From owner-freebsd-arch@freebsd.org Mon Dec 3 09:01:13 2018 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C5B95131B4B7 for ; Mon, 3 Dec 2018 09:01:13 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from forward101j.mail.yandex.net (forward101j.mail.yandex.net [IPv6:2a02:6b8:0:801:2::101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 77FD4785B0; Mon, 3 Dec 2018 09:01:12 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from mxback3o.mail.yandex.net (mxback3o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::1d]) by forward101j.mail.yandex.net (Yandex) with ESMTP id 000352E81532; Mon, 3 Dec 2018 12:01:07 +0300 (MSK) Received: from smtp1p.mail.yandex.net (smtp1p.mail.yandex.net [2a02:6b8:0:1472:2741:0:8b6:6]) by mxback3o.mail.yandex.net (nwsmtp/Yandex) with ESMTP id ZfQhZUSzxg-17qWmX4o; Mon, 03 Dec 2018 12:01:07 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1543827667; bh=Jw3Z0gB7GORMCAZBN1PKfBO8sh9/pFpHiYlCVVN7fdY=; h=Subject:To:Cc:References:From:Message-ID:Date:In-Reply-To; b=eaiEcI7wdFnyoskfpu6WAKXEPSyXoDS056uGjk93iB9EI2VQEj5yuOhJMzSq1SYTB b8+zzB+ggNYGDYYKN9t5Im28vrmyUVsBnjRHkrjqzDfhqpnoFJaZ6pjXhKYrRHSHfi lTyU+4ARWePe//uQBHxoWhw3Pawd+R+k1XjIexVI= Received: by smtp1p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 5bQ8Azzs3k-163qKJpD; Mon, 03 Dec 2018 12:01:06 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client certificate not present) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1543827666; bh=Jw3Z0gB7GORMCAZBN1PKfBO8sh9/pFpHiYlCVVN7fdY=; h=Subject:To:Cc:References:From:Message-ID:Date:In-Reply-To; b=NdaO+xzQSHVhW/voXwb16Jslq5FVekqCz9yz+MhJcu3GkIa/X3uI9a5AGWTBPcTjf SXgi3gl8VNBfRfp++dHKA2j3O7QfG1CZrANjBl6zp4UJXcscRoNDMD5cl/lMGrgvtR 7BfiCywJMal8qTW5W8qHdu7hmO0qZSUSNQx8c2cA= Authentication-Results: smtp1p.mail.yandex.net; dkim=pass header.i=@yandex.ru Subject: Re: Removal or updating of "mount_smbfs" from FreeBSD operating system To: Yuri Pankov , Edward Napierala , gerard@seibercom.net Cc: freebsd-arch@freebsd.org References: <20181126121926.00007626@seibercom.net> From: "Andrey V. Elsukov" Openpgp: id=E6591E1B41DA1516F0C9BC0001C5EA0410C8A17A Autocrypt: addr=bu7cher@yandex.ru; prefer-encrypt=mutual; keydata= xsBNBEwBF1kBCADB9sXFhBEUy8qQ4X63Y8eBatYMHGEFWN9ypS5lI3RE6qQW2EYbxNk7qUC5 21YIIS1mMFVBEfvR7J9uc7yaYgFCEb6Sce1RSO4ULN2mRKGHP3/Sl0ijZEjWHV91hY1YTHEF ZW/0GYinDf56sYpDDehaBF5wkWIo1+QK5nmj3vl0DIDCMNd7QEiWpyLVwECgLX2eOAXByT8B bCqVhJGcG6iFP7/B9Ll6uX5gb8thM9LM+ibwErDBVDGiOgvfxqidab7fdkh893IBCXa82H9N CNwnEtcgzh+BSKK5BgvPohFMgRwjti37TSxwLu63QejRGbZWSz3OK3jMOoF63tCgn7FvABEB AAHNIkFuZHJleSBWLiBFbHN1a292IDxhZUBmcmVlYnNkLm9yZz7CwHsEEwECACUCGwMGCwkI BwMCBhUIAgkKCwQWAgMBAh4BAheABQJMB/ruAhkBAAoJEAHF6gQQyKF6MLwH/3Ri/TZl9uo0 SepYWXOnxL6EaDVXDA+dLb1eLKC4PRBBjX29ttQ0KaWapiE6y5/AfzOPmRtHLrHYHjd/aiHX GMLHcYRXD+5GvdkK8iMALrZ28X0JXyuuZa8rAxWIWmCbYHNSBy2unqWgTI04Erodk90IALgM 9JeHN9sFqTM6zalrMnTzlcmel4kcjT3lyYw3vOKgoYLtsLhKZSbJoVVVlvRlGBpHFJI5AoYJ SyfXoN0rcX6k9X7Isp2K50YjqxV4v78xluh1puhwZyC0p8IShPrmrp9Oy9JkMX90o6UAXdGU KfdExJuGJfUZOFBTtNIMNIAKfMTjhpRhxONIr0emxxDOwE0ETAEXWQEIAJ2p6l9LBoqdH/0J PEFDY2t2gTvAuzz+8zs3R03dFuHcNbOwjvWCG0aOmVpAzkRa8egn5JB4sZaFUtKPYJEQ1Iu+ LUBwgvtXf4vWpzC67zs2dDuiW4LamH5p6xkTD61aHR7mCB3bg2TUjrDWn2Jt44cvoYxj3dz4 S49U1rc9ZPgD5axCNv45j72tggWlZvpefThP7xT1OlNTUqye2gAwQravXpZkl5JG4eOqJVIU X316iE3qso0iXRUtO7OseBf0PiVmk+wCahdreHOeOxK5jMhYkPKVn7z1sZiB7W2H2TojbmcK HZC22sz7Z/H36Lhg1+/RCnGzdEcjGc8oFHXHCxUAEQEAAcLAXwQYAQIACQUCTAEXWQIbDAAK CRABxeoEEMihegkYCAC3ivGYNe2taNm/4Nx5GPdzuaAJGKWksV+w9mo7dQvU+NmI2az5w8vw 98OmX7G0OV9snxMW+6cyNqBrVFTu33VVNzz9pnqNCHxGvj5dL5ltP160JV2zw2bUwJBYsgYQ WfyJJIM7l3gv5ZS3DGqaGIm9gOK1ANxfrR5PgPzvI9VxDhlr2juEVMZYAqPLEJe+SSxbwLoz BcFCNdDAyXcaAzXsx/E02YWm1hIWNRxanAe7Vlg7OL+gvLpdtrYCMg28PNqKNyrQ87LQ49O9 50IIZDOtNFeR0FGucjcLPdS9PiEqCoH7/waJxWp6ydJ+g4OYRBYNM0EmMgy1N85JJrV1mi5i Message-ID: <84aaaa9a-ef78-f7c2-fd42-1ea8b848f865@yandex.ru> Date: Mon, 3 Dec 2018 11:58:31 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.3.1 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="5oPQ3Ume9rwUlUwJwbw6QINbUBppWL4zu" X-Rspamd-Queue-Id: 77FD4785B0 X-Spamd-Result: default: False [-7.91 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; FREEMAIL_FROM(0.00)[yandex.ru]; R_SPF_ALLOW(-0.20)[+ip6:2a02:6b8:0::/52]; HAS_ATTACHMENT(0.00)[]; RCVD_COUNT_THREE(0.00)[4]; DKIM_TRACE(0.00)[yandex.ru:+]; MX_GOOD(-0.01)[mx.yandex.ru,mx.yandex.ru,mx.yandex.ru,mx.yandex.ru,mx.yandex.ru]; DMARC_POLICY_ALLOW(-0.50)[yandex.ru,none]; NEURAL_HAM_SHORT(-0.96)[-0.961,0]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; IP_SCORE(-1.74)[ipnet: 2a02:6b8::/32(-4.84), asn: 13238(-3.85), country: RU(0.01)]; RCVD_TLS_LAST(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[1.0.1.0.0.0.0.0.0.0.0.0.2.0.0.0.1.0.8.0.0.0.0.0.8.b.6.0.2.0.a.2.list.dnswl.org : 127.0.5.1]; ASN(0.00)[asn:13238, ipnet:2a02:6b8::/32, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[yandex.ru]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain]; FREEMAIL_ENVFROM(0.00)[yandex.ru]; TO_MATCH_ENVRCPT_SOME(0.00)[] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Dec 2018 09:01:14 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --5oPQ3Ume9rwUlUwJwbw6QINbUBppWL4zu Content-Type: multipart/mixed; boundary="aYRzU0lpRUgVIMhNU3EUCKdeTDPkq0gwT"; protected-headers="v1" From: "Andrey V. Elsukov" To: Yuri Pankov , Edward Napierala , gerard@seibercom.net Cc: freebsd-arch@freebsd.org Message-ID: <84aaaa9a-ef78-f7c2-fd42-1ea8b848f865@yandex.ru> Subject: Re: Removal or updating of "mount_smbfs" from FreeBSD operating system References: <20181126121926.00007626@seibercom.net> In-Reply-To: --aYRzU0lpRUgVIMhNU3EUCKdeTDPkq0gwT Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 27.11.2018 19:55, Yuri Pankov wrote: >> There seems to be existing, working code in Nexenta, which is being >> upstreamed to Illumos: >> >> https://www.illumos.org/issues/9735 >> https://github.com/illumos/illumos-gate/pull/37 >> >> Their implementation descends from the one we have in base (and the on= e >> from OSX, which also descends from FreeBSD), so it should be possible = to >> merge it. >=20 > Yes, we have it working and tested pretty well. And that's exactly the= > reason I was asking if there's work in progress for smb2/3 client or no= t > before even starting looking into porting the code. >=20 > The problem here is that the code has grown library dependencies which > are CDDL-licensed, which aren't easy to break (if at all), so if ported= , > it will be covered by WITHOUT_CDDL; hopefully that's acceptable. It's > possible that Nexenta-authored code could be relicensed under BSDL (I'l= l > have to ask, we already have a precedent with localedef), but sadly tha= t > doesn't cover everything. Apple's implementation is looks like based on the same source as our one. It looks like dual licensed APSL/BSDL but the size of the SMB/CIFS code has significantly increased and porting doesn't look like an easy task. But probably some code can be used... https://opensource.apple.com/tarballs/smb/ --=20 WBR, Andrey V. Elsukov --aYRzU0lpRUgVIMhNU3EUCKdeTDPkq0gwT-- --5oPQ3Ume9rwUlUwJwbw6QINbUBppWL4zu Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAlwE8DcACgkQAcXqBBDI oXo7HQf/Y/LzcoWfwZpqb3FcalnH4mguhKImrl9LALrzXz6P3/afDaRyl0V7LcTR MpmqkydCLoTcPw57DbtQUJFGuJ1U55Ada/yn8hPg8nKIi4A4ylnZUw7M/+ho4vcO yR7KAHkX2UIwE0swEe+kmjK05opKI074RUkoFr33dtVnUiCfiPq/NhJqIQ4fBpmv bShcWib56qkFo0vZ9WSjNObDEz78N0du+wNmH+E165ZmtjCBBChckZ3lb05aYaLs inIP49gPcbKxAjM48DUAEEY/FFQLdp7TyblKJYkd6uOdZX9z2YUU53iSEL+1N8iP RqfDK68yP+ffPeivkfWSzxstX1gEyQ== =ULgj -----END PGP SIGNATURE----- --5oPQ3Ume9rwUlUwJwbw6QINbUBppWL4zu-- From owner-freebsd-arch@freebsd.org Fri Dec 7 10:33:01 2018 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4EC3A1333EBC for ; Fri, 7 Dec 2018 10:33:01 +0000 (UTC) (envelope-from jack@gandi.net) Received: from gandi.net (mail12.gandi.net [IPv6:2001:4b98:dc4:5:ae1f:6bff:fe2d:9fdc]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6599784479; Fri, 7 Dec 2018 10:33:00 +0000 (UTC) (envelope-from jack@gandi.net) Received: from thinkpad-gandi (tgordon.gandi.net [217.70.181.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gandi.net (Postfix) with ESMTPS id 042D01604AD; Fri, 7 Dec 2018 10:32:52 +0000 (UTC) Date: Fri, 7 Dec 2018 11:32:51 +0100 From: Jack Halford To: freebsd-arch@freebsd.org Cc: zml@freebsd.org, mdf@freebsd.org, fatih@gandi.net Subject: per thread credentials Message-ID: <20181207103251.s5xao5ji4rx5omcz@thinkpad-gandi> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline User-Agent: NeoMutt/20180716 X-Rspamd-Queue-Id: 6599784479 X-Spamd-Result: default: False [-3.23 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.996,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; R_SPF_ALLOW(-0.20)[+ip6:2001:4b98:dc4:5::/64]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; DMARC_NA(0.00)[gandi.net]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[mail8.gandi.net,mail12.gandi.net]; NEURAL_HAM_SHORT(-0.91)[-0.911,0]; IP_SCORE(-0.51)[asn: 203476(-2.55), country: FR(-0.02)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MID_RHS_NOT_FQDN(0.50)[]; ASN(0.00)[asn:203476, ipnet:2001:4b98:dc4::/48, country:FR]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Dec 2018 10:33:01 -0000 hello, Gandi.net has need of per-thread credentials for a file server. There have been prior discussions in a thread[1] in 2009 and also a design[2] has been written out on the wiki in 2011. I'm in the process of implementing this design. Before posting my patch to reviews I'd like know if I've missed any discussion on the subject since the design I'm basing myself on is quite old (some of the points are now irrelevant after 7 years). Also maybe someone knows why this was never implemented in the first place? [1] https://lists.freebsd.org/pipermail/freebsd-arch/2009-May/009300.html [2] https://wiki.freebsd.org/Per-Thread%20Credentials From owner-freebsd-arch@freebsd.org Fri Dec 7 16:53:26 2018 Return-Path: Delivered-To: freebsd-arch@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 820901313665 for ; Fri, 7 Dec 2018 16:53:26 +0000 (UTC) (envelope-from cse.cem@gmail.com) Received: from mail-it1-f173.google.com (mail-it1-f173.google.com [209.85.166.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id CF11B6DBDE for ; Fri, 7 Dec 2018 16:53:25 +0000 (UTC) (envelope-from cse.cem@gmail.com) Received: by mail-it1-f173.google.com with SMTP id c9so8047310itj.1 for ; Fri, 07 Dec 2018 08:53:25 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:reply-to :from:date:message-id:subject:to:cc:content-transfer-encoding; bh=vN1T6uznEjf7wu5eTnT5edoXR1bV/BfbZ2p2ozBl0X4=; b=ujV2Bp06xk9CQChKuKlmC55YRS12HpZsDbOsJIQsRvJSajwvdA1crmit2mfcve+L79 aYZ5R/la1v8kuzkdE+k8zcsL+dKG+hJVyP51mKaNaYcsIisM4wVXN8B21nEePRg0oNN9 GTZOzc+ApoAtBUZTn0wI5uemWa7aWns3/FGR1e4nj7VGVpvqA80Ctd+mRDLmQsLrBOfv vQGVvsh9lX1HSxLKQEmT0jHdb8ic/BCosq13dOrdw+/TwExD1kFhF3II37J29lyFecco yPqQnXpdmt4hsA4zDrDeBg0aV9vi+hN2TDJ2MavIe65KslpSxWQJ55BXV0ng2ngbABr+ b2mA== X-Gm-Message-State: AA+aEWbGDb3KIUkm0/xPIc/wWUStlZgZpDggycmkUxQY7Po+u/FGdJjd APgaf7YJ447Dopp4ZTF/n8oBPLCq X-Google-Smtp-Source: AFSGD/UB1AJMjXd5RVtfRf9H/91FJMZxLwt1PKi00H1oukPBNr5JWLGG2jzZXKjMJ/MGoynaJut1hA== X-Received: by 2002:a24:5411:: with SMTP id t17mr2595123ita.32.1544201598759; Fri, 07 Dec 2018 08:53:18 -0800 (PST) Received: from mail-io1-f45.google.com (mail-io1-f45.google.com. [209.85.166.45]) by smtp.gmail.com with ESMTPSA id w13sm2027485itb.10.2018.12.07.08.53.18 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 07 Dec 2018 08:53:18 -0800 (PST) Received: by mail-io1-f45.google.com with SMTP id f14so3784894iol.4 for ; Fri, 07 Dec 2018 08:53:18 -0800 (PST) X-Received: by 2002:a6b:ee16:: with SMTP id i22mr2159630ioh.124.1544201597867; Fri, 07 Dec 2018 08:53:17 -0800 (PST) MIME-Version: 1.0 References: <20181207103251.s5xao5ji4rx5omcz@thinkpad-gandi> In-Reply-To: <20181207103251.s5xao5ji4rx5omcz@thinkpad-gandi> Reply-To: cem@freebsd.org From: Conrad Meyer Date: Fri, 7 Dec 2018 08:53:07 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: per thread credentials To: jack@gandi.net Cc: "freebsd-arch@freebsd.org" , fatih@gandi.net Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: CF11B6DBDE X-Spamd-Result: default: False [-5.72 / 15.00]; TO_DN_EQ_ADDR_SOME(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; HAS_REPLYTO(0.00)[cem@freebsd.org]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17]; REPLYTO_ADDR_EQ_FROM(0.00)[]; RCVD_COUNT_THREE(0.00)[4]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; NEURAL_HAM_SHORT(-0.98)[-0.977,0]; FORGED_SENDER(0.30)[cem@freebsd.org,csecem@gmail.com]; IP_SCORE(-2.73)[ip: (-8.82), ipnet: 209.85.128.0/17(-3.45), asn: 15169(-1.30), country: US(-0.09)]; R_DKIM_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; TAGGED_FROM(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_NEQ_ENVFROM(0.00)[cem@freebsd.org,csecem@gmail.com]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-arch@freebsd.org]; DMARC_NA(0.00)[freebsd.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[173.166.85.209.list.dnswl.org : 127.0.5.0]; RCVD_TLS_LAST(0.00)[] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Dec 2018 16:53:26 -0000 On Fri, Dec 7, 2018 at 2:37 AM Jack Halford wrote: > > hello, > > Gandi.net has need of per-thread credentials for a file server. There > have been prior discussions in a thread[1] in 2009 and also a design[2] > has been written out on the wiki in 2011. I'm in the process of > implementing this design. >... > > [1] https://lists.freebsd.org/pipermail/freebsd-arch/2009-May/009300.html > [2] https://wiki.freebsd.org/Per-Thread%20Credentials Both of these came out of Isilon. I think we ended up with special credential file descriptors, rather than using uid_t's and gid_t's directly, because of a need for compatibility with arbitrary Windows LDAP users ("SID"s?) not present in the local id database. I can't speak to why it didn't land before =E2=80=94 I wasn't really around for that, and there's a 50-50 chance we just didn't want to put in the effort =E2=80=94 but we still use something similar now. Zach Loafman left the company long ago and hasn't been an active FreeBSD committer in quite some time, and ditto mdf@. Committers at Isilon now are me, bdrewery@, vangyzen@, dab@, rstone@, and pho@, but none of us are really involved with what Isilon calls "AIMA" (Authentication, Identity Management, Authorization). The APIs we use today look like: 663 AUE_NULL STD { int modifytcred2(int fd, \ struct native_token *token, \ int flags); } 664 AUE_NULL STD { int modifytcred(int fd1, int fd2, \ int flags); } 665 AUE_NULL STD { int accesstcred(char *path, int flags, \ int fd); } 666 AUE_NULL STD { int buildtcred(struct native_token *token= , \ int current); } 667 AUE_NULL STD { int gettcred(char *user, int thread); } 668 AUE_NULL STD { int settcred(int fd, int flags, \ struct native_token *token); } 669 AUE_NULL STD { int reverttcred(void); } 670 AUE_NULL STD { int restricttcred(int fd, struct native_token *token); } Best, Conrad