What's up with LEELOO_DALLAS?

[d4l-w4r]

Hey thanks for releasing this, it seems really useful and I love the style! :D

Just one thing: Could you help me understand the purpose of the constant LEELOO_DALLAS in authsrv.py?

I just stumbled across it when I scanned the project for my security due diligence, before deciding whether to expose it to the internet...and especially line 574 troubled me a bit, because it seems like it circumvents an authorization check when the username is "leeloo_dallas".

After further looking at it, it doesn't seem malicious to me, but rather some kind of "system account" functionality that's needed for actions that aren't directly triggered by a user.
Could you elaborate on its purpose? It would give me greater confidence running this if I completely understood what it's used for.

[9001]

thanks for the suspicion 😁

your hunch was right, "system account" is a good way to describe it -- it is used internally (and only possible to use internally) to skip permission-checks for certain system-initiated tasks, and also by the SMB-server (which is strongly discouraged in general).

since the account does not actually exist in the account system, it is impossible to use it from the outside, unless you are using IdP authentication -- I'll double-check that when I'm at a PC.

either way, i'll add a comment which explains this, listing the specific things it is used for too :>