diff options
author | Andrew Bartlett <abartlet@samba.org> | 2001-11-09 11:16:06 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2001-11-09 11:16:06 +0000 |
commit | 395aa946cd4fb9d5e07dd2fee418045a8064dfab (patch) | |
tree | 33514af6045d3bd11238dac5dd83a853abdbe35c | |
parent | 50093d3bbda60634b76a7ec14ab60c76a4b83a42 (diff) | |
download | samba-395aa946cd4fb9d5e07dd2fee418045a8064dfab.tar.gz samba-395aa946cd4fb9d5e07dd2fee418045a8064dfab.tar.bz2 samba-395aa946cd4fb9d5e07dd2fee418045a8064dfab.zip |
This change updates lp_guestaccount() to be a *global* paramater, rather than
per-share. I beleive that almost all the things that this could have done on
a per-share basis can be done with other tools, like 'force user'.
Almost all the user's of this paramater used it as a global anyway...
While this is one step at a time, I hope it will allow me to considerably
simplfy the make_connection() code, particularly for the user-level security
case.
This already removes an absolute truckload of extra attempted password lookups
on the guest account.
Andrew Bartlett
(This used to be commit 8e708332eded210c1d1fe0cebca3c9c19f054b71)
-rw-r--r-- | source3/auth/auth_util.c | 2 | ||||
-rw-r--r-- | source3/param/loadparm.c | 10 | ||||
-rw-r--r-- | source3/rpc_server/srv_pipe.c | 18 | ||||
-rw-r--r-- | source3/smbd/auth_util.c | 2 | ||||
-rw-r--r-- | source3/smbd/password.c | 11 | ||||
-rw-r--r-- | source3/smbd/sesssetup.c | 4 | ||||
-rw-r--r-- | source3/smbd/uid.c | 2 |
7 files changed, 21 insertions, 28 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index cfdf3a6acc..d442f73a93 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -687,7 +687,7 @@ void free_server_info(auth_serversupplied_info **server_info) BOOL make_server_info_guest(auth_serversupplied_info **server_info) { - struct passwd *pass = sys_getpwnam(lp_guestaccount(-1)); + struct passwd *pass = sys_getpwnam(lp_guestaccount()); if (pass) { if (!make_server_info_pw(server_info, pass)) { diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index cf5f31953d..f1ee1803f3 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -166,6 +166,7 @@ typedef struct char *szAddShareCommand; char *szChangeShareCommand; char *szDeleteShareCommand; + char *szGuestaccount; int max_log_size; int mangled_stack; int max_xmit; @@ -286,7 +287,6 @@ typedef struct char *szService; char *szPath; char *szUsername; - char *szGuestaccount; char **szInvalidUsers; char **szValidUsers; char **szAdminUsers; @@ -401,7 +401,6 @@ static service sDefault = { NULL, /* szService */ NULL, /* szPath */ NULL, /* szUsername */ - NULL, /* szGuestAccount - this is set in init_globals() */ NULL, /* szInvalidUsers */ NULL, /* szValidUsers */ NULL, /* szAdminUsers */ @@ -679,6 +678,7 @@ static struct parm_struct parm_table[] = { {"root directory", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, 0}, {"root dir", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, 0}, {"root", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, 0}, + {"guest account", P_STRING, P_GLOBAL, &Globals.szGuestaccount, NULL, NULL, FLAG_BASIC}, {"pam password change", P_BOOL, P_GLOBAL, &Globals.bPamPasswordChange, NULL, NULL, 0}, {"passwd program", P_STRING, P_GLOBAL, &Globals.szPasswdProgram, NULL, NULL, 0}, @@ -698,7 +698,6 @@ static struct parm_struct parm_table[] = { {"user", P_STRING, P_LOCAL, &sDefault.szUsername, NULL, NULL, 0}, {"users", P_STRING, P_LOCAL, &sDefault.szUsername, NULL, NULL, 0}, - {"guest account", P_STRING, P_LOCAL, &sDefault.szGuestaccount, NULL, NULL, FLAG_BASIC | FLAG_SHARE | FLAG_PRINT | FLAG_GLOBAL}, {"invalid users", P_LIST, P_LOCAL, &sDefault.szInvalidUsers, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE}, {"valid users", P_LIST, P_LOCAL, &sDefault.szValidUsers, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE}, {"admin users", P_LIST, P_LOCAL, &sDefault.szAdminUsers, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE}, @@ -1177,7 +1176,6 @@ static void init_globals(void) parm_table[i].ptr) string_set(parm_table[i].ptr, ""); - string_set(&sDefault.szGuestaccount, GUEST_ACCOUNT); string_set(&sDefault.fstype, FSTYPE_STRING); init_printer_values(); @@ -1191,6 +1189,8 @@ static void init_globals(void) string_set(&Globals.szSMBPasswdFile, SMB_PASSWD_FILE); string_set(&Globals.szPrivateDir, PRIVATE_DIR); string_set(&Globals.szPassdbModulePath, ""); + + string_set(&Globals.szGuestaccount, GUEST_ACCOUNT); /* * Allow the default PASSWD_CHAT to be overridden in local.h. @@ -1483,6 +1483,7 @@ FN_GLOBAL_STRING(lp_panic_action, &Globals.szPanicAction) FN_GLOBAL_STRING(lp_adduser_script, &Globals.szAddUserScript) FN_GLOBAL_STRING(lp_deluser_script, &Globals.szDelUserScript) +FN_GLOBAL_STRING(lp_guestaccount, &Globals.szGuestaccount) FN_GLOBAL_STRING(lp_addgroup_script, &Globals.szAddGroupScript) FN_GLOBAL_STRING(lp_delgroup_script, &Globals.szDelGroupScript) FN_GLOBAL_STRING(lp_addusertogroup_script, &Globals.szAddUserToGroupScript) @@ -1620,7 +1621,6 @@ FN_LOCAL_STRING(lp_servicename, szService) FN_LOCAL_STRING(lp_pathname, szPath) FN_LOCAL_STRING(lp_dontdescend, szDontdescend) FN_LOCAL_STRING(lp_username, szUsername) -FN_LOCAL_STRING(lp_guestaccount, szGuestaccount) FN_LOCAL_LIST(lp_invalid_users, szInvalidUsers) FN_LOCAL_LIST(lp_valid_users, szValidUsers) FN_LOCAL_LIST(lp_admin_users, szAdminUsers) diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index e3969f7ea8..b9c40e719b 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -265,7 +265,6 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlm int nt_pw_len; int lm_pw_len; fstring user_name; - fstring pipe_user_name; fstring domain; fstring wks; @@ -326,14 +325,7 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlm * Allow guest access. Patch from Shirish Kalele <kalele@veritas.com>. */ - if((strlen(user_name) == 0) && - (ntlmssp_resp->hdr_nt_resp.str_str_len==0)) - { - - fstrcpy(pipe_user_name, lp_guestaccount(-1)); - DEBUG(100,("Null user in NTLMSSP verification. Using guest = %s\n", pipe_user_name)); - - } else { + if (*user_name) { /* * Do the length checking only if user is not NULL. @@ -367,8 +359,8 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlm p->ntlmssp_auth_validated = NT_STATUS_IS_OK(nt_status); if (!p->ntlmssp_auth_validated) { - DEBUG(1,("api_pipe_ntlmssp_verify: User %s\\%s from machine %s \ -failed authentication on named pipe %s.\n", domain, pipe_user_name, wks, p->name )); + DEBUG(1,("api_pipe_ntlmssp_verify: User [%s]\\[%s] from machine %s \ +failed authentication on named pipe %s.\n", domain, user_name, wks, p->name )); free_server_info(&server_info); return False; } @@ -413,7 +405,7 @@ failed authentication on named pipe %s.\n", domain, pipe_user_name, wks, p->name } fstrcpy(p->user_name, user_name); - fstrcpy(p->pipe_user_name, pipe_user_name); + fstrcpy(p->pipe_user_name, pdb_get_username(server_info->sam_account)); fstrcpy(p->domain, domain); fstrcpy(p->wks, wks); @@ -434,7 +426,7 @@ failed authentication on named pipe %s.\n", domain, pipe_user_name, wks, p->name p->pipe_user.gid = *pgid; /* Set up pipe user group membership. */ - initialise_groups(pipe_user_name, p->pipe_user.uid, p->pipe_user.gid); + initialise_groups(p->pipe_user_name, p->pipe_user.uid, p->pipe_user.gid); get_current_groups( &p->pipe_user.ngroups, &p->pipe_user.groups); if (server_info->ptok) diff --git a/source3/smbd/auth_util.c b/source3/smbd/auth_util.c index cfdf3a6acc..d442f73a93 100644 --- a/source3/smbd/auth_util.c +++ b/source3/smbd/auth_util.c @@ -687,7 +687,7 @@ void free_server_info(auth_serversupplied_info **server_info) BOOL make_server_info_guest(auth_serversupplied_info **server_info) { - struct passwd *pass = sys_getpwnam(lp_guestaccount(-1)); + struct passwd *pass = sys_getpwnam(lp_guestaccount()); if (pass) { if (!make_server_info_pw(server_info, pass)) { diff --git a/source3/smbd/password.c b/source3/smbd/password.c index cbd4d14681..b2687980ac 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -474,11 +474,12 @@ BOOL authorise_login(int snum,char *user, DATA_BLOB password, return False; } - if (!vuser->guest && user_ok(vuser->user.unix_name,snum)) { + if ((!vuser->guest && user_ok(vuser->user.unix_name,snum)) || + (vuser->guest && GUEST_OK(snum))) { fstrcpy(user,vuser->user.unix_name); - *guest = False; - DEBUG(3,("authorise_login: ACCEPTED: validated uid ok as non-guest \ -(user=%s)\n", user)); + *guest = vuser->guest; + DEBUG(3,("authorise_login: ACCEPTED: validated based on vuid as %sguest \ +(user=%s)\n", vuser->guest ? "" : "non-", user)); return True; } } @@ -577,7 +578,7 @@ and given password ok (%s)\n", user)); /* check for a normal guest connection */ if (!ok && GUEST_OK(snum)) { fstring guestname; - StrnCpy(guestname,lp_guestaccount(snum),sizeof(guestname)-1); + StrnCpy(guestname,lp_guestaccount(),sizeof(guestname)-1); if (Get_Pwnam(guestname)) { fstrcpy(user,guestname); ok = True; diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 23d99d7352..e2edd5703e 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -383,7 +383,7 @@ static int reply_spnego_anonymous(connection_struct *conn, char *inbuf, char *ou nt_status = check_password(user_info, &server_info); - sess_vuid = register_vuid(server_info, lp_guestaccount(-1)); + sess_vuid = register_vuid(server_info, lp_guestaccount()); free_server_info(&server_info); if (sess_vuid == -1) { @@ -644,7 +644,7 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf, if (*user) { pstrcpy(sub_user, user); } else { - pstrcpy(sub_user, lp_guestaccount(-1)); + pstrcpy(sub_user, lp_guestaccount()); } pstrcpy(current_user_info.smb_name,sub_user); diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c index e40b4707fc..4329e3fb76 100644 --- a/source3/smbd/uid.c +++ b/source3/smbd/uid.c @@ -36,7 +36,7 @@ BOOL change_to_guest(void) static fstring guest_name; if (!pass) { - pass = Get_Pwnam(lp_guestaccount(-1)); + pass = sys_getpwnam(lp_guestaccount()); if (!pass) return(False); guest_uid = pass->pw_uid; |