diff options
| -rw-r--r-- | docs/docbook/manpages/smb.conf.5.sgml | 47 | ||||
| -rw-r--r-- | source3/auth/auth_util.c | 28 | ||||
| -rw-r--r-- | source3/lib/substitute.c | 19 | ||||
| -rw-r--r-- | source3/lib/username.c | 2 | ||||
| -rw-r--r-- | source3/libsmb/cliconnect.c | 3 | ||||
| -rw-r--r-- | source3/libsmb/pwd_cache.c | 2 | ||||
| -rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 18 | ||||
| -rw-r--r-- | source3/smbd/password.c | 2 |
8 files changed, 32 insertions, 89 deletions
diff --git a/docs/docbook/manpages/smb.conf.5.sgml b/docs/docbook/manpages/smb.conf.5.sgml index 4911d3a914..aabc7bfcda 100644 --- a/docs/docbook/manpages/smb.conf.5.sgml +++ b/docs/docbook/manpages/smb.conf.5.sgml @@ -1903,47 +1903,16 @@ <varlistentry> <term><anchor id="DELETEUSERSCRIPT">delete user script (G)</term> <listitem><para>This is the full pathname to a script that will - be run <emphasis>AS ROOT</emphasis> by <ulink url="smbd.8.html"> - <command>smbd(8)</command></ulink> under special circumstances - described below.</para> + be run by <ulink url="smbd.8.html"><command>smbd(8)</command></ulink> + when managing user's with remote RPC (NT) tools. + </para> - <para>Normally, a Samba server requires that UNIX users are - created for all users accessing files on this server. For sites - that use Windows NT account databases as their primary user database - creating these users and keeping the user list in sync with the - Windows NT PDC is an onerous task. This option allows <command> - smbd</command> to delete the required UNIX users <emphasis>ON - DEMAND</emphasis> when a user accesses the Samba server and the - Windows NT user no longer exists.</para> - - <para>In order to use this option, <command>smbd</command> must be - set to <parameter>security = domain</parameter> or <parameter>security = - user</parameter> and <parameter>delete user script</parameter> - must be set to a full pathname for a script - that will delete a UNIX user given one argument of <parameter>%u</parameter>, - which expands into the UNIX user name to delete.</para> + <para>This script is called when a remote client removes a user + from the server, normally using 'User Manager for Domains' or + <command>rpcclient</command>. - <para>When the Windows user attempts to access the Samba server, - at <emphasis>login</emphasis> (session setup in the SMB protocol) - time, <command>smbd</command> contacts the <link linkend="PASSWORDSERVER"> - <parameter>password server</parameter></link> and attempts to authenticate - the given user with the given password. If the authentication fails - with the specific Domain error code meaning that the user no longer - exists then <command>smbd</command> attempts to find a UNIX user in - the UNIX password database that matches the Windows user account. If - this lookup succeeds, and <parameter>delete user script</parameter> is - set then <command>smbd</command> will all the specified script - <emphasis>AS ROOT</emphasis>, expanding any <parameter>%u</parameter> - argument to be the user name to delete.</para> - - <para>This script should delete the given UNIX username. In this way, - UNIX users are dynamically deleted to match existing Windows NT - accounts.</para> - - <para>See also <link linkend="SECURITYEQUALSDOMAIN">security = domain</link>, - <link linkend="PASSWORDSERVER"><parameter>password server</parameter> - </link>, <link linkend="ADDUSERSCRIPT"><parameter>add user script</parameter> - </link>.</para> + <para>This script should delete the given UNIX username. + </para> <para>Default: <command>delete user script = <empty string> </command></para> diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 7179252ce7..0d7a952c04 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -49,24 +49,6 @@ static int smb_create_user(const char *unix_user, const char *homedir) } /**************************************************************************** - Delete a UNIX user on demand. -****************************************************************************/ - -int smb_delete_user(const char *unix_user) -{ - pstring del_script; - int ret; - - pstrcpy(del_script, lp_deluser_script()); - if (! *del_script) - return -1; - all_string_sub(del_script, "%u", unix_user, sizeof(pstring)); - ret = smbrun(del_script,NULL); - DEBUG(3,("smb_delete_user: Running the command `%s' gave %d\n",del_script,ret)); - return ret; -} - -/**************************************************************************** Add and Delete UNIX users on demand, based on NTSTATUS codes. ****************************************************************************/ @@ -88,16 +70,6 @@ void smb_user_control(const auth_usersupplied_info *user_info, auth_serversuppli smb_create_user(user_info->internal_username.str, NULL); } } - } else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER)) { - /* - * User failed to validate ok against Domain controller. - * If the failure was "user doesn't exist" and admin - * wants us to try and delete that UNIX user on the fly, - * do so. - */ - if (lp_deluser_script()) { - smb_delete_user(user_info->internal_username.str); - } } } diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c index 09921c145d..6c56cdd480 100644 --- a/source3/lib/substitute.c +++ b/source3/lib/substitute.c @@ -226,7 +226,7 @@ void standard_sub_basic(const char *smb_name, char *str) Do some standard substitutions in a string. ****************************************************************************/ -void standard_sub_advanced(int snum, const char *user, const char *connectpath, gid_t gid, const char *smb_name, char *str) +static void standard_sub_advanced(int snum, const char *user, const char *connectpath, gid_t gid, const char *smb_name, char *str) { char *p, *s, *home; @@ -391,20 +391,3 @@ void standard_sub_snum(int snum, char *str) standard_sub_advanced(snum, cached_user, "", -1, current_user_info.smb_name, str); } -/******************************************************************* - Substitute strings with useful parameters. -********************************************************************/ - -void standard_sub_vuser(char *str, user_struct *vuser) -{ - standard_sub_advanced(-1, vuser->user.unix_name, "", -1, current_user_info.smb_name, str); -} - -/******************************************************************* - Substitute strings with useful parameters. -********************************************************************/ - -void standard_sub_vsnum(char *str, user_struct *vuser, int snum) -{ - standard_sub_advanced(snum, vuser->user.unix_name, "", -1, current_user_info.smb_name, str); -} diff --git a/source3/lib/username.c b/source3/lib/username.c index f6ce765b41..be8acfb4d6 100644 --- a/source3/lib/username.c +++ b/source3/lib/username.c @@ -30,7 +30,7 @@ static struct passwd *uname_string_combinations2(char *s, int offset, struct pas *local* people, there's nothing for you here...). *****************************************************************/ -BOOL name_is_local(const char *name) +static BOOL name_is_local(const char *name) { return !(strchr_m(name, *lp_winbind_separator())); } diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 7d18692236..0b6436b508 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -1130,8 +1130,9 @@ again: DEBUG(1,("failed tcon_X\n")); nt_status = cli_nt_error(cli); cli_shutdown(cli); - if (NT_STATUS_IS_OK(nt_status)) + if (NT_STATUS_IS_OK(nt_status)) { nt_status = NT_STATUS_UNSUCCESSFUL; + } return nt_status; } } diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c index 8b79788fed..fc0602507a 100644 --- a/source3/libsmb/pwd_cache.c +++ b/source3/libsmb/pwd_cache.c @@ -73,7 +73,7 @@ void pwd_set_cleartext(struct pwd_info *pwd, char *clr) Gets a cleartext password. ****************************************************************************/ -void pwd_get_cleartext(struct pwd_info *pwd, char *clr) +void pwd_get_cleartext(struct pwd_info *pwd, fstring clr) { if (pwd->cleartext) fstrcpy(clr, pwd->password); diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 6a623bd2a0..c889581fae 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -3174,6 +3174,24 @@ NTSTATUS _samr_del_groupmem(pipes_struct *p, SAMR_Q_DEL_GROUPMEM *q_u, SAMR_R_DE } +/**************************************************************************** + Delete a UNIX user on demand. +****************************************************************************/ + +static int smb_delete_user(const char *unix_user) +{ + pstring del_script; + int ret; + + pstrcpy(del_script, lp_deluser_script()); + if (! *del_script) + return -1; + all_string_sub(del_script, "%u", unix_user, sizeof(pstring)); + ret = smbrun(del_script,NULL); + DEBUG(3,("smb_delete_user: Running the command `%s' gave %d\n",del_script,ret)); + return ret; +} + /********************************************************************* _samr_delete_dom_user *********************************************************************/ diff --git a/source3/smbd/password.c b/source3/smbd/password.c index a8fd2b47f1..e50ba4ec1b 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -346,7 +346,7 @@ void add_session_user(char *user) /**************************************************************************** check if a username is valid ****************************************************************************/ -BOOL user_ok(char *user,int snum) +BOOL user_ok(const char *user,int snum) { char **valid, **invalid; BOOL ret; |