diff options
| author | Jeremy Allison <jra@samba.org> | 2013-06-20 14:33:30 -0700 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2013-06-24 19:33:34 +0200 |
| commit | b00d9d245390a54c5b057915472e0e8b3a7f6bb9 (patch) | |
| tree | 9abfd4c381ce71475593c90a75f8d70942e1dfb9 /source3/modules | |
| parent | 398ee49bda81e84c0f1e530bac02fb0fdc869afa (diff) | |
| download | samba-b00d9d245390a54c5b057915472e0e8b3a7f6bb9.tar.gz samba-b00d9d245390a54c5b057915472e0e8b3a7f6bb9.tar.bz2 samba-b00d9d245390a54c5b057915472e0e8b3a7f6bb9.zip | |
Use existing "acl map full control" parameter to control the adding of the DELETE_CHILD parameter on NFSv4/ZFS/GPFS file ACE's.
Windows maps an open request of GENERIC_ALL on files to 0x1FF specific bits, which
includes DELETE_CHILD even though this has no meaning on file ACE's. If a returned
NFSv4 ACE entry for a file has all other specific bits set except for DELETE (which
comes from the containing directory) and DELETE_CHILD (which has no meaning) then
optionally add it into the returned ACE entry.
This is using the same parameter in the same way as it is currently used
in smbd/posix_acls.c. Note that as this parameter is on by default, it
is already being tested in the existing raw.acl tests.
Fixes issue with Microsoft SMB2 torture test suite found at the interop event
in Redmond, WA.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Diffstat (limited to 'source3/modules')
| -rw-r--r-- | source3/modules/nfs4_acls.c | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c index 13e9268f80..255741c868 100644 --- a/source3/modules/nfs4_acls.c +++ b/source3/modules/nfs4_acls.c @@ -61,6 +61,7 @@ typedef struct _smbacl4_vfs_params { enum smbacl4_mode_enum mode; bool do_chown; enum smbacl4_acedup_enum acedup; + bool map_full_control; } smbacl4_vfs_params; /* @@ -94,11 +95,13 @@ static int smbacl4_get_vfs_params( params->acedup = (enum smbacl4_acedup_enum)lp_parm_enum( SNUM(conn), type_name, "acedup", enum_smbacl4_acedups, e_dontcare); + params->map_full_control = lp_acl_map_full_control(SNUM(conn)); - DEBUG(10, ("mode:%s, do_chown:%s, acedup: %s\n", + DEBUG(10, ("mode:%s, do_chown:%s, acedup: %s map full control:%s\n", enum_smbacl4_modes[params->mode].name, params->do_chown ? "true" : "false", - enum_smbacl4_acedups[params->acedup].name)); + enum_smbacl4_acedups[params->acedup].name, + params->map_full_control ? "true" : "false")); return 0; } @@ -383,6 +386,18 @@ static bool smbacl4_nfs42win(TALLOC_CTX *mem_ctx, ace->aceMask |= SMB_ACE4_DELETE_CHILD; } + if (!is_directory && params->map_full_control) { + /* + * Do we have all access except DELETE_CHILD + * (not caring about the delete bit). + */ + uint32_t test_mask = ((ace->aceMask|SMB_ACE4_DELETE|SMB_ACE4_DELETE_CHILD) & + SMB_ACE4_ALL_MASKS); + if (test_mask == SMB_ACE4_ALL_MASKS) { + ace->aceMask |= SMB_ACE4_DELETE_CHILD; + } + } + win_ace_flags = map_nfs4_ace_flags_to_windows_ace_flags( ace->aceFlags); if (!is_directory && |