svn commit: samba r17353 - in branches/SAMBA_3_0: examples
examples/gpfs source source/modules source/smbd
psomogyi at gamax.hu
Wed Aug 2 09:55:32 GMT 2006
On Wednesday 02 August 2006 11:12, Alexander Bokovoy wrote:
> consistent (all other functions accept SMB_STRUCT_STAT* as its second
> parameter). Am I correct?
Okay, this change wasn't _really_ necessary, I just don't like passing any
parameter which I don't know what is it for (not used), and want to prevent
> I'm looking forward for more info from Peter. The code was reviewed by
The code has separated NFS4<-->windows ACL mapping logic (nfs4_acls.c) which
should be used by every NFS4 ACL mapper module (e.g. vfs_aixacl2.c for JFS2).
Such modules should implement only mapping between this "common" NFS4
interface (nfs4_acls.h) and "native" data structures.
Here is a short description about mapping between NFS4 ACLs <--> windows ACLS:
1. ACE types: DENY & ALLOW is currenlty supported. (AUDIT & ALARM is not)
2. Permission masks: 1:1 mapped to windows (by value) - each perms are used on
NFS4 ACL side, but windows generic rights are currently not mapped.
3. Inheritance flags:
ACE4_FILE_INHERIT_ACE = SEC_ACE_FLAG_OBJECT_INHERIT
ACE4_DIRECTORY_INHERIT_ACE = SEC_ACE_FLAG_CONTAINER_INHERIT
ACE4_NO_PROPAGATE_INHERIT_ACE = SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
ACE4_INHERIT_ONLY_ACE = SEC_ACE_FLAG_INHERIT_ONLY
ACE4_IDENTIFIER_GROUP -> special meaning in NFSv4 (= ace.who is a group)
SEC_ACE_FLAG_INHERITED_ACE -> not mapped (no corresponding flag in NFS4)
Others are not supported (yet) because AUDIT & ALARM is not supported (yet).
4. Who field: currently every SID needs to be mappable within samba to a local
GID or UID except global_sid_World (which is mapped to @Everyone), otherwise
ACL is rejected with error. (even if underlying flesystem supports having
Any comments appreciated.
Bartok Bela ut 15/D
H-1114, Budapest, Hungary
e-mail: psomogyi at gamax.hu
phone: +36 1 382 5469
More information about the samba-technical