diff options
-rw-r--r-- | source3/include/proto.h | 1 | ||||
-rw-r--r-- | source3/param/loadparm.c | 6 | ||||
-rw-r--r-- | source3/passdb/passdb.c | 40 | ||||
-rw-r--r-- | source3/rpc_server/srv_samr.c | 11 |
4 files changed, 47 insertions, 11 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h index 9cd9296c41..0abb6cdb06 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1632,6 +1632,7 @@ int lp_oplock_contention_limit(int ); int lp_write_cache_size(int ); char lp_magicchar(int ); int lp_winbind_cache_time(void); +BOOL lp_hide_local_users(void); BOOL lp_add_home(char *pszHomename, int iDefaultService, char *pszHomedir); int lp_add_service(char *pszService, int iDefaultService); BOOL lp_add_printer(char *pszPrintername, int iDefaultService); diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 716511cb8b..9a6f5e946d 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -263,6 +263,7 @@ typedef struct BOOL bDebugPid; BOOL bDebugUid; BOOL bHostMSDfs; + BOOL bHideLocalUsers; } global; @@ -992,6 +993,8 @@ static struct parm_struct parm_table[] = { {"fake directory create times", P_BOOL, P_LOCAL, &sDefault.bFakeDirCreateTimes, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL}, {"panic action", P_STRING, P_GLOBAL, &Globals.szPanicAction, NULL, NULL, 0}, + {"hide local users", P_BOOL, P_GLOBAL, &Globals.bHideLocalUsers, NULL, + NULL, 0}, {"VFS options", P_SEP, P_SEPARATOR}, @@ -1629,7 +1632,10 @@ FN_LOCAL_INTEGER(lp_oplock_contention_limit, iOplockContentionLimit) FN_LOCAL_INTEGER(lp_write_cache_size, iWriteCacheSize) FN_LOCAL_CHAR(lp_magicchar, magic_char) FN_GLOBAL_INTEGER(lp_winbind_cache_time, &Globals.winbind_cache_time) +FN_GLOBAL_BOOL(lp_hide_local_users, &Globals.bHideLocalUsers) + /* local prototypes */ + static int map_parameter(char *pszParmName); static BOOL set_boolean(BOOL *pb, char *pszParmValue); static int getservicebyname(char *pszServiceName, diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index 6fa733717e..42c0176fc5 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -33,8 +33,6 @@ extern int DEBUGLEVEL; */ extern DOM_SID global_sam_sid; -extern pstring global_myname; -extern fstring global_myworkgroup; struct passdb_ops *pdb_ops; @@ -438,8 +436,18 @@ BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use) if(!next_token(&p, name, NULL, sizeof(fstring))) fstrcpy(name, "Guest"); } else { - uid_t uid = pdb_user_rid_to_uid(rid); - struct passwd *pass = sys_getpwuid(uid); + uid_t uid; + struct passwd *pass; + + /* + * Don't try to convert the rid to a name if + * running in appliance mode + */ + if (lp_hide_local_users()) + return False; + + uid = pdb_user_rid_to_uid(rid); + pass = sys_getpwuid(uid); *psid_name_use = SID_NAME_USER; @@ -458,8 +466,19 @@ BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use) } } else { - gid_t gid = pdb_user_rid_to_gid(rid); - struct group *gr = getgrgid(gid); + gid_t gid; + struct group *gr; + + /* + * Don't try to convert the rid to a name if running + * in appliance mode + */ + + if (lp_hide_local_users()) + return False; + + gid = pdb_user_rid_to_gid(rid); + gr = getgrgid(gid); *psid_name_use = SID_NAME_ALIAS; @@ -492,9 +511,6 @@ BOOL local_lookup_name(char *domain, char *user, DOM_SID *psid, enum SID_NAME_US sid_copy(&local_sid, &global_sam_sid); - if(!strequal(global_myname, domain) && !strequal(global_myworkgroup, domain)) - return False; - /* * Special case for MACHINE\Everyone. Map to the world_sid. */ @@ -506,6 +522,12 @@ BOOL local_lookup_name(char *domain, char *user, DOM_SID *psid, enum SID_NAME_US return True; } + /* + * Don't lookup local unix users if running in appliance mode + */ + if (lp_hide_local_users()) + return False; + (void)map_username(user); if(!(pass = sys_getpwnam(user))) { diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c index 352852038a..b0991f7627 100644 --- a/source3/rpc_server/srv_samr.c +++ b/source3/rpc_server/srv_samr.c @@ -210,6 +210,10 @@ static BOOL get_passwd_entries(SAM_USER_INFO_21 *pw_buf, (*num_entries) = 0; (*total_entries) = 0; + /* Skip all this stuff if we're in appliance mode */ + + if (lp_hide_local_users()) goto done; + if (pw_buf == NULL) return False; if (current_idx == 0) { @@ -340,6 +344,7 @@ static BOOL get_passwd_entries(SAM_USER_INFO_21 *pw_buf, mapped_idx = 0; } +done: return (*num_entries) > 0; } @@ -759,14 +764,16 @@ static BOOL samr_reply_enum_dom_aliases(SAMR_Q_ENUM_DOM_ALIASES *q_u, if (strequal(sid_str, "S-1-5-32")) { char *name; - while (num_entries < MAX_SAM_ENTRIES && ((name = builtin_alias_rids[num_entries].name) != NULL)) + while (!lp_hide_local_users() && + num_entries < MAX_SAM_ENTRIES && + ((name = builtin_alias_rids[num_entries].name) != NULL)) { init_unistr2(&(pass[num_entries].uni_user_name), name, strlen(name)+1); pass[num_entries].user_rid = builtin_alias_rids[num_entries].rid; num_entries++; } } - else if (strequal(sid_str, sam_sid_str)) + else if (strequal(sid_str, sam_sid_str) && !lp_hide_local_users()) { char *name; char *sep; |