Evaluating Windows Security Descriptors.

Volker Lendecke Volker.Lendecke at SerNet.DE
Wed Dec 19 14:53:31 GMT 2007

On Tue, Dec 18, 2007 at 05:06:35PM -0600, Christopher R. Hertel wrote:
> No I'm not tied to S4--quite the contrary.  I was hoping there was Samba4
> code that could be used as a reference for writing a Samba3 VFS module that
> could enforce Windows ACLs.  Looking for sec_access_check() in both S3 and
> S4 I see that there are variations in both trees.  Cool.
> Here's my basic setup:  I am working on top of a file system that can store
> Windows Security Descriptors, including all of the ACL information.  (No,
> it's not a Linux NTFS implementation but it's close enough.)  It also stores
> Posix UIDs & GIDs but the goal is to access and enforce the Windows
> semantics via CIFS.  We'll probably wind up writing an opaque VFS module to
> get this done right.

Why don't you put a CreateFile call into the kernel then?
This is the only place that can reliably do that. You will
have to have a set_nt_token call as well that tells the
kernel about the windows style token to use for access
checks, but I would *stronly* recommend to do that in the
kernel if you mess with it anyway.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20071219/e46ecbd5/attachment.bin

More information about the samba-technical mailing list