New SMB2/3 features and SMB_VFS_* and connection_struct...
Stefan (metze) Metzmacher
metze at samba.org
Tue May 29 06:23:07 MDT 2012
>> We should also impersonate more correctly, so that all operations
>> on a file handle run as the same user, including TCP disconnects.
>> To do this sanely we need to have an tevent_context wrapper,
>> which impersonates before calling any event handler.
>> Comments, please:-)
> I see how you become the desired user, but there is no way to go 'back'.
> This seem to imply you cannot mix tevent_impersonate with any other
> tevent call, as the process will change user and will not change it back
> once done.
> Where is the trick/technical detail I am missing ?
Currently 'smbd' also changes the user only if needed.
It doesn't change back to root in every event loop.
There're explicit 'change_to_root()' calls if really needed.
That's why we'd have 3 types of tevent_context pointers:
1. the raw tevent_context that doesn't do any impersonation
2. a tevent_context that runs the handlers as root
3. a tevent_context that runs as the correct user
Note: that this also needs to call set_current_service()
And I think the SMB_VFS modules should only have access to 3.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 262 bytes
Desc: OpenPGP digital signature
More information about the samba-technical