Default ACLs and the ACL hash in vfs_xattr_common
Andrew Bartlett
abartlet at samba.org
Thu Oct 4 23:47:20 MDT 2012
Jeremy,
I've been looking over the ACL mapping code and in particular the
hash-based method in vfs_xattr_common.
It is complex code, and so I'm trying to validate what I'm reading. As
far as I see it, the inclusion (or not) of the default ACL on a
directory in the ACL calculation depends on if we call
fget_nt_acl_common or get_nt_acl_common.
This in turn makes me worry that the hashed SD (created with
fget_nt_acl_common) will not match for directories where we call
get_nt_acl_common, which might consider a default posix ACL.
This is due to the difference between posix_fget_nt_acl() and
posix_get_nt_acl() in posix_acls.c
The reason this comes to light for me now is that I'm looking to make
this more reliable, and hash the posix ACL. I've made preparations
before rc1, but I need to finish the work, and noticed the need to
consider these default ACLs.
I'll keep digging, but I just thought I might raise the issue.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list