Service-names and computer-names checked for in getpwnam
sharpe at ns.aus.com
Fri Jan 28 15:10:24 GMT 2000
At 11:31 AM 1/29/00 +1100, Mattias.Gronlund wrote:
>I thought that we used [homes], but we do not, so the problem isn't
>related to that, but...
>Some more browsing in the code got me into add_session_user() which
>is called for each service that is to be connected with the service
>as the "user"-parameter. add_session_user() is also used in
>reply_special and at that time the client computer name is added.
Well, actually, I think you will find that the call chain starts in
service.c in make_connection. The reply_tcon and reply_tconX routines call
make_connection, and the first thing make_connection does is call
find_service (these two routines are in service.c).
Now, find_service checks to see if the service name is a regular service,
and if not, then calls get_home_dir passing the service name. get_home_dir
treats the service name as a user, and tries to find such a user.
If the home dir is found, find_service then checks to see if a [homes] share
exists and uses the params specified there as defaults.
This is _CONTRARY_ to what the man pages say, which suggest that
get_home_dir would only be called if the [homes] share exists.
Perhaps we should fix the code :-)
>Every time add_session_user is called the user is checked for in
>the "local password file", _even_ if it is already in the list!
>authorise_login() is the only function that uses the list of
>session users. One comment says:
>/* there are several possibilities:
> 1) login as the given user with given password
> 2) login as a previously registered username with the given
> 3) login as a session list username with the given password
> 4) login as a previously validated user/password pair
> 5) login as the "user =" user with given password
> 6) login as the "user =" user with no password (guest connection)
> 7) login as guest user with no password
> if the service is guest_only then steps 1 to 5 are skipped
>So, what is a session user?
>What is session users used for?
>May we delay the Get_Pwnam call until they are realy needed?
>It just looks like that nearly all our NIS-calls has to do with these
>session-users. And I can't think of any time where the client or
>service would have a password mapped to them!
I think this might be fixed if find_service checked for a [homes] share
before diving off looking for home directories ...
>Would it be a bad idea to make the handling of "session users" possible
You are right, in that this whole area looks like a mess, with many
duplicated, and thus useless calls.
Perhaps it should be rewritten :-) The big problem is that this would lead
to major breakage until we found all the little things that each code path
is used for.
>> Gerald Carter wrote:
>> > Mattias Gronlund wrote:
>> > >
>> > > Hi,
>> > >
>> > > Is there anyone that knows why SAMBA checks for the name of the
>> > > service with getpwnam when a connection to a share is initiated?
>> > See the explanation of the [homes] service in the smb.conf man
>> > page.
>> The manual-page says:
>> > When the connection request is made, the existing sections are
>> > If a match is found, it is used. If no match is found, the requested
>> > section name is treated as a user name and looked up in the local
>> > file. If the name exists and the correct password has been given, a share
>> > is created by cloning the [homes] section.
>> But the implementation does a lookup in the "local password file" even
>> there is a separate section for the share. It will also try to lookup
>> which if I understands it is a quite special share that do not need a
Richard Sharpe, sharpe at ns.aus.com, Master Linux Administrator :-),
Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org)
Co-author, SAMS Teach Yourself Samba in 24 Hours
Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course
More information about the samba-technical