Jerrad Bieno
2019-Oct-01 13:32 UTC
[Samba] need to check and read ntfs acls from nfs stack, looking for libraries to do so
I need to add the ability to check permissions against ntfs acls that are set and maintained by a samba server, in our nfs stack. The nfs stack currently doesn't have anything to deal with this. I was wondering if Samba's code for creating and checking permissions against the security descriptor and related structs is something provided by third party libraries, or did Samba implement that all specifically for Samba? I was hoping that since ntfs acls are a standard format for smb permissions that there would be some sort of libraries available for dealing with them but I am having a hard time finding anything.
Jeremy Allison
2019-Oct-01 18:52 UTC
[Samba] need to check and read ntfs acls from nfs stack, looking for libraries to do so
On Tue, Oct 01, 2019 at 08:32:16AM -0500, Jerrad Bieno via samba wrote:> I need to add the ability to check permissions against ntfs acls that are > set and maintained by a samba server, in our nfs stack. The nfs stack > currently doesn't have anything to deal with this. I was wondering if > Samba's code for creating and checking permissions against the security > descriptor and related structs is something provided by third party > libraries, or did Samba implement that all specifically for Samba? I was > hoping that since ntfs acls are a standard format for smb permissions that > there would be some sort of libraries available for dealing with them but I > am having a hard time finding anything.It was all implemented specifically for Samba and isn't broken out into a separate library. It's based on reading ndr-encoded data strctures stored inside extended attributes. If you want to look into making it a library, we'd welcome patches along those lines.
Aurélien Aptel
2019-Oct-07 06:48 UTC
[Samba] need to check and read ntfs acls from nfs stack, looking for libraries to do so
"Jerrad Bieno via samba" <samba at lists.samba.org> writes:> hoping that since ntfs acls are a standard format for smb permissions that > there would be some sort of libraries available for dealing with them but I > am having a hard time finding anything.I've documented some of the behaviour of Windows NFS server not too long ago, and have some links and ressources you might find helpful (including basic ACL perm check in python): https://github.com/aaptel/nfs-acl-test/ Cheers, -- Aur?lien Aptel / SUSE Labs Samba Team GPG: 1839 CB5F 9F5B FB9B AA97 8C99 03C8 A49B 521B D5D3 SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 N?rnberg, DE GF: Felix Imend?rffer, Mary Higgins, Sri Rasiah HRB 247165 (AG M?nchen)