I am sponsoring the following fast-track for myself. This case
introduces a new feature into ZFS to support Access Based Enumeration
within our SMB server. Requested binding is patch/micro.
Template Version: @(#)sac_nextcase 1.68 02/23/09 SMI
This information is Copyright 2009 Sun Microsystems
1. Introduction
1.1. Project/Component Working Name:
ZFS support for Access Based Enumeration
1.2. Name of Document Author/Supplier:
Author: Timothy Haley
1.3 Date of This Document:
20 April, 2009
4. Technical Description
OVERVIEW
Windows file servers support a feature called Access Based
Enumeration (ABE), which, when enabled, filters the response
to readdir requests such that the consumer only sees files and
directories (folders) to which the consumer has access. ABE
support has been requested in RFE 6802734 to support Windows
interoperability. Access is defined as having any of the
permissions assignable via chmod(1M) and described in acl(5).
There are currently 14 such permissions[1].
The filtering only applies to data returned by the file system's
VOP_READDIR() function. If the entity defined by the cred_t
lacks access to a directory entry, that entry is omitted from
the returned dirent data. A caller to the VOP requests ABE
filtering by bitwise OR-ing V_RDDIR_ACCFILTER into the flags
passed to VOP_READDIR().
A new VFS feature flag (see PSARC 2007/227) VFSFT_ACCESS_FILTER
will be added to support ABE, which is set by a file system to
indicate that it implements access based filtering. A file
system that does not implement the feature may still receive the
V_RDDIR_ACCFILTER flag in a call to its VOP_READDIR() and should
ignore it.
Note: While it is possible for consumers of VOP_READDIR() to
perform an access check on each directory entry it is significantly
more efficient to implement this feature within the file system.
ABE feature support is also testable using pathconf(2) with a name
argument of _PC_ACCESS_FILTERING. If the path or file descriptor
refers to a directory within a file system that supports
VFSFT_ACCESS_FILTER, a non-zero value is returned, otherwise zero
is returned.
[1] The currently defined permissions are
read_data/list_directory, write_data/add_file,
append_data/add_subdirectory, read_xattr, write_xattr,
execute, read_attributes, write_attributes,
delete,delete_child, read_acl, write_acl, write_owner, and
synchronize.
PROPOSED MAN PAGE CHANGES
*** pathconf_2.rogi Mon Mar 16 16:25:45 2009
--- pathconf_2 Mon Mar 16 13:54:29 2009
***************
*** 64,69 ****
--- 64,71 ----
|___________________________|________________________|______________|
| {XATTR_EXISTS} | _PC_XATTR_EXISTS | 1 |
|___________________________|________________________|______________|
+ | {ACCESS_FILTERING} | _PC_ACCESS_FILTERING | 12 |
+ |___________________________|________________________|______________|
| _POSIX_CHOWN_RESTRICTED | _PC_CHOWN_RESTRICTED | 7 |
|___________________________|________________________|______________|
| _POSIX_NO_TRUNC | _PC_NO_TRUNC | 3, 4 |
***************
*** 145,150 ****
--- 147,157 ----
not specify the minimum hole size but still reports
holes.
+ 12. If path or fildes refers to a directory, and the file
+ system in which the directory resides supports access
+ filtering, a non-zero value is returned. Otherwise, 0
+ is returned.
+
RETURN VALUES
If name is an invalid value, both pathconf() and fpathconf()
return -1 and errno is set to indicate the error.
6. Resources and Schedule
6.4. Steering Committee requested information
6.4.1. Consolidation C-team Name:
ON
6.5. ARC review type: FastTrack
6.6. ARC Exposure: open
