[cifs-protocol] Access check by user x for file y in the context
of user z
Gerald (Jerry) Carter
jerry at samba.org
Tue Jan 31 14:27:10 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Reiterer, Horst wrote:
> Does the protocol support impersonating other users in
> the context of a single session OR performing an access check
> based on a different account name? Judging from the spec,
> there seems to be no way to accomplish that. However,
> Windows-specific resources do mention that SMB supports
> impersonation.
Not to my knowledge. You could try to perform the access
checks yourself (e.g. ask for the security descriptor on
an object via trans2 or RPC and implement se_access_check()).
In order to perform any access check, you effectively need an
NT TOKEN. And to get that you must authenticate.
cheers, jerry
=====================================================================
I live in a Reply-to-All world -----------------------
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFD33O9IR7qMdg1EfYRAljHAJ4od1TfFRr+hGYLZKsE5peJN60LigCgkx5v
OeLL2I8tCPlTt5xABgeasIw=
=pUXi
-----END PGP SIGNATURE-----
More information about the cifs-protocol
mailing list