SMB3 Unix extensions

Jeremy Allison jra at samba.org
Wed Apr 19 23:49:28 UTC 2017 

On Wed, Apr 19, 2017 at 04:41:58PM -0700, Pavel Shilovsky wrote:
> 2017-04-19 10:03 GMT-07:00 Jeremy Allison <jra at samba.org>:
> > On Tue, Apr 18, 2017 at 10:16:26AM -0500, Steve French wrote:
> >> And we do have the slides from SDC.
> >>
> >> We did reach some conclusions -
> >> 1) open with posix create context on root of share will allow us to
> >> determined if the server understands posix (so we don't try to send
> >> the posix create context on subsequent opens and have it ignored)
> >> 2) the capability flags to be returned were discussed at SDC and were
> >> pretty simple
> >> 3) most features can be done without adding info levels (just with the
> >> create context)
> >> 4) a new info level (e.g. for fsinfo) was discussed but lower priority
> >> and a number was not reserved for new info levels
> >> 5) need some info back from Microsoft on opinions about inferring mode
> >> from the ACL and also about the 'nfs symlink' (assuming that the other
> >> form of symlink reparse point is admin only) vs. simulated symlinks
> >> (ala MF symlinks that Apple uses e.g.)
> >
> > I've been doing a lot of thinking about SMB2-UNIX-symlinks
> > since the recent CVE security patch.
> >
> > As SambaXP is only 2 weeks away can we get all the stakeholders
> > in a room together and try and hash out a plan to deal with
> > the issues with creating UNIX symlinks/reparse points ?
> >
> > Some of this is Samba specific, which isn't useful to external
> > implementors, but if possible I'd really like to re-use the
> > existing SMB2+ reparse mechanisms to implement UNIX extension
> > sylinks.
> 
> Thanks for the answers. Unfortunately I am not going to SambaXP, so
> won't be able to participate in the discussion in person.
> 
> I don't understand why to we need to rely on posix create context on a
> root of a share if we can use Negotiate phase for this and get posix
> capability flags from Negotiate response posix context?

We don't. The negotiate phase is the correct place to do this
(find out if the server supports UNIX extentions). Steve is misremembering
the outcome of the discussion in Redmond from last year.

More information about the samba-technical mailing list