summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2001-09-15 12:55:59 +0000
committerAndrew Bartlett <abartlet@samba.org>2001-09-15 12:55:59 +0000
commit7892c494e7321c64b20bf7e1d794a6b6508fe84a (patch)
treeabde252c0198e7fd43f6da119230208263f82c1c
parentcde3f0fae15c977b8af28e3e2b327f4576c14e69 (diff)
downloadsamba-7892c494e7321c64b20bf7e1d794a6b6508fe84a.tar.gz
samba-7892c494e7321c64b20bf7e1d794a6b6508fe84a.tar.bz2
samba-7892c494e7321c64b20bf7e1d794a6b6508fe84a.zip
Kill off the //server/share%user hack in share level security.
This should help make much of this code simpiler. Andrew Bartlett (This used to be commit fb0c3629c360fd0c57129500474960e6da6f9ef0)
-rw-r--r--source3/rpc_server/srv_srvsvc_nt.c18
-rw-r--r--source3/smbd/password.c8
-rw-r--r--source3/smbd/reply.c73
-rw-r--r--source3/smbd/service.c33
4 files changed, 27 insertions, 105 deletions
diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c
index 0db06754f4..9f156a3d95 100644
--- a/source3/rpc_server/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srv_srvsvc_nt.c
@@ -1598,7 +1598,7 @@ NTSTATUS _srv_net_file_query_secdesc(pipes_struct *p, SRV_Q_NET_FILE_QUERY_SECDE
BOOL bad_path;
int access_mode;
int action;
- NTSTATUS ecode;
+ NTSTATUS nt_status;
struct current_user user;
fstring user_name;
connection_struct *conn = NULL;
@@ -1612,14 +1612,11 @@ NTSTATUS _srv_net_file_query_secdesc(pipes_struct *p, SRV_Q_NET_FILE_QUERY_SECDE
/* Null password is ok - we are already an authenticated user... */
*null_pw = '\0';
- get_current_user(&user, p);
- fstrcpy(user_name, uidtoname(user.uid));
-
- conn = make_connection(qualname, user_name, null_pw, 0, "A:", user.vuid, &ecode);
+ conn = make_connection(qualname, null_pw, 0, "A:", user.vuid, &nt_status);
if (conn == NULL) {
DEBUG(3,("_srv_net_file_query_secdesc: Unable to connect to %s\n", qualname));
- r_u->status = ecode;
+ r_u->status = nt_status;
goto error_exit;
}
@@ -1690,7 +1687,7 @@ NTSTATUS _srv_net_file_set_secdesc(pipes_struct *p, SRV_Q_NET_FILE_SET_SECDESC *
BOOL bad_path;
int access_mode;
int action;
- NTSTATUS ecode;
+ NTSTATUS nt_status;
struct current_user user;
fstring user_name;
connection_struct *conn = NULL;
@@ -1705,14 +1702,11 @@ NTSTATUS _srv_net_file_set_secdesc(pipes_struct *p, SRV_Q_NET_FILE_SET_SECDESC *
/* Null password is ok - we are already an authenticated user... */
*null_pw = '\0';
- get_current_user(&user, p);
- fstrcpy(user_name, uidtoname(user.uid));
-
- conn = make_connection(qualname, user_name, null_pw, 0, "A:", user.vuid, &ecode);
+ conn = make_connection(qualname, null_pw, 0, "A:", user.vuid, &nt_status);
if (conn == NULL) {
DEBUG(3,("_srv_net_file_set_secdesc: Unable to connect to %s\n", qualname));
- r_u->status = ecode;
+ r_u->status = nt_status;
goto error_exit;
}
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 8e85ef3389..13a54cb704 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -470,14 +470,6 @@ BOOL authorise_login(int snum,char *user,char *password, int pwlen,
*/
if (!(GUEST_ONLY(snum) && GUEST_OK(snum))) {
- /* check the given username and password */
- if (!ok && (*user) && user_ok(user,snum)) {
- ok = password_ok(user,password, pwlen);
- if (ok)
- DEBUG(3,("authorise_login: ACCEPTED: given username (%s) password ok\n",
- user ));
- }
-
/* check for a previously registered guest username */
if (!ok && (vuser != 0) && vuser->guest) {
if (user_ok(vuser->user.unix_name,snum) &&
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 04dcf1c0a8..0b8f160854 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -163,7 +163,6 @@ int reply_tcon(connection_struct *conn,
char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
{
pstring service;
- pstring user;
pstring password;
pstring dev;
int outsize = 0;
@@ -174,47 +173,19 @@ int reply_tcon(connection_struct *conn,
START_PROFILE(SMBtcon);
- *service = *user = *password = *dev = 0;
+ *service = *password = *dev = 0;
p = smb_buf(inbuf)+1;
p += srvstr_pull(inbuf, service, p, sizeof(service), -1, STR_TERMINATE) + 1;
p += srvstr_pull(inbuf, password, p, sizeof(password), -1, STR_TERMINATE) + 1;
p += srvstr_pull(inbuf, dev, p, sizeof(dev), -1, STR_TERMINATE) + 1;
- *user = 0;
- p = strchr_m(service,'%');
- if (p != NULL) {
- *p = 0;
- fstrcpy(user,p+1);
- }
-
p = strrchr_m(service,'\\');
if (p) {
pstrcpy(service, p+1);
}
- /*
- * If the vuid is valid, we should be using that....
- */
-
- if (*user == '\0' && (lp_security() != SEC_SHARE) && validated_username(vuid)) {
- pstrcpy(user,validated_username(vuid));
- } else {
-
- /*
- * Pass the user through the NT -> unix user mapping
- * function.
- */
-
- (void)map_username(user);
-
- /*
- * Do any UNIX username case mangling.
- */
- (void)Get_Pwnam( user, True);
- }
-
- conn = make_connection(service,user,password,pwlen,dev,vuid,&ecode);
+ conn = make_connection(service,password,pwlen,dev,vuid,&ecode);
if (!conn) {
END_PROFILE(SMBtcon);
@@ -226,8 +197,8 @@ int reply_tcon(connection_struct *conn,
SSVAL(outbuf,smb_vwv1,conn->cnum);
SSVAL(outbuf,smb_tid,conn->cnum);
- DEBUG(3,("tcon service=%s user=%s cnum=%d\n",
- service, user, conn->cnum));
+ DEBUG(3,("tcon service=%s cnum=%d\n",
+ service, conn->cnum));
END_PROFILE(SMBtcon);
return(outsize);
@@ -240,7 +211,6 @@ int reply_tcon(connection_struct *conn,
int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize)
{
fstring service;
- pstring user;
pstring password;
pstring devicename;
NTSTATUS ecode;
@@ -250,7 +220,7 @@ int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt
char *p, *q;
START_PROFILE(SMBtconX);
- *service = *user = *password = *devicename = 0;
+ *service = *password = *devicename = 0;
/* we might have to close an old one */
if ((SVAL(inbuf,smb_vwv2) & 0x1) && conn) {
@@ -289,38 +259,11 @@ int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt
else
fstrcpy(service,path);
- q = strchr_m(service,'%');
- if (q) {
- *q++ = 0;
- fstrcpy(user,q);
- }
p += srvstr_pull(inbuf, devicename, p, sizeof(devicename), 6, STR_ASCII);
DEBUG(4,("Got device type %s\n",devicename));
- /*
- * If the vuid is valid, we should be using that....
- */
-
- if (*user == '\0' && (lp_security() != SEC_SHARE) && validated_username(vuid)) {
- pstrcpy(user,validated_username(vuid));
- } else {
-
- /*
- * Pass the user through the NT -> unix user mapping
- * function.
- */
-
- (void)map_username(user);
-
- /*
- * Do any UNIX username case mangling.
- */
- (void)Get_Pwnam(user, True);
-
- }
-
- conn = make_connection(service,user,password,passlen,devicename,vuid,&ecode);
+ conn = make_connection(service,password,passlen,devicename,vuid,&ecode);
if (!conn) {
END_PROFILE(SMBtconX);
@@ -355,8 +298,8 @@ int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt
}
- DEBUG(3,("tconX service=%s user=%s\n",
- service, user));
+ DEBUG(3,("tconX service=%s \n",
+ service));
/* set the incoming and outgoing tid to the just created one */
SSVAL(inbuf,smb_tid,conn->cnum);
diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index 62e51f797f..4765844460 100644
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -318,7 +318,7 @@ static void set_admin_user(connection_struct *conn)
/****************************************************************************
make a connection to a service
****************************************************************************/
-connection_struct *make_connection(char *service,char *user,char *password,
+connection_struct *make_connection(char *service,char *password,
int pwlen, char *dev,uint16 vuid, NTSTATUS *status)
{
int snum;
@@ -326,7 +326,8 @@ connection_struct *make_connection(char *service,char *user,char *password,
BOOL guest = False;
BOOL force = False;
connection_struct *conn;
- int ret;
+
+ fstring user;
strlower(service);
@@ -345,28 +346,20 @@ connection_struct *make_connection(char *service,char *user,char *password,
}
if (strequal(service,HOMES_NAME)) {
- if (*user && Get_Pwnam(user,True)) {
- fstring dos_username;
- fstrcpy(dos_username, user);
- return(make_connection(dos_username,user,password,
- pwlen,dev,vuid,status));
- }
-
if(lp_security() != SEC_SHARE) {
if (validated_username(vuid)) {
- fstring dos_username;
- fstrcpy(user,validated_username(vuid));
- fstrcpy(dos_username, user);
- return(make_connection(dos_username,user,password,pwlen,dev,vuid,status));
+ fstring unix_username;
+ fstrcpy(unix_username,validated_username(vuid));
+ return(make_connection(unix_username,password,pwlen,dev,vuid,status));
}
} else {
/* Security = share. Try with current_user_info.smb_name
* as the username. */
if(*current_user_info.smb_name) {
- fstring dos_username;
- fstrcpy(user,current_user_info.smb_name);
- fstrcpy(dos_username, user);
- return(make_connection(dos_username,user,password,pwlen,dev,vuid,status));
+ fstring unix_username;
+ fstrcpy(unix_username,current_user_info.smb_name);
+ map_username(unix_username);
+ return(make_connection(unix_username,password,pwlen,dev,vuid,status));
}
}
}
@@ -375,15 +368,13 @@ connection_struct *make_connection(char *service,char *user,char *password,
return NULL;
}
- /* lowercase the user name */
- strlower(user);
-
/* add it as a possible user name if we
are in share mode security */
if (lp_security() == SEC_SHARE) {
add_session_user(service);
}
+
/* shall we let them in? */
if (!authorise_login(snum,user,password,pwlen,&guest,&force,vuid)) {
DEBUG( 2, ( "Invalid username/password for %s [%s]\n", service, user ) );
@@ -574,6 +565,7 @@ connection_struct *make_connection(char *service,char *user,char *password,
/* execute any "root preexec = " line */
if (*lp_rootpreexec(SNUM(conn))) {
+ int ret;
pstring cmd;
pstrcpy(cmd,lp_rootpreexec(SNUM(conn)));
standard_sub_conn(conn,cmd);
@@ -630,6 +622,7 @@ connection_struct *make_connection(char *service,char *user,char *password,
/* execute any "preexec = " line */
if (*lp_preexec(SNUM(conn))) {
+ int ret;
pstring cmd;
pstrcpy(cmd,lp_preexec(SNUM(conn)));
standard_sub_conn(conn,cmd);