Hi Jean-Pierre,
On Thu, 30 Aug 2007, Jean-Pierre ANDRE wrote:
> Attached are a few patches for evaluating the possible usage of ACL checking
> in ntfs-3g. This is a first attempted to locate problems and trigger
> reactions and is by no way to be used in real environments.
Thanks!
Unfortunately the patch is partial. The files were compared apparently with
one of your own internal versions.
Here are some hints how to make the patch:
- get the CVS version: http://sourceforge.net/cvs/?group_id=181143
- make your changes
- run cvs -up diff > my-work.diff
alternatively:
- unpack a public release
- copy the tree to the work environment
- make your changes
- run diff -rup public work > my-work.diff
The first version is preferred.
The coding style should be the same as the Linux kernel one, documented for
instance at http://lxr.linux.no/source/Documentation/CodingStyle
You can reformat your code to be the above with this command:
indent -npro -kr -i8 -ts8 -sob -l80 -ss -ncs ...
Please use the built-in logging support (ntfs_log_XXXX). If you would like
then you can define your own log handler with ntfs_log_set_handler().
> Only data as defined for ntfs are used, so approximations have to be made to
> make them available to the Linux world. As a consequence all security data
> may be saved by standard Windows tools, whereas some security data is lost
> when backing up by standard Linux tools.
Linux file systems support ACLs via extended attributes and tar can backup
them. It would be nice if we could be compatible.
For full volume backups I suggest ntfsclone which saves absolutely
everything (it was written exactly for the reason that no tools could
do rapid, reliable, full NTFS backups in 2002).
> A major key to this is the documentation on ntfs organization made
> available by the ntfs projets, to which I am grateful.
I also suggest to use ntfsinfo from the current ntfsprogs CVS. Much more
details should be displayed, especially if the --verbose option is used.
> My main concern about further developments on this path is about
> performance. ACL data are not organized for easy use on Linux and a lot of
> data has to be manipulated to make a basic check. Moreover, before making
> virtually any operations on a file, checks have to be made on all the
> directory levels in the path to the file. At least, Linux permissions
> should be kept in some cache to avoid recomputing them frequently.
FUSE already does most of the checks (but see the Access Handling and
Security section in the ntfs-3g manual) and caches the results. We just
need to give him some more help.
> Among the major things I have not (yet) solved, and for which I need some
> help :
>
> - defining a way to do the user mapping across OS's in dual-boot machines.
> Storing the mapping is a point, defining a tool to administrate the mapping
> is another (accessing the Windows register base to get friendly names
> associated to Windows variants of uid and gid ?)
Probably samba and the cifs client have solved this. Could you please check
it out how they do?
The Windows registry can be read by the chntpw tool, afaik.
> More technically (Szaka, can you help ?) :
>
> - how, in the fuse context, can I know the uid of the user on behalf of whom
> a request is being processed ?
fuse_get_context()->uid
> - access to ACL's are normally made in an indexed file, which requires the
> building of a hash key. Is the hash algorithm known ?
Yes, I've just checked this into the ntfs-3g CVS repository for you.
The function you need is ntfs_security_hash().
> is there available code to walk in the index tree ?
At the moment I think we only need to lookup and insert.
$SDH indexes by the hash and $SII by the Security ID. They provide the
offset and length in the $Secure::$SDS file where the security descriptor
can be found.
We have the index code but it supports only directories now, so some work
is also needed here.
Szaka
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
ntfs-3g-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ntfs-3g-devel
