ACL check in elog_check_access?
Gerald (Jerry) Carter
jerry at samba.org
Wed Jun 18 15:37:45 GMT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Volker,
> On Wed, Jun 18, 2008 at 09:22:48AM -0500, Gerald (Jerry) Carter wrote:
>> A client may have multiple open handles and in some cases
>> multiple users may open the event log so opening as root and
>> maintaining a ref count was the only way I could thing of to
>> service multiple access lvls concurrently in the same process.
>
> Hmmm. Okay. How about the following: Open the tdb file using
> open(2) as normal user and then as needed open the tdb file
> using tdb_open as root if the open(2) succeeded on demand.
> If anyone closes the handle you would have to tdb_close the
> root-opened tdb file as well because fcntl locks would be
> lost. But an on-demand re-open would solve this.
That might work but you still need the se_access_check() to
remember the granted access_mask. Can you explain what problem
you are trying to solve? It's been a while since I looked at
that code in detail.
cheers, jerry
- --
=====================================================================
Samba ------- http://www.samba.org
Likewise Software --------- http://www.likewisesoftware.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFIWSvJIR7qMdg1EfYRApEFAJ968Z9se3EoUVC/qB+z2i9x2P5YxwCffieV
gRGYqTadZSB+CjJFXvsI8eQ=
=0Uf8
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list