Evaluating Windows Security Descriptors.
Volker.Lendecke at SerNet.DE
Wed Dec 19 14:53:31 GMT 2007
On Tue, Dec 18, 2007 at 05:06:35PM -0600, Christopher R. Hertel wrote:
> No I'm not tied to S4--quite the contrary. I was hoping there was Samba4
> code that could be used as a reference for writing a Samba3 VFS module that
> could enforce Windows ACLs. Looking for sec_access_check() in both S3 and
> S4 I see that there are variations in both trees. Cool.
> Here's my basic setup: I am working on top of a file system that can store
> Windows Security Descriptors, including all of the ACL information. (No,
> it's not a Linux NTFS implementation but it's close enough.) It also stores
> Posix UIDs & GIDs but the goal is to access and enforce the Windows
> semantics via CIFS. We'll probably wind up writing an opaque VFS module to
> get this done right.
Why don't you put a CreateFile call into the kernel then?
This is the only place that can reliably do that. You will
have to have a set_nt_token call as well that tells the
kernel about the windows style token to use for access
checks, but I would *stronly* recommend to do that in the
kernel if you mess with it anyway.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20071219/e46ecbd5/attachment.bin
More information about the samba-technical