Opportunities for Samba4 based CIFS proxies
Simo Sorce
idra at samba.org
Wed Nov 2 14:13:45 GMT 2005
On Thu, 2005-11-03 at 00:43 +1100, Andrew Bartlett wrote:
> With the work I now have in the Samba4 tree, we can now operate as a
> CIFS proxy, potentially modifying the data stream in the process. We do
> so with the administrators permission (based on kerberos delegation),
> but it does open up an interesting area of research for somebody wanting
> to construct:
>
> - CIFS virus scanner
> - CIFS accelerator
> - CIFS aggregation server
>
> etc.
>
> We already have the full mapping of CIFS down to the ntvfs primitives,
> and we know we pass the full semantics down those layers. More
> importantly, using kerberos we support full SMB signing of both halves
> of the connection.
>
> It should not be hard to build some interesting products on this basis,
> and I would love to hear form anybody with particular ideas.
>
> Samba4 also includes an RPC proxy server, which will be hooked into this
> soon.
Discussing with a friend we were thinking that a layer 7 sort of
firewall/proxy could be done, with the right hooks we may even permit
deny certain smb or rpc operations based on a sort of profile or
something like that.
Simo.
--
Simo Sorce - idra at samba.org
Samba Team - http://www.samba.org
Italian Site - http://samba.xsec.it
More information about the samba-technical
mailing list