Bug 2388 - mapped drive irregularities
Summary: mapped drive irregularities
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: File Services (show other bugs)
Version: 3.0.11
Hardware: All Windows 2000
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
Depends on:
Reported: 2005-02-24 14:33 UTC by Doug VanLeuven
Modified: 2005-02-25 19:20 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Doug VanLeuven 2005-02-24 14:33:06 UTC
2nd login sees shares of 1st login
smbstatus shows same pid with two users

AIX 5.2 and linux RH9 2.4.20-28.9smp
Samba version 3.0.11, compiled gcc 3.3.3

"ldx" was previous login
"doug" is current login

include = /usr/local/samba3/lib/smb.services.%U
doug can see the shares listed in smb.services.ldx as well as smb.services.doug

This is cumulative.  A third login would have all the shares for the previous
two logins.

Without "valid users = %S" on [homes], the second user can access the previous
home share.

This only happens if the user maps a drive
security = ADS
winbind trusted domains only = yes

Samba version 3.0.11
PID     Username      Group         Machine                        
24494   doug          doug          ldx5         (
23985   ldx           ldx  (
23985   doug          doug (

Service      pid     machine       Connected at
ldx          23985  Thu Feb 24 13:10:52 2005
download     23985  Thu Feb 24 13:14:48 2005
ldx          23985  Thu Feb 24 13:10:52 2005
public       23985  Thu Feb 24 11:33:15 2005
games        23985  Thu Feb 24 11:33:15 2005
ldx          23985  Thu Feb 24 13:11:03 2005
IPC$         23985  Thu Feb 24 13:10:53 2005
winapps      23985  Thu Feb 24 11:33:15 2005
public       23985  Thu Feb 24 13:14:48 2005
doug         23985  Thu Feb 24 13:14:48 2005
doug         24494   ldx5          Thu Feb 24 13:14:47 2005
games        23985  Thu Feb 24 13:14:48 2005
ldx          23985  Thu Feb 24 13:10:52 2005
winapps      23985  Thu Feb 24 13:14:48 2005
doug         24494   ldx5          Thu Feb 24 13:14:49 2005
download     23985  Thu Feb 24 11:33:15 20
Comment 1 Gerald (Jerry) Carter (dead mail address) 2005-02-25 06:36:25 UTC
doug, i'm pretty sure this is the result of the Windows client 
keeping connections open across logons.  It's not a Samba bug.
Comment 2 Doug VanLeuven 2005-02-25 15:59:40 UTC
Hi Jerry, yes, I agree the machine is keeping a connection open across logons,
but it didn't happen with samba 2.
Bear with me a second.
Process 23985 has a entry in session.tdb validated to user ldx
Process 23985 gets a request for a new session for user doug
Here, I think process 23985 should
1. Check sessions.tdb for an existing session user
2. If one exists (ldx) and is different that the requested session user (doug)
  a. remove shares belonging to ldx from connections.tdb
  b. remove ldx from sessions.tdb
3. go ahead with session doug
4. setup connections for doug

Will you at least give me some pointers about where to focus in the code?
I'll take a stab at doing it myself.
Comment 3 Jeremy Allison 2005-02-25 16:11:23 UTC
No we can't do this. It would break multiple connections from multi-user client
machines. We have to believe what the client tells us, we can't arbitrarily
disconnect sessions just because another one comes along.
Comment 4 Doug VanLeuven 2005-02-25 19:20:28 UTC
What about deadtime = value 
If there are no locked files, I can kill -TERM the processes and the client(s)
(win2000) just reconnects automatically with a clean slate.

So OK.  Don't disconnect anything.
Spawn off a new process for the incoming user with a blank connection state. 
The the old process would time out after deadtime units or stay alive because
some user was using it.

I've been using samba since 1. something and this is the first time I've seen
two users own the same PID.

Since win98 this has become dogma.  I originally thought showing 2 users on 1
PID might cause someone to take a fresh look.  After all, when was the last time
you deliberately introduced a security hole just because windows does it that way?
All I'm asking for now is some help to take the look myself and see if there's a
way out before it becomes common knowlege and it becomes a wedge issue to force
purchasing all Microsoft equipment.

What do you got to lose?