[Samba] utmp

ian j hart ianjhart at ntlworld.com
Sun Mar 24 09:56:02 GMT 2002 

I've had utmp running for a week or so in production.
Firstly can I say that this is ABSOLUTELY BRILLIANT.
I work in a school, so there's a lot of low level
"nonsence". Being able to track logons without trawling
through log files has saved me a conservative half a day
so far. How did I live without this?

FreeBSD 4.4-RELEASE (I think)
Samba 2.2.3a PDC '95 clients
+this local hack

--- smbd/session.c.orig Sun Feb  3 00:46:56 2002
+++ smbd/session.c      Thu Mar 14 23:00:03 2002
@@ -27,6 +27,7 @@
 */

 #include "includes.h"
+#include <libutil.h>

 #if defined(WITH_PAM) || defined(WITH_UTMP)

@@ -94,7 +95,8 @@
            place to do this is in the code that displays the session
            information. */

-        hostname = client_addr();
+               hostname = client_name();
+               trimdomain(hostname, 16);

        fstrcpy(sessionid.username, vuser->user.unix_name);
        fstrcpy(sessionid.hostname, hostname);

Built with make LIBS=-lutil
... because I don't grok autoconf et al
[Yes, I know hard coding the length sucks ;)]

I have a few observations.

There are many very short (time) entries. This is noise
that I could do without. I have found two causes, but some
still remain.

Connections to the time server are logged.
Connections to netbios aliases are logged.

I "fixed" these by putting %L in utmp path. Luckily
I already had TIME aliased.

I wonder if some of the remaining noise is due to the
closing of the "persistant home connection" you can get
when users log off W95. Any ideas how I can test this?

We have a few '95 computers acting as print servers.
When a client connects to one of these there are many
connections by the user, issued from the server. The
samba print servers don't seem to do this, presumably
because they run security = SHARE. Ideas?

It looks like all connections are logged. (I could be
wrong about this.) Ideally I only want to record "logons".
How do I do this now utmp is global?

Just noticed that there's some new code in cvs.
While rooting round I saw this; part of get_socket_name.

alpha_strcpy(name_buf, name_buf, "_-.", sizeof(name_buf));
	if (strstr(name_buf,"..")) {
	pstrcpy(name_buf, "UNKNOWN");
	}

o Isn't UNKNOWN a valid hostname?
o Underscores break RFC (1035?). Will "last" cope?
o I don't see any code to remove the domain name if it
  matches the local host. (Previous post 10th Mar 02).
  trimdomain is what FreeBSD logon does. Might not be
  portable tho'.

Keep up the good work

-- 
ian j hart

More information about the samba mailing list