Opportunities for Samba4 based CIFS proxies

Andrew Bartlett abartlet at samba.org
Wed Nov 2 14:27:27 GMT 2005

On Thu, 2005-11-03 at 00:43 +1100, Andrew Bartlett wrote:
> With the work I now have in the Samba4 tree, we can now operate as a
> CIFS proxy, potentially modifying the data stream in the process.  We do
> so with the administrators permission (based on kerberos delegation),
> but it does open up an interesting area of research for somebody wanting
> to construct:
>  - CIFS virus scanner
>  - CIFS accelerator
>  - CIFS aggregation server
> etc.  
> We already have the full mapping of CIFS down to the ntvfs primitives,
> and we know we pass the full semantics down those layers.  More
> importantly, using kerberos we support full SMB signing of both halves
> of the connection. 
> It should not be hard to build some interesting products on this basis,
> and I would love to hear form anybody with particular ideas.
> Samba4 also includes an RPC proxy server, which will be hooked into this
> soon.

The work that remains to be done on this is:
 - Map anonymous connections across as anonymous
 - Perform a new session setup per incoming vuid, and perform an
appropriate mapping
 - Provide options for when we should use the machine account (for
security with smb signing, we should probably do the first session setup
as the machine).

But this is all details now we have the basic proof.

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20051103/870981b0/attachment.bin

More information about the samba-technical mailing list