EldoS | Feel safer!

Software components for data protection, secure storage and transfer

cbflt over nfs

Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.
#21581
Posted: 09/18/2012 03:15:16
by Daniel Wehrle (Basic support level)
Joined: 08/08/2008
Posts: 32

We have a windows nfs server and share a location.

Locally we attach the CallbackFilter above this share location using the "FileMon"-Example.

Now we change the acl of a file from a red hat distribution.

In our example the filter didn't recognize the change although the acls was visibly changed.

Is there an example where it works?
#21586
Posted: 09/18/2012 04:28:04
by Vladimir Cherniga (EldoS Corp.)

Do you observe any other activity in callbacks, such as OpenFile/CloseFile ? What type of share do you use ?
#21611
Posted: 09/19/2012 03:51:26
by Daniel Wehrle (Basic support level)
Joined: 08/08/2008
Posts: 32

There is a small list of observed activities as attachement.

I use Windows 2012 NFS Server but without User Mapping yet.
#21612
Posted: 09/19/2012 04:11:49
by Vladimir Cherniga (EldoS Corp.)

Cannot find the attachment.
#21618
Posted: 09/19/2012 04:51:39
by Daniel Wehrle (Basic support level)
Joined: 08/08/2008
Posts: 32

Sorry.

Here it is.


#21620
Posted: 09/19/2012 05:24:09
by Vladimir Cherniga (EldoS Corp.)

Can i ask you to check the filtered paths using a CallbackFiler::GetFilterRule(). It is possible that with a network provider other than LanmanWorkstation filter will not work properly, or may be not all fs requests are filtered properly.
#21623
Posted: 09/19/2012 06:51:33
by Daniel Wehrle (Basic support level)
Joined: 08/08/2008
Posts: 32

Attaching the filter with

Code
mFilter.AddFilterCallbackRule(textpath.Text,
                                           CbFltCallbackFlags.ReadNotify |
                                           CbFltCallbackFlags.WriteNotify |
                                           CbFltCallbackFlags.CreateNotify |
                                           CbFltCallbackFlags.RenameNotify |
                                           CbFltCallbackFlags.SetSizesNotify |
                                           CbFltCallbackFlags.DeleteNotify |
                                           CbFltCallbackFlags.SetBasicInfoNotify |
                                           CbFltCallbackFlags.EnumerateDirectoryNotify |
                                           CbFltCallbackFlags.OpenNotify |
                                           CbFltCallbackFlags.CloseNotify |
                                           CbFltCallbackFlags.SetSecurityNotify
                );


The Output of
Code
mFilter.GetFilterRule(0, out mask, out accessFlag, out callBackFlag);

is:

  • mask = "\\Device\\HarddiskVolume1\\nfstest\\*.*"
  • accessFlag = 0
  • callBackFlag = 2047
#21626
Posted: 09/19/2012 10:37:47
by Vladimir Cherniga (EldoS Corp.)

Thank you.
When you change acl locally, does it call appropriate callback ?
#21635
Posted: 09/20/2012 02:48:48
by Daniel Wehrle (Basic support level)
Joined: 08/08/2008
Posts: 32

yes.

i added logging of Control events

Output of change acl locally on nfs and smb:

  • SetFileSecurityC C:\nfstest\YAYA.txt
  • SetFileSecurityN C:\nfstest\YAYA.txt


  • SetFileSecurityC C:\smbtest\YAYA.txt
  • SetFileSecurityN C:\smbtest\YAYA.txt



chmod command from remote red hat mounting smb-share

  • SetFileAttributesC C:\smbtest\LLLL.txt
  • SetFileAttributesC C:\smbtest\LLLL.txt
  • SetFileAttributesN C:\smbtest\LLLL.txt


chmod command from remote red hat mounting nfs-share

Nothing
#21637
Posted: 09/20/2012 03:46:12
by Vladimir Cherniga (EldoS Corp.)

Could you compare logs produced with ProcMon utility from sysinternals, when you access file locally and remotely ? It may helps a lot.
Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.

Reply

Statistics

Topic viewed 5696 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!