[PATCH][WIP] Make vfs_acl_xattr use hash of the posix ACL

Christian Ambach ambi at samba.org
Fri Oct 12 06:18:28 MDT 2012

Hi Andrew,

On 10/12/2012 01:26 PM, Andrew Bartlett wrote:

> What I'm working on is an improved implementation of the hash in
> vfs_acl_common.c.  The new hash will be of the 'system' ACL, whatever
> that is, rather than the NT ACL it maps to.

And what is the problem this is supposed to solve? Sorry that I fail to
see the need for this with the information I have up to now.

That we can change the ACL->SD mappings without rendering all EAs invalid?

> By defining this interface, vfs_acl_common does not need to know what
> the system ACL is, be it posix or nfsv4 or AFS.  It can (if returned)
> just hash the contents of the data_blob and store it.
> At a later time, if the contents matches, then the exact NT ACL that
> the windows client set is returned.  If the hash does not match, the
> the posix, NFSv4 or AFS ACL must have been changed outside Samba,
> and an imperfect mapping to an NT ACL is returned instead. [...] I
> would welcome patches to linearise NFSv4 into NDR in the same way I
> did for posix ACLs in smb_acl.idl

Shouldn't we better have one datatype that fits all variants instead of
having datatypes for each style of ACL? And the common denominator here
would be the general Windows SD format (as it has all fidelity).

> The choice is quite deliberate.  The upper case versions call the
> next, or top module.  This function calls the current module, which
> often implements the sys_acl_get_file_fn, and which we then want to
> call.
> This allows one set of helper functions to assist all the different
> posix ACL modules provide linearised ACLs as blobs.

Ok, I understand why that style of calling the methods is used.
But the approach that those modules include the vfs_acl_common.c file
should IMHO be fixed as well.


More information about the samba-technical mailing list