Default ACLs and the ACL hash in vfs_xattr_common

Andrew Bartlett abartlet at samba.org
Fri Oct 5 14:50:50 MDT 2012 

On Fri, 2012-10-05 at 08:41 -0700, Jeremy Allison wrote:
> On Fri, Oct 05, 2012 at 03:47:20PM +1000, Andrew Bartlett wrote:
> > Jeremy,
> > 
> > I've been looking over the ACL mapping code and in particular the
> > hash-based method in vfs_xattr_common.
> > 
> > It is complex code, and so I'm trying to validate what I'm reading.  As
> > far as I see it, the inclusion (or not) of the default ACL on a
> > directory in the ACL calculation depends on if we call
> > fget_nt_acl_common or get_nt_acl_common.
> > 
> > This in turn makes me worry that the hashed SD (created with
> > fget_nt_acl_common) will not match for directories where we call
> > get_nt_acl_common, which might consider a default posix ACL. 
> > 
> > This is due to the difference between posix_fget_nt_acl() and
> > posix_get_nt_acl() in posix_acls.c
> > 
> > The reason this comes to light for me now is that I'm looking to make
> > this more reliable, and hash the posix ACL.  I've made preparations
> > before rc1, but I need to finish the work, and noticed the need to
> > consider these default ACLs. 
> > 
> > I'll keep digging, but I just thought I might raise the issue. 
> 
> Thanks for checking, but I don't think this occurs.
> 
> posix_get_nt_acl() reads the default ACL if it's a directory.
> 
> Inside posix_fget_nt_acl() we have:
> 
>        if (fsp->is_directory ||  fsp->fh->fd == -1) {
>                 return posix_get_nt_acl(fsp->conn, fsp->fsp_name->base_name,
>                                         security_info, ppdesc);
>         }
> 
> So if it is a directory (which we know from the fsp pointer, and is
> the only case where we can have a default ACL) then we simply return
> posix_get_nt_acl(), which does fetch the default ACL.
> 
> I think you missed that in the control flow.

Yes, I missed that.  Thanks!

It's a pity given the possibility of renames that the acl_get_fd()
function can't take a type.  I guess it's because you 'normally' don't
open a directory to get an fd.  Should we re-stat the fd here to be sure
we know the right name, or has it already been done recently by a
caller?

Andrew Bartlett
-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list