[PATCH] Add tests for our NFSv4 ACL code
Andrew Bartlett
abartlet at samba.org
Fri Apr 26 06:04:53 MDT 2013
On Wed, 2013-04-24 at 13:13 +1000, Andrew Bartlett wrote:
> On Mon, 2013-04-22 at 14:44 +0200, Alexander Werth wrote:
> > On Mon, 2013-04-22 at 10:32 +1000, Andrew Bartlett wrote:
> > > On Wed, 2013-04-17 at 21:13 +0200, Alexander Werth wrote:
> > > > On Sun, 2013-04-14 at 22:00 +1000, Andrew Bartlett wrote:
> > > > > From here, I want to learn more about the failures, work out at what
> > > > > layer we should be doing various inheritance operations (adding
> > > > > emulation if required), and possibly patch raw.acls to optionally skip
> > > > > SACLs in the comparisons.
> > > >
> > > > I've merged the inheritance emulation into your nfs4acl_xattr module.
> > > > Please find the code in the attached patch.
> > > > The idea is that if no xattr with nfs4 acls is found the parent
> > > > folders are inspected recursively.
> > > > This way any vfs operation reading the acl of a file that just got
> > > > created with an open call will return the right security descriptor.
> > > >
> > > > With this the test nfs4acl_xattr.dynamic passes.
> > > > The nfs4acl_xattr.inheritance passes as well but there are
> > > > warnings since the SDs don't match bit for bit and the torture
> > > > test returns a failed even though there was no hard error.
> > > > So I guess we have to adjust the torture test before committing
> > > > this patch.
> > >
> > > Thanks for all your hard work here. These changes seen entirely
> > > sensible to me. Could you perhaps merge them into a set that could be
> > > committed to master? (Probably squash some of them together)
> >
> > Sounds good. I've rebased and attached a patchset that contains the
> > following commits:
> >
> > build: Move nfs4acl to the top level
> > vfs: Add vfs_handle_struct argument to smb_set_nt_acl_nfs4 and the callback
> > vfs: Allocate SMB4ACL_T on an explict memory context
> > vfs: Fix compile of vfs_gpfs.c.
> > vfs: Remove unused security_info argument in vfz_zfsacl.c
> > vfs: Fix missing TALLOC_CTX argument in vfs_zfsacl on blocking functions
> > vfs: Add new VFS module vfs_nfs4acl_xattr to use nfs4acl.idl
> > librpc: Add special owner/group/other constants to nfs4acl.idl
> > selftest: Run raw.acls test against the nfs4acl_xattr module
> > vfs: Add inheritance emulation to vfs_nfs4acl_xattr.
> > s4-smbtorture: Set result message when failing the inheritance test.
>
> For my part, I'm happy for you to add:
>
> Reviewed-By: Andrew Bartlett <abartlet at samba.org>
>
> But perhaps squash some of the patches that fix compile issues into the
> patches that add them.
>
> BTW, the set with the extra tests and the 9467 patch is in my nfsv4-2
> branch.
I've updated that branch, as I found I made similar errors in the ZFS
code as I did in the GPFS code. Make sure you grab the more recent
code.
I've also added the review markers to the relevant patches.
I plan on doing some more testing of all this tomorrow, trying to pin
down the issues that had me asked to look into this in the first place.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list