From 60bdced298831b2750ce785e01891e4aeb79f0dc Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Fri, 18 May 2018 13:14:57 +0200 Subject: [PATCH 1/2] s3:smbd: make psbuf arg to make_default_acl_posix() const Bug: https://bugzilla.samba.org/show_bug.cgi?id=13175 Signed-off-by: Ralph Boehme --- source3/smbd/posix_acls.c | 8 ++++---- source3/smbd/proto.h | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 8d42535d877..6396f818176 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -4779,7 +4779,7 @@ int posix_sys_acl_blob_get_fd(vfs_handle_struct *handle, static NTSTATUS make_default_acl_posix(TALLOC_CTX *ctx, const char *name, - SMB_STRUCT_STAT *psbuf, + const SMB_STRUCT_STAT *psbuf, struct security_descriptor **ppdesc) { struct dom_sid owner_sid, group_sid; @@ -4886,7 +4886,7 @@ static NTSTATUS make_default_acl_posix(TALLOC_CTX *ctx, static NTSTATUS make_default_acl_windows(TALLOC_CTX *ctx, const char *name, - SMB_STRUCT_STAT *psbuf, + const SMB_STRUCT_STAT *psbuf, struct security_descriptor **ppdesc) { struct dom_sid owner_sid, group_sid; @@ -4958,7 +4958,7 @@ static NTSTATUS make_default_acl_windows(TALLOC_CTX *ctx, static NTSTATUS make_default_acl_everyone(TALLOC_CTX *ctx, const char *name, - SMB_STRUCT_STAT *psbuf, + const SMB_STRUCT_STAT *psbuf, struct security_descriptor **ppdesc) { struct dom_sid owner_sid, group_sid; @@ -5022,7 +5022,7 @@ NTSTATUS make_default_filesystem_acl( TALLOC_CTX *ctx, enum default_acl_style acl_style, const char *name, - SMB_STRUCT_STAT *psbuf, + const SMB_STRUCT_STAT *psbuf, struct security_descriptor **ppdesc) { NTSTATUS status; diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h index bee7acadeea..262338d81e4 100644 --- a/source3/smbd/proto.h +++ b/source3/smbd/proto.h @@ -819,7 +819,7 @@ NTSTATUS make_default_filesystem_acl( TALLOC_CTX *ctx, enum default_acl_style acl_style, const char *name, - SMB_STRUCT_STAT *psbuf, + const SMB_STRUCT_STAT *psbuf, struct security_descriptor **ppdesc); /* The following definitions come from smbd/process.c */ -- 2.13.6 From 0918370e20156e4a21a0c244b963b672ed6b46b1 Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Tue, 5 Dec 2017 08:28:28 +0100 Subject: [PATCH 2/2] vfs_zfsacl: return synthesized ACL when ZFS return ENOTSUP This allows accessing the ZFS .snapshots directory where ZFS returns ENOTSUP when calling acl(".snapshots"). Bug: https://bugzilla.samba.org/show_bug.cgi?id=13175 Signed-off-by: Ralph Boehme --- source3/modules/vfs_zfsacl.c | 36 ++++++++++++++++++++++++++++++++++-- 1 file changed, 34 insertions(+), 2 deletions(-) diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c index 0bc4ba6604f..43e41f95c1a 100644 --- a/source3/modules/vfs_zfsacl.c +++ b/source3/modules/vfs_zfsacl.c @@ -238,7 +238,20 @@ static NTSTATUS zfsacl_fget_nt_acl(struct vfs_handle_struct *handle, fsp->fsp_name, &pacl); if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(frame); - return status; + if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) { + return status; + } + + status = make_default_filesystem_acl(mem_ctx, + DEFAULT_ACL_POSIX, + fsp->fsp_name->base_name, + &fsp->fsp_name->st, + ppdesc); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + (*ppdesc)->type |= SEC_DESC_DACL_PROTECTED; + return NT_STATUS_OK; } status = smb_fget_nt_acl_nfs4(fsp, NULL, security_info, mem_ctx, @@ -260,7 +273,26 @@ static NTSTATUS zfsacl_get_nt_acl(struct vfs_handle_struct *handle, status = zfs_get_nt_acl_common(handle->conn, frame, smb_fname, &pacl); if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(frame); - return status; + if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) { + return status; + } + + if (!VALID_STAT(smb_fname->st)) { + DBG_ERR("No stat info for [%s]\n", + smb_fname_str_dbg(smb_fname)); + return NT_STATUS_INTERNAL_ERROR; + } + + status = make_default_filesystem_acl(mem_ctx, + DEFAULT_ACL_POSIX, + smb_fname->base_name, + &smb_fname->st, + ppdesc); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + (*ppdesc)->type |= SEC_DESC_DACL_PROTECTED; + return NT_STATUS_OK; } status = smb_get_nt_acl_nfs4(handle->conn, -- 2.13.6