lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 29 Apr 2021 09:07:39 +0900
From:   "Namjae Jeon" <namjae.jeon@...sung.com>
To:     "'J. Bruce Fields'" <bfields@...ldses.org>
Cc:     <linux-fsdevel@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
        <smfrench@...il.com>, <senozhatsky@...omium.org>,
        <hyc.lee@...il.com>, <viro@...iv.linux.org.uk>, <hch@....de>,
        <hch@...radead.org>, <ronniesahlberg@...il.com>,
        <aurelien.aptel@...il.com>, <aaptel@...e.com>,
        <sandeen@...deen.net>, <dan.carpenter@...cle.com>,
        <colin.king@...onical.com>, <rdunlap@...radead.org>,
        <willy@...radead.org>
Subject: RE: [PATCH v2 00/10] cifsd: introduce new SMB3 kernel server


> On Thu, Apr 22, 2021 at 09:28:14AM +0900, Namjae Jeon wrote:
> > ACLs                           Partially Supported. only DACLs available, SACLs
> >                                (auditing) is planned for the future. For
> >                                ownership (SIDs) ksmbd generates random subauth
> >                                values(then store it to disk) and use uid/gid
> >                                get from inode as RID for local domain SID.
> >                                The current acl implementation is limited to
> >                                standalone server, not a domain member.
> >                                Integration with Samba tools is being worked on to
> >                                allow future support for running as a domain member.
> 
Hi Bruce,
> How exactly is this implementing ACLs?  I grepped through the code a bit and couldn't quite figure it
> out--it looked like maybe it's both converting to a POSIX ACL and storing the full SBM ACL in an xattr,
> is that correct?  When you read an ACL, and both are present, which do you use?
If 'vfs objects = acl_xattr' parameter is defined in smb.conf, ksmbd store both.
If not, only posix acl will be stored. To avoid translation from posix acl to ntacl from request of client,
ksmbd use ntacl in xattr first.
> 
> Also it looked like there's some code from fs/nfsd/nfs4acl.c, could we share that somehow instead of
> copying?
Hm.. I do not know how to share the code with nfsd at present. Maybe we can discuss it again after upstream ?
Any thought ?
> 
> --b.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ