE_GET_DATA(handle, config,
166 struct gpfs_config_data,
169 if(!config->sharemodes) {
174 * A named stream fsp will have the basefile open in the fsp
175 * fd, so lacking a distinct fd for the stream we have to skip
176 * kernel_flock and set_gpfs_sharemode for stream.
178 if (is_named_stream(fsp->fsp_name)) {
179 DEBUG(2,("%s: kernel_flock on stream\n", fsp_str_dbg(fsp)));
183 kernel_flock(fsp->fh->fd, share_access, access_mask);
185 ret = set_gpfs_sharemode(fsp, access_mask, share_access);
187 END_PROFILE(syscall_kernel_flock);
192 static int vfs_gpfs_close(vfs_handle_struct *handle, files_struct *fsp)
195 struct gpfs_config_data *config;
197 SMB_VFS_HANDLE_GET_DATA(handle, config,
198 struct gpfs_config_data,
201 if (config->sharemodes && fsp->kernel_share_modes_taken) {
203 * Always clear GPFS sharemode in case the actual
204 * close gets deferred due to outstanding POSIX locks
205 * (see fd_close_posix)
207 int ret = gpfswrap_set_share(fsp->fh->fd, 0, 0);
209 DBG_ERR("Clearing GPFS sharemode on close failed for "
211 fsp->conn->connectpath,
212 fsp->fsp_name->base_name,
217 return SMB_VFS_NEXT_CLOSE(handle, fsp);
220 static int set_gpfs_lease(int fd, int leasetype)
222 int gpfs_type = GPFS_LEASE_NONE;
224 if (leasetype == F_RDLCK) {
225 gpfs_type = GPFS_LEASE_READ;
227 if (leasetype == F_WRLCK) {
228 gpfs_type = GPFS_LEASE_WRITE;
231 /* we unconditionally set CAP_LEASE, rather than looking for
232 -1/EACCES as there is a bug in some versions of
233 libgpfs_gpl.so which results in a leaked fd on /dev/ss0
234 each time we try this with the wrong capabilities set
236 linux_set_lease_capability();
237 return gpfswrap_set_lease(fd, gpfs_type);
240 static int vfs_gpfs_setlease(vfs_handle_struct *handle, files_struct *fsp,
243 struct gpfs_config_data *config;
246 START_PROFILE(syscall_linux_setlease);
248 SMB_VFS_HANDLE_GET_DATA(handle, config,
249 struct gpfs_config_data,
252 if (linux_set_lease_sighandler(fsp->fh->fd) == -1) {
257 if (config->leases) {
259 * Ensure the lease owner is root to allow
260 * correct delivery of lease-break signals.
263 ret = set_gpfs_lease(fsp->fh->fd,leasetype);
268 END_PROFILE(syscall_linux_setlease);
273 static int vfs_gpfs_get_real_filename(struct vfs_handle_struct *handle,
280 char *full_path = NULL;
281 char *to_free = NULL;
282 char real_pathname[PATH_MAX+1], tmpbuf[PATH_MAX];
283 size_t full_path_len;
286 struct gpfs_config_data *config;
288 SMB_VFS_HANDLE_GET_DATA(handle, config,
289 struct gpfs_config_data,
292 if (!config->getrealfilename) {
293 return SMB_VFS_NEXT_GET_REAL_FILENAME(handle, path, name,
294 mem_ctx, found_name);
297 mangled = mangle_is_mangled(name, handle->conn->params);
299 return SMB_VFS_NEXT_GET_REAL_FILENAME(handle, path, name,
300 mem_ctx, found_name);
303 full_path_len = full_path_tos(path, name, tmpbuf, sizeof(tmpbuf),
304 &full_path, &to_free);
305 if (full_path_len == -1) {
310 buflen = sizeof(real_pathname) - 1;
312 result = gpfswrap_get_realfilename_path(full_path, real_pathname,
315 TALLOC_FREE(to_free);
317 if ((result == -1) && (errno == ENOSYS)) {
318 return SMB_VFS_NEXT_GET_REAL_FILENAME(
319 handle, path, name, mem_ctx, found_name);
323 DEBUG(10, ("smbd_gpfs_get_realfilename_path returned %s\n",
329 * GPFS does not necessarily null-terminate the returned path
330 * but instead returns the buffer length in buflen.
333 if (buflen < sizeof(real_pathname)) {
334 real_pathname[buflen] = '\0';
336 real_pathname[sizeof(real_pathname)-1] = '\0';
339 DEBUG(10, ("smbd_gpfs_get_realfilename_path: %s/%s -> %s\n",
340 path, name, real_pathname));
342 name = strrchr_m(real_pathname, '/');
348 *found_name = talloc_strdup(mem_ctx, name+1);
349 if (*found_name == NULL) {
357 static void sd2gpfs_control(uint16_t control, struct gpfs_acl *gacl)
359 unsigned int gpfs_aclflags = 0;
360 control &= SEC_DESC_DACL_PROTECTED | SEC_DESC_SACL_PROTECTED |
361 SEC_DESC_DACL_AUTO_INHERITED | SEC_DESC_SACL_AUTO_INHERITED |
362 SEC_DESC_DACL_DEFAULTED | SEC_DESC_SACL_DEFAULTED |
363 SEC_DESC_DACL_PRESENT | SEC_DESC_SACL_PRESENT;
364 gpfs_aclflags = control << 8;
365 if (!(control & SEC_DESC_DACL_PRESENT))
366 gpfs_aclflags |= ACL4_FLAG_NULL_DACL;
367 if (!(control & SEC_DESC_SACL_PRESENT))
368 gpfs_aclflags |= ACL4_FLAG_NULL_SACL;
369 gacl->acl_level = GPFS_ACL_LEVEL_V4FLAGS;
370 gacl->v4Level1.acl_flags = gpfs_aclflags;
373 static uint16_t gpfs2sd_control(unsigned int gpfs_aclflags)
375 uint16_t control = gpfs_aclflags >> 8;
376 control &= SEC_DESC_DACL_PROTECTED | SEC_DESC_SACL_PROTECTED |
377 SEC_DESC_DACL_AUTO_INHERITED | SEC_DESC_SACL_AUTO_INHERITED |
378 SEC_DESC_DACL_DEFAULTED | SEC_DESC_SACL_DEFAULTED |
379 SEC_DESC_DACL_PRESENT | SEC_DESC_SACL_PRESENT;
380 control |= SEC_DESC_SELF_RELATIVE;
384 static void gpfs_dumpacl(int level, struct gpfs_acl *gacl)
389 DEBUG(0, ("gpfs acl is NULL\n"));
393 DEBUG(level, ("len: %d, level: %d, version: %d, nace: %d, "
395 gacl->acl_len, gacl->acl_level, gacl->acl_version,
396 gacl->acl_nace, gpfs_acl_flags(gacl)));
398 for(i=0; i<gacl->acl_nace; i++)
400 struct gpfs_ace_v4 *gace = gpfs_ace_ptr(gacl, i);
401 DEBUG(level, ("\tace[%d]: type:%d, flags:0x%x, mask:0x%x, "
402 "iflags:0x%x, who:%u\n",
403 i, gace->aceType, gace->aceFlags, gace->aceMask,
404 gace->aceIFlags, gace->aceWho));
408 static int gpfs_getacl_with_capability(const char *fname, int flags, void *buf)
410 int ret, saved_errno;
412 set_effective_capability(DAC_OVERRIDE_CAPABILITY);
414 ret = gpfswrap_getacl(discard_const_p(char, fname), flags, buf);
417 drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
424 * get the ACL from GPFS, allocated on the specified mem_ctx
425 * internally retries when initial buffer was too small
427 * caller needs to cast result to either
428 * raw = yes: struct gpfs_opaque_acl
429 * raw = no: struct gpfs_acl
432 static void *vfs_gpfs_getacl(TALLOC_CTX *mem_ctx,
435 const gpfs_aclType_t type)
443 bool use_capability = false;
447 aclbuf = talloc_zero_size(mem_ctx, size);
448 if (aclbuf == NULL) {
454 struct gpfs_opaque_acl *buf = (struct gpfs_opaque_acl *) aclbuf;
455 buf->acl_type = type;
456 flags = GPFS_GETACL_NATIVE;
457 len = (unsigned int *) &(buf->acl_buffer_len);
458 struct_size = sizeof(struct gpfs_opaque_acl);
460 struct gpfs_acl *buf = (struct gpfs_acl *) aclbuf;
461 buf->acl_type = type;
462 buf->acl_level = GPFS_ACL_LEVEL_V4FLAGS;
463 flags = GPFS_GETACL_STRUCT;
464 len = &(buf->acl_len);
465 /* reserve space for control flags in gpfs 3.5 and beyond */
466 struct_size = sizeof(struct gpfs_acl) + sizeof(unsigned int);
469 /* set the length of the buffer as input value */
472 if (use_capability) {
473 ret = gpfs_getacl_with_capability(fname, flags, aclbuf);
475 ret = gpfswrap_getacl(discard_const_p(char, fname),
477 if ((ret != 0) && (errno == EACCES)) {
478 DBG_DEBUG("Retry with DAC capability for %s\n", fname);
479 use_capability = true;
480 ret = gpfs_getacl_with_capability(fname, flags, aclbuf);
484 if ((ret != 0) && (errno == ENOSPC)) {
486 * get the size needed to accommodate the complete buffer
488 * the value returned only applies to the ACL blob in the
489 * struct so make sure to also have headroom for the first
490 * struct members by adding room for the complete struct
491 * (might be a few bytes too much then)
493 size = *len + struct_size;
495 DEBUG(10, ("Increasing ACL buffer size to %zu\n", size));
500 DEBUG(5, ("smbd_gpfs_getacl failed with %s\n",
509 /* Tries to get nfs4 acls and returns SMB ACL allocated.
510 * On failure returns 1 if it got non-NFSv4 ACL to prompt
511 * retry with POSIX ACL checks.
512 * On failure returns -1 if there is system (GPFS) error, check errno.
513 * Returns 0 on success
515 static int gpfs_get_nfs4_acl(TALLOC_CTX *mem_ctx, const char *fname,
516 struct SMB4ACL_T **ppacl)
519 struct gpfs_acl *gacl = NULL;
520 DEBUG(10, ("gpfs_get_nfs4_acl invoked for %s\n", fname));
523 gacl = (struct gpfs_acl*) vfs_gpfs_getacl(talloc_tos(), fname,
526 DEBUG(9, ("gpfs_getacl failed for %s with %s\n",
527 fname, strerror(errno)));
528 if (errno == ENODATA) {
530 * GPFS returns ENODATA for snapshot
531 * directories. Retry with POSIX ACLs check.
539 if (gacl->acl_type != GPFS_ACL_TYPE_NFS4) {
540 DEBUG(10, ("Got non-nfsv4 acl\n"));
541 /* Retry with POSIX ACLs check */
546 *ppacl = smb_create_smb4acl(mem_ctx);
548 if (gacl->acl_level == GPFS_ACL_LEVEL_V4FLAGS) {
549 uint16_t control = gpfs2sd_control(gpfs_acl_flags(gacl));
550 smbacl4_set_controlflags(*ppacl, control);
553 DEBUG(10, ("len: %d, level: %d, version: %d, nace: %d, control: %x\n",
554 gacl->acl_len, gacl->acl_level, gacl->acl_version,
555 gacl->acl_nace, gpfs_acl_flags(gacl)));
557 for (i=0; i<gacl->acl_nace; i++) {
558 struct gpfs_ace_v4 *gace = gpfs_ace_ptr(gacl, i);
559 SMB_ACE4PROP_T smbace = { 0 };
560 DEBUG(10, ("type: %d, iflags: %x, flags: %x, mask: %x, "
561 "who: %d\n", gace->aceType, gace->aceIFlags,
562 gace->aceFlags, gace->aceMask, gace->aceWho));
564 if (gace->aceIFlags & ACE4_IFLAG_SPECIAL_ID) {
565 smbace.flags |= SMB_ACE4_ID_SPECIAL;
566 switch (gace->aceWho) {
567 case ACE4_SPECIAL_OWNER:
568 smbace.who.special_id = SMB_ACE4_WHO_OWNER;
570 case ACE4_SPECIAL_GROUP:
571 smbace.who.special_id = SMB_ACE4_WHO_GROUP;
573 case ACE4_SPECIAL_EVERYONE:
574 smbace.who.special_id = SMB_ACE4_WHO_EVERYONE;
577 DEBUG(8, ("invalid special gpfs id %d "
578 "ignored\n", gace->aceWho));
579 continue; /* don't add it */
582 if (gace->aceFlags & ACE4_FLAG_GROUP_ID)
583 smbace.who.gid = gace->aceWho;
585 smbace.who.uid = gace->aceWho;
588 /* remove redundant deny entries */
589 if (i > 0 && gace->aceType == SMB_ACE4_ACCESS_DENIED_ACE_TYPE) {
590 struct gpfs_ace_v4 *prev = gpfs_ace_ptr(gacl, i - 1);
591 if (prev->aceType == SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE &&
592 prev->aceFlags == gace->aceFlags &&
593 prev->aceIFlags == gace->aceIFlags &&
594 (gace->aceMask & prev->aceMask) == 0 &&
595 gace->aceWho == prev->aceWho) {
596 /* it's redundant - skip it */
601 smbace.aceType = gace->aceType;
602 smbace.aceFlags = gace->aceFlags;
603 smbace.aceMask = gace->aceMask;
604 smb_add_ace4(*ppacl, &smbace);
612 static NTSTATUS gpfsacl_fget_nt_acl(vfs_handle_struct *handle,
613 files_struct *fsp, uint32_t security_info,
615 struct security_descriptor **ppdesc)
617 struct SMB4ACL_T *pacl = NULL;
619 struct gpfs_config_data *config;
620 TALLOC_CTX *frame = talloc_stackframe();
625 SMB_VFS_HANDLE_GET_DATA(handle, config,
626 struct gpfs_config_data,
627 return NT_STATUS_INTERNAL_ERROR);
630 status = SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info,
636 result = gpfs_get_nfs4_acl(frame, fsp->fsp_name->base_name, &pacl);
639 status = smb_fget_nt_acl_nfs4(fsp, &config->nfs4_params,
641 mem_ctx, ppdesc, pacl);
647 DEBUG(10, ("retrying with posix acl...\n"));
648 status = posix_fget_nt_acl(fsp, security_info,
656 /* GPFS ACL was not read, something wrong happened, error code is set in errno */
657 return map_nt_error_from_unix(errno);
660 static NTSTATUS gpfsacl_get_nt_acl(vfs_handle_struct *handle,
661 const struct smb_filename *smb_fname,
662 uint32_t security_info,
664 struct security_descriptor **ppdesc)
666 struct SMB4ACL_T *pacl = NULL;
668 struct gpfs_config_data *config;
669 TALLOC_CTX *frame = talloc_stackframe();
674 SMB_VFS_HANDLE_GET_DATA(handle, config,
675 struct gpfs_config_data,
676 return NT_STATUS_INTERNAL_ERROR);
679 status = SMB_VFS_NEXT_GET_NT_ACL(handle, smb_fname,
686 result = gpfs_get_nfs4_acl(frame, smb_fname->base_name, &pacl);
689 status = smb_get_nt_acl_nfs4(handle->conn, smb_fname,
690 &config->nfs4_params,
691 security_info, mem_ctx, ppdesc,
698 DEBUG(10, ("retrying with posix acl...\n"));
699 status = posix_get_nt_acl(handle->conn, smb_fname,
700 security_info, mem_ctx, ppdesc);
705 /* GPFS ACL was not read, something wrong happened, error code is set in errno */
707 return map_nt_error_from_unix(errno);
710 static bool vfs_gpfs_nfs4_ace_to_gpfs_ace(SMB_ACE4PROP_T *nfs4_ace,
711 struct gpfs_ace_v4 *gace,
714 gace->aceType = nfs4_ace->aceType;
715 gace->aceFlags = nfs4_ace->aceFlags;
716 gace->aceMask = nfs4_ace->aceMask;
718 if (nfs4_ace->flags & SMB_ACE4_ID_SPECIAL) {
719 switch(nfs4_ace->who.special_id) {
720 case SMB_ACE4_WHO_EVERYONE:
721 gace->aceIFlags = ACE4_IFLAG_SPECIAL_ID;
722 gace->aceWho = ACE4_SPECIAL_EVERYONE;
724 case SMB_ACE4_WHO_OWNER:
726 * With GPFS it is not possible to deny ACL or
727 * attribute access to the owner. Setting an
728 * ACL with such an entry is not possible.
729 * Denying ACL or attribute access for the
730 * owner through a named ACL entry can be
731 * stored in an ACL, it is just not effective.
733 * Map this case to a named entry to allow at
734 * least setting this ACL, which will be
735 * enforced by the smbd permission check. Do
736 * not do this for an inheriting OWNER entry,
737 * as this represents a CREATOR OWNER ACE. The
738 * remaining limitation is that CREATOR OWNER
739 * cannot deny ACL or attribute access.
741 if (!nfs_ace_is_inherit(nfs4_ace) &&
743 SMB_ACE4_ACCESS_DENIED_ACE_TYPE &&
744 nfs4_ace->aceMask & (SMB_ACE4_READ_ATTRIBUTES|
745 SMB_ACE4_WRITE_ATTRIBUTES|
747 SMB_ACE4_WRITE_ACL)) {
749 gace->aceWho = owner_uid;
751 gace->aceIFlags = ACE4_IFLAG_SPECIAL_ID;
752 gace->aceWho = ACE4_SPECIAL_OWNER;
755 case SMB_ACE4_WHO_GROUP:
756 gace->aceIFlags = ACE4_IFLAG_SPECIAL_ID;
757 gace->aceWho = ACE4_SPECIAL_GROUP;
760 DBG_WARNING("Unsupported special_id %d\n",
761 nfs4_ace->who.special_id);
769 gace->aceWho = (nfs4_ace->aceFlags & SMB_ACE4_IDENTIFIER_GROUP) ?
770 nfs4_ace->who.gid : nfs4_ace->who.uid;
775 static struct gpfs_acl *vfs_gpfs_smbacl2gpfsacl(TALLOC_CTX *mem_ctx,
777 struct SMB4ACL_T *smbacl,
780 struct gpfs_acl *gacl;
781 gpfs_aclLen_t gacl_len;
782 struct SMB4ACE_T *smbace;
784 gacl_len = offsetof(gpfs_acl_t, ace_v4) + sizeof(unsigned int)
785 + smb_get_naces(smbacl) * sizeof(gpfs_ace_v4_t);
787 gacl = (struct gpfs_acl *)TALLOC_SIZE(mem_ctx, gacl_len);
789 DEBUG(0, ("talloc failed\n"));
794 gacl->acl_level = GPFS_ACL_LEVEL_BASE;
795 gacl->acl_version = GPFS_ACL_VERSION_NFS4;
796 gacl->acl_type = GPFS_ACL_TYPE_NFS4;
797 gacl->acl_nace = 0; /* change later... */
800 gacl->acl_level = GPFS_ACL_LEVEL_V4FLAGS;
801 sd2gpfs_control(smbacl4_get_controlflags(smbacl), gacl);
804 for (smbace=smb_first_ace4(smbacl); smbace!=NULL; smbace = smb_next_ace4(smbace)) {
805 struct gpfs_ace_v4 *gace = gpfs_ace_ptr(gacl, gacl->acl_nace);
806 SMB_ACE4PROP_T *aceprop = smb_get_ace4(smbace);
809 add_ace = vfs_gpfs_nfs4_ace_to_gpfs_ace(aceprop, gace,
810 fsp->fsp_name->st.st_ex_uid);
817 gacl->acl_len = (char *)gpfs_ace_ptr(gacl, gacl->acl_nace)
822 static bool gpfsacl_process_smbacl(vfs_handle_struct *handle,
824 struct SMB4ACL_T *smbacl)
827 struct gpfs_acl *gacl;
828 TALLOC_CTX *mem_ctx = talloc_tos();
830 gacl = vfs_gpfs_smbacl2gpfsacl(mem_ctx, fsp, smbacl, true);
831 if (gacl == NULL) { /* out of memory */
834 ret = gpfswrap_putacl(fsp->fsp_name->base_name,
835 GPFS_PUTACL_STRUCT | GPFS_ACL_SAMBA, gacl);
837 if ((ret != 0) && (errno == EINVAL)) {
838 DEBUG(10, ("Retry without nfs41 control flags\n"));
840 gacl = vfs_gpfs_smbacl2gpfsacl(mem_ctx, fsp, smbacl, false);
841 if (gacl == NULL) { /* out of memory */
844 ret = gpfswrap_putacl(fsp->fsp_name->base_name,
845 GPFS_PUTACL_STRUCT | GPFS_ACL_SAMBA,
850 DEBUG(8, ("gpfs_putacl failed with %s\n", strerror(errno)));
851 gpfs_dumpacl(8, gacl);
855 DEBUG(10, ("gpfs_putacl succeeded\n"));
859 static NTSTATUS gpfsacl_set_nt_acl_internal(vfs_handle_struct *handle, files_struct *fsp, uint32_t security_info_sent, const struct security_descriptor *psd)
861 struct gpfs_acl *acl;
862 NTSTATUS result = NT_STATUS_ACCESS_DENIED;
864 acl = (struct gpfs_acl*) vfs_gpfs_getacl(talloc_tos(),
865 fsp->fsp_name->base_name,
868 return map_nt_error_from_unix(errno);
871 if (acl->acl_version == GPFS_ACL_VERSION_NFS4) {
872 struct gpfs_config_data *config;
874 if (lp_parm_bool(fsp->conn->params->service, "gpfs",
875 "refuse_dacl_protected", false)
876 && (psd->type&SEC_DESC_DACL_PROTECTED)) {
877 DEBUG(2, ("Rejecting unsupported ACL with DACL_PROTECTED bit set\n"));
879 return NT_STATUS_NOT_SUPPORTED;
882 SMB_VFS_HANDLE_GET_DATA(handle, config,
883 struct gpfs_config_data,
884 return NT_STATUS_INTERNAL_ERROR);
886 result = smb_set_nt_acl_nfs4(handle,
887 fsp, &config->nfs4_params, security_info_sent, psd,
888 gpfsacl_process_smbacl);
889 } else { /* assume POSIX ACL - by default... */
890 result = set_nt_acl(fsp, security_info_sent, psd);
897 static NTSTATUS gpfsacl_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32_t security_info_sent, const struct security_descriptor *psd)
899 struct gpfs_config_data *config;
901 SMB_VFS_HANDLE_GET_DATA(handle, config,
902 struct gpfs_config_data,
903 return NT_STATUS_INTERNAL_ERROR);
906 return SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
909 return gpfsacl_set_nt_acl_internal(handle, fsp, security_info_sent, psd);
912 static SMB_ACL_T gpfs2smb_acl(const struct gpfs_acl *pacl, TALLOC_CTX *mem_ctx)
917 result = sys_acl_init(mem_ctx);
918 if (result == NULL) {
923 result->count = pacl->acl_nace;
924 result->acl = talloc_realloc(result, result->acl, struct smb_acl_entry,
926 if (result->acl == NULL) {
932 for (i=0; i<pacl->acl_nace; i++) {
933 struct smb_acl_entry *ace = &result->acl[i];
934 const struct gpfs_ace_v1 *g_ace = &pacl->ace_v1[i];
936 DEBUG(10, ("Converting type %d id %lu perm %x\n",
937 (int)g_ace->ace_type, (unsigned long)g_ace->ace_who,
938 (int)g_ace->ace_perm));
940 switch (g_ace->ace_type) {
942 ace->a_type = SMB_ACL_USER;
943 ace->info.user.uid = (uid_t)g_ace->ace_who;
945 case GPFS_ACL_USER_OBJ:
946 ace->a_type = SMB_ACL_USER_OBJ;
949 ace->a_type = SMB_ACL_GROUP;
950 ace->info.group.gid = (gid_t)g_ace->ace_who;
952 case GPFS_ACL_GROUP_OBJ:
953 ace->a_type = SMB_ACL_GROUP_OBJ;
956 ace->a_type = SMB_ACL_OTHER;
959 ace->a_type = SMB_ACL_MASK;
962 DEBUG(10, ("Got invalid ace_type: %d\n",
970 ace->a_perm |= (g_ace->ace_perm & ACL_PERM_READ) ?
972 ace->a_perm |= (g_ace->ace_perm & ACL_PERM_WRITE) ?
974 ace->a_perm |= (g_ace->ace_perm & ACL_PERM_EXECUTE) ?
977 DEBUGADD(10, ("Converted to %d perm %x\n",
978 ace->a_type, ace->a_perm));
984 static SMB_ACL_T gpfsacl_get_posix_acl(const char *path, gpfs_aclType_t type,
987 struct gpfs_acl *pacl;
988 SMB_ACL_T result = NULL;
990 pacl = vfs_gpfs_getacl(talloc_tos(), path, false, type);
993 DEBUG(10, ("vfs_gpfs_getacl failed for %s with %s\n",
994 path, strerror(errno)));
1001 if (pacl->acl_version != GPFS_ACL_VERSION_POSIX) {
1002 DEBUG(10, ("Got acl version %d, expected %d\n",
1003 pacl->acl_version, GPFS_ACL_VERSION_POSIX));
1008 DEBUG(10, ("len: %d, level: %d, version: %d, nace: %d\n",
1009 pacl->acl_len, pacl->acl_level, pacl->acl_version,
1012 result = gpfs2smb_acl(pacl, mem_ctx);
1013 if (result != NULL) {
1023 TALLOC_FREE(result);
1028 static SMB_ACL_T gpfsacl_sys_acl_get_file(vfs_handle_struct *handle,
1029 const struct smb_filename *smb_fname,
1030 SMB_ACL_TYPE_T type,
1031 TALLOC_CTX *mem_ctx)
1033 gpfs_aclType_t gpfs_type;
1034 struct gpfs_config_data *config;
1036 SMB_VFS_HANDLE_GET_DATA(handle, config,
1037 struct gpfs_config_data,
1041 return SMB_VFS_NEXT_SYS_ACL_GET_FILE(handle, smb_fname,
1046 case SMB_ACL_TYPE_ACCESS:
1047 gpfs_type = GPFS_ACL_TYPE_ACCESS;
1049 case SMB_ACL_TYPE_DEFAULT:
1050 gpfs_type = GPFS_ACL_TYPE_DEFAULT;
1053 DEBUG(0, ("Got invalid type: %d\n", type));
1054 smb_panic("exiting");
1057 return gpfsacl_get_posix_acl(smb_fname->base_name, gpfs_type, mem_ctx);
1060 static SMB_ACL_T gpfsacl_sys_acl_get_fd(vfs_handle_struct *handle,
1062 TALLOC_CTX *mem_ctx)
1064 struct gpfs_config_data *config;
1066 SMB_VFS_HANDLE_GET_DATA(handle, config,
1067 struct gpfs_config_data,
1071 return SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp, mem_ctx);
1074 return gpfsacl_get_posix_acl(fsp->fsp_name->base_name,
1075 GPFS_ACL_TYPE_ACCESS, mem_ctx);
1078 static int gpfsacl_sys_acl_blob_get_file(vfs_handle_struct *handle,
1079 const struct smb_filename *smb_fname,
1080 TALLOC_CTX *mem_ctx,
1081 char **blob_description,
1084 struct gpfs_config_data *config;
1085 struct gpfs_opaque_acl *acl = NULL;
1088 const char *path_p = smb_fname->base_name;
1090 SMB_VFS_HANDLE_GET_DATA(handle, config,
1091 struct gpfs_config_data,
1095 return SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FILE(handle, smb_fname,
1102 acl = (struct gpfs_opaque_acl *)
1103 vfs_gpfs_getacl(mem_ctx,
1106 GPFS_ACL_TYPE_NFS4);
1109 DEBUG(5, ("vfs_gpfs_getacl finished with errno %d: %s\n",
1110 errno, strerror(errno)));
1112 /* EINVAL means POSIX ACL, bail out on other cases */
1113 if (errno != EINVAL) {
1120 * file has NFSv4 ACL
1122 * we only need the actual ACL blob here
1123 * acl_version will always be NFS4 because we asked
1125 * acl_type is only used for POSIX ACLs
1127 aclblob.data = (uint8_t*) acl->acl_var_data;
1128 aclblob.length = acl->acl_buffer_len;
1130 *blob_description = talloc_strdup(mem_ctx, "gpfs_nfs4_acl");
1131 if (!*blob_description) {
1137 result = non_posix_sys_acl_blob_get_file_helper(handle, smb_fname,
1145 /* fall back to POSIX ACL */
1146 return posix_sys_acl_blob_get_file(handle, smb_fname, mem_ctx,
1147 blob_description, blob);
1150 static int gpfsacl_sys_acl_blob_get_fd(vfs_handle_struct *handle,
1152 TALLOC_CTX *mem_ctx,
1153 char **blob_description,
1156 struct gpfs_config_data *config;
1157 struct gpfs_opaque_acl *acl = NULL;
1161 SMB_VFS_HANDLE_GET_DATA(handle, config,
1162 struct gpfs_config_data,
1166 return SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FD(handle, fsp, mem_ctx,
1167 blob_description, blob);
1171 acl = (struct gpfs_opaque_acl *) vfs_gpfs_getacl(mem_ctx,
1172 fsp->fsp_name->base_name,
1174 GPFS_ACL_TYPE_NFS4);
1177 DEBUG(5, ("vfs_gpfs_getacl finished with errno %d: %s\n",
1178 errno, strerror(errno)));
1180 /* EINVAL means POSIX ACL, bail out on other cases */
1181 if (errno != EINVAL) {
1188 * file has NFSv4 ACL
1190 * we only need the actual ACL blob here
1191 * acl_version will always be NFS4 because we asked
1193 * acl_type is only used for POSIX ACLs
1195 aclblob.data = (uint8_t*) acl->acl_var_data;
1196 aclblob.length = acl->acl_buffer_len;
1198 *blob_description = talloc_strdup(mem_ctx, "gpfs_nfs4_acl");
1199 if (!*blob_description) {
1205 result = non_posix_sys_acl_blob_get_fd_helper(handle, fsp,
1213 /* fall back to POSIX ACL */
1214 return posix_sys_acl_blob_get_fd(handle, fsp, mem_ctx,
1215 blob_description, blob);
1218 static struct gpfs_acl *smb2gpfs_acl(const SMB_ACL_T pacl,
1219 SMB_ACL_TYPE_T type)
1222 struct gpfs_acl *result;
1225 DEBUG(10, ("smb2gpfs_acl: Got ACL with %d entries\n", pacl->count));
1227 len = offsetof(gpfs_acl_t, ace_v1) + (pacl->count) *
1228 sizeof(gpfs_ace_v1_t);
1230 result = (struct gpfs_acl *)SMB_MALLOC(len);
1231 if (result == NULL) {
1236 result->acl_len = len;
1237 result->acl_level = 0;
1238 result->acl_version = GPFS_ACL_VERSION_POSIX;
1239 result->acl_type = (type == SMB_ACL_TYPE_DEFAULT) ?
1240 GPFS_ACL_TYPE_DEFAULT : GPFS_ACL_TYPE_ACCESS;
1241 result->acl_nace = pacl->count;
1243 for (i=0; i<pacl->count; i++) {
1244 const struct smb_acl_entry *ace = &pacl->acl[i];
1245 struct gpfs_ace_v1 *g_ace = &result->ace_v1[i];
1247 DEBUG(10, ("Converting type %d perm %x\n",
1248 (int)ace->a_type, (int)ace->a_perm));
1250 g_ace->ace_perm = 0;
1252 switch(ace->a_type) {
1254 g_ace->ace_type = GPFS_ACL_USER;
1255 g_ace->ace_who = (gpfs_uid_t)ace->info.user.uid;
1257 case SMB_ACL_USER_OBJ:
1258 g_ace->ace_type = GPFS_ACL_USER_OBJ;
1259 g_ace->ace_perm |= ACL_PERM_CONTROL;
1263 g_ace->ace_type = GPFS_ACL_GROUP;
1264 g_ace->ace_who = (gpfs_uid_t)ace->info.group.gid;
1266 case SMB_ACL_GROUP_OBJ:
1267 g_ace->ace_type = GPFS_ACL_GROUP_OBJ;
1271 g_ace->ace_type = GPFS_ACL_MASK;
1272 g_ace->ace_perm = 0x8f;
1276 g_ace->ace_type = GPFS_ACL_OTHER;
1280 DEBUG(10, ("Got invalid ace_type: %d\n", ace->a_type));
1286 g_ace->ace_perm |= (ace->a_perm & SMB_ACL_READ) ?
1288 g_ace->ace_perm |= (ace->a_perm & SMB_ACL_WRITE) ?
1290 g_ace->ace_perm |= (ace->a_perm & SMB_ACL_EXECUTE) ?
1291 ACL_PERM_EXECUTE : 0;
1293 DEBUGADD(10, ("Converted to %d id %d perm %x\n",
1294 g_ace->ace_type, g_ace->ace_who, g_ace->ace_perm));
1300 static int gpfsacl_sys_acl_set_file(vfs_handle_struct *handle,
1301 const struct smb_filename *smb_fname,
1302 SMB_ACL_TYPE_T type,
1305 struct gpfs_acl *gpfs_acl;
1307 struct gpfs_config_data *config;
1309 SMB_VFS_HANDLE_GET_DATA(handle, config,
1310 struct gpfs_config_data,
1314 return SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle, smb_fname,
1318 gpfs_acl = smb2gpfs_acl(theacl, type);
1319 if (gpfs_acl == NULL) {
1323 result = gpfswrap_putacl(discard_const_p(char, smb_fname->base_name),
1324 GPFS_PUTACL_STRUCT|GPFS_ACL_SAMBA, gpfs_acl);
1326 SAFE_FREE(gpfs_acl);
1330 static int gpfsacl_sys_acl_set_fd(vfs_handle_struct *handle,
1334 struct gpfs_config_data *config;
1336 SMB_VFS_HANDLE_GET_DATA(handle, config,
1337 struct gpfs_config_data,
1341 return SMB_VFS_NEXT_SYS_ACL_SET_FD(handle, fsp, theacl);
1344 return gpfsacl_sys_acl_set_file(handle, fsp->fsp_name,
1345 SMB_ACL_TYPE_ACCESS, theacl);
1348 static int gpfsacl_sys_acl_delete_def_file(vfs_handle_struct *handle,
1349 const struct smb_filename *smb_fname)
1351 struct gpfs_config_data *config;
1353 SMB_VFS_HANDLE_GET_DATA(handle, config,
1354 struct gpfs_config_data,
1358 return SMB_VFS_NEXT_SYS_ACL_DELETE_DEF_FILE(handle, smb_fname);
1366 * Assumed: mode bits are shiftable and standard
1367 * Output: the new aceMask field for an smb nfs4 ace
1369 static uint32_t gpfsacl_mask_filter(uint32_t aceType, uint32_t aceMask, uint32_t rwx)
1371 const uint32_t posix_nfs4map[3] = {
1372 SMB_ACE4_EXECUTE, /* execute */
1373 SMB_ACE4_WRITE_DATA | SMB_ACE4_APPEND_DATA, /* write; GPFS specific */
1374 SMB_ACE4_READ_DATA /* read */
1377 uint32_t posix_mask = 0x01;
1381 for(i=0; i<3; i++) {
1382 nfs4_bits = posix_nfs4map[i];
1383 posix_bit = rwx & posix_mask;
1385 if (aceType==SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE) {
1387 aceMask |= nfs4_bits;
1389 aceMask &= ~nfs4_bits;
1391 /* add deny bits when suitable */
1393 aceMask |= nfs4_bits;
1395 aceMask &= ~nfs4_bits;
1396 } /* other ace types are unexpected */
1404 static int gpfsacl_emu_chmod(vfs_handle_struct *handle,
1405 const char *path, mode_t mode)
1407 struct SMB4ACL_T *pacl = NULL;
1409 bool haveAllowEntry[SMB_ACE4_WHO_EVERYONE + 1] = {False, False, False, False};
1411 files_struct fake_fsp = { 0 }; /* TODO: rationalize parametrization */
1412 struct SMB4ACE_T *smbace;
1413 TALLOC_CTX *frame = talloc_stackframe();
1415 DEBUG(10, ("gpfsacl_emu_chmod invoked for %s mode %o\n", path, mode));
1417 result = gpfs_get_nfs4_acl(frame, path, &pacl);
1423 if (mode & ~(S_IRWXU | S_IRWXG | S_IRWXO)) {
1424 DEBUG(2, ("WARNING: cutting extra mode bits %o on %s\n", mode, path));
1427 for (smbace=smb_first_ace4(pacl); smbace!=NULL; smbace = smb_next_ace4(smbace)) {
1428 SMB_ACE4PROP_T *ace = smb_get_ace4(smbace);
1429 uint32_t specid = ace->who.special_id;
1431 if (ace->flags&SMB_ACE4_ID_SPECIAL &&
1432 ace->aceType<=SMB_ACE4_ACCESS_DENIED_ACE_TYPE &&
1433 specid <= SMB_ACE4_WHO_EVERYONE) {
1437 if (ace->aceType==SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE)
1438 haveAllowEntry[specid] = True;
1440 /* mode >> 6 for @owner, mode >> 3 for @group,
1441 * mode >> 0 for @everyone */
1442 newMask = gpfsacl_mask_filter(ace->aceType, ace->aceMask,
1443 mode >> ((SMB_ACE4_WHO_EVERYONE - specid) * 3));
1444 if (ace->aceMask!=newMask) {
1445 DEBUG(10, ("ace changed for %s (%o -> %o) id=%d\n",
1446 path, ace->aceMask, newMask, specid));
1448 ace->aceMask = newMask;
1452 /* make sure we have at least ALLOW entries
1453 * for all the 3 special ids (@EVERYONE, @OWNER, @GROUP)
1456 for(i = SMB_ACE4_WHO_OWNER; i<=SMB_ACE4_WHO_EVERYONE; i++) {
1457 SMB_ACE4PROP_T ace = { 0 };
1459 if (haveAllowEntry[i]==True)
1462 ace.aceType = SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE;
1463 ace.flags |= SMB_ACE4_ID_SPECIAL;
1464 ace.who.special_id = i;
1466 if (i==SMB_ACE4_WHO_GROUP) /* not sure it's necessary... */
1467 ace.aceFlags |= SMB_ACE4_IDENTIFIER_GROUP;
1469 ace.aceMask = gpfsacl_mask_filter(ace.aceType, ace.aceMask,
1470 mode >> ((SMB_ACE4_WHO_EVERYONE - i) * 3));
1472 /* don't add unnecessary aces */
1476 /* we add it to the END - as windows expects allow aces */
1477 smb_add_ace4(pacl, &ace);
1478 DEBUG(10, ("Added ALLOW ace for %s, mode=%o, id=%d, aceMask=%x\n",
1479 path, mode, i, ace.aceMask));
1482 /* don't add complementary DENY ACEs here */
1483 fake_fsp.fsp_name = synthetic_smb_fname(
1484 frame, path, NULL, NULL, 0);
1485 if (fake_fsp.fsp_name == NULL) {
1491 if (gpfsacl_process_smbacl(handle, &fake_fsp, pacl) == False) {
1497 return 0; /* ok for [f]chmod */
1500 static int vfs_gpfs_chmod(vfs_handle_struct *handle,
1501 const struct smb_filename *smb_fname,
1504 struct smb_filename *smb_fname_cpath;
1507 smb_fname_cpath = cp_smb_filename(talloc_tos(), smb_fname);
1508 if (smb_fname_cpath == NULL) {
1513 if (SMB_VFS_NEXT_STAT(handle, smb_fname_cpath) != 0) {
1514 TALLOC_FREE(smb_fname_cpath);
1518 /* avoid chmod() if possible, to preserve acls */
1519 if ((smb_fname_cpath->st.st_ex_mode & ~S_IFMT) == mode) {
1520 TALLOC_FREE(smb_fname_cpath);
1524 rc = gpfsacl_emu_chmod(handle, smb_fname->base_name, mode);
1526 return SMB_VFS_NEXT_CHMOD(handle, smb_fname, mode);
1528 TALLOC_FREE(smb_fname_cpath);
1532 static int vfs_gpfs_fchmod(vfs_handle_struct *handle, files_struct *fsp, mode_t mode)
1537 if (SMB_VFS_NEXT_FSTAT(handle, fsp, &st) != 0) {
1541 /* avoid chmod() if possible, to preserve acls */
1542 if ((st.st_ex_mode & ~S_IFMT) == mode) {
1546 rc = gpfsacl_emu_chmod(handle, fsp->fsp_name->base_name,
1549 return SMB_VFS_NEXT_FCHMOD(handle, fsp, mode);
1553 static uint32_t vfs_gpfs_winattrs_to_dosmode(unsigned int winattrs)
1555 uint32_t dosmode = 0;
1557 if (winattrs & GPFS_WINATTR_ARCHIVE){
1558 dosmode |= FILE_ATTRIBUTE_ARCHIVE;
1560 if (winattrs & GPFS_WINATTR_HIDDEN){
1561 dosmode |= FILE_ATTRIBUTE_HIDDEN;
1563 if (winattrs & GPFS_WINATTR_SYSTEM){
1564 dosmode |= FILE_ATTRIBUTE_SYSTEM;
1566 if (winattrs & GPFS_WINATTR_READONLY){
1567 dosmode |= FILE_ATTRIBUTE_READONLY;
1569 if (winattrs & GPFS_WINATTR_SPARSE_FILE) {
1570 dosmode |= FILE_ATTRIBUTE_SPARSE;
1572 if (winattrs & GPFS_WINATTR_OFFLINE) {
1573 dosmode |= FILE_ATTRIBUTE_OFFLINE;
1579 static unsigned int vfs_gpfs_dosmode_to_winattrs(uint32_t dosmode)
1581 unsigned int winattrs = 0;
1583 if (dosmode & FILE_ATTRIBUTE_ARCHIVE){
1584 winattrs |= GPFS_WINATTR_ARCHIVE;
1586 if (dosmode & FILE_ATTRIBUTE_HIDDEN){
1587 winattrs |= GPFS_WINATTR_HIDDEN;
1589 if (dosmode & FILE_ATTRIBUTE_SYSTEM){
1590 winattrs |= GPFS_WINATTR_SYSTEM;
1592 if (dosmode & FILE_ATTRIBUTE_READONLY){
1593 winattrs |= GPFS_WINATTR_READONLY;
1595 if (dosmode & FILE_ATTRIBUTE_SPARSE) {
1596 winattrs |= GPFS_WINATTR_SPARSE_FILE;
1598 if (dosmode & FILE_ATTRIBUTE_OFFLINE) {
1599 winattrs |= GPFS_WINATTR_OFFLINE;
1605 static int get_dos_attr_with_capability(struct smb_filename *smb_fname,
1606 unsigned int *litemask,
1607 struct gpfs_iattr64 *iattr)
1609 int saved_errno = 0;
1613 * According to MS-FSA 2.1.5.1.2.1 "Algorithm to Check Access to an
1614 * Existing File" FILE_LIST_DIRECTORY on a directory implies
1615 * FILE_READ_ATTRIBUTES for directory entries. Being able to stat() a
1616 * file implies FILE_LIST_DIRECTORY for the directory containing the
1620 if (!VALID_STAT(smb_fname->st)) {
1622 * Safety net: dos_mode() already checks this, but as we set
1623 * DAC_OVERRIDE_CAPABILITY based on this, add an additional
1626 DBG_ERR("Rejecting DAC override, invalid stat [%s]\n",
1627 smb_fname_str_dbg(smb_fname));
1632 set_effective_capability(DAC_OVERRIDE_CAPABILITY);
1634 ret = gpfswrap_stat_x(smb_fname->base_name, litemask,
1635 iattr, sizeof(*iattr));
1637 saved_errno = errno;
1640 drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
1642 if (saved_errno != 0) {
1643 errno = saved_errno;
1648 static NTSTATUS vfs_gpfs_get_file_id(struct gpfs_iattr64 *iattr,
1651 uint8_t input[sizeof(gpfs_ino64_t) +
1652 sizeof(gpfs_gen64_t) +
1653 sizeof(gpfs_snapid64_t)];
1654 uint8_t digest[gnutls_hash_get_len(GNUTLS_DIG_SHA1)];
1657 DBG_DEBUG("ia_inode 0x%llx, ia_gen 0x%llx, ia_modsnapid 0x%llx\n",
1658 iattr->ia_inode, iattr->ia_gen, iattr->ia_modsnapid);
1661 0, iattr->ia_inode);
1663 sizeof(gpfs_ino64_t), iattr->ia_gen);
1665 sizeof(gpfs_ino64_t) + sizeof(gpfs_gen64_t), iattr->ia_modsnapid);
1667 GNUTLS_FIPS140_SET_LAX_MODE();
1668 rc = gnutls_hash_fast(GNUTLS_DIG_SHA1, input, sizeof(input), &digest);
1669 GNUTLS_FIPS140_SET_STRICT_MODE();
1672 return gnutls_error_to_ntstatus(rc,
1673 NT_STATUS_HASH_NOT_SUPPORTED);
1676 memcpy(fileid, &digest, sizeof(*fileid));
1677 DBG_DEBUG("file_id 0x%" PRIx64 "\n", *fileid);
1679 return NT_STATUS_OK;
1682 static struct timespec gpfs_timestruc64_to_timespec(struct gpfs_timestruc64 g)
1684 return (struct timespec) { .tv_sec = g.tv_sec, .tv_nsec = g.tv_nsec };
1687 static NTSTATUS vfs_gpfs_get_dos_attributes(struct vfs_handle_struct *handle,
1688 struct smb_filename *smb_fname,
1691 struct gpfs_config_data *config;
1692 struct gpfs_iattr64 iattr = { };
1693 unsigned int litemask = 0;
1699 SMB_VFS_HANDLE_GET_DATA(handle, config,
1700 struct gpfs_config_data,
1701 return NT_STATUS_INTERNAL_ERROR);
1703 if (!config->winattr) {
1704 return SMB_VFS_NEXT_GET_DOS_ATTRIBUTES(handle,
1705 smb_fname, dosmode);
1708 ret = gpfswrap_stat_x(smb_fname->base_name, &litemask,
1709 &iattr, sizeof(iattr));
1710 if (ret == -1 && errno == ENOSYS) {
1711 return SMB_VFS_NEXT_GET_DOS_ATTRIBUTES(handle, smb_fname,
1714 if (ret == -1 && errno == EACCES) {
1715 ret = get_dos_attr_with_capability(smb_fname, &litemask,
1719 if (ret == -1 && errno == EBADF) {
1721 * Returned for directory listings in gpfs root for
1722 * .. entry which steps out of gpfs.
1724 DBG_DEBUG("Getting winattrs for %s returned EBADF.\n",
1725 smb_fname->base_name);
1726 return map_nt_error_from_unix(errno);
1727 } else if (ret == -1) {
1728 DBG_WARNING("Getting winattrs failed for %s: %s\n",
1729 smb_fname->base_name, strerror(errno));
1730 return map_nt_error_from_unix(errno);
1733 status = vfs_gpfs_get_file_id(&iattr, &file_id);
1734 if (!NT_STATUS_IS_OK(status)) {
1738 ts = gpfs_timestruc64_to_timespec(iattr.ia_createtime);
1740 *dosmode |= vfs_gpfs_winattrs_to_dosmode(iattr.ia_winflags);
1741 update_stat_ex_create_time(&smb_fname->st, ts);
1742 update_stat_ex_file_id(&smb_fname->st, file_id);
1744 return NT_STATUS_OK;
1747 static NTSTATUS vfs_gpfs_fget_dos_attributes(struct vfs_handle_struct *handle,
1748 struct files_struct *fsp,
1751 struct gpfs_config_data *config;
1752 struct gpfs_iattr64 iattr = { };
1753 unsigned int litemask;
1759 SMB_VFS_HANDLE_GET_DATA(handle, config,
1760 struct gpfs_config_data,
1761 return NT_STATUS_INTERNAL_ERROR);
1763 if (!config->winattr) {
1764 return SMB_VFS_NEXT_FGET_DOS_ATTRIBUTES(handle, fsp, dosmode);
1767 ret = gpfswrap_fstat_x(fsp->fh->fd, &litemask, &iattr, sizeof(iattr));
1768 if (ret == -1 && errno == ENOSYS) {
1769 return SMB_VFS_NEXT_FGET_DOS_ATTRIBUTES(handle, fsp, dosmode);
1772 if (ret == -1 && errno == EACCES) {
1773 int saved_errno = 0;
1776 * According to MS-FSA 2.1.5.1.2.1 "Algorithm to Check Access to
1777 * an Existing File" FILE_LIST_DIRECTORY on a directory implies
1778 * FILE_READ_ATTRIBUTES for directory entries. Being able to
1779 * open a file implies FILE_LIST_DIRECTORY.
1782 set_effective_capability(DAC_OVERRIDE_CAPABILITY);
1784 ret = gpfswrap_fstat_x(fsp->fh->fd, &litemask,
1785 &iattr, sizeof(iattr));
1787 saved_errno = errno;
1790 drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
1792 if (saved_errno != 0) {
1793 errno = saved_errno;
1798 DBG_WARNING("Getting winattrs failed for %s: %s\n",
1799 fsp->fsp_name->base_name, strerror(errno));
1800 return map_nt_error_from_unix(errno);
1803 status = vfs_gpfs_get_file_id(&iattr, &file_id);
1804 if (!NT_STATUS_IS_OK(status)) {
1808 ts = gpfs_timestruc64_to_timespec(iattr.ia_createtime);
1810 *dosmode |= vfs_gpfs_winattrs_to_dosmode(iattr.ia_winflags);
1811 update_stat_ex_create_time(&fsp->fsp_name->st, ts);
1812 update_stat_ex_file_id(&fsp->fsp_name->st, file_id);
1814 return NT_STATUS_OK;
1817 static NTSTATUS vfs_gpfs_set_dos_attributes(struct vfs_handle_struct *handle,
1818 const struct smb_filename *smb_fname,
1821 struct gpfs_config_data *config;
1822 struct gpfs_winattr attrs = { };
1825 SMB_VFS_HANDLE_GET_DATA(handle, config,
1826 struct gpfs_config_data,
1827 return NT_STATUS_INTERNAL_ERROR);
1829 if (!config->winattr) {
1830 return SMB_VFS_NEXT_SET_DOS_ATTRIBUTES(handle,
1831 smb_fname, dosmode);
1834 attrs.winAttrs = vfs_gpfs_dosmode_to_winattrs(dosmode);
1835 ret = gpfswrap_set_winattrs_path(smb_fname->base_name,
1836 GPFS_WINATTR_SET_ATTRS, &attrs);
1838 if (ret == -1 && errno == ENOSYS) {
1839 return SMB_VFS_NEXT_SET_DOS_ATTRIBUTES(handle,
1840 smb_fname, dosmode);
1844 DBG_WARNING("Setting winattrs failed for %s: %s\n",
1845 smb_fname->base_name, strerror(errno));
1846 return map_nt_error_from_unix(errno);
1849 return NT_STATUS_OK;
1852 static NTSTATUS vfs_gpfs_fset_dos_attributes(struct vfs_handle_struct *handle,
1853 struct files_struct *fsp,
1856 struct gpfs_config_data *config;
1857 struct gpfs_winattr attrs = { };
1860 SMB_VFS_HANDLE_GET_DATA(handle, config,
1861 struct gpfs_config_data,
1862 return NT_STATUS_INTERNAL_ERROR);
1864 if (!config->winattr) {
1865 return SMB_VFS_NEXT_FSET_DOS_ATTRIBUTES(handle, fsp, dosmode);
1868 attrs.winAttrs = vfs_gpfs_dosmode_to_winattrs(dosmode);
1869 ret = gpfswrap_set_winattrs(fsp->fh->fd,
1870 GPFS_WINATTR_SET_ATTRS, &attrs);
1872 if (ret == -1 && errno == ENOSYS) {
1873 return SMB_VFS_NEXT_FSET_DOS_ATTRIBUTES(handle, fsp, dosmode);
1877 DBG_WARNING("Setting winattrs failed for %s: %s\n",
1878 fsp->fsp_name->base_name, strerror(errno));
1879 return map_nt_error_from_unix(errno);
1882 return NT_STATUS_OK;
1885 static int stat_with_capability(struct vfs_handle_struct *handle,
1886 struct smb_filename *smb_fname, int flag)
1888 #if defined(HAVE_FSTATAT)
1892 const char *rel_name = NULL;
1896 b = parent_dirname(talloc_tos(), smb_fname->base_name,
1897 &dir_name, &rel_name);
1903 fd = open(dir_name, O_RDONLY, 0);
1904 TALLOC_FREE(dir_name);
1909 set_effective_capability(DAC_OVERRIDE_CAPABILITY);
1910 ret = fstatat(fd, rel_name, &st, flag);
1911 drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
1916 init_stat_ex_from_stat(
1917 &smb_fname->st, &st,
1918 lp_fake_directory_create_times(SNUM(handle->conn)));
1927 static int vfs_gpfs_stat(struct vfs_handle_struct *handle,
1928 struct smb_filename *smb_fname)
1931 struct gpfs_config_data *config;
1933 SMB_VFS_HANDLE_GET_DATA(handle, config,
1934 struct gpfs_config_data,
1937 ret = SMB_VFS_NEXT_STAT(handle, smb_fname);
1938 if (ret == -1 && errno == EACCES) {
1939 DEBUG(10, ("Trying stat with capability for %s\n",
1940 smb_fname->base_name));
1941 ret = stat_with_capability(handle, smb_fname, 0);
1946 static int vfs_gpfs_lstat(struct vfs_handle_struct *handle,
1947 struct smb_filename *smb_fname)
1950 struct gpfs_config_data *config;
1952 SMB_VFS_HANDLE_GET_DATA(handle, config,
1953 struct gpfs_config_data,
1956 ret = SMB_VFS_NEXT_LSTAT(handle, smb_fname);
1957 if (ret == -1 && errno == EACCES) {
1958 DEBUG(10, ("Trying lstat with capability for %s\n",
1959 smb_fname->base_name));
1960 ret = stat_with_capability(handle, smb_fname,
1961 AT_SYMLINK_NOFOLLOW);
1966 static void timespec_to_gpfs_time(struct timespec ts, gpfs_timestruc_t *gt,
1967 int idx, int *flags)
1969 if (!is_omit_timespec(&ts)) {
1971 gt[idx].tv_sec = ts.tv_sec;
1972 gt[idx].tv_nsec = ts.tv_nsec;
1973 DEBUG(10, ("Setting GPFS time %d, flags 0x%x\n", idx, *flags));
1977 static int smbd_gpfs_set_times_path(char *path, struct smb_file_time *ft)
1979 gpfs_timestruc_t gpfs_times[4];
1983 ZERO_ARRAY(gpfs_times);
1984 timespec_to_gpfs_time(ft->atime, gpfs_times, 0, &flags);
1985 timespec_to_gpfs_time(ft->mtime, gpfs_times, 1, &flags);
1986 /* No good mapping from LastChangeTime to ctime, not storing */
1987 timespec_to_gpfs_time(ft->create_time, gpfs_times, 3, &flags);
1990 DEBUG(10, ("nothing to do, return to avoid EINVAL\n"));
1994 rc = gpfswrap_set_times_path(path, flags, gpfs_times);
1996 if (rc != 0 && errno != ENOSYS) {
1997 DEBUG(1,("gpfs_set_times() returned with error %s\n",
2004 static int vfs_gpfs_ntimes(struct vfs_handle_struct *handle,
2005 const struct smb_filename *smb_fname,
2006 struct smb_file_time *ft)
2009 struct gpfs_winattr attrs;
2011 struct gpfs_config_data *config;
2013 SMB_VFS_HANDLE_GET_DATA(handle, config,
2014 struct gpfs_config_data,
2017 /* Try to use gpfs_set_times if it is enabled and available */
2018 if (config->settimes) {
2019 ret = smbd_gpfs_set_times_path(smb_fname->base_name, ft);
2021 if (ret == 0 || (ret == -1 && errno != ENOSYS)) {
2026 DEBUG(10,("gpfs_set_times() not available or disabled, "
2027 "use ntimes and winattr\n"));
2029 ret = SMB_VFS_NEXT_NTIMES(handle, smb_fname, ft);
2031 /* don't complain if access was denied */
2032 if (errno != EPERM && errno != EACCES) {
2033 DEBUG(1,("vfs_gpfs_ntimes: SMB_VFS_NEXT_NTIMES failed:"
2034 "%s", strerror(errno)));
2039 if (is_omit_timespec(&ft->create_time)){
2040 DEBUG(10,("vfs_gpfs_ntimes:Create Time is NULL\n"));
2044 if (!config->winattr) {
2049 attrs.creationTime.tv_sec = ft->create_time.tv_sec;
2050 attrs.creationTime.tv_nsec = ft->create_time.tv_nsec;
2052 ret = gpfswrap_set_winattrs_path(smb_fname->base_name,
2053 GPFS_WINATTR_SET_CREATION_TIME,
2055 if(ret == -1 && errno != ENOSYS){
2056 DEBUG(1,("vfs_gpfs_ntimes: set GPFS ntimes failed %d\n",ret));
2063 static int vfs_gpfs_fallocate(struct vfs_handle_struct *handle,
2064 struct files_struct *fsp, uint32_t mode,
2065 off_t offset, off_t len)
2067 if (mode == (VFS_FALLOCATE_FL_PUNCH_HOLE|VFS_FALLOCATE_FL_KEEP_SIZE) &&
2069 lp_strict_allocate(SNUM(fsp->conn))) {
2071 * This is from a ZERO_DATA request on a non-sparse
2072 * file. GPFS does not support FL_KEEP_SIZE and thus
2073 * cannot fill the whole again in the subsequent
2074 * fallocate(FL_KEEP_SIZE). Deny this FL_PUNCH_HOLE
2075 * call to not end up with a hole in a non-sparse
2082 return SMB_VFS_NEXT_FALLOCATE(handle, fsp, mode, offset, len);
2085 static int vfs_gpfs_ftruncate(vfs_handle_struct *handle, files_struct *fsp,
2089 struct gpfs_config_data *config;
2091 SMB_VFS_HANDLE_GET_DATA(handle, config,
2092 struct gpfs_config_data,
2095 if (!config->ftruncate) {
2096 return SMB_VFS_NEXT_FTRUNCATE(handle, fsp, len);
2099 result = gpfswrap_ftruncate(fsp->fh->fd, len);
2100 if ((result == -1) && (errno == ENOSYS)) {
2101 return SMB_VFS_NEXT_FTRUNCATE(handle, fsp, len);
2106 static bool vfs_gpfs_is_offline(struct vfs_handle_struct *handle,
2107 const struct smb_filename *fname,
2108 SMB_STRUCT_STAT *sbuf)
2110 struct gpfs_winattr attrs;
2111 struct gpfs_config_data *config;
2114 SMB_VFS_HANDLE_GET_DATA(handle, config,
2115 struct gpfs_config_data,
2118 if (!config->winattr) {
2122 ret = gpfswrap_get_winattrs_path(fname->base_name, &attrs);
2127 if ((attrs.winAttrs & GPFS_WINATTR_OFFLINE) != 0) {
2128 DBG_DEBUG("%s is offline\n", fname->base_name);
2132 DBG_DEBUG("%s is online\n", fname->base_name);
2136 static bool vfs_gpfs_fsp_is_offline(struct vfs_handle_struct *handle,
2137 struct files_struct *fsp)
2139 struct gpfs_fsp_extension *ext;
2141 ext = VFS_FETCH_FSP_EXTENSION(handle, fsp);
2144 * Something bad happened, always ask.
2146 return vfs_gpfs_is_offline(handle, fsp->fsp_name,
2147 &fsp->fsp_name->st);
2152 * As long as it's offline, ask.
2154 ext->offline = vfs_gpfs_is_offline(handle, fsp->fsp_name,
2155 &fsp->fsp_name->st);
2158 return ext->offline;
2161 static bool vfs_gpfs_aio_force(struct vfs_handle_struct *handle,
2162 struct files_struct *fsp)
2164 return vfs_gpfs_fsp_is_offline(handle, fsp);
2167 static ssize_t vfs_gpfs_sendfile(vfs_handle_struct *handle, int tofd,
2168 files_struct *fsp, const DATA_BLOB *hdr,
2169 off_t offset, size_t n)
2171 if (vfs_gpfs_fsp_is_offline(handle, fsp)) {
2175 return SMB_VFS_NEXT_SENDFILE(handle, tofd, fsp, hdr, offset, n);
2178 static int vfs_gpfs_connect(struct vfs_handle_struct *handle,
2179 const char *service, const char *user)
2181 struct gpfs_config_data *config;
2185 gpfswrap_lib_init(0);
2187 config = talloc_zero(handle->conn, struct gpfs_config_data);
2189 DEBUG(0, ("talloc_zero() failed\n"));
2194 ret = SMB_VFS_NEXT_CONNECT(handle, service, user);
2196 TALLOC_FREE(config);
2200 check_fstype = lp_parm_bool(SNUM(handle->conn), "gpfs",
2201 "check_fstype", true);
2203 if (check_fstype && !IS_IPC(handle->conn)) {
2204 const char *connectpath = handle->conn->connectpath;
2205 struct statfs buf = { 0 };
2207 ret = statfs(connectpath, &buf);
2209 DBG_ERR("statfs failed for share %s at path %s: %s\n",
2210 service, connectpath, strerror(errno));
2211 TALLOC_FREE(config);
2215 if (buf.f_type != GPFS_SUPER_MAGIC) {
2216 DBG_ERR("SMB share %s, path %s not in GPFS file system."
2217 " statfs magic: 0x%jx\n",
2220 (uintmax_t)buf.f_type);
2222 TALLOC_FREE(config);
2227 ret = smbacl4_get_vfs_params(handle->conn, &config->nfs4_params);
2229 TALLOC_FREE(config);
2233 config->sharemodes = lp_parm_bool(SNUM(handle->conn), "gpfs",
2234 "sharemodes", true);
2236 config->leases = lp_parm_bool(SNUM(handle->conn), "gpfs",
2239 config->hsm = lp_parm_bool(SNUM(handle->conn), "gpfs",
2242 config->syncio = lp_parm_bool(SNUM(handle->conn), "gpfs",
2245 config->winattr = lp_parm_bool(SNUM(handle->conn), "gpfs",
2248 config->ftruncate = lp_parm_bool(SNUM(handle->conn), "gpfs",
2251 config->getrealfilename = lp_parm_bool(SNUM(handle->conn), "gpfs",
2252 "getrealfilename", true);
2254 config->dfreequota = lp_parm_bool(SNUM(handle->conn), "gpfs",
2255 "dfreequota", false);
2257 config->acl = lp_parm_bool(SNUM(handle->conn), "gpfs", "acl", true);
2259 config->settimes = lp_parm_bool(SNUM(handle->conn), "gpfs",
2261 config->recalls = lp_parm_bool(SNUM(handle->conn), "gpfs",
2264 SMB_VFS_HANDLE_SET_DATA(handle, config,
2265 NULL, struct gpfs_config_data,
2268 if (config->leases) {
2270 * GPFS lease code is based on kernel oplock code
2271 * so make sure it is turned on
2273 if (!lp_kernel_oplocks(SNUM(handle->conn))) {
2274 DEBUG(5, ("Enabling kernel oplocks for "
2275 "gpfs:leases to work\n"));
2276 lp_do_parameter(SNUM(handle->conn), "kernel oplocks",
2281 * as the kernel does not properly support Level II oplocks
2282 * and GPFS leases code is based on kernel infrastructure, we
2283 * need to turn off Level II oplocks if gpfs:leases is enabled
2285 if (lp_level2_oplocks(SNUM(handle->conn))) {
2286 DEBUG(5, ("gpfs:leases are enabled, disabling "
2287 "Level II oplocks\n"));
2288 lp_do_parameter(SNUM(handle->conn), "level2 oplocks",
2294 * Unless we have an async implementation of get_dos_attributes turn
2297 lp_do_parameter(SNUM(handle->conn), "smbd async dosmode", "false");
2302 static int get_gpfs_quota(const char *pathname, int type, int id,
2303 struct gpfs_quotaInfo *qi)
2307 ret = gpfswrap_quotactl(discard_const_p(char, pathname),
2308 GPFS_QCMD(Q_GETQUOTA, type), id, qi);
2311 if (errno == GPFS_E_NO_QUOTA_INST) {
2312 DEBUG(10, ("Quotas disabled on GPFS filesystem.\n"));
2313 } else if (errno != ENOSYS) {
2314 DEBUG(0, ("Get quota failed, type %d, id, %d, "
2315 "errno %d.\n", type, id, errno));
2321 DEBUG(10, ("quota type %d, id %d, blk u:%lld h:%lld s:%lld gt:%u\n",
2322 type, id, qi->blockUsage, qi->blockHardLimit,
2323 qi->blockSoftLimit, qi->blockGraceTime));
2328 static void vfs_gpfs_disk_free_quota(struct gpfs_quotaInfo qi, time_t cur_time,
2329 uint64_t *dfree, uint64_t *dsize)
2331 uint64_t usage, limit;
2334 * The quota reporting is done in units of 1024 byte blocks, but
2335 * sys_fsusage uses units of 512 byte blocks, adjust the block number
2336 * accordingly. Also filter possibly negative usage counts from gpfs.
2338 usage = qi.blockUsage < 0 ? 0 : (uint64_t)qi.blockUsage * 2;
2339 limit = (uint64_t)qi.blockHardLimit * 2;
2342 * When the grace time for the exceeded soft block quota has been
2343 * exceeded, the soft block quota becomes an additional hard limit.
2345 if (qi.blockSoftLimit &&
2346 qi.blockGraceTime && cur_time > qi.blockGraceTime) {
2347 /* report disk as full */
2349 *dsize = MIN(*dsize, usage);
2352 if (!qi.blockHardLimit)
2355 if (usage >= limit) {
2356 /* report disk as full */
2358 *dsize = MIN(*dsize, usage);
2361 /* limit has not been reached, determine "free space" */
2362 *dfree = MIN(*dfree, limit - usage);
2363 *dsize = MIN(*dsize, limit);
2367 static uint64_t vfs_gpfs_disk_free(vfs_handle_struct *handle,
2368 const struct smb_filename *smb_fname,
2373 struct security_unix_token *utok;
2374 struct gpfs_quotaInfo qi_user = { 0 }, qi_group = { 0 };
2375 struct gpfs_config_data *config;
2379 SMB_VFS_HANDLE_GET_DATA(handle, config, struct gpfs_config_data,
2380 return (uint64_t)-1);
2381 if (!config->dfreequota) {
2382 return SMB_VFS_NEXT_DISK_FREE(handle, smb_fname,
2383 bsize, dfree, dsize);
2386 err = sys_fsusage(smb_fname->base_name, dfree, dsize);
2388 DEBUG (0, ("Could not get fs usage, errno %d\n", errno));
2389 return SMB_VFS_NEXT_DISK_FREE(handle, smb_fname,
2390 bsize, dfree, dsize);
2393 /* sys_fsusage returns units of 512 bytes */
2396 DEBUG(10, ("fs dfree %llu, dsize %llu\n",
2397 (unsigned long long)*dfree, (unsigned long long)*dsize));
2399 utok = handle->conn->session_info->unix_token;
2401 err = get_gpfs_quota(smb_fname->base_name,
2402 GPFS_USRQUOTA, utok->uid, &qi_user);
2404 return SMB_VFS_NEXT_DISK_FREE(handle, smb_fname,
2405 bsize, dfree, dsize);
2409 * If new files created under this folder get this folder's
2410 * GID, then available space is governed by the quota of the
2411 * folder's GID, not the primary group of the creating user.
2413 if (VALID_STAT(smb_fname->st) &&
2414 S_ISDIR(smb_fname->st.st_ex_mode) &&
2415 smb_fname->st.st_ex_mode & S_ISGID) {
2417 err = get_gpfs_quota(smb_fname->base_name, GPFS_GRPQUOTA,
2418 smb_fname->st.st_ex_gid, &qi_group);
2422 err = get_gpfs_quota(smb_fname->base_name, GPFS_GRPQUOTA,
2423 utok->gid, &qi_group);
2427 return SMB_VFS_NEXT_DISK_FREE(handle, smb_fname,
2428 bsize, dfree, dsize);
2431 cur_time = time(NULL);
2433 /* Adjust free space and size according to quota limits. */
2434 vfs_gpfs_disk_free_quota(qi_user, cur_time, dfree, dsize);
2435 vfs_gpfs_disk_free_quota(qi_group, cur_time, dfree, dsize);
2440 static int vfs_gpfs_get_quota(vfs_handle_struct *handle,
2441 const struct smb_filename *smb_fname,
2442 enum SMB_QUOTA_TYPE qtype,
2448 * User/group quota are being used for disk-free
2449 * determination, which in this module is done directly
2450 * by the disk-free function. It's important that this
2451 * module does not return wrong quota values by mistake,
2452 * which would modify the correct values set by disk-free.
2453 * User/group quota are also being used for processing
2454 * NT_TRANSACT_GET_USER_QUOTA in smb1 protocol, which is
2455 * currently not supported by this module.
2457 case SMB_USER_QUOTA_TYPE:
2458 case SMB_GROUP_QUOTA_TYPE:
2462 return SMB_VFS_NEXT_GET_QUOTA(handle, smb_fname,
2467 static uint32_t vfs_gpfs_capabilities(struct vfs_handle_struct *handle,
2468 enum timestamp_set_resolution *p_ts_res)
2470 struct gpfs_config_data *config;
2473 next = SMB_VFS_NEXT_FS_CAPABILITIES(handle, p_ts_res);
2475 SMB_VFS_HANDLE_GET_DATA(handle, config,
2476 struct gpfs_config_data,
2480 next |= FILE_SUPPORTS_REMOTE_STORAGE;
2485 static int vfs_gpfs_open(struct vfs_handle_struct *handle,
2486 struct smb_filename *smb_fname, files_struct *fsp,
2487 int flags, mode_t mode)
2489 struct gpfs_config_data *config;
2491 struct gpfs_fsp_extension *ext;
2493 SMB_VFS_HANDLE_GET_DATA(handle, config,
2494 struct gpfs_config_data,
2497 if (config->hsm && !config->recalls &&
2498 vfs_gpfs_fsp_is_offline(handle, fsp)) {
2499 DEBUG(10, ("Refusing access to offline file %s\n",
2505 if (config->syncio) {
2509 ext = VFS_ADD_FSP_EXTENSION(handle, fsp, struct gpfs_fsp_extension,
2517 * Assume the file is offline until gpfs tells us it's online.
2519 *ext = (struct gpfs_fsp_extension) { .offline = true };
2521 ret = SMB_VFS_NEXT_OPEN(handle, smb_fname, fsp, flags, mode);
2523 VFS_REMOVE_FSP_EXTENSION(handle, fsp);
2528 static ssize_t vfs_gpfs_pread(vfs_handle_struct *handle, files_struct *fsp,
2529 void *data, size_t n, off_t offset)
2534 was_offline = vfs_gpfs_fsp_is_offline(handle, fsp);
2536 ret = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset);
2538 if ((ret != -1) && was_offline) {
2539 notify_fname(handle->conn, NOTIFY_ACTION_MODIFIED,
2540 FILE_NOTIFY_CHANGE_ATTRIBUTES,
2541 fsp->fsp_name->base_name);
2547 struct vfs_gpfs_pread_state {
2548 struct files_struct *fsp;
2551 struct vfs_aio_state vfs_aio_state;
2554 static void vfs_gpfs_pread_done(struct tevent_req *subreq);
2556 static struct tevent_req *vfs_gpfs_pread_send(struct vfs_handle_struct *handle,
2557 TALLOC_CTX *mem_ctx,
2558 struct tevent_context *ev,
2559 struct files_struct *fsp,
2560 void *data, size_t n,
2563 struct tevent_req *req, *subreq;
2564 struct vfs_gpfs_pread_state *state;
2566 req = tevent_req_create(mem_ctx, &state, struct vfs_gpfs_pread_state);
2570 state->was_offline = vfs_gpfs_fsp_is_offline(handle, fsp);
2572 subreq = SMB_VFS_NEXT_PREAD_SEND(state, ev, handle, fsp, data,
2574 if (tevent_req_nomem(subreq, req)) {
2575 return tevent_req_post(req, ev);
2577 tevent_req_set_callback(subreq, vfs_gpfs_pread_done, req);
2581 static void vfs_gpfs_pread_done(struct tevent_req *subreq)
2583 struct tevent_req *req = tevent_req_callback_data(
2584 subreq, struct tevent_req);
2585 struct vfs_gpfs_pread_state *state = tevent_req_data(
2586 req, struct vfs_gpfs_pread_state);
2588 state->ret = SMB_VFS_PREAD_RECV(subreq, &state->vfs_aio_state);
2589 TALLOC_FREE(subreq);
2590 tevent_req_done(req);
2593 static ssize_t vfs_gpfs_pread_recv(struct tevent_req *req,
2594 struct vfs_aio_state *vfs_aio_state)
2596 struct vfs_gpfs_pread_state *state = tevent_req_data(
2597 req, struct vfs_gpfs_pread_state);
2598 struct files_struct *fsp = state->fsp;
2600 if (tevent_req_is_unix_error(req, &vfs_aio_state->error)) {
2603 *vfs_aio_state = state->vfs_aio_state;
2605 if ((state->ret != -1) && state->was_offline) {
2606 DEBUG(10, ("sending notify\n"));
2607 notify_fname(fsp->conn, NOTIFY_ACTION_MODIFIED,
2608 FILE_NOTIFY_CHANGE_ATTRIBUTES,
2609 fsp->fsp_name->base_name);
2615 static ssize_t vfs_gpfs_pwrite(vfs_handle_struct *handle, files_struct *fsp,
2616 const void *data, size_t n, off_t offset)
2621 was_offline = vfs_gpfs_fsp_is_offline(handle, fsp);
2623 ret = SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset);
2625 if ((ret != -1) && was_offline) {
2626 notify_fname(handle->conn, NOTIFY_ACTION_MODIFIED,
2627 FILE_NOTIFY_CHANGE_ATTRIBUTES,
2628 fsp->fsp_name->base_name);
2634 struct vfs_gpfs_pwrite_state {
2635 struct files_struct *fsp;
2638 struct vfs_aio_state vfs_aio_state;
2641 static void vfs_gpfs_pwrite_done(struct tevent_req *subreq);
2643 static struct tevent_req *vfs_gpfs_pwrite_send(
2644 struct vfs_handle_struct *handle,
2645 TALLOC_CTX *mem_ctx,
2646 struct tevent_context *ev,
2647 struct files_struct *fsp,
2648 const void *data, size_t n,
2651 struct tevent_req *req, *subreq;
2652 struct vfs_gpfs_pwrite_state *state;
2654 req = tevent_req_create(mem_ctx, &state, struct vfs_gpfs_pwrite_state);
2658 state->was_offline = vfs_gpfs_fsp_is_offline(handle, fsp);
2660 subreq = SMB_VFS_NEXT_PWRITE_SEND(state, ev, handle, fsp, data,
2662 if (tevent_req_nomem(subreq, req)) {
2663 return tevent_req_post(req, ev);
2665 tevent_req_set_callback(subreq, vfs_gpfs_pwrite_done, req);
2669 static void vfs_gpfs_pwrite_done(struct tevent_req *subreq)
2671 struct tevent_req *req = tevent_req_callback_data(
2672 subreq, struct tevent_req);
2673 struct vfs_gpfs_pwrite_state *state = tevent_req_data(
2674 req, struct vfs_gpfs_pwrite_state);
2676 state->ret = SMB_VFS_PWRITE_RECV(subreq, &state->vfs_aio_state);
2677 TALLOC_FREE(subreq);
2678 tevent_req_done(req);
2681 static ssize_t vfs_gpfs_pwrite_recv(struct tevent_req *req,
2682 struct vfs_aio_state *vfs_aio_state)
2684 struct vfs_gpfs_pwrite_state *state = tevent_req_data(
2685 req, struct vfs_gpfs_pwrite_state);
2686 struct files_struct *fsp = state->fsp;
2688 if (tevent_req_is_unix_error(req, &vfs_aio_state->error)) {
2691 *vfs_aio_state = state->vfs_aio_state;
2693 if ((state->ret != -1) && state->was_offline) {
2694 DEBUG(10, ("sending notify\n"));
2695 notify_fname(fsp->conn, NOTIFY_ACTION_MODIFIED,
2696 FILE_NOTIFY_CHANGE_ATTRIBUTES,
2697 fsp->fsp_name->base_name);
2704 static struct vfs_fn_pointers vfs_gpfs_fns = {
2705 .connect_fn = vfs_gpfs_connect,
2706 .disk_free_fn = vfs_gpfs_disk_free,
2707 .get_quota_fn = vfs_gpfs_get_quota,
2708 .fs_capabilities_fn = vfs_gpfs_capabilities,
2709 .kernel_flock_fn = vfs_gpfs_kernel_flock,
2710 .linux_setlease_fn = vfs_gpfs_setlease,
2711 .get_real_filename_fn = vfs_gpfs_get_real_filename,
2712 .get_dos_attributes_fn = vfs_gpfs_get_dos_attributes,
2713 .get_dos_attributes_send_fn = vfs_not_implemented_get_dos_attributes_send,
2714 .get_dos_attributes_recv_fn = vfs_not_implemented_get_dos_attributes_recv,
2715 .fget_dos_attributes_fn = vfs_gpfs_fget_dos_attributes,
2716 .set_dos_attributes_fn = vfs_gpfs_set_dos_attributes,
2717 .fset_dos_attributes_fn = vfs_gpfs_fset_dos_attributes,
2718 .fget_nt_acl_fn = gpfsacl_fget_nt_acl,
2719 .get_nt_acl_fn = gpfsacl_get_nt_acl,
2720 .fset_nt_acl_fn = gpfsacl_fset_nt_acl,
2721 .sys_acl_get_file_fn = gpfsacl_sys_acl_get_file,
2722 .sys_acl_get_fd_fn = gpfsacl_sys_acl_get_fd,
2723 .sys_acl_blob_get_file_fn = gpfsacl_sys_acl_blob_get_file,
2724 .sys_acl_blob_get_fd_fn = gpfsacl_sys_acl_blob_get_fd,
2725 .sys_acl_set_file_fn = gpfsacl_sys_acl_set_file,
2726 .sys_acl_set_fd_fn = gpfsacl_sys_acl_set_fd,
2727 .sys_acl_delete_def_file_fn = gpfsacl_sys_acl_delete_def_file,
2728 .chmod_fn = vfs_gpfs_chmod,
2729 .fchmod_fn = vfs_gpfs_fchmod,
2730 .close_fn = vfs_gpfs_close,
2731 .stat_fn = vfs_gpfs_stat,
2732 .lstat_fn = vfs_gpfs_lstat,
2733 .ntimes_fn = vfs_gpfs_ntimes,
2734 .aio_force_fn = vfs_gpfs_aio_force,
2735 .sendfile_fn = vfs_gpfs_sendfile,
2736 .fallocate_fn = vfs_gpfs_fallocate,
2737 .open_fn = vfs_gpfs_open,
2738 .pread_fn = vfs_gpfs_pread,
2739 .pread_send_fn = vfs_gpfs_pread_send,
2740 .pread_recv_fn = vfs_gpfs_pread_recv,
2741 .pwrite_fn = vfs_gpfs_pwrite,
2742 .pwrite_send_fn = vfs_gpfs_pwrite_send,
2743 .pwrite_recv_fn = vfs_gpfs_pwrite_recv,
2744 .ftruncate_fn = vfs_gpfs_ftruncate
2748 NTSTATUS vfs_gpfs_init(TALLOC_CTX *ctx)
2752 ret = gpfswrap_init();
2754 DEBUG(1, ("Could not initialize GPFS library wrapper\n"));
2757 return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "gpfs",
git.samba.org / samba.git / blob