summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/Makefile.in6
-rw-r--r--source3/modules/vfs_zfsacl.c186
2 files changed, 192 insertions, 0 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 48a03230ebf..1efcd15c949 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -447,6 +447,7 @@ VFS_POSIXACL_OBJ = modules/vfs_posixacl.o
VFS_AIXACL_OBJ = modules/vfs_aixacl.o modules/vfs_aixacl_util.o
VFS_AIXACL2_OBJ = modules/vfs_aixacl2.o modules/vfs_aixacl_util.o modules/nfs4_acls.o
VFS_SOLARISACL_OBJ = modules/vfs_solarisacl.o
+VFS_ZFSACL_OBJ = modules/vfs_zfsacl.o modules/nfs4_acls.o
VFS_HPUXACL_OBJ = modules/vfs_hpuxacl.o
VFS_IRIXACL_OBJ = modules/vfs_irixacl.o
VFS_TRU64ACL_OBJ = modules/vfs_tru64acl.o
@@ -1590,6 +1591,11 @@ bin/solarisacl.@SHLIBEXT@: $(VFS_SOLARISACL_OBJ)
@echo "Building plugin $@"
@$(SHLD_MODULE) $(VFS_SOLARISACL_OBJ)
+bin/zfsacl.@SHLIBEXT@: $(VFS_ZFSACL_OBJ)
+ @echo "Building plugin $@"
+ @$(SHLD) $(LDSHFLAGS) -o $@ $(VFS_ZFSACL_OBJ) \
+ @SONAMEFLAG@`basename $@`
+
bin/irixacl.@SHLIBEXT@: proto_exists $(VFS_IRIXACL_OBJ)
@echo "Building plugin $@"
@$(SHLD_MODULE) $(VFS_IRIXACL_OBJ)
diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c
new file mode 100644
index 00000000000..72dde886bd1
--- /dev/null
+++ b/source3/modules/vfs_zfsacl.c
@@ -0,0 +1,186 @@
+/*
+ * Convert ZFS/NFSv4 acls to NT acls and vice versa.
+ *
+ * Copyright (C) Jiri Sasek, 2007
+ * based on the foobar.c module which is copyrighted by Volker Lendecke
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ */
+
+#include "includes.h"
+#include "nfs4_acls.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_VFS
+
+#define ZFSACL_MODULE_NAME "zfsacl"
+
+/* zfs_get_nt_acl()
+ * read the local file's acls and return it in NT form
+ * using the NFSv4 format conversion
+ */
+static size_t zfs_get_nt_acl(struct files_struct *fsp, uint32 security_info,
+ struct security_descriptor **ppdesc)
+{
+ int naces, i;
+ ace_t *acebuf;
+ SMB4ACL_T *pacl;
+ TALLOC_CTX *mem_ctx;
+
+ /* read the number of file aces */
+ if((naces = acl(fsp->fsp_name, ACE_GETACLCNT, 0, NULL)) == -1) {
+ if(errno == ENOSYS) {
+ DEBUG(9, ("acl(ACE_GETACLCNT, %s): Operation is not supported on the filesystem where the file reside"));
+ } else {
+ DEBUG(9, ("acl(ACE_GETACLCNT, %s): %s ", fsp->fsp_name,
+ strerror(errno)));
+ }
+ return 0;
+ }
+ /* allocate the field of ZFS aces */
+ mem_ctx = main_loop_talloc_get();
+ acebuf = (ace_t *) talloc_size(mem_ctx, sizeof(ace_t)*naces);
+ if(acebuf == NULL) {
+ errno = ENOMEM;
+ return 0;
+ }
+ /* read the aces into the field */
+ if(acl(fsp->fsp_name, ACE_GETACL, naces, acebuf) < 0) {
+ DEBUG(9, ("acl(ACE_GETACL, %s): %s ", fsp->fsp_name,
+ strerror(errno)));
+ return 0;
+ }
+ /* create SMB4ACL data */
+ if((pacl = smb_create_smb4acl()) == NULL) return 0;
+ for(i=0; i<naces; i++) {
+ SMB_ACE4PROP_T aceprop;
+
+ aceprop.aceType = (uint32) acebuf[i].a_type;
+ aceprop.aceFlags = (uint32) acebuf[i].a_flags;
+ aceprop.aceMask = (uint32) acebuf[i].a_access_mask;
+ aceprop.who.id = (uint32) acebuf[i].a_who;
+ aceprop.flags = 0;
+ if(smb_add_ace4(pacl, &aceprop) == NULL) return 0;
+ }
+
+ return smb_get_nt_acl_nfs4(fsp, security_info, ppdesc, pacl);
+}
+
+/* call-back function processing the NT acl -> ZFS acl using NFSv4 conv. */
+static BOOL zfs_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl)
+{
+ int naces = smb_get_naces(smbacl), i;
+ ace_t *acebuf;
+ SMB4ACE_T *smbace;
+ TALLOC_CTX *mem_ctx;
+
+ /* allocate the field of ZFS aces */
+ mem_ctx = main_loop_talloc_get();
+ acebuf = (ace_t *) talloc_size(mem_ctx, sizeof(ace_t)*naces);
+ if(acebuf == NULL) {
+ errno = ENOMEM;
+ return False;
+ }
+ /* handle all aces */
+ for(smbace = smb_first_ace4(smbacl), i = 0;
+ smbace!=NULL;
+ smbace = smb_next_ace4(smbace), i++) {
+ SMB_ACE4PROP_T *aceprop = smb_get_ace4(smbace);
+
+ acebuf[i].a_type = aceprop->aceType;
+ acebuf[i].a_flags = aceprop->aceFlags;
+ acebuf[i].a_access_mask = aceprop->aceMask;
+ acebuf[i].a_who = aceprop->who.id;
+ }
+ SMB_ASSERT(i == naces);
+
+ /* store acl */
+ if(acl(fsp->fsp_name, ACE_SETACL, naces, acebuf)) {
+ if(errno == ENOSYS) {
+ DEBUG(9, ("acl(ACE_SETACL, %s): Operation is not supported on the filesystem where the file reside"));
+ } else {
+ DEBUG(9, ("acl(ACE_SETACL, %s): %s ", fsp->fsp_name,
+ strerror(errno)));
+ }
+ return 0;
+ }
+
+ return True;
+}
+
+/* zfs_set_nt_acl()
+ * set the local file's acls obtaining it in NT form
+ * using the NFSv4 format conversion
+ */
+static BOOL zfs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
+ uint32 security_info_sent,
+ struct security_descriptor *psd)
+{
+ return smb_set_nt_acl_nfs4(fsp, security_info_sent, psd,
+ zfs_process_smbacl);
+}
+
+size_t zfsacl_fget_nt_acl(struct vfs_handle_struct *handle,
+ struct files_struct *fsp,
+ int fd, uint32 security_info,
+ struct security_descriptor **ppdesc)
+{
+ return zfs_get_nt_acl(fsp, security_info, ppdesc);
+}
+size_t zfsacl_get_nt_acl(struct vfs_handle_struct *handle,
+ struct files_struct *fsp,
+ const char *name, uint32 security_info,
+ struct security_descriptor **ppdesc)
+{
+ return zfs_get_nt_acl(fsp, security_info, ppdesc);
+}
+
+BOOL zfsacl_fset_nt_acl(vfs_handle_struct *handle,
+ files_struct *fsp,
+ int fd, uint32 security_info_sent,
+ SEC_DESC *psd)
+{
+ return zfs_set_nt_acl(handle, fsp, security_info_sent, psd);
+}
+
+BOOL zfsacl_set_nt_acl(vfs_handle_struct *handle,
+ files_struct *fsp,
+ const char *name, uint32 security_info_sent,
+ SEC_DESC *psd)
+{
+ return zfs_set_nt_acl(handle, fsp, security_info_sent, psd);
+}
+
+/* VFS operations structure */
+
+static vfs_op_tuple zfsacl_ops[] = {
+ {SMB_VFS_OP(zfsacl_fget_nt_acl), SMB_VFS_OP_FGET_NT_ACL,
+ SMB_VFS_LAYER_TRANSPARENT},
+ {SMB_VFS_OP(zfsacl_get_nt_acl), SMB_VFS_OP_GET_NT_ACL,
+ SMB_VFS_LAYER_TRANSPARENT},
+ {SMB_VFS_OP(zfsacl_fset_nt_acl), SMB_VFS_OP_FSET_NT_ACL,
+ SMB_VFS_LAYER_TRANSPARENT},
+ {SMB_VFS_OP(zfsacl_set_nt_acl), SMB_VFS_OP_SET_NT_ACL,
+ SMB_VFS_LAYER_TRANSPARENT},
+ {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP}
+};
+
+NTSTATUS vfs_zfsacl_init(void);
+NTSTATUS vfs_zfsacl_init(void)
+{
+ return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "zfsacl",
+ zfsacl_ops);
+}