summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/proto.h1
-rw-r--r--source3/param/loadparm.c6
-rw-r--r--source3/passdb/passdb.c40
-rw-r--r--source3/rpc_server/srv_samr.c11
4 files changed, 47 insertions, 11 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 9cd9296c41..0abb6cdb06 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1632,6 +1632,7 @@ int lp_oplock_contention_limit(int );
int lp_write_cache_size(int );
char lp_magicchar(int );
int lp_winbind_cache_time(void);
+BOOL lp_hide_local_users(void);
BOOL lp_add_home(char *pszHomename, int iDefaultService, char *pszHomedir);
int lp_add_service(char *pszService, int iDefaultService);
BOOL lp_add_printer(char *pszPrintername, int iDefaultService);
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 716511cb8b..9a6f5e946d 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -263,6 +263,7 @@ typedef struct
BOOL bDebugPid;
BOOL bDebugUid;
BOOL bHostMSDfs;
+ BOOL bHideLocalUsers;
}
global;
@@ -992,6 +993,8 @@ static struct parm_struct parm_table[] = {
{"fake directory create times", P_BOOL, P_LOCAL, &sDefault.bFakeDirCreateTimes, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
{"panic action", P_STRING, P_GLOBAL, &Globals.szPanicAction, NULL, NULL, 0},
+ {"hide local users", P_BOOL, P_GLOBAL, &Globals.bHideLocalUsers, NULL,
+ NULL, 0},
{"VFS options", P_SEP, P_SEPARATOR},
@@ -1629,7 +1632,10 @@ FN_LOCAL_INTEGER(lp_oplock_contention_limit, iOplockContentionLimit)
FN_LOCAL_INTEGER(lp_write_cache_size, iWriteCacheSize)
FN_LOCAL_CHAR(lp_magicchar, magic_char)
FN_GLOBAL_INTEGER(lp_winbind_cache_time, &Globals.winbind_cache_time)
+FN_GLOBAL_BOOL(lp_hide_local_users, &Globals.bHideLocalUsers)
+
/* local prototypes */
+
static int map_parameter(char *pszParmName);
static BOOL set_boolean(BOOL *pb, char *pszParmValue);
static int getservicebyname(char *pszServiceName,
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 6fa733717e..42c0176fc5 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -33,8 +33,6 @@ extern int DEBUGLEVEL;
*/
extern DOM_SID global_sam_sid;
-extern pstring global_myname;
-extern fstring global_myworkgroup;
struct passdb_ops *pdb_ops;
@@ -438,8 +436,18 @@ BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use)
if(!next_token(&p, name, NULL, sizeof(fstring)))
fstrcpy(name, "Guest");
} else {
- uid_t uid = pdb_user_rid_to_uid(rid);
- struct passwd *pass = sys_getpwuid(uid);
+ uid_t uid;
+ struct passwd *pass;
+
+ /*
+ * Don't try to convert the rid to a name if
+ * running in appliance mode
+ */
+ if (lp_hide_local_users())
+ return False;
+
+ uid = pdb_user_rid_to_uid(rid);
+ pass = sys_getpwuid(uid);
*psid_name_use = SID_NAME_USER;
@@ -458,8 +466,19 @@ BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use)
}
} else {
- gid_t gid = pdb_user_rid_to_gid(rid);
- struct group *gr = getgrgid(gid);
+ gid_t gid;
+ struct group *gr;
+
+ /*
+ * Don't try to convert the rid to a name if running
+ * in appliance mode
+ */
+
+ if (lp_hide_local_users())
+ return False;
+
+ gid = pdb_user_rid_to_gid(rid);
+ gr = getgrgid(gid);
*psid_name_use = SID_NAME_ALIAS;
@@ -492,9 +511,6 @@ BOOL local_lookup_name(char *domain, char *user, DOM_SID *psid, enum SID_NAME_US
sid_copy(&local_sid, &global_sam_sid);
- if(!strequal(global_myname, domain) && !strequal(global_myworkgroup, domain))
- return False;
-
/*
* Special case for MACHINE\Everyone. Map to the world_sid.
*/
@@ -506,6 +522,12 @@ BOOL local_lookup_name(char *domain, char *user, DOM_SID *psid, enum SID_NAME_US
return True;
}
+ /*
+ * Don't lookup local unix users if running in appliance mode
+ */
+ if (lp_hide_local_users())
+ return False;
+
(void)map_username(user);
if(!(pass = sys_getpwnam(user))) {
diff --git a/source3/rpc_server/srv_samr.c b/source3/rpc_server/srv_samr.c
index 352852038a..b0991f7627 100644
--- a/source3/rpc_server/srv_samr.c
+++ b/source3/rpc_server/srv_samr.c
@@ -210,6 +210,10 @@ static BOOL get_passwd_entries(SAM_USER_INFO_21 *pw_buf,
(*num_entries) = 0;
(*total_entries) = 0;
+ /* Skip all this stuff if we're in appliance mode */
+
+ if (lp_hide_local_users()) goto done;
+
if (pw_buf == NULL) return False;
if (current_idx == 0) {
@@ -340,6 +344,7 @@ static BOOL get_passwd_entries(SAM_USER_INFO_21 *pw_buf,
mapped_idx = 0;
}
+done:
return (*num_entries) > 0;
}
@@ -759,14 +764,16 @@ static BOOL samr_reply_enum_dom_aliases(SAMR_Q_ENUM_DOM_ALIASES *q_u,
if (strequal(sid_str, "S-1-5-32"))
{
char *name;
- while (num_entries < MAX_SAM_ENTRIES && ((name = builtin_alias_rids[num_entries].name) != NULL))
+ while (!lp_hide_local_users() &&
+ num_entries < MAX_SAM_ENTRIES &&
+ ((name = builtin_alias_rids[num_entries].name) != NULL))
{
init_unistr2(&(pass[num_entries].uni_user_name), name, strlen(name)+1);
pass[num_entries].user_rid = builtin_alias_rids[num_entries].rid;
num_entries++;
}
}
- else if (strequal(sid_str, sam_sid_str))
+ else if (strequal(sid_str, sam_sid_str) && !lp_hide_local_users())
{
char *name;
char *sep;