New SMB2/3 features and SMB_VFS_* and connection_struct...

David Disseldorp ddiss at
Tue May 29 07:16:53 MDT 2012

On Tue, 29 May 2012 14:23:07 +0200
"Stefan (metze) Metzmacher" <metze at> wrote:

> > I see how you become the desired user, but there is no way to go 'back'.
> > This seem to imply you cannot mix tevent_impersonate with any other
> > tevent call, as the process will change user and will not change it back
> > once done.
> > Where is the trick/technical detail I am missing ?  
> Currently 'smbd' also changes the user only if needed.
> It doesn't change back to root in every event loop.
> There're explicit 'change_to_root()' calls if really needed.
> That's why we'd have 3 types of tevent_context pointers:
> 1. the raw tevent_context that doesn't do any impersonation
> 2. a tevent_context that runs the handlers as root
>    tevent_change_to_root()
> 3. a tevent_context that runs as the correct user
>    tevent_change_to_user(),
>    Note: that this also needs to call set_current_service()
> And I think the SMB_VFS modules should only have access to 3.

This still becomes further complicated by pipe requests which perform
share IO, e.g. spoolss RpcAddPrinterDriverEx, FSRVP CommitShadowCopySet
In such a case the request should be handled as the pipe RPC op caller,
but we still need to ensure per-share force user/group settings take
I think explicit become / unbecome user boundaries would make things a
bit cleaner in handling this ugly corner case.

Cheers, David

More information about the samba-technical mailing list