Date: Sat, 5 Jul 2008 11:52:51 GMT From: Edward Tomasz Napierala <trasz@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 144705 for review Message-ID: <200807051152.m65Bqp1V099838@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=144705 Change 144705 by trasz@trasz_traszkan on 2008/07/05 11:52:39 Update TODO. Affected files ... .. //depot/projects/soc2008/trasz_nfs4acl/TODO#2 edit Differences ... ==== //depot/projects/soc2008/trasz_nfs4acl/TODO#2 (text+ko) ==== @@ -1,62 +1,28 @@ Things to do, in no particular order: -Compatibility -============= +- Add the ability to remove ACE by number to setfacl(1), -- Create 'struct acl_old' and related types as a copy of 'struct acl' - and related types. Replace all occurences of 'struct acl' with 'struct - acl_old'. +- Add the ability to add ACE at a given position in ACL to setfacl(1), -- Extend 'struct acl' and related types as needed for NFSv4 ACLs. +- Change acl_{get,set}_flags_np into Darwin-compatible calls: -- Write code to translate between 'struct acl' and 'struct acl_old'. + int acl_add_flag_np(acl_flagset_t flagset_d, acl_flag_t flag); + int acl_clear_flags_np(acl_flagset_t flagset_d); + int acl_delete_flag_np(acl_flagset_t flagset_d, acl_flag_t flag); + int acl_get_flag_np(acl_flagset_t flagset_d, acl_flag_t flag); + int acl_get_flagset_np(void *obj_p, acl_flagset_t *flagset_p); + int acl_set_flagset_np(void *obj_p, acl_flagset_t flagset_d); -- Add acl_whatever_flag_np routines to the libc. +- Find out what to do with chmod(1). Right now, "chmod 600" on file + which already has mode 0600 does not call chmod(2) at all - and it + should, as it might cause ACL recomputation. -- Move ACL-related VOPs from using 'acl_old' to 'acl' for both interfacing - with the upper layers and on-disk storage. +- Make access control more granular. -- Add new set of ACL syscalls. Break out common code into separate routines - and implement syscalls for both new and old API as wrappers around - that - for example, for new API, the syscall will copyin and call the common - routine; for old API the syscall will copyin, translate and call the common - routine. +- Attach ZFS to the framework. -- Find out how symbol versioning works. Use it to create backward compatible - API - wrap old API around new one, using translation routines described above. +- Write code to do the same operations on UFS and ZFS and compare results. -Actual implementation -===================== - -- Find out how interaction between "legacy" UNIX permissions (rwxrwxrwx) - and NFSv4 ACLs works in SunOS. - -- Find out how interaction between "legacy" UNIX permissions (rwxrwxrwx) - and NFSv4 ACLs works in Darwin. - -- Decide on the command line tools user interface. - -- Implement parser for the new ACL type. - -- Implement printer for the new ACL type. - -- Add mount flag (nfs4acls?), mutually exclusive with 'acls', to turn on new ACLs. - -- Add some mock-up code to kern/subr_acl_nfs4.c. - -- Extend stuff from ufs/ufs/ufs_acl.c to call that code for NFSv4 ACLs. At this point - I should be able to test if storing and retrieving works as it should, for both new - (struct acl) and old (struct acl_old) on-disk layout. - -- Replace the mock-up with actual implementation. ;-) - (XXX: This deserves for a longer description.) - -Testing -======= - -- Find out if there is any existing tool to test this. - -- Find out what functionality is needed for regression tests. - -- Implement. +- Write library that implements SunOS acl(2)/facl(2) as wrappers around + __acl_whatever syscalls. Use it in Samba.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200807051152.m65Bqp1V099838>