Evaluating Windows Security Descriptors.
Volker Lendecke
Volker.Lendecke at SerNet.DE
Fri Jan 4 06:52:07 GMT 2008
On Thu, Jan 03, 2008 at 04:14:36PM -0600, Christopher R. Hertel wrote:
> Okay, so I hate to bring this thread back to life but, if we put aside the
> question of where enforcement takes place...
>
> I see in the Samba3 VFS code that there are two GET and two SET operations
> for NT ACLs. Are these simply there to accommodate get and set calls via
> SMB? If NT ACLs are available to Samba at the VFS layer, how are they used?
SMB_VFS_[F][GS]ET_NT_ACL are to access the security
descriptors. They are pretty much equivalents of the nttrans
query/set security descriptor calls. By default they pass
back into posix_acls.c which itself then calls back into the
VFS for the posix-style ACL_GET_FILE & friends. So if you
file system has NT ACLs then just hook into the NT_ACL vfs
calls, and just never call posix_acls.c.
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20080104/e2cf614a/attachment.bin
More information about the samba-technical
mailing list