summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2011-05-31 15:37:30 -0700
committerJeremy Allison <jra@samba.org>2011-06-01 02:54:51 +0200
commit313bb1fb9c87084084439c6b45e4c01e82e3f9ec (patch)
treefdb7045ecdb8c8732eb0ae32acc61718db28fab2 /source3
parent697d5c08acc85944df8ca9f26ab3f58bb3e7764a (diff)
downloadsamba-313bb1fb9c87084084439c6b45e4c01e82e3f9ec.tar.gz
samba-313bb1fb9c87084084439c6b45e4c01e82e3f9ec.tar.bz2
samba-313bb1fb9c87084084439c6b45e4c01e82e3f9ec.zip
Split the ACE flag mapping between nfs4 and Windows
into two separate functions rather than trying to do it inline. Allows us to carefully control what flags are mapped to what in one place. Modification to bug #8191 - vfs_gpfs dosn't honor ACE_FLAG_INHERITED_ACE
Diffstat (limited to 'source3')
-rw-r--r--source3/modules/nfs4_acls.c73
1 files changed, 59 insertions, 14 deletions
diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c
index 7303d0b08e..bbde53236b 100644
--- a/source3/modules/nfs4_acls.c
+++ b/source3/modules/nfs4_acls.c
@@ -52,6 +52,57 @@ typedef struct _SMB_ACL4_INT_T
SMB_ACE4_INT_T *last;
} SMB_ACL4_INT_T;
+/************************************************
+ Split the ACE flag mapping between nfs4 and Windows
+ into two separate functions rather than trying to do
+ it inline. Allows us to carefully control what flags
+ are mapped to what in one place.
+************************************************/
+
+static uint32_t map_nfs4_ace_flags_to_windows_ace_flags(uint32_t nfs4_ace_flags)
+{
+ uint32_t win_ace_flags = 0;
+
+ /* The nfs4 flags <= 0xf map perfectly. */
+ win_ace_flags = nfs4_ace_flags & (SEC_ACE_FLAG_OBJECT_INHERIT|
+ SEC_ACE_FLAG_CONTAINER_INHERIT|
+ SEC_ACE_FLAG_NO_PROPAGATE_INHERIT|
+ SEC_ACE_FLAG_INHERIT_ONLY);
+
+ /* flags greater than 0xf have diverged :-(. */
+ /* See the nfs4 ace flag definitions here:
+ http://www.ietf.org/rfc/rfc3530.txt.
+ And the Windows ace flag definitions here:
+ librpc/idl/security.idl. */
+ if (nfs4_ace_flags & SMB_ACE4_INHERITED_ACE) {
+ win_ace_flags |= SEC_ACE_FLAG_INHERITED_ACE;
+ }
+
+ return win_ace_flags;
+}
+
+static uint32_t map_windows_ace_flags_to_nfs4_ace_flags(uint32_t win_ace_flags)
+{
+ uint32_t nfs4_ace_flags = 0;
+
+ /* The windows flags <= 0xf map perfectly. */
+ nfs4_ace_flags = win_ace_flags & (SMB_ACE4_FILE_INHERIT_ACE|
+ SMB_ACE4_DIRECTORY_INHERIT_ACE|
+ SMB_ACE4_NO_PROPAGATE_INHERIT_ACE|
+ SMB_ACE4_INHERIT_ONLY_ACE);
+
+ /* flags greater than 0xf have diverged :-(. */
+ /* See the nfs4 ace flag definitions here:
+ http://www.ietf.org/rfc/rfc3530.txt.
+ And the Windows ace flag definitions here:
+ librpc/idl/security.idl. */
+ if (win_ace_flags & SEC_ACE_FLAG_INHERITED_ACE) {
+ nfs4_ace_flags |= SMB_ACE4_INHERITED_ACE;
+ }
+
+ return nfs4_ace_flags;
+}
+
static SMB_ACL4_INT_T *get_validated_aclint(SMB4ACL_T *theacl)
{
SMB_ACL4_INT_T *aclint = (SMB_ACL4_INT_T *)theacl;
@@ -234,7 +285,7 @@ static bool smbacl4_nfs42win(TALLOC_CTX *mem_ctx, SMB4ACL_T *theacl, /* in */
uint32_t mask;
struct dom_sid sid;
SMB_ACE4PROP_T *ace = &aceint->prop;
- uint32_t mapped_ace_flags;
+ uint32_t win_ace_flags;
DEBUG(10, ("magic: 0x%x, type: %d, iflags: %x, flags: %x, mask: %x, "
"who: %d\n", aceint->magic, ace->aceType, ace->flags,
@@ -271,28 +322,25 @@ static bool smbacl4_nfs42win(TALLOC_CTX *mem_ctx, SMB4ACL_T *theacl, /* in */
ace->aceMask |= SMB_ACE4_DELETE_CHILD;
}
- mapped_ace_flags = ace->aceFlags & 0xf;
- if (ace->aceFlags & SMB_ACE4_INHERITED_ACE) {
- mapped_ace_flags |= SEC_ACE_FLAG_INHERITED_ACE;
- }
- if (!is_directory && (mapped_ace_flags & (SMB_ACE4_FILE_INHERIT_ACE|SMB_ACE4_DIRECTORY_INHERIT_ACE))) {
+ win_ace_flags = map_nfs4_ace_flags_to_windows_ace_flags(ace->aceFlags);
+ if (!is_directory && (win_ace_flags & (SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT))) {
/*
* GPFS sets inherits dir_inhert and file_inherit flags
* to files, too, which confuses windows, and seems to
* be wrong anyways. ==> Map these bits away for files.
*/
DEBUG(10, ("removing inherit flags from nfs4 ace\n"));
- mapped_ace_flags &= ~(SMB_ACE4_FILE_INHERIT_ACE|SMB_ACE4_DIRECTORY_INHERIT_ACE);
+ win_ace_flags &= ~(SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT);
}
- DEBUG(10, ("mapped ace flags: 0x%x => 0x%x\n",
- ace->aceFlags, mapped_ace_flags));
+ DEBUG(10, ("Windows mapped ace flags: 0x%x => 0x%x\n",
+ ace->aceFlags, win_ace_flags));
/* Windows clients expect SYNC on acls to
correctly allow rename. See bug #7909. */
mask = ace->aceMask | SMB_ACE4_SYNCHRONIZE;
init_sec_ace(&nt_ace_list[good_aces++], &sid,
ace->aceType, mask,
- mapped_ace_flags);
+ win_ace_flags);
}
*ppnt_ace_list = nt_ace_list;
@@ -566,10 +614,7 @@ static bool smbacl4_fill_ace4(
memset(ace_v4, 0, sizeof(SMB_ACE4PROP_T));
ace_v4->aceType = ace_nt->type; /* only ACCESS|DENY supported right now */
- ace_v4->aceFlags = ace_nt->flags & SEC_ACE_FLAG_VALID_INHERIT;
- if (ace_nt->flags & SEC_ACE_FLAG_INHERITED_ACE) {
- ace_v4->aceFlags |= SMB_ACE4_INHERITED_ACE;
- }
+ ace_v4->aceFlags = map_windows_ace_flags_to_nfs4_ace_flags(ace_nt->flags);
ace_v4->aceMask = ace_nt->access_mask &
(SEC_STD_ALL | SEC_FILE_ALL);