Kill off the //server/share%user hack in share level security.

This should help make much of this code simpiler.

Andrew Bartlett
(This used to be commit fb0c3629c360fd0c57129500474960e6da6f9ef0)

3 files changed, 21 insertions, 93 deletions

diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 8e85ef3389..13a54cb704 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -470,14 +470,6 @@ BOOL authorise_login(int snum,char *user,char *password, int pwlen,
 	*/
 
 	if (!(GUEST_ONLY(snum) && GUEST_OK(snum))) {
-		/* check the given username and password */
-		if (!ok && (*user) && user_ok(user,snum)) {
-			ok = password_ok(user,password, pwlen);
-			if (ok)
-				DEBUG(3,("authorise_login: ACCEPTED: given username (%s) password ok\n",
-						user ));
-		}
-
 		/* check for a previously registered guest username */
 		if (!ok && (vuser != 0) && vuser->guest) {	  
 			if (user_ok(vuser->user.unix_name,snum) &&
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 04dcf1c0a8..0b8f160854 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -163,7 +163,6 @@ int reply_tcon(connection_struct *conn,
 	       char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
 {
 	pstring service;
-	pstring user;
 	pstring password;
 	pstring dev;
 	int outsize = 0;
@@ -174,47 +173,19 @@ int reply_tcon(connection_struct *conn,
 
 	START_PROFILE(SMBtcon);
 
-	*service = *user = *password = *dev = 0;
+	*service = *password = *dev = 0;
 
 	p = smb_buf(inbuf)+1;
 	p += srvstr_pull(inbuf, service, p, sizeof(service), -1, STR_TERMINATE) + 1;
 	p += srvstr_pull(inbuf, password, p, sizeof(password), -1, STR_TERMINATE) + 1;
 	p += srvstr_pull(inbuf, dev, p, sizeof(dev), -1, STR_TERMINATE) + 1;
 
-	*user = 0;
-	p = strchr_m(service,'%');
-	if (p != NULL) {
-		*p = 0;
-		fstrcpy(user,p+1);
-	}
-
 	p = strrchr_m(service,'\\');
 	if (p) {
 		pstrcpy(service, p+1);
 	}
 
-    /*
-	 * If the vuid is valid, we should be using that....
-	 */
-
-	if (*user == '\0' && (lp_security() != SEC_SHARE) && validated_username(vuid)) {
-		pstrcpy(user,validated_username(vuid));
-	} else {
-		
-		/*
-		 * Pass the user through the NT -> unix user mapping
-		 * function.
-		 */
-		
-		(void)map_username(user);
-		
-		/*
-		 * Do any UNIX username case mangling.
-		 */
-		(void)Get_Pwnam( user, True);
-	}
-
-	conn = make_connection(service,user,password,pwlen,dev,vuid,&ecode);
+	conn = make_connection(service,password,pwlen,dev,vuid,&ecode);
   
 	if (!conn) {
 		END_PROFILE(SMBtcon);
@@ -226,8 +197,8 @@ int reply_tcon(connection_struct *conn,
 	SSVAL(outbuf,smb_vwv1,conn->cnum);
 	SSVAL(outbuf,smb_tid,conn->cnum);
   
-	DEBUG(3,("tcon service=%s user=%s cnum=%d\n", 
-		 service, user, conn->cnum));
+	DEBUG(3,("tcon service=%s cnum=%d\n", 
+		 service, conn->cnum));
   
 	END_PROFILE(SMBtcon);
 	return(outsize);
@@ -240,7 +211,6 @@ int reply_tcon(connection_struct *conn,
 int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize)
 {
 	fstring service;
-	pstring user;
 	pstring password;
 	pstring devicename;
 	NTSTATUS ecode;
@@ -250,7 +220,7 @@ int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt
 	char *p, *q;
 	START_PROFILE(SMBtconX);
 	
-	*service = *user = *password = *devicename = 0;
+	*service = *password = *devicename = 0;
 
 	/* we might have to close an old one */
 	if ((SVAL(inbuf,smb_vwv2) & 0x1) && conn) {
@@ -289,38 +259,11 @@ int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt
 	else
 		fstrcpy(service,path);
 		
-	q = strchr_m(service,'%');
-	if (q) {
-		*q++ = 0;
-		fstrcpy(user,q);
-	}
 	p += srvstr_pull(inbuf, devicename, p, sizeof(devicename), 6, STR_ASCII);
 
 	DEBUG(4,("Got device type %s\n",devicename));
 
-    /*
-	 * If the vuid is valid, we should be using that....
-	 */
-
-	if (*user == '\0' && (lp_security() != SEC_SHARE) && validated_username(vuid)) {
-		pstrcpy(user,validated_username(vuid));
-	} else {
-
-		/*
-		 * Pass the user through the NT -> unix user mapping
-		 * function.
-		 */
-		
-		(void)map_username(user);
-		
-		/*
-		 * Do any UNIX username case mangling.
-		 */
-		(void)Get_Pwnam(user, True);
-		
-	}
-
-	conn = make_connection(service,user,password,passlen,devicename,vuid,&ecode);
+	conn = make_connection(service,password,passlen,devicename,vuid,&ecode);
 	
 	if (!conn) {
 		END_PROFILE(SMBtconX);
@@ -355,8 +298,8 @@ int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt
 	}
 
   
-	DEBUG(3,("tconX service=%s user=%s\n",
-		 service, user));
+	DEBUG(3,("tconX service=%s \n",
+		 service));
   
 	/* set the incoming and outgoing tid to the just created one */
 	SSVAL(inbuf,smb_tid,conn->cnum);
diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index 62e51f797f..4765844460 100644
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -318,7 +318,7 @@ static void set_admin_user(connection_struct *conn)
 /****************************************************************************
   make a connection to a service
 ****************************************************************************/
-connection_struct *make_connection(char *service,char *user,char *password, 
+connection_struct *make_connection(char *service,char *password, 
 				   int pwlen, char *dev,uint16 vuid, NTSTATUS *status)
 {
 	int snum;
@@ -326,7 +326,8 @@ connection_struct *make_connection(char *service,char *user,char *password,
 	BOOL guest = False;
 	BOOL force = False;
 	connection_struct *conn;
-	int ret;
+
+	fstring user;
 
 	strlower(service);
 
@@ -345,28 +346,20 @@ connection_struct *make_connection(char *service,char *user,char *password,
 	}
 
 	if (strequal(service,HOMES_NAME)) {
-		if (*user && Get_Pwnam(user,True)) {
-			fstring dos_username;
-			fstrcpy(dos_username, user);
-			return(make_connection(dos_username,user,password,
-					       pwlen,dev,vuid,status));
-		}
-
 		if(lp_security() != SEC_SHARE) {
 			if (validated_username(vuid)) {
-				fstring dos_username;
-				fstrcpy(user,validated_username(vuid));
-				fstrcpy(dos_username, user);
-				return(make_connection(dos_username,user,password,pwlen,dev,vuid,status));
+				fstring unix_username;
+				fstrcpy(unix_username,validated_username(vuid));
+				return(make_connection(unix_username,password,pwlen,dev,vuid,status));
 			}
 		} else {
 			/* Security = share. Try with current_user_info.smb_name
 			 * as the username.  */
 			if(*current_user_info.smb_name) {
-				fstring dos_username;
-				fstrcpy(user,current_user_info.smb_name);
-				fstrcpy(dos_username, user);
-				return(make_connection(dos_username,user,password,pwlen,dev,vuid,status));
+				fstring unix_username;
+				fstrcpy(unix_username,current_user_info.smb_name);
+				map_username(unix_username);
+				return(make_connection(unix_username,password,pwlen,dev,vuid,status));
 			}
 		}
 	}
@@ -375,15 +368,13 @@ connection_struct *make_connection(char *service,char *user,char *password,
 		return NULL;
 	}	
 
-	/* lowercase the user name */
-	strlower(user);
-
 	/* add it as a possible user name if we 
 	   are in share mode security */
 	if (lp_security() == SEC_SHARE) {
 		add_session_user(service);
 	}
 
+
 	/* shall we let them in? */
 	if (!authorise_login(snum,user,password,pwlen,&guest,&force,vuid)) {
 		DEBUG( 2, ( "Invalid username/password for %s [%s]\n", service, user ) );
@@ -574,6 +565,7 @@ connection_struct *make_connection(char *service,char *user,char *password,
 		
 	/* execute any "root preexec = " line */
 	if (*lp_rootpreexec(SNUM(conn))) {
+		int ret;
 		pstring cmd;
 		pstrcpy(cmd,lp_rootpreexec(SNUM(conn)));
 		standard_sub_conn(conn,cmd);
@@ -630,6 +622,7 @@ connection_struct *make_connection(char *service,char *user,char *password,
 		
 	/* execute any "preexec = " line */
 	if (*lp_preexec(SNUM(conn))) {
+		int ret;
 		pstring cmd;
 		pstrcpy(cmd,lp_preexec(SNUM(conn)));
 		standard_sub_conn(conn,cmd);