[PATCH] Fix for XDR Backend of NFS4ACL_XATTR module to get it working with NFS4.0 ACL Spec

Jeremy Allison jra at samba.org
Thu Aug 23 23:09:47 UTC 2018


On Thu, Aug 16, 2018 at 11:43:48AM +0000, Sandeep Nashikkar wrote:
> On Wed, Aug 15, 2018 03:01 AM IST Jeremy Allison wrote 
> 
> On a side note, the nfs4acl_* functions do not comply with NFS 4.1 Spec. 

Oh, that's a pain. Can you tell me how they differ ?

> Thanks a lot Jeremy for your time and inputs. I have attached the updated patch. 
> Please review and let me know if you have any more questions. 

So I'm OK with this code now. RB+ Jeremy Allison
in terms of how it encodes and changes the nfs4acls.

What I still need to understand is the effect of
this on existing setups with nfs4 ACLs stored in
xattrs.

The issue I have is with this element of the patch:

@@ -524,6 +532,7 @@ static int nfs4acl_connect(struct vfs_handle_struct *handle,
 
        switch (config->encoding) {
        case NFS4ACL_ENCODING_XDR:
+       case NFS40ACL_ENCODING_XDR:
                default_xattr_name = NFS4ACL_XDR_XATTR_NAME;
                break;
        case NFS4ACL_ENCODING_NDR:

which means that selecting both NFS4ACL_ENCODING_XDR *and*
NFS40ACL_ENCODING_XDR will use the same xattr name of

-#define NFS4ACL_XDR_XATTR_NAME "security.nfs4acl_xdr"
+#define NFS4ACL_XDR_XATTR_NAME "system.nfs4_acl"

system.nfs4_acl

The existing code using NFS4ACL_ENCODING_XDR stores
in security.nfs4acl_xdr. I think you need to change
the xattr name to system.nfs4_acl, so that existing
setups don't conflict. You can't re-use the same
xattr name for two different encodings, that way
lies madness and corrupted user ACL data.

I'm CC:ing Ralph on this one as he wrote the
original encoding for nfsv4 ACLs. Once he
RB+'s it we can push.

Ralph, can you take a look at this ?

Thanks,

	Jeremy.



More information about the samba-technical mailing list