NTSTATUS smb_fget_nt_acl_nfs4(files_struct *fsp,
uint32 security_info,
TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc,
SMB4ACL_T *theacl)
{
SMB_STRUCT_STAT sbuf;
smbacl4_vfs_params params;
DEBUG(10, ("smb_fget_nt_acl_nfs4 invoked for %s\n", fsp_str_dbg(fsp)));
if (smbacl4_fGetFileOwner(fsp, &sbuf)) {
return map_nt_error_from_unix(errno);
}
/* Special behaviours */
if (smbacl4_get_vfs_params(SMBACL4_PARAM_TYPE_NAME, fsp->conn, ¶ms)) {
return NT_STATUS_NO_MEMORY;
}
return smb_get_nt_acl_nfs4_common(&sbuf, ¶ms, security_info,
mem_ctx, ppdesc, theacl);
}
NTSTATUS smb_get_nt_acl_nfs4(struct connection_struct *conn,
const char *name,
uint32_t security_info,
TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc,
struct SMB4ACL_T *theacl)
{
SMB_STRUCT_STAT sbuf;
smbacl4_vfs_params params;
DEBUG(10, ("smb_get_nt_acl_nfs4 invoked for %s\n", name));
if (smbacl4_GetFileOwner(conn, name, &sbuf)) {
return map_nt_error_from_unix(errno);
}
/* Special behaviours */
if (smbacl4_get_vfs_params(conn, ¶ms)) {
return NT_STATUS_NO_MEMORY;
}
return smb_get_nt_acl_nfs4_common(&sbuf, ¶ms, security_info,
mem_ctx, ppdesc, theacl);
}
NTSTATUS smb_set_nt_acl_nfs4(vfs_handle_struct *handle, files_struct *fsp,
uint32 security_info_sent,
const struct security_descriptor *psd,
set_nfs4acl_native_fn_t set_nfs4_native)
{
smbacl4_vfs_params params;
SMB4ACL_T *theacl = NULL;
bool result;
SMB_STRUCT_STAT sbuf;
bool set_acl_as_root = false;
uid_t newUID = (uid_t)-1;
gid_t newGID = (gid_t)-1;
int saved_errno;
TALLOC_CTX *frame = talloc_stackframe();
DEBUG(10, ("smb_set_nt_acl_nfs4 invoked for %s\n", fsp_str_dbg(fsp)));
if ((security_info_sent & (SECINFO_DACL |
SECINFO_GROUP | SECINFO_OWNER)) == 0)
{
DEBUG(9, ("security_info_sent (0x%x) ignored\n",
security_info_sent));
TALLOC_FREE(frame);
return NT_STATUS_OK; /* won't show error - later to be
* refined... */
}
/* Special behaviours */
if (smbacl4_get_vfs_params(SMBACL4_PARAM_TYPE_NAME,
fsp->conn, ¶ms)) {
TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
if (smbacl4_fGetFileOwner(fsp, &sbuf)) {
TALLOC_FREE(frame);
return map_nt_error_from_unix(errno);
}
if (params.do_chown) {
/* chown logic is a copy/paste from posix_acl.c:set_nt_acl */
NTSTATUS status = unpack_nt_owners(fsp->conn, &newUID, &newGID,
security_info_sent, psd);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(8, ("unpack_nt_owners failed"));
TALLOC_FREE(frame);
return status;
}
if (((newUID != (uid_t)-1) && (sbuf.st_ex_uid != newUID)) ||
((newGID != (gid_t)-1) && (sbuf.st_ex_gid != newGID))) {
status = try_chown(fsp, newUID, newGID);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(3,("chown %s, %u, %u failed. Error = "
"%s.\n", fsp_str_dbg(fsp),
(unsigned int)newUID,
(unsigned int)newGID,
nt_errstr(status)));
TALLOC_FREE(frame);
return status;
}
DEBUG(10,("chown %s, %u, %u succeeded.\n",
fsp_str_dbg(fsp), (unsigned int)newUID,
(unsigned int)newGID));
if (smbacl4_GetFileOwner(fsp->conn,
fsp->fsp_name->base_name,
&sbuf)) {
TALLOC_FREE(frame);
return map_nt_error_from_unix(errno);
}
/* If we successfully chowned, we know we must
* be able to set the acl, so do it as root.
*/
set_acl_as_root = true;
}
}
if (!(security_info_sent & SECINFO_DACL) || psd->dacl ==NULL) {
DEBUG(10, ("no dacl found; security_info_sent = 0x%x\n",
security_info_sent));
TALLOC_FREE(frame);
return NT_STATUS_OK;
}
theacl = smbacl4_win2nfs4(frame, fsp, psd->dacl, ¶ms,
sbuf.st_ex_uid, sbuf.st_ex_gid);
if (!theacl) {
TALLOC_FREE(frame);
return map_nt_error_from_unix(errno);
}
smbacl4_dump_nfs4acl(10, theacl);
if (set_acl_as_root) {
become_root();
}
result = set_nfs4_native(handle, fsp, theacl);
saved_errno = errno;
if (set_acl_as_root) {
unbecome_root();
}
TALLOC_FREE(frame);
if (result!=true) {
errno = saved_errno;
DEBUG(10, ("set_nfs4_native failed with %s\n",
strerror(errno)));
return map_nt_error_from_unix(errno);
}
DEBUG(10, ("smb_set_nt_acl_nfs4 succeeded\n"));
return NT_STATUS_OK;
}
static int nfs4acl_connect(struct vfs_handle_struct *handle,
const char *service,
const char *user)
{
struct nfs4acl_config *config = NULL;
const struct enum_list *default_acl_style_list = NULL;
const char *default_xattr_name = NULL;
int enumval;
unsigned nfs_version;
int ret;
default_acl_style_list = get_default_acl_style_list();
config = talloc_zero(handle->conn, struct nfs4acl_config);
if (config == NULL) {
DBG_ERR("talloc_zero() failed\n");
return -1;
}
ret = SMB_VFS_NEXT_CONNECT(handle, service, user);
if (ret < 0) {
TALLOC_FREE(config);
return ret;
}
ret = smbacl4_get_vfs_params(handle->conn, &config->nfs4_params);
if (ret < 0) {
TALLOC_FREE(config);
return ret;
}
enumval = lp_parm_enum(SNUM(handle->conn),
"nfs4acl_xattr",
"encoding",
nfs4acl_encoding,
NFS4ACL_ENCODING_NDR);
if (enumval == -1) {
DBG_ERR("Invalid \"nfs4acl_xattr:encoding\" parameter\n");
return -1;
}
config->encoding = (enum nfs4acl_encoding)enumval;
switch (config->encoding) {
case NFS4ACL_ENCODING_XDR:
default_xattr_name = NFS4ACL_XDR_XATTR_NAME;
break;
case NFS4ACL_ENCODING_NDR:
default:
default_xattr_name = NFS4ACL_NDR_XATTR_NAME;
break;
}
nfs_version = (unsigned)lp_parm_int(SNUM(handle->conn),
"nfs4acl_xattr",
"version",
41);
switch (nfs_version) {
case 40:
config->nfs_version = ACL4_XATTR_VERSION_40;
break;
case 41:
config->nfs_version = ACL4_XATTR_VERSION_41;
break;
default:
config->nfs_version = ACL4_XATTR_VERSION_DEFAULT;
break;
}
config->default_acl_style = lp_parm_enum(SNUM(handle->conn),
"nfs4acl_xattr",
"default acl style",
default_acl_style_list,
DEFAULT_ACL_EVERYONE);
config->xattr_name = lp_parm_talloc_string(config,
SNUM(handle->conn),
"nfs4acl_xattr",
"xattr_name",
default_xattr_name);
SMB_VFS_HANDLE_SET_DATA(handle, config, NULL, struct nfs4acl_config,
return -1);
/*
* Ensure we have the parameters correct if we're using this module.
*/
DBG_NOTICE("Setting 'inherit acls = true', "
"'dos filemode = true', "
"'force unknown acl user = true', "
"'create mask = 0666', "
"'directory mask = 0777' and "
"'store dos attributes = yes' "
"for service [%s]\n", service);
lp_do_parameter(SNUM(handle->conn), "inherit acls", "true");
lp_do_parameter(SNUM(handle->conn), "dos filemode", "true");
lp_do_parameter(SNUM(handle->conn), "force unknown acl user", "true");
lp_do_parameter(SNUM(handle->conn), "create mask", "0666");
lp_do_parameter(SNUM(handle->conn), "directory mask", "0777");
lp_do_parameter(SNUM(handle->conn), "store dos attributes", "yes");
return 0;
}
