[PATCH] Fix for XDR Backend of NFS4ACL_XATTR module to get it working with NFS4.0 ACL Spec

Andrew Bartlett abartlet at samba.org
Mon Sep 3 08:48:08 UTC 2018 

On Mon, 2018-09-03 at 08:33 +0000, Sandeep Nashikkar via samba-
technical wrote:
> On Mon, 27 August, 2018 at 12:30 PM IST Sandeep Nashikkar via samba-
> technical wrote:
> > 
> > > 
> > > On Fri, 24 August, 2018 at 04:40 Jeremy Allison wrote:
> > 
> > > 
> > > So I'm OK with this code now. RB+ Jeremy Allison in terms of how
> > > it encodes and changes the nfs4acls.
> > > What I still need to understand is the effect of this on existing
> > > setups with nfs4 ACLs stored in xattrs.
> > > which means that selecting both NFS4ACL_ENCODING_XDR *and* 
> > > NFS40ACL_ENCODING_XDR will use the same xattr name of
> > 
> > Jeremy, xattr name can be provided via xattr_name module parameter.
> > It will not break the existing setup if they provide required
> > parameters correctly. 
> > We can revert the default xattr name back to original if you
> > insist. Let me know. 
> > 
> > Thanks
> > Sandeep
> Hi Jeremy, 
> 
> Can we move the patch for next review? Let me know if there are any
> more suggestions. 
> BTW, I have another fix for smbacl4_fill_ace4() in
> "source3/modules/nfs4_acls.c"
> When we convert SID to uid/gid, we do not check if the type of SID is
> SID_NAME_DOM_GRP. 
> If the sid_to_uid as well as sid_to_gid return success, we end up
> wrongly setting SMB_ACE4_IDENTIFIER_GROUP in the SMB_ACE4PROP_T
> Please let me know if I need to submit separate patch for this fix or
> shall I update the same ACL plugin patch for that fix?

This is deleberate, to cope with SIDs that map to both a UID and GID
(IDMAP_TYPE_BOTH), which in turn is trying to eventually support
sidHistory entries properly, as well as trusted domains and other
things where telling if a SID is exactly a user or group is
difficult/impossible.

Andrew Bartlett

> Thanks,
> Sandeep
> 
> ***************************Legal
> Disclaimer***************************
> "This communication may contain confidential and privileged material
> for the
> sole use of the intended recipient. Any unauthorized review, use or
> distribution
> by others is strictly prohibited. If you have received the message by
> mistake,
> please advise the sender by reply email and delete the message. Thank
> you."
> *********************************************************************
> *
> 
> 
-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list