The branch, master has been updated
via bd58a1461724eb92c9fedd014edb7465f5a16b40 (commit)
from e67de63ba6c6de60400e7deb4664d259f6dfb638 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit bd58a1461724eb92c9fedd014edb7465f5a16b40
Author: Christian Ambach <christian.amb...@de.ibm.com>
Date: Thu Jul 9 14:45:23 2009 +0200
reject ACLs with DESC_DACL_PROTECTED on GPFS
as GPFS does not support the ACE4_FLAG_NO_PROPAGATE NFSv4 flag (which would
be the mapping for the DESC_DACL_PROTECTED flag), the status of this flag is
currently silently ignored by Samba. That means that if you deselect the "Allow
inheritable permissions..." checkbox in Windows' ACL dialog and then apply the
ACL, the flag will be back immediately.
To make sure that automatic migration with e.g. robocopy does not lead to
ACLs silently (and unintentionally) changed, this patch adds an explicit check
for this flag and if set, it will return NT_STATUS_NOT_SUPPORTED so errors are
shown up on the Windows side and the Administrator is aware of the ACLs not
being settable like intended
Signed-off-by: Christian Ambach <christian.amb...@de.ibm.com>
-----------------------------------------------------------------------
Summary of changes:
source3/modules/vfs_gpfs.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c
index 47858cb..ffa8db0 100644
--- a/source3/modules/vfs_gpfs.c
+++ b/source3/modules/vfs_gpfs.c
@@ -445,6 +445,11 @@ static NTSTATUS gpfsacl_set_nt_acl_internal(files_struct
*fsp, uint32 security_i
if (acl->acl_version&GPFS_ACL_VERSION_NFS4)
{
+ if ((psd->type&SEC_DESC_DACL_PROTECTED)) {
+ DEBUG(2, ("Rejecting unsupported ACL with
DACL_PROTECTED bit set\n"));
+ return NT_STATUS_NOT_SUPPORTED;
+ }
+
result = smb_set_nt_acl_nfs4(
fsp, security_info_sent, psd,
gpfsacl_process_smbacl);
--
Samba Shared Repository
