libsmbclient: how to see if authentication succeeded

Derrell Lipman derrell.lipman at unwireduniverse.com
Wed Jun 4 14:01:38 GMT 2008


 On Wed, Jun 4, 2008 at 9:01 AM, Willem van Engen <
dev-list-samba at willem.engen.nl> wrote:

> On Wed, 2008-05-29 at 09:05:38 GMT, Willem van Engen wrote:
> > On Tue, 2008-05-27 at 11:26 +0200, Andreas Schneider wrote:
> > > I suggest to use smbc_opendir() to check if you can access the share.
> If
> > > you're not authenticated or the username/password are wrong the auth_fn
> will
> > > be called.
> >
> > Ok, that's clear. I'll have to dive into the code again to see how it
> > exactly interacts with libsmbclient again.
> > Thanks, I just may get there in a proper way using the current api.
>
> Indeed I can check if authentication succeeded in the way you indicated.
> Some abbreviated code to clarify:
>
>        void auth_fn() {
>          auth_called = TRUE;
>          fill_in_credentials();
>        }
>
>        boolean my_smb_login() {
>          res = smbc_stat();
>          // if share's root is readable, we have access
>          if (res==0) return TRUE;
>
>          // if share's root isn't readable, we need to try again
>          auth_called = FALSE;
>          res = smbc_stat();
>          if (res==0) assert(0);
>          if (!auth_called) return TRUE;
>
>          return FALSE;
>        }
>
> There is one downside though: if the password is wrong, smbc_stat() will
> try to login twice and use two password attempts. The user will find out
> that his account is locked out sooner than expected.
>
> That brings me back to the initial question (same thread May 2008).
> I could use the connection cache to check if authentication succeeded
> (see thread), but only with your (the samba people) approval as
> supported use. Either that, or libsmbclient's login function could be
> exposed.
>
> So, what is the best direction? I hope you can help me here.
>


libsmbclient has, to date, been a intended for POSIX-like functionality.
Since there is no login function that would be emulated, there's been no
reason for such a function.  We have, however, recently had some requests
for non-POSIX-like features.  I recently reorganized the libsmbclient code
with a couple of things in mind, one of them being additional ease of adding
non-POSIX-like functionality.

In your case I'm not sure it's necessary, though.  libsmbclient itself does
not issue two separate authentication attempts.  If it doesn't find an
existing connection, it calls your registered authentication function to
retrieve username/password data.  There is no initial call across the wire
with invalid or "anonymous" authentication information.  If you're seeing
multiple requests, I believe that's probably your application doing it, not
libsmbclient.  I just confirmed the behavior I'm describing using wireshark
and the examples/libsmbclient/testacl test.

Maybe I'm not understanding the issue correctly?

Cheers,

Derrell
libsmbclient maintainer


More information about the samba-technical mailing list