[PATCH] Fix for XDR Backend of NFS4ACL_XATTR module to get it working with NFS4.0 ACL Spec
Ralph Böhme
slow at samba.org
Mon Nov 26 15:05:13 UTC 2018
On Mon, Nov 26, 2018 at 12:40:14PM +0000, Sandeep Nashikkar via samba-technical wrote:
>What if we split such ACE into two? We add 2 NFS4 ACEs in smbacl4_win2nfs4 if
>we determine that the SID maps to both uid and gid in call to
>smbacl4_fill_ace4? Only one ACE will have SMB_ACE4_IDENTIFIER_GROUP bit set in
>aceFlags. Will that work in other environments you are talking about? I tested
>the fix for basic cases and it worked for domain user access case.
the ID_TYPE_BOTH still lets my head explode, not sure if I get the semantics
right, but afaict what would be needed would be code similar to what we have in
create_canon_ace_lists() to POSIX ACLs. That is, call sids_to_unixids(), not
sid_to_uid() and friends and work from there.
Though I wonder: vfs_gpfs also uses this common code from nfs4_acls.c and my
understanding has been that IDMAP_TYPE_BOTH should work with vfs_gpfs.
Anyone more familiar with IDMAP_TYPE_BOTH: thoughts?
-slow
--
Ralph Boehme, Samba Team https://samba.org/
Samba Developer, SerNet GmbH https://sernet.de/en/samba/
GPG-Fingerprint FAE2C6088A24252051C559E4AA1E9B7126399E46
More information about the samba-technical
mailing list