From c54a8db00621de12efc6424cd9112aaf95935067 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 13 Aug 2009 06:33:16 +0200 Subject: [PATCH] Make refusal of SEC_DESC_DACL_PROTECTED configurable This adds a parameter "gpfs:refuse_dacl_protected" that defaults to false. GPFS has no place to store the SEC_DESC_DACL_PROTECTED ACL bit. With this parameter we give customers an option to either ignore this bit or refuse setting an ACL with it. --- source3/modules/vfs_gpfs.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c index 25eaa4b62fc5..3660bb2d3a08 100644 --- a/source3/modules/vfs_gpfs.c +++ b/source3/modules/vfs_gpfs.c @@ -446,7 +446,9 @@ static NTSTATUS gpfsacl_set_nt_acl_internal(files_struct *fsp, uint32 security_i if (acl->acl_version&GPFS_ACL_VERSION_NFS4) { - if ((psd->type&SEC_DESC_DACL_PROTECTED)) { + if (lp_parm_bool(fsp->conn->params->service, "gpfs", + "refuse_dacl_protected", false) + && (psd->type&SEC_DESC_DACL_PROTECTED)) { DEBUG(2, ("Rejecting unsupported ACL with DACL_PROTECTED bit set\n")); return NT_STATUS_NOT_SUPPORTED; } -- 2.34.1