[BUG] - sesssetup_user and %U, %G and %N

Luke Kenneth Casson Leighton lkcl at samba.org
Fri Feb 4 05:36:24 GMT 2000


urr, people, we have a problem.

%N, %U and %G aren't standard_sub_basic() parameters, they are
standard_sub() parameters.

... actually, we need to create a new concept.

standard_sub_vuser().

%N, %U and %G are the first three that are candidates.

why?  because these three are set up at the _first_ SMBsesssetupX received
and never thereafter.

why? because if i have an NT Domain Logon, the vuser is nothing to _do_
with the SMBsesssetupX that the NT Domain Logon came in on.

richard,  the standard_sub() %s, including %u, should probably stay as-is,
because they really _are_ on a per-share basis.

%u is the connection_struct's user name which, i believe, is the *unix*
username.

%U is [currently standard_sub_basic] the sesssetup_user name, which is
_actually_ an NT name, but is treated as a *unix* username inside
standard_sub_basic.

so it's all a stupid mess, and i hate it.  so i'm going to give this
message 36 hours and if there are no comments, i will create a
standard_sub_vuser() which will contain the %N, U% and %G substitutions.

finally, after many moons, a solution begins to present itself.

OHH!!!!!!!! I GET IT!!!!!!

you know, sometimes, microsoft is reeeeeaaallly clever .

ok.

you remember that tdb interface i was talking about?  the one with the
smbd pid and the vuid as indeces into a user_struct database?

well, GUESS WHAT?  there is a chicken-and-egg problem.  you need to create
the tdb pid/vuid structure, _then_ check the user credentials, and if the
check is done locally, you need to be able to reference the tdb pid/vuid
structure.

well, in the microsoft user credential-checking functions (which i call
domain_client_validate in rpc_client/msrpc_netlogon.c), there is a
LOCA_USER_ID field which is GUESS WHAT?  two 32-bit words.

hooowwww conveniieeent....

i wonder if microsoft had the same sorts of problems.

the more i get into this stuff, the more impressed i become with the NT
development team.  this stuff is just... so well thought out!

except of course, when they mess it up, they _really_ mess it up.  usually
with absolutely classic mistakes with rc4...

luke

<a href="mailto:lkcl at samba.org"   > Luke Kenneth Casson Leighton    </a>
<a href="http://www.cb1.com/~lkcl"> Samba and Network Development   </a>
<a href="http://samba.org"        > Samba Web site                  </a>
<a href="http://www.iss.net"      > Internet Security Systems, Inc. </a>
<a href="http://mcp.com"          > Macmillan Technical Publishing  </a>

 ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals



More information about the samba-technical mailing list