[jcifs] samba server lists wrong shares

Christopher R. Hertel crh at ubiqx.mn.org
Thu Mar 31 18:59:53 MDT 2011 

It's not a bug in Samba, it has more to do with the way that the protocol
works.  There are assumptions made by the protocol, and when you start using
tools like jCIFS and Samba which were both created outside of the
DOS/OS2/Windows world those assumptions get strained.

If you have logged on as two different users over the same connection, it's
not unreasonable for Samba to give you access to both user accounts.  The
connection is, after all, connected under both user names.

Chris -)-----

Felix Schumacher wrote:
> On Wed, 30 Mar 2011 13:28:06 -0500, Christopher R. Hertel wrote:
>> Michael B Allen wrote:
>>> Hi Felix,
>>>
>>> IIRC this is a sort of weird interaction specific to features of Samba
>>> and JCIFS. JCIFS reuses connections even when credentials are
>>> different. This is more efficient but when used with the Samba user
>>> directories feature it will result in listing other users that share
>>> that transport.
>>
>> That is because the protocol itself allows and expects multiple
>> authentications to occur over the same transport connection.  This is
>> due to
>> the nature of DOS, OS/2, and Windows systems.  They expect that there
>> will
>> be a single user sitting at the console screen, but that the user may
>> have
>> different identities on different servers.  Therefore, all of the
>> multiple
>> authentications over the same connection are being performed by or on the
>> behalf of that one user.
>>
>> Even in an NT Domain or Active Directory environment, the Windows
>> client may
>> use multiple credential sets (including guest and anonymous) to talk to a
>> server.  Each of these may be active at the same time.
> 
> 
> So both of you seem to think, that my test case should succeed and it is
> probably a samba server bug.
> 
>>
>>> But there could be a work-around. You can stop JCIFS from reusing
>>> transports by setting the property jcifs.smb.client.ssnLimit = 1
>>> (although this will cause a whole new socket and transport object to
>>> be created for each unique set of credentials which uses a
>>> considerable amount of resources). I think this will stop the
>>> aforementioned weird interaction.
>>
>> What Samba is probably doing is keeping track of which users have been
>> authenticated over the given connection and using that list to determine
>> which home directories to return in the shares list.  If that's the case,
>> and if Windows does *not* do the same, then it may be worth reporting
>> as a
>> Samba issue.
>>
>>> Note that JCIFS properties are global and static so beware if you have
>>> other code using JCIFS for other things, setting this property will
>>> affect them as well.
>>
>> This is, however, a worth-while test.  I would be interested in knowing
>> whether Samba and Windows display the same behavior.
> 
> I would love to perform such a test, but I haven't found anyone, who could
> tell me how I hide shares for specific users under windows.
> 
> That means I can't set up the userA sees only share userA and userB sees
> only share userB with a windows file server.
> 
> Bye
>  Felix
>>
>> Chris -)-----
> 

-- 
"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/     -)-----   Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/   -)-----   ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/     -)-----   crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/    -)-----   crh at ubiqx.org

More information about the jCIFS mailing list