EldoS | Feel safer!

Software components for data protection, secure storage and transfer

cbflt over nfs

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
#21581
Posted: 09/18/2012 03:15:16
by Daniel Wehrle (Basic support level)
Joined: 08/08/2008
Posts: 32

We have a windows nfs server and share a location.

Locally we attach the CallbackFilter above this share location using the "FileMon"-Example.

Now we change the acl of a file from a red hat distribution.

In our example the filter didn't recognize the change although the acls was visibly changed.

Is there an example where it works?
#21586
Posted: 09/18/2012 04:28:04
by Vladimir Cherniga (EldoS Corp.)

Do you observe any other activity in callbacks, such as OpenFile/CloseFile ? What type of share do you use ?
#21611
Posted: 09/19/2012 03:51:26
by Daniel Wehrle (Basic support level)
Joined: 08/08/2008
Posts: 32

There is a small list of observed activities as attachement.

I use Windows 2012 NFS Server but without User Mapping yet.
#21612
Posted: 09/19/2012 04:11:49
by Vladimir Cherniga (EldoS Corp.)

Cannot find the attachment.
#21618
Posted: 09/19/2012 04:51:39
by Daniel Wehrle (Basic support level)
Joined: 08/08/2008
Posts: 32

Sorry.

Here it is.


#21620
Posted: 09/19/2012 05:24:09
by Vladimir Cherniga (EldoS Corp.)

Can i ask you to check the filtered paths using a CallbackFiler::GetFilterRule(). It is possible that with a network provider other than LanmanWorkstation filter will not work properly, or may be not all fs requests are filtered properly.
#21623
Posted: 09/19/2012 06:51:33
by Daniel Wehrle (Basic support level)
Joined: 08/08/2008
Posts: 32

Attaching the filter with

Code
mFilter.AddFilterCallbackRule(textpath.Text,
                                           CbFltCallbackFlags.ReadNotify |
                                           CbFltCallbackFlags.WriteNotify |
                                           CbFltCallbackFlags.CreateNotify |
                                           CbFltCallbackFlags.RenameNotify |
                                           CbFltCallbackFlags.SetSizesNotify |
                                           CbFltCallbackFlags.DeleteNotify |
                                           CbFltCallbackFlags.SetBasicInfoNotify |
                                           CbFltCallbackFlags.EnumerateDirectoryNotify |
                                           CbFltCallbackFlags.OpenNotify |
                                           CbFltCallbackFlags.CloseNotify |
                                           CbFltCallbackFlags.SetSecurityNotify
                );


The Output of
Code
mFilter.GetFilterRule(0, out mask, out accessFlag, out callBackFlag);

is:

  • mask = "\\Device\\HarddiskVolume1\\nfstest\\*.*"
  • accessFlag = 0
  • callBackFlag = 2047
#21626
Posted: 09/19/2012 10:37:47
by Vladimir Cherniga (EldoS Corp.)

Thank you.
When you change acl locally, does it call appropriate callback ?
#21635
Posted: 09/20/2012 02:48:48
by Daniel Wehrle (Basic support level)
Joined: 08/08/2008
Posts: 32

yes.

i added logging of Control events

Output of change acl locally on nfs and smb:

  • SetFileSecurityC C:\nfstest\YAYA.txt
  • SetFileSecurityN C:\nfstest\YAYA.txt


  • SetFileSecurityC C:\smbtest\YAYA.txt
  • SetFileSecurityN C:\smbtest\YAYA.txt



chmod command from remote red hat mounting smb-share

  • SetFileAttributesC C:\smbtest\LLLL.txt
  • SetFileAttributesC C:\smbtest\LLLL.txt
  • SetFileAttributesN C:\smbtest\LLLL.txt


chmod command from remote red hat mounting nfs-share

Nothing
#21637
Posted: 09/20/2012 03:46:12
by Vladimir Cherniga (EldoS Corp.)

Could you compare logs produced with ProcMon utility from sysinternals, when you access file locally and remotely ? It may helps a lot.
Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages

Reply

Statistics

Topic viewed 5712 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!