should get_nt_acl_no_snum really avoid VFS modules?
jra at samba.org
Fri May 18 00:15:46 GMT 2007
On Thu, May 17, 2007 at 03:17:57PM -0700, James Peach wrote:
> Hi Jeremy,
> I just bumped into the get_nt_acl_no_snum() function, and it seems
> that this always calls the POSIX ACL implementation.
> Since there's no guarantee that the file it is checking access to is
> on a POSIX filesystem or that the platform even supports POSIX ACLs,
> shouldn't this call SMB_VFS_GET_NT_ACL instead of get_nt_acl()?
This is a local api for local people, there's nothing for
you here ! :-).
Seriously it's designed for smbd internal use, knowing it's
accessing a local filesystem.... So I think it's just expecting
a "standard" unix permset to be mapped into an NT ACL.
It doesn't matter if the path doesn't support POSIX ACLs
as it'll translate mode_t into an NT ACL.
> And shouldn't it use the dirname of the path it is checking for the
> fake connectpath, rather than '/', since they could be different
> filesystem types? And even that is a bit wonky, because it probably
> assumes that the global ACLs module is appropriate for this path,
> which might not be true.
> If you give me a hint, I'll code up a patch :)
Hmmmm. Is it causing you grief at the moment ?
More information about the samba-technical