[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-337-g73e9693
boyang
boyang at samba.org
Wed Aug 5 19:44:13 MDT 2009
Volker Lendecke wrote:
> On Wed, Aug 05, 2009 at 03:47:22PM +0800, boyang wrote:
>
>> My solution here is that:
>> The reload of usershare is necessary when changes of usershare
>> happen. For every open file operation, we must check it against file
>> permission as well as share permission. And when check it against share
>> permission, we *must not* use cache(the vuid_cache), we must perform a
>> access check from startup, ignoring any existing cache. I am wrong to
>> touch the already opened fsps.
>> For shares deleted, we should disconnect all connections connected
>> to this share/tree...
>>
>
> Ok, *that* I can believe. Thanks for doing those tests!
>
> So what we need is a security descriptor attached to
> connection_struct that we can quickly test against in
> create_file. This security descriptor should be updated on
> demand. I'd like to see a message type that can be sent to
> smbd's to update the secdesc for specific shares. We can
> then later decide how this is exactly being sent.
>
We will add message and message handler to samba first? Also hook a
secdesc to connection, and check against the secdesc in everyone open
operation? If we all agree with this approach, I'll start work on this
part. After finish this, we will discuss how we send the message. Mostly
where the messages are sent from, the destination of the message is
obvious, I think.
> Volker
>
--
Bo Yang, Software Engineer, Suse Labs
GPG-key-ID 538C4C1A
Samba Team boyang at samba.org http://www.samba.org/
SUSE Linux boyang at suse.de http://www.novell.com/
More information about the samba-technical
mailing list