Libsmbclient
Richard Sharpe
sharpe at ns.aus.com
Thu Sep 20 05:21:02 GMT 2001
Hi,
I have been away on holidays for a few days ... I hope to reply to this
tomorrow ...
It may not be too hard to provide an API call to do what you want ...
Alain BARBET wrote:
> Hi,
>
> Thanks to Richard Sharpe for his job on libsmblient library. (and others
> ;-) I've already wrote to this list when I build Filesys::SmbClient
> (a Perl interface to this api). So today, I work in a computer
> company that make a search engine. This a C++ project on GNU platform.
>
> I've already make http, ftp, nntp, file, https retrievers and today I
> want make smb retriever. For that no problem with libsmbclient
> interface, I've all that I need.
>
> But I need some additionnal functionnality:
>
> For check if a final user can access a smb file (user perm are not
> stored at index time because we don't want replicate auth job on our
> database engine.)
> we check at search time if authenticate HTTP user can open the file.
> We gain access to user/password with nph script, and then we want check
> if this user is correct.
> So:
> - First we ask http user to authenticate itself with user/password.
> - Second we check if the user/password given by user is defined on a
> IPC$ share
> - Three we check list of file for this user
> But interface is too high to only check if a user/password is good.
> All open operation on a IPC$ share didn't work ... How can I do this ?
> the smbc_server is private, and I didn't see another method.
>
> Another thing: with this usage and in fastcgi environnment (so script
> doesn't end with request of users and smb connections keep open by
> libsmbclient.so), this is a big security hole:
> We provide a user/password but if a successful connection has been open
> before, the password isn't check and unsuccessful login user can access
> file as long as he know user !
>
> function smbc_server, extract form sources/libsmbclient.c:
>
> for (srv=smbc_srvs;srv;srv=srv->next) {
> if (strcmp(server,srv->server_name)==0 &&
> strcmp(share,srv->share_name)==0 &&
> strcmp(workgroup,srv->workgroup)==0 &&
> strcmp(username, srv->username) == 0)
> return srv;
> }
>
> So if this management of user/password and connection is done, another
> method must be provide to check if user/password is valid on a domain.
>
> Thanks a lot,
> --
> Alain BARBET
>
>
>
--
Richard Sharpe, rsharpe at ns.aus.com, LPIC-1
www.samba.org, www.ethereal.com, SAMS Teach Yourself Samba
in 24 Hours, Special Edition, Using Samba
More information about the samba-technical
mailing list