diff options
author | Andrew Bartlett <abartlet@samba.org> | 2011-10-18 08:41:46 +1100 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2011-10-18 13:13:30 +1100 |
commit | 734e5c521cb06a91e708226e0eb6d003175958c2 (patch) | |
tree | ed4441c4f533511d3af524d3ff80e39e64075b17 | |
parent | f8c6219188fa4ce39a35a8f192c649a6aa9c7ec1 (diff) | |
download | samba-734e5c521cb06a91e708226e0eb6d003175958c2.tar.gz samba-734e5c521cb06a91e708226e0eb6d003175958c2.tar.bz2 samba-734e5c521cb06a91e708226e0eb6d003175958c2.zip |
credentials: Prioritise command-line specified options above defaults from smb.conf
If a user specified -W or --realm on the command line, then this is
of level SPECIFIED, not UNINITIALISED, despite it going via the
loadparm system.
This helps us to ensure that -W server -Ulocaluser is parsed the
same as -Userver\localuser. This matters as otherwise we might
instead attempt to use kerberos to the realm from the smb.conf.
Andrew Bartlett
-rw-r--r-- | auth/credentials/credentials.c | 18 | ||||
-rw-r--r-- | lib/param/loadparm.c | 21 | ||||
-rw-r--r-- | lib/param/param.h | 1 |
3 files changed, 37 insertions, 3 deletions
diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c index ee60220ec7..3eaccde25e 100644 --- a/auth/credentials/credentials.c +++ b/auth/credentials/credentials.c @@ -681,9 +681,21 @@ _PUBLIC_ void cli_credentials_set_conf(struct cli_credentials *cred, struct loadparm_context *lp_ctx) { cli_credentials_set_username(cred, "", CRED_UNINITIALISED); - cli_credentials_set_domain(cred, lpcfg_workgroup(lp_ctx), CRED_UNINITIALISED); - cli_credentials_set_workstation(cred, lpcfg_netbios_name(lp_ctx), CRED_UNINITIALISED); - cli_credentials_set_realm(cred, lpcfg_realm(lp_ctx), CRED_UNINITIALISED); + if (lpcfg_parm_is_cmdline(lp_ctx, "workgroup")) { + cli_credentials_set_domain(cred, lpcfg_workgroup(lp_ctx), CRED_SPECIFIED); + } else { + cli_credentials_set_domain(cred, lpcfg_workgroup(lp_ctx), CRED_UNINITIALISED); + } + if (lpcfg_parm_is_cmdline(lp_ctx, "netbios name")) { + cli_credentials_set_workstation(cred, lpcfg_netbios_name(lp_ctx), CRED_SPECIFIED); + } else { + cli_credentials_set_workstation(cred, lpcfg_netbios_name(lp_ctx), CRED_UNINITIALISED); + } + if (lpcfg_parm_is_cmdline(lp_ctx, "realm")) { + cli_credentials_set_realm(cred, lpcfg_realm(lp_ctx), CRED_SPECIFIED); + } else { + cli_credentials_set_realm(cred, lpcfg_realm(lp_ctx), CRED_UNINITIALISED); + } } /** diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c index c130a198df..e2dde453f8 100644 --- a/lib/param/loadparm.c +++ b/lib/param/loadparm.c @@ -2087,6 +2087,27 @@ void *lpcfg_parm_ptr(struct loadparm_context *lp_ctx, } /** + return the parameter pointer for a parameter +*/ +bool lpcfg_parm_is_cmdline(struct loadparm_context *lp_ctx, const char *name) +{ + int parmnum; + + if (lp_ctx->s3_fns) { + struct parm_struct *parm = lp_ctx->s3_fns->get_parm_struct(name); + if (parm) { + return parm->flags & FLAG_CMDLINE; + } + return false; + } + + parmnum = map_parameter(name); + if (parmnum == -1) return false; + + return lp_ctx->flags[parmnum] & FLAG_CMDLINE; +} + +/** * Find a service by name. Otherwise works like get_service. */ diff --git a/lib/param/param.h b/lib/param/param.h index c54f9cbab6..f6823859d8 100644 --- a/lib/param/param.h +++ b/lib/param/param.h @@ -111,6 +111,7 @@ bool lpcfg_add_printer(struct loadparm_context *lp_ctx, struct parm_struct *lpcfg_parm_struct(struct loadparm_context *lp_ctx, const char *name); void *lpcfg_parm_ptr(struct loadparm_context *lp_ctx, struct loadparm_service *service, struct parm_struct *parm); +bool lpcfg_parm_is_cmdline(struct loadparm_context *lp_ctx, const char *name); bool lpcfg_file_list_changed(struct loadparm_context *lp_ctx); bool lpcfg_do_global_parameter(struct loadparm_context *lp_ctx, |