nfs4acl: Fix owner mapping with ID_TYPE_BOTH

This fixes a corner case when using NFS4 ACLs with ID_TYPE_BOTH.  Before
this patch, the owner entry in the ACL would be mapped to a gid entry in
the NFSv4 ACL, and not the expected special owner entry. This is caused
by the id mapping returning a valid gid and the nfs4 mapping assumed
that this was actually a group.

Fix this by asking for the uid first, and explicitly checking if the
mapped uid matches the owner. That creates a uid entry in the NFSv4 ACL
that can be changed later in smbacl4_substitute_{simple,special} to the
expected special owner entry.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c
index 71f4d8d4daeee3ff2e975d919c2f56a1426c9ac9..6fe3b11fc7e9d546a7f9e01d3cb9c18c9648379b 100644 (file)
--- a/source3/modules/nfs4_acls.c
+++ b/source3/modules/nfs4_acls.c
@@ -715,7 +715,14 @@ static bool smbacl4_fill_ace4(
                uid_t uid;
                gid_t gid;
 
-               if (sid_to_gid(&ace_nt->trustee, &gid)) {
+               /*
+                * ID_TYPE_BOTH returns both uid and gid. Explicitly
+                * check for ownerUID to allow the mapping of the
+                * owner to a special entry in this idmap config.
+                */
+               if (sid_to_uid(&ace_nt->trustee, &uid) && uid == ownerUID) {
+                       ace_v4->who.uid = uid;
+               } else if (sid_to_gid(&ace_nt->trustee, &gid)) {
                        ace_v4->aceFlags |= SMB_ACE4_IDENTIFIER_GROUP;
                        ace_v4->who.gid = gid;
                } else if (sid_to_uid(&ace_nt->trustee, &uid)) {