[PATCH][WIP] Make vfs_acl_xattr use hash of the posix ACL

Andrew Bartlett abartlet at samba.org
Sun Oct 14 04:47:54 MDT 2012 

On Sun, 2012-10-14 at 10:34 +0200, Volker Lendecke wrote:
> On Sat, Oct 13, 2012 at 04:27:10PM -0400, simo wrote:
> > On Sat, 2012-10-13 at 15:09 +1100, Andrew Bartlett wrote:
> > > On Fri, 2012-10-12 at 17:53 -0400, simo wrote:
> > > 
> > > > Sorry I am afraid you didn't explain why it is ok to keep mappings on
> > > > disk that do not match anymore.
> > > 
> > > Thinking about this some more, we can now do that.  We can confirm if
> > > the mapping NT -> posix has changed (because we have stored the result
> > > of that), as well as tell if the posix ACL itself has changed, or
> > > (because I store both hashes) the posix ACL is unchanged but the posix
> > > -> NT mapping has changed.
> > > 
> > > We couldn't do that before, all we would know is that *either* the posix
> > > -> NT mapping (which is the mapping this module is specifically trying
> > > to avoid returning to the client) has changed, or the the posix ACL has
> > > changed. 
> 
> I haven't fully followed this discussion, so excuse me if
> I'm talking rubbish here and just ignore me...
> 
> To be really correct, I think we need to properly version
> the NT SD in the acl_xattr module and provide upgrade
> routines. Whenever we change the mapping code, a new version
> is created. I know upgrade routines are really a pain, but
> if we want data on disk to remain valid across versions, I
> think this is the only way to avoid horrible confusion with
> multiple hashes and their different meanings.

The IDL structure written to the disk is a union with a version.  This
will be version 4.  The code reads the old version fine.  The code will
write the old version (3) and so behave unchanged if the sys_acl_blob
function fails (current eg would be a NFSv4 ACL).  Writing the old
version (3) using a parametric smb.conf option would be a trivial change
if desired.

I'm also trying to push as much extra metadata as I can think of (a
description of what the system ACL hash if of, and the current time)
into the xattr, so we can recover from a planned or unplanned change to
what goes into the hash.

Also, because we have a hash of what the NT -> POSIX mapping produced
(the system ACL) we can reset the posix ACL if we detect that it is the
NT -> POSIX mapping that has changed, rather than the POSIX ACL itself. 

In short, my strongest priority is increasing robustness here.

Andrew Bartlett
-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list