Fix bug #8442 - NFSv4 DENY ACLs always include SYNCHRONIZE flag - blocking renames.

author Ira Cooper <ira@wakeful.net>

Wed, 7 Sep 2011 19:24:22 +0000 (12:24 -0700)

committer Jeremy Allison <jra@samba.org>

Wed, 7 Sep 2011 20:56:06 +0000 (22:56 +0200)
author Ira Cooper <ira@wakeful.net>
Wed, 7 Sep 2011 19:24:22 +0000 (12:24 -0700)
committer Jeremy Allison <jra@samba.org>
Wed, 7 Sep 2011 20:56:06 +0000 (22:56 +0200)
diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c

index 041aee2e8d4453269151389492bef16262f1e127..e94abacc4827282d34a23868bc716541d863c498 100644 (file)
--- a/source3/modules/nfs4_acls.c
+++ b/source3/modules/nfs4_acls.c
@@ -339,7 +339,13 @@ static bool smbacl4_nfs42win(TALLOC_CTX *mem_ctx, SMB4ACL_T *theacl, /* in */
  
                 /* Windows clients expect SYNC on acls to
                    correctly allow rename. See bug #7909. */
-               mask = ace->aceMask | SMB_ACE4_SYNCHRONIZE;
+               if(ace->aceType & SMB_ACE4_ACCESS_DENIED_ACE_TYPE) {
+                       /* But not on DENY ace entries. See
+                          bug #8442. */
+                       mask = ace->aceMask;
+               } else {
+                       mask = ace->aceMask | SMB_ACE4_SYNCHRONIZE;
+               }
                 init_sec_ace(&nt_ace_list[good_aces++], &sid,
                         ace->aceType, mask,
                         win_ace_flags);
author	Ira Cooper <ira@wakeful.net>
	Wed, 7 Sep 2011 19:24:22 +0000 (12:24 -0700)
committer	Jeremy Allison <jra@samba.org>
	Wed, 7 Sep 2011 20:56:06 +0000 (22:56 +0200)