Re: [PATCH] nfs4-acl-tools (spaces in principal names)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 
Applied and pushed out to the git tree, thanks.

--b.

On Wed, Jul 18, 2012 at 10:40:39PM +0100, Liam Gretton wrote:
> Attached is a patch which changes the behaviour of nfs4_setfacl
> slightly to allow it to add, remove and modify ACLs which act on
> principals containing space characters.
> 
> The rationale behind this is to allow us to use nfs4_setfacl on a file
> system which is shared via CIFS to Windows clients and NFSv4. Though
> very rare in a Unix environment, Windows commonly uses user names (and
> hence principals derived from them) which contain spaces. A
> particularly common one is 'Domain Admins', the handling of which
> prompted me to look at modifying the nfs4_setfacl command.
> 
> As of 0.3.3 of nfs4-acl-tools, nfs4_setfacl fails to handle ACLs
> containing a space character no matter what attempts to quote the
> ACE or escape the space character:
> 
> # nfs4_setfacl -a "A:fdg:Domain Admins@xxxxxxx:R" file
> Scanning ACE string 'A:fdg:Domain' failed.
> Failed while inserting ACE(s) (at index 1).
> 
> (exit status 1.)
> 
> # nfs4_setfacl -a A:fdg:Domain\ Admins@xxxxxxx:R file
> Scanning ACE string 'A:fdg:Domain' failed.
> Failed while inserting ACE(s) (at index 1).
> 
> (exit status 1.)
> 
> The attached patch modifies the parsing of the command line and
> disallows space as an ACE delimiter. The patched version completes
> successfully:
> 
> # nfs4_setfacl -a "A:fdg:Domain Admins@xxxxxxx:R" file
> # nfs4_getfacl file
> A:fdg:Domain Admins@xxxxxxxx:rtncy
> 
> ACEs can be chained with commas, but no longer with spaces. With the
> -A, -X, -S or -e options which expect a file containing ACLs, ACEs
> can be separated with tabs, newlines and/or carriage returns as
> before.
> 
> As there's a slight change in behaviour, the patch also modifies one of
> the examples given in the EXAMPLES section of nfs4_setfacl(1) and the
> text of the 'ACL FORMAT' section of nfs4_acl.
> 
> The patches don't modify any version numbers or dates.
> 
> Regards,
> 
> Liam
> 
> -- 
> Liam Gretton                                    liam.gretton@xxxxxxxx
> HPC Architect                                http://www.le.ac.uk/its/
> IT Services                                   Tel: +44 (0)116 2522254
> University Of Leicester, University Road
> Leicestershire LE1 7RH, United Kingdom
> 

> diff -rup b_nfs4-acl-tools/libnfs4acl/nfs4_insert_string_aces.c a_nfs4-acl-tools/libnfs4acl/nfs4_insert_string_aces.c
> --- b_nfs4-acl-tools/libnfs4acl/nfs4_insert_string_aces.c       2012-07-18 21:14:47.000000000 +0100
> +++ a_nfs4-acl-tools/libnfs4acl/nfs4_insert_string_aces.c       2012-07-18 11:51:43.000000000 +0100
> @@ -45,7 +45,7 @@ int nfs4_insert_string_aces(struct nfs4_
>         if ((s = sp = strdup(acl_spec)) == NULL)
>                 goto out_failed;
> 
> -       while ((ssp = strsep(&sp, " ,\t\n\r")) != NULL) {
> +       while ((ssp = strsep(&sp, ",\t\n\r")) != NULL) {
>                 if (!strlen(ssp))
>                         continue;
> 
> diff -rup b_nfs4-acl-tools/man/man1/nfs4_setfacl.1 a_nfs4-acl-tools/man/man1/nfs4_setfacl.1
> --- b_nfs4-acl-tools/man/man1/nfs4_setfacl.1    2012-07-18 21:14:47.000000000 +0100
> +++ a_nfs4-acl-tools/man/man1/nfs4_setfacl.1    2012-07-18 21:13:02.000000000 +0100
> @@ -204,7 +204,7 @@ delete the first ACE, but only print the
>  .IP - 2
>  delete the last two ACEs above:
>  .br
> -       $ nfs4_setfacl -x "A::EVERYONE@rtncy, D::EVERYONE@:waxTC" foo
> +       $ nfs4_setfacl -x A::EVERYONE@rtncy,D::EVERYONE@:waxTC foo
>  .IP - 2
>  modify (in-place) the second ACE above:
>  .br
> diff -rup b_nfs4-acl-tools/man/man5/nfs4_acl.5 a_nfs4-acl-tools/man/man5/nfs4_acl.5
> --- b_nfs4-acl-tools/man/man5/nfs4_acl.5        2012-07-18 21:14:47.000000000 +0100
> +++ a_nfs4-acl-tools/man/man5/nfs4_acl.5        2012-07-18 21:11:11.000000000 +0100
> @@ -56,7 +56,7 @@ more permissive than the ones you set.
>  .SH ACL FORMAT
>  An NFSv4 ACL is written as an
>  .IR acl_spec ,
> -which is a comma- or whitespace-delimited string consisting of one or more
> +which is a comma- or tab-delimited string consisting of one or more
>  .IR ace_specs .
>  A single NFSv4 ACE is written as an
>  .IR ace_spec ,

--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Photo]     [Yosemite Info]    [Yosemite Photos]    [POF Sucks]     [Linux Kernel]     [Linux SCSI]     [XFree86]

Add to Google Powered by Linux