[PATCH] Add tests for our NFSv4 ACL code

Andrew Bartlett abartlet at samba.org
Fri Apr 26 06:04:53 MDT 2013 

On Wed, 2013-04-24 at 13:13 +1000, Andrew Bartlett wrote:
> On Mon, 2013-04-22 at 14:44 +0200, Alexander Werth wrote:
> > On Mon, 2013-04-22 at 10:32 +1000, Andrew Bartlett wrote:
> > > On Wed, 2013-04-17 at 21:13 +0200, Alexander Werth wrote:
> > > > On Sun, 2013-04-14 at 22:00 +1000, Andrew Bartlett wrote:
> > > > > From here, I want to learn more about the failures, work out at what
> > > > > layer we should be doing various inheritance operations (adding
> > > > > emulation if required), and possibly patch raw.acls to optionally skip
> > > > > SACLs in the comparisons. 
> > > > 
> > > > I've merged the inheritance emulation into your nfs4acl_xattr module.
> > > > Please find the code in the attached patch.
> > > > The idea is that if no xattr with nfs4 acls is found the parent
> > > > folders are inspected recursively.
> > > > This way any vfs operation reading the acl of a file that just got
> > > > created with an open call will return the right security descriptor.
> > > > 
> > > > With this the test nfs4acl_xattr.dynamic passes.
> > > > The nfs4acl_xattr.inheritance passes as well but there are
> > > > warnings since the SDs don't match bit for bit and the torture
> > > > test returns a failed even though there was no hard error.
> > > > So I guess we have to adjust the torture test before committing
> > > > this patch.
> > > 
> > > Thanks for all your hard work here.  These changes seen entirely
> > > sensible to me.  Could you perhaps merge them into a set that could be
> > > committed to master?  (Probably squash some of them together)
> > 
> > Sounds good. I've rebased and attached a patchset that contains the
> > following commits:
> > 
> >   build: Move nfs4acl to the top level
> >   vfs: Add vfs_handle_struct argument to smb_set_nt_acl_nfs4 and the callback
> >   vfs: Allocate SMB4ACL_T on an explict memory context
> >   vfs: Fix compile of vfs_gpfs.c.
> >   vfs: Remove unused security_info argument in vfz_zfsacl.c
> >   vfs: Fix missing TALLOC_CTX argument in vfs_zfsacl on blocking functions
> >   vfs: Add new VFS module vfs_nfs4acl_xattr to use nfs4acl.idl
> >   librpc: Add special owner/group/other constants to nfs4acl.idl
> >   selftest: Run raw.acls test against the nfs4acl_xattr module
> >   vfs: Add inheritance emulation to vfs_nfs4acl_xattr.
> >   s4-smbtorture: Set result message when failing the inheritance test.
> 
> For my part, I'm happy for you to add:
> 
> Reviewed-By: Andrew Bartlett <abartlet at samba.org>
> 
> But perhaps squash some of the patches that fix compile issues into the
> patches that add them.
> 
> BTW, the set with the extra tests and the 9467 patch is in my nfsv4-2
> branch. 

I've updated that branch, as I found I made similar errors in the ZFS
code as I did in the GPFS code.  Make sure you grab the more recent
code.

I've also added the review markers to the relevant patches.

I plan on doing some more testing of all this tomorrow, trying to pin
down the issues that had me asked to look into this in the first place.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list