From d87b5e7196e3942cc8c7e2367e8465d028720287 Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow@samba.org>
Date: Thu, 27 Feb 2020 17:01:10 +0100
Subject: [PATCH] smbd: ignore set NTACL requests which contain S-1-5-88 NFS
 ACEs

We apply the same "ignore" logic already in the POSIX ACL code and in the
vfs_acl_xattr|tdb VFS modules to smb_set_nt_acl_nfs4() in the nfs4_acl helper
subsystem which is common to a bunch of VFS modules: GPFS, ZFS, NFS4_xattr and
aixacl2.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14307

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar  3 19:15:10 UTC 2020 on sn-devel-184

(cherry picked from commit f89c7ad851681c0e0ab39a1bedb3eeb672516fbb)
---
 source3/modules/nfs4_acls.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c
index 4d50223c795..7f32e681694 100644
--- a/source3/modules/nfs4_acls.c
+++ b/source3/modules/nfs4_acls.c
@@ -996,6 +996,10 @@ NTSTATUS smb_set_nt_acl_nfs4(vfs_handle_struct *handle, files_struct *fsp,
 				      * refined... */
 	}
 
+	if (security_descriptor_with_ms_nfs(psd)) {
+		return NT_STATUS_OK;
+	}
+
 	if (pparams == NULL) {
 		/* Special behaviours */
 		if (smbacl4_get_vfs_params(fsp->conn, &params)) {
-- 
2.25.1.481.gfbce0eb801-goog