Service-names and computer-names checked for in getpwnam

[Richard Sharpe]

Hi,

At 11:31 AM 1/29/00 +1100, Mattias.Gronlund wrote:
>I thought that we used [homes], but we do not, so the problem isn't
>related to that, but...
>
>Some more browsing in the code got me into add_session_user() which
>is called for each service that is to be connected with the service
>as the "user"-parameter. add_session_user() is also used in
>reply_special and at that time the client computer name is added.

Well, actually, I think you will find that the call chain starts in
service.c in make_connection.  The reply_tcon and reply_tconX routines call
make_connection, and the first thing make_connection does is call
find_service (these two routines are in service.c).

Now, find_service checks to see if the service name is a regular service,
and if not, then calls get_home_dir passing the service name.  get_home_dir
treats the service name as a user, and tries to find such a user.

If the home dir is found, find_service then checks to see if a [homes] share
exists and uses the params specified there as defaults.

This is _CONTRARY_ to what the man pages say, which suggest that
get_home_dir would only be called if the [homes] share exists.

Perhaps we should fix the code :-)

>Every time add_session_user is called the user is checked for in
>the "local password file", _even_ if it is already in the list!
>
>authorise_login() is the only function that uses the list of
>session users. One comment says:
>
>/* there are several possibilities:
>      1) login as the given user with given password
>      2) login as a previously registered username with the given
>password
>      3) login as a session list username with the given password
>      4) login as a previously validated user/password pair
>      5) login as the "user =" user with given password
>      6) login as the "user =" user with no password (guest connection)
>      7) login as guest user with no password
> 
>      if the service is guest_only then steps 1 to 5 are skipped
>   */
>
>So, what is a session user?
>
>What is session users used for?
>
>May we delay the Get_Pwnam call until they are realy needed?
>
>It just looks like that nearly all our NIS-calls has to do with these
>session-users. And I can't think of any time where the client or 
>service would have a password mapped to them!

I think this might be fixed if find_service checked for a [homes] share
before diving off looking for home directories ...

>Would it be a bad idea to make the handling of "session users" possible
>to disable?

You are right, in that this whole area looks like a mess, with many
duplicated, and thus useless calls.

Perhaps it should be rewritten :-)  The big problem is that this would lead
to major breakage until we found all the little things that each code path
is used for.


>/Mattias
>
>"Mattias.Gronlund" wrote:
>> 
>> Gerald Carter wrote:
>> >
>> > Mattias Gronlund wrote:
>> > >
>> > > Hi,
>> > >
>> > > Is there anyone that knows why SAMBA checks for the name of the
>> > > service with getpwnam when a connection to a share is initiated?
>> >
>> > See the explanation of the [homes] service in the smb.conf man
>> > page.
>> >
>> 
>> The manual-page says:
>> > When  the  connection  request  is made, the existing sections are
scanned.
>> > If a match is found, it is used. If no match is found, the requested
>> > section name is treated as a user name and looked up in the local
password
>> > file. If the name exists and the correct password has been given, a share
>> > is created by cloning the [homes] section.
>> 
>> But the implementation does a lookup in the "local password file" even
>> if
>> there is a separate section for the share. It will also try to lookup
>> IPC$
>> which if I understands it is a quite special share that do not need a
>> directory.
>> 
>> /Mattias
>

Regards
-------
Richard Sharpe, sharpe at ns.aus.com, Master Linux Administrator :-),
Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org)
Co-author, SAMS Teach Yourself Samba in 24 Hours
Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course