A proposal for handling SACLs (Security Auditing) in Samba master

[Richard Sharpe]

Hi folks,

Here is a suggestion for handling SACLs. The most important aspect of
any approach to handling Security Auditing is that it should have low
cost for those who are not interested in any auditing.

What I suggest is the following:

1. We add, possibly just above se_access_check (with a change to
return the SD used, or something like that) a check to see if a SACL
is present, and if so, call SMB_VFS_SECURITY_AUDIT passing in the fsp,
the SACL, access desired, access granted, allowed or denied, etc.

2. Add a VFS routine SMB_VFS_SECURITY_AUDIT with the default behavior
in vfs_defaults.c to simply do nothing.

3. Provide a standard security auditing module that logs the
appropriate events in the current eventlog infrastructure.

This way, those who do not want auditing pay a very small cost, and
those who do want it can specify, on a per share basis, auditing if
they need it. In addition, specialized auditing modules could be
provided by those who care.

Of course, they would have to use one of the acl modules, like
acl_xattr or acl_tdb, as well.

-- 
Regards,
Richard Sharpe
(何以解憂？唯有杜康。--曹操)