smbsh and others.

[Andrew Tridgell]

> I was thinking about something more similar to ssh-agent, which 
> creates a Unix socket in /tmp/ssh-$user/ and communication
> with it is done by reading and writing the socket. 

yep, I think it should have a little protocol where you write
"server:share:flags" to the socket and read back a password. flags
would say whether you wanted a lm-hashed password.

> The biggest caveat I can think of is that I don't know how to stop
> root from getting clear text passwords by writing to the socket.
> But perhaps that is not introducing a security hole, if they already
> are root?

root can _always_ get the password. They just need to ptrace the
program that reads passwords. root is omnipotent :-)

> What about settling for a race condition?  "smbsh" can start up
> an 'smb-agent' and then we can prompt the user for a password.
> smbwrapper.so can then grab the password on initialization, 
> at which point smb-agent forgets it ever heard of a password.

it can't forget it, it needs to stick around for other subprocesses
who need authentication. smbwrapper makes a new connection for each
process.

> I would much prefer a socket thingy to pass clear text passwords,
> though.

Would you be able to put some time into writing a prototype of this?
We will certainly need it before joe user can start using smbwrapper.

Cheers, Tridge