summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>1998-11-03 02:25:28 +0000
committerJeremy Allison <jra@samba.org>1998-11-03 02:25:28 +0000
commit01e04614c7c466fdbdc398c782acaa931965f925 (patch)
treea1fcea4972a969633b057a6f99a611d379f1fe76 /source3/smbd
parent5900f6c85bfdf43712f51528b9d14b14338c8a0d (diff)
downloadsamba-01e04614c7c466fdbdc398c782acaa931965f925.tar.gz
samba-01e04614c7c466fdbdc398c782acaa931965f925.tar.bz2
samba-01e04614c7c466fdbdc398c782acaa931965f925.zip
Makefile.in configure configure.in include/proto.h smbd/noquotas.c smbd/quotas.c:
Added quotas patch for autoconf from Dejan Ilic <svedja@lysator.liu.se>. printing/printing.c: Filenames with spaces patch from Allan Bjorklund <allan@umich.edu> utils/nmblookup.c: Fix usage() function. smbd/reply.c: Split out the security=server and security=domain checks into check_server_security() and check_domain_security() to aid the writing of the 'hack' appliance mode invented by John Schimmel. Jeremy. (This used to be commit f09ab9b52251087a58af92ec753537ca34a970fc)
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/noquotas.c31
-rw-r--r--source3/smbd/quotas.c8
-rw-r--r--source3/smbd/reply.c130
3 files changed, 117 insertions, 52 deletions
diff --git a/source3/smbd/noquotas.c b/source3/smbd/noquotas.c
new file mode 100644
index 0000000000..c62fb368c7
--- /dev/null
+++ b/source3/smbd/noquotas.c
@@ -0,0 +1,31 @@
+/*
+ Unix SMB/Netbios implementation.
+ Version 1.9.
+ No support for quotas :-).
+ Copyright (C) Andrew Tridgell 1992-1998
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+/*
+ * Needed for auto generation of proto.h.
+ */
+
+BOOL disk_quotas(char *path, int *bsize, int *dfree, int *dsize)
+{
+ return False;
+}
diff --git a/source3/smbd/quotas.c b/source3/smbd/quotas.c
index 716c2357c6..d610bbe15a 100644
--- a/source3/smbd/quotas.c
+++ b/source3/smbd/quotas.c
@@ -1,4 +1,3 @@
-#ifdef QUOTAS
/*
Unix SMB/Netbios implementation.
Version 1.9.
@@ -658,10 +657,3 @@ BOOL disk_quotas(char *path, int *bsize, int *dfree, int *dsize)
}
#endif
-
-#else
-/* this keeps fussy compilers happy */
- void quotas_dummy(void);
- void quotas_dummy(void) {}
-#endif /* QUOTAS */
-
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 1d8ccd61eb..67c2abb9b5 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -447,10 +447,42 @@ static int session_trust_account(connection_struct *conn, char *inbuf, char *out
return(ERROR(0, 0xc0000000|NT_STATUS_LOGON_FAILURE));
}
+/****************************************************************************
+ Check for a valid username and password in security=server mode.
+****************************************************************************/
+
+static BOOL check_server_security(char *orig_user, char *domain,
+ char *smb_apasswd, int smb_apasslen,
+ char *smb_ntpasswd, int smb_ntpasslen)
+{
+ if(lp_security() != SEC_SERVER)
+ return False;
+
+ return server_validate(orig_user, domain,
+ smb_apasswd, smb_apasslen,
+ smb_ntpasswd, smb_ntpasslen);
+}
+
+/****************************************************************************
+ Check for a valid username and password in security=domain mode.
+****************************************************************************/
+
+static BOOL check_domain_security(char *orig_user, char *domain,
+ char *smb_apasswd, int smb_apasslen,
+ char *smb_ntpasswd, int smb_ntpasslen)
+{
+ if(lp_security() != SEC_DOMAIN)
+ return False;
+
+ return domain_client_validate(orig_user, domain,
+ smb_apasswd, smb_apasslen,
+ smb_ntpasswd, smb_ntpasslen);
+}
/****************************************************************************
reply to a session setup command
****************************************************************************/
+
int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize)
{
uint16 sess_vuid;
@@ -582,12 +614,12 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int
/* If no username is sent use the guest account */
if (!*user)
- {
- pstrcpy(user,lp_guestaccount(-1));
- /* If no user and no password then set guest flag. */
- if( *smb_apasswd == 0)
- guest = True;
- }
+ {
+ pstrcpy(user,lp_guestaccount(-1));
+ /* If no user and no password then set guest flag. */
+ if( *smb_apasswd == 0)
+ guest = True;
+ }
strlower(user);
@@ -631,48 +663,58 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int
if(!guest && strequal(user,lp_guestaccount(-1)) && (*smb_apasswd == 0))
guest = True;
- if (!guest && !(lp_security() == SEC_SERVER &&
- /* Check with orig_user for security=server and
- security=domain. */
- server_validate(orig_user, domain,
- smb_apasswd, smb_apasslen,
- smb_ntpasswd, smb_ntpasslen)) &&
- !(lp_security() == SEC_DOMAIN &&
- domain_client_validate(orig_user, domain,
+ /*
+ * Check with orig_user for security=server and
+ * security=domain.
+ */
+
+ if (!guest &&
+ !check_server_security(orig_user, domain,
smb_apasswd, smb_apasslen,
- smb_ntpasswd, smb_ntpasslen)) &&
+ smb_ntpasswd, smb_ntpasslen) &&
+ !check_domain_security(orig_user, domain,
+ smb_apasswd, smb_apasslen,
+ smb_ntpasswd, smb_ntpasslen) &&
!check_hosts_equiv(user)
)
+ {
+
+ /*
+ * If we get here then the user wasn't guest and the remote
+ * authentication methods failed. Check the authentication
+ * methods on this local server.
+ *
+ * If an NT password was supplied try and validate with that
+ * first. This is superior as the passwords are mixed case
+ * 128 length unicode.
+ */
+
+ if(smb_ntpasslen)
{
+ if(!password_ok(user, smb_ntpasswd,smb_ntpasslen,NULL))
+ DEBUG(0,("NT Password did not match ! Defaulting to Lanman\n"));
+ else
+ valid_nt_password = True;
+ }
- /* now check if it's a valid username/password */
- /* If an NT password was supplied try and validate with that
- first. This is superior as the passwords are mixed case
- 128 length unicode */
- if(smb_ntpasslen)
- {
- if(!password_ok(user, smb_ntpasswd,smb_ntpasslen,NULL))
- DEBUG(0,("NT Password did not match ! Defaulting to Lanman\n"));
- else
- valid_nt_password = True;
- }
- if (!valid_nt_password && !password_ok(user, smb_apasswd,smb_apasslen,NULL))
- {
- if (lp_security() >= SEC_USER) {
+ if (!valid_nt_password && !password_ok(user, smb_apasswd,smb_apasslen,NULL))
+ {
+ if (lp_security() >= SEC_USER)
+ {
#if (GUEST_SESSSETUP == 0)
- return(ERROR(ERRSRV,ERRbadpw));
+ return(ERROR(ERRSRV,ERRbadpw));
#endif
#if (GUEST_SESSSETUP == 1)
- if (Get_Pwnam(user,True))
- return(ERROR(ERRSRV,ERRbadpw));
+ if (Get_Pwnam(user,True))
+ return(ERROR(ERRSRV,ERRbadpw));
#endif
- }
- if (*smb_apasswd || !Get_Pwnam(user,True))
- pstrcpy(user,lp_guestaccount(-1));
- DEBUG(3,("Registered username %s for guest access\n",user));
- guest = True;
- }
+ }
+ if (*smb_apasswd || !Get_Pwnam(user,True))
+ pstrcpy(user,lp_guestaccount(-1));
+ DEBUG(3,("Registered username %s for guest access\n",user));
+ guest = True;
}
+ }
if (!Get_Pwnam(user,True)) {
DEBUG(3,("No such user %s - using guest account\n",user));
@@ -682,12 +724,12 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int
if (!strequal(user,lp_guestaccount(-1)) &&
lp_servicenumber(user) < 0)
- {
- int homes = lp_servicenumber(HOMES_NAME);
- char *home = get_home_dir(user);
- if (homes >= 0 && home)
- lp_add_home(user,homes,home);
- }
+ {
+ int homes = lp_servicenumber(HOMES_NAME);
+ char *home = get_home_dir(user);
+ if (homes >= 0 && home)
+ lp_add_home(user,homes,home);
+ }
/* it's ok - setup a reply */