diff options
author | Andrew Bartlett <abartlet@samba.org> | 2002-08-17 04:51:27 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2002-08-17 04:51:27 +0000 |
commit | a27ec4a0118e4443e76f706b715c95c17ce60595 (patch) | |
tree | 6988ee3b47c021dc7c0e25e7ee1a810460a445b7 /source3 | |
parent | f56e06476fed5dda04ce12734aeb6efc9bf2d0a4 (diff) | |
download | samba-a27ec4a0118e4443e76f706b715c95c17ce60595.tar.gz samba-a27ec4a0118e4443e76f706b715c95c17ce60595.tar.bz2 samba-a27ec4a0118e4443e76f706b715c95c17ce60595.zip |
Rework the 'guest account get's RID 501' code again...
This moves it right into the passdb subsystem, where we can do this in
just one (or 2) places. Due to the fact that this code can be in a tight loop,
I've had to make 'guest account' a 'const' paramater, where % macros cannot be
used. In any case, if the 'guest account' varies, we are in for some nasty
cases in the other code, so it's useful anyway.
Andrew Bartlett
(This used to be commit 8718e5e7b2651edad15f52a4262dc745df7ad70f)
Diffstat (limited to 'source3')
-rw-r--r-- | source3/param/loadparm.c | 2 | ||||
-rw-r--r-- | source3/passdb/passdb.c | 76 | ||||
-rw-r--r-- | source3/passdb/pdb_unix.c | 27 |
3 files changed, 58 insertions, 47 deletions
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 9e4ce615e8..b16f4483f8 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -1525,7 +1525,7 @@ FN_GLOBAL_STRING(lp_panic_action, &Globals.szPanicAction) FN_GLOBAL_STRING(lp_adduser_script, &Globals.szAddUserScript) FN_GLOBAL_STRING(lp_deluser_script, &Globals.szDelUserScript) -FN_GLOBAL_STRING(lp_guestaccount, &Globals.szGuestaccount) +FN_GLOBAL_CONST_STRING(lp_guestaccount, &Globals.szGuestaccount) FN_GLOBAL_STRING(lp_addgroup_script, &Globals.szAddGroupScript) FN_GLOBAL_STRING(lp_delgroup_script, &Globals.szDelGroupScript) FN_GLOBAL_STRING(lp_addusertogroup_script, &Globals.szAddUserToGroupScript) diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index fdcda0268d..a9c6f0729b 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -157,6 +157,12 @@ NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sam_account, const struct passwd *pwd) { GROUP_MAP map; + const char *guest_account = lp_guestaccount(); + if (!(guest_account && *guest_account)) { + DEBUG(1, ("NULL guest account!?!?\n")); + return NT_STATUS_UNSUCCESSFUL; + } + if (!pwd) { return NT_STATUS_UNSUCCESSFUL; } @@ -183,24 +189,36 @@ NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sam_account, const struct passwd *pwd) -- abartlet 11-May-02 */ - if (!pdb_set_user_sid_from_rid(sam_account, - fallback_pdb_uid_to_user_rid(pwd->pw_uid))) { - DEBUG(0,("Can't set User SID from RID!\n")); - return NT_STATUS_INVALID_PARAMETER; - } - /* call the mapping code here */ - if(get_group_map_from_gid(pwd->pw_gid, &map, MAPPING_WITHOUT_PRIV)) { - if (!pdb_set_group_sid(sam_account,&map.sid)){ - DEBUG(0,("Can't set Group SID!\n")); - return NT_STATUS_INVALID_PARAMETER; + /* Ensure this *must* be set right */ + if (strcmp(pwd->pw_name, guest_account) == 0) { + if (!pdb_set_user_sid_from_rid(sam_account, DOMAIN_USER_RID_GUEST)) { + return NT_STATUS_UNSUCCESSFUL; } - } - else { - if (!pdb_set_group_sid_from_rid(sam_account,pdb_gid_to_group_rid(pwd->pw_gid))) { - DEBUG(0,("Can't set Group SID\n")); + if (!pdb_set_group_sid_from_rid(sam_account, DOMAIN_GROUP_RID_GUESTS)) { + return NT_STATUS_UNSUCCESSFUL; + } + } else { + + if (!pdb_set_user_sid_from_rid(sam_account, + fallback_pdb_uid_to_user_rid(pwd->pw_uid))) { + DEBUG(0,("Can't set User SID from RID!\n")); return NT_STATUS_INVALID_PARAMETER; } + + /* call the mapping code here */ + if(get_group_map_from_gid(pwd->pw_gid, &map, MAPPING_WITHOUT_PRIV)) { + if (!pdb_set_group_sid(sam_account,&map.sid)){ + DEBUG(0,("Can't set Group SID!\n")); + return NT_STATUS_INVALID_PARAMETER; + } + } + else { + if (!pdb_set_group_sid_from_rid(sam_account,pdb_gid_to_group_rid(pwd->pw_gid))) { + DEBUG(0,("Can't set Group SID\n")); + return NT_STATUS_INVALID_PARAMETER; + } + } } /* check if this is a user account or a machine account */ @@ -574,14 +592,6 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use fstrcpy(name, "Administrator"); } return True; - - } else if (rid == DOMAIN_USER_RID_GUEST) { - char *p = lp_guestaccount(); - *psid_name_use = SID_NAME_USER; - if(!next_token(&p, name, NULL, sizeof(fstring))) - fstrcpy(name, "Guest"); - return True; - } /* @@ -597,6 +607,7 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use } /* This now does the 'generic' mapping in pdb_unix */ + /* 'guest' is also handled there */ if (pdb_getsampwsid(sam_account, sid)) { fstrcpy(name, pdb_get_username(sam_account)); *psid_name_use = SID_NAME_USER; @@ -845,23 +856,10 @@ BOOL local_sid_to_uid(uid_t *puid, const DOM_SID *psid, enum SID_NAME_USE *name_ return False; } - if (rid == DOMAIN_USER_RID_GUEST) { - struct passwd *pw = getpwnam_alloc(lp_guestaccount()); - if (!pw) { - DEBUG(1, ("getpwnam on guest account '%s' failed!\n", lp_guestaccount())); - return False; - } - *puid = pw->pw_uid; - passwd_free(&pw); - DEBUG(5,("local_sid_to_uid: Guest account (SID %s) mapped to guest account id %ld.\n", - sid_to_string(str, psid), (signed long int)(*puid))); - } else { - - *puid = fallback_pdb_user_rid_to_uid(rid); - - DEBUG(5,("local_sid_to_uid: SID %s algorithmicly mapped to %ld mapped becouse SID was not found in passdb.\n", - sid_to_string(str, psid), (signed long int)(*puid))); - } + *puid = fallback_pdb_user_rid_to_uid(rid); + + DEBUG(5,("local_sid_to_uid: SID %s algorithmicly mapped to %ld mapped becouse SID was not found in passdb.\n", + sid_to_string(str, psid), (signed long int)(*puid))); } *name_type = SID_NAME_USER; diff --git a/source3/passdb/pdb_unix.c b/source3/passdb/pdb_unix.c index 88334f2b70..06f12164eb 100644 --- a/source3/passdb/pdb_unix.c +++ b/source3/passdb/pdb_unix.c @@ -49,19 +49,32 @@ static BOOL unixsam_getsampwrid (struct pdb_methods *methods, { struct passwd *pass; BOOL ret = False; + const char *guest_account = lp_guestaccount(); + if (!(guest_account && *guest_account)) { + DEBUG(1, ("NULL guest account!?!?\n")); + return False; + } + if (!methods) { DEBUG(0,("invalid methods\n")); return False; } - - if (pdb_rid_is_user(rid)) { - pass = getpwuid_alloc(fallback_pdb_user_rid_to_uid (rid)); - - if (pass) { - ret = NT_STATUS_IS_OK(pdb_fill_sam_pw(user, pass)); - passwd_free(&pass); + + if (rid == DOMAIN_USER_RID_GUEST) { + pass = getpwnam_alloc(guest_account); + if (!pass) { + DEBUG(1, ("guest account %s does not seem to exist...\n", guest_account)); + return False; } + } else if (pdb_rid_is_user(rid)) { + pass = getpwuid_alloc(fallback_pdb_user_rid_to_uid (rid)); + } else { + return False; } + + ret = NT_STATUS_IS_OK(pdb_fill_sam_pw(user, pass)); + passwd_free(&pass); + return ret; } |