Some patches to reload tokens when signals sent to Samba and etc
Jeremy Allison
jra at samba.org
Thu May 15 03:56:10 MDT 2014
On Thu, May 15, 2014 at 02:42:58AM -0700, Richard Sharpe wrote:
> Hi Folks,
>
> These are some patches that were supplied to Tandberg to provide the
> following functionality:
>
> 1. If share-level permissions are changed, put them into effect for
> currently connected clients.
>
> 2. On receipt of a signal (SIGUSR2 etc), reload the user's token in
> case there has been a change of group memberships etc.
>
> These both take the view that already opened files will not be
> changed. They will retain the access the was granted when the file was
> opened. However, new opens will see whatever restrictions now apply.
>
> The mechanism used to reload the token is not very robust I suspect.
>
> Indeed, if Reauthentication is available in the version of SMB being
> used, it would probably be better to use that.
OK, I'm gonna take this as a conversation starter,
to work out how to add this functionality into
smbd.
Using SIGUSR2 for this is a bit of a non-starter
I'm afraid - smbcontrol messaging is the only
reasonable way to do this - we *really* don't
want more signal handlers being added unless we
just can't avoid it :-).
Also, having fixed a bunch of bugs in the token
processing recently I'm going to look through
those token changes *really* carefully :-).
Thanks for posting this though Richard, it
shows a bunch of new features we really should
think about adding for OEMs (as they obviously
really need them) !
Cheers,
Jeremy.
More information about the samba-technical
mailing list