[PATCH] Fix for XDR Backend of NFS4ACL_XATTR module to get it working with NFS4.0 ACL Spec

Ralph Böhme slow at samba.org
Mon Nov 26 15:05:13 UTC 2018

On Mon, Nov 26, 2018 at 12:40:14PM +0000, Sandeep Nashikkar via samba-technical wrote:
>What if we split such ACE into two? We add 2 NFS4 ACEs in smbacl4_win2nfs4 if 
>we determine that the SID maps to both uid and gid in call to 
>smbacl4_fill_ace4? Only one ACE will have SMB_ACE4_IDENTIFIER_GROUP bit set in 
>aceFlags. Will that work in other environments you are talking about? I tested 
>the fix for basic cases and it worked for domain user access case.

the ID_TYPE_BOTH still lets my head explode, not sure if I get the semantics 
right, but afaict what would be needed would be code similar to what we have in 
create_canon_ace_lists() to POSIX ACLs. That is, call sids_to_unixids(), not 
sid_to_uid() and friends and work from there.

Though I wonder: vfs_gpfs also uses this common code from nfs4_acls.c and my 
understanding has been that IDMAP_TYPE_BOTH should work with vfs_gpfs.

Anyone more familiar with IDMAP_TYPE_BOTH: thoughts?


Ralph Boehme, Samba Team                https://samba.org/
Samba Developer, SerNet GmbH   https://sernet.de/en/samba/
GPG-Fingerprint   FAE2C6088A24252051C559E4AA1E9B7126399E46

More information about the samba-technical mailing list