Revert "vfs_acl_xattr: objects without NT ACL xattr"

This reverts commit 961c4b591bb102751079d9cc92d7aa1c37f1958c.

Subsequent commits will add the same functionality as an optional
feature.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c
index 2fda938ed89f6a4fa5ddd23947648f77afdae7d9..a287945023dc6b030247fcb19c1d72a6e5a6df62 100644 (file)
--- a/source3/modules/vfs_acl_common.c
+++ b/source3/modules/vfs_acl_common.c
@@ -379,10 +379,12 @@ static NTSTATUS make_default_filesystem_acl(TALLOC_CTX *ctx,
        gid_to_sid(&group_sid, psbuf->st_ex_gid);
 
        /*
-        * We provide 2 ACEs:
-        * - Owner
-        * - NT System
-        */
+        We provide up to 4 ACEs
+               - Owner
+               - Group
+               - Everyone
+               - NT System
+       */
 
        if (mode & S_IRUSR) {
                if (mode & S_IWUSR) {
@@ -402,6 +404,39 @@ static NTSTATUS make_default_filesystem_acl(TALLOC_CTX *ctx,
                        0);
        idx++;
 
+       access_mask = 0;
+       if (mode & S_IRGRP) {
+               access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE;
+       }
+       if (mode & S_IWGRP) {
+               /* note that delete is not granted - this matches posix behaviour */
+               access_mask |= SEC_RIGHTS_FILE_WRITE;
+       }
+       if (access_mask) {
+               init_sec_ace(&aces[idx],
+                       &group_sid,
+                       SEC_ACE_TYPE_ACCESS_ALLOWED,
+                       access_mask,
+                       0);
+               idx++;
+       }
+
+       access_mask = 0;
+       if (mode & S_IROTH) {
+               access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE;
+       }
+       if (mode & S_IWOTH) {
+               access_mask |= SEC_RIGHTS_FILE_WRITE;
+       }
+       if (access_mask) {
+               init_sec_ace(&aces[idx],
+                       &global_sid_World,
+                       SEC_ACE_TYPE_ACCESS_ALLOWED,
+                       access_mask,
+                       0);
+               idx++;
+       }
+
        init_sec_ace(&aces[idx],
                        &global_sid_System,
                        SEC_ACE_TYPE_ACCESS_ALLOWED,