The branch, v3-6-test has been updated
via 06a02e2 Split the ACE flag mapping between nfs4 and Windows into
two separate functions rather than trying to do it inline. Allows us to
carefully control what flags are mapped to what in one place. Modification to
bug #8191 - vfs_gpfs dosn't honor ACE_FLAG_INHERITED_ACE
via 009ceea nfs4_acls: pass ACE_FLAG_INHERITED_ACE down from the client
via ab1fd07 nfs4_acls: pass ACE_FLAG_INHERITED_ACE up to the client
from d6b991a s3-docs: Fix version.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -----------------------------------------------------------------
commit 06a02e2f698076bcb8164efa15cc7b79ac19c927
Author: Jeremy Allison <j...@samba.org>
Date: Tue May 31 15:37:30 2011 -0700
Split the ACE flag mapping between nfs4 and Windows into two separate
functions rather than trying to do it inline. Allows us to carefully control
what flags are mapped to what in one place. Modification to bug #8191 -
vfs_gpfs dosn't honor ACE_FLAG_INHERITED_ACE
commit 009ceeaad12d5b799c0a4249ce473da97a0e3fec
Author: Gregor Beck <gb...@sernet.de>
Date: Mon May 23 14:45:57 2011 +0200
nfs4_acls: pass ACE_FLAG_INHERITED_ACE down from the client
Signed-off-by: Michael Adam <ob...@samba.org>
(cherry picked from commit 817c64f5de65c6ba7cc535446279f769d6552618)
Fix bug #8191
commit ab1fd07266075acb78276ed0e6347c6db11759c2
Author: Gregor Beck <gb...@sernet.de>
Date: Mon May 23 14:27:11 2011 +0200
nfs4_acls: pass ACE_FLAG_INHERITED_ACE up to the client
Signed-off-by: Michael Adam <ob...@samba.org>
(cherry picked from commit b0471303ba50caab7da5f50e6f7d8c4b1c664238)
Fix bug #8191
-----------------------------------------------------------------------
Summary of changes:
source3/modules/nfs4_acls.c | 67 +++++++++++++++++++++++++++++++++++++-----
source3/modules/nfs4_acls.h | 3 +-
2 files changed, 61 insertions(+), 9 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c
index 91e98f6..be8a505 100644
--- a/source3/modules/nfs4_acls.c
+++ b/source3/modules/nfs4_acls.c
@@ -52,6 +52,57 @@ typedef struct _SMB_ACL4_INT_T
SMB_ACE4_INT_T *last;
} SMB_ACL4_INT_T;
+/************************************************
+ Split the ACE flag mapping between nfs4 and Windows
+ into two separate functions rather than trying to do
+ it inline. Allows us to carefully control what flags
+ are mapped to what in one place.
+************************************************/
+
+static uint32_t map_nfs4_ace_flags_to_windows_ace_flags(uint32_t
nfs4_ace_flags)
+{
+ uint32_t win_ace_flags = 0;
+
+ /* The nfs4 flags <= 0xf map perfectly. */
+ win_ace_flags = nfs4_ace_flags & (SEC_ACE_FLAG_OBJECT_INHERIT|
+ SEC_ACE_FLAG_CONTAINER_INHERIT|
+ SEC_ACE_FLAG_NO_PROPAGATE_INHERIT|
+ SEC_ACE_FLAG_INHERIT_ONLY);
+
+ /* flags greater than 0xf have diverged :-(. */
+ /* See the nfs4 ace flag definitions here:
+ http://www.ietf.org/rfc/rfc3530.txt.
+ And the Windows ace flag definitions here:
+ librpc/idl/security.idl. */
+ if (nfs4_ace_flags & SMB_ACE4_INHERITED_ACE) {
+ win_ace_flags |= SEC_ACE_FLAG_INHERITED_ACE;
+ }
+
+ return win_ace_flags;
+}
+
+static uint32_t map_windows_ace_flags_to_nfs4_ace_flags(uint32_t win_ace_flags)
+{
+ uint32_t nfs4_ace_flags = 0;
+
+ /* The windows flags <= 0xf map perfectly. */
+ nfs4_ace_flags = win_ace_flags & (SMB_ACE4_FILE_INHERIT_ACE|
+ SMB_ACE4_DIRECTORY_INHERIT_ACE|
+ SMB_ACE4_NO_PROPAGATE_INHERIT_ACE|
+ SMB_ACE4_INHERIT_ONLY_ACE);
+
+ /* flags greater than 0xf have diverged :-(. */
+ /* See the nfs4 ace flag definitions here:
+ http://www.ietf.org/rfc/rfc3530.txt.
+ And the Windows ace flag definitions here:
+ librpc/idl/security.idl. */
+ if (win_ace_flags & SEC_ACE_FLAG_INHERITED_ACE) {
+ nfs4_ace_flags |= SMB_ACE4_INHERITED_ACE;
+ }
+
+ return nfs4_ace_flags;
+}
+
static SMB_ACL4_INT_T *get_validated_aclint(SMB4ACL_T *theacl)
{
SMB_ACL4_INT_T *aclint = (SMB_ACL4_INT_T *)theacl;
@@ -234,7 +285,7 @@ static bool smbacl4_nfs42win(TALLOC_CTX *mem_ctx, SMB4ACL_T
*theacl, /* in */
uint32_t mask;
struct dom_sid sid;
SMB_ACE4PROP_T *ace = &aceint->prop;
- uint32_t mapped_ace_flags;
+ uint32_t win_ace_flags;
DEBUG(10, ("magic: 0x%x, type: %d, iflags: %x, flags: %x, mask:
%x, "
"who: %d\n", aceint->magic, ace->aceType, ace->flags,
@@ -271,25 +322,25 @@ static bool smbacl4_nfs42win(TALLOC_CTX *mem_ctx,
SMB4ACL_T *theacl, /* in */
ace->aceMask |= SMB_ACE4_DELETE_CHILD;
}
- mapped_ace_flags = ace->aceFlags & 0xf;
- if (!is_directory && (mapped_ace_flags &
(SMB_ACE4_FILE_INHERIT_ACE|SMB_ACE4_DIRECTORY_INHERIT_ACE))) {
+ win_ace_flags =
map_nfs4_ace_flags_to_windows_ace_flags(ace->aceFlags);
+ if (!is_directory && (win_ace_flags &
(SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT))) {
/*
* GPFS sets inherits dir_inhert and file_inherit flags
* to files, too, which confuses windows, and seems to
* be wrong anyways. ==> Map these bits away for files.
*/
DEBUG(10, ("removing inherit flags from nfs4 ace\n"));
- mapped_ace_flags &=
~(SMB_ACE4_FILE_INHERIT_ACE|SMB_ACE4_DIRECTORY_INHERIT_ACE);
+ win_ace_flags &=
~(SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT);
}
- DEBUG(10, ("mapped ace flags: 0x%x => 0x%x\n",
- ace->aceFlags, mapped_ace_flags));
+ DEBUG(10, ("Windows mapped ace flags: 0x%x => 0x%x\n",
+ ace->aceFlags, win_ace_flags));
/* Windows clients expect SYNC on acls to
correctly allow rename. See bug #7909. */
mask = ace->aceMask | SMB_ACE4_SYNCHRONIZE;
init_sec_ace(&nt_ace_list[good_aces++], &sid,
ace->aceType, mask,
- mapped_ace_flags);
+ win_ace_flags);
}
*ppnt_ace_list = nt_ace_list;
@@ -561,7 +612,7 @@ static bool smbacl4_fill_ace4(
memset(ace_v4, 0, sizeof(SMB_ACE4PROP_T));
ace_v4->aceType = ace_nt->type; /* only ACCESS|DENY supported right now
*/
- ace_v4->aceFlags = ace_nt->flags & SEC_ACE_FLAG_VALID_INHERIT;
+ ace_v4->aceFlags =
map_windows_ace_flags_to_nfs4_ace_flags(ace_nt->flags);
ace_v4->aceMask = ace_nt->access_mask &
(SEC_STD_ALL | SEC_FILE_ALL);
diff --git a/source3/modules/nfs4_acls.h b/source3/modules/nfs4_acls.h
index f4576b0..fcab635 100644
--- a/source3/modules/nfs4_acls.h
+++ b/source3/modules/nfs4_acls.h
@@ -76,9 +76,10 @@ typedef struct _SMB_ACE4PROP_T {
#define SMB_ACE4_SUCCESSFUL_ACCESS_ACE_FLAG 0x00000010
#define SMB_ACE4_FAILED_ACCESS_ACE_FLAG 0x00000020
#define SMB_ACE4_IDENTIFIER_GROUP 0x00000040
+#define SMB_ACE4_INHERITED_ACE 0x00000080
#define SMB_ACE4_ALL_FLAGS ( SMB_ACE4_FILE_INHERIT_ACE |
SMB_ACE4_DIRECTORY_INHERIT_ACE \
| SMB_ACE4_NO_PROPAGATE_INHERIT_ACE | SMB_ACE4_INHERIT_ONLY_ACE |
SMB_ACE4_SUCCESSFUL_ACCESS_ACE_FLAG \
-| SMB_ACE4_FAILED_ACCESS_ACE_FLAG | SMB_ACE4_IDENTIFIER_GROUP )
+| SMB_ACE4_FAILED_ACCESS_ACE_FLAG | SMB_ACE4_IDENTIFIER_GROUP |
SMB_ACE4_INHERITED_ACE)
uint32 aceMask; /* Access rights */
/*The bitmask constants used for the access mask field are as follows: */
--
Samba Shared Repository
