[PATCH] Remvoe smb_acl_t manipulations from the VFS layer

Jeremy Allison jra at samba.org
Tue Aug 14 16:03:02 MDT 2012 

On Mon, Aug 13, 2012 at 09:10:59PM +1000, Andrew Bartlett wrote:
> On Mon, 2012-08-13 at 08:08 +1000, Andrew Bartlett wrote:
> > This patch moves the declaration of smb_acl_t to IDL and changes the
> > allocation code to use talloc.
> > 
> > https://git.samba.org/abartlet/samba.git/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/posix-acl-provision-wip
> > 
> > The reason I'm doing this is that I want to have some tests on and
> > confidence with the NT -> posix ACL conversions, particularly as I have
> > had some patches changing behaviour here accepted.
> > 
> > The issue is that doing this as non-root has issues, so I want to
> > emulate the whole ACL and ownership store by putting it on an xattr (and
> > in turn in a tdb). 
> > 
> > To do this, I need to be able to marshal an smb_acl_t.  In turn, I
> > should be able to parse it with python, which will help a lot with
> > validating results.
> > 
> > It also means we can (later, or sooner if you request) take the step of
> > enrolling the objects into the talloc tree correctly. 
> > 
> > Please carefully review this, and see what you think.  
> > 
> > It passes a full manual autobuild on sn-devel.
> 
> I've updated the branch, and it now contains a major VFS change.
> 
> Originally, when you added the posix ACL layer to the VFS, the VFS layer
> provided hooks to allocate and manipulate all aspects of the ACL.
> 
> However, since then we have not seen any alternate implementations of
> these APIs.  Instead, it seems that the (now?) standardised smb_acl_t
> structure is converted at get/set time.
> 
> By removing these from the VFS this makes the ACL code much simpler, and
> means that it is reasonable to read and write it via IDL and python.  It
> also makes it much more practical to pass in a talloc parent to
> sys_acl_init(), modifying only the VFS modules and the get/set VFS
> hooks. 
> 
> I've split it up into patches for each function, and am running an
> manual autobuild now. 
> 
> This is needed for the posix ACL support in provision work as I can't
> write automated tests for it without this change.  
> 
> Please let me know what you think,

I don't see the major VFS change in this branch :-(.

I'd like to look at this, as it seems to be the right
way to go.

Cheers,

	Jeremy.

More information about the samba-technical mailing list