why do we call ensure_canon_entry_valid on get?
jra at samba.org
Fri Oct 5 15:55:12 MDT 2012
On Sat, Oct 06, 2012 at 07:52:14AM +1000, Andrew Bartlett wrote:
> That resolves my confusion, and my concern about your patch.
> It leaves me with puzzlement as to what the routine is used for in the
> get codepath.
> (man acl):
> The acl_valid() function checks the ACL referred to by the argument acl for validity.
> The three required entries ACL_USER_OBJ, ACL_GROUP_OBJ, and ACL_OTHER must exist exactly once in the ACL. If the ACL
> contains any ACL_USER or ACL_GROUP entries, then an ACL_MASK entry is also required. The ACL may contain at most one
> ACL_MASK entry.
> Are there systems where this doesn't hold? Is this for the case where
> we don't have an ACL at all (just file modes)? (If we could more
> clearly separate the get and set code-paths this would be much less
It's probably for the case where there is no ACL at all (just file
modes) - although as I recall when developing there were some particularly
strange systems (HPUX I think) where what comes back from the acl
functions was "strange" in some way (and I can't remember exactly
what the strange was :-).
Separating out the get and set versions is clearly the right answer
to make things clearer for people reading the code. I'll pop a quick
patch in to master for that shortly.
More information about the samba-technical