summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2001-11-09 11:16:06 +0000
committerAndrew Bartlett <abartlet@samba.org>2001-11-09 11:16:06 +0000
commit395aa946cd4fb9d5e07dd2fee418045a8064dfab (patch)
tree33514af6045d3bd11238dac5dd83a853abdbe35c
parent50093d3bbda60634b76a7ec14ab60c76a4b83a42 (diff)
downloadsamba-395aa946cd4fb9d5e07dd2fee418045a8064dfab.tar.gz
samba-395aa946cd4fb9d5e07dd2fee418045a8064dfab.tar.bz2
samba-395aa946cd4fb9d5e07dd2fee418045a8064dfab.zip
This change updates lp_guestaccount() to be a *global* paramater, rather than
per-share. I beleive that almost all the things that this could have done on a per-share basis can be done with other tools, like 'force user'. Almost all the user's of this paramater used it as a global anyway... While this is one step at a time, I hope it will allow me to considerably simplfy the make_connection() code, particularly for the user-level security case. This already removes an absolute truckload of extra attempted password lookups on the guest account. Andrew Bartlett (This used to be commit 8e708332eded210c1d1fe0cebca3c9c19f054b71)
-rw-r--r--source3/auth/auth_util.c2
-rw-r--r--source3/param/loadparm.c10
-rw-r--r--source3/rpc_server/srv_pipe.c18
-rw-r--r--source3/smbd/auth_util.c2
-rw-r--r--source3/smbd/password.c11
-rw-r--r--source3/smbd/sesssetup.c4
-rw-r--r--source3/smbd/uid.c2
7 files changed, 21 insertions, 28 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index cfdf3a6acc..d442f73a93 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -687,7 +687,7 @@ void free_server_info(auth_serversupplied_info **server_info)
BOOL make_server_info_guest(auth_serversupplied_info **server_info)
{
- struct passwd *pass = sys_getpwnam(lp_guestaccount(-1));
+ struct passwd *pass = sys_getpwnam(lp_guestaccount());
if (pass) {
if (!make_server_info_pw(server_info, pass)) {
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index cf5f31953d..f1ee1803f3 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -166,6 +166,7 @@ typedef struct
char *szAddShareCommand;
char *szChangeShareCommand;
char *szDeleteShareCommand;
+ char *szGuestaccount;
int max_log_size;
int mangled_stack;
int max_xmit;
@@ -286,7 +287,6 @@ typedef struct
char *szService;
char *szPath;
char *szUsername;
- char *szGuestaccount;
char **szInvalidUsers;
char **szValidUsers;
char **szAdminUsers;
@@ -401,7 +401,6 @@ static service sDefault = {
NULL, /* szService */
NULL, /* szPath */
NULL, /* szUsername */
- NULL, /* szGuestAccount - this is set in init_globals() */
NULL, /* szInvalidUsers */
NULL, /* szValidUsers */
NULL, /* szAdminUsers */
@@ -679,6 +678,7 @@ static struct parm_struct parm_table[] = {
{"root directory", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, 0},
{"root dir", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, 0},
{"root", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, 0},
+ {"guest account", P_STRING, P_GLOBAL, &Globals.szGuestaccount, NULL, NULL, FLAG_BASIC},
{"pam password change", P_BOOL, P_GLOBAL, &Globals.bPamPasswordChange, NULL, NULL, 0},
{"passwd program", P_STRING, P_GLOBAL, &Globals.szPasswdProgram, NULL, NULL, 0},
@@ -698,7 +698,6 @@ static struct parm_struct parm_table[] = {
{"user", P_STRING, P_LOCAL, &sDefault.szUsername, NULL, NULL, 0},
{"users", P_STRING, P_LOCAL, &sDefault.szUsername, NULL, NULL, 0},
- {"guest account", P_STRING, P_LOCAL, &sDefault.szGuestaccount, NULL, NULL, FLAG_BASIC | FLAG_SHARE | FLAG_PRINT | FLAG_GLOBAL},
{"invalid users", P_LIST, P_LOCAL, &sDefault.szInvalidUsers, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
{"valid users", P_LIST, P_LOCAL, &sDefault.szValidUsers, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
{"admin users", P_LIST, P_LOCAL, &sDefault.szAdminUsers, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
@@ -1177,7 +1176,6 @@ static void init_globals(void)
parm_table[i].ptr)
string_set(parm_table[i].ptr, "");
- string_set(&sDefault.szGuestaccount, GUEST_ACCOUNT);
string_set(&sDefault.fstype, FSTYPE_STRING);
init_printer_values();
@@ -1191,6 +1189,8 @@ static void init_globals(void)
string_set(&Globals.szSMBPasswdFile, SMB_PASSWD_FILE);
string_set(&Globals.szPrivateDir, PRIVATE_DIR);
string_set(&Globals.szPassdbModulePath, "");
+
+ string_set(&Globals.szGuestaccount, GUEST_ACCOUNT);
/*
* Allow the default PASSWD_CHAT to be overridden in local.h.
@@ -1483,6 +1483,7 @@ FN_GLOBAL_STRING(lp_panic_action, &Globals.szPanicAction)
FN_GLOBAL_STRING(lp_adduser_script, &Globals.szAddUserScript)
FN_GLOBAL_STRING(lp_deluser_script, &Globals.szDelUserScript)
+FN_GLOBAL_STRING(lp_guestaccount, &Globals.szGuestaccount)
FN_GLOBAL_STRING(lp_addgroup_script, &Globals.szAddGroupScript)
FN_GLOBAL_STRING(lp_delgroup_script, &Globals.szDelGroupScript)
FN_GLOBAL_STRING(lp_addusertogroup_script, &Globals.szAddUserToGroupScript)
@@ -1620,7 +1621,6 @@ FN_LOCAL_STRING(lp_servicename, szService)
FN_LOCAL_STRING(lp_pathname, szPath)
FN_LOCAL_STRING(lp_dontdescend, szDontdescend)
FN_LOCAL_STRING(lp_username, szUsername)
-FN_LOCAL_STRING(lp_guestaccount, szGuestaccount)
FN_LOCAL_LIST(lp_invalid_users, szInvalidUsers)
FN_LOCAL_LIST(lp_valid_users, szValidUsers)
FN_LOCAL_LIST(lp_admin_users, szAdminUsers)
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index e3969f7ea8..b9c40e719b 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -265,7 +265,6 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlm
int nt_pw_len;
int lm_pw_len;
fstring user_name;
- fstring pipe_user_name;
fstring domain;
fstring wks;
@@ -326,14 +325,7 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlm
* Allow guest access. Patch from Shirish Kalele <kalele@veritas.com>.
*/
- if((strlen(user_name) == 0) &&
- (ntlmssp_resp->hdr_nt_resp.str_str_len==0))
- {
-
- fstrcpy(pipe_user_name, lp_guestaccount(-1));
- DEBUG(100,("Null user in NTLMSSP verification. Using guest = %s\n", pipe_user_name));
-
- } else {
+ if (*user_name) {
/*
* Do the length checking only if user is not NULL.
@@ -367,8 +359,8 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlm
p->ntlmssp_auth_validated = NT_STATUS_IS_OK(nt_status);
if (!p->ntlmssp_auth_validated) {
- DEBUG(1,("api_pipe_ntlmssp_verify: User %s\\%s from machine %s \
-failed authentication on named pipe %s.\n", domain, pipe_user_name, wks, p->name ));
+ DEBUG(1,("api_pipe_ntlmssp_verify: User [%s]\\[%s] from machine %s \
+failed authentication on named pipe %s.\n", domain, user_name, wks, p->name ));
free_server_info(&server_info);
return False;
}
@@ -413,7 +405,7 @@ failed authentication on named pipe %s.\n", domain, pipe_user_name, wks, p->name
}
fstrcpy(p->user_name, user_name);
- fstrcpy(p->pipe_user_name, pipe_user_name);
+ fstrcpy(p->pipe_user_name, pdb_get_username(server_info->sam_account));
fstrcpy(p->domain, domain);
fstrcpy(p->wks, wks);
@@ -434,7 +426,7 @@ failed authentication on named pipe %s.\n", domain, pipe_user_name, wks, p->name
p->pipe_user.gid = *pgid;
/* Set up pipe user group membership. */
- initialise_groups(pipe_user_name, p->pipe_user.uid, p->pipe_user.gid);
+ initialise_groups(p->pipe_user_name, p->pipe_user.uid, p->pipe_user.gid);
get_current_groups( &p->pipe_user.ngroups, &p->pipe_user.groups);
if (server_info->ptok)
diff --git a/source3/smbd/auth_util.c b/source3/smbd/auth_util.c
index cfdf3a6acc..d442f73a93 100644
--- a/source3/smbd/auth_util.c
+++ b/source3/smbd/auth_util.c
@@ -687,7 +687,7 @@ void free_server_info(auth_serversupplied_info **server_info)
BOOL make_server_info_guest(auth_serversupplied_info **server_info)
{
- struct passwd *pass = sys_getpwnam(lp_guestaccount(-1));
+ struct passwd *pass = sys_getpwnam(lp_guestaccount());
if (pass) {
if (!make_server_info_pw(server_info, pass)) {
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index cbd4d14681..b2687980ac 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -474,11 +474,12 @@ BOOL authorise_login(int snum,char *user, DATA_BLOB password,
return False;
}
- if (!vuser->guest && user_ok(vuser->user.unix_name,snum)) {
+ if ((!vuser->guest && user_ok(vuser->user.unix_name,snum)) ||
+ (vuser->guest && GUEST_OK(snum))) {
fstrcpy(user,vuser->user.unix_name);
- *guest = False;
- DEBUG(3,("authorise_login: ACCEPTED: validated uid ok as non-guest \
-(user=%s)\n", user));
+ *guest = vuser->guest;
+ DEBUG(3,("authorise_login: ACCEPTED: validated based on vuid as %sguest \
+(user=%s)\n", vuser->guest ? "" : "non-", user));
return True;
}
}
@@ -577,7 +578,7 @@ and given password ok (%s)\n", user));
/* check for a normal guest connection */
if (!ok && GUEST_OK(snum)) {
fstring guestname;
- StrnCpy(guestname,lp_guestaccount(snum),sizeof(guestname)-1);
+ StrnCpy(guestname,lp_guestaccount(),sizeof(guestname)-1);
if (Get_Pwnam(guestname)) {
fstrcpy(user,guestname);
ok = True;
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 23d99d7352..e2edd5703e 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -383,7 +383,7 @@ static int reply_spnego_anonymous(connection_struct *conn, char *inbuf, char *ou
nt_status = check_password(user_info, &server_info);
- sess_vuid = register_vuid(server_info, lp_guestaccount(-1));
+ sess_vuid = register_vuid(server_info, lp_guestaccount());
free_server_info(&server_info);
if (sess_vuid == -1) {
@@ -644,7 +644,7 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,
if (*user) {
pstrcpy(sub_user, user);
} else {
- pstrcpy(sub_user, lp_guestaccount(-1));
+ pstrcpy(sub_user, lp_guestaccount());
}
pstrcpy(current_user_info.smb_name,sub_user);
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index e40b4707fc..4329e3fb76 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -36,7 +36,7 @@ BOOL change_to_guest(void)
static fstring guest_name;
if (!pass) {
- pass = Get_Pwnam(lp_guestaccount(-1));
+ pass = sys_getpwnam(lp_guestaccount());
if (!pass)
return(False);
guest_uid = pass->pw_uid;