libsmbclient: how to see if authentication succeeded

Willem van Engen dev-list-samba at willem.engen.nl
Wed Jun 4 15:22:17 GMT 2008 

> libsmbclient has, to date, been a intended for POSIX-like functionality.
> Since there is no login function that would be emulated, there's been no
> reason for such a function.  We have, however, recently had some requests
> for non-POSIX-like features.  I recently reorganized the libsmbclient code
> with a couple of things in mind, one of them being additional ease of adding
> non-POSIX-like functionality.
Ah, I see.

> In your case I'm not sure it's necessary, though.  libsmbclient itself does
> not issue two separate authentication attempts.  If it doesn't find an
> existing connection, it calls your registered authentication function to
> retrieve username/password data.  There is no initial call across the wire
> with invalid or "anonymous" authentication information.  If you're seeing
> multiple requests, I believe that's probably your application doing it, not
> libsmbclient.  I just confirmed the behavior I'm describing using wireshark
> and the examples/libsmbclient/testacl test.
> 
> Maybe I'm not understanding the issue correctly?
smbc_stat() behaves correctly and only requests credentials once.

Maybe I should restate my problem: I want to know if authentication
succeeded or not [1]. One could use smbc_opendir() or smbc_stat() on a
known-readable path, but I have no path that is guaranteed readable [2].

Now I have two workarounds to detect if libsmbclient authentication did
work out:
* Check the connection cache after the smbc operation. If an entry was
  added, authentication succeeded - independent of the result of the
  smbc call.
* Do the smbc operation twice. If the authentication callback isn't
  called the second time, authentication succeeded. This is what the
  previous post was about; it was a reply to a suggestion made by
  Andreas Schneider.

Either I want to use a workaround that has your blessing, or else
inquire if such functionality could be added to libsmbclient. I'd be
happy to write a patch [3].

But your statement on future additions got me looking a bit harder in
the mailing lists, and so I found the discussions for samba4. Is this
idea still in the pipeline? If so, maybe I had better use the first
workaround for now (since it's really an annoying bug that needs fixing)
and wait for samba4 to fix it properly ... but not without your consent
and knowing the current api is being (ab)used in this way.

Kind regards,
- Willem


[1] One might argue if I really need to know if login succeeded or not.
    I'm trying to fix a bug in gvfs (the new gnome virtual i/o layer),
    and that knows something like mount-ing a filesystem. On mount, for
    example, the samba filesystem may be fuse-mounted too. Also, the 
    user might want to know if a password was wrong, or if it's just
    that is has no access to the requested directory but login 
    succeeded.

[2] I happen to have a share at hand that has no permission on the the 
    share's root, but it has on subdirectories.

[3] A simple approach would be to expose the login function, or a 
    wrapper for it. Current smbc calls will remain to work unmodified,
    and anyone wanting to check the authentication result can call the
    login function before running any smbc other commands.

More information about the samba-technical mailing list