[PATCH] SYSVOL ACL fixes Re: [PATCH] Fix 'samba-tool ntacl sysvolcheck' failures and remove NT4 compat

Andrew Bartlett abartlet at samba.org
Wed Nov 14 13:14:19 MST 2012

On Wed, 2012-11-14 at 16:06 +0100, Stefan (metze) Metzmacher wrote:
> Hi Andrew,
> > On Wed, 2012-11-14 at 10:40 +0200, Tadas wrote:
> >> Could you make those patches for rc5 or should they apply cleanly? Then I
> >> could test them on my main deployment and not on testing deployment with
> >> only few machines.
> >>
> >> I really want to see GPO's fixed :)
> > 
> > The attached (large) series of patches are all the ACL-related fixes
> > that are not yet in 4.0.  
> I maintain a branch
> https://gitweb.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/v4-0-test
> which is identical to master (except for VERSION and WHATSNEW.txt),
> where I git cherry-pick -x all changes from origin/master
> and rebase on origin/v4-0-test.
> When I'm getting conflicts during the rebase on origin/v4-0-test
> I typically skip (git rebase --skip) because they're already
> in origin/v4-0-test. At the end I compare my v4-0-test to origin/master
> and the diff should only show VERSION and WHATSNEW.txt.
> But if I do rebase on origin/v4-0-test + your patchset,
> I'm getting a larger diff against origin/master.
> This means the patchset is incomplete.

Can you give me more details than that?

That patch set was the best I could figure out trying to pick out
patches, but if you have more information then we can work together to
provide a correct set. 

It does have the additional changes I was waiting for review on from

> > They may not all be strictly required (some are tests), and we may
> > decide not to do the mem_ctx changes, but this lot builds and passes the
> > automated tests here.  
> I think we should keep the diff in that area zero to prevent backporting
> nightmares
> in future.
> I think we should backport all vfs/acl changes from master to v4-0-test
> including all tests and tools.

I agree.

> I already noticed that the commit from v4-0-test
> "Fix bug 9376 - ensure_canon_entry_valid generates duplicate
> SMB_ACL_GROUP, acl_valid fails."
> https://gitweb.samba.org/?p=samba.git;a=commitdiff;h=e122c7d24b10119c9ea4d65e0099ff1690394457
> was a different change compared to
> s3:smbd: Fix typo in got_duplicate_group check
> https://gitweb.samba.org/?p=samba.git;a=commitdiff;h=c06d602d7f3b8d3da972071a1b5392c6b145133f
> We should really try to avoid that as it makes the overhead of backporting
> and auditing the missing backports much harder.


As you have a script for it, I'm hoping we can also make the patch out
of cherry-picked changes, so we keep the git reference between the
branches in the message.  

That is in part why I've not started trying to get some of these into
4.0 yet, I want to have them with a stable git hash from master to
cherry-pick from. 


Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list