2009/184 SMB/CIFS Share Exec Properties

Edward Pilatowicz edward.pilatowicz at Sun.COM
Mon Mar 23 10:47:14 PDT 2009 

having worked on frameworks with lots of callbacks, i just have one nit
comment.

the names of the callbacks (map, and unmap) are ambigious wrt when they
are invoked wrt their associated event.  i think it's implied that map
will be invoked after a mapping is established, and unmap will before,
but it would be nice if the name of these callbacks was changed so that
this was explicit.  say post-map and pre-unmap.

ed

On Fri, Mar 20, 2009 at 03:43:37PM -0700, Jordan Brown wrote:
> I am sponsoring the following for fast track approval.
> The timer expires 27 March 2009.
>
> 1. Introduction
>      1.1. Project/Component Working Name:
>           SMB/CIFS share exec properties
>      1.2. Name of Document Author/Supplier:
>           Author:  Hoa Nguyen
>      1.3  Date of This Document:
>           20 March, 2009
>
>      A patch binding is requested for this change.
>      This is a Committed interface.
>
> 4. Technical Description
>
> 	This fast-track proposes new service properties to support the
> 	execution of a command or script when connecting or disconnecting
> 	CIFS shares.  These properties are configurable with sharectl(1M)
> 	and will be applied to all shares.  The command may be used to
> 	perform automated administrative tasks each time a share is mapped
> 	or disconnected, for example, to create home directories or monitor
> 	resources.  The command will be executed using the credentials of
> 	the smbd daemon, which, by default, is root/sys.  The command
> 	will be executed using one of the exec() functions.  The content
> 	of the environment is not specified.
>
> 	See also 6766364 Add scripting support to Autohome.
>
> 	In order to configure properties using sharectl(1M), a user must
> 	be the superuser or assume an equivalent role to obtain the
> 	solaris.smf.value.smb and solaris.smf.manage.smb RBAC
> 	authorizations, or use the SMB Management RBAC profile, which
> 	is part of the File System Management profile.
>
> 	Additional privileges are required to allow the smbd process to
> 	fork a child process and execute the commands.  The privileges
> 	will be enabled in the effective set and inheritable set when
> 	needed for command execution.  Otherwise, they will be disabled.
>
> 	The following privileges are enabled for the exec'd process:
> 	PRIV_FILE_CHOWN, PRIV_FILE_CHOWN_SELF, PRIV_FILE_DAC_EXECUTE,
> 	PRIV_FILE_DAC_READ, PRIV_FILE_DAC_SEARCH, PRIV_FILE_DAC_WRITE,
> 	PRIV_FILE_LINK_ANY, PRIV_FILE_OWNER, PRIV_FILE_SETID,
> 	PRIV_PROC_EXEC, PRIV_PROC_FORK, PRIV_PROC_INFO, PRIV_PROC_OWNER,
> 	PRIV_PROC_SESSION, PRIV_PROC_SETID, PRIV_SYS_CONFIG,
> 	PRIV_SYS_LINKDIR, and PRIV_SYS_MOUNT.
>
> 	The service property names and values are as follows:
>
> 	map		The value is a command to be executed when connecting
> 			to the share.  The command can take the following
> 			arguments, which will be substituted when the command
> 			is exec'd as described below.
>
> 			%U - Windows username.
>
> 			%D - Name of the domain or workgroup of %U.
>
> 			%h - The server hostname.
>
> 			%M - The client hostname, or "" if not available.
>
> 			%L - The server NetBIOS name.
>
> 			%m - The client NetBIOS name, or "" if not available.
> 			This option is only valid for NetBIOS connections
> 			(port 139).
>
> 			%I - The IP address of the client machine.
>
> 			%i - The local IP address to which the client is
> 			connected.
>
> 			%S - The name of the share.
>
> 			%P - The root directory of the share.
>
> 			%u - The UID of the Unix user.
>
> 	unmap		The value is a command to be executed when
> 			disconnecting the share.  The command can take the
> 			same substitutions listed on the map property.
>
> 	disposition	A value that controls whether to disconnect the share
> 			or proceed if the map command fails.  The disposition
> 			property only has meaning when the map property has
> 			been set.  Otherwise it will have no effect.
>
> 			disposition = [ continue | terminate ]
>
> 			continue	Proceed with share connection if the
> 					map command fails.  This is the default
> 					in the event that disposition is not
> 					specified.
>
> 			terminate	Disconnect the share if the map
> 					command fails.
>
> 	Examples of setting these properties with sharectl(1M):
>
> 		sharectl  set -p map="/tmp/map_script %U" smb
> 		sharectl  set -p unmap=/tmp/unmap_script smb
> 		sharectl  set -p disposition=terminate smb
>
> 	For example,
>
> 		sharectl  set -p map="/tmp/map_script %U" smb
>
> 	would be invoked with arguments of the form:
>
> 		arg0 = /tmp/map_script
> 		arg1 = <Windows username>
> 		arg2 = NULL
>
> 6. Resources and Schedule
>      6.4. Steering Committee requested information
>     	6.4.1. Consolidation C-team Name:
> 		ON
>      6.5. ARC review type: FastTrack
>      6.6. ARC Exposure: open

More information about the opensolaris-arc mailing list