features in samba 3.alpha (VFS)
Andrew Bartlett
abartlet at pcug.org.au
Tue Dec 4 12:39:09 GMT 2001
David Collier-Brown wrote:
>
> On Sun, 2 Dec 2001, Tim Potter wrote:
> [assuming I've got the quoting right!]
> > We didn't progress past the argument stage of stackable vfs modules. (-:
> > I think the consensus was that it was too hard to figure out the
> > semantics of how it would work.
>
> Well, in principle they're stackable, but we
> don't have a mechanism for stacking them!
> Tim and I were the discussants, when trying
> to figure out how to document them.
>
> David Lee <t.d.lee at durham.ac.uk> wrote
> > Semantics? Might a useful starting-point be the model used by PAM
> > (Pluggable Authentication Modules) with its "requisite, required,
> > optional, sufficient" configuration options etc. (Sure, we may well find
> > reasons why that is insufficient, but it may at least get our thinking
> > started...)
>
> And that sounds good... the equivalents are something like:
> requisite you must pass through this layer
> required ?
> optional you need not go here
> sufficient you don't need any more layers
>
> In a stacking architecture, this sounds more than
> sufficient...
>
> > So I'd like to encourage those members of the Samba team who are thinking
> > about VFS to consider whether we can, somehow, support multiple VFS layers
> > per share.
In my mind, creating a stacking VFS is quite simple:
Each module both provides and accepts a VFS_OPTS structure. The one it
provides implements the operations it supports, and the one it accpets
is used when it needs to conduct an operation.
For example, a module doing a virus scan could implement the 'open()'
VFS op, by calling the open() in the supplied next_ops structure, while
doing a virus-scan in the middle.
However, an SQL database VFS doing an 'open()' wouldn't call down the
chain, becouse it wouldn't make any sense.
The default vaule for ths next_ops would be the default_ops structure,
and the functions in this would be extended to do the same - call the
next struture's functions. If the next strucutre is itself - then do
the normal Samba default ops.
This gives you a nice simple interface - all the modules are just a
list.
You could go the full pam-like interface, but I don't see how it helps
much - the ability to be 'sufficient' implies the module signling back
things that never change - why not just keep them in the code?
(Specifing that an SQL module must pass-though its ops to another module
doesn't make sense, and specifing the virus scanner as the final module
doesn't either).
Just my two bobs worth
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba
mailing list