The Samba-Bugzilla – Attachment 8370 Details for
Bug 9467
nfsv4 ACLs: CREATOR OWNER should be mapped to the special @owner ACL entry, and named users should not
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patches optimizing the rewriting of ACLs on creating files.
optimize-adjustment-of-specialcreator-ACLs.patch (text/plain), 5.77 KB, created by
Alexander Werth
on 2012-12-25 22:59:25 UTC
(
hide
)
Description:
Patches optimizing the rewriting of ACLs on creating files.
Filename:
MIME Type:
Creator:
Alexander Werth
Created:
2012-12-25 22:59:25 UTC
Size:
5.77 KB
patch
obsolete
>From 9eaa237c5664e32152a63443da5b75c649f9c521 Mon Sep 17 00:00:00 2001 >From: Alexander Werth <alexander.werth@de.ibm.com> >Date: Wed, 28 Nov 2012 16:24:41 +0100 >Subject: [PATCH 1/2] s3: Optimize adjustment of specialcreator ACLs within > nfs4_acls.c. > >Bypass the UID/GID to SID and back conversions. >--- > source3/modules/nfs4_acls.c | 37 ++++++++++++++++++++++++++----------- > source3/modules/nfs4_acls.h | 8 +++++++- > 2 files changed, 33 insertions(+), 12 deletions(-) > >diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c >index 779182e..36967ac 100644 >--- a/source3/modules/nfs4_acls.c >+++ b/source3/modules/nfs4_acls.c >@@ -1066,14 +1066,16 @@ NTSTATUS smb_create_file_nfs4(struct vfs_handle_struct *handle, > struct security_descriptor *sd, > struct ea_list *ea_list, > files_struct **result, >- int *pinfo) >+ int *pinfo, >+ get_nfs4acl_native_fn_t get_nfs4_native, >+ set_nfs4acl_native_fn_t set_nfs4_native) > { >- NTSTATUS status, status1; >+ NTSTATUS status; > files_struct *fsp = NULL; >- uint32 security_info; > int info; >- struct security_descriptor *psd = NULL; > smbacl4_vfs_params params; >+ SMB4ACL_T *pacl = NULL; >+ SMB_STRUCT_STAT st; > > status = SMB_VFS_NEXT_CREATE_FILE(handle, > req, >@@ -1126,20 +1128,33 @@ NTSTATUS smb_create_file_nfs4(struct vfs_handle_struct *handle, > goto out; > } > >- security_info = (SECINFO_OWNER | SECINFO_GROUP | >- SECINFO_DACL | SECINFO_SACL); >- >- /* Rewrite ACL with special entries for the owner and group */ >- status1 = SMB_VFS_FGET_NT_ACL(fsp, security_info, &psd); >+ if (smbacl4_fGetFileOwner(fsp, &st)) { >+ DEBUG(10, ("smb_create_file_nfs4 failed to get owner.\n")); >+ /* Give up on adjusting the Unix Mode bits. */ >+ goto out; >+ } > >- if (!NT_STATUS_IS_OK(status1)) { >+ if (!get_nfs4_native(fsp, &pacl)) { >+ DEBUG(10, ("smb_create_file_nfs4 failed to get acl.\n")); >+ /* Give up on adjusting the Unix Mode bits. */ > goto out; > } > >- status1 = SMB_VFS_FSET_NT_ACL(fsp, security_info, psd); >+ if (!smbacl4_expand_special(pacl, st.st_ex_uid, st.st_ex_gid)) { >+ DEBUG(10, ("smb_create_file_nfs4 failed to expand acl.\n")); >+ /* Give up on adjusting the Unix Mode bits. */ >+ goto out; >+ } > >+ if (!set_nfs4_native(fsp, pacl)) { >+ DEBUG(10, ("smb_create_file_nfs4 failed to set acl.\n")); >+ /* Give up on adjusting the Unix Mode bits. */ >+ goto out; >+ } > out: > >+ TALLOC_FREE(pacl); >+ > if (fsp) { > VFS_REMOVE_FSP_EXTENSION(handle, fsp); > } >diff --git a/source3/modules/nfs4_acls.h b/source3/modules/nfs4_acls.h >index 67a321b..de53504 100644 >--- a/source3/modules/nfs4_acls.h >+++ b/source3/modules/nfs4_acls.h >@@ -141,6 +141,10 @@ NTSTATUS smb_get_nt_acl_nfs4(connection_struct *conn, > TALLOC_CTX *mem_ctx, > struct security_descriptor **ppdesc, SMB4ACL_T *theacl); > >+/* Callback function needed to get the native acl >+ * when applicable */ >+typedef bool (*get_nfs4acl_native_fn_t)(files_struct *, SMB4ACL_T **); >+ > /* Callback function needed to set the native acl > * when applicable */ > typedef bool (*set_nfs4acl_native_fn_t)(files_struct *, SMB4ACL_T *); >@@ -165,6 +169,8 @@ NTSTATUS smb_create_file_nfs4(struct vfs_handle_struct *handle, > struct security_descriptor *sd, > struct ea_list *ea_list, > files_struct **result, >- int *pinfo); >+ int *pinfo, >+ get_nfs4acl_native_fn_t get_nfs4_native, >+ set_nfs4acl_native_fn_t set_nfs4_native); > > #endif /* __NFS4_ACLS_H__ */ >-- >1.7.9.5 > >From 8d60830a8f4ca01c67642730c40f9621479fa946 Mon Sep 17 00:00:00 2001 >From: Alexander Werth <alexander.werth@de.ibm.com> >Date: Wed, 19 Dec 2012 13:53:04 +0100 >Subject: [PATCH 2/2] s3: Add create_file hook to rewrite ACL on file creation > for GPFS module. > >--- > source3/modules/vfs_gpfs.c | 54 +++++++++++++++++++++++++++++++++++++++++++- > 1 file changed, 53 insertions(+), 1 deletion(-) > >diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c >index 1082a52..f7f2a74 100644 >--- a/source3/modules/vfs_gpfs.c >+++ b/source3/modules/vfs_gpfs.c >@@ -422,6 +422,17 @@ static NTSTATUS gpfsacl_get_nt_acl(vfs_handle_struct *handle, > return map_nt_error_from_unix(errno); > } > >+static bool gpfsacl_get_smbacl(files_struct *fsp, SMB4ACL_T **smbacl) >+{ >+ int ret; >+ ret = gpfs_get_nfs4_acl(fsp->fsp_name->base_name, smbacl); >+ if (ret != 0) { >+ DEBUG(8, ("gpfs_get_nfs4_acl failed with %s\n", strerror(errno))); >+ return False; >+ } >+ return True; >+} >+ > static bool gpfsacl_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl) > { > int ret; >@@ -1987,6 +1998,47 @@ static ssize_t vfs_gpfs_pwrite_recv(struct tevent_req *req, int *err) > return state->ret; > } > >+NTSTATUS vfs_gpfs_create_file(struct vfs_handle_struct *handle, >+ struct smb_request *req, >+ uint16_t root_dir_fid, >+ struct smb_filename *smb_fname, >+ uint32_t access_mask, >+ uint32_t share_access, >+ uint32_t create_disposition, >+ uint32_t create_options, >+ uint32_t file_attributes, >+ uint32_t oplock_request, >+ uint64_t allocation_size, >+ uint32_t private_flags, >+ struct security_descriptor *sd, >+ struct ea_list *ea_list, >+ files_struct **result, >+ int *pinfo) >+{ >+ NTSTATUS status; >+ int info; >+ >+ status = smb_create_file_nfs4(handle, >+ req, >+ root_dir_fid, >+ smb_fname, >+ access_mask, >+ share_access, >+ create_disposition, >+ create_options, >+ file_attributes, >+ oplock_request, >+ allocation_size, >+ private_flags, >+ sd, >+ ea_list, >+ result, >+ &info, >+ gpfsacl_get_smbacl, >+ gpfsacl_process_smbacl); >+ >+ return status; >+} > > static struct vfs_fn_pointers vfs_gpfs_fns = { > .connect_fn = vfs_gpfs_connect, >@@ -2019,7 +2071,7 @@ static struct vfs_fn_pointers vfs_gpfs_fns = { > .sendfile_fn = vfs_gpfs_sendfile, > .fallocate_fn = vfs_gpfs_fallocate, > .open_fn = vfs_gpfs_open, >- .create_file_nf = smb_create_file_nfs4, >+ .create_file_fn = vfs_gpfs_create_file, > .pread_fn = vfs_gpfs_pread, > .pread_send_fn = vfs_gpfs_pread_send, > .pread_recv_fn = vfs_gpfs_pread_recv, >-- >1.7.9.5 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=8370">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 9467
:
8284
|
8367
|
8368
|
8369
| 8370 |
8793
|
8824
|
8825
|
9048