New SMB2/3 features and SMB_VFS_* and connection_struct...
David Disseldorp
ddiss at suse.de
Tue May 29 07:16:53 MDT 2012
On Tue, 29 May 2012 14:23:07 +0200
"Stefan (metze) Metzmacher" <metze at samba.org> wrote:
> > I see how you become the desired user, but there is no way to go 'back'.
> > This seem to imply you cannot mix tevent_impersonate with any other
> > tevent call, as the process will change user and will not change it back
> > once done.
> > Where is the trick/technical detail I am missing ?
>
> Currently 'smbd' also changes the user only if needed.
> It doesn't change back to root in every event loop.
> There're explicit 'change_to_root()' calls if really needed.
>
> That's why we'd have 3 types of tevent_context pointers:
> 1. the raw tevent_context that doesn't do any impersonation
> 2. a tevent_context that runs the handlers as root
> tevent_change_to_root()
> 3. a tevent_context that runs as the correct user
> tevent_change_to_user(),
> Note: that this also needs to call set_current_service()
>
> And I think the SMB_VFS modules should only have access to 3.
This still becomes further complicated by pipe requests which perform
share IO, e.g. spoolss RpcAddPrinterDriverEx, FSRVP CommitShadowCopySet
etc.
In such a case the request should be handled as the pipe RPC op caller,
but we still need to ensure per-share force user/group settings take
effect.
I think explicit become / unbecome user boundaries would make things a
bit cleaner in handling this ugly corner case.
Cheers, David
More information about the samba-technical
mailing list