The branch, master has been updated
via 0ad8381... s3: Add a zfsacl:denymissingspecial parameter
from 04f3f27... tsocket: Added doxygen config file.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 0ad83813ee5cbebd20d930356be61a9ebdddad46
Author: Volker Lendecke <[email protected]>
Date: Mon Jan 11 12:10:47 2010 +0100
s3: Add a zfsacl:denymissingspecial parameter
When setting an ACL without any of the user/group/other entries, ZFS
automatically creates them. This can at times confuse users a lot. This
parameter denies setting such an acl, users explicitly have to for example
set
an ACE with everyone allowing nothing. Users need to be educated about this,
but this helps avoid a lot of confusion.
-----------------------------------------------------------------------
Summary of changes:
source3/modules/vfs_zfsacl.c | 10 ++++++++++
1 files changed, 10 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c
index 312160c..a3de30e 100644
--- a/source3/modules/vfs_zfsacl.c
+++ b/source3/modules/vfs_zfsacl.c
@@ -106,6 +106,7 @@ static bool zfs_process_smbacl(files_struct *fsp, SMB4ACL_T
*smbacl)
ace_t *acebuf;
SMB4ACE_T *smbace;
TALLOC_CTX *mem_ctx;
+ bool have_special_id = false;
/* allocate the field of ZFS aces */
mem_ctx = talloc_tos();
@@ -140,8 +141,17 @@ static bool zfs_process_smbacl(files_struct *fsp,
SMB4ACL_T *smbacl)
aceprop->who.special_id));
continue; /* don't add it !!! */
}
+ have_special_id = true;
}
}
+
+ if (!have_special_id
+ && lp_parm_bool(fsp->conn->params->service, "zfsacl",
+ "denymissingspecial", false)) {
+ errno = EACCES;
+ return false;
+ }
+
SMB_ASSERT(i == naces);
/* store acl */
--
Samba Shared Repository
