[BUG] - sesssetup_user and %U, %G and %N
Luke Kenneth Casson Leighton
lkcl at samba.org
Fri Feb 4 05:36:24 GMT 2000
urr, people, we have a problem.
%N, %U and %G aren't standard_sub_basic() parameters, they are
standard_sub() parameters.
... actually, we need to create a new concept.
standard_sub_vuser().
%N, %U and %G are the first three that are candidates.
why? because these three are set up at the _first_ SMBsesssetupX received
and never thereafter.
why? because if i have an NT Domain Logon, the vuser is nothing to _do_
with the SMBsesssetupX that the NT Domain Logon came in on.
richard, the standard_sub() %s, including %u, should probably stay as-is,
because they really _are_ on a per-share basis.
%u is the connection_struct's user name which, i believe, is the *unix*
username.
%U is [currently standard_sub_basic] the sesssetup_user name, which is
_actually_ an NT name, but is treated as a *unix* username inside
standard_sub_basic.
so it's all a stupid mess, and i hate it. so i'm going to give this
message 36 hours and if there are no comments, i will create a
standard_sub_vuser() which will contain the %N, U% and %G substitutions.
finally, after many moons, a solution begins to present itself.
OHH!!!!!!!! I GET IT!!!!!!
you know, sometimes, microsoft is reeeeeaaallly clever .
ok.
you remember that tdb interface i was talking about? the one with the
smbd pid and the vuid as indeces into a user_struct database?
well, GUESS WHAT? there is a chicken-and-egg problem. you need to create
the tdb pid/vuid structure, _then_ check the user credentials, and if the
check is done locally, you need to be able to reference the tdb pid/vuid
structure.
well, in the microsoft user credential-checking functions (which i call
domain_client_validate in rpc_client/msrpc_netlogon.c), there is a
LOCA_USER_ID field which is GUESS WHAT? two 32-bit words.
hooowwww conveniieeent....
i wonder if microsoft had the same sorts of problems.
the more i get into this stuff, the more impressed i become with the NT
development team. this stuff is just... so well thought out!
except of course, when they mess it up, they _really_ mess it up. usually
with absolutely classic mistakes with rc4...
luke
<a href="mailto:lkcl at samba.org" > Luke Kenneth Casson Leighton </a>
<a href="http://www.cb1.com/~lkcl"> Samba and Network Development </a>
<a href="http://samba.org" > Samba Web site </a>
<a href="http://www.iss.net" > Internet Security Systems, Inc. </a>
<a href="http://mcp.com" > Macmillan Technical Publishing </a>
ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals
More information about the samba-technical
mailing list