From a9f89d28c0d2616245e7a3bb6ab074c701735616 Mon Sep 17 00:00:00 2001 From: Ira Cooper Date: Wed, 7 Sep 2011 12:24:22 -0700 Subject: [PATCH 1/2] Fix bug #8442 - NFSv4 DENY ACLs always include SYNCHRONIZE flag - blocking renames. Thanks to Youzhong Yang for discovering this issue. Autobuild-User: Jeremy Allison Autobuild-Date: Wed Sep 7 22:56:06 CEST 2011 on sn-devel-104 (cherry picked from commit 600451da33728cbd377b122c85cf146f5b319998) --- source3/modules/nfs4_acls.c | 8 +++++++- 1 files changed, 7 insertions(+), 1 deletions(-) diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c index c9d795d..bea4528 100644 --- a/source3/modules/nfs4_acls.c +++ b/source3/modules/nfs4_acls.c @@ -337,7 +337,13 @@ static bool smbacl4_nfs42win(TALLOC_CTX *mem_ctx, SMB4ACL_T *theacl, /* in */ /* Windows clients expect SYNC on acls to correctly allow rename. See bug #7909. */ - mask = ace->aceMask | SMB_ACE4_SYNCHRONIZE; + if(ace->aceType & SMB_ACE4_ACCESS_DENIED_ACE_TYPE) { + /* But not on DENY ace entries. See + bug #8442. */ + mask = ace->aceMask; + } else { + mask = ace->aceMask | SMB_ACE4_SYNCHRONIZE; + } init_sec_ace(&nt_ace_list[good_aces++], &sid, ace->aceType, mask, win_ace_flags); -- 1.7.0.4 From 2329f7a8e6984a569696a612eaa3c2c8d3caaf46 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 7 Sep 2011 14:57:11 -0700 Subject: [PATCH 2/2] Tidy up previous patch for bug #8442 - NFSv4 DENY ACLs always include SYNCHRONIZE flag - blocking renames. aceType is an enum field, not a bitmask. Autobuild-User: Jeremy Allison Autobuild-Date: Thu Sep 8 03:34:39 CEST 2011 on sn-devel-104 (cherry picked from commit 0aa6751e919d842cdae044be26f6da725063eac2) --- source3/modules/nfs4_acls.c | 9 ++++----- 1 files changed, 4 insertions(+), 5 deletions(-) diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c index bea4528..e5cc32d 100644 --- a/source3/modules/nfs4_acls.c +++ b/source3/modules/nfs4_acls.c @@ -335,13 +335,12 @@ static bool smbacl4_nfs42win(TALLOC_CTX *mem_ctx, SMB4ACL_T *theacl, /* in */ DEBUG(10, ("Windows mapped ace flags: 0x%x => 0x%x\n", ace->aceFlags, win_ace_flags)); + mask = ace->aceMask; /* Windows clients expect SYNC on acls to correctly allow rename. See bug #7909. */ - if(ace->aceType & SMB_ACE4_ACCESS_DENIED_ACE_TYPE) { - /* But not on DENY ace entries. See - bug #8442. */ - mask = ace->aceMask; - } else { + /* But not on DENY ace entries. See + bug #8442. */ + if(ace->aceType == SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE) { mask = ace->aceMask | SMB_ACE4_SYNCHRONIZE; } init_sec_ace(&nt_ace_list[good_aces++], &sid, -- 1.7.0.4