Makefile.in configure configure.in include/proto.h smbd/noquotas.c smbd/quotas.c:

   Added quotas patch for autoconf from Dejan Ilic <svedja@lysator.liu.se>.
printing/printing.c: Filenames with spaces patch from Allan Bjorklund <allan@umich.edu>
utils/nmblookup.c: Fix usage() function.
smbd/reply.c: Split out the security=server and security=domain checks into
              check_server_security() and check_domain_security() to aid the
              writing of the 'hack' appliance mode invented by John Schimmel.
Jeremy.
(This used to be commit f09ab9b52251087a58af92ec753537ca34a970fc)

3 files changed, 117 insertions, 52 deletions

diff --git a/source3/smbd/noquotas.c b/source3/smbd/noquotas.c
new file mode 100644
index 0000000000..c62fb368c7
--- /dev/null
+++ b/source3/smbd/noquotas.c
@@ -0,0 +1,31 @@
+/*
+   Unix SMB/Netbios implementation.
+   Version 1.9.
+   No support for quotas :-).
+   Copyright (C) Andrew Tridgell 1992-1998
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 2 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/*
+ * Needed for auto generation of proto.h.
+ */
+
+BOOL disk_quotas(char *path, int *bsize, int *dfree, int *dsize)
+{
+  return False;
+}
diff --git a/source3/smbd/quotas.c b/source3/smbd/quotas.c
index 716c2357c6..d610bbe15a 100644
--- a/source3/smbd/quotas.c
+++ b/source3/smbd/quotas.c
@@ -1,4 +1,3 @@
-#ifdef QUOTAS
 /* 
    Unix SMB/Netbios implementation.
    Version 1.9.
@@ -658,10 +657,3 @@ BOOL disk_quotas(char *path, int *bsize, int *dfree, int *dsize)
 }
 
 #endif
-
-#else
-/* this keeps fussy compilers happy */
- void quotas_dummy(void);
- void quotas_dummy(void) {}
-#endif /* QUOTAS */
-
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 1d8ccd61eb..67c2abb9b5 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -447,10 +447,42 @@ static int session_trust_account(connection_struct *conn, char *inbuf, char *out
   return(ERROR(0, 0xc0000000|NT_STATUS_LOGON_FAILURE));
 }
 
+/****************************************************************************
+ Check for a valid username and password in security=server mode.
+****************************************************************************/
+
+static BOOL check_server_security(char *orig_user, char *domain, 
+                                  char *smb_apasswd, int smb_apasslen,
+                                  char *smb_ntpasswd, int smb_ntpasslen)
+{
+  if(lp_security() != SEC_SERVER)
+    return False;
+
+  return server_validate(orig_user, domain, 
+                            smb_apasswd, smb_apasslen, 
+                            smb_ntpasswd, smb_ntpasslen);
+}
+
+/****************************************************************************
+ Check for a valid username and password in security=domain mode.
+****************************************************************************/
+
+static BOOL check_domain_security(char *orig_user, char *domain, 
+                                  char *smb_apasswd, int smb_apasslen,
+                                  char *smb_ntpasswd, int smb_ntpasslen)
+{
+  if(lp_security() != SEC_DOMAIN)
+    return False;
+
+  return domain_client_validate(orig_user, domain,
+                                smb_apasswd, smb_apasslen,
+                                smb_ntpasswd, smb_ntpasslen);
+}
 
 /****************************************************************************
 reply to a session setup command
 ****************************************************************************/
+
 int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize)
 {
   uint16 sess_vuid;
@@ -582,12 +614,12 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int
 
   /* If no username is sent use the guest account */
   if (!*user)
-    {
-      pstrcpy(user,lp_guestaccount(-1));
-      /* If no user and no password then set guest flag. */
-      if( *smb_apasswd == 0)
-        guest = True;
-    }
+  {
+    pstrcpy(user,lp_guestaccount(-1));
+    /* If no user and no password then set guest flag. */
+    if( *smb_apasswd == 0)
+      guest = True;
+  }
 
   strlower(user);
 
@@ -631,48 +663,58 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int
   if(!guest && strequal(user,lp_guestaccount(-1)) && (*smb_apasswd == 0))
     guest = True;
 
-  if (!guest && !(lp_security() == SEC_SERVER && 
-      /* Check with orig_user for security=server and
-         security=domain. */
-      server_validate(orig_user, domain, 
-                      smb_apasswd, smb_apasslen, 
-                      smb_ntpasswd, smb_ntpasslen)) &&
-      !(lp_security() == SEC_DOMAIN &&
-      domain_client_validate(orig_user, domain,
+  /* 
+   * Check with orig_user for security=server and
+   * security=domain.
+   */
+
+  if (!guest && 
+      !check_server_security(orig_user, domain,
                              smb_apasswd, smb_apasslen,
-                            smb_ntpasswd, smb_ntpasslen)) &&
+                             smb_ntpasswd, smb_ntpasslen) &&
+      !check_domain_security(orig_user, domain,
+                             smb_apasswd, smb_apasslen,
+                             smb_ntpasswd, smb_ntpasslen) &&
       !check_hosts_equiv(user)
      )
+  {
+
+    /* 
+     * If we get here then the user wasn't guest and the remote
+     * authentication methods failed. Check the authentication
+     * methods on this local server.
+     *
+     * If an NT password was supplied try and validate with that
+     * first. This is superior as the passwords are mixed case 
+     * 128 length unicode.
+      */
+
+    if(smb_ntpasslen)
     {
+      if(!password_ok(user, smb_ntpasswd,smb_ntpasslen,NULL))
+        DEBUG(0,("NT Password did not match ! Defaulting to Lanman\n"));
+      else
+        valid_nt_password = True;
+    } 
 
-      /* now check if it's a valid username/password */
-      /* If an NT password was supplied try and validate with that
-	 first. This is superior as the passwords are mixed case 
-         128 length unicode */
-      if(smb_ntpasslen)
-	{
-	  if(!password_ok(user, smb_ntpasswd,smb_ntpasslen,NULL))
-	    DEBUG(0,("NT Password did not match ! Defaulting to Lanman\n"));
-	  else
-	    valid_nt_password = True;
-	} 
-      if (!valid_nt_password && !password_ok(user, smb_apasswd,smb_apasslen,NULL))
-	{
-	  if (lp_security() >= SEC_USER) {
+    if (!valid_nt_password && !password_ok(user, smb_apasswd,smb_apasslen,NULL))
+    {
+      if (lp_security() >= SEC_USER) 
+      {
 #if (GUEST_SESSSETUP == 0)
-	    return(ERROR(ERRSRV,ERRbadpw));
+        return(ERROR(ERRSRV,ERRbadpw));
 #endif
 #if (GUEST_SESSSETUP == 1)
-	    if (Get_Pwnam(user,True))
-	      return(ERROR(ERRSRV,ERRbadpw));
+       if (Get_Pwnam(user,True))
+          return(ERROR(ERRSRV,ERRbadpw));
 #endif
-	  }
- 	  if (*smb_apasswd || !Get_Pwnam(user,True))
-	    pstrcpy(user,lp_guestaccount(-1));
-	  DEBUG(3,("Registered username %s for guest access\n",user));
-	  guest = True;
-	}
+      }
+      if (*smb_apasswd || !Get_Pwnam(user,True))
+         pstrcpy(user,lp_guestaccount(-1));
+      DEBUG(3,("Registered username %s for guest access\n",user));
+      guest = True;
     }
+  }
 
   if (!Get_Pwnam(user,True)) {
     DEBUG(3,("No such user %s - using guest account\n",user));
@@ -682,12 +724,12 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int
 
   if (!strequal(user,lp_guestaccount(-1)) &&
       lp_servicenumber(user) < 0)      
-    {
-      int homes = lp_servicenumber(HOMES_NAME);
-      char *home = get_home_dir(user);
-      if (homes >= 0 && home)
-	lp_add_home(user,homes,home);
-    }
+  {
+    int homes = lp_servicenumber(HOMES_NAME);
+    char *home = get_home_dir(user);
+    if (homes >= 0 && home)
+      lp_add_home(user,homes,home);
+  }
 
 
   /* it's ok - setup a reply */