se-samba
Luke Kenneth Casson Leighton
lkcl at lkcl.net
Mon May 31 13:49:56 GMT 2004
On Mon, May 31, 2004 at 10:49:11PM +1000, Russell Coker wrote:
> > 2) all file operations go through the SMB layer: you have to
> > provide a means to separate user-contexts on the same SMB TCP
> > connection, and the best - i.e. quickest way with a minimal
> > coding impact - way to do that is to run two smbd servers,
> > one proxying to the other and to write an SMB client VFS plugin
> > that multiplexes out the user-contexts received over the same
> > TCP connection.
>
> I spent some time discussing these issues with Tridge at Linux.conf.au 2004.
> It seems that there is an interface in Samba to allow plug-ins which can be
> used for such things,
yes - the VFS layer, and _all_ samba SMB file operations - absolutely
all of them - go through this layer, by default.
> they aren't quite suitable for spawning an external
> process but I think it can be shoe-horned into it.
it's exactly the right fulcrum point, and anywhere else is
genuinely nasty.
you wouldn't spawn an external process, you'd run an smb client
library which communicated with an already running smbd server
(on another high port number bound to 127.0.0.1)
and _that_ smbd server would fork() and use setuid() instead of
seteuid().
and the setuid() would be successful because, by using the
VFS layer to multiplex out all new TConX's, you are _guaranteeing_
that in the second smbd server that it will only _ever_ have to
deal with one TConX per process.
also, the second smbd server will be quite capable of dealing with
locking etc. because of the design of smbd.
also, the semantics of any multiplexing in the "front" smbd will
be dealt with correctly.
including that long-standing bug which can be demonstrated by
running an NT-based threaded benchmark client against a samba
server.
what else.
oh yes: in the front-line smbd server, you'll be able to switch
off authentication and also any setuid calls, effectively
turning the smbd process into an SMB parser and nothing else.
you _might_ need to do some tweaking of the code to make it
proxy to the back-end SMB server for its authentication: you
_might_ be able to get away with setting it up as
"security = server", specifying the server it is to use
to perform authentication against to be the back-end SMB
server, and if you like, removing any seteuid calls to save
some processing time.
the last bit (saving processing time) shouldn't strictly be
necessary because hey, it's the same server, effectively,
so it's the same /etc/passwd and /etc/samba/smbpasswd file
etc. etc. or equiv.
_but_, ideally, if the front-line samba server can be "turned
into" just an SMB parser and forwarder, that'd be less code
to audit, less cpu cycles wasted, etc.
*thinks*...
you _might_ want to consider looking at the "cliffs" project
because, in a funny way, the cliffs project might be a
better candidate for running the front-end SMB parser-and-
proxyer.
there's a lot less code in it.
l.
More information about the samba-technical
mailing list