Some patches to reload tokens when signals sent to Samba and etc

Jeremy Allison jra at samba.org
Thu May 15 03:56:10 MDT 2014


On Thu, May 15, 2014 at 02:42:58AM -0700, Richard Sharpe wrote:
> Hi Folks,
> 
> These are some patches that were supplied to Tandberg to provide the
> following functionality:
> 
> 1. If share-level permissions are changed, put them into effect for
> currently connected clients.
> 
> 2. On receipt of a signal (SIGUSR2 etc), reload the user's token in
> case there has been a change of group memberships etc.
> 
> These both take the view that already opened files will not be
> changed. They will retain the access the was granted when the file was
> opened. However, new opens will see whatever restrictions now apply.
> 
> The mechanism used to reload the token is not very robust I suspect.
> 
> Indeed, if Reauthentication is available in the version of SMB being
> used, it would probably be better to use that.

OK, I'm gonna take this as a conversation starter,
to work out how to add this functionality into
smbd.

Using SIGUSR2 for this is a bit of a non-starter
I'm afraid - smbcontrol messaging is the only
reasonable way to do this - we *really* don't
want more signal handlers being added unless we
just can't avoid it :-).

Also, having fixed a bunch of bugs in the token
processing recently I'm going to look through
those token changes *really* carefully :-).

Thanks for posting this though Richard, it
shows a bunch of new features we really should
think about adding for OEMs (as they obviously
really need them) !

Cheers,

	Jeremy.


More information about the samba-technical mailing list