Fix bug #8442 - NFSv4 DENY ACLs always include SYNCHRONIZE flag - blocking renames.

author Ira Cooper <ira@wakeful.net>

Wed, 7 Sep 2011 19:24:22 +0000 (12:24 -0700)

committer Karolin Seeger <kseeger@samba.org>

Tue, 11 Oct 2011 18:04:01 +0000 (20:04 +0200)
author Ira Cooper <ira@wakeful.net>
Wed, 7 Sep 2011 19:24:22 +0000 (12:24 -0700)
committer Karolin Seeger <kseeger@samba.org>
Tue, 11 Oct 2011 18:04:01 +0000 (20:04 +0200)
diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c

index c9d795d35c84ce06b2169bb891a3c8cdb20d7455..bea452880e64029b99328fc43fd21391ba8ff447 100644 (file)
--- a/source3/modules/nfs4_acls.c
+++ b/source3/modules/nfs4_acls.c
@@ -337,7 +337,13 @@ static bool smbacl4_nfs42win(TALLOC_CTX *mem_ctx, SMB4ACL_T *theacl, /* in */
  
                 /* Windows clients expect SYNC on acls to
                    correctly allow rename. See bug #7909. */
-               mask = ace->aceMask | SMB_ACE4_SYNCHRONIZE;
+               if(ace->aceType & SMB_ACE4_ACCESS_DENIED_ACE_TYPE) {
+                       /* But not on DENY ace entries. See
+                          bug #8442. */
+                       mask = ace->aceMask;
+               } else {
+                       mask = ace->aceMask | SMB_ACE4_SYNCHRONIZE;
+               }
                 init_sec_ace(&nt_ace_list[good_aces++], &sid,
                         ace->aceType, mask,
                         win_ace_flags);
author	Ira Cooper <ira@wakeful.net>
	Wed, 7 Sep 2011 19:24:22 +0000 (12:24 -0700)
committer	Karolin Seeger <kseeger@samba.org>
	Tue, 11 Oct 2011 18:04:01 +0000 (20:04 +0200)