The Samba-Bugzilla – Attachment 13638 Details for
Bug 6133
Cannot delete non-ACL files on Solaris/ZFS/NFSv4 ACL filesystem.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for 4.6 and 4.7 cherry-picked from master
bug6133-v46,v47.patch (text/plain), 7.47 KB, created by
Ralph Böhme
on 2017-09-27 13:02:04 UTC
(
hide
)
Description:
Patch for 4.6 and 4.7 cherry-picked from master
Filename:
MIME Type:
Creator:
Ralph Böhme
Created:
2017-09-27 13:02:04 UTC
Size:
7.47 KB
patch
obsolete
>From 12cea94f0dba141c48d494553e086b4ea851cccf Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Wed, 6 Sep 2017 16:44:12 +0200 >Subject: [PATCH 1/3] vfs_zfsacl: pass smb_fname to zfs_get_nt_acl_common > >This is in preperation of moving SMB_ACE4_ADD_FILE / >SMB_ACE4_DELETE_CHILD mapping from the common NFSv4 framework into this >module excusively. > >Bug: https://bugzilla.samba.org/show_bug.cgi?id=6133 > >Signed-off-by: Ralph Boehme <slow@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit a66572851b6163e56a80463316cc0a6879ffd3e5) >--- > source3/modules/vfs_zfsacl.c | 20 ++++++++------------ > 1 file changed, 8 insertions(+), 12 deletions(-) > >diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c >index 4cb1b98f01b..97fe2028307 100644 >--- a/source3/modules/vfs_zfsacl.c >+++ b/source3/modules/vfs_zfsacl.c >@@ -41,7 +41,7 @@ > * using the NFSv4 format conversion > */ > static NTSTATUS zfs_get_nt_acl_common(TALLOC_CTX *mem_ctx, >- const char *name, >+ const struct smb_filename *smb_fname, > struct SMB4ACL_T **ppacl) > { > int naces, i; >@@ -49,13 +49,13 @@ static NTSTATUS zfs_get_nt_acl_common(TALLOC_CTX *mem_ctx, > struct SMB4ACL_T *pacl; > > /* read the number of file aces */ >- if((naces = acl(name, ACE_GETACLCNT, 0, NULL)) == -1) { >+ if((naces = acl(smb_fname->base_name, ACE_GETACLCNT, 0, NULL)) == -1) { > if(errno == ENOSYS) { > DEBUG(9, ("acl(ACE_GETACLCNT, %s): Operation is not " > "supported on the filesystem where the file " >- "reside\n", name)); >+ "reside\n", smb_fname->base_name)); > } else { >- DEBUG(9, ("acl(ACE_GETACLCNT, %s): %s ", name, >+ DEBUG(9, ("acl(ACE_GETACLCNT, %s): %s ", smb_fname->base_name, > strerror(errno))); > } > return map_nt_error_from_unix(errno); >@@ -67,8 +67,8 @@ static NTSTATUS zfs_get_nt_acl_common(TALLOC_CTX *mem_ctx, > return NT_STATUS_NO_MEMORY; > } > /* read the aces into the field */ >- if(acl(name, ACE_GETACL, naces, acebuf) < 0) { >- DEBUG(9, ("acl(ACE_GETACL, %s): %s ", name, >+ if(acl(smb_fname->base_name, ACE_GETACL, naces, acebuf) < 0) { >+ DEBUG(9, ("acl(ACE_GETACL, %s): %s ", smb_fname->base_name, > strerror(errno))); > return map_nt_error_from_unix(errno); > } >@@ -210,9 +210,7 @@ static NTSTATUS zfsacl_fget_nt_acl(struct vfs_handle_struct *handle, > NTSTATUS status; > TALLOC_CTX *frame = talloc_stackframe(); > >- status = zfs_get_nt_acl_common(frame, >- fsp->fsp_name->base_name, >- &pacl); >+ status = zfs_get_nt_acl_common(frame, fsp->fsp_name, &pacl); > if (!NT_STATUS_IS_OK(status)) { > TALLOC_FREE(frame); > return status; >@@ -234,9 +232,7 @@ static NTSTATUS zfsacl_get_nt_acl(struct vfs_handle_struct *handle, > NTSTATUS status; > TALLOC_CTX *frame = talloc_stackframe(); > >- status = zfs_get_nt_acl_common(frame, >- smb_fname->base_name, >- &pacl); >+ status = zfs_get_nt_acl_common(frame, smb_fname, &pacl); > if (!NT_STATUS_IS_OK(status)) { > TALLOC_FREE(frame); > return status; >-- >2.13.5 > > >From a846beaee144b3223a4a8589c5cd7b78711012d4 Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Wed, 6 Sep 2017 16:53:23 +0200 >Subject: [PATCH 2/3] vfs_zfsacl: ensure zfs_get_nt_acl_common() has access to > stat info > >We'll need this in the next commit. > >Bug: https://bugzilla.samba.org/show_bug.cgi?id=6133 > >Signed-off-by: Ralph Boehme <slow@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit bdc7fc62011cb1744f0246aea358b93e98caef38) >--- > source3/modules/vfs_zfsacl.c | 25 ++++++++++++++++++++++--- > 1 file changed, 22 insertions(+), 3 deletions(-) > >diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c >index 97fe2028307..da13c4c4908 100644 >--- a/source3/modules/vfs_zfsacl.c >+++ b/source3/modules/vfs_zfsacl.c >@@ -40,13 +40,31 @@ > * read the local file's acls and return it in NT form > * using the NFSv4 format conversion > */ >-static NTSTATUS zfs_get_nt_acl_common(TALLOC_CTX *mem_ctx, >+static NTSTATUS zfs_get_nt_acl_common(struct connection_struct *conn, >+ TALLOC_CTX *mem_ctx, > const struct smb_filename *smb_fname, > struct SMB4ACL_T **ppacl) > { > int naces, i; > ace_t *acebuf; > struct SMB4ACL_T *pacl; >+ SMB_STRUCT_STAT sbuf; >+ const SMB_STRUCT_STAT *psbuf = NULL; >+ int ret; >+ >+ if (VALID_STAT(smb_fname->st)) { >+ psbuf = &smb_fname->st; >+ } >+ >+ if (psbuf == NULL) { >+ ret = vfs_stat_smb_basename(conn, smb_fname, &sbuf); >+ if (ret != 0) { >+ DBG_INFO("stat [%s]failed: %s\n", >+ smb_fname_str_dbg(smb_fname), strerror(errno)); >+ return map_nt_error_from_unix(errno); >+ } >+ psbuf = &sbuf; >+ } > > /* read the number of file aces */ > if((naces = acl(smb_fname->base_name, ACE_GETACLCNT, 0, NULL)) == -1) { >@@ -210,7 +228,8 @@ static NTSTATUS zfsacl_fget_nt_acl(struct vfs_handle_struct *handle, > NTSTATUS status; > TALLOC_CTX *frame = talloc_stackframe(); > >- status = zfs_get_nt_acl_common(frame, fsp->fsp_name, &pacl); >+ status = zfs_get_nt_acl_common(handle->conn, frame, >+ fsp->fsp_name, &pacl); > if (!NT_STATUS_IS_OK(status)) { > TALLOC_FREE(frame); > return status; >@@ -232,7 +251,7 @@ static NTSTATUS zfsacl_get_nt_acl(struct vfs_handle_struct *handle, > NTSTATUS status; > TALLOC_CTX *frame = talloc_stackframe(); > >- status = zfs_get_nt_acl_common(frame, smb_fname, &pacl); >+ status = zfs_get_nt_acl_common(handle->conn, frame, smb_fname, &pacl); > if (!NT_STATUS_IS_OK(status)) { > TALLOC_FREE(frame); > return status; >-- >2.13.5 > > >From 143cd04d763fa8014dbef57a04ce7aa30dcb01d1 Mon Sep 17 00:00:00 2001 >From: Ralph Boehme <slow@samba.org> >Date: Wed, 6 Sep 2017 16:56:47 +0200 >Subject: [PATCH 3/3] s3/vfs: move ACE4_ADD_FILE/ACE4_DELETE_CHILD mapping from > NFSv4 framework to vfs_zfsacl > >This was added in e6a5f11865a55e9644292ae92e4a4b5ec0662ccd to adopt the >NFSv4 framework to follow ZFS permission rules. But this is the wrong >place, other filesystems like GPFS do not allow deletion when the user >has SEC_DIR_ADD_FILE. > >This patch therefor moves the change from the NFS4 framework into the >ZFS module. > >Bug: https://bugzilla.samba.org/show_bug.cgi?id=6133 > >Signed-off-by: Ralph Boehme <slow@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> > >Autobuild-User(master): Jeremy Allison <jra@samba.org> >Autobuild-Date(master): Sat Sep 9 04:59:51 CEST 2017 on sn-devel-144 > >(cherry picked from commit 4102697503691f3b2eadfcb98834bb66c669f3ab) >--- > source3/modules/nfs4_acls.c | 4 ---- > source3/modules/vfs_zfsacl.c | 4 ++++ > 2 files changed, 4 insertions(+), 4 deletions(-) > >diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c >index 78861f5df62..b755344322e 100644 >--- a/source3/modules/nfs4_acls.c >+++ b/source3/modules/nfs4_acls.c >@@ -352,10 +352,6 @@ static bool smbacl4_nfs42win(TALLOC_CTX *mem_ctx, > DEBUG(10, ("mapped %d to %s\n", ace->who.id, > sid_string_dbg(&sid))); > >- if (is_directory && (ace->aceMask & SMB_ACE4_ADD_FILE)) { >- ace->aceMask |= SMB_ACE4_DELETE_CHILD; >- } >- > if (!is_directory && params->map_full_control) { > /* > * Do we have all access except DELETE_CHILD >diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c >index da13c4c4908..dd0f343b8c6 100644 >--- a/source3/modules/vfs_zfsacl.c >+++ b/source3/modules/vfs_zfsacl.c >@@ -66,6 +66,10 @@ static NTSTATUS zfs_get_nt_acl_common(struct connection_struct *conn, > psbuf = &sbuf; > } > >+ if (S_ISDIR(psbuf->st_ex_mode) && (ace->aceMask & SMB_ACE4_ADD_FILE)) { >+ ace->aceMask |= SMB_ACE4_DELETE_CHILD; >+ } >+ > /* read the number of file aces */ > if((naces = acl(smb_fname->base_name, ACE_GETACLCNT, 0, NULL)) == -1) { > if(errno == ENOSYS) { >-- >2.13.5 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
jra
:
review+
Actions:
View
Attachments on
bug 6133
:
3948
| 13638 |
13735
|
13750