reliable macro expansion
Andy Bakun
abakun at thwartedefforts.org
Thu Feb 21 22:03:05 GMT 2002
Andrew Bartlett wrote:
>>If %U and %G expansions can not be reliable, can that at least be
>>documented? The %U and %G macro expansions are useless unless you can
>>predict their values through the entire logon session of a user, and you
>>can't if NT is going to be browsing anonymously and samba rereads it's
>>config files at every new (even virtual/multiplexed) connection.
>>
>Now I see the problem!
>
>Becouse the config file is global, if things like %U and %G are used in
>'include = ' and the like you can get some really weird suff between
>users. Slow solution: reload_services() on every change in vuid. Fast
>solution: ????
>
Wait a minute.. isn't that is what is currently happening? Doesn't the
vuid change to the anonymous user (or whatever you have guest set to in
smb.conf) when browsing anonymously? And doesn't it reload the services
list (by rereading the config files) then? That's what's making the
shares disappear. Wouldn't it be a better solution to have macros, like
the username, and the group names, expand like this from:
include = smb-conf.%U
to:
include = smb-conf.abakun
include = smb-conf.guest
include = smb-conf.anotheruser
(that is, expand the entire parameter, not just its value) if three
virtual connections had been made over the same connection as three
different users (stored in multiple vuser structures in the connection
struct somehow, right?). Normally, you'd only have the machine account,
the logged in user and the anonymous/guest user, and in practice you'd
only end up including one file. But since a connection has been authed
as the user when the client connections anonymously, the authed user
file will be included also.
I suspose another option would be to have reload_services add to the
list of services, rather than outright replace the current list. This
has the added problem of the "profile updated after logoff" by the
client, where new users logging in might be authed over the same
connection as the one used to update the previous user's profile, and
then new users would be able to see old user's share.
Or I could be completely off my rocker.
Andy.
More information about the samba-technical
mailing list