why do we call ensure_canon_entry_valid on get?

Jeremy Allison jra at samba.org
Fri Oct 5 15:55:12 MDT 2012

On Sat, Oct 06, 2012 at 07:52:14AM +1000, Andrew Bartlett wrote:
> That resolves my confusion, and my concern about your patch.
> It leaves me with puzzlement as to what the routine is used for in the
> get codepath. 
> (man acl):
>      The acl_valid() function checks the ACL referred to by the argument acl for validity.
>      The three required entries ACL_USER_OBJ, ACL_GROUP_OBJ, and ACL_OTHER must exist exactly once in the ACL. If the ACL
>      contains any ACL_USER or ACL_GROUP entries, then an ACL_MASK entry is also required. The ACL may contain at most one
>      ACL_MASK entry.
> Are there systems where this doesn't hold?  Is this for the case where
> we don't have an ACL at all (just file modes)?  (If we could more
> clearly separate the get and set code-paths this would be much less
> confusing).

It's probably for the case where there is no ACL at all (just file
modes) - although as I recall when developing there were some particularly
strange systems (HPUX I think) where what comes back from the acl
functions was "strange" in some way (and I can't remember exactly
what the strange was :-).

Separating out the get and set versions is clearly the right answer
to make things clearer for people reading the code. I'll pop a quick
patch in to master for that shortly.


More information about the samba-technical mailing list