Service-names and computer-names checked for in getpwnam
Mattias.Gronlund
Mattias.Gronlund at sa.erisoft.se
Sat Jan 29 00:26:10 GMT 2000
I thought that we used [homes], but we do not, so the problem isn't
related to that, but...
Some more browsing in the code got me into add_session_user() which
is called for each service that is to be connected with the service
as the "user"-parameter. add_session_user() is also used in
reply_special and at that time the client computer name is added.
Every time add_session_user is called the user is checked for in
the "local password file", _even_ if it is already in the list!
authorise_login() is the only function that uses the list of
session users. One comment says:
/* there are several possibilities:
1) login as the given user with given password
2) login as a previously registered username with the given
password
3) login as a session list username with the given password
4) login as a previously validated user/password pair
5) login as the "user =" user with given password
6) login as the "user =" user with no password (guest connection)
7) login as guest user with no password
if the service is guest_only then steps 1 to 5 are skipped
*/
So, what is a session user?
What is session users used for?
May we delay the Get_Pwnam call until they are realy needed?
It just looks like that nearly all our NIS-calls has to do with these
session-users. And I can't think of any time where the client or
service would have a password mapped to them!
Would it be a bad idea to make the handling of "session users" possible
to disable?
/Mattias
"Mattias.Gronlund" wrote:
>
> Gerald Carter wrote:
> >
> > Mattias Gronlund wrote:
> > >
> > > Hi,
> > >
> > > Is there anyone that knows why SAMBA checks for the name of the
> > > service with getpwnam when a connection to a share is initiated?
> >
> > See the explanation of the [homes] service in the smb.conf man
> > page.
> >
>
> The manual-page says:
> > When the connection request is made, the existing sections are scanned.
> > If a match is found, it is used. If no match is found, the requested
> > section name is treated as a user name and looked up in the local password
> > file. If the name exists and the correct password has been given, a share
> > is created by cloning the [homes] section.
>
> But the implementation does a lookup in the "local password file" even
> if
> there is a separate section for the share. It will also try to lookup
> IPC$
> which if I understands it is a quite special share that do not need a
> directory.
>
> /Mattias
More information about the samba-technical
mailing list