Attachment 6507 Details for Bug 8191 – Jeremy's add-on patch

[patch] Jeremy's add-on patch

0001-Split-the-ACE-flag-mapping-between-nfs4-and-Windows.patch (text/plain), 4.93 KB, created by Michael Adam on 2011-06-01 08:14:16 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Michael Adam

Created: 2011-06-01 08:14:16 UTC

Size: 4.93 KB

patch

obsolete

>From 313bb1fb9c87084084439c6b45e4c01e82e3f9ec Mon Sep 17 00:00:00 2001
>From: Jeremy Allison <jra@samba.org>
>Date: Tue, 31 May 2011 15:37:30 -0700
>Subject: [PATCH] Split the ACE flag mapping between nfs4 and Windows
> into two separate functions rather than trying to do
> it inline. Allows us to carefully control what flags
> are mapped to what in one place. Modification to
> bug #8191 - vfs_gpfs dosn't honor ACE_FLAG_INHERITED_ACE
>
>---
> source3/modules/nfs4_acls.c |   73 ++++++++++++++++++++++++++++++++++--------
> 1 files changed, 59 insertions(+), 14 deletions(-)
>
>diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c
>index 7303d0b..bbde532 100644
>--- a/source3/modules/nfs4_acls.c
>+++ b/source3/modules/nfs4_acls.c
>@@ -52,6 +52,57 @@ typedef struct _SMB_ACL4_INT_T
> 	SMB_ACE4_INT_T	*last;
> } SMB_ACL4_INT_T;
> 
>+/************************************************
>+ Split the ACE flag mapping between nfs4 and Windows
>+ into two separate functions rather than trying to do
>+ it inline. Allows us to carefully control what flags
>+ are mapped to what in one place.
>+************************************************/
>+
>+static uint32_t map_nfs4_ace_flags_to_windows_ace_flags(uint32_t nfs4_ace_flags)
>+{
>+	uint32_t win_ace_flags = 0;
>+
>+	/* The nfs4 flags <= 0xf map perfectly. */
>+	win_ace_flags = nfs4_ace_flags & (SEC_ACE_FLAG_OBJECT_INHERIT|
>+				      SEC_ACE_FLAG_CONTAINER_INHERIT|
>+				      SEC_ACE_FLAG_NO_PROPAGATE_INHERIT|
>+				      SEC_ACE_FLAG_INHERIT_ONLY);
>+
>+	/* flags greater than 0xf have diverged :-(. */
>+	/* See the nfs4 ace flag definitions here:
>+	   http://www.ietf.org/rfc/rfc3530.txt.
>+	   And the Windows ace flag definitions here:
>+	   librpc/idl/security.idl. */
>+	if (nfs4_ace_flags & SMB_ACE4_INHERITED_ACE) {
>+		win_ace_flags |= SEC_ACE_FLAG_INHERITED_ACE;
>+	}
>+
>+	return win_ace_flags;
>+}
>+
>+static uint32_t map_windows_ace_flags_to_nfs4_ace_flags(uint32_t win_ace_flags)
>+{
>+	uint32_t nfs4_ace_flags = 0;
>+
>+	/* The windows flags <= 0xf map perfectly. */
>+	nfs4_ace_flags = win_ace_flags & (SMB_ACE4_FILE_INHERIT_ACE|
>+				      SMB_ACE4_DIRECTORY_INHERIT_ACE|
>+				      SMB_ACE4_NO_PROPAGATE_INHERIT_ACE|
>+				      SMB_ACE4_INHERIT_ONLY_ACE);
>+
>+	/* flags greater than 0xf have diverged :-(. */
>+	/* See the nfs4 ace flag definitions here:
>+	   http://www.ietf.org/rfc/rfc3530.txt.
>+	   And the Windows ace flag definitions here:
>+	   librpc/idl/security.idl. */
>+	if (win_ace_flags & SEC_ACE_FLAG_INHERITED_ACE) {
>+		nfs4_ace_flags |= SMB_ACE4_INHERITED_ACE;
>+	}
>+
>+	return nfs4_ace_flags;
>+}
>+
> static SMB_ACL4_INT_T *get_validated_aclint(SMB4ACL_T *theacl)
> {
> 	SMB_ACL4_INT_T *aclint = (SMB_ACL4_INT_T *)theacl;
>@@ -234,7 +285,7 @@ static bool smbacl4_nfs42win(TALLOC_CTX *mem_ctx, SMB4ACL_T *theacl, /* in */
> 		uint32_t mask;
> 		struct dom_sid sid;
> 		SMB_ACE4PROP_T	*ace = &aceint->prop;
>-		uint32_t mapped_ace_flags;
>+		uint32_t win_ace_flags;
> 
> 		DEBUG(10, ("magic: 0x%x, type: %d, iflags: %x, flags: %x, mask: %x, "
> 			"who: %d\n", aceint->magic, ace->aceType, ace->flags,
>@@ -271,28 +322,25 @@ static bool smbacl4_nfs42win(TALLOC_CTX *mem_ctx, SMB4ACL_T *theacl, /* in */
> 			ace->aceMask |= SMB_ACE4_DELETE_CHILD;
> 		}
> 
>-		mapped_ace_flags = ace->aceFlags & 0xf;
>-		if (ace->aceFlags & SMB_ACE4_INHERITED_ACE) {
>-			mapped_ace_flags |= SEC_ACE_FLAG_INHERITED_ACE;
>-		}
>-		if (!is_directory && (mapped_ace_flags & (SMB_ACE4_FILE_INHERIT_ACE|SMB_ACE4_DIRECTORY_INHERIT_ACE))) {
>+		win_ace_flags = map_nfs4_ace_flags_to_windows_ace_flags(ace->aceFlags);
>+		if (!is_directory && (win_ace_flags & (SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT))) {
> 			/*
> 			 * GPFS sets inherits dir_inhert and file_inherit flags
> 			 * to files, too, which confuses windows, and seems to
> 			 * be wrong anyways. ==> Map these bits away for files.
> 			 */
> 			DEBUG(10, ("removing inherit flags from nfs4 ace\n"));
>-			mapped_ace_flags &= ~(SMB_ACE4_FILE_INHERIT_ACE|SMB_ACE4_DIRECTORY_INHERIT_ACE);
>+			win_ace_flags &= ~(SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT);
> 		}
>-		DEBUG(10, ("mapped ace flags: 0x%x => 0x%x\n",
>-		      ace->aceFlags, mapped_ace_flags));
>+		DEBUG(10, ("Windows mapped ace flags: 0x%x => 0x%x\n",
>+		      ace->aceFlags, win_ace_flags));
> 
> 		/* Windows clients expect SYNC on acls to
> 		   correctly allow rename. See bug #7909. */
> 		mask = ace->aceMask | SMB_ACE4_SYNCHRONIZE;
> 		init_sec_ace(&nt_ace_list[good_aces++], &sid,
> 			ace->aceType, mask,
>-			mapped_ace_flags);
>+			win_ace_flags);
> 	}
> 
> 	*ppnt_ace_list = nt_ace_list;
>@@ -566,10 +614,7 @@ static bool smbacl4_fill_ace4(
> 
> 	memset(ace_v4, 0, sizeof(SMB_ACE4PROP_T));
> 	ace_v4->aceType = ace_nt->type; /* only ACCESS|DENY supported right now */
>-	ace_v4->aceFlags = ace_nt->flags & SEC_ACE_FLAG_VALID_INHERIT;
>-	if (ace_nt->flags & SEC_ACE_FLAG_INHERITED_ACE) {
>-		ace_v4->aceFlags |= SMB_ACE4_INHERITED_ACE;
>-	}
>+	ace_v4->aceFlags = map_windows_ace_flags_to_nfs4_ace_flags(ace_nt->flags);
> 	ace_v4->aceMask = ace_nt->access_mask &
> 		(SEC_STD_ALL | SEC_FILE_ALL);
> 
>-- 
>1.7.1
>

Flags:

obnox: review+
jra: review+

Actions: View

Attachments on bug 8191: 6503 | 6507