From 241b8dc69e154257350bd04de81a6926ff2f362e Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Wed, 6 Sep 2017 16:56:47 +0200 Subject: [PATCH] s3/vfs: move ACE4_ADD_FILE/ACE4_DELETE_CHILD mapping from NFSv4 framework to vfs_zfsacl This was added in e6a5f11865a55e9644292ae92e4a4b5ec0662ccd to adopt the NFSv4 framework to follow ZFS permission rules. But this is the wrong place, other filesystems like GPFS do not allow deletion when the user has SEC_DIR_ADD_FILE. This patch therefor moves the change from the NFS4 framework into the ZFS module. Bug: https://bugzilla.samba.org/show_bug.cgi?id=6133 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Sat Sep 9 04:59:51 CEST 2017 on sn-devel-144 (cherry picked from commit 4102697503691f3b2eadfcb98834bb66c669f3ab) --- source3/modules/nfs4_acls.c | 4 ---- source3/modules/vfs_zfsacl.c | 4 ++++ 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c index 7488b1c9606..6a337177626 100644 --- a/source3/modules/nfs4_acls.c +++ b/source3/modules/nfs4_acls.c @@ -352,10 +352,6 @@ static bool smbacl4_nfs42win(TALLOC_CTX *mem_ctx, DEBUG(10, ("mapped %d to %s\n", ace->who.id, sid_string_dbg(&sid))); - if (is_directory && (ace->aceMask & SMB_ACE4_ADD_FILE)) { - ace->aceMask |= SMB_ACE4_DELETE_CHILD; - } - if (!is_directory && params->map_full_control) { /* * Do we have all access except DELETE_CHILD diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c index b171e79578b..02492b71f98 100644 --- a/source3/modules/vfs_zfsacl.c +++ b/source3/modules/vfs_zfsacl.c @@ -66,6 +66,10 @@ static NTSTATUS zfs_get_nt_acl_common(struct connection_struct *conn, psbuf = &sbuf; } + if (S_ISDIR(psbuf->st_ex_mode) && (ace->aceMask & SMB_ACE4_ADD_FILE)) { + ace->aceMask |= SMB_ACE4_DELETE_CHILD; + } + /* read the number of file aces */ if((naces = acl(smb_fname->base_name, ACE_GETACLCNT, 0, NULL)) == -1) { if(errno == ENOSYS) { -- 2.11.4.GIT