From b52b5de76a87a332d7eb74d77e93180c723bf0b9 Mon Sep 17 00:00:00 2001 From: Christof Schmitt Date: Wed, 17 Jul 2019 10:51:18 -0700 Subject: [PATCH] nfs4_acls: Mark nfs4:acedup ignore and reject as deprecated The default setting for nfs4:acedup is "dontcare". The only recommendation i could find is setting this to "merge". The setting of "ignore" is dangerous as it would silently drop ACEs. "reject" also seems less useful as it would disallow setting of ACLs that can easily be stored. Report "ignore" and "reject" as deprecated. Maybe these can be removed in the future to simplify the code. Signed-off-by: Christof Schmitt Reviewed-by: Ralph Boehme --- source3/modules/README.nfs4acls.txt | 4 ++-- source3/modules/nfs4_acls.c | 6 ++++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/source3/modules/README.nfs4acls.txt b/source3/modules/README.nfs4acls.txt index 3594aafee8e..650513b51c7 100644 --- a/source3/modules/README.nfs4acls.txt +++ b/source3/modules/README.nfs4acls.txt @@ -34,8 +34,8 @@ chown = [true|false] acedup = [dontcare|reject|ignore|merge] - dontcare: copy ACEs as they come, don't care with "duplicate" records. Default. -- reject: stop operation, exit acl setter operation with an error -- ignore: don't include the second matching ACE +- reject: stop operation, exit acl setter operation with an error. (deprecated) +- ignore: don't include the second matching ACE. (deprecated) - merge: OR 2 ace.flag fields and 2 ace.mask fields of the 2 duplicate ACEs into 1 ACE Two ACEs are considered here "duplicate" when their type and id fields are matching. diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c index c48f601be39..a80f4f23ad7 100644 --- a/source3/modules/nfs4_acls.c +++ b/source3/modules/nfs4_acls.c @@ -98,6 +98,12 @@ int smbacl4_get_vfs_params(struct connection_struct *conn, return -1; } params->acedup = (enum smbacl4_acedup_enum)enumval; + if (params->acedup == e_ignore) { + DBG_WARNING("nfs4:acedup ignore is deprecated.\n"); + } + if (params->acedup == e_reject) { + DBG_WARNING("nfs4:acedup ignore is deprecated.\n"); + } params->map_full_control = lp_acl_map_full_control(SNUM(conn)); -- 2.47.3