ace_t *acebuf;
SMB4ACE_T *smbace;
TALLOC_CTX *mem_ctx;
+ bool have_special_id = false;
/* allocate the field of ZFS aces */
mem_ctx = talloc_tos();
aceprop->who.special_id));
continue; /* don't add it !!! */
}
+ have_special_id = true;
}
}
+
+ if (!have_special_id
+ && lp_parm_bool(fsp->conn->params->service, "zfsacl",
+ "denymissingspecial", false)) {
+ errno = EACCES;
+ return false;
+ }
+
SMB_ASSERT(i == naces);
/* store acl */
- if(acl(fsp->fsp_name, ACE_SETACL, naces, acebuf)) {
+ if(acl(fsp->fsp_name->base_name, ACE_SETACL, naces, acebuf)) {
if(errno == ENOSYS) {
DEBUG(9, ("acl(ACE_SETACL, %s): Operation is not "
"supported on the filesystem where the file "
- "reside", fsp->fsp_name));
+ "reside", fsp_str_dbg(fsp)));
} else {
- DEBUG(9, ("acl(ACE_SETACL, %s): %s ", fsp->fsp_name,
- strerror(errno)));
+ DEBUG(9, ("acl(ACE_SETACL, %s): %s ", fsp_str_dbg(fsp),
+ strerror(errno)));
}
return 0;
}
*/
static NTSTATUS zfs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
uint32 security_info_sent,
- struct security_descriptor *psd)
+ const struct security_descriptor *psd)
{
return smb_set_nt_acl_nfs4(fsp, security_info_sent, psd,
zfs_process_smbacl);
static NTSTATUS zfsacl_fget_nt_acl(struct vfs_handle_struct *handle,
struct files_struct *fsp,
- int fd, uint32 security_info,
+ uint32 security_info,
struct security_descriptor **ppdesc)
{
SMB4ACL_T *pacl;
NTSTATUS status;
- status = zfs_get_nt_acl_common(fsp->fsp_name, security_info, &pacl);
+ status = zfs_get_nt_acl_common(fsp->fsp_name->base_name, security_info,
+ &pacl);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
static NTSTATUS zfsacl_fset_nt_acl(vfs_handle_struct *handle,
files_struct *fsp,
- int fd, uint32 security_info_sent,
- SEC_DESC *psd)
+ uint32 security_info_sent,
+ const SEC_DESC *psd)
{
return zfs_set_nt_acl(handle, fsp, security_info_sent, psd);
}
-static NTSTATUS zfsacl_set_nt_acl(vfs_handle_struct *handle,
- files_struct *fsp,
- const char *name, uint32 security_info_sent,
- SEC_DESC *psd)
+/* nils.goroll@hamburg.de 2008-06-16 :
+
+ See also
+ - https://bugzilla.samba.org/show_bug.cgi?id=5446
+ - http://bugs.opensolaris.org/view_bug.do?bug_id=6688240
+
+ Solaris supports NFSv4 and ZFS ACLs through a common system call, acl(2)
+ with ACE_SETACL / ACE_GETACL / ACE_GETACLCNT, which is being wrapped for
+ use by samba in this module.
+
+ As the acl(2) interface is identical for ZFS and for NFS, this module,
+ vfs_zfsacl, can not only be used for ZFS, but also for sharing NFSv4
+ mounts on Solaris.
+
+ But while "traditional" POSIX DRAFT ACLs (using acl(2) with SETACL
+ / GETACL / GETACLCNT) fail for ZFS, the Solaris NFS client
+ implemets a compatibility wrapper, which will make calls to
+ traditional ACL calls though vfs_solarisacl succeed. As the
+ compatibility wrapper's implementation is (by design) incomplete,
+ we want to make sure that it is never being called.
+
+ As long as Samba does not support an exiplicit method for a module
+ to define conflicting vfs methods, we should override all conflicting
+ methods here.
+
+ For this to work, we need to make sure that this module is initialised
+ *after* vfs_solarisacl
+
+ Function declarations taken from vfs_solarisacl
+*/
+
+SMB_ACL_T zfsacl_fail__sys_acl_get_file(vfs_handle_struct *handle,
+ const char *path_p,
+ SMB_ACL_TYPE_T type)
{
- return zfs_set_nt_acl(handle, fsp, security_info_sent, psd);
+ return (SMB_ACL_T)NULL;
+}
+SMB_ACL_T zfsacl_fail__sys_acl_get_fd(vfs_handle_struct *handle,
+ files_struct *fsp,
+ int fd)
+{
+ return (SMB_ACL_T)NULL;
}
-/* VFS operations structure */
+int zfsacl_fail__sys_acl_set_file(vfs_handle_struct *handle,
+ const char *name,
+ SMB_ACL_TYPE_T type,
+ SMB_ACL_T theacl)
+{
+ return -1;
+}
-static vfs_op_tuple zfsacl_ops[] = {
- {SMB_VFS_OP(zfsacl_fget_nt_acl), SMB_VFS_OP_FGET_NT_ACL,
- SMB_VFS_LAYER_OPAQUE},
- {SMB_VFS_OP(zfsacl_get_nt_acl), SMB_VFS_OP_GET_NT_ACL,
- SMB_VFS_LAYER_OPAQUE},
- {SMB_VFS_OP(zfsacl_fset_nt_acl), SMB_VFS_OP_FSET_NT_ACL,
- SMB_VFS_LAYER_OPAQUE},
- {SMB_VFS_OP(zfsacl_set_nt_acl), SMB_VFS_OP_SET_NT_ACL,
- SMB_VFS_LAYER_OPAQUE},
- {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP}
-};
+int zfsacl_fail__sys_acl_set_fd(vfs_handle_struct *handle,
+ files_struct *fsp,
+ int fd, SMB_ACL_T theacl)
+{
+ return -1;
+}
+
+int zfsacl_fail__sys_acl_delete_def_file(vfs_handle_struct *handle,
+ const char *path)
+{
+ return -1;
+}
-/* != 0 if this module will be compiled as static */
+/* VFS operations structure */
-#define STATIC 0
+static struct vfs_fn_pointers zfsacl_fns = {
+ .sys_acl_get_file = zfsacl_fail__sys_acl_get_file,
+ .sys_acl_get_fd = zfsacl_fail__sys_acl_get_fd,
+ .sys_acl_set_file = zfsacl_fail__sys_acl_set_file,
+ .sys_acl_set_fd = zfsacl_fail__sys_acl_set_fd,
+ .sys_acl_delete_def_file = zfsacl_fail__sys_acl_delete_def_file,
+ .fget_nt_acl = zfsacl_fget_nt_acl,
+ .get_nt_acl = zfsacl_get_nt_acl,
+ .fset_nt_acl = zfsacl_fset_nt_acl,
+};
-#if STATIC
NTSTATUS vfs_zfsacl_init(void);
-#else
-NTSTATUS init_module(void);
-#endif
-
-NTSTATUS
-#if STATIC
- vfs_zfsacl_init
-#else
- init_module
-#endif
- (void)
+NTSTATUS vfs_zfsacl_init(void)
{
return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "zfsacl",
- zfsacl_ops);
+ &zfsacl_fns);
}
git.samba.org / ira / wip.git / blobdiff