From df32058f0d2c56519d6d607e99ddf8973b1ae88c Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Fri, 18 May 2018 13:14:57 +0200 Subject: [PATCH 1/2] s3:smbd: make psbuf arg to make_default_acl_posix() const Bug: https://bugzilla.samba.org/show_bug.cgi?id=13175 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit ec2a40831359ae93f437ef76f8ba76bbd95bc6dc) --- source3/smbd/posix_acls.c | 8 ++++---- source3/smbd/proto.h | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 8d42535d877..6396f818176 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -4779,7 +4779,7 @@ int posix_sys_acl_blob_get_fd(vfs_handle_struct *handle, static NTSTATUS make_default_acl_posix(TALLOC_CTX *ctx, const char *name, - SMB_STRUCT_STAT *psbuf, + const SMB_STRUCT_STAT *psbuf, struct security_descriptor **ppdesc) { struct dom_sid owner_sid, group_sid; @@ -4886,7 +4886,7 @@ static NTSTATUS make_default_acl_posix(TALLOC_CTX *ctx, static NTSTATUS make_default_acl_windows(TALLOC_CTX *ctx, const char *name, - SMB_STRUCT_STAT *psbuf, + const SMB_STRUCT_STAT *psbuf, struct security_descriptor **ppdesc) { struct dom_sid owner_sid, group_sid; @@ -4958,7 +4958,7 @@ static NTSTATUS make_default_acl_windows(TALLOC_CTX *ctx, static NTSTATUS make_default_acl_everyone(TALLOC_CTX *ctx, const char *name, - SMB_STRUCT_STAT *psbuf, + const SMB_STRUCT_STAT *psbuf, struct security_descriptor **ppdesc) { struct dom_sid owner_sid, group_sid; @@ -5022,7 +5022,7 @@ NTSTATUS make_default_filesystem_acl( TALLOC_CTX *ctx, enum default_acl_style acl_style, const char *name, - SMB_STRUCT_STAT *psbuf, + const SMB_STRUCT_STAT *psbuf, struct security_descriptor **ppdesc) { NTSTATUS status; diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h index 2e0d6efb16c..8b501d77844 100644 --- a/source3/smbd/proto.h +++ b/source3/smbd/proto.h @@ -828,7 +828,7 @@ NTSTATUS make_default_filesystem_acl( TALLOC_CTX *ctx, enum default_acl_style acl_style, const char *name, - SMB_STRUCT_STAT *psbuf, + const SMB_STRUCT_STAT *psbuf, struct security_descriptor **ppdesc); /* The following definitions come from smbd/process.c */ -- 2.17.2 From 348cc67816f7788f7b96a4b8d1cda02b83a59b1a Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Tue, 5 Dec 2017 08:28:28 +0100 Subject: [PATCH 2/2] vfs_zfsacl: return synthesized ACL when ZFS return ENOTSUP This allows accessing the ZFS .snapshots directory where ZFS returns ENOTSUP when calling acl(".snapshots"). Bug: https://bugzilla.samba.org/show_bug.cgi?id=13175 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Fri May 18 22:03:21 CEST 2018 on sn-devel-144 (cherry picked from commit f93cc232377d4c686ac35ee5e14e798974bc0700) --- source3/modules/vfs_zfsacl.c | 36 ++++++++++++++++++++++++++++++++++-- 1 file changed, 34 insertions(+), 2 deletions(-) diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c index 0bc4ba6604f..43e41f95c1a 100644 --- a/source3/modules/vfs_zfsacl.c +++ b/source3/modules/vfs_zfsacl.c @@ -238,7 +238,20 @@ static NTSTATUS zfsacl_fget_nt_acl(struct vfs_handle_struct *handle, fsp->fsp_name, &pacl); if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(frame); - return status; + if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) { + return status; + } + + status = make_default_filesystem_acl(mem_ctx, + DEFAULT_ACL_POSIX, + fsp->fsp_name->base_name, + &fsp->fsp_name->st, + ppdesc); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + (*ppdesc)->type |= SEC_DESC_DACL_PROTECTED; + return NT_STATUS_OK; } status = smb_fget_nt_acl_nfs4(fsp, NULL, security_info, mem_ctx, @@ -260,7 +273,26 @@ static NTSTATUS zfsacl_get_nt_acl(struct vfs_handle_struct *handle, status = zfs_get_nt_acl_common(handle->conn, frame, smb_fname, &pacl); if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(frame); - return status; + if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) { + return status; + } + + if (!VALID_STAT(smb_fname->st)) { + DBG_ERR("No stat info for [%s]\n", + smb_fname_str_dbg(smb_fname)); + return NT_STATUS_INTERNAL_ERROR; + } + + status = make_default_filesystem_acl(mem_ctx, + DEFAULT_ACL_POSIX, + smb_fname->base_name, + &smb_fname->st, + ppdesc); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + (*ppdesc)->type |= SEC_DESC_DACL_PROTECTED; + return NT_STATUS_OK; } status = smb_get_nt_acl_nfs4(handle->conn, -- 2.17.2