REPOST: libsmbclient API for verifying username/password?
Guenther Deschner
gd at sernet.de
Fri Sep 24 08:36:06 GMT 2004
Hi David,
On Thu, Sep 23, 2004 at 03:26:30PM -0700, David Wuertele wrote:
> Posted this before, got no reply. Anyone have suggestions?
>
> When my application does the following, it gets a list of all shares
> on a server, even if my app uses the wrong username/password for
> accessing those shares:
I suppose this effect is desired (you are using
CLI_FULL_CONNECTION_ANONYMOUS_FALLBACK).
> cli_full_connection (&cli, NULL, server_name, &server_ip, 0,
> "IPC$", "IPC", username, workgroup, password,
> CLI_FULL_CONNECTION_ANNONYMOUS_FALLBACK,
> Undefined, NULL);
> mem_ctx = talloc_init ("run_rpc_command")
> cli_nt_session_open (cli, PI_LSARPC)
> cli_lsa_open_policy (cli, mem_ctx, False, SEC_RIGHTS_MAXIMUM_ALLOWED, &pol);
> cli_lsa_query_info_policy (cli, mem_ctx, &pol, info_class, &domain_name, &domain_sid);
> cli_lsa_close (cli, mem_ctx, &pol);
> cli_nt_session_close (cli);
> cli_nt_session_open(cli, PI_SRVSVC)
> init_enum_hnd (&hnd, 0);
> result = cli_srvsvc_net_share_enum (cli, mem_ctx, 1, &ctr, preferred_len, &hnd);
> for (i = 0; i < ctr.num_entries; i++) {
> rpcstr_pull_unistr2_fstring (netname, &info1->info_1_str.uni_netname);
> rpcstr_pull_unistr2_fstring (remark, &info1->info_1_str.uni_remark);
> }
>
> Is there a way with libsmbclient, and preferably with the data I've
> already initialized above, to discover whether a given username and
> password is authorized to mount any of these shares?
No, not directly.
You could possibly call cli_srvsvc_net_share_enum with info level 502. You
could then access the security descriptors of the shares and start further
investigation whether access to that share could be granted (watch out:
samba is not exposing all it's own security mechanisms, like "invalid
users = .." to the outside world via the share security descriptor).
Hope that helps a bit,
Guenther.
--
Guenther Deschner, SerNet Service Network GmbH
Phone: +49-(0)551-370000-0, Fax: +49-(0)551-370000-9
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20040924/d5e3f905/attachment.bin
More information about the samba-technical
mailing list