[SAMBA4] cludge-acl implementation

Andrew Bartlett abartlet at samba.org
Fri Dec 30 23:38:26 GMT 2005 

I wanted to write to the list with some of the ideas and background
behind the proposed 'cludge-acl' implementation in Samba4's ldb.

Samba4 currently has no access control on ldb.  This isn't good, nor
pretty.  Before we ship a tech preview, we need to tighten things up, so
we look at least slightly serious.

So, I'm going to write a cludge-acl module for ldb.  For access control
decisions, it will use ldb opaque pointers:  When every database is
opened in Samba4, we have the opportunity to specify opaque pointers.  

ldb_wrap_connect() specifies these at the moment:

	if (ldb_set_opaque(ldb, "EventContext", ev)) {
		talloc_free(ldb);
		return NULL;
	}

	if (ldb_set_opaque(ldb, "sessionInfo", session_info)) {
		talloc_free(ldb);
		return NULL;
	}

	if (ldb_set_opaque(ldb, "credentials", credentials)) {
		talloc_free(ldb);
		return NULL;
	}

The wrapper for this, samdb_connect() has sessionInfo as it's argument,
which is in turn provided by the structures descirbing the user's
connection to the server.  

By passing down a user's sessionInfo, we can interrogate the group list,
and perform an ACL check.  (In a similar way, the credentials are used
for authenticating remote connections).

In writing this new module, I'm expecting to intercept potential changes
to the database, and allow or deny them based on a simple static ACL
check.  Users may read anything except passwords, and admins may write
anything.  System reads/changes are exempt, because they occur under a
special system_token().

To do this, I need to ensure that we always call samdb_connect() to open
the main user database (this is already done), and that when we access
the registry database, that ldb_wrap_connect() is also used, and had the
session_info and credentials arguments provided.   (I'm working with
jelmer on the details of that now).

Andrew Bartlett
-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20051231/52531a29/attachment.bin

More information about the samba-technical mailing list