On Wed, 2013-05-29 at 16:32 -0700, Anand Avati wrote: > On 5/29/13 3:47 PM, Andrew Bartlett wrote: > > On Wed, 2013-05-29 at 15:37 -0700, Anand Avati wrote: > >> On 5/29/13 3:27 PM, Anand Avati wrote: > >>>>> On 05/29/2013 07:21 AM, Anand Avati wrote: > >>>>> Implement a Samba VFS plugin for glusterfs based on gluster's gfapi. > >>>>> This is a "bottom" vfs plugin (not something to be stacked on top of > >>>>> another module), and translates (most) calls into closest actions > >>>>> on gfapi. > >>>> Anand before we push this in samba I would like to have an answer about > >>>> access control. > >>>> > >>>> I have tried to find out exactly how access control is handled but the > >>>> code is complex. > >>>> > >>>> However what I found so far is not encouraging. > >>>> > >>>> I see things like: > >>>> > >>>> #define GF_MAX_AUX_GROUPS 200 > >>>> > >>>> and then in syncop_create_frame() that value is used to cap the max > >>>> number of auxiliary groups. > >>>> > >>>> In Linux the max number of auxiliary groups is 65536 and we have seen > >>>> easily 2k auxiliary groups attached to a user in Windows domains. > >>> > >>> Currently it is artificially limited to a number. I will work on making > >>> this dynamic. However this will be a completely internal change to > >>> glusterfs with no changes in either API or vfs_glusterfs. Thanks for the > >>> feedback. > >> > >> I have started working on this. Can we interpret this as a limitation of > >> glusterfs, rather than an issue with the VFS module? > >> > >> Let me know if there are any blockers for the merge. > > > > What it might mean is that we want the minimum version we accept via > > pkg-config raised, as it's going to be very difficult to configure test > > for (unless you happen to expose that in a public header). > > > > That kind of thing leads to all manner of subtle bugs (I've spent days > > on them personally). > > > > > Andrew, > The pkg-config dependency number used in the v9 patch is for the yet > unreleased glusterfs version. The API number 4 will be published in the > next glusterfs (3.4.0) release. Support for large group list is already > in review - http://review.gluster.org/5111/ and will be part of the next > release. Since we are doing the integration off git repos of both > projects, the dependency version is still fuzzy. > > Is this still considered a blocker? No, that's exactly what I was going to suggest. I'll deal with this today. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org
