ace_v4->who.gid = gid;
} else if (sid_to_uid(&ace_nt->trustee, &uid)) {
ace_v4->who.uid = uid;
+ } else if (dom_sid_compare_domain(&ace_nt->trustee,
+ &global_sid_Unix_NFS) == 0) {
+ return false;
} else {
DEBUG(1, ("nfs4_acls.c: file [%s]: could not "
"convert %s to uid or gid\n",
psd->group_sid = orig_psd->group_sid;
}
if (security_info_sent & SECINFO_DACL) {
+ if (security_descriptor_with_ms_nfs(orig_psd)) {
+ /*
+ * If the sd contains a MS NFS SID, do
+ * nothing, it's a chmod() request from OS X
+ * with AAPL context.
+ */
+ TALLOC_FREE(frame);
+ return NT_STATUS_OK;
+ }
psd->dacl = orig_psd->dacl;
psd->type |= SEC_DESC_DACL_PRESENT;
}
return NT_STATUS_INVALID_PARAMETER;
}
+ /*
+ * MS NFS mode, here's the deal: the client merely wants to
+ * modify the mode, but roundtripping get_acl/set/acl would
+ * add additional POSIX ACEs. So in case we get a request
+ * containing a MS NFS mode SID, we do nothing here.
+ */
+ if (security_descriptor_with_ms_nfs(psd_orig)) {
+ return NT_STATUS_OK;
+ }
+
psd = security_descriptor_copy(talloc_tos(), psd_orig);
if (psd == NULL) {
return NT_STATUS_NO_MEMORY;