NT sending guest username and parameter parsing problem

Sat Oct 24 20:10:24 GMT 1998

>> NT Workstations (SP3) seem to be sending 'guest' as the username at times
>> when requesting a list of shares.  This makes the %U parameter mostly
>> useless.  Take the following example (please!):
> 
> it's not nt wkstas, it's samba.  and no, there isn't really a good
> solution.  i've seen this happen with win95 too.

Right.  I said that wrong.  NT wrkst is sending a blank username, which samba
 interpretes as guest.

Looking at the code in smbd/reply.c, approx line 582, in function
 reply_sessetup_and_X, I see this block of code:

  /* If no username is sent use the guest account */
  if (!*user)
    {
      pstrcpy(user,lp_guestaccount(-1));
      /* If no user and no password then set guest flag. */
      if( *smb_apasswd == 0)
        guest = True;
    }

  strlower(user);

  /*
   * In share level security, only overwrite sesssetup_use if
   * it's a non null-session share. Helps keep %U and %G
   * working.
   */

  if((lp_security() != SEC_SHARE) || *user)
    pstrcpy(sesssetup_user,user);

  reload_services(True);

The first if statement, by checking for no username and always setting it to
 guest, makes the second if always succeed because *user is always true.

I'm not sure what the comment before the second if is saying.  The assignment
 to sesssetup_user is being done so that the username that was sent is being
 used by the reload_services call, but should that be done when security is
 SEC_SHARE?  I have a feeling the second if should be:

   if((lp_security() == SEC_SHARE) && *user)

or

   if((lp_security() != SEC_SHARE) && *user)

(depending on how you interprete the comment)

or the reload_services call could be moved up between the two ifs (but then
 in share level security, 'guest' won't be used in the call to
 reload_services, if that is what you want), or these two ifs should some
 how change position.  I'm still trying to figure out how to move things
 around and change the conditions to get the effect I think is needed.

These are the conditions I'm trying to end up with:
 - sesssetup_user should be set to something meaninful (non-guest if
    possible) before calling reload_services.

 - sesssetup_user should not be an empty string (otherwise %U expands to
    nothing).

 - sesssetup_user should keep it's value if it's not empty and no username
    was sent by the client.

 - sesssetup_user should get the value of user if sesssetup_user is the
    guest account and a non-guest account was sent by the client.

 - can't set sam_logon_in_ssb to true because sometimes samlogon_user isn't
    set (like after a reconnection when smbd is killed). Although, my
    impression is that as long as the server is up and connections are
    maintained throughout the life of a client logon, then samlogon_user
    should contain the username of the user who logged on.

Did I miss anything?

During my tests, I've noticed that in reply_sesssetup_and_X conn is always
 NULL.  When does conn get a value?  There are some fields in it that I wanted
 to take a look at, but it seems to go unused.

As a side note, where is the option 'security = domain' documented? I can't
 figure out exactly what it does.  The man page only documents share, user,
 and server, and an examination of the files in docs/ doesn't give any usefull
 information.  As an educated guess, does it implement trust relationships for
 a samba server being a member of a domain, and if so, how is that different
 than security = server (other than requiring a machine account in the domain).

Andy.
thwartedefforts at wonky.org