windows maintains a link to that share, even when the userlogs out

Andy Bakun abakun at reac.com
Tue Apr 13 15:05:42 GMT 1999 

Luke Kenneth Casson Leighton wrote:

> On Tue, 13 Apr 1999, Andy Bakun wrote:
>
> > Microsoft engineers are completely bogus if they can't reproduce this.  I was
> > working on a patch to samba to work around this by having smbd exit when it
> > received a LOGOFF event... but this doesn't work because WinNT clients send
> > the LOGOFF event and THEN update the profile,
>
> correct.
>
> have you tried the patch that was written by the same person that did the
> "restrict anonymous" patch?

I _am_ the person who wrote "restrict anonymous", Luke. :)  Which patch are you
refering to?  The one that I described above?

> the solution is to refuse to allow the very
> first anonymous IPC$ connection, and the clients then make an
> authenticated IPC$ connection.  because _this_ is the first authenticated
> connection, the [homes] connection is also properly authenticated,
> therefore the internal processes in nt&95 get it sorted out.

I don't think this is the problem I am describing.  Since I wrote "restrict
anonymous", of course I'm using it.  Restricting anonymous connections doesn't keep
the client from making a connection to a share even though they are not logged in,
they just have to provide a valid username and password (or a connection token, I
guess it is called) -- this is good because I want the machines that don't login to
the domain (local accounts and win95 machines) to still access my samba domain as
long as they have a username and password.  In the patch I was working on to
disconnect, this is how it worked:

one new global parameter:
disconnect at logoff = boolean
  If this was false, then the original behaviour would be used.  If true, then smbd
would attempt to exit when certain conditions were met, as described below.

one new share parameter:
profile storage = boolean
  You would set this in the definition for the share that is holding the profiles.

In smbd/process.c, I would check to see if "disconnect at logoff" was true.  If so,
then I would check to see if the only share open was the one designated as "profile
storage".  If so, then when a LOGOFF event was received the deadtime was changed to
between 3 and 12 seconds.  This worked only some of the time, because the LOGOFF
event isn't always sent by the client, and it's intermixed with the network
connection being closed (so smbd exits, and we loose track of the state).  I left
off working on it trying to determine how long to set the deadtime to.  Although,
interestingly enough, looking at the audit logs for my samba machine shows that the
client is sending a LOGOFF, then updating the profile, then sending a LOGOFF event
again, for at least the past 2 or 3 months, so this might be a viable option again
(SP4, perhaps?).  Anyway, I found the patches, it's against 2.0beta5, if someone
wants to take a look at them:

http://www.reac.com/samba/older/samba-disconlogout.msg
http://www.reac.com/samba/older/2.0beta5/samba-dal-2beta5.diff

Andy.

More information about the samba-ntdom mailing list