Last part of fix for #6154 - zfs does not honor admin users.

Jeremy.

diff --git a/source3/include/proto.h b/source3/include/proto.h
index 41e3618503aa0fbe9d3b64129f8dddea4e670786..0dfa7f0809f37fde4733e1c29c8f58b1871ae8d5 100644 (file)
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -3484,9 +3484,9 @@ bool remove_share_oplock(struct share_mode_lock *lck, files_struct *fsp);
 bool downgrade_share_oplock(struct share_mode_lock *lck, files_struct *fsp);
 NTSTATUS can_set_delete_on_close(files_struct *fsp, bool delete_on_close,
                                 uint32 dosmode);
-void set_delete_on_close_token(struct share_mode_lock *lck, UNIX_USER_TOKEN *tok);
-void set_delete_on_close_lck(struct share_mode_lock *lck, bool delete_on_close, UNIX_USER_TOKEN *tok);
-bool set_delete_on_close(files_struct *fsp, bool delete_on_close, UNIX_USER_TOKEN *tok);
+void set_delete_on_close_token(struct share_mode_lock *lck, const UNIX_USER_TOKEN *tok);
+void set_delete_on_close_lck(struct share_mode_lock *lck, bool delete_on_close, const UNIX_USER_TOKEN *tok);
+bool set_delete_on_close(files_struct *fsp, bool delete_on_close, const UNIX_USER_TOKEN *tok);
 bool set_sticky_write_time(struct file_id fileid, struct timespec write_time);
 bool set_write_time(struct file_id fileid, struct timespec write_time);
 int share_mode_forall(void (*fn)(const struct share_mode_entry *, const char *,

diff --git a/source3/locking/locking.c b/source3/locking/locking.c
index 1737eab1c6f32df43ac205b09d98002d3455fcba..e9a5f757e517f20b65e47ca50812c20f7d7041e3 100644 (file)
--- a/source3/locking/locking.c
+++ b/source3/locking/locking.c
@@ -1295,7 +1295,7 @@ NTSTATUS can_set_delete_on_close(files_struct *fsp, bool delete_on_close,
  (Should this be in locking.c.... ?).
 *************************************************************************/
 
-static UNIX_USER_TOKEN *copy_unix_token(TALLOC_CTX *ctx, UNIX_USER_TOKEN *tok)
+static UNIX_USER_TOKEN *copy_unix_token(TALLOC_CTX *ctx, const UNIX_USER_TOKEN *tok)
 {
        UNIX_USER_TOKEN *cpy;
 
@@ -1326,7 +1326,7 @@ static UNIX_USER_TOKEN *copy_unix_token(TALLOC_CTX *ctx, UNIX_USER_TOKEN *tok)
  Replace the delete on close token.
 ****************************************************************************/
 
-void set_delete_on_close_token(struct share_mode_lock *lck, UNIX_USER_TOKEN *tok)
+void set_delete_on_close_token(struct share_mode_lock *lck, const UNIX_USER_TOKEN *tok)
 {
        TALLOC_FREE(lck->delete_token); /* Also deletes groups... */
 
@@ -1346,7 +1346,7 @@ void set_delete_on_close_token(struct share_mode_lock *lck, UNIX_USER_TOKEN *tok
  lck entry. This function is used when the lock is already granted.
 ****************************************************************************/
 
-void set_delete_on_close_lck(struct share_mode_lock *lck, bool delete_on_close, UNIX_USER_TOKEN *tok)
+void set_delete_on_close_lck(struct share_mode_lock *lck, bool delete_on_close, const UNIX_USER_TOKEN *tok)
 {
        if (lck->delete_on_close != delete_on_close) {
                set_delete_on_close_token(lck, tok);
@@ -1358,8 +1358,9 @@ void set_delete_on_close_lck(struct share_mode_lock *lck, bool delete_on_close,
        }
 }
 
-bool set_delete_on_close(files_struct *fsp, bool delete_on_close, UNIX_USER_TOKEN *tok)
+bool set_delete_on_close(files_struct *fsp, bool delete_on_close, const UNIX_USER_TOKEN *tok)
 {
+       UNIX_USER_TOKEN *tok_copy = NULL;
        struct share_mode_lock *lck;
        
        DEBUG(10,("set_delete_on_close: %s delete on close flag for "
@@ -1373,6 +1374,16 @@ bool set_delete_on_close(files_struct *fsp, bool delete_on_close, UNIX_USER_TOKE
                return False;
        }
 
+       if (fsp->conn->admin_user) {
+               tok_copy = copy_unix_token(lck, tok);
+               tok_copy->uid = (uid_t)0;
+               if (tok_copy == NULL) {
+                       TALLOC_FREE(lck);
+                       return false;
+               }
+               tok = tok_copy;
+       }
+
        set_delete_on_close_lck(lck, delete_on_close, tok);
 
        if (fsp->is_directory) {