Project

General

Profile

Feature #27629

Add support for security descriptor control flags to Samba

Added by Andrew Walker over 1 year ago. Updated 3 months ago.

Status:
Done
Priority:
No priority
Assignee:
Andrew Walker
Category:
Services
Target version:
Estimated time:
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
No
Needs Doc:
No
Needs Merging:
No
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:

Related projects 1 project

Description

The structure of a Windows security descriptor contains 16 bits for security descriptor control flags (DACL Protected, DACL Auto-Inherited, etc.) See MS-DTYP 2.4.6: https://msdn.microsoft.com/en-us/library/cc230366.aspx

FreeBSD / ZFS in sys/cddl/contrib/opensolaris/uts/common/sys/acl_impl.h has the following structure:

struct acl_info {
    zfs_acl_type_t acl_type;    /* style of acl */
    int acl_cnt;            /* number of acl entries */
    int acl_entry_size;        /* sizeof acl entry */
    int acl_flags;            /* special flags about acl */
    void *acl_aclp;            /* the acl */
};

The RFC for NFS4.1 has the following defined:

   struct nfsacl41 {
           aclflag4        na41_flag;
           nfsace4         na41_aces<>;
   };
   const ACL4_AUTO_INHERIT         = 0x00000001;
   const ACL4_PROTECTED            = 0x00000002;
   const ACL4_DEFAULTED            = 0x00000004;

We should map the Windows security descriptor control flags into acl_flags in a way that is consistent with the NFS41 RFC. This will potentially allow 1 to 1 correspondence between a Windows Security Descriptor and ZFS ACL, while maintaining potential for supporting NFS41 na41_flag in the future, and improving cross-protocol compatibility.

History

#1 Updated by Dru Lavigne over 1 year ago

  • Status changed from Untriaged to Unscreened
  • Target version set to 11.3

#2 Updated by Dru Lavigne over 1 year ago

  • Status changed from Unscreened to Not Started

#3 Updated by Dru Lavigne over 1 year ago

  • Project changed from TrueNAS to FreeNAS
  • Category changed from OS to OS
  • Hide from ChangeLog deleted (No)
  • Support Department Priority deleted (0)

#4 Updated by John Hixson over 1 year ago

  • Assignee changed from John Hixson to Timur Bakeyev

#5 Avatar?id=13649&size=24x24 Updated by Ben Gadd about 1 year ago

  • Target version changed from 11.3 to Backlog

#6 Avatar?id=13649&size=24x24 Updated by Ben Gadd about 1 year ago

  • Severity set to New

#7 Updated by John Hixson about 1 year ago

  • Assignee changed from Timur Bakeyev to John Hixson

#8 Updated by John Hixson about 1 year ago

  • Category changed from OS to Services

#10 Updated by John Hixson 12 months ago

  • Severity changed from New to Low

#11 Updated by Dru Lavigne 9 months ago

  • Assignee changed from John Hixson to William Grzybowski

#12 Updated by William Grzybowski 9 months ago

  • Assignee changed from William Grzybowski to Andrew Walker

#14 Avatar?id=14398&size=24x24 Updated by Kris Moore 8 months ago

  • Private changed from No to Yes

#15 Avatar?id=14398&size=24x24 Updated by Kris Moore 8 months ago

  • Severity changed from Low to New

#16 Updated by Andrew Walker 6 months ago

  • Subject changed from Add support for security descriptor control flags to Add support for security descriptor control flags to samba
  • Status changed from Not Started to Done
  • Needs Merging changed from Yes to No

#18 Updated by Dru Lavigne 6 months ago

  • Status changed from Done to Ready for Testing
  • Target version changed from Backlog to 11.3

#19 Updated by Dru Lavigne 6 months ago

  • Target version changed from 11.3 to 11.3-BETA1

#20 Updated by Dru Lavigne 5 months ago

  • Subject changed from Add support for security descriptor control flags to samba to Add support for security descriptor control flags to Samba
  • Private changed from Yes to No

#22 Updated by Dru Lavigne 4 months ago

  • Needs Doc changed from Yes to No

#23 Updated by Dru Lavigne 4 months ago

  • Status changed from Ready for Testing to Done
  • Needs QA changed from Yes to No

#25 Updated by Dru Lavigne 3 months ago

  • Target version changed from 11.3-BETA1 to 11.3-ALPHA1

Also available in: Atom PDF