[PATCH] Remvoe smb_acl_t manipulations from the VFS layer

Tue Aug 14 16:30:33 MDT 2012

On Tue, 2012-08-14 at 15:03 -0700, Jeremy Allison wrote:
> On Mon, Aug 13, 2012 at 09:10:59PM +1000, Andrew Bartlett wrote:
> > On Mon, 2012-08-13 at 08:08 +1000, Andrew Bartlett wrote:
> > > This patch moves the declaration of smb_acl_t to IDL and changes the
> > > allocation code to use talloc.
> > > 
> > > https://git.samba.org/abartlet/samba.git/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/posix-acl-provision-wip
> > > 
> > > The reason I'm doing this is that I want to have some tests on and
> > > confidence with the NT -> posix ACL conversions, particularly as I have
> > > had some patches changing behaviour here accepted.
> > > 
> > > The issue is that doing this as non-root has issues, so I want to
> > > emulate the whole ACL and ownership store by putting it on an xattr (and
> > > in turn in a tdb). 
> > > 
> > > To do this, I need to be able to marshal an smb_acl_t.  In turn, I
> > > should be able to parse it with python, which will help a lot with
> > > validating results.
> > > 
> > > It also means we can (later, or sooner if you request) take the step of
> > > enrolling the objects into the talloc tree correctly. 
> > > 
> > > Please carefully review this, and see what you think.  
> > > 
> > > It passes a full manual autobuild on sn-devel.
> > 
> > I've updated the branch, and it now contains a major VFS change.
> > 
> > Originally, when you added the posix ACL layer to the VFS, the VFS layer
> > provided hooks to allocate and manipulate all aspects of the ACL.
> > 
> > However, since then we have not seen any alternate implementations of
> > these APIs.  Instead, it seems that the (now?) standardised smb_acl_t
> > structure is converted at get/set time.
> > 
> > By removing these from the VFS this makes the ACL code much simpler, and
> > means that it is reasonable to read and write it via IDL and python.  It
> > also makes it much more practical to pass in a talloc parent to
> > sys_acl_init(), modifying only the VFS modules and the get/set VFS
> > hooks. 
> > 
> > I've split it up into patches for each function, and am running an
> > manual autobuild now. 
> > 
> > This is needed for the posix ACL support in provision work as I can't
> > write automated tests for it without this change.  
> > 
> > Please let me know what you think,
> 
> I don't see the major VFS change in this branch :-(.
> 
> I'd like to look at this, as it seems to be the right
> way to go.

Sorry about that.  The patches that I have ready to push are in:

https://git.samba.org/abartlet/samba.git/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/posix-acl-provision

I've got some other (not yet ready) patches in the other branch.  I'll
get them rebased on top of each other.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org