Service-names and computer-names checked for in getpwnam

Mattias.Gronlund Mattias.Gronlund at sa.erisoft.se
Sat Jan 29 00:26:10 GMT 2000


I thought that we used [homes], but we do not, so the problem isn't
related to that, but...

Some more browsing in the code got me into add_session_user() which
is called for each service that is to be connected with the service
as the "user"-parameter. add_session_user() is also used in
reply_special and at that time the client computer name is added.

Every time add_session_user is called the user is checked for in
the "local password file", _even_ if it is already in the list!

authorise_login() is the only function that uses the list of
session users. One comment says:

/* there are several possibilities:
      1) login as the given user with given password
      2) login as a previously registered username with the given
password
      3) login as a session list username with the given password
      4) login as a previously validated user/password pair
      5) login as the "user =" user with given password
      6) login as the "user =" user with no password (guest connection)
      7) login as guest user with no password
 
      if the service is guest_only then steps 1 to 5 are skipped
   */

So, what is a session user?

What is session users used for?

May we delay the Get_Pwnam call until they are realy needed?

It just looks like that nearly all our NIS-calls has to do with these
session-users. And I can't think of any time where the client or 
service would have a password mapped to them!

Would it be a bad idea to make the handling of "session users" possible
to disable?

/Mattias

"Mattias.Gronlund" wrote:
> 
> Gerald Carter wrote:
> >
> > Mattias Gronlund wrote:
> > >
> > > Hi,
> > >
> > > Is there anyone that knows why SAMBA checks for the name of the
> > > service with getpwnam when a connection to a share is initiated?
> >
> > See the explanation of the [homes] service in the smb.conf man
> > page.
> >
> 
> The manual-page says:
> > When  the  connection  request  is made, the existing sections are scanned.
> > If a match is found, it is used. If no match is found, the requested
> > section name is treated as a user name and looked up in the local password
> > file. If the name exists and the correct password has been given, a share
> > is created by cloning the [homes] section.
> 
> But the implementation does a lookup in the "local password file" even
> if
> there is a separate section for the share. It will also try to lookup
> IPC$
> which if I understands it is a quite special share that do not need a
> directory.
> 
> /Mattias


More information about the samba-technical mailing list