CVS update: samba/source/rpc_server
jra at samba.org
Fri Nov 9 18:00:04 GMT 2001
On Sat, Nov 10, 2001 at 12:38:02PM +1100, Andrew Bartlett wrote:
> Is the redesign that significant? I was looking at the problem and I
> don't think its that hard:
> Basically we already have the concept of a per-connection vuid cache,
> and we already correctly move between security contexts. All I am
> suggesting is moving the code around a bit, move the access control
> stuff into the user_ok() code and make the user_ok() code understand
> guest users. The code should also take into account a conn->vuid_locked
> property - which can specify that this connection is special (admin user
> = and friends) and only allow that vuid to connect.
> Then just call user_ok() (or a much better named derivative) in
> make_connection() *and* in change_to_user() where we already do it.
It requires "validated vuid" caches in a connection struct (one
for read-only, one for read-write), so we don't have to do the
checks in the tdb on every packet. This then means that all the
caches must be cleaned when a vuid is deleted. It's not too bad,
but doing it *efficiently* takes some thought.
I went through this with tridge a month or two ago (I knew this
wasn't perfect when the code went in). Unfortunately you can't
do it in change_user() as you don't know the intent of the
request (read-only or read-write) at this point. Hmmmm. Maybe
we could add that....
It's a bit fiddly. You're on the right lines but it's a bit
more complex than you have listed here I think.
More information about the samba-technical