[PATCH][WIP] Make vfs_acl_xattr use hash of the posix ACL
simo
idra at samba.org
Fri Oct 12 07:59:38 MDT 2012
On Fri, 2012-10-12 at 14:18 +0200, Christian Ambach wrote:
> Hi Andrew,
>
> On 10/12/2012 01:26 PM, Andrew Bartlett wrote:
>
> > What I'm working on is an improved implementation of the hash in
> > vfs_acl_common.c. The new hash will be of the 'system' ACL, whatever
> > that is, rather than the NT ACL it maps to.
>
> And what is the problem this is supposed to solve? Sorry that I fail to
> see the need for this with the information I have up to now.
>
> That we can change the ACL->SD mappings without rendering all EAs invalid?
>
> > By defining this interface, vfs_acl_common does not need to know what
> > the system ACL is, be it posix or nfsv4 or AFS. It can (if returned)
> > just hash the contents of the data_blob and store it.
> >
> > At a later time, if the contents matches, then the exact NT ACL that
> > the windows client set is returned. If the hash does not match, the
> > the posix, NFSv4 or AFS ACL must have been changed outside Samba,
> > and an imperfect mapping to an NT ACL is returned instead. [...] I
> > would welcome patches to linearise NFSv4 into NDR in the same way I
> > did for posix ACLs in smb_acl.idl
>
> Shouldn't we better have one datatype that fits all variants instead of
> having datatypes for each style of ACL? And the common denominator here
> would be the general Windows SD format (as it has all fidelity).
>
> > The choice is quite deliberate. The upper case versions call the
> > next, or top module. This function calls the current module, which
> > often implements the sys_acl_get_file_fn, and which we then want to
> > call.
> >
> > This allows one set of helper functions to assist all the different
> > posix ACL modules provide linearised ACLs as blobs.
>
> Ok, I understand why that style of calling the methods is used.
> But the approach that those modules include the vfs_acl_common.c file
> should IMHO be fixed as well.
Sorry for being late here, but what is the point of all those
talloc_stackframe() / TALLOC_FREE(frame) call pairs in the posix_acls()
code ?
Why not just use talloc_tos() ?
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>
More information about the samba-technical
mailing list