Attachment 16478 Details for Bug 13809 – Patch that fixes the missing permission bits for FreeBSD/ZFS(unix mode)/Samba

[patch] Patch that fixes the missing permission bits for FreeBSD/ZFS(unix mode)/Samba

allow_write_on_attrib.patch (text/plain), 3.35 KB, created by Peter Eriksson on 2021-03-01 17:00:36 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Peter Eriksson

Created: 2021-03-01 17:00:36 UTC

Size: 3.35 KB

patch

obsolete

>diff -r -u samba-4.14.0rc4/source3/modules/nfs4_acls.c samba-4.14.0rc4-LIU/source3/modules/nfs4_acls.c
>--- samba-4.14.0rc4/source3/modules/nfs4_acls.c	2021-01-21 14:20:40.000000000 +0100
>+++ samba-4.14.0rc4-LIU/source3/modules/nfs4_acls.c	2021-03-01 17:22:32.493233000 +0100
>@@ -106,6 +106,7 @@
> 	}
> 
> 	params->map_full_control = lp_acl_map_full_control(SNUM(conn));
>+	params->force_attrib_write = lp_acl_force_attrib_write(SNUM(conn));
> 
> 	DEBUG(10, ("mode:%s, do_chown:%s, acedup: %s map full control:%s\n",
> 		enum_smbacl4_modes[params->mode].name,
>@@ -410,6 +411,23 @@
> 		DEBUG(10, ("Windows mapped ace flags: 0x%x => 0x%x\n",
> 		      ace->aceFlags, win_ace_flags));
> 
>+		/* https://bugzilla.samba.org/show_bug.cgi?id=13809
>+		   Windows won't grant write access unless it also have write access on attrib so
>+		   let's fake it. This is needed since the unix mode bits emulation of ZFS on FreeBSD
>+		   creates an ACL without WRITE_ATTRIBUTES and WRITE_NAMED_ATTRS for group@/other@ entries.
>+		*/
>+		if (params->force_attrib_write) {
>+			if (ace->aceMask & SMB_ACE4_WRITE_DATA) {
>+				ace->aceMask |= (SMB_ACE4_WRITE_ATTRIBUTES|SMB_ACE4_WRITE_NAMED_ATTRS);
>+			}
>+			/*
>+			if ((ace->aceMask & SMB_ACE4_READ_DATA) == 0) {
>+				ace->aceMask &= ~(SMB_ACE4_READ_ATTRIBUTES|SMB_ACE4_READ_NAMED_ATTRS);
>+			}
>+			*/
>+			DEBUG(10, ("Changing ACL, adding mask for win-compability." \
>+				   " New mask: %x\n", ace->aceMask));
>+		}
> 		mask = ace->aceMask;
> 
> 		/* Mapping of owner@ and group@ to creator owner and
>diff -r -u samba-4.14.0rc4/source3/modules/nfs4_acls.h samba-4.14.0rc4-LIU/source3/modules/nfs4_acls.h
>--- samba-4.14.0rc4/source3/modules/nfs4_acls.h	2021-01-21 14:20:40.000000000 +0100
>+++ samba-4.14.0rc4-LIU/source3/modules/nfs4_acls.h	2021-03-01 15:56:46.718018000 +0100
>@@ -113,6 +113,7 @@
> 	bool do_chown;
> 	enum smbacl4_acedup_enum acedup;
> 	bool map_full_control;
>+	bool force_attrib_write;
> };
> 
> int smbacl4_get_vfs_params(struct connection_struct *conn,
>diff -r -u samba-4.14.0rc4/source3/param/loadparm.c samba-4.14.0rc4-LIU/source3/param/loadparm.c
>--- samba-4.14.0rc4/source3/param/loadparm.c	2021-01-21 14:20:40.000000000 +0100
>+++ samba-4.14.0rc4-LIU/source3/param/loadparm.c	2021-03-01 15:51:58.198328000 +0100
>@@ -251,6 +251,7 @@
> 	.smbd_getinfo_ask_sharemode = true,
> 	.spotlight_backend = SPOTLIGHT_BACKEND_NOINDEX,
> 	.honor_change_notify_privilege = false,
>+	.acl_force_attrib_write = false,
> 	.dummy = ""
> };
> 
>--- samba-4.14.0rc4/docs-xml/smbdotconf/protocol/aclforceattribwrite.xml	2021-03-01 17:27:47.612190000 +0100
>+++ samba-4.14.0rc4-LIU/docs-xml/smbdotconf/protocol/aclforceattribwrite.xml	2021-03-01 15:50:44.882248000 +0100
>@@ -0,0 +1,15 @@
>+<samba:parameter name="acl force attrib write"
>+                 context="S"
>+                 type="boolean"
>+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
>+<description>
>+    <para>
>+	This boolean parameter controls whether <citerefentry><refentrytitle>smbd</refentrytitle>
>+	<manvolnum>8</manvolnum></citerefentry> forcibly adds WRITE_ATTRIBUTES and WRITE_NAMED_ATTRS
>+	permissions to the ACL sent to the client when WRITE permissions is detected. Windows refuses
>+	to write to files on FreeBSD systems with ZFS otherwise for files given full Unix group/other
>+	write permissions due to way it translates Unix mode bits to ZFS ACLs.
>+    </para>
>+</description>
>+<value type="default">no</value>
>+</samba:parameter>

Actions: View

Attachments on bug 13809: 16478 | 16479 | 16488