diff options
author | Andrew Bartlett <abartlet@samba.org> | 2001-09-15 12:55:59 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2001-09-15 12:55:59 +0000 |
commit | 7892c494e7321c64b20bf7e1d794a6b6508fe84a (patch) | |
tree | abde252c0198e7fd43f6da119230208263f82c1c | |
parent | cde3f0fae15c977b8af28e3e2b327f4576c14e69 (diff) | |
download | samba-7892c494e7321c64b20bf7e1d794a6b6508fe84a.tar.gz samba-7892c494e7321c64b20bf7e1d794a6b6508fe84a.tar.bz2 samba-7892c494e7321c64b20bf7e1d794a6b6508fe84a.zip |
Kill off the //server/share%user hack in share level security.
This should help make much of this code simpiler.
Andrew Bartlett
(This used to be commit fb0c3629c360fd0c57129500474960e6da6f9ef0)
-rw-r--r-- | source3/rpc_server/srv_srvsvc_nt.c | 18 | ||||
-rw-r--r-- | source3/smbd/password.c | 8 | ||||
-rw-r--r-- | source3/smbd/reply.c | 73 | ||||
-rw-r--r-- | source3/smbd/service.c | 33 |
4 files changed, 27 insertions, 105 deletions
diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c index 0db06754f4..9f156a3d95 100644 --- a/source3/rpc_server/srv_srvsvc_nt.c +++ b/source3/rpc_server/srv_srvsvc_nt.c @@ -1598,7 +1598,7 @@ NTSTATUS _srv_net_file_query_secdesc(pipes_struct *p, SRV_Q_NET_FILE_QUERY_SECDE BOOL bad_path; int access_mode; int action; - NTSTATUS ecode; + NTSTATUS nt_status; struct current_user user; fstring user_name; connection_struct *conn = NULL; @@ -1612,14 +1612,11 @@ NTSTATUS _srv_net_file_query_secdesc(pipes_struct *p, SRV_Q_NET_FILE_QUERY_SECDE /* Null password is ok - we are already an authenticated user... */ *null_pw = '\0'; - get_current_user(&user, p); - fstrcpy(user_name, uidtoname(user.uid)); - - conn = make_connection(qualname, user_name, null_pw, 0, "A:", user.vuid, &ecode); + conn = make_connection(qualname, null_pw, 0, "A:", user.vuid, &nt_status); if (conn == NULL) { DEBUG(3,("_srv_net_file_query_secdesc: Unable to connect to %s\n", qualname)); - r_u->status = ecode; + r_u->status = nt_status; goto error_exit; } @@ -1690,7 +1687,7 @@ NTSTATUS _srv_net_file_set_secdesc(pipes_struct *p, SRV_Q_NET_FILE_SET_SECDESC * BOOL bad_path; int access_mode; int action; - NTSTATUS ecode; + NTSTATUS nt_status; struct current_user user; fstring user_name; connection_struct *conn = NULL; @@ -1705,14 +1702,11 @@ NTSTATUS _srv_net_file_set_secdesc(pipes_struct *p, SRV_Q_NET_FILE_SET_SECDESC * /* Null password is ok - we are already an authenticated user... */ *null_pw = '\0'; - get_current_user(&user, p); - fstrcpy(user_name, uidtoname(user.uid)); - - conn = make_connection(qualname, user_name, null_pw, 0, "A:", user.vuid, &ecode); + conn = make_connection(qualname, null_pw, 0, "A:", user.vuid, &nt_status); if (conn == NULL) { DEBUG(3,("_srv_net_file_set_secdesc: Unable to connect to %s\n", qualname)); - r_u->status = ecode; + r_u->status = nt_status; goto error_exit; } diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 8e85ef3389..13a54cb704 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -470,14 +470,6 @@ BOOL authorise_login(int snum,char *user,char *password, int pwlen, */ if (!(GUEST_ONLY(snum) && GUEST_OK(snum))) { - /* check the given username and password */ - if (!ok && (*user) && user_ok(user,snum)) { - ok = password_ok(user,password, pwlen); - if (ok) - DEBUG(3,("authorise_login: ACCEPTED: given username (%s) password ok\n", - user )); - } - /* check for a previously registered guest username */ if (!ok && (vuser != 0) && vuser->guest) { if (user_ok(vuser->user.unix_name,snum) && diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 04dcf1c0a8..0b8f160854 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -163,7 +163,6 @@ int reply_tcon(connection_struct *conn, char *inbuf,char *outbuf, int dum_size, int dum_buffsize) { pstring service; - pstring user; pstring password; pstring dev; int outsize = 0; @@ -174,47 +173,19 @@ int reply_tcon(connection_struct *conn, START_PROFILE(SMBtcon); - *service = *user = *password = *dev = 0; + *service = *password = *dev = 0; p = smb_buf(inbuf)+1; p += srvstr_pull(inbuf, service, p, sizeof(service), -1, STR_TERMINATE) + 1; p += srvstr_pull(inbuf, password, p, sizeof(password), -1, STR_TERMINATE) + 1; p += srvstr_pull(inbuf, dev, p, sizeof(dev), -1, STR_TERMINATE) + 1; - *user = 0; - p = strchr_m(service,'%'); - if (p != NULL) { - *p = 0; - fstrcpy(user,p+1); - } - p = strrchr_m(service,'\\'); if (p) { pstrcpy(service, p+1); } - /* - * If the vuid is valid, we should be using that.... - */ - - if (*user == '\0' && (lp_security() != SEC_SHARE) && validated_username(vuid)) { - pstrcpy(user,validated_username(vuid)); - } else { - - /* - * Pass the user through the NT -> unix user mapping - * function. - */ - - (void)map_username(user); - - /* - * Do any UNIX username case mangling. - */ - (void)Get_Pwnam( user, True); - } - - conn = make_connection(service,user,password,pwlen,dev,vuid,&ecode); + conn = make_connection(service,password,pwlen,dev,vuid,&ecode); if (!conn) { END_PROFILE(SMBtcon); @@ -226,8 +197,8 @@ int reply_tcon(connection_struct *conn, SSVAL(outbuf,smb_vwv1,conn->cnum); SSVAL(outbuf,smb_tid,conn->cnum); - DEBUG(3,("tcon service=%s user=%s cnum=%d\n", - service, user, conn->cnum)); + DEBUG(3,("tcon service=%s cnum=%d\n", + service, conn->cnum)); END_PROFILE(SMBtcon); return(outsize); @@ -240,7 +211,6 @@ int reply_tcon(connection_struct *conn, int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize) { fstring service; - pstring user; pstring password; pstring devicename; NTSTATUS ecode; @@ -250,7 +220,7 @@ int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt char *p, *q; START_PROFILE(SMBtconX); - *service = *user = *password = *devicename = 0; + *service = *password = *devicename = 0; /* we might have to close an old one */ if ((SVAL(inbuf,smb_vwv2) & 0x1) && conn) { @@ -289,38 +259,11 @@ int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt else fstrcpy(service,path); - q = strchr_m(service,'%'); - if (q) { - *q++ = 0; - fstrcpy(user,q); - } p += srvstr_pull(inbuf, devicename, p, sizeof(devicename), 6, STR_ASCII); DEBUG(4,("Got device type %s\n",devicename)); - /* - * If the vuid is valid, we should be using that.... - */ - - if (*user == '\0' && (lp_security() != SEC_SHARE) && validated_username(vuid)) { - pstrcpy(user,validated_username(vuid)); - } else { - - /* - * Pass the user through the NT -> unix user mapping - * function. - */ - - (void)map_username(user); - - /* - * Do any UNIX username case mangling. - */ - (void)Get_Pwnam(user, True); - - } - - conn = make_connection(service,user,password,passlen,devicename,vuid,&ecode); + conn = make_connection(service,password,passlen,devicename,vuid,&ecode); if (!conn) { END_PROFILE(SMBtconX); @@ -355,8 +298,8 @@ int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt } - DEBUG(3,("tconX service=%s user=%s\n", - service, user)); + DEBUG(3,("tconX service=%s \n", + service)); /* set the incoming and outgoing tid to the just created one */ SSVAL(inbuf,smb_tid,conn->cnum); diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 62e51f797f..4765844460 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -318,7 +318,7 @@ static void set_admin_user(connection_struct *conn) /**************************************************************************** make a connection to a service ****************************************************************************/ -connection_struct *make_connection(char *service,char *user,char *password, +connection_struct *make_connection(char *service,char *password, int pwlen, char *dev,uint16 vuid, NTSTATUS *status) { int snum; @@ -326,7 +326,8 @@ connection_struct *make_connection(char *service,char *user,char *password, BOOL guest = False; BOOL force = False; connection_struct *conn; - int ret; + + fstring user; strlower(service); @@ -345,28 +346,20 @@ connection_struct *make_connection(char *service,char *user,char *password, } if (strequal(service,HOMES_NAME)) { - if (*user && Get_Pwnam(user,True)) { - fstring dos_username; - fstrcpy(dos_username, user); - return(make_connection(dos_username,user,password, - pwlen,dev,vuid,status)); - } - if(lp_security() != SEC_SHARE) { if (validated_username(vuid)) { - fstring dos_username; - fstrcpy(user,validated_username(vuid)); - fstrcpy(dos_username, user); - return(make_connection(dos_username,user,password,pwlen,dev,vuid,status)); + fstring unix_username; + fstrcpy(unix_username,validated_username(vuid)); + return(make_connection(unix_username,password,pwlen,dev,vuid,status)); } } else { /* Security = share. Try with current_user_info.smb_name * as the username. */ if(*current_user_info.smb_name) { - fstring dos_username; - fstrcpy(user,current_user_info.smb_name); - fstrcpy(dos_username, user); - return(make_connection(dos_username,user,password,pwlen,dev,vuid,status)); + fstring unix_username; + fstrcpy(unix_username,current_user_info.smb_name); + map_username(unix_username); + return(make_connection(unix_username,password,pwlen,dev,vuid,status)); } } } @@ -375,15 +368,13 @@ connection_struct *make_connection(char *service,char *user,char *password, return NULL; } - /* lowercase the user name */ - strlower(user); - /* add it as a possible user name if we are in share mode security */ if (lp_security() == SEC_SHARE) { add_session_user(service); } + /* shall we let them in? */ if (!authorise_login(snum,user,password,pwlen,&guest,&force,vuid)) { DEBUG( 2, ( "Invalid username/password for %s [%s]\n", service, user ) ); @@ -574,6 +565,7 @@ connection_struct *make_connection(char *service,char *user,char *password, /* execute any "root preexec = " line */ if (*lp_rootpreexec(SNUM(conn))) { + int ret; pstring cmd; pstrcpy(cmd,lp_rootpreexec(SNUM(conn))); standard_sub_conn(conn,cmd); @@ -630,6 +622,7 @@ connection_struct *make_connection(char *service,char *user,char *password, /* execute any "preexec = " line */ if (*lp_preexec(SNUM(conn))) { + int ret; pstring cmd; pstrcpy(cmd,lp_preexec(SNUM(conn))); standard_sub_conn(conn,cmd); |