2 * Convert ZFS/NFSv4 acls to NT acls and vice versa.
4 * Copyright (C) Jiri Sasek, 2007
5 * based on the foobar.c module which is copyrighted by Volker Lendecke
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 #include "nfs4_acls.h"
27 #define DBGC_CLASS DBGC_VFS
29 #define ZFSACL_MODULE_NAME "zfsacl"
32 * read the local file's acls and return it in NT form
33 * using the NFSv4 format conversion
35 static size_t zfs_get_nt_acl(struct files_struct *fsp, uint32 security_info,
36 struct security_descriptor **ppdesc)
43 /* read the number of file aces */
44 if((naces = acl(fsp->fsp_name, ACE_GETACLCNT, 0, NULL)) == -1) {
46 DEBUG(9, ("acl(ACE_GETACLCNT, %s): Operation is not supported on the filesystem where the file reside"));
48 DEBUG(9, ("acl(ACE_GETACLCNT, %s): %s ", fsp->fsp_name,
53 /* allocate the field of ZFS aces */
54 mem_ctx = main_loop_talloc_get();
55 acebuf = (ace_t *) talloc_size(mem_ctx, sizeof(ace_t)*naces);
60 /* read the aces into the field */
61 if(acl(fsp->fsp_name, ACE_GETACL, naces, acebuf) < 0) {
62 DEBUG(9, ("acl(ACE_GETACL, %s): %s ", fsp->fsp_name,
66 /* create SMB4ACL data */
67 if((pacl = smb_create_smb4acl()) == NULL) return 0;
68 for(i=0; i<naces; i++) {
69 SMB_ACE4PROP_T aceprop;
71 aceprop.aceType = (uint32) acebuf[i].a_type;
72 aceprop.aceFlags = (uint32) acebuf[i].a_flags;
73 aceprop.aceMask = (uint32) acebuf[i].a_access_mask;
74 aceprop.who.id = (uint32) acebuf[i].a_who;
76 if(smb_add_ace4(pacl, &aceprop) == NULL) return 0;
79 return smb_get_nt_acl_nfs4(fsp, security_info, ppdesc, pacl);
82 /* call-back function processing the NT acl -> ZFS acl using NFSv4 conv. */
83 static BOOL zfs_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl)
85 int naces = smb_get_naces(smbacl), i;
90 /* allocate the field of ZFS aces */
91 mem_ctx = main_loop_talloc_get();
92 acebuf = (ace_t *) talloc_size(mem_ctx, sizeof(ace_t)*naces);
98 for(smbace = smb_first_ace4(smbacl), i = 0;
100 smbace = smb_next_ace4(smbace), i++) {
101 SMB_ACE4PROP_T *aceprop = smb_get_ace4(smbace);
103 acebuf[i].a_type = aceprop->aceType;
104 acebuf[i].a_flags = aceprop->aceFlags;
105 acebuf[i].a_access_mask = aceprop->aceMask;
106 acebuf[i].a_who = aceprop->who.id;
108 SMB_ASSERT(i == naces);
111 if(acl(fsp->fsp_name, ACE_SETACL, naces, acebuf)) {
112 if(errno == ENOSYS) {
113 DEBUG(9, ("acl(ACE_SETACL, %s): Operation is not supported on the filesystem where the file reside"));
115 DEBUG(9, ("acl(ACE_SETACL, %s): %s ", fsp->fsp_name,
125 * set the local file's acls obtaining it in NT form
126 * using the NFSv4 format conversion
128 static NTSTATUS zfs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
129 uint32 security_info_sent,
130 struct security_descriptor *psd)
132 return smb_set_nt_acl_nfs4(fsp, security_info_sent, psd,
136 static size_t zfsacl_fget_nt_acl(struct vfs_handle_struct *handle,
137 struct files_struct *fsp,
138 int fd, uint32 security_info,
139 struct security_descriptor **ppdesc)
141 return zfs_get_nt_acl(fsp, security_info, ppdesc);
144 static size_t zfsacl_get_nt_acl(struct vfs_handle_struct *handle,
145 struct files_struct *fsp,
146 const char *name, uint32 security_info,
147 struct security_descriptor **ppdesc)
149 return zfs_get_nt_acl(fsp, security_info, ppdesc);
152 static NTSTATUS zfsacl_fset_nt_acl(vfs_handle_struct *handle,
154 int fd, uint32 security_info_sent,
157 return zfs_set_nt_acl(handle, fsp, security_info_sent, psd);
160 static NTSTATUS zfsacl_set_nt_acl(vfs_handle_struct *handle,
162 const char *name, uint32 security_info_sent,
165 return zfs_set_nt_acl(handle, fsp, security_info_sent, psd);
168 /* VFS operations structure */
170 static vfs_op_tuple zfsacl_ops[] = {
171 {SMB_VFS_OP(zfsacl_fget_nt_acl), SMB_VFS_OP_FGET_NT_ACL,
172 SMB_VFS_LAYER_OPAQUE},
173 {SMB_VFS_OP(zfsacl_get_nt_acl), SMB_VFS_OP_GET_NT_ACL,
174 SMB_VFS_LAYER_OPAQUE},
175 {SMB_VFS_OP(zfsacl_fset_nt_acl), SMB_VFS_OP_FSET_NT_ACL,
176 SMB_VFS_LAYER_OPAQUE},
177 {SMB_VFS_OP(zfsacl_set_nt_acl), SMB_VFS_OP_SET_NT_ACL,
178 SMB_VFS_LAYER_OPAQUE},
179 {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP}
182 NTSTATUS vfs_zfsacl_init(void);
183 NTSTATUS vfs_zfsacl_init(void)
185 return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "zfsacl",