r15341: Ok I give up, I've been beaten by bug reports. People

just don't get why "guest ok" is not allowed in usershares.
Added "usershare allow guests" bool parameter that allows
this, reved usershare file version to VERSION#2 which
allows this. Updated user tools.
This should now be (finally) finished and I'll add
the new parameter docs and a HOWTO.
Jeremy.
(This used to be commit cdc3aa9d07d568570f2117bea9f1a4d227b3a35d)

1 files changed, 40 insertions, 7 deletions

diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index b2ce9b7f4f..fc34c067c8 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -309,6 +309,7 @@ typedef struct {
 	BOOL bEnablePrivileges;
 	BOOL bASUSupport;
 	BOOL bUsershareOwnerOnly;
+	BOOL bUsershareAllowGuests;
 	int restrict_anonymous;
 	int name_cache_timeout;
 	int client_signing;
@@ -1239,6 +1240,7 @@ static struct parm_struct parm_table[] = {
 	{"root preexec close", P_BOOL, P_LOCAL, &sDefault.bRootpreexecClose, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE}, 
 	{"root postexec", P_STRING, P_LOCAL, &sDefault.szRootPostExec, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE | FLAG_PRINT}, 
 	{"available", P_BOOL, P_LOCAL, &sDefault.bAvailable, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_SHARE | FLAG_PRINT}, 
+	{"usershare allow guests", P_BOOL, P_GLOBAL, &Globals.bUsershareAllowGuests, NULL, NULL, FLAG_ADVANCED},
 	{"usershare max shares", P_INTEGER, P_GLOBAL, &Globals.iUsershareMaxShares, NULL, NULL, FLAG_ADVANCED},
 	{"usershare owner only", P_BOOL, P_GLOBAL, &Globals.bUsershareOwnerOnly, NULL, NULL, FLAG_ADVANCED}, 
 	{"usershare path", P_STRING, P_GLOBAL, &Globals.szUsersharePath, NULL, NULL, FLAG_ADVANCED},
@@ -1670,6 +1672,8 @@ static void init_globals(BOOL first_time_only)
 	Globals.iUsershareMaxShares = 0;
 	/* By default disallow sharing of directories not owned by the sharer. */
 	Globals.bUsershareOwnerOnly = True;
+	/* By default disallow guest access to usershares. */
+	Globals.bUsershareAllowGuests = False;
 }
 
 static TALLOC_CTX *lp_talloc;
@@ -1875,6 +1879,7 @@ FN_GLOBAL_LIST(lp_usershare_prefix_deny_list, &Globals.szUsersharePrefixDenyList
 
 FN_GLOBAL_LIST(lp_eventlog_list, &Globals.szEventLogs)
 
+FN_GLOBAL_BOOL(lp_usershare_allow_guests, &Globals.bUsershareAllowGuests)
 FN_GLOBAL_BOOL(lp_usershare_owner_only, &Globals.bUsershareOwnerOnly)
 FN_GLOBAL_BOOL(lp_disable_netbios, &Globals.bDisableNetbios)
 FN_GLOBAL_BOOL(lp_reset_on_zero_vc, &Globals.bResetOnZeroVC)
@@ -4318,29 +4323,40 @@ enum usershare_err parse_usershare_file(TALLOC_CTX *ctx,
 			int numlines,
 			pstring sharepath,
 			pstring comment,
-			SEC_DESC **ppsd)
+			SEC_DESC **ppsd,
+			BOOL *pallow_guest)
 {
 	const char **prefixallowlist = lp_usershare_prefix_allow_list();
 	const char **prefixdenylist = lp_usershare_prefix_deny_list();
+	int us_vers;
 	SMB_STRUCT_DIR *dp;
 	SMB_STRUCT_STAT sbuf;
 
+	*pallow_guest = False;
+
 	if (numlines < 4) {
 		return USERSHARE_MALFORMED_FILE;
 	}
 
-	if (!strequal(lines[0], "#VERSION 1")) {
+	if (strcmp(lines[0], "#VERSION 1") == 0) {
+		us_vers = 1;
+	} else if (strcmp(lines[0], "#VERSION 2") == 0) {
+		us_vers = 2;
+		if (numlines < 5) {
+			return USERSHARE_MALFORMED_FILE;
+		}
+	} else {
 		return USERSHARE_BAD_VERSION;
 	}
 
-	if (!strnequal(lines[1], "path=", 5)) {
+	if (strncmp(lines[1], "path=", 5) != 0) {
 		return USERSHARE_MALFORMED_PATH;
 	}
 
 	pstrcpy(sharepath, &lines[1][5]);
 	trim_string(sharepath, " ", " ");
 
-	if (!strnequal(lines[2], "comment=", 8)) {
+	if (strncmp(lines[2], "comment=", 8) != 0) {
 		return USERSHARE_MALFORMED_COMMENT_DEF;
 	}
 
@@ -4348,7 +4364,7 @@ enum usershare_err parse_usershare_file(TALLOC_CTX *ctx,
 	trim_string(comment, " ", " ");
 	trim_char(comment, '"', '"');
 
-	if (!strnequal(lines[3], "usershare_acl=", 14)) {
+	if (strncmp(lines[3], "usershare_acl=", 14) != 0) {
 		return USERSHARE_MALFORMED_ACL_DEF;
 	}
 
@@ -4356,7 +4372,16 @@ enum usershare_err parse_usershare_file(TALLOC_CTX *ctx,
 		return USERSHARE_ACL_ERR;
 	}
 
-	if (snum != -1 && strequal(sharepath, ServicePtrs[snum]->szPath)) {
+	if (us_vers == 2) {
+		if (strncmp(lines[4], "guest_ok=", 9) != 0) {
+			return USERSHARE_MALFORMED_ACL_DEF;
+		}
+		if (lines[4][9] == 'y') {
+			*pallow_guest = True;
+		}
+	}
+
+	if (snum != -1 && (strcmp(sharepath, ServicePtrs[snum]->szPath) == 0)) {
 		/* Path didn't change, no checks needed. */
 		return USERSHARE_OK;
 	}
@@ -4468,6 +4493,7 @@ static int process_usershare_file(const char *dir_name, const char *file_name, i
 	int iService = -1;
 	TALLOC_CTX *ctx = NULL;
 	SEC_DESC *psd = NULL;
+	BOOL guest_ok = False;
 
 	/* Ensure share name doesn't contain invalid characters. */
 	if (!validate_net_name(file_name, INVALID_SHARENAME_CHARS, strlen(file_name))) {
@@ -4561,7 +4587,9 @@ static int process_usershare_file(const char *dir_name, const char *file_name, i
 		return 1;
 	}
 
-	if (parse_usershare_file(ctx, &sbuf, service_name, iService, lines, numlines, sharepath, comment, &psd) != USERSHARE_OK) {
+	if (parse_usershare_file(ctx, &sbuf, service_name,
+			iService, lines, numlines, sharepath,
+			comment, &psd, &guest_ok) != USERSHARE_OK) {
 		talloc_destroy(ctx);
 		SAFE_FREE(lines);
 		return -1;
@@ -4605,6 +4633,11 @@ static int process_usershare_file(const char *dir_name, const char *file_name, i
 	/* Set the service as a valid usershare. */
 	ServicePtrs[iService]->usershare = USERSHARE_VALID;
 
+	/* Set guest access. */
+	if (lp_usershare_allow_guests()) {
+		ServicePtrs[iService]->bGuest_ok = guest_ok;
+	}
+
 	/* And note when it was loaded. */
 	ServicePtrs[iService]->usershare_last_mod = sbuf.st_mtime;
 	string_set(&ServicePtrs[iService]->szPath, sharepath);