[PATCH] Storing the ACL control flags with vfs gpfs.

Alexander Werth werth at linux.vnet.ibm.com
Fri Mar 21 09:47:39 MDT 2014 

On Wed, 2014-03-19 at 15:10 -0700, Christof Schmitt wrote:
> On Mon, Mar 17, 2014 at 03:02:10PM +0100, Alexander Werth wrote:
> > I forgot the signed-off-by and added some text to the commit message.
> > 
> > Please comment/push.
> 
> I think the overall approach is good, and avoiding the GPFS 3.5 defines
> does not make the code too ugly. Some comments:
> 
> 0001-vfs-Support-NFS-control-flags-in-nfs4_acls.c.patch
> 
> --- a/source3/modules/nfs4_acls.c
> +++ b/source3/modules/nfs4_acls.c
> @@ -49,6 +49,7 @@ typedef struct _SMB_ACE4_INT_T
>  typedef struct _SMB_ACL4_INT_T
>  {
>  	uint32	magic;
> +	uint16  controlflags;
>  	uint32	naces;
>  	SMB_ACE4_INT_T	*first;
>  	SMB_ACE4_INT_T	*last;
> 
> Should we use uint16_t throughout these patches to move the code towards
> the C99 types? It is different from the existing code in the file, but
> changing it has to start at some point.

Ok, changed. Opening the stage for clean-up patches.

> 0002-vfs-Store-ACL-control-flags-in-gpfs-vfs-module.patch
> 
> --- a/source3/modules/vfs_gpfs.c
> +++ b/source3/modules/vfs_gpfs.c
> ...
> @@ -207,6 +225,34 @@ static int vfs_gpfs_get_real_filename(struct
> vfs_handle_struct *handle,
>  	return 0;
>  }
> 
> +static void sd2gpfs_control(uint16_t control, struct gpfs_acl *gacl)
> +{
> +	unsigned int gpfs_aclflags = 0;
> +	gpfs_aclflags = control << 8;
> +	gpfs_aclflags &= 0x3c3c00; /* ACL4_FLAG_DACL_PROTECTED |
> +				      ACL4_FLAG_SACL_PROTECTED |
> +				      ACL4_FLAG_DACL_AUTO_INHERITED |
> +				      ACL4_FLAG_SACL_AUTO_INHERITED |
> +				      ACL4_FLAG_DACL_DEFAULTED |
> +				      ACL4_FLAG_SACL_DEFAULTED |
> +				      ACL4_FLAG_DACL_PRESENT |
> +				      ACL4_FLAG_SACL_PRESENT; */
> +	if (!(control & 0x00000400)) /* SEC_DESC_DACL_PRESENT */
> +		gpfs_aclflags |= 0x00800000; /* ACL4_FLAG_NULL_DACL; */
> +	if (!(control & 0x00001000)) /* SEC_DESC_SACL_PRESENT */
> +		gpfs_aclflags |= 0x01000000; /* ACL4_FLAG_NULL_SACL; */
> 
> The if statements should use braces. Also the SEC_DESC_... defines are
> from Samba, not GPFS, so they can be used without problems.

True.

> +	gacl->acl_level = 1; /* GPFS_ACL_LEVEL_V4FLAGS*/
> +	/* gacl->v4Level1.acl_flags requires gpfs 3.5 */
> +	*(unsigned int *)&gacl->ace_v4 = gpfs_aclflags;
> +}
> +
> +static uint16_t gpfs2sd_control(unsigned int gpfs_aclflags)
> +{
> +	uint16_t control = gpfs_aclflags >> 8;
> +	control |= SEC_DESC_SELF_RELATIVE;
> +	return control;
> +}
> 
> It is probably unlikely that someone would be modifying the flags in the
> filesystem without going through Samba, but should gpfs2sd_control use
> the same mask as sd2gpfs_control for consistency? Maybe create a
> static uint16_t gpfs_aclflags_mask = 0x3c3c00; and use it in both
> functions?

I found a different solution: Filter while we are dealing with the
security descriptor where we have the defines instead of filtering the
gpfs control flags where we need the literals.

> Also the ACL4_FLAG_NULL_DACL and ACL4_FLAG_NULL_SACL mappings are
> missing from gpfs2sd_control. Are they not needed here?

Yes, they are not relevant at the moment. The code doesn't yet
distinguish between a null dacl and an empty dacl. That's a future
change that's possible through the stored control flags.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-vfs-Support-NFS-control-flags-in-nfs4_acls.c.patch
Type: text/x-patch
Size: 3104 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20140321/91bb86a5/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-vfs-Store-ACL-control-flags-in-gpfs-vfs-module.patch
Type: text/x-patch
Size: 8557 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20140321/91bb86a5/attachment-0001.bin>

More information about the samba-technical mailing list