Evaluating Windows Security Descriptors.

Volker Lendecke Volker.Lendecke at SerNet.DE
Tue Dec 18 21:51:07 GMT 2007

On Tue, Dec 18, 2007 at 01:33:36PM -0600, Christopher R. Hertel wrote:
> So...  Let's say I've got a file system that can store (one way or 'nother)
> Windows style Security Descriptors with all of the CACLs and DACLs and SIDs
> and such-like.
> Having that information isn't very useful unless I can enforce Windows-style
> access controls (through a custom VFS layer).  My question:  Is there code
> in Samba4 that can interpret (and, therefore, enforce) Windows access controls?

sec_access_check()? BTW, the changes I recently made to S3
(create_file()) are also driven by efforts to put exactly
what you want into S3.

> This all goes back to a question I asked several months ago about building a
> VFS layer that could store, access, and interpret Windows ACLs.

Well, GET_NT_ACL and SET_NT_ACL are the operations in the S3
VFS that are exactly made to do what you want. Or are you
tied to S4? There you have the RAW_FILEINFO_SEC_DESC
sub-calls of smb_fileinfo and smb_setfileinfo.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20071218/6effcfe3/attachment.bin

More information about the samba-technical mailing list