The Samba-Bugzilla – Attachment 14322 Details for
Bug 13528
vfs_zfsacl does not allow users to "disable inheritance" via File Explorer
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
vfs_zfsacl patch to set dacl protected if no entries in ACL are inherited
Set-dacl_protected-if-no-entries-in-ACL-are-inherited.patch (text/plain), 1.62 KB, created by
Andrew Walker
on 2018-07-13 18:39:22 UTC
(
hide
)
Description:
vfs_zfsacl patch to set dacl protected if no entries in ACL are inherited
Filename:
MIME Type:
Creator:
Andrew Walker
Created:
2018-07-13 18:39:22 UTC
Size:
1.62 KB
patch
obsolete
>From fd44285d756de87280260c38d3f82c3b7961997d Mon Sep 17 00:00:00 2001 >From: awalker <awalker@ixsystems.com> >Date: Fri, 13 Jul 2018 13:36:31 -0400 >Subject: [PATCH] Set dacl_protected if no entries in ACL are inherited. > >Signed-off-by: awalker <awalker@ixsystems.com> >--- > source3/modules/vfs_zfsacl.c | 13 +++++++++++++ > 1 file changed, 13 insertions(+) > >diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c >index 43e41f9..08894af 100644 >--- a/source3/modules/vfs_zfsacl.c >+++ b/source3/modules/vfs_zfsacl.c >@@ -51,6 +51,7 @@ static NTSTATUS zfs_get_nt_acl_common(struct connection_struct *conn, > SMB_STRUCT_STAT sbuf; > const SMB_STRUCT_STAT *psbuf = NULL; > int ret; >+ bool inherited_is_present; > bool is_dir; > > if (VALID_STAT(smb_fname->st)) { >@@ -117,6 +118,11 @@ static NTSTATUS zfs_get_nt_acl_common(struct connection_struct *conn, > aceprop.aceMask |= SMB_ACE4_DELETE_CHILD; > } > >+#ifdef ACE_INHERITED_ACE >+ if(aceprop.aceFlags & ACE_INHERITED_ACE) { >+ inherited_is_present = true; >+ } >+#endif > if(aceprop.aceFlags & ACE_OWNER) { > aceprop.flags = SMB_ACE4_ID_SPECIAL; > aceprop.who.special_id = SMB_ACE4_WHO_OWNER; >@@ -133,6 +139,13 @@ static NTSTATUS zfs_get_nt_acl_common(struct connection_struct *conn, > return NT_STATUS_NO_MEMORY; > } > >+#ifdef ACE_INHERITED_ACE >+ if (!inherited_is_present >+ && lp_parm_bool(conn->params->service, "zfsacl", "map_dacl_protected", False)){ >+ DBG_DEBUG("setting dacl_protected flag on %s \n", smb_fname->base_name); >+ smbacl4_set_controlflags(pacl, SEC_DESC_DACL_PROTECTED|SEC_DESC_SELF_RELATIVE); >+ } >+#endif > *ppacl = pacl; > return NT_STATUS_OK; > } >-- >1.8.3.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=14322">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 13528
: 14322