[jcifs] Dealing with simultaneous users in a Win2k3 environment

Christopher R. Hertel crh at ubiqx.mn.org
Fri Mar 19 20:05:30 GMT 2004 

Hmmm...  Conceptually, the first call to SmbFile() creates two types of
connection to the server.  There's the TCP connection and, on top of that,
there's an SMB connection.  The SmbFile() object rides on top of the SMB
connection.  The problem, in your case, is that further calls to SmbFile() 
will reuse existing SMB and TCP connections (if they are aimed at the same 
server).

Reusing the TCP connection is something that Windows systems do.  Win9x 
systems also re-use the same SMB connection (I've not found a way to enter 
a different username/password pair to establish a new SMB connection).  
WinNT and it's family do provide ways to create multiplexed SMB 
connections over the same TCP transport.  They sometimes play games with 
this too.  Urg.

There are several different versions of the SmbFile() constructor.  I'm 
wondering whether it's possible to use those to create separate SMB 
contexts.  Unfortunately, I'm the theory guy and there are details I 
should know and don't.

Chris -)-----

On Fri, Mar 19, 2004 at 10:51:16AM -0800, Michael Kerley wrote:
> Hi,
>
> I'm having a problem with user authentication in a Win2k3 environment.  The
> test environment is just one Win2k3 server (primary domain controller
> running active directory, etc.  Just a simple installation with all the
> defaults) and a WinXP Pro machine which is a member of the domain.
> 
> Here is the test I've been running:
> 
> 1. new SmbFile("smb://").listFiles()  --> Fails (expected because no
> authentication was given)
> 
> 2. new SmbFile("smb://user:pass@/").listFiles()  --> Gives the list of
> domains (expected)
> 
> 3. new SmbFile("smb://").listFiles()  --> Gives the list of domains (bad;
> this is a security risk)
> 
> It seems that the socket opened in step 2 is reused in step 3, so it's able
> to get the results.  This is a problem in my application because there will
> be one jCIFS client for multiple human users coming from different
> locations, and I don't want one user's authentication to be reused by other
> users.
> 
> Is there some option I can set to fix this problem?  If not, can someone
> point me to a place in the jCIFS code where I should be looking to make a
> change?  I've been tracing through some of it without much luck.  All that
> I've found so far is that the socket never seems to be closed by jCIFS
> manually; instead, it gets closed as a result of a connection reset (by the
> machine that answered the domain listing request).
> 
> Thanks,
> 
> Michael
>   _____  
> Michael Kerley
> Senior Software Engineer
> enKoo, Inc. 

-- 
"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/     -)-----   Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/   -)-----   ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/     -)-----   crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/    -)-----   crh at ubiqx.org

More information about the jcifs mailing list