REPOST: libsmbclient API for verifying username/password?

Guenther Deschner gd at sernet.de
Fri Sep 24 08:36:06 GMT 2004 

Hi David,

On Thu, Sep 23, 2004 at 03:26:30PM -0700, David Wuertele wrote:
> Posted this before, got no reply.  Anyone have suggestions?
> 
> When my application does the following, it gets a list of all shares
> on a server, even if my app uses the wrong username/password for
> accessing those shares:

I suppose this effect is desired (you are using
CLI_FULL_CONNECTION_ANONYMOUS_FALLBACK).

>   cli_full_connection (&cli, NULL, server_name, &server_ip, 0, 
>                        "IPC$", "IPC", username, workgroup, password, 
>                         CLI_FULL_CONNECTION_ANNONYMOUS_FALLBACK,
>                         Undefined, NULL);
>   mem_ctx = talloc_init ("run_rpc_command")
>   cli_nt_session_open (cli, PI_LSARPC)
>   cli_lsa_open_policy (cli, mem_ctx, False, SEC_RIGHTS_MAXIMUM_ALLOWED, &pol);
>   cli_lsa_query_info_policy (cli, mem_ctx, &pol, info_class, &domain_name, &domain_sid);
>   cli_lsa_close (cli, mem_ctx, &pol);
>   cli_nt_session_close (cli);
>   cli_nt_session_open(cli, PI_SRVSVC)
>   init_enum_hnd (&hnd, 0);
>   result = cli_srvsvc_net_share_enum (cli, mem_ctx, 1, &ctr, preferred_len, &hnd);
>   for (i = 0; i < ctr.num_entries; i++) {
>         rpcstr_pull_unistr2_fstring (netname, &info1->info_1_str.uni_netname);
>         rpcstr_pull_unistr2_fstring (remark, &info1->info_1_str.uni_remark);
>   }
> 
> Is there a way with libsmbclient, and preferably with the data I've
> already initialized above, to discover whether a given username and
> password is authorized to mount any of these shares?

No, not directly.

You could possibly call cli_srvsvc_net_share_enum with info level 502. You
could then access the security descriptors of the shares and start further
investigation whether access to that share could be granted (watch out:
samba is not exposing all it's own security mechanisms, like "invalid
users = .." to the outside world via the share security descriptor).


Hope that helps a bit,
Guenther.

-- 
Guenther Deschner,  SerNet Service Network GmbH
Phone: +49-(0)551-370000-0,  Fax: +49-(0)551-370000-9
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20040924/d5e3f905/attachment.bin

More information about the samba-technical mailing list