docs: record NetWare object ID trustee GUID mode
All checks were successful
Source release / source-package (push) Successful in 1m6s
All checks were successful
Source release / source-package (push) Successful in 1m6s
This commit is contained in:
OpenAI
Mario Fetka
17
AI.md
17
AI.md
@@ -581,12 +581,17 @@ NetWare/NSS xattr and trustee metadata baseline:
|
||||
allow/deny/clear model. The current mars-nwe `netware.metadata` trustee
|
||||
rights encoding uses the NSS/NCP bit assignments, so the rights masks are
|
||||
layout-compatible with Novell/OES readers.
|
||||
- Open directory-identity follow-up: `netware.metadata` trustee entries carry
|
||||
GUID-style NSS/eDirectory authorizer identifiers. mars-nwe currently maps the
|
||||
bindery object ID into the GUID field for local roundtrips and NCP readback; a
|
||||
real OES/NSS server might not resolve that identifier to the same object. Keep
|
||||
this as a Directory/eDirectory/NDS mapping task rather than changing the
|
||||
trustee rights patch.
|
||||
- Trustee identity compatibility mode: for the NetWare 3.x/4.x target, keep the
|
||||
classic 32-bit bindery/NDS object ID as the authoritative trustee identity and
|
||||
embed it deterministically in the NSS `GUID_t` `timeLow` field with the rest of
|
||||
the GUID zeroed. This preserves the classic NCP/SYSCON/FILER/GRANT/REVOKE
|
||||
object-ID model while using the NSS `netware.metadata` binary layout. Do not
|
||||
treat these values as real OES/eDirectory authorizer GUIDs.
|
||||
- Open directory-identity follow-up: real OES/NSS trustee entries carry
|
||||
GUID-style NSS/eDirectory authorizer identifiers. A real OES/NSS server might
|
||||
not resolve mars-nwe's embedded bindery object ID to the same object. Keep
|
||||
real eDirectory/NDS/AuthID GUID mapping as a later Directory task rather than
|
||||
changing the NetWare 3.x/4.x trustee rights patch.
|
||||
- Inheritance model to preserve: only entries marked inherit-down propagate;
|
||||
child inherited rights are filtered by `inheritedRightsMask` and
|
||||
`zVALID_TRUSTEE_RIGHTS`; supervisor is preserved in the mask and expands to all
|
||||
|
||||
6
TODO.md
6
TODO.md
@@ -2159,6 +2159,12 @@ Implementation tasks:
|
||||
- Add NSS-compatible trustee constants and helpers for effective rights:
|
||||
R/W/C/E/A/F/M/S, salvage/secure bits, inherited-rights-mask filtering,
|
||||
inherit-down propagation and supervisor expansion.
|
||||
- NetWare 3.x/4.x trustee identity mode: continue to use the classic 32-bit
|
||||
bindery/NDS object ID for trustee identity and embed that value in
|
||||
`netware.metadata` trustee `GUID_t.timeLow` with the remaining GUID fields
|
||||
zeroed. This is the mars-nwe compatibility mapping for classic NCP clients;
|
||||
full OES/NSS eDirectory/AuthID GUID mapping is a later Directory/eDirectory
|
||||
task, not a blocker for the current trustee rights backend.
|
||||
- Make the baseline positive trustee rights plus inherited rights mask. Negative
|
||||
ACL/deny/clear/one-level behavior from `trustees-3.0` is not part of the first
|
||||
NetWare/NSS compatibility layer.
|
||||
|
||||
Reference in New Issue
Block a user