summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Ambach <ambi@samba.org>2012-09-25 03:25:36 +0200
committerChristian Ambach <ambi@samba.org>2012-09-27 04:36:52 +0200
commit1947164feb41710842277874cae0c35bfc97e3ab (patch)
tree7415bf0ac87ca2a18421ffc64925eecbe680780d
parent19631e8e7e7d871261642340ffdcec3f73dccca6 (diff)
downloadsamba-1947164feb41710842277874cae0c35bfc97e3ab.tar.gz
samba-1947164feb41710842277874cae0c35bfc97e3ab.tar.bz2
samba-1947164feb41710842277874cae0c35bfc97e3ab.zip
s3:nfs4acls filter away inheritance flags on files
While it is possible to define inheritance flags on files on Windows, this will be denied by GPFS and UFS (and potentially others). So it will be better to strip of these bits when being set for files instead of failing to set the ACL completely (this is current behavior). Users that want to retain the full SD will have to use acl_xattr (acl_tdb), as other pieces of the SD are also lost when translating to NFSv4. So this should not be a too intrusive change, but allow users to migrate data with such flags instead of failing to migrate the ACL completely.
-rw-r--r--source3/modules/nfs4_acls.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c
index cc3480c2e1..b4fd51451f 100644
--- a/source3/modules/nfs4_acls.c
+++ b/source3/modules/nfs4_acls.c
@@ -592,6 +592,17 @@ static bool smbacl4_fill_ace4(
ace_v4->aceFlags = map_windows_ace_flags_to_nfs4_ace_flags(
ace_nt->flags);
+
+ /* remove inheritance flags on files */
+ if (VALID_STAT(fsp->fsp_name->st) &&
+ !S_ISDIR(fsp->fsp_name->st.st_ex_mode)) {
+ DEBUG(10, ("Removing inheritance flags from a file\n"));
+ ace_v4->aceFlags &= ~(SMB_ACE4_FILE_INHERIT_ACE|
+ SMB_ACE4_DIRECTORY_INHERIT_ACE|
+ SMB_ACE4_NO_PROPAGATE_INHERIT_ACE|
+ SMB_ACE4_INHERIT_ONLY_ACE);
+ }
+
ace_v4->aceMask = ace_nt->access_mask &
(SEC_STD_ALL | SEC_FILE_ALL);