summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2002-08-17 04:51:27 +0000
committerAndrew Bartlett <abartlet@samba.org>2002-08-17 04:51:27 +0000
commita27ec4a0118e4443e76f706b715c95c17ce60595 (patch)
tree6988ee3b47c021dc7c0e25e7ee1a810460a445b7
parentf56e06476fed5dda04ce12734aeb6efc9bf2d0a4 (diff)
downloadsamba-a27ec4a0118e4443e76f706b715c95c17ce60595.tar.gz
samba-a27ec4a0118e4443e76f706b715c95c17ce60595.tar.bz2
samba-a27ec4a0118e4443e76f706b715c95c17ce60595.zip
Rework the 'guest account get's RID 501' code again...
This moves it right into the passdb subsystem, where we can do this in just one (or 2) places. Due to the fact that this code can be in a tight loop, I've had to make 'guest account' a 'const' paramater, where % macros cannot be used. In any case, if the 'guest account' varies, we are in for some nasty cases in the other code, so it's useful anyway. Andrew Bartlett (This used to be commit 8718e5e7b2651edad15f52a4262dc745df7ad70f)
-rw-r--r--docs/docbook/manpages/smb.conf.5.sgml4
-rw-r--r--source3/param/loadparm.c2
-rw-r--r--source3/passdb/passdb.c76
-rw-r--r--source3/passdb/pdb_unix.c27
4 files changed, 62 insertions, 47 deletions
diff --git a/docs/docbook/manpages/smb.conf.5.sgml b/docs/docbook/manpages/smb.conf.5.sgml
index 2aeb312924..1e713147c9 100644
--- a/docs/docbook/manpages/smb.conf.5.sgml
+++ b/docs/docbook/manpages/smb.conf.5.sgml
@@ -2769,6 +2769,10 @@
<command>su -</command> command) and trying to print using the
system print command such as <command>lpr(1)</command> or <command>
lp(1)</command>.</para>
+
+ <para>This paramater does not accept % marcos, becouse
+ many parts of the system require this value to be
+ constant for correct operation</para>
<para>Default: <emphasis>specified at compile time, usually
"nobody"</emphasis></para>
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 9e4ce615e8..b16f4483f8 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -1525,7 +1525,7 @@ FN_GLOBAL_STRING(lp_panic_action, &Globals.szPanicAction)
FN_GLOBAL_STRING(lp_adduser_script, &Globals.szAddUserScript)
FN_GLOBAL_STRING(lp_deluser_script, &Globals.szDelUserScript)
-FN_GLOBAL_STRING(lp_guestaccount, &Globals.szGuestaccount)
+FN_GLOBAL_CONST_STRING(lp_guestaccount, &Globals.szGuestaccount)
FN_GLOBAL_STRING(lp_addgroup_script, &Globals.szAddGroupScript)
FN_GLOBAL_STRING(lp_delgroup_script, &Globals.szDelGroupScript)
FN_GLOBAL_STRING(lp_addusertogroup_script, &Globals.szAddUserToGroupScript)
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index fdcda0268d..a9c6f0729b 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -157,6 +157,12 @@ NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sam_account, const struct passwd *pwd)
{
GROUP_MAP map;
+ const char *guest_account = lp_guestaccount();
+ if (!(guest_account && *guest_account)) {
+ DEBUG(1, ("NULL guest account!?!?\n"));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
if (!pwd) {
return NT_STATUS_UNSUCCESSFUL;
}
@@ -183,24 +189,36 @@ NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sam_account, const struct passwd *pwd)
-- abartlet 11-May-02
*/
- if (!pdb_set_user_sid_from_rid(sam_account,
- fallback_pdb_uid_to_user_rid(pwd->pw_uid))) {
- DEBUG(0,("Can't set User SID from RID!\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
- /* call the mapping code here */
- if(get_group_map_from_gid(pwd->pw_gid, &map, MAPPING_WITHOUT_PRIV)) {
- if (!pdb_set_group_sid(sam_account,&map.sid)){
- DEBUG(0,("Can't set Group SID!\n"));
- return NT_STATUS_INVALID_PARAMETER;
+ /* Ensure this *must* be set right */
+ if (strcmp(pwd->pw_name, guest_account) == 0) {
+ if (!pdb_set_user_sid_from_rid(sam_account, DOMAIN_USER_RID_GUEST)) {
+ return NT_STATUS_UNSUCCESSFUL;
}
- }
- else {
- if (!pdb_set_group_sid_from_rid(sam_account,pdb_gid_to_group_rid(pwd->pw_gid))) {
- DEBUG(0,("Can't set Group SID\n"));
+ if (!pdb_set_group_sid_from_rid(sam_account, DOMAIN_GROUP_RID_GUESTS)) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ } else {
+
+ if (!pdb_set_user_sid_from_rid(sam_account,
+ fallback_pdb_uid_to_user_rid(pwd->pw_uid))) {
+ DEBUG(0,("Can't set User SID from RID!\n"));
return NT_STATUS_INVALID_PARAMETER;
}
+
+ /* call the mapping code here */
+ if(get_group_map_from_gid(pwd->pw_gid, &map, MAPPING_WITHOUT_PRIV)) {
+ if (!pdb_set_group_sid(sam_account,&map.sid)){
+ DEBUG(0,("Can't set Group SID!\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ }
+ else {
+ if (!pdb_set_group_sid_from_rid(sam_account,pdb_gid_to_group_rid(pwd->pw_gid))) {
+ DEBUG(0,("Can't set Group SID\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ }
}
/* check if this is a user account or a machine account */
@@ -574,14 +592,6 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use
fstrcpy(name, "Administrator");
}
return True;
-
- } else if (rid == DOMAIN_USER_RID_GUEST) {
- char *p = lp_guestaccount();
- *psid_name_use = SID_NAME_USER;
- if(!next_token(&p, name, NULL, sizeof(fstring)))
- fstrcpy(name, "Guest");
- return True;
-
}
/*
@@ -597,6 +607,7 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use
}
/* This now does the 'generic' mapping in pdb_unix */
+ /* 'guest' is also handled there */
if (pdb_getsampwsid(sam_account, sid)) {
fstrcpy(name, pdb_get_username(sam_account));
*psid_name_use = SID_NAME_USER;
@@ -845,23 +856,10 @@ BOOL local_sid_to_uid(uid_t *puid, const DOM_SID *psid, enum SID_NAME_USE *name_
return False;
}
- if (rid == DOMAIN_USER_RID_GUEST) {
- struct passwd *pw = getpwnam_alloc(lp_guestaccount());
- if (!pw) {
- DEBUG(1, ("getpwnam on guest account '%s' failed!\n", lp_guestaccount()));
- return False;
- }
- *puid = pw->pw_uid;
- passwd_free(&pw);
- DEBUG(5,("local_sid_to_uid: Guest account (SID %s) mapped to guest account id %ld.\n",
- sid_to_string(str, psid), (signed long int)(*puid)));
- } else {
-
- *puid = fallback_pdb_user_rid_to_uid(rid);
-
- DEBUG(5,("local_sid_to_uid: SID %s algorithmicly mapped to %ld mapped becouse SID was not found in passdb.\n",
- sid_to_string(str, psid), (signed long int)(*puid)));
- }
+ *puid = fallback_pdb_user_rid_to_uid(rid);
+
+ DEBUG(5,("local_sid_to_uid: SID %s algorithmicly mapped to %ld mapped becouse SID was not found in passdb.\n",
+ sid_to_string(str, psid), (signed long int)(*puid)));
}
*name_type = SID_NAME_USER;
diff --git a/source3/passdb/pdb_unix.c b/source3/passdb/pdb_unix.c
index 88334f2b70..06f12164eb 100644
--- a/source3/passdb/pdb_unix.c
+++ b/source3/passdb/pdb_unix.c
@@ -49,19 +49,32 @@ static BOOL unixsam_getsampwrid (struct pdb_methods *methods,
{
struct passwd *pass;
BOOL ret = False;
+ const char *guest_account = lp_guestaccount();
+ if (!(guest_account && *guest_account)) {
+ DEBUG(1, ("NULL guest account!?!?\n"));
+ return False;
+ }
+
if (!methods) {
DEBUG(0,("invalid methods\n"));
return False;
}
-
- if (pdb_rid_is_user(rid)) {
- pass = getpwuid_alloc(fallback_pdb_user_rid_to_uid (rid));
-
- if (pass) {
- ret = NT_STATUS_IS_OK(pdb_fill_sam_pw(user, pass));
- passwd_free(&pass);
+
+ if (rid == DOMAIN_USER_RID_GUEST) {
+ pass = getpwnam_alloc(guest_account);
+ if (!pass) {
+ DEBUG(1, ("guest account %s does not seem to exist...\n", guest_account));
+ return False;
}
+ } else if (pdb_rid_is_user(rid)) {
+ pass = getpwuid_alloc(fallback_pdb_user_rid_to_uid (rid));
+ } else {
+ return False;
}
+
+ ret = NT_STATUS_IS_OK(pdb_fill_sam_pw(user, pass));
+ passwd_free(&pass);
+
return ret;
}