From a3248ba81e93790774d60111f5d6bdeadbf7505f Mon Sep 17 00:00:00 2001 From: Alexander Werth Date: Thu, 26 Jul 2012 16:51:20 +0200 Subject: [PATCH 1/7] s3: Add new nfs4:mode specialcreator on reading parameters. --- source3/modules/nfs4_acls.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c index f169b35..7ab886b 100644 --- a/source3/modules/nfs4_acls.c +++ b/source3/modules/nfs4_acls.c @@ -54,7 +54,7 @@ typedef struct _SMB_ACL4_INT_T SMB_ACE4_INT_T *last; } SMB_ACL4_INT_T; -enum smbacl4_mode_enum {e_simple=0, e_special=1}; +enum smbacl4_mode_enum {e_simple=0, e_special=1, e_specialcreator=2}; enum smbacl4_acedup_enum {e_dontcare=0, e_reject=1, e_ignore=2, e_merge=3}; typedef struct _smbacl4_vfs_params { @@ -75,6 +75,7 @@ static int smbacl4_get_vfs_params( static const struct enum_list enum_smbacl4_modes[] = { { e_simple, "simple" }, { e_special, "special" }, + { e_specialcreator, "specialcreator" }, { -1 , NULL } }; static const struct enum_list enum_smbacl4_acedups[] = { -- 1.7.9.5 From 288155c6d99e94a69b30a215b1f84ab451cbdb9b Mon Sep 17 00:00:00 2001 From: Alexander Werth Date: Sun, 28 Apr 2013 16:16:29 +0200 Subject: [PATCH 2/7] s3: Add smb_insert_ace4 function. --- source3/modules/nfs4_acls.c | 46 ++++++++++++++++++++++++++++++++++--------- 1 file changed, 37 insertions(+), 9 deletions(-) diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c index 7ab886b..e57ea25 100644 --- a/source3/modules/nfs4_acls.c +++ b/source3/modules/nfs4_acls.c @@ -43,6 +43,7 @@ typedef struct _SMB_ACE4_INT_T uint32 magic; SMB_ACE4PROP_T prop; void *next; + void *prev; } SMB_ACE4_INT_T; #define SMB_ACL4_INT_MAGIC 0x29A3E792 @@ -207,7 +208,8 @@ SMB4ACL_T *smb_create_smb4acl(TALLOC_CTX *mem_ctx) return (SMB4ACL_T *)theacl; } -SMB4ACE_T *smb_add_ace4(SMB4ACL_T *theacl, SMB_ACE4PROP_T *prop) +SMB4ACE_T *smb_insert_ace4(SMB4ACL_T *theacl, SMB_ACE4PROP_T *prop, + SMB_ACE4_INT_T *acepos) { SMB_ACL4_INT_T *aclint = get_validated_aclint(theacl); SMB_ACE4_INT_T *ace; @@ -221,22 +223,48 @@ SMB4ACE_T *smb_add_ace4(SMB4ACL_T *theacl, SMB_ACE4PROP_T *prop) return NULL; } ace->magic = SMB_ACE4_INT_MAGIC; - /* ace->next = NULL not needed */ + /* ace->next/prev = NULL not needed */ memcpy(&ace->prop, prop, sizeof(SMB_ACE4PROP_T)); - if (aclint->first==NULL) - { - aclint->first = ace; - aclint->last = ace; - } else { - aclint->last->next = (void *)ace; - aclint->last = ace; + if (acepos==NULL) { + if (aclint->first==NULL) { + aclint->first = ace; + aclint->last = ace; + } + else { + ace->prev = (void *)aclint->last; + aclint->last->next = (void *)ace; + aclint->last = ace; + } + } + else { + if (aclint->first==NULL) { + aclint->first = ace; + aclint->last = ace; + } + else { + ace->prev = (void *)acepos->prev; + ace->next = (void *)acepos; + acepos->prev = (void *)ace; + if (ace->prev!=NULL) { + SMB_ACE4_INT_T *aceprev = ace->prev; + aceprev->next = (void *)ace; + } + if (aclint->first==acepos) { + aclint->first = ace; + } + } } aclint->naces++; return (SMB4ACE_T *)ace; } +SMB4ACE_T *smb_add_ace4(SMB4ACL_T *theacl, SMB_ACE4PROP_T *prop) +{ + return smb_insert_ace4(theacl, prop, NULL); +} + SMB_ACE4PROP_T *smb_get_ace4(SMB4ACE_T *ace) { SMB_ACE4_INT_T *aceint = get_validated_aceint(ace); -- 1.7.9.5 From aed752314e7426aa7dde12fafdec58ad3aa3027b Mon Sep 17 00:00:00 2001 From: Alexander Werth Date: Thu, 26 Jul 2012 14:45:53 +0200 Subject: [PATCH 3/7] s3: Add smbacl4_expand_special function for mode specialcreate This function replaces inherited user acl entries with a non inheriting special entry and an inherit only user entry. It also replaces non inheriting user entries with special entries. As a result the posix mode bits are set for user acl entries. The same applies to groups and their posix mode bits. --- source3/modules/nfs4_acls.c | 79 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 78 insertions(+), 1 deletion(-) diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c index e57ea25..4eb3d88 100644 --- a/source3/modules/nfs4_acls.c +++ b/source3/modules/nfs4_acls.c @@ -439,7 +439,8 @@ static bool smbacl4_nfs42win(TALLOC_CTX *mem_ctx, } /* Mapping of special entries to creator owner. */ - if (params->mode == e_simple && + if ((params->mode == e_simple || + params->mode == e_specialcreator) && ace->flags & SMB_ACE4_ID_SPECIAL && (ace->who.special_id == SMB_ACE4_WHO_OWNER || ace->who.special_id == SMB_ACE4_WHO_GROUP)) { @@ -804,6 +805,78 @@ static int smbacl4_MergeIgnoreReject( return result; } +static int smbacl4_expand_special( + SMB4ACL_T *theacl, + uid_t ownerUID, + gid_t ownerGID +) +{ + SMB_ACL4_INT_T *aclint = get_validated_aclint(theacl); + SMB_ACE4_INT_T *aceint; + + for(aceint = aclint->first; aceint!=NULL; aceint=(SMB_ACE4_INT_T *)aceint->next) { + SMB_ACE4PROP_T *ace = &aceint->prop; + + DEBUG(10,("ace type: %d, iflags: %x, flags: %x, " + "mask: %x, who: %d\n", + ace->aceType, ace->flags, ace->aceFlags, + ace->aceMask, ace->who.id)); + + if (!(ace->flags & SMB_ACE4_ID_SPECIAL) && + !(ace->aceFlags & SMB_ACE4_IDENTIFIER_GROUP) && + ace->who.uid == ownerUID && + !(ace->aceFlags & SMB_ACE4_INHERIT_ONLY_ACE) && + !(ace->aceFlags & SMB_ACE4_FILE_INHERIT_ACE) && + !(ace->aceFlags & SMB_ACE4_DIRECTORY_INHERIT_ACE)) { + ace->flags |= SMB_ACE4_ID_SPECIAL; + ace->who.special_id = SMB_ACE4_WHO_OWNER; + DEBUG(10,("replaced with special owner ace\n")); + } + else if (!(ace->flags & SMB_ACE4_ID_SPECIAL) && + !(ace->aceFlags & SMB_ACE4_IDENTIFIER_GROUP) && + ace->who.uid == ownerUID && + !(ace->aceFlags & SMB_ACE4_INHERIT_ONLY_ACE)) { + SMB_ACE4PROP_T ace_special; + ace_special = *ace; + ace_special.aceFlags &= ~SMB_ACE4_FILE_INHERIT_ACE; + ace_special.aceFlags &= ~SMB_ACE4_DIRECTORY_INHERIT_ACE; + ace_special.flags |= SMB_ACE4_ID_SPECIAL; + ace_special.who.special_id = SMB_ACE4_WHO_OWNER; + smb_insert_ace4(theacl, &ace_special, aceint); + ace->aceFlags |= SMB_ACE4_INHERIT_ONLY_ACE; + DEBUG(10,("ace special flags:0x%x aceFlags:0x%x\n", + ace_special.flags, ace_special.aceFlags)); + } + + if (!(ace->flags & SMB_ACE4_ID_SPECIAL) && + ace->aceFlags & SMB_ACE4_IDENTIFIER_GROUP && + ace->who.uid == ownerGID && + !(ace->aceFlags & SMB_ACE4_INHERIT_ONLY_ACE) && + !(ace->aceFlags & SMB_ACE4_FILE_INHERIT_ACE) && + !(ace->aceFlags & SMB_ACE4_DIRECTORY_INHERIT_ACE)) { + ace->flags |= SMB_ACE4_ID_SPECIAL; + ace->who.special_id = SMB_ACE4_WHO_GROUP; + DEBUG(10,("replaced with special group ace\n")); + } + else if (!(ace->flags & SMB_ACE4_ID_SPECIAL) && + ace->aceFlags & SMB_ACE4_IDENTIFIER_GROUP && + ace->who.uid == ownerGID && + !(ace->aceFlags & SMB_ACE4_INHERIT_ONLY_ACE)) { + SMB_ACE4PROP_T ace_special; + ace_special = *ace; + ace_special.aceFlags &= ~SMB_ACE4_FILE_INHERIT_ACE; + ace_special.aceFlags &= ~SMB_ACE4_DIRECTORY_INHERIT_ACE; + ace_special.flags |= SMB_ACE4_ID_SPECIAL; + ace_special.who.special_id = SMB_ACE4_WHO_GROUP; + smb_insert_ace4(theacl, &ace_special, aceint); + ace->aceFlags |= SMB_ACE4_INHERIT_ONLY_ACE; + DEBUG(10,("ace special flags:0x%x aceFlags:0x%x\n", + ace_special.flags, ace_special.aceFlags)); + } + } + return True; /* OK */ +} + static SMB4ACL_T *smbacl4_win2nfs4( TALLOC_CTX *mem_ctx, const files_struct *fsp, @@ -846,6 +919,10 @@ static SMB4ACL_T *smbacl4_win2nfs4( smb_add_ace4(theacl, &ace_v4); } + if (pparams->mode==e_specialcreator) { + smbacl4_expand_special(theacl, ownerUID, ownerGID); + } + return theacl; } -- 1.7.9.5 From 74e3dba1bdb081911b59a93235dc9c69b08287af Mon Sep 17 00:00:00 2001 From: Alexander Werth Date: Thu, 26 Jul 2012 15:11:48 +0200 Subject: [PATCH 4/7] s3: Add function smbacl4_substitute_special. --- source3/modules/nfs4_acls.c | 42 +++++++++++++++++++++++++++++++++++++++++- 1 file changed, 41 insertions(+), 1 deletion(-) diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c index 4eb3d88..4822588 100644 --- a/source3/modules/nfs4_acls.c +++ b/source3/modules/nfs4_acls.c @@ -622,7 +622,7 @@ static void smbacl4_dump_nfs4acl(int level, SMB4ACL_T *theacl) } } -/* +/* * Find 2 NFS4 who-special ACE property (non-copy!!!) * match nonzero if "special" and who is equal * return ace if found matching; otherwise NULL @@ -805,6 +805,42 @@ static int smbacl4_MergeIgnoreReject( return result; } +static int smbacl4_substitute_special( + SMB4ACL_T *theacl, + uid_t ownerUID, + gid_t ownerGID +) +{ + SMB_ACL4_INT_T *aclint = get_validated_aclint(theacl); + SMB_ACE4_INT_T *aceint; + + for(aceint = aclint->first; aceint!=NULL; aceint=(SMB_ACE4_INT_T *)aceint->next) { + SMB_ACE4PROP_T *ace = &aceint->prop; + + DEBUG(10,("ace type: %d, iflags: %x, flags: %x, " + "mask: %x, who: %d\n", + ace->aceType, ace->flags, ace->aceFlags, + ace->aceMask, ace->who.id)); + + if (!(ace->flags & SMB_ACE4_ID_SPECIAL) && + !(ace->aceFlags & SMB_ACE4_IDENTIFIER_GROUP) && + ace->who.uid == ownerUID) { + ace->flags |= SMB_ACE4_ID_SPECIAL; + ace->who.special_id = SMB_ACE4_WHO_OWNER; + DEBUG(10,("replaced with special owner ace\n")); + } + + if (!(ace->flags & SMB_ACE4_ID_SPECIAL) && + ace->aceFlags & SMB_ACE4_IDENTIFIER_GROUP && + ace->who.uid == ownerGID) { + ace->flags |= SMB_ACE4_ID_SPECIAL; + ace->who.special_id = SMB_ACE4_WHO_GROUP; + DEBUG(10,("replaced with special group ace\n")); + } + } + return True; /* OK */ +} + static int smbacl4_expand_special( SMB4ACL_T *theacl, uid_t ownerUID, @@ -919,6 +955,10 @@ static SMB4ACL_T *smbacl4_win2nfs4( smb_add_ace4(theacl, &ace_v4); } + if (pparams->mode==e_special) { + smbacl4_substitute_special(theacl, ownerUID, ownerGID); + } + if (pparams->mode==e_specialcreator) { smbacl4_expand_special(theacl, ownerUID, ownerGID); } -- 1.7.9.5 From ebbf25caad3e80c7dcfa7d817f79787b7fbe7716 Mon Sep 17 00:00:00 2001 From: Alexander Werth Date: Wed, 18 Jul 2012 17:18:02 +0200 Subject: [PATCH 5/7] s3: Rewrite ACL with special entries for the owner and group. This will only be done in mode specialcreator. --- source3/modules/nfs4_acls.c | 101 +++++++++++++++++++++++++++++++++++++++++++ source3/modules/nfs4_acls.h | 17 ++++++++ 2 files changed, 118 insertions(+) diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c index 4822588..3915df8 100644 --- a/source3/modules/nfs4_acls.c +++ b/source3/modules/nfs4_acls.c @@ -1082,3 +1082,104 @@ NTSTATUS smb_set_nt_acl_nfs4(vfs_handle_struct *handle, files_struct *fsp, DEBUG(10, ("smb_set_nt_acl_nfs4 succeeded\n")); return NT_STATUS_OK; } + +NTSTATUS smb_create_file_nfs4(struct vfs_handle_struct *handle, + struct smb_request *req, + uint16_t root_dir_fid, + struct smb_filename *smb_fname, + uint32_t access_mask, + uint32_t share_access, + uint32_t create_disposition, + uint32_t create_options, + uint32_t file_attributes, + uint32_t oplock_request, + uint64_t allocation_size, + uint32_t private_flags, + struct security_descriptor *sd, + struct ea_list *ea_list, + files_struct **result, + int *pinfo) +{ + NTSTATUS status, status1; + files_struct *fsp = NULL; + uint32 security_info; + int info; + struct security_descriptor *psd = NULL; + smbacl4_vfs_params params; + + status = SMB_VFS_NEXT_CREATE_FILE(handle, + req, + root_dir_fid, + smb_fname, + access_mask, + share_access, + create_disposition, + create_options, + file_attributes, + oplock_request, + allocation_size, + private_flags, + sd, + ea_list, + result, + &info); + + if (!NT_STATUS_IS_OK(status)) { + goto out; + } + + if (info != FILE_WAS_CREATED) { + /* File/directory was opened, not created. */ + goto out; + } + + fsp = *result; + + if (fsp == NULL) { + /* Only handle success. */ + goto out; + } + + if (sd) { + /* Security descriptor already set. */ + goto out; + } + + if (fsp->base_fsp) { + /* Stream open. */ + goto out; + } + + /* Special behaviours */ + if (smbacl4_get_vfs_params(SMBACL4_PARAM_TYPE_NAME, fsp->conn, ¶ms)) + return NT_STATUS_NO_MEMORY; + if (params.mode != e_specialcreator) { + /* We don't need to adjust the ACLs */ + goto out; + } + + security_info = (SECINFO_OWNER | SECINFO_GROUP | + SECINFO_DACL | SECINFO_SACL); + + /* Rewrite ACL with special entries for the owner and group */ + status1 = SMB_VFS_FGET_NT_ACL(fsp, security_info, talloc_tos(), &psd); + + if (!NT_STATUS_IS_OK(status1)) { + goto out; + } + + status1 = SMB_VFS_FSET_NT_ACL(fsp, security_info, psd); + +out: + + TALLOC_FREE(psd); + + if (fsp) { + VFS_REMOVE_FSP_EXTENSION(handle, fsp); + } + + if (NT_STATUS_IS_OK(status) && pinfo) { + *pinfo = info; + } + return status; +} diff --git a/source3/modules/nfs4_acls.h b/source3/modules/nfs4_acls.h index 1bde81b..9a7824d 100644 --- a/source3/modules/nfs4_acls.h +++ b/source3/modules/nfs4_acls.h @@ -150,4 +150,21 @@ NTSTATUS smb_set_nt_acl_nfs4(vfs_handle_struct *handle, files_struct *fsp, const struct security_descriptor *psd, set_nfs4acl_native_fn_t set_nfs4_native); +NTSTATUS smb_create_file_nfs4(struct vfs_handle_struct *handle, + struct smb_request *req, + uint16_t root_dir_fid, + struct smb_filename *smb_fname, + uint32_t access_mask, + uint32_t share_access, + uint32_t create_disposition, + uint32_t create_options, + uint32_t file_attributes, + uint32_t oplock_request, + uint64_t allocation_size, + uint32_t private_flags, + struct security_descriptor *sd, + struct ea_list *ea_list, + files_struct **result, + int *pinfo); + #endif /* __NFS4_ACLS_H__ */ -- 1.7.9.5 From 509ce81cc438f574dda57f395d9dbeaecde12e4d Mon Sep 17 00:00:00 2001 From: Alexander Werth Date: Wed, 18 Jul 2012 15:41:25 +0200 Subject: [PATCH 6/7] s3: Add smb_create_file_nfs4 to vfs_fn_pointers. Added to vfs_gpfs, vfs_aixacl2, vfs_zfsacl, vfs_nfs4acl_xattr. --- source3/modules/vfs_aixacl2.c | 3 ++- source3/modules/vfs_gpfs.c | 1 + source3/modules/vfs_nfs4acl_xattr.c | 1 + source3/modules/vfs_zfsacl.c | 1 + 4 files changed, 5 insertions(+), 1 deletion(-) diff --git a/source3/modules/vfs_aixacl2.c b/source3/modules/vfs_aixacl2.c index 735eadd..e962d94 100644 --- a/source3/modules/vfs_aixacl2.c +++ b/source3/modules/vfs_aixacl2.c @@ -542,7 +542,8 @@ static struct vfs_fn_pointers vfs_aixacl2_fns = { .sys_acl_blob_get_fd_fn = aixjfs2_sys_acl_blob_get_fd, .sys_acl_set_file_fn = aixjfs2_sys_acl_set_file, .sys_acl_set_fd_fn = aixjfs2_sys_acl_set_fd, - .sys_acl_delete_def_file_fn = aixjfs2_sys_acl_delete_def_file + .sys_acl_delete_def_file_fn = aixjfs2_sys_acl_delete_def_file, + .create_file_fn = smb_create_file_nfs4, }; NTSTATUS vfs_aixacl2_init(void); diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c index 6056b7e..ed24129 100644 --- a/source3/modules/vfs_gpfs.c +++ b/source3/modules/vfs_gpfs.c @@ -2156,6 +2156,7 @@ static struct vfs_fn_pointers vfs_gpfs_fns = { .sendfile_fn = vfs_gpfs_sendfile, .fallocate_fn = vfs_gpfs_fallocate, .open_fn = vfs_gpfs_open, + .create_file_fn = smb_create_file_nfs4, .pread_fn = vfs_gpfs_pread, .pread_send_fn = vfs_gpfs_pread_send, .pread_recv_fn = vfs_gpfs_pread_recv, diff --git a/source3/modules/vfs_nfs4acl_xattr.c b/source3/modules/vfs_nfs4acl_xattr.c index 7285228..f4271d7 100644 --- a/source3/modules/vfs_nfs4acl_xattr.c +++ b/source3/modules/vfs_nfs4acl_xattr.c @@ -636,6 +636,7 @@ static struct vfs_fn_pointers nfs4acl_xattr_fns = { .fget_nt_acl_fn = nfs4acl_xattr_fget_nt_acl, .get_nt_acl_fn = nfs4acl_xattr_get_nt_acl, .fset_nt_acl_fn = nfs4acl_xattr_fset_nt_acl, + .create_file_fn = smb_create_file_nfs4, }; NTSTATUS vfs_nfs4acl_xattr_init(void); diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c index a016234..e327bb1 100644 --- a/source3/modules/vfs_zfsacl.c +++ b/source3/modules/vfs_zfsacl.c @@ -329,6 +329,7 @@ static struct vfs_fn_pointers zfsacl_fns = { .fget_nt_acl_fn = zfsacl_fget_nt_acl, .get_nt_acl_fn = zfsacl_get_nt_acl, .fset_nt_acl_fn = zfsacl_fset_nt_acl, + .create_file_fn = smb_create_file_nfs4, }; NTSTATUS vfs_zfsacl_init(void); -- 1.7.9.5 From 1de0a73f44cafba8bbf11e38df7e9c50590581cf Mon Sep 17 00:00:00 2001 From: Alexander Werth Date: Sun, 28 Apr 2013 19:06:59 +0200 Subject: [PATCH 7/7] s4-smbtorture: Run tests for all nfs4:modes. --- selftest/knownfail | 30 +++++++++++++++++++++++------- selftest/target/Samba3.pm | 15 ++++++++++++++- source3/selftest/tests.py | 4 +++- 3 files changed, 40 insertions(+), 9 deletions(-) diff --git a/selftest/knownfail b/selftest/knownfail index 1499920..198f971 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -45,13 +45,29 @@ ^samba3.blackbox.smbclient_machine_auth.plain \(s3dc:local\)# the S3dc does not currently set up a self-join ^samba3.raw.samba3hide.samba3hide\((s3dc|plugin_s4_dc)\) # This test fails against an smbd environment with NT ACLs enabled ^samba3.raw.samba3closeerr.samba3closeerr\(s3dc\) # This test fails against an smbd environment with NT ACLs enabled -^samba3.raw.acls nfs4acl_xattr.INHERITFLAGS\(s3dc\) # This (and the follow nfs4acl_xattr tests fail because our NFSv4 backend isn't a complete mapping yet. -^samba3.raw.acls nfs4acl_xattr.sd\(s3dc\) -^samba3.raw.acls nfs4acl_xattr.create_file\(s3dc\) -^samba3.raw.acls nfs4acl_xattr.create_dir\(s3dc\) -^samba3.raw.acls nfs4acl_xattr.nulldacl\(s3dc\) -^samba3.raw.acls nfs4acl_xattr.generic\(s3dc\) -^samba3.raw.acls nfs4acl_xattr.inheritance\(s3dc\) +^samba3.raw.acls nfs4acl_xattr-simple.INHERITFLAGS\(s3dc\) # This (and the follow nfs4acl_xattr tests fail because our NFSv4 backend isn't a complete mapping yet. +^samba3.raw.acls nfs4acl_xattr-simple.sd\(s3dc\) +^samba3.raw.acls nfs4acl_xattr-simple.create_file\(s3dc\) +^samba3.raw.acls nfs4acl_xattr-simple.create_dir\(s3dc\) +^samba3.raw.acls nfs4acl_xattr-simple.nulldacl\(s3dc\) +^samba3.raw.acls nfs4acl_xattr-simple.generic\(s3dc\) +^samba3.raw.acls nfs4acl_xattr-simple.inheritance\(s3dc\) +^samba3.raw.acls nfs4acl_xattr-special.INHERITFLAGS\(s3dc\) +^samba3.raw.acls nfs4acl_xattr-special.sd\(s3dc\) +^samba3.raw.acls nfs4acl_xattr-special.create_file\(s3dc\) +^samba3.raw.acls nfs4acl_xattr-special.create_dir\(s3dc\) +^samba3.raw.acls nfs4acl_xattr-special.nulldacl\(s3dc\) +^samba3.raw.acls nfs4acl_xattr-special.generic\(s3dc\) +^samba3.raw.acls nfs4acl_xattr-special.inheritance\(s3dc\) +^samba3.raw.acls nfs4acl_xattr-special.inherit_creator_owner\(s3dc\) +^samba3.raw.acls nfs4acl_xattr-special.inherit_creator_group\(s3dc\) +^samba3.raw.acls nfs4acl_xattr-specialcreator.INHERITFLAGS\(s3dc\) +^samba3.raw.acls nfs4acl_xattr-specialcreator.sd\(s3dc\) +^samba3.raw.acls nfs4acl_xattr-specialcreator.create_file\(s3dc\) +^samba3.raw.acls nfs4acl_xattr-specialcreator.create_dir\(s3dc\) +^samba3.raw.acls nfs4acl_xattr-specialcreator.nulldacl\(s3dc\) +^samba3.raw.acls nfs4acl_xattr-specialcreator.generic\(s3dc\) +^samba3.raw.acls nfs4acl_xattr-specialcreator.inheritance\(s3dc\) ^samba3.base.delete.deltest16a ^samba3.base.delete.deltest17a ^samba3.unix.whoami anonymous connection.whoami\(plugin_s4_dc\) # We need to resolve if we should be including SID_NT_WORLD and SID_NT_NETWORK in this token diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index 407642c..dfc7b7d 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -1082,9 +1082,22 @@ sub provision($$$$$$) [lp] copy = print1 -[nfs4acl_share] +[nfs4acl_simple] path = $shrdir comment = smb username is [%U] + nfs4:mode = simple + vfs objects = $vfs_modulesdir_abs/nfs4acl_xattr.so $vfs_modulesdir_abs/xattr_tdb.so + +[nfs4acl_special] + path = $shrdir + comment = smb username is [%U] + nfs4:mode = special + vfs objects = $vfs_modulesdir_abs/nfs4acl_xattr.so $vfs_modulesdir_abs/xattr_tdb.so + +[nfs4acl_specialcreator] + path = $shrdir + comment = smb username is [%U] + nfs4:mode = specialcreator vfs objects = $vfs_modulesdir_abs/nfs4acl_xattr.so $vfs_modulesdir_abs/xattr_tdb.so [xcopy_share] diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py index 11504c0..64da0d4 100755 --- a/source3/selftest/tests.py +++ b/source3/selftest/tests.py @@ -345,7 +345,9 @@ for t in tests: plantestsuite(t, "s3member_rfc2307", [os.path.join(samba3srcdir, "../nsswitch/tests/test_idmap_rfc2307.sh"), '$DOMAIN', 'Administrator', '2000000', '"Domain Users"', '2000001', 'ou=idmap,dc=samba,dc=example,dc=com', '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD']) elif t == "raw.acls": plansmbtorture4testsuite(t, "s3dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD') - plansmbtorture4testsuite(t, "s3dc", '//$SERVER_IP/nfs4acl_share -U$USERNAME%$PASSWORD', description='nfs4acl_xattr') + plansmbtorture4testsuite(t, "s3dc", '//$SERVER_IP/nfs4acl_simple -U$USERNAME%$PASSWORD', description='nfs4acl_xattr-simple') + plansmbtorture4testsuite(t, "s3dc", '//$SERVER_IP/nfs4acl_special -U$USERNAME%$PASSWORD', description='nfs4acl_xattr-special') + plansmbtorture4testsuite(t, "s3dc", '//$SERVER_IP/nfs4acl_specialcreator -U$USERNAME%$PASSWORD', description='nfs4acl_xattr-specialcreator') plansmbtorture4testsuite(t, "plugin_s4_dc", '//$SERVER_IP/tmpcase -U$USERNAME%$PASSWORD') else: plansmbtorture4testsuite(t, "s3dc", '//$SERVER_IP/tmp -U$USERNAME%$PASSWORD') -- 1.7.9.5