[PATCH] Rework patch for bug 7909
Jeremy Allison
jra at samba.org
Fri Sep 8 22:35:49 UTC 2017
On Thu, Sep 07, 2017 at 12:05:34PM +0200, Ralph Böhme wrote:
> Hi!
>
> Back in the days a fix for bug 7909 resulted in the common VFS NFS4 ACL
> framework to set the SEC_STD_SYNCHRONIZE bit. This was deemed necessary just to
> make ZFS happy: the ZFS guys didn't want the SEC_STD_SYNCHRONIZE bit to appear
> in the mask in the filesystem and thus are filtering it out of ACEs when setting
> ACLs.
>
> Now when fetching ACLs it turned out to be necessary to stick
> SEC_STD_SYNCHRONIZE back into the access mask, otherwise rename operation would
> fail (client side behaviour).
>
> Other consumers of the framework like vfs_gpfs do not need this behaviour, if
> ZFS needs this, it must be put into vfs_zfsacl.
>
> Having divergent behaviour wrt to SEC_STD_SYNCHRONIZE in all modules that use
> the NFS4 ACL framework also means that torture tests like "raw.acls.generic"
> fail and can't be used to test the modules which severly limits test coverage.
>
> Please review & push if ok. Thanks!
LGTM - pushed !
> From a2e4e966622db0aa7f8e7be893c8c3d2b2c56741 Mon Sep 17 00:00:00 2001
> From: Ralph Boehme <slow at samba.org>
> Date: Wed, 6 Sep 2017 16:28:10 +0200
> Subject: [PATCH] vfs/nfs4_acls: move special handling of SMB_ACE4_SYNCHRONIZE
> to vfs_zfsacl
>
> Commit 99a74ff5e6a9f87ad7a650cb44e0f925f834b3a1 added special handling
> of SMB_ACE4_SYNCHRONIZE, always setting it in the access_mask when
> fabricating an ACL. While at the same time removing it from the
> access_mask when setting an ACL, but this is done direclty in
> vfs_zfsacl, not it the common code.
>
> Forcing SMB_ACE4_SYNCHRONIZE to be always set is only needed on ZFS, the
> other VFS modules using the common NFSv4 infrastructure should not be
> made victims of the special ZFS behaviour.
>
> Bug: https://bugzilla.samba.org/show_bug.cgi?id=7909
>
> Signed-off-by: Ralph Boehme <slow at samba.org>
> ---
> source3/modules/nfs4_acls.c | 7 -------
> source3/modules/vfs_zfsacl.c | 9 +++++++++
> 2 files changed, 9 insertions(+), 7 deletions(-)
>
> diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c
> index 2007917821b..c715b83390d 100644
> --- a/source3/modules/nfs4_acls.c
> +++ b/source3/modules/nfs4_acls.c
> @@ -385,13 +385,6 @@ static bool smbacl4_nfs42win(TALLOC_CTX *mem_ctx,
> ace->aceFlags, win_ace_flags));
>
> mask = ace->aceMask;
> - /* Windows clients expect SYNC on acls to
> - correctly allow rename. See bug #7909. */
> - /* But not on DENY ace entries. See
> - bug #8442. */
> - if(ace->aceType == SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE) {
> - mask = ace->aceMask | SMB_ACE4_SYNCHRONIZE;
> - }
>
> /* Mapping of owner@ and group@ to creator owner and
> creator group. Keep old behavior in mode special. */
> diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c
> index 76cf5281af7..4cb1b98f01b 100644
> --- a/source3/modules/vfs_zfsacl.c
> +++ b/source3/modules/vfs_zfsacl.c
> @@ -84,6 +84,15 @@ static NTSTATUS zfs_get_nt_acl_common(TALLOC_CTX *mem_ctx,
> aceprop.aceMask = (uint32_t) acebuf[i].a_access_mask;
> aceprop.who.id = (uint32_t) acebuf[i].a_who;
>
> + /*
> + * Windows clients expect SYNC on acls to correctly allow
> + * rename, cf bug #7909. But not on DENY ace entries, cf bug
> + * #8442.
> + */
> + if (aceprop.aceType == SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE) {
> + aceprop.aceMask |= SMB_ACE4_SYNCHRONIZE;
> + }
> +
> if(aceprop.aceFlags & ACE_OWNER) {
> aceprop.flags = SMB_ACE4_ID_SPECIAL;
> aceprop.who.special_id = SMB_ACE4_WHO_OWNER;
> --
> 2.13.5
>
More information about the samba-technical
mailing list