Evaluating Windows Security Descriptors.

Volker Lendecke Volker.Lendecke at SerNet.DE
Fri Jan 4 06:52:07 GMT 2008

On Thu, Jan 03, 2008 at 04:14:36PM -0600, Christopher R. Hertel wrote:
> Okay, so I hate to bring this thread back to life but, if we put aside the
> question of where enforcement takes place...
> I see in the Samba3 VFS code that there are two GET and two SET operations
> for NT ACLs.  Are these simply there to accommodate get and set calls via
> SMB?  If NT ACLs are available to Samba at the VFS layer, how are they used?

SMB_VFS_[F][GS]ET_NT_ACL are to access the security
descriptors. They are pretty much equivalents of the nttrans
query/set security descriptor calls. By default they pass
back into posix_acls.c which itself then calls back into the
VFS for the posix-style ACL_GET_FILE & friends. So if you
file system has NT ACLs then just hook into the NT_ACL vfs
calls, and just never call posix_acls.c.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20080104/e2cf614a/attachment.bin

More information about the samba-technical mailing list