smbd: ignore set NTACL requests which contain S-1-5-88 NFS ACEs

We apply the same "ignore" logic already in the POSIX ACL code and in the
vfs_acl_xattr|tdb VFS modules to smb_set_nt_acl_nfs4() in the nfs4_acl helper
subsystem which is common to a bunch of VFS modules: GPFS, ZFS, NFS4_xattr and
aixacl2.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14307

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar  3 19:15:10 UTC 2020 on sn-devel-184

diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c
index 4d50223c79517f42e97c018c00ae38bb5aeefb76..7f32e6816948992ca2fbf1114ea9c5f41a7ff841 100644 (file)
--- a/source3/modules/nfs4_acls.c
+++ b/source3/modules/nfs4_acls.c
@@ -996,6 +996,10 @@ NTSTATUS smb_set_nt_acl_nfs4(vfs_handle_struct *handle, files_struct *fsp,
                                      * refined... */
        }
 
+       if (security_descriptor_with_ms_nfs(psd)) {
+               return NT_STATUS_OK;
+       }
+
        if (pparams == NULL) {
                /* Special behaviours */
                if (smbacl4_get_vfs_params(fsp->conn, &params)) {