vfs_zfsacl: only grant DELETE_CHILD if ACL tag is special

When ZFS aclmode is set to "passthrough" chmod(2)/fchmod(2) will result
in special entries being modified in a way such that delete, delete_child,
write_named_attr, write_attribute are stripped from the returned ACL entry,
and the kernel / ZFS treats this as having rights equivalent to the desired
POSIX mode. Historically, samba has added delete_child to the NFSv4 ACL, but
this is only really called for in the case of special entries in this
particular circumstance.

Alter circumstances in which delete_child is granted so that it only
is added to special entries. This preserves the intend post-chmod behavior,
but avoids unnecessarily increasing permissions in cases where it's not
intended. Further modification of this behavior may be required so that
we grant a general read or general write permissions set in case of
POSIX read / POSIX write on special entries.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14471
RN: vfs_zfsacl: only grant DELETE_CHILD if ACL tag is special

Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit c1a37b4f31d5252ce074d41f69e526aa84b0d3b3)

diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c
index 092ad33504ad74d6b5a0266e1a4297a348a12ecb..9626f21a52299233b9bfcaf59df397e1a274f44f 100644 (file)
--- a/source3/modules/vfs_zfsacl.c
+++ b/source3/modules/vfs_zfsacl.c
@@ -112,7 +112,10 @@ static NTSTATUS zfs_get_nt_acl_common(struct connection_struct *conn,
 
                special = acebuf[i].a_flags & (ACE_OWNER|ACE_GROUP|ACE_EVERYONE);
 
-               if (is_dir && (aceprop.aceMask & SMB_ACE4_ADD_FILE)) {
+               if (is_dir &&
+                   (aceprop.aceMask & SMB_ACE4_ADD_FILE) &&
+                   (special != 0))
+               {
                        aceprop.aceMask |= SMB_ACE4_DELETE_CHILD;
                }