Default ACLs and the ACL hash in vfs_xattr_common

Andrew Bartlett abartlet at
Thu Oct 4 23:47:20 MDT 2012


I've been looking over the ACL mapping code and in particular the
hash-based method in vfs_xattr_common.

It is complex code, and so I'm trying to validate what I'm reading.  As
far as I see it, the inclusion (or not) of the default ACL on a
directory in the ACL calculation depends on if we call
fget_nt_acl_common or get_nt_acl_common.

This in turn makes me worry that the hashed SD (created with
fget_nt_acl_common) will not match for directories where we call
get_nt_acl_common, which might consider a default posix ACL. 

This is due to the difference between posix_fget_nt_acl() and
posix_get_nt_acl() in posix_acls.c

The reason this comes to light for me now is that I'm looking to make
this more reliable, and hash the posix ACL.  I've made preparations
before rc1, but I need to finish the work, and noticed the need to
consider these default ACLs. 

I'll keep digging, but I just thought I might raise the issue. 

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 

More information about the samba-technical mailing list