s3: Use mode bits in some cases in mode simple.

Non inheriting ACL entries will show mode bits.
With this an file owner change does affect the effective ACL because
the special owner acl will now refer to the new owner.
This could be fixed by updating the ACL on a file owner change.

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c
index e906fcd161793ab304a6c7de9fdecec280ff45b9..3f6d8d8258aafd89b096924e45670f3af808ea38 100644 (file)
--- a/source3/modules/nfs4_acls.c
+++ b/source3/modules/nfs4_acls.c
@@ -820,6 +820,48 @@ static int smbacl4_substitute_special(
        return True; /* OK */
 }
 
+static int smbacl4_substitute_simple(
+       SMB4ACL_T *theacl,
+       uid_t ownerUID,
+       gid_t ownerGID
+)
+{
+       SMB_ACL4_INT_T *aclint = get_validated_aclint(theacl);
+       SMB_ACE4_INT_T *aceint;
+
+       for(aceint = aclint->first; aceint!=NULL; aceint=(SMB_ACE4_INT_T *)aceint->next) {
+               SMB_ACE4PROP_T *ace = &aceint->prop;
+
+               DEBUG(10,("ace type: %d, iflags: %x, flags: %x, "
+                         "mask: %x, who: %d\n",
+                         ace->aceType, ace->flags, ace->aceFlags,
+                         ace->aceMask, ace->who.id));
+
+               if (!(ace->flags & SMB_ACE4_ID_SPECIAL) &&
+                   !(ace->aceFlags & SMB_ACE4_IDENTIFIER_GROUP) &&
+                   ace->who.uid == ownerUID &&
+                   !(ace->aceFlags & SMB_ACE4_INHERIT_ONLY_ACE) &&
+                   !(ace->aceFlags & SMB_ACE4_FILE_INHERIT_ACE) &&
+                   !(ace->aceFlags & SMB_ACE4_DIRECTORY_INHERIT_ACE)) {
+                       ace->flags |= SMB_ACE4_ID_SPECIAL;
+                       ace->who.special_id = SMB_ACE4_WHO_OWNER;
+                       DEBUG(10,("replaced with special owner ace\n"));
+               }
+
+               if (!(ace->flags & SMB_ACE4_ID_SPECIAL) &&
+                   ace->aceFlags & SMB_ACE4_IDENTIFIER_GROUP &&
+                   ace->who.uid == ownerGID &&
+                   !(ace->aceFlags & SMB_ACE4_INHERIT_ONLY_ACE) &&
+                   !(ace->aceFlags & SMB_ACE4_FILE_INHERIT_ACE) &&
+                   !(ace->aceFlags & SMB_ACE4_DIRECTORY_INHERIT_ACE)) {
+                       ace->flags |= SMB_ACE4_ID_SPECIAL;
+                       ace->who.special_id = SMB_ACE4_WHO_GROUP;
+                       DEBUG(10,("replaced with special group ace\n"));
+               }
+       }
+       return True; /* OK */
+}
+
 static SMB4ACL_T *smbacl4_win2nfs4(
        TALLOC_CTX *mem_ctx,
        const files_struct *fsp,
@@ -862,6 +904,10 @@ static SMB4ACL_T *smbacl4_win2nfs4(
                        smb_add_ace4(theacl, &ace_v4);
        }
 
+       if (pparams->mode==e_simple) {
+               smbacl4_substitute_simple(theacl, ownerUID, ownerGID);
+       }
+
        if (pparams->mode==e_special) {
                smbacl4_substitute_special(theacl, ownerUID, ownerGID);
        }