Created attachment 8208 [details] ACL fixes for 4.0 This is the series of ACL fixes since 4.0 rc1 This does not include the new posix acl hash handling (unfinished in master). The changes here are not in the preferred 'cherry-pick' form, as I can't manage that for this large volume of patches (metze may be able to replace the series). Because I can't get it to apply cleanly, it also does not include Jeremy's commit cf1540b73714fac6b25de5942cbd821e5f4f6ffc Author: Jeremy Allison <jra@samba.org> Date: Tue Nov 13 11:22:15 2012 -0800 Another fix needed for bug #9236 - ACL masks incorrectly applied when setting ACLs. From here, I'll run tests, both manual and automatic, and hopefully we these can get into RC6.
Comment on attachment 8208 [details] ACL fixes for 4.0 Christian, Are you aware (eg in GPFS) of any important ACL changes, particularly around the mem_ctx addition, that are not in this patch set?
Metze, You may wish to replace this patch set with one based on cherry-picked patches, if practical.
Comment on attachment 8208 [details] ACL fixes for 4.0 I'll have a closer look, once I'm finished (I may upload an extended patchset which cherry-pick information) I'll ask Jeremy for a second review.
Comment on attachment 8208 [details] ACL fixes for 4.0 you'll need commit 7a6182962966e5edb42728c8d0a4d471a69c83d7 that fixes the build break that [PATCH 05/42] smbd: Add mem_ctx to sys_acl_init() and all callers introduces. Unfortunately, that commits adds a memory corruption bug for which I have a patch ready, but not pushed to master yet (+some memory hierarchy fixes in the nfs4acls code which will create additional trouble when using acl_xattr with its use of stackframes)
Christian, I would like to make progress on this, starting by getting your memory handling changes into master. What is blocking that, and how can I help?
Created attachment 8211 [details] ACL fixes for 4.0 including fixes from ambi New patch including the patches ambi and I just got into master (included just after the mem_ctx patches).
Comment on attachment 8211 [details] ACL fixes for 4.0 including fixes from ambi Are you sure that patch "[PATCH 48/48] samba-tool dns: Don't use "localhost" to connect to local host " is correct for this bug?
Comment on attachment 8211 [details] ACL fixes for 4.0 including fixes from ambi You'll also need to squash this here into [PATCH 06/48] smbd: Add mem_ctx to {f,}get_nt_acl VFS call to make the patch not break the build of vfs_gpfs. master has a different fix for this (fa728d1c) that does not apply here because it also touches the new blob functions.
diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c index 5de984b..c1dc52a 100644 --- a/source3/modules/vfs_gpfs.c +++ b/source3/modules/vfs_gpfs.c @@ -363,7 +363,8 @@ static NTSTATUS gpfsacl_fget_nt_acl(vfs_handle_struct *handle, return NT_STATUS_INTERNAL_ERROR); if (!config->acl) { - return SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info, ppdesc); + return SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info, + mem_ctx, ppdesc); } result = gpfs_get_nfs4_acl(fsp->fsp_name->base_name, &pacl); @@ -396,7 +397,8 @@ static NTSTATUS gpfsacl_get_nt_acl(vfs_handle_struct *handle, return NT_STATUS_INTERNAL_ERROR); if (!config->acl) { - return SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info, ppdesc); + return SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info, + mem_ctx, ppdesc); } result = gpfs_get_nfs4_acl(name, &pacl);
I tried to compile v4-0-test + the patchset on AIX and it failed because a0588fd abartlet@samba.org vfs: Fix alternative posix and no-op sys acl implementations to take a mem_ctx is missing in the patchset
So, it all works once that's included?
Created attachment 8214 [details] ACL fixes for 4.0 including fixes from ambi, and including the AIX build fix
Comment on attachment 8214 [details] ACL fixes for 4.0 including fixes from ambi, and including the AIX build fix I'm currently reviewing and testing this. I already found some missing things and will upload a new patchset once I'm happy with the result.
Created attachment 8249 [details] Same patches for v4-0-test incl. cherry-pick info (without unrelated "Rework ldap attribute fetch" patch) See https://bugzilla.samba.org/attachment.cgi?id=8214 Karolin, please pick this to v4-0-test, but please note that some more patches will follow.
Created attachment 8250 [details] Additional patches for v4-0-test (part1)
(In reply to comment #14) > Created attachment 8249 [details] > Same patches for v4-0-test incl. cherry-pick info (without unrelated "Rework > ldap attribute fetch" patch) > > See https://bugzilla.samba.org/attachment.cgi?id=8214 > > Karolin, please pick this to v4-0-test, but please note that > some more patches will follow. Metze, please add me to the CC list if the bug report is not assigned to me. Otherwise it might happen that I don't get the information in time. The patch does not apply to v4-0-test: --- snip --- Applying: selftest: check that samba-tool gpo works for basic operations error: patch failed: source4/selftest/tests.py:405 error: source4/selftest/tests.py: patch does not apply Patch failed at 0032 selftest: check that samba-tool gpo works for basic operations --- snap ---
(In reply to comment #14) > Created attachment 8249 [details] > Same patches for v4-0-test incl. cherry-pick info (without unrelated "Rework > ldap attribute fetch" patch) > > See https://bugzilla.samba.org/attachment.cgi?id=8214 > > Karolin, please pick this to v4-0-test, but please note that > some more patches will follow. This depends on https://attachments.samba.org/attachment.cgi?id=8248 from https://bugzilla.samba.org/show_bug.cgi?id=9121
Created attachment 8255 [details] Additional patches for v4-0-test (part2)
Comment on attachment 8250 [details] Additional patches for v4-0-test (part1) ACK
Comment on attachment 8255 [details] Additional patches for v4-0-test (part2) ACK
==> Karolin for 4.0
Pushed to autobuild-v4-0-test.
Pushed to v4-0-test. Closing out bug report. Thanks!