Attachment 16299 Details for Bug 14471 – Patch for 4.12 and 4.13 cherry-picked from master

[patch] Patch for 4.12 and 4.13 cherry-picked from master

bug14471-v412,v413.patch (text/plain), 5.29 KB, created by Ralph Böhme on 2020-10-22 07:49:15 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Ralph Böhme

Created: 2020-10-22 07:49:15 UTC

Size: 5.29 KB

patch

obsolete

>From 216fc8f840cb87686be3ef58df1cdf8b8ae21d17 Mon Sep 17 00:00:00 2001
>From: Ralph Boehme <slow@samba.org>
>Date: Thu, 20 Aug 2020 16:42:17 +0200
>Subject: [PATCH 1/3] vfs_zfsacl: README.Coding fix
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=14471
>
>Pair-Programmed-With: Andrew Walker <awalker@ixsystems.com>
>Signed-off-by: Ralph Boehme <slow@samba.org>
>Signed-off-by: Andrew Walker <awalker@ixsystems.com>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>(cherry picked from commit a182f2e6cdded739812e209430d340097acc0031)
>---
> source3/modules/vfs_zfsacl.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
>diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c
>index c5c4718d6ce..a71cda72697 100644
>--- a/source3/modules/vfs_zfsacl.c
>+++ b/source3/modules/vfs_zfsacl.c
>@@ -130,8 +130,9 @@ static NTSTATUS zfs_get_nt_acl_common(struct connection_struct *conn,
> 		} else {
> 			aceprop.flags	= 0;
> 		}
>-		if(smb_add_ace4(pacl, &aceprop) == NULL)
>+		if (smb_add_ace4(pacl, &aceprop) == NULL) {
> 			return NT_STATUS_NO_MEMORY;
>+		}
> 	}
> 
> #ifdef ACE_INHERITED_ACE
>-- 
>2.26.2
>
>
>From ddae1e0a539a4217a7e27ad84e43b9384fa6401b Mon Sep 17 00:00:00 2001
>From: Ralph Boehme <slow@samba.org>
>Date: Thu, 20 Aug 2020 16:41:36 +0200
>Subject: [PATCH 2/3] vfs_zfsacl: use a helper variable in
> zfs_get_nt_acl_common()
>
>No change in behaviour.
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=14471
>
>Pair-Programmed-With: Andrew Walker <awalker@ixsystems.com>
>Signed-off-by: Ralph Boehme <slow@samba.org>
>Signed-off-by: Andrew Walker <awalker@ixsystems.com>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>(cherry picked from commit 13b4f913b06457d8e1f7cf71c85722bbecabd990)
>---
> source3/modules/vfs_zfsacl.c | 15 +++++++++++----
> 1 file changed, 11 insertions(+), 4 deletions(-)
>
>diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c
>index a71cda72697..17478ad116e 100644
>--- a/source3/modules/vfs_zfsacl.c
>+++ b/source3/modules/vfs_zfsacl.c
>@@ -87,6 +87,7 @@ static NTSTATUS zfs_get_nt_acl_common(struct connection_struct *conn,
> 	}
> 	for(i=0; i<naces; i++) {
> 		SMB_ACE4PROP_T aceprop;
>+		uint16_t special = 0;
> 
> 		aceprop.aceType  = (uint32_t) acebuf[i].a_type;
> 		aceprop.aceFlags = (uint32_t) acebuf[i].a_flags;
>@@ -109,6 +110,8 @@ static NTSTATUS zfs_get_nt_acl_common(struct connection_struct *conn,
> 			aceprop.aceMask |= SMB_ACE4_SYNCHRONIZE;
> 		}
> 
>+		special = acebuf[i].a_flags & (ACE_OWNER|ACE_GROUP|ACE_EVERYONE);
>+
> 		if (is_dir && (aceprop.aceMask & SMB_ACE4_ADD_FILE)) {
> 			aceprop.aceMask |= SMB_ACE4_DELETE_CHILD;
> 		}
>@@ -118,16 +121,20 @@ static NTSTATUS zfs_get_nt_acl_common(struct connection_struct *conn,
> 			inherited_is_present = true;
> 		}
> #endif
>-		if(aceprop.aceFlags & ACE_OWNER) {
>+		switch(special) {
>+		case(ACE_OWNER):
> 			aceprop.flags = SMB_ACE4_ID_SPECIAL;
> 			aceprop.who.special_id = SMB_ACE4_WHO_OWNER;
>-		} else if(aceprop.aceFlags & ACE_GROUP) {
>+			break;
>+		case(ACE_GROUP):
> 			aceprop.flags = SMB_ACE4_ID_SPECIAL;
> 			aceprop.who.special_id = SMB_ACE4_WHO_GROUP;
>-		} else if(aceprop.aceFlags & ACE_EVERYONE) {
>+			break;
>+		case(ACE_EVERYONE):
> 			aceprop.flags = SMB_ACE4_ID_SPECIAL;
> 			aceprop.who.special_id = SMB_ACE4_WHO_EVERYONE;
>-		} else {
>+			break;
>+		default:
> 			aceprop.flags	= 0;
> 		}
> 		if (smb_add_ace4(pacl, &aceprop) == NULL) {
>-- 
>2.26.2
>
>
>From 4bbe44b5552b0f47f871009470a2bec734f08de0 Mon Sep 17 00:00:00 2001
>From: Andrew Walker <awalker@ixsystems.com>
>Date: Thu, 24 Sep 2020 16:04:12 -0400
>Subject: [PATCH 3/3] vfs_zfsacl: only grant DELETE_CHILD if ACL tag is special
>
>When ZFS aclmode is set to "passthrough" chmod(2)/fchmod(2) will result
>in special entries being modified in a way such that delete, delete_child,
>write_named_attr, write_attribute are stripped from the returned ACL entry,
>and the kernel / ZFS treats this as having rights equivalent to the desired
>POSIX mode. Historically, samba has added delete_child to the NFSv4 ACL, but
>this is only really called for in the case of special entries in this
>particular circumstance.
>
>Alter circumstances in which delete_child is granted so that it only
>is added to special entries. This preserves the intend post-chmod behavior,
>but avoids unnecessarily increasing permissions in cases where it's not
>intended. Further modification of this behavior may be required so that
>we grant a general read or general write permissions set in case of
>POSIX read / POSIX write on special entries.
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=14471
>RN: vfs_zfsacl: only grant DELETE_CHILD if ACL tag is special
>
>Signed-off-by: Andrew Walker <awalker@ixsystems.com>
>Reviewed-by: Ralph Boehme <slow@samba.org>
>Reviewed-by: Jeremy Allison <jra@samba.org>
>(cherry picked from commit c1a37b4f31d5252ce074d41f69e526aa84b0d3b3)
>---
> source3/modules/vfs_zfsacl.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
>diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c
>index 17478ad116e..093eb5111e1 100644
>--- a/source3/modules/vfs_zfsacl.c
>+++ b/source3/modules/vfs_zfsacl.c
>@@ -112,7 +112,10 @@ static NTSTATUS zfs_get_nt_acl_common(struct connection_struct *conn,
> 
> 		special = acebuf[i].a_flags & (ACE_OWNER|ACE_GROUP|ACE_EVERYONE);
> 
>-		if (is_dir && (aceprop.aceMask & SMB_ACE4_ADD_FILE)) {
>+		if (is_dir &&
>+		    (aceprop.aceMask & SMB_ACE4_ADD_FILE) &&
>+		    (special != 0))
>+		{
> 			aceprop.aceMask |= SMB_ACE4_DELETE_CHILD;
> 		}
> 
>-- 
>2.26.2
>

Flags:

jra: review+

Actions: View

Attachments on bug 14471: 16299