2009/184 SMB/CIFS Share Exec Properties

Alan M Wright amw at sun.com
Mon Mar 23 11:56:08 PDT 2009 

On 03/23/09 10:47, Edward Pilatowicz wrote:
> having worked on frameworks with lots of callbacks, i just have one nit
> comment.
> 
> the names of the callbacks (map, and unmap) are ambigious wrt when they
> are invoked wrt their associated event.  i think it's implied that map
> will be invoked after a mapping is established,

The command is invoked during the mapping of a share, we don't specify
when it will be executed during the mapping process.  The only constraint
is that the command will have been executed before a response is returned
to the client.

> and unmap will before,

Similarly, for unmap.

Alan

> but it would be nice if the name of these callbacks was changed so that
> this was explicit.  say post-map and pre-unmap.
> ed
> 
> On Fri, Mar 20, 2009 at 03:43:37PM -0700, Jordan Brown wrote:
>> I am sponsoring the following for fast track approval.
>> The timer expires 27 March 2009.
>>
>> 1. Introduction
>>      1.1. Project/Component Working Name:
>>           SMB/CIFS share exec properties
>>      1.2. Name of Document Author/Supplier:
>>           Author:  Hoa Nguyen
>>      1.3  Date of This Document:
>>           20 March, 2009
>>
>>      A patch binding is requested for this change.
>>      This is a Committed interface.
>>
>> 4. Technical Description
>>
>> 	This fast-track proposes new service properties to support the
>> 	execution of a command or script when connecting or disconnecting
>> 	CIFS shares.  These properties are configurable with sharectl(1M)
>> 	and will be applied to all shares.  The command may be used to
>> 	perform automated administrative tasks each time a share is mapped
>> 	or disconnected, for example, to create home directories or monitor
>> 	resources.  The command will be executed using the credentials of
>> 	the smbd daemon, which, by default, is root/sys.  The command
>> 	will be executed using one of the exec() functions.  The content
>> 	of the environment is not specified.
>>
>> 	See also 6766364 Add scripting support to Autohome.
>>
>> 	In order to configure properties using sharectl(1M), a user must
>> 	be the superuser or assume an equivalent role to obtain the
>> 	solaris.smf.value.smb and solaris.smf.manage.smb RBAC
>> 	authorizations, or use the SMB Management RBAC profile, which
>> 	is part of the File System Management profile.
>>
>> 	Additional privileges are required to allow the smbd process to
>> 	fork a child process and execute the commands.  The privileges
>> 	will be enabled in the effective set and inheritable set when
>> 	needed for command execution.  Otherwise, they will be disabled.
>>
>> 	The following privileges are enabled for the exec'd process:
>> 	PRIV_FILE_CHOWN, PRIV_FILE_CHOWN_SELF, PRIV_FILE_DAC_EXECUTE,
>> 	PRIV_FILE_DAC_READ, PRIV_FILE_DAC_SEARCH, PRIV_FILE_DAC_WRITE,
>> 	PRIV_FILE_LINK_ANY, PRIV_FILE_OWNER, PRIV_FILE_SETID,
>> 	PRIV_PROC_EXEC, PRIV_PROC_FORK, PRIV_PROC_INFO, PRIV_PROC_OWNER,
>> 	PRIV_PROC_SESSION, PRIV_PROC_SETID, PRIV_SYS_CONFIG,
>> 	PRIV_SYS_LINKDIR, and PRIV_SYS_MOUNT.
>>
>> 	The service property names and values are as follows:
>>
>> 	map		The value is a command to be executed when connecting
>> 			to the share.  The command can take the following
>> 			arguments, which will be substituted when the command
>> 			is exec'd as described below.
>>
>> 			%U - Windows username.
>>
>> 			%D - Name of the domain or workgroup of %U.
>>
>> 			%h - The server hostname.
>>
>> 			%M - The client hostname, or "" if not available.
>>
>> 			%L - The server NetBIOS name.
>>
>> 			%m - The client NetBIOS name, or "" if not available.
>> 			This option is only valid for NetBIOS connections
>> 			(port 139).
>>
>> 			%I - The IP address of the client machine.
>>
>> 			%i - The local IP address to which the client is
>> 			connected.
>>
>> 			%S - The name of the share.
>>
>> 			%P - The root directory of the share.
>>
>> 			%u - The UID of the Unix user.
>>
>> 	unmap		The value is a command to be executed when
>> 			disconnecting the share.  The command can take the
>> 			same substitutions listed on the map property.
>>
>> 	disposition	A value that controls whether to disconnect the share
>> 			or proceed if the map command fails.  The disposition
>> 			property only has meaning when the map property has
>> 			been set.  Otherwise it will have no effect.
>>
>> 			disposition = [ continue | terminate ]
>>
>> 			continue	Proceed with share connection if the
>> 					map command fails.  This is the default
>> 					in the event that disposition is not
>> 					specified.
>>
>> 			terminate	Disconnect the share if the map
>> 					command fails.
>>
>> 	Examples of setting these properties with sharectl(1M):
>>
>> 		sharectl  set -p map="/tmp/map_script %U" smb
>> 		sharectl  set -p unmap=/tmp/unmap_script smb
>> 		sharectl  set -p disposition=terminate smb
>>
>> 	For example,
>>
>> 		sharectl  set -p map="/tmp/map_script %U" smb
>>
>> 	would be invoked with arguments of the form:
>>
>> 		arg0 = /tmp/map_script
>> 		arg1 = <Windows username>
>> 		arg2 = NULL
>>
>> 6. Resources and Schedule
>>      6.4. Steering Committee requested information
>>     	6.4.1. Consolidation C-team Name:
>> 		ON
>>      6.5. ARC review type: FastTrack
>>      6.6. ARC Exposure: open
>

More information about the opensolaris-arc mailing list