The branch, master has been updated via 0ad8381... s3: Add a zfsacl:denymissingspecial parameter from 04f3f27... tsocket: Added doxygen config file.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 0ad83813ee5cbebd20d930356be61a9ebdddad46 Author: Volker Lendecke <v...@samba.org> Date: Mon Jan 11 12:10:47 2010 +0100 s3: Add a zfsacl:denymissingspecial parameter When setting an ACL without any of the user/group/other entries, ZFS automatically creates them. This can at times confuse users a lot. This parameter denies setting such an acl, users explicitly have to for example set an ACE with everyone allowing nothing. Users need to be educated about this, but this helps avoid a lot of confusion. ----------------------------------------------------------------------- Summary of changes: source3/modules/vfs_zfsacl.c | 10 ++++++++++ 1 files changed, 10 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c index 312160c..a3de30e 100644 --- a/source3/modules/vfs_zfsacl.c +++ b/source3/modules/vfs_zfsacl.c @@ -106,6 +106,7 @@ static bool zfs_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl) ace_t *acebuf; SMB4ACE_T *smbace; TALLOC_CTX *mem_ctx; + bool have_special_id = false; /* allocate the field of ZFS aces */ mem_ctx = talloc_tos(); @@ -140,8 +141,17 @@ static bool zfs_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl) aceprop->who.special_id)); continue; /* don't add it !!! */ } + have_special_id = true; } } + + if (!have_special_id + && lp_parm_bool(fsp->conn->params->service, "zfsacl", + "denymissingspecial", false)) { + errno = EACCES; + return false; + } + SMB_ASSERT(i == naces); /* store acl */ -- Samba Shared Repository