[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Sat Sep 9 03:00:02 UTC 2017
The branch, master has been updated
via 4102697 s3/vfs: move ACE4_ADD_FILE/ACE4_DELETE_CHILD mapping from NFSv4 framework to vfs_zfsacl
via bdc7fc6 vfs_zfsacl: ensure zfs_get_nt_acl_common() has access to stat info
via a665728 vfs_zfsacl: pass smb_fname to zfs_get_nt_acl_common
via 4591a91 vfs/nfs4_acls: move special handling of SMB_ACE4_SYNCHRONIZE to vfs_zfsacl
from 13971ba smbd: add missing newline to debug message in daemon_status()
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 4102697503691f3b2eadfcb98834bb66c669f3ab
Author: Ralph Boehme <slow at samba.org>
Date: Wed Sep 6 16:56:47 2017 +0200
s3/vfs: move ACE4_ADD_FILE/ACE4_DELETE_CHILD mapping from NFSv4 framework to vfs_zfsacl
This was added in e6a5f11865a55e9644292ae92e4a4b5ec0662ccd to adopt the
NFSv4 framework to follow ZFS permission rules. But this is the wrong
place, other filesystems like GPFS do not allow deletion when the user
has SEC_DIR_ADD_FILE.
This patch therefor moves the change from the NFS4 framework into the
ZFS module.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=6133
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Sep 9 04:59:51 CEST 2017 on sn-devel-144
commit bdc7fc62011cb1744f0246aea358b93e98caef38
Author: Ralph Boehme <slow at samba.org>
Date: Wed Sep 6 16:53:23 2017 +0200
vfs_zfsacl: ensure zfs_get_nt_acl_common() has access to stat info
We'll need this in the next commit.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=6133
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit a66572851b6163e56a80463316cc0a6879ffd3e5
Author: Ralph Boehme <slow at samba.org>
Date: Wed Sep 6 16:44:12 2017 +0200
vfs_zfsacl: pass smb_fname to zfs_get_nt_acl_common
This is in preperation of moving SMB_ACE4_ADD_FILE /
SMB_ACE4_DELETE_CHILD mapping from the common NFSv4 framework into this
module excusively.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=6133
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 4591a91c4aa9e631fb8696ed8f6e53343e773895
Author: Ralph Boehme <slow at samba.org>
Date: Wed Sep 6 16:28:10 2017 +0200
vfs/nfs4_acls: move special handling of SMB_ACE4_SYNCHRONIZE to vfs_zfsacl
Commit 99a74ff5e6a9f87ad7a650cb44e0f925f834b3a1 added special handling
of SMB_ACE4_SYNCHRONIZE, always setting it in the access_mask when
fabricating an ACL. While at the same time removing it from the
access_mask when setting an ACL, but this is done direclty in
vfs_zfsacl, not it the common code.
Forcing SMB_ACE4_SYNCHRONIZE to be always set is only needed on ZFS, the
other VFS modules using the common NFSv4 infrastructure should not be
made victims of the special ZFS behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=7909
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/modules/nfs4_acls.c | 11 ---------
source3/modules/vfs_zfsacl.c | 54 +++++++++++++++++++++++++++++++++-----------
2 files changed, 41 insertions(+), 24 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c
index 7488b1c..b755344 100644
--- a/source3/modules/nfs4_acls.c
+++ b/source3/modules/nfs4_acls.c
@@ -352,10 +352,6 @@ static bool smbacl4_nfs42win(TALLOC_CTX *mem_ctx,
DEBUG(10, ("mapped %d to %s\n", ace->who.id,
sid_string_dbg(&sid)));
- if (is_directory && (ace->aceMask & SMB_ACE4_ADD_FILE)) {
- ace->aceMask |= SMB_ACE4_DELETE_CHILD;
- }
-
if (!is_directory && params->map_full_control) {
/*
* Do we have all access except DELETE_CHILD
@@ -386,13 +382,6 @@ static bool smbacl4_nfs42win(TALLOC_CTX *mem_ctx,
ace->aceFlags, win_ace_flags));
mask = ace->aceMask;
- /* Windows clients expect SYNC on acls to
- correctly allow rename. See bug #7909. */
- /* But not on DENY ace entries. See
- bug #8442. */
- if(ace->aceType == SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE) {
- mask = ace->aceMask | SMB_ACE4_SYNCHRONIZE;
- }
/* Mapping of owner@ and group@ to creator owner and
creator group. Keep old behavior in mode special. */
diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c
index 76cf528..dd0f343 100644
--- a/source3/modules/vfs_zfsacl.c
+++ b/source3/modules/vfs_zfsacl.c
@@ -40,22 +40,44 @@
* read the local file's acls and return it in NT form
* using the NFSv4 format conversion
*/
-static NTSTATUS zfs_get_nt_acl_common(TALLOC_CTX *mem_ctx,
- const char *name,
+static NTSTATUS zfs_get_nt_acl_common(struct connection_struct *conn,
+ TALLOC_CTX *mem_ctx,
+ const struct smb_filename *smb_fname,
struct SMB4ACL_T **ppacl)
{
int naces, i;
ace_t *acebuf;
struct SMB4ACL_T *pacl;
+ SMB_STRUCT_STAT sbuf;
+ const SMB_STRUCT_STAT *psbuf = NULL;
+ int ret;
+
+ if (VALID_STAT(smb_fname->st)) {
+ psbuf = &smb_fname->st;
+ }
+
+ if (psbuf == NULL) {
+ ret = vfs_stat_smb_basename(conn, smb_fname, &sbuf);
+ if (ret != 0) {
+ DBG_INFO("stat [%s]failed: %s\n",
+ smb_fname_str_dbg(smb_fname), strerror(errno));
+ return map_nt_error_from_unix(errno);
+ }
+ psbuf = &sbuf;
+ }
+
+ if (S_ISDIR(psbuf->st_ex_mode) && (ace->aceMask & SMB_ACE4_ADD_FILE)) {
+ ace->aceMask |= SMB_ACE4_DELETE_CHILD;
+ }
/* read the number of file aces */
- if((naces = acl(name, ACE_GETACLCNT, 0, NULL)) == -1) {
+ if((naces = acl(smb_fname->base_name, ACE_GETACLCNT, 0, NULL)) == -1) {
if(errno == ENOSYS) {
DEBUG(9, ("acl(ACE_GETACLCNT, %s): Operation is not "
"supported on the filesystem where the file "
- "reside\n", name));
+ "reside\n", smb_fname->base_name));
} else {
- DEBUG(9, ("acl(ACE_GETACLCNT, %s): %s ", name,
+ DEBUG(9, ("acl(ACE_GETACLCNT, %s): %s ", smb_fname->base_name,
strerror(errno)));
}
return map_nt_error_from_unix(errno);
@@ -67,8 +89,8 @@ static NTSTATUS zfs_get_nt_acl_common(TALLOC_CTX *mem_ctx,
return NT_STATUS_NO_MEMORY;
}
/* read the aces into the field */
- if(acl(name, ACE_GETACL, naces, acebuf) < 0) {
- DEBUG(9, ("acl(ACE_GETACL, %s): %s ", name,
+ if(acl(smb_fname->base_name, ACE_GETACL, naces, acebuf) < 0) {
+ DEBUG(9, ("acl(ACE_GETACL, %s): %s ", smb_fname->base_name,
strerror(errno)));
return map_nt_error_from_unix(errno);
}
@@ -84,6 +106,15 @@ static NTSTATUS zfs_get_nt_acl_common(TALLOC_CTX *mem_ctx,
aceprop.aceMask = (uint32_t) acebuf[i].a_access_mask;
aceprop.who.id = (uint32_t) acebuf[i].a_who;
+ /*
+ * Windows clients expect SYNC on acls to correctly allow
+ * rename, cf bug #7909. But not on DENY ace entries, cf bug
+ * #8442.
+ */
+ if (aceprop.aceType == SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE) {
+ aceprop.aceMask |= SMB_ACE4_SYNCHRONIZE;
+ }
+
if(aceprop.aceFlags & ACE_OWNER) {
aceprop.flags = SMB_ACE4_ID_SPECIAL;
aceprop.who.special_id = SMB_ACE4_WHO_OWNER;
@@ -201,9 +232,8 @@ static NTSTATUS zfsacl_fget_nt_acl(struct vfs_handle_struct *handle,
NTSTATUS status;
TALLOC_CTX *frame = talloc_stackframe();
- status = zfs_get_nt_acl_common(frame,
- fsp->fsp_name->base_name,
- &pacl);
+ status = zfs_get_nt_acl_common(handle->conn, frame,
+ fsp->fsp_name, &pacl);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(frame);
return status;
@@ -225,9 +255,7 @@ static NTSTATUS zfsacl_get_nt_acl(struct vfs_handle_struct *handle,
NTSTATUS status;
TALLOC_CTX *frame = talloc_stackframe();
- status = zfs_get_nt_acl_common(frame,
- smb_fname->base_name,
- &pacl);
+ status = zfs_get_nt_acl_common(handle->conn, frame, smb_fname, &pacl);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(frame);
return status;
--
Samba Shared Repository
More information about the samba-cvs
mailing list