From 9eaa237c5664e32152a63443da5b75c649f9c521 Mon Sep 17 00:00:00 2001 From: Alexander Werth Date: Wed, 28 Nov 2012 16:24:41 +0100 Subject: [PATCH 1/2] s3: Optimize adjustment of specialcreator ACLs within nfs4_acls.c. Bypass the UID/GID to SID and back conversions. --- source3/modules/nfs4_acls.c | 37 ++++++++++++++++++++++++++----------- source3/modules/nfs4_acls.h | 8 +++++++- 2 files changed, 33 insertions(+), 12 deletions(-) diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c index 779182e..36967ac 100644 --- a/source3/modules/nfs4_acls.c +++ b/source3/modules/nfs4_acls.c @@ -1066,14 +1066,16 @@ NTSTATUS smb_create_file_nfs4(struct vfs_handle_struct *handle, struct security_descriptor *sd, struct ea_list *ea_list, files_struct **result, - int *pinfo) + int *pinfo, + get_nfs4acl_native_fn_t get_nfs4_native, + set_nfs4acl_native_fn_t set_nfs4_native) { - NTSTATUS status, status1; + NTSTATUS status; files_struct *fsp = NULL; - uint32 security_info; int info; - struct security_descriptor *psd = NULL; smbacl4_vfs_params params; + SMB4ACL_T *pacl = NULL; + SMB_STRUCT_STAT st; status = SMB_VFS_NEXT_CREATE_FILE(handle, req, @@ -1126,20 +1128,33 @@ NTSTATUS smb_create_file_nfs4(struct vfs_handle_struct *handle, goto out; } - security_info = (SECINFO_OWNER | SECINFO_GROUP | - SECINFO_DACL | SECINFO_SACL); - - /* Rewrite ACL with special entries for the owner and group */ - status1 = SMB_VFS_FGET_NT_ACL(fsp, security_info, &psd); + if (smbacl4_fGetFileOwner(fsp, &st)) { + DEBUG(10, ("smb_create_file_nfs4 failed to get owner.\n")); + /* Give up on adjusting the Unix Mode bits. */ + goto out; + } - if (!NT_STATUS_IS_OK(status1)) { + if (!get_nfs4_native(fsp, &pacl)) { + DEBUG(10, ("smb_create_file_nfs4 failed to get acl.\n")); + /* Give up on adjusting the Unix Mode bits. */ goto out; } - status1 = SMB_VFS_FSET_NT_ACL(fsp, security_info, psd); + if (!smbacl4_expand_special(pacl, st.st_ex_uid, st.st_ex_gid)) { + DEBUG(10, ("smb_create_file_nfs4 failed to expand acl.\n")); + /* Give up on adjusting the Unix Mode bits. */ + goto out; + } + if (!set_nfs4_native(fsp, pacl)) { + DEBUG(10, ("smb_create_file_nfs4 failed to set acl.\n")); + /* Give up on adjusting the Unix Mode bits. */ + goto out; + } out: + TALLOC_FREE(pacl); + if (fsp) { VFS_REMOVE_FSP_EXTENSION(handle, fsp); } diff --git a/source3/modules/nfs4_acls.h b/source3/modules/nfs4_acls.h index 67a321b..de53504 100644 --- a/source3/modules/nfs4_acls.h +++ b/source3/modules/nfs4_acls.h @@ -141,6 +141,10 @@ NTSTATUS smb_get_nt_acl_nfs4(connection_struct *conn, TALLOC_CTX *mem_ctx, struct security_descriptor **ppdesc, SMB4ACL_T *theacl); +/* Callback function needed to get the native acl + * when applicable */ +typedef bool (*get_nfs4acl_native_fn_t)(files_struct *, SMB4ACL_T **); + /* Callback function needed to set the native acl * when applicable */ typedef bool (*set_nfs4acl_native_fn_t)(files_struct *, SMB4ACL_T *); @@ -165,6 +169,8 @@ NTSTATUS smb_create_file_nfs4(struct vfs_handle_struct *handle, struct security_descriptor *sd, struct ea_list *ea_list, files_struct **result, - int *pinfo); + int *pinfo, + get_nfs4acl_native_fn_t get_nfs4_native, + set_nfs4acl_native_fn_t set_nfs4_native); #endif /* __NFS4_ACLS_H__ */ -- 1.7.9.5 From 8d60830a8f4ca01c67642730c40f9621479fa946 Mon Sep 17 00:00:00 2001 From: Alexander Werth Date: Wed, 19 Dec 2012 13:53:04 +0100 Subject: [PATCH 2/2] s3: Add create_file hook to rewrite ACL on file creation for GPFS module. --- source3/modules/vfs_gpfs.c | 54 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 53 insertions(+), 1 deletion(-) diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c index 1082a52..f7f2a74 100644 --- a/source3/modules/vfs_gpfs.c +++ b/source3/modules/vfs_gpfs.c @@ -422,6 +422,17 @@ static NTSTATUS gpfsacl_get_nt_acl(vfs_handle_struct *handle, return map_nt_error_from_unix(errno); } +static bool gpfsacl_get_smbacl(files_struct *fsp, SMB4ACL_T **smbacl) +{ + int ret; + ret = gpfs_get_nfs4_acl(fsp->fsp_name->base_name, smbacl); + if (ret != 0) { + DEBUG(8, ("gpfs_get_nfs4_acl failed with %s\n", strerror(errno))); + return False; + } + return True; +} + static bool gpfsacl_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl) { int ret; @@ -1987,6 +1998,47 @@ static ssize_t vfs_gpfs_pwrite_recv(struct tevent_req *req, int *err) return state->ret; } +NTSTATUS vfs_gpfs_create_file(struct vfs_handle_struct *handle, + struct smb_request *req, + uint16_t root_dir_fid, + struct smb_filename *smb_fname, + uint32_t access_mask, + uint32_t share_access, + uint32_t create_disposition, + uint32_t create_options, + uint32_t file_attributes, + uint32_t oplock_request, + uint64_t allocation_size, + uint32_t private_flags, + struct security_descriptor *sd, + struct ea_list *ea_list, + files_struct **result, + int *pinfo) +{ + NTSTATUS status; + int info; + + status = smb_create_file_nfs4(handle, + req, + root_dir_fid, + smb_fname, + access_mask, + share_access, + create_disposition, + create_options, + file_attributes, + oplock_request, + allocation_size, + private_flags, + sd, + ea_list, + result, + &info, + gpfsacl_get_smbacl, + gpfsacl_process_smbacl); + + return status; +} static struct vfs_fn_pointers vfs_gpfs_fns = { .connect_fn = vfs_gpfs_connect, @@ -2019,7 +2071,7 @@ static struct vfs_fn_pointers vfs_gpfs_fns = { .sendfile_fn = vfs_gpfs_sendfile, .fallocate_fn = vfs_gpfs_fallocate, .open_fn = vfs_gpfs_open, - .create_file_nf = smb_create_file_nfs4, + .create_file_fn = vfs_gpfs_create_file, .pread_fn = vfs_gpfs_pread, .pread_send_fn = vfs_gpfs_pread_send, .pread_recv_fn = vfs_gpfs_pread_recv, -- 1.7.9.5