Opportunities for Samba4 based CIFS proxies

Simo Sorce idra at samba.org
Wed Nov 2 14:13:45 GMT 2005

On Thu, 2005-11-03 at 00:43 +1100, Andrew Bartlett wrote:
> With the work I now have in the Samba4 tree, we can now operate as a
> CIFS proxy, potentially modifying the data stream in the process.  We do
> so with the administrators permission (based on kerberos delegation),
> but it does open up an interesting area of research for somebody wanting
> to construct:
>  - CIFS virus scanner
>  - CIFS accelerator
>  - CIFS aggregation server
> etc.  
> We already have the full mapping of CIFS down to the ntvfs primitives,
> and we know we pass the full semantics down those layers.  More
> importantly, using kerberos we support full SMB signing of both halves
> of the connection. 
> It should not be hard to build some interesting products on this basis,
> and I would love to hear form anybody with particular ideas.
> Samba4 also includes an RPC proxy server, which will be hooked into this
> soon.

Discussing with a friend we were thinking that a layer 7 sort of
firewall/proxy could be done, with the right hooks we may even permit
deny certain smb or rpc operations based on a sort of profile or
something like that.


Simo Sorce    -  idra at samba.org
Samba Team    -  http://www.samba.org
Italian Site  -  http://samba.xsec.it

More information about the samba-technical mailing list