reliable macro expansion

Andy Bakun abakun at thwartedefforts.org
Thu Feb 21 22:03:05 GMT 2002 

Andrew Bartlett wrote:

>>If %U and %G expansions can not be reliable, can that at least be
>>documented?  The %U and %G macro expansions are useless unless you can
>>predict their values through the entire logon session of a user, and you
>>can't if NT is going to be browsing anonymously and samba rereads it's
>>config files at every new (even virtual/multiplexed) connection.
>>
>Now I see the problem!
>
>Becouse the config file is global, if things like %U and %G are used in
>'include = ' and the like you can get some really weird suff between
>users.  Slow solution:  reload_services() on every change in vuid.  Fast
>solution: ????
>
Wait a minute.. isn't that is what is currently happening?   Doesn't the 
vuid change to the anonymous user (or whatever you have guest set to in 
smb.conf) when browsing anonymously?  And doesn't it reload the services 
list (by rereading the config files) then?  That's what's making the 
shares disappear.  Wouldn't it be a better solution to have macros, like 
the username, and the group names, expand like this from:

include = smb-conf.%U

to:

include = smb-conf.abakun
include = smb-conf.guest
include = smb-conf.anotheruser

(that is, expand the entire parameter, not just its value) if three 
virtual connections had been made over the same connection as three 
different users (stored in multiple vuser structures in the connection 
struct somehow, right?).  Normally, you'd only have the machine account, 
the logged in user and the anonymous/guest user, and in practice you'd 
only end up including one file.  But since a connection has been authed 
as the user when the client connections anonymously, the authed user 
file will be included also.

I suspose another option would be to have reload_services add to the 
list of services, rather than outright replace the current list.  This 
has the added problem of the "profile updated after logoff" by the 
client, where new users logging in might be authed over the same 
connection as the one used to update the previous user's profile, and 
then new users would be able to see old user's share.

Or I could be completely off my rocker.

Andy.

More information about the samba-technical mailing list