nfs4_acls: Mark nfs4:acedup ignore and reject as deprecated

The default setting for nfs4:acedup is "dontcare". The only
recommendation i could find is setting this to "merge". The setting of
"ignore" is dangerous as it would silently drop ACEs. "reject" also
seems less useful as it would disallow setting of ACLs that can easily
be stored.

Report "ignore" and "reject" as deprecated. Maybe these can be removed
in the future to simplify the code.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

2 files changed, 8 insertions, 2 deletions

diff --git a/source3/modules/README.nfs4acls.txt b/source3/modules/README.nfs4acls.txt
index 3594aafee8e..650513b51c7 100644
--- a/source3/modules/README.nfs4acls.txt
+++ b/source3/modules/README.nfs4acls.txt
@@ -34,8 +34,8 @@ chown = [true|false]
 
 acedup = [dontcare|reject|ignore|merge]
 - dontcare: copy ACEs as they come, don't care with "duplicate" records. Default.
-- reject: stop operation, exit acl setter operation with an error
-- ignore: don't include the second matching ACE
+- reject: stop operation, exit acl setter operation with an error. (deprecated)
+- ignore: don't include the second matching ACE. (deprecated)
 - merge: OR 2 ace.flag fields and 2 ace.mask fields of the 2 duplicate ACEs into 1 ACE
 
 Two ACEs are considered here "duplicate" when their type and id fields are matching.
diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c
index c48f601be39..a80f4f23ad7 100644
--- a/source3/modules/nfs4_acls.c
+++ b/source3/modules/nfs4_acls.c
@@ -98,6 +98,12 @@ int smbacl4_get_vfs_params(struct connection_struct *conn,
 		return -1;
 	}
 	params->acedup = (enum smbacl4_acedup_enum)enumval;
+	if (params->acedup == e_ignore) {
+		DBG_WARNING("nfs4:acedup ignore is deprecated.\n");
+	}
+	if (params->acedup == e_reject) {
+		DBG_WARNING("nfs4:acedup ignore is deprecated.\n");
+	}
 
 	params->map_full_control = lp_acl_map_full_control(SNUM(conn));