[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-337-g73e9693

boyang boyang at samba.org
Wed Aug 5 19:44:13 MDT 2009

Volker Lendecke wrote:
> On Wed, Aug 05, 2009 at 03:47:22PM +0800, boyang wrote:
>> My solution here is that:
>>       The reload of usershare is necessary when changes of usershare
>> happen. For every open file operation, we must check it against file
>> permission as well as share permission. And when check it against share
>> permission, we *must not* use cache(the vuid_cache), we must perform a
>> access check from startup, ignoring any existing cache. I am wrong to
>> touch the already opened fsps.
>>       For shares deleted, we should disconnect all connections connected
>> to this share/tree...
> Ok, *that* I can believe. Thanks for doing those tests!
> So what we need is a security descriptor attached to
> connection_struct that we can quickly test against in
> create_file. This security descriptor should be updated on
> demand. I'd like to see a message type that can be sent to
> smbd's to update the secdesc for specific shares. We can
> then later decide how this is exactly being sent.
We will add message and message handler to samba first? Also hook a
secdesc to connection, and check against the secdesc in everyone open
operation? If we all agree with this approach, I'll start work on this
part. After finish this, we will discuss how we send the message. Mostly
where the messages are sent from, the destination of the message is
obvious, I think.
> Volker

Bo Yang, Software Engineer, Suse Labs
GPG-key-ID   538C4C1A
Samba Team   boyang at samba.org    http://www.samba.org/
SUSE Linux   boyang at suse.de      http://www.novell.com/

More information about the samba-technical mailing list