Summary: | extended ACL support for 2.2.* enabled servers | ||
---|---|---|---|
Product: | [Frameworks and Libraries] kio-extras | Reporter: | Edoardo Causarano <curious.corn> |
Component: | Samba | Assignee: | Harald Sitter <sitter> |
Status: | RESOLVED FIXED | ||
Severity: | wishlist | CC: | ferry.toth, nate, postix, sitter |
Priority: | NOR | ||
Version: | 18.04.2 | ||
Target Milestone: | --- | ||
Platform: | Mandrake RPMs | ||
OS: | Linux | ||
Latest Commit: | https://invent.kde.org/network/kdenetwork-filesharing/commit/e9ccfd30c2e7958780f5cff7823144e04a8ada8b | Version Fixed In: | 22.12 |
Sentry Crash Report: |
Description
Edoardo Causarano
2002-04-13 10:50:58 UTC
*** Bug 255002 has been marked as a duplicate of this bug. *** Unfortunately this is still not implemented in 17.12.3 (Kubuntu Bionic). I'll try to make the case for this functionality: on a shared file server (obviously sharing with Windows users), just giving the group read/write permissions is not always enough (for instance to change the owner of a file). The situation can be resolved using ACL's as that translates nicely to windows permissions. As ACL's can be made to inherit (on file/dir creation) all new files under a shared directory can have their correct ACL's set. Of course if a sub directory is created without setting ACL's (by moving from another place without ACL's) these wrong settings also inherit. So it would be very nice to be able to correctly view and set them from within Dolphin. Currently we work around this by mounting the server using smb4k so we don't need to use the kio slave. Nobody objects to the feature; it's simply a matter of very limited development time for implementing it competing with 32 other Samba bugs, and approximately 25,000 other bugs of all sorts. :) Patches are greatly appreciated! FWIW, for now mounting the share locally is probably your best bet in general, since the KIOSlave has other issues (e.g. unavailable when using non-KDE software such as LibreOffice). Doc dump: https://www.samba.org/samba/docs/current/man-html/smbcacls.1.html https://www.samba.org/samba/docs/current/man-html/sharesec.1.html libsmbc's smbc_getxattr respectively setxattr would be used. smbc_listxattr seems largely pointless, for some reason it always returns system.* no matter the server. internally that drives through the IPC$ share, for some reason that entirely fails auth when kerberos is enabled though -> likely needs reworking of auth.cpp to "manually" try with and without kerberos or something. this happens with samba and windows hosts. all a bit strange xattrs are as follows: (all + variants translate SIDs to pretty string, without + they are SIDs - SIDs are entirely pointless for libsmbc I think, we can't do anything with them as there is no API that accepts them) system.nt_sec_desc.owner+ => pretty name of owner "$SCOPE\$name (e.g. SMITH\me) system.nt_sec_desc.group+ => pretty name of group "$SCOPE\$name" (e.g. Unix Group\me) system.nt_sec_desc.acl.*+ => all ACLs separated by comma (e.g. SMITH\me:0/0/0x001f01ff,Unix Group\me:0/0/0x001f01ff,Unix Group\www-data:0/0/0x001f01ff,Unix Group\me:0/0/0x001200a9,\Everyone:0/0/0x001200a9) ACLs are of the form <sid>:<type>/<flags>/<mask> type => 0 for allowed, 1 for forbidden flags => kinda undocumented? (see [1]) also on smbcacls manpage, not in any header? mask => also undocumented? also context in [1] biggest concern right now is getting a hold of the flags and masks defines, since they only seem to be available internally for samba I am not sure how exactly libsmbc expects one to use the output of getxattr. perhaps I am missing something? Windows example acl*: WINDEV1905EVAL\puny:1/0/0x001f01ff,WINDEV1905EVAL\puny:0/16/0x001f01ff,NT AUTHORITY\SYSTEM:0/16/0x001f01ff,BUILTIN\Administrators:0/16/0x001f01ff,WINDEV1905EVAL\User:0/16/0x001f01ff NB: for linux ACLs are the file system ACL (in so far as there are ACLs on the file system). on windows it seems a bit unclear but certainly looks like one gets both file and share ACL, the example above is of a file in dir that is shared with puny having only read access on the share level but full control the FS level. needs more inspection. to model all this one could probably rely on KACL which implements POSIX ACL and should be good enough for the most relevant aspect of controlling R/W/X bits. Buuuut that'd be distinctly less fine grained than windows still (e.g. windows has distinct permissions for deleting an object or changing its permissions), it may entirely make sense to forego KACL and by extension the stock KIO permissions tab and instead implement a bespoke dialog in kdenetwork-filesharing that fully models windows ACLs. another option would be extending or abstracting KACL, which would only really make sense if dolphin wants to have first class windows support, in which case it needs to model NTFS ACLs anyway and we could share the implement. at that point we could still lift a bespoke model out of kdenetwork-filesharing though to bootstrap the KIO work. I find that option rather appealing. for the KACL case as I understand it one can simply feed KACL stringy POSIX ACLs. i.e. <type>:<object>:<mask> type => u/g/o/m object => uid/gid/uname/gnmae mask => rwx/0 also see https://linuxgazette.net/152/prestia.html [1] https://github.com/samba-team/samba/blob/2d5facc95478801580eb52d4d4441660c5fa2697/librpc/idl/security.idl#L480 https://docs.microsoft.com/en-us/windows/win32/secauthz/access-control-entries https://docs.microsoft.com/en-us/windows/win32/secauthz/access-rights-and-access-masks https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-ace_header and maaaaaaaaaaaaaaaaaaaaaaany many more pages. - type is a ACCESS_*_TYPE - flags is a mask of AceFlags from winnt.h - mask is a mask of an almost random assortment of bits that are documented here and there and everywhere and also appear under various names. for our purposes ACTRL_DIR_* and ACTRL_FILE_* seem the only relevant bits. winnth.h acccrtl.h in wine are pretty handy here This may need some improvements in libsmbc to become fully sustainable. From what I see xattr queries cannot be batched. Incredibly inefficient and since ACLs are generally determined at listing time it'd make listing super slow. Not really an option. A stop gap measure would be to only request the ACL when the user opens the ACL tab in the properties dialog. That would mean we cannot actually try to break the ACL into POSIX r-w-x for the purposes of KIO though, i.e. still no useful way to judge if a user can write a given path/file or not. Not the greatest loss, but unfortunate. I am also not quite sure how we can get proprietary interaction between kdenetwork-filesharing and KIO smb. proof of concept code https://invent.kde.org/sitter/kdenetwork-filesharing/-/tree/work/acl needs kio smb from https://invent.kde.org/sitter/kio-extras/-/tree/work/smb-xattr Will definitely not make it into the 20.04 release though. A possibly relevant merge request was started @ https://invent.kde.org/network/kdenetwork-filesharing/-/merge_requests/27 Git commit e9ccfd30c2e7958780f5cff7823144e04a8ada8b by Harald Sitter. Committed on 12/08/2022 at 12:44. Pushed by sitter into branch 'master'. samba ACL support depends on a proprietary kio-extras special() interface implements a new plugin for remote permissions that shows SMB/NT ACEs that either come from a samba server with posix ACL support or windows proper M +3 -0 CMakeLists.txt A +11 -0 LICENSES/BSD-3-Clause.txt A +121 -0 LICENSES/CC0-1.0.txt A +175 -0 LICENSES/LGPL-2.1-only.txt A +304 -0 LICENSES/LGPL-3.0-only.txt A +12 -0 LICENSES/LicenseRef-KDE-Accepted-LGPL.txt A +9 -0 LICENSES/MIT.txt M +1 -0 samba/CMakeLists.txt A +15 -0 samba/aclproperties/CMakeLists.txt A +23 -0 samba/aclproperties/README.md A +119 -0 samba/aclproperties/acccrtl.h [License: GPL(3+eV) GPL(v3.0) GPL(v2.0)] A +36 -0 samba/aclproperties/ace.h [License: GPL(3+eV) GPL(v3.0) GPL(v2.0)] A +62 -0 samba/aclproperties/aceobject.cpp [License: GPL(3+eV) GPL(v3.0) GPL(v2.0)] A +95 -0 samba/aclproperties/aceobject.h [License: GPL(3+eV) GPL(v3.0) GPL(v2.0)] A +182 -0 samba/aclproperties/debug.cpp [License: GPL(3+eV) GPL(v3.0) GPL(v2.0)] A +11 -0 samba/aclproperties/debug.h [License: GPL(3+eV) GPL(v3.0) GPL(v2.0)] A +66 -0 samba/aclproperties/model.cpp [License: GPL(3+eV) GPL(v3.0) GPL(v2.0)] A +46 -0 samba/aclproperties/model.h [License: GPL(3+eV) GPL(v3.0) GPL(v2.0)] A +264 -0 samba/aclproperties/plugin.cpp [License: GPL(3+eV) GPL(v3.0) GPL(v2.0)] A +27 -0 samba/aclproperties/plugin.h [License: GPL(3+eV) GPL(v3.0) GPL(v2.0)] A +116 -0 samba/aclproperties/qml/ACEPage.qml [License: GPL(3+eV) GPL(v3.0) GPL(v2.0)] A +15 -0 samba/aclproperties/qml/LoadingPage.qml [License: GPL(3+eV) GPL(v3.0) GPL(v2.0)] A +42 -0 samba/aclproperties/qml/MainPage.qml [License: GPL(3+eV) GPL(v3.0) GPL(v2.0)] A +21 -0 samba/aclproperties/qml/NoDataPage.qml [License: GPL(3+eV) GPL(v3.0) GPL(v2.0)] A +58 -0 samba/aclproperties/qml/main.qml [License: GPL(3+eV) GPL(v3.0) GPL(v2.0)] A +13 -0 samba/aclproperties/qml/qml.qrc A +11 -0 samba/aclproperties/samba-acl.json A +2 -0 samba/aclproperties/samba-acl.json.license A +51 -0 samba/aclproperties/winnt.h [License: GPL(3+eV) GPL(v3.0) GPL(v2.0)] https://invent.kde.org/network/kdenetwork-filesharing/commit/e9ccfd30c2e7958780f5cff7823144e04a8ada8b |