MULTIPROTOCOL ACCESS CONTROL LIST WITH GUARANTEED PROTOCOL COMPLIANCE
First Claim
1. A method of access rights validation for a multiprotocol supported file server, comprising:
- receiving a request to store a file on a file server from an owner protocol, the request to store comprising a file and a security descriptor;
storing the file on the file server;
storing the security descriptor as a byte sequence according to a specification of the owner protocol in an extended attribute associated with the file;
receiving a request to open the file from a requestor protocol having a user ID;
expanding the security descriptor to extract a set of ACEs (access control entries);
transforming the user ID to a mapped ID according to a specification of the owner protocol; and
validating the mapped ID against the set of ACEs expanded from the security descriptor according to a specification of the owner protocol.
1 Assignment
0 Petitions
Accused Products
Abstract
An approach to multiprotocol ACL implementation with guaranteed protocol compliance is described. In one approach, a method of access rights validation for a multiprotocol supported file server is detailed. The method involves receiving a request to store a file with a security descriptor and storing the security descriptor in an extended attribute associated with the file. Subsequently, the security descriptor is expanded to extract a set of ACEs. Access to the file can then be validated against the ACEs expanded from the security descriptor according to the specifications of the protocol that created the security descriptor.
46 Citations
20 Claims
-
1. A method of access rights validation for a multiprotocol supported file server, comprising:
-
receiving a request to store a file on a file server from an owner protocol, the request to store comprising a file and a security descriptor; storing the file on the file server; storing the security descriptor as a byte sequence according to a specification of the owner protocol in an extended attribute associated with the file; receiving a request to open the file from a requestor protocol having a user ID; expanding the security descriptor to extract a set of ACEs (access control entries); transforming the user ID to a mapped ID according to a specification of the owner protocol; and validating the mapped ID against the set of ACEs expanded from the security descriptor according to a specification of the owner protocol. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer usable medium having computer-readable program code embodied therein for causing a computer system to execute a method of access rights validation for a multiprotocol supported file server, comprising:
-
receiving a request to store a file on a file system from an owner protocol, the request to store comprising a file and a security descriptor; storing the file on the file system; storing the security descriptor as a byte sequence according to a specification of the owner protocol in an extended attribute associated with the file; receiving a request to open the file from a requestor protocol having a user ID; expanding the security descriptor to extract a set of ACEs (access control entries); transforming the user ID to a mapped ID according to a specification of the owner protocol; and validating the mapped ID against the set of ACEs expanded from the security descriptor according to a specification of the owner protocol. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. An apparatus for providing access rights validation for a multiprotocol supported file server, comprising:
-
a multiprotocol access handler circuit configured to receive a request to store a file on a file system from an owner protocol, the request to store comprising a file and a security descriptor; and memory coupled to the multiprotocol access handler circuit storing a file system configured to; store the file on the file server; store the security descriptor as a byte sequence according to a specification of the owner protocol in an extended attribute associated with the file; and expand the security descriptor to extract a set of ACEs (access control entries) in response to receiving a request to open the file from a requestor protocol having a user ID; wherein the user ID is transformed to a mapped ID according to a specification of the owner protocol, and the mapped ID is validated against the set of ACEs expanded from the security descriptor by the multiprotocol access handler circuit according to a specification of the owner protocol. - View Dependent Claims (18, 19, 20)
-
Specification