[PATCH] Add tests for our NFSv4 ACL code
abartlet at samba.org
Fri Apr 26 06:04:53 MDT 2013
On Wed, 2013-04-24 at 13:13 +1000, Andrew Bartlett wrote:
> On Mon, 2013-04-22 at 14:44 +0200, Alexander Werth wrote:
> > On Mon, 2013-04-22 at 10:32 +1000, Andrew Bartlett wrote:
> > > On Wed, 2013-04-17 at 21:13 +0200, Alexander Werth wrote:
> > > > On Sun, 2013-04-14 at 22:00 +1000, Andrew Bartlett wrote:
> > > > > From here, I want to learn more about the failures, work out at what
> > > > > layer we should be doing various inheritance operations (adding
> > > > > emulation if required), and possibly patch raw.acls to optionally skip
> > > > > SACLs in the comparisons.
> > > >
> > > > I've merged the inheritance emulation into your nfs4acl_xattr module.
> > > > Please find the code in the attached patch.
> > > > The idea is that if no xattr with nfs4 acls is found the parent
> > > > folders are inspected recursively.
> > > > This way any vfs operation reading the acl of a file that just got
> > > > created with an open call will return the right security descriptor.
> > > >
> > > > With this the test nfs4acl_xattr.dynamic passes.
> > > > The nfs4acl_xattr.inheritance passes as well but there are
> > > > warnings since the SDs don't match bit for bit and the torture
> > > > test returns a failed even though there was no hard error.
> > > > So I guess we have to adjust the torture test before committing
> > > > this patch.
> > >
> > > Thanks for all your hard work here. These changes seen entirely
> > > sensible to me. Could you perhaps merge them into a set that could be
> > > committed to master? (Probably squash some of them together)
> > Sounds good. I've rebased and attached a patchset that contains the
> > following commits:
> > build: Move nfs4acl to the top level
> > vfs: Add vfs_handle_struct argument to smb_set_nt_acl_nfs4 and the callback
> > vfs: Allocate SMB4ACL_T on an explict memory context
> > vfs: Fix compile of vfs_gpfs.c.
> > vfs: Remove unused security_info argument in vfz_zfsacl.c
> > vfs: Fix missing TALLOC_CTX argument in vfs_zfsacl on blocking functions
> > vfs: Add new VFS module vfs_nfs4acl_xattr to use nfs4acl.idl
> > librpc: Add special owner/group/other constants to nfs4acl.idl
> > selftest: Run raw.acls test against the nfs4acl_xattr module
> > vfs: Add inheritance emulation to vfs_nfs4acl_xattr.
> > s4-smbtorture: Set result message when failing the inheritance test.
> For my part, I'm happy for you to add:
> Reviewed-By: Andrew Bartlett <abartlet at samba.org>
> But perhaps squash some of the patches that fix compile issues into the
> patches that add them.
> BTW, the set with the extra tests and the 9467 patch is in my nfsv4-2
I've updated that branch, as I found I made similar errors in the ZFS
code as I did in the GPFS code. Make sure you grab the more recent
I've also added the review markers to the relevant patches.
I plan on doing some more testing of all this tomorrow, trying to pin
down the issues that had me asked to look into this in the first place.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical