Simon Wilkinson wrote: > > On 27 Jun 2009, at 18:39, Marc Dionne wrote: > >> >> First off I believe that clients determine the access rights based on >> the CallerAccess and AnonymousAccess fields in the FetchStatus >> structure, not on the actual ACL returned from FetchACL. > > Are we really shipping clients which go and find the parent vnode, and > use that to determine access, rather than just using what they're told > by FetchStatus? OpenAFS does. src/WINNT/afsd/cm_access.c cm_HaveAccessRights().
If the cm_scache_t is a directory the access rights are used directly. Otherwise, the parent cm_scache_t is obtained and the access rights for the parent are used. > > And does _anything_ actually use the results of FetchACL to control > cache access on the client? Nothing uses FetchACL. The effective access rights as returned in the AFSFetchStatus structure are always used. What the OpenAFS Windows client does is actually quite smart. It avoids a large numbers of FetchStatus calls that are unnecessary because the relevant access right info for the current user is the same on every item in the directory. If a callback already exists on an object in the directory from another user, there is no reason to go obtain another one just to obtain access rights that are already known. Thinking about this a bit more. It would be nice if in the future version of the AFSFetchStatus structure there was a flag that indicated to a client whether or not the access rights specified on the directory apply to all of the objects within the directory. This would make the client much more efficient in that case. Jeffrey Altman _______________________________________________ AFS3-standardization mailing list [email protected] http://michigan-openafs-lists.central.org/mailman/listinfo/afs3-standardization
