NTSTATUS smb_fget_nt_acl_nfs4(files_struct *fsp, uint32 security_info, TALLOC_CTX *mem_ctx, struct security_descriptor **ppdesc, SMB4ACL_T *theacl) { SMB_STRUCT_STAT sbuf; smbacl4_vfs_params params; DEBUG(10, ("smb_fget_nt_acl_nfs4 invoked for %s\n", fsp_str_dbg(fsp))); if (smbacl4_fGetFileOwner(fsp, &sbuf)) { return map_nt_error_from_unix(errno); } /* Special behaviours */ if (smbacl4_get_vfs_params(SMBACL4_PARAM_TYPE_NAME, fsp->conn, ¶ms)) { return NT_STATUS_NO_MEMORY; } return smb_get_nt_acl_nfs4_common(&sbuf, ¶ms, security_info, mem_ctx, ppdesc, theacl); }
NTSTATUS smb_get_nt_acl_nfs4(struct connection_struct *conn, const char *name, uint32_t security_info, TALLOC_CTX *mem_ctx, struct security_descriptor **ppdesc, struct SMB4ACL_T *theacl) { SMB_STRUCT_STAT sbuf; smbacl4_vfs_params params; DEBUG(10, ("smb_get_nt_acl_nfs4 invoked for %s\n", name)); if (smbacl4_GetFileOwner(conn, name, &sbuf)) { return map_nt_error_from_unix(errno); } /* Special behaviours */ if (smbacl4_get_vfs_params(conn, ¶ms)) { return NT_STATUS_NO_MEMORY; } return smb_get_nt_acl_nfs4_common(&sbuf, ¶ms, security_info, mem_ctx, ppdesc, theacl); }
NTSTATUS smb_set_nt_acl_nfs4(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, const struct security_descriptor *psd, set_nfs4acl_native_fn_t set_nfs4_native) { smbacl4_vfs_params params; SMB4ACL_T *theacl = NULL; bool result; SMB_STRUCT_STAT sbuf; bool set_acl_as_root = false; uid_t newUID = (uid_t)-1; gid_t newGID = (gid_t)-1; int saved_errno; TALLOC_CTX *frame = talloc_stackframe(); DEBUG(10, ("smb_set_nt_acl_nfs4 invoked for %s\n", fsp_str_dbg(fsp))); if ((security_info_sent & (SECINFO_DACL | SECINFO_GROUP | SECINFO_OWNER)) == 0) { DEBUG(9, ("security_info_sent (0x%x) ignored\n", security_info_sent)); TALLOC_FREE(frame); return NT_STATUS_OK; /* won't show error - later to be * refined... */ } /* Special behaviours */ if (smbacl4_get_vfs_params(SMBACL4_PARAM_TYPE_NAME, fsp->conn, ¶ms)) { TALLOC_FREE(frame); return NT_STATUS_NO_MEMORY; } if (smbacl4_fGetFileOwner(fsp, &sbuf)) { TALLOC_FREE(frame); return map_nt_error_from_unix(errno); } if (params.do_chown) { /* chown logic is a copy/paste from posix_acl.c:set_nt_acl */ NTSTATUS status = unpack_nt_owners(fsp->conn, &newUID, &newGID, security_info_sent, psd); if (!NT_STATUS_IS_OK(status)) { DEBUG(8, ("unpack_nt_owners failed")); TALLOC_FREE(frame); return status; } if (((newUID != (uid_t)-1) && (sbuf.st_ex_uid != newUID)) || ((newGID != (gid_t)-1) && (sbuf.st_ex_gid != newGID))) { status = try_chown(fsp, newUID, newGID); if (!NT_STATUS_IS_OK(status)) { DEBUG(3,("chown %s, %u, %u failed. Error = " "%s.\n", fsp_str_dbg(fsp), (unsigned int)newUID, (unsigned int)newGID, nt_errstr(status))); TALLOC_FREE(frame); return status; } DEBUG(10,("chown %s, %u, %u succeeded.\n", fsp_str_dbg(fsp), (unsigned int)newUID, (unsigned int)newGID)); if (smbacl4_GetFileOwner(fsp->conn, fsp->fsp_name->base_name, &sbuf)) { TALLOC_FREE(frame); return map_nt_error_from_unix(errno); } /* If we successfully chowned, we know we must * be able to set the acl, so do it as root. */ set_acl_as_root = true; } } if (!(security_info_sent & SECINFO_DACL) || psd->dacl ==NULL) { DEBUG(10, ("no dacl found; security_info_sent = 0x%x\n", security_info_sent)); TALLOC_FREE(frame); return NT_STATUS_OK; } theacl = smbacl4_win2nfs4(frame, fsp, psd->dacl, ¶ms, sbuf.st_ex_uid, sbuf.st_ex_gid); if (!theacl) { TALLOC_FREE(frame); return map_nt_error_from_unix(errno); } smbacl4_dump_nfs4acl(10, theacl); if (set_acl_as_root) { become_root(); } result = set_nfs4_native(handle, fsp, theacl); saved_errno = errno; if (set_acl_as_root) { unbecome_root(); } TALLOC_FREE(frame); if (result!=true) { errno = saved_errno; DEBUG(10, ("set_nfs4_native failed with %s\n", strerror(errno))); return map_nt_error_from_unix(errno); } DEBUG(10, ("smb_set_nt_acl_nfs4 succeeded\n")); return NT_STATUS_OK; }
static int nfs4acl_connect(struct vfs_handle_struct *handle, const char *service, const char *user) { struct nfs4acl_config *config = NULL; const struct enum_list *default_acl_style_list = NULL; const char *default_xattr_name = NULL; int enumval; unsigned nfs_version; int ret; default_acl_style_list = get_default_acl_style_list(); config = talloc_zero(handle->conn, struct nfs4acl_config); if (config == NULL) { DBG_ERR("talloc_zero() failed\n"); return -1; } ret = SMB_VFS_NEXT_CONNECT(handle, service, user); if (ret < 0) { TALLOC_FREE(config); return ret; } ret = smbacl4_get_vfs_params(handle->conn, &config->nfs4_params); if (ret < 0) { TALLOC_FREE(config); return ret; } enumval = lp_parm_enum(SNUM(handle->conn), "nfs4acl_xattr", "encoding", nfs4acl_encoding, NFS4ACL_ENCODING_NDR); if (enumval == -1) { DBG_ERR("Invalid \"nfs4acl_xattr:encoding\" parameter\n"); return -1; } config->encoding = (enum nfs4acl_encoding)enumval; switch (config->encoding) { case NFS4ACL_ENCODING_XDR: default_xattr_name = NFS4ACL_XDR_XATTR_NAME; break; case NFS4ACL_ENCODING_NDR: default: default_xattr_name = NFS4ACL_NDR_XATTR_NAME; break; } nfs_version = (unsigned)lp_parm_int(SNUM(handle->conn), "nfs4acl_xattr", "version", 41); switch (nfs_version) { case 40: config->nfs_version = ACL4_XATTR_VERSION_40; break; case 41: config->nfs_version = ACL4_XATTR_VERSION_41; break; default: config->nfs_version = ACL4_XATTR_VERSION_DEFAULT; break; } config->default_acl_style = lp_parm_enum(SNUM(handle->conn), "nfs4acl_xattr", "default acl style", default_acl_style_list, DEFAULT_ACL_EVERYONE); config->xattr_name = lp_parm_talloc_string(config, SNUM(handle->conn), "nfs4acl_xattr", "xattr_name", default_xattr_name); SMB_VFS_HANDLE_SET_DATA(handle, config, NULL, struct nfs4acl_config, return -1); /* * Ensure we have the parameters correct if we're using this module. */ DBG_NOTICE("Setting 'inherit acls = true', " "'dos filemode = true', " "'force unknown acl user = true', " "'create mask = 0666', " "'directory mask = 0777' and " "'store dos attributes = yes' " "for service [%s]\n", service); lp_do_parameter(SNUM(handle->conn), "inherit acls", "true"); lp_do_parameter(SNUM(handle->conn), "dos filemode", "true"); lp_do_parameter(SNUM(handle->conn), "force unknown acl user", "true"); lp_do_parameter(SNUM(handle->conn), "create mask", "0666"); lp_do_parameter(SNUM(handle->conn), "directory mask", "0777"); lp_do_parameter(SNUM(handle->conn), "store dos attributes", "yes"); return 0; }