chucklever
commented
2 hours ago There is also the problem of ID mapping the "who" field in ACLs -- the client and server might map different "user@domain" strings to the same UID or GID, but this comparison mechanism will still fail.
There is also the issue that "user@domain" is utf8str_mixed: the "user" is case sensitive, but the "@domain" is not.
Currently _nfsd4_verify() re-encodes the target file's attributes and then uses memcpy() to compare them with the incoming file attributes. This works for simple attributes, but becomes problematic for richer attributes like POSIX ACLs.