Web lists-archives.com

Re: [Samba] Run smbd in AD user context




2018-03-09 20:39 GMT+01:00 Jeremy Allison <jra@xxxxxxxxx>:

> On Fri, Mar 09, 2018 at 12:07:54PM +0100, Davor Vusir via samba wrote:
> > Hi all!
> >
> > Is it possible to run smbd in an AD user's context?
> > If not, is it possible to have smbd to tell a third-party function to not
> > stray outside from logged on user's (AD user) context (home directory)?
> >
> > I'm programming a VFS module[1] which will be the bridge between Windows
> > and iRODS[2]. iRODS depends on a configuration file,
> > .irods/irods_environment.json, which resides in the user's home
> directory.
> > The file is read and evaluated and the result is fed to a function that
> > does the connection to yhe iRODS servers.
> > Once I have succeded to read my environment file but not managed to get
> > pass the connection phase.
> >
> > If I run gdb in the context of a local user (the same that is created
> > during installation of Ubuntu) the VFS module stops and complains at
> > permission error (see below).
> > If I run gdb in root context the VFS module stops and complains at
> > permission error (exchange below error with '/root/.irods').
> > If I start smbd from /etc/init.d/smbd it stops because there is no
> > environment file in '/var/lib/irods/.irods'.
>
> smbd_become_authenticated_pipe_user() doesn't change your $HOME
> environment variable.
>
> You need to do more work to correctly become the user you want
> to access irods from.
>

Off list I got a tip on using become_user(). A soon as I get a grip on how
to extract the calling user's vuid I give it a try I have of course tried
other functions; become_user_permanently( ), become_user_by_session( ) and
become_authenticated_pipe_user( ). None of these have given the right
$HOME.Or I simply don't know how to interpret the outcome or to proceed
from there.

Regards
Davor Vusir
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba