Libsmbclient

[Richard Sharpe]

Hi,

I have been away on holidays for a few days ... I hope to reply to this 
tomorrow ...

It may not be too hard to provide an API call to do what you want ...

Alain BARBET wrote:
> Hi,
> 
> Thanks to Richard Sharpe for his job on libsmblient library. (and others
> ;-) I've already wrote to this list when I build Filesys::SmbClient
> (a Perl interface to this api). So today, I work in a computer
> company that make a search engine. This a C++ project on GNU platform.
> 
> I've already make http, ftp, nntp, file, https retrievers and today I
> want make smb retriever. For that no problem with libsmbclient
> interface, I've all that I need.
> 
> But I need some additionnal functionnality:
> 
> For check if a final user can access a smb file (user perm are not
> stored at index time because we don't want replicate auth job on our
> database engine.)
> we check at search time if authenticate HTTP user can open the file.
> We gain access to user/password with nph script, and then we want check
> if this user is correct.
> So:
> - First we ask http user to authenticate itself with user/password.
> - Second we check if the user/password given by user is defined on a
> IPC$ share
> - Three we check list of file for this user
> But interface is too high to only check if a user/password is good.
> All open operation on a IPC$ share didn't work ... How can I do this ?
> the smbc_server is private, and I didn't see another method.
> 
> Another thing: with this usage and in fastcgi environnment (so script
> doesn't end with request of users and smb connections keep open by
> libsmbclient.so), this is a big security hole:
> We provide a user/password but if a successful connection has been open
> before, the password isn't check and unsuccessful login user can access
> file as long as he know user !
> 
> function smbc_server, extract form sources/libsmbclient.c:
> 
>    for (srv=smbc_srvs;srv;srv=srv->next) {
>      if (strcmp(server,srv->server_name)==0 &&
>          strcmp(share,srv->share_name)==0 &&
>          strcmp(workgroup,srv->workgroup)==0 &&
>          strcmp(username, srv->username) == 0)
>        return srv;
>    }
> 
> So if this management of user/password and connection is done, another
> method must be provide to check if user/password is valid on a domain.
> 
> Thanks a lot,
> -- 
> Alain BARBET
> 
> 
> 


-- 
Richard Sharpe, rsharpe at ns.aus.com, LPIC-1
www.samba.org, www.ethereal.com, SAMS Teach Yourself Samba
in 24 Hours, Special Edition, Using Samba