[jcifs] samba server lists wrong shares
Felix Schumacher
felix.schumacher at internetallee.de
Thu Mar 31 07:27:00 MDT 2011
On Thu, 31 Mar 2011 13:38:42 +0200, Marcus Ilgner wrote:
> On Thu, Mar 31, 2011 at 12:59 PM, Felix Schumacher
> <felix.schumacher at internetallee.de> wrote:
>> On Wed, 30 Mar 2011 13:28:06 -0500, Christopher R. Hertel wrote:
>>>
>>> Michael B Allen wrote:
>>>>
>>>> Hi Felix,
>>>>
>>>> IIRC this is a sort of weird interaction specific to features of
>>>> Samba
>>>> and JCIFS. JCIFS reuses connections even when credentials are
>>>> different. This is more efficient but when used with the Samba
>>>> user
>>>> directories feature it will result in listing other users that
>>>> share
>>>> that transport.
>>>
>>> That is because the protocol itself allows and expects multiple
>>> authentications to occur over the same transport connection. This
>>> is due
>>> to
>>> the nature of DOS, OS/2, and Windows systems. They expect that
>>> there will
>>> be a single user sitting at the console screen, but that the user
>>> may have
>>> different identities on different servers. Therefore, all of the
>>> multiple
>>> authentications over the same connection are being performed by or
>>> on the
>>> behalf of that one user.
>>>
>>> Even in an NT Domain or Active Directory environment, the Windows
>>> client
>>> may
>>> use multiple credential sets (including guest and anonymous) to
>>> talk to a
>>> server. Each of these may be active at the same time.
>>
>>
>> So both of you seem to think, that my test case should succeed and
>> it is
>> probably a samba server bug.
>>
>
> My understanding was that this isn't a bug but, as the saying goes, a
> feature.
> Samba supports multiple authentications and so if you authenticate
> with both
> userA and userB using the same connection, you should expect to see
> all
> shares visible by one of them.
Well I understood, that it would be not suprising, but nonetheless a
bug.
>
>>>
>>>> But there could be a work-around. You can stop JCIFS from reusing
>>>> transports by setting the property jcifs.smb.client.ssnLimit = 1
>>>> (although this will cause a whole new socket and transport object
>>>> to
>>>> be created for each unique set of credentials which uses a
>>>> considerable amount of resources). I think this will stop the
>>>> aforementioned weird interaction.
>>>
>>> What Samba is probably doing is keeping track of which users have
>>> been
>>> authenticated over the given connection and using that list to
>>> determine
>>> which home directories to return in the shares list. If that's the
>>> case,
>>> and if Windows does *not* do the same, then it may be worth
>>> reporting as a
>>> Samba issue.
>>>
>>>> Note that JCIFS properties are global and static so beware if you
>>>> have
>>>> other code using JCIFS for other things, setting this property
>>>> will
>>>> affect them as well.
>>>
>>> This is, however, a worth-while test. I would be interested in
>>> knowing
>>> whether Samba and Windows display the same behavior.
>>
>> I would love to perform such a test, but I haven't found anyone, who
>> could
>> tell me how I hide shares for specific users under windows.
>>
>> That means I can't set up the userA sees only share userA and userB
>> sees
>> only share userB with a windows file server.
>>
>> Bye
>> Felix
>>>
>>> Chris -)-----
>>
>
> I'd also be interested to hear if setting jcifs.smb.client.ssnLimit
> works for you.
If I use jcifs.smb.client.ssnLimit=1 in my test case it succeeds. But
that would be
a workaround. I would rather like it to have the root cause fixed.
Bye
Felix
>
> All the best
> Marcus
More information about the jCIFS
mailing list