[PATCH] nfs4acl: Fix owner mapping with ID_TYPE_BOTH
Jeremy Allison
jra at samba.org
Wed Sep 14 16:00:55 UTC 2016
On Tue, Sep 13, 2016 at 04:26:03PM -0700, Jeremy Allison wrote:
> On Mon, Sep 12, 2016 at 05:34:21PM -0700, Christof Schmitt wrote:
> > From f1883adf6ed027a03be2a3d4f1631d8bdb283e38 Mon Sep 17 00:00:00 2001
> > From: Christof Schmitt <cs at samba.org>
> > Date: Mon, 12 Sep 2016 16:22:16 -0700
> > Subject: [PATCH] nfs4acl: Fix owner mapping with ID_TYPE_BOTH
> >
> > This fixes a corner case when using NFS4 ACLs with ID_TYPE_BOTH. Before
> > this patch, the owner entry in the ACL would be mapped to a gid entry in
> > the NFSv4 ACL, and not the expected special owner entry. This is caused
> > by the id mapping returning a valid gid and the nfs4 mapping assumed
> > that this was actually a group.
> >
> > Fix this by asking for the uid first, and explicitly checking if the
> > mapped uid matches the owner. That creates a uid entry in the NFSv4 ACL
> > that can be changed later in smbacl4_substitute_{simple,special} to the
> > expected special owner entry.
>
> OK, went through the logic here very carefully (w.r.t chown
> interactions), and I think this is the correct thing to do.
>
> Pushed.
The push failed (unrelated issue :-) and in the shower
this morning I had a thought (something about this patch
must have been bothering me :-).
This patch adds logic to check the uid first - if the
mapped uid matches the owner, which is correct, but
it also removes the fallback mapping of:
- } else if (sid_to_uid(&ace_nt->trustee, &uid)) {
- ace_v4->who.uid = uid;
I don't think that's right. I think the logic should be:
check the uid first - if the mapped uid matches the owner
check if mapped to group
check if mapped to user.
(i.e. keep the final fallback code). Given that, I think
the following patch is correct. Christof, can you confirm ?
Thanks,
Jeremy.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-nfs4acl-Fix-owner-mapping-with-ID_TYPE_BOTH.patch
Type: text/x-diff
Size: 1733 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160914/4ecc090b/0001-nfs4acl-Fix-owner-mapping-with-ID_TYPE_BOTH.diff>
More information about the samba-technical
mailing list