summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/nsswitch/winbindd.c3
-rw-r--r--source3/passdb/passdb.c6
-rw-r--r--source3/passdb/pdb_guest.c70
-rw-r--r--source3/sam/idmap_util.c46
-rw-r--r--source3/smbd/server.c5
5 files changed, 90 insertions, 40 deletions
diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c
index 1be5a18c7c..da2540f5d9 100644
--- a/source3/nsswitch/winbindd.c
+++ b/source3/nsswitch/winbindd.c
@@ -757,6 +757,9 @@ BOOL winbind_setup_common(void)
if (!idmap_init())
return False;
+ if (!idmap_init_wellknown_sids())
+ return False;
+
/* Unblock all signals we are interested in as they may have been
blocked by the parent process. */
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index 8631888faf..bb40e38d0b 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -37,7 +37,7 @@
Fill the SAM_ACCOUNT with default values.
***********************************************************/
-static void pdb_fill_default_sam(SAM_ACCOUNT *user)
+void pdb_fill_default_sam(SAM_ACCOUNT *user)
{
ZERO_STRUCT(user->private); /* Don't touch the talloc context */
@@ -296,7 +296,7 @@ NTSTATUS pdb_init_sam_new(SAM_ACCOUNT **new_sam_acct, const char *username)
/* set Domain Users by default ! */
sid_copy(&g_sid, get_global_sam_sid());
- sid_append_rid(&g_sid, DOMAIN_GROUP_RID_USERS);
+ sid_append_rid(&g_sid, DOMAIN_GROUP_RID_USERS);
pdb_set_group_sid(*new_sam_acct, &g_sid, PDB_SET);
}
return NT_STATUS_OK;
@@ -671,7 +671,7 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use
GROUP_MAP map;
if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid)){
- DEBUG(0,("local_sid_to_gid: sid_peek_check_rid return False! SID: %s\n",
+ DEBUG(0,("local_lookup_sid: sid_peek_check_rid return False! SID: %s\n",
sid_string_static(&map.sid)));
return False;
}
diff --git a/source3/passdb/pdb_guest.c b/source3/passdb/pdb_guest.c
index 7ecfa7d4c3..9bcdccc7e7 100644
--- a/source3/passdb/pdb_guest.c
+++ b/source3/passdb/pdb_guest.c
@@ -24,11 +24,16 @@
Lookup a name in the SAM database
******************************************************************/
-static NTSTATUS guestsam_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT *user, const char *sname)
+static NTSTATUS guestsam_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT *sam_account, const char *sname)
{
NTSTATUS nt_status;
- struct passwd *pass;
const char *guest_account = lp_guestaccount();
+
+ if (!sam_account || !sname) {
+ DEBUG(0,("invalid name specified"));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
if (!(guest_account && *guest_account)) {
DEBUG(1, ("NULL guest account!?!?\n"));
return NT_STATUS_UNSUCCESSFUL;
@@ -38,21 +43,31 @@ static NTSTATUS guestsam_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT *
DEBUG(0,("invalid methods\n"));
return NT_STATUS_UNSUCCESSFUL;
}
- if (!sname) {
- DEBUG(0,("invalid name specified"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
if (!strequal(guest_account, sname)) {
return NT_STATUS_NO_SUCH_USER;
}
- pass = getpwnam_alloc(guest_account);
-
- nt_status = pdb_fill_sam_pw(user, pass);
+ pdb_fill_default_sam(sam_account);
+
+ if (!pdb_set_username(sam_account, guest_account, PDB_SET))
+ return NT_STATUS_UNSUCCESSFUL;
+
+ if (!pdb_set_fullname(sam_account, guest_account, PDB_SET))
+ return NT_STATUS_UNSUCCESSFUL;
+
+ if (!pdb_set_domain(sam_account, lp_workgroup(), PDB_DEFAULT))
+ return NT_STATUS_UNSUCCESSFUL;
+
+ if (!pdb_set_acct_ctrl(sam_account, ACB_NORMAL, PDB_DEFAULT))
+ return NT_STATUS_UNSUCCESSFUL;
+
+ if (!pdb_set_user_sid_from_rid(sam_account, DOMAIN_USER_RID_GUEST, PDB_DEFAULT))
+ return NT_STATUS_UNSUCCESSFUL;
+
+ if (!pdb_set_group_sid_from_rid(sam_account, DOMAIN_GROUP_RID_GUESTS, PDB_DEFAULT))
+ return NT_STATUS_UNSUCCESSFUL;
- passwd_free(&pass);
- return nt_status;
+ return NT_STATUS_OK;
}
@@ -61,35 +76,17 @@ static NTSTATUS guestsam_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT *
**************************************************************************/
static NTSTATUS guestsam_getsampwrid (struct pdb_methods *methods,
- SAM_ACCOUNT *user, uint32 rid)
+ SAM_ACCOUNT *sam_account, uint32 rid)
{
- NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
- struct passwd *pass = NULL;
- const char *guest_account = lp_guestaccount();
- if (!(guest_account && *guest_account)) {
- DEBUG(1, ("NULL guest account!?!?\n"));
- return nt_status;
- }
-
- if (!methods) {
- DEBUG(0,("invalid methods\n"));
- return nt_status;
- }
-
- if (rid == DOMAIN_USER_RID_GUEST) {
- pass = getpwnam_alloc(guest_account);
- if (!pass) {
- DEBUG(1, ("guest account %s does not seem to exist...\n", guest_account));
- return NT_STATUS_NO_SUCH_USER;
- }
- } else {
+ if (rid != DOMAIN_USER_RID_GUEST) {
return NT_STATUS_NO_SUCH_USER;
}
- nt_status = pdb_fill_sam_pw(user, pass);
- passwd_free(&pass);
+ if (!sam_account) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
- return nt_status;
+ return guestsam_getsampwnam (methods, sam_account, lp_guestaccount());
}
static NTSTATUS guestsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, const DOM_SID *sid)
@@ -97,6 +94,7 @@ static NTSTATUS guestsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT
uint32 rid;
if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid))
return NT_STATUS_NO_SUCH_USER;
+
return guestsam_getsampwrid(my_methods, user, rid);
}
diff --git a/source3/sam/idmap_util.c b/source3/sam/idmap_util.c
index 5d089d3baf..92cbb103db 100644
--- a/source3/sam/idmap_util.c
+++ b/source3/sam/idmap_util.c
@@ -298,3 +298,49 @@ NTSTATUS sid_to_gid(const DOM_SID *sid, gid_t *gid)
return ret;
}
+
+/* Initialize idmap withWellknown SIDs like Guest, that are necessary
+ * to make samba run properly */
+BOOL idmap_init_wellknown_sids(void)
+{
+ const char *guest_account = lp_guestaccount();
+ struct passwd *pass;
+ DOM_SID sid;
+ unid_t id;
+ int flags;
+
+ if (!(guest_account && *guest_account)) {
+ DEBUG(1, ("NULL guest account!?!?\n"));
+ return False;
+ }
+
+ pass = getpwnam_alloc(guest_account);
+ if (!pass) {
+ return False;
+ }
+
+ flags = ID_USERID;
+ id.uid = pass->pw_uid;
+ sid_copy(&sid, get_global_sam_sid());
+ sid_append_rid(&sid, DOMAIN_USER_RID_GUEST);
+ if (NT_STATUS_IS_ERR(idmap_set_mapping(&sid, id, flags))) {
+ passwd_free(&pass);
+ return False;
+ }
+
+ /* check if DOMAIN_GROUP_RID_GUESTS SID is set, if not store the
+ * guest account gid as mapping */
+ flags = ID_GROUPID | ID_NOMAP;
+ sid_copy(&sid, get_global_sam_sid());
+ sid_append_rid(&sid, DOMAIN_GROUP_RID_GUESTS);
+ if (NT_STATUS_IS_ERR(idmap_get_id_from_sid(&id, &flags, &sid))) {
+ flags = ID_GROUPID;
+ id.gid = pass->pw_gid;
+ if (NT_STATUS_IS_ERR(idmap_set_mapping(&sid, id, flags))) {
+ passwd_free(&pass);
+ return False;
+ }
+ }
+
+ return True;
+}
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index b1b9192c09..ef27f0b7a4 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -833,10 +833,13 @@ static BOOL init_structs(void )
if (!init_registry())
exit(1);
+ if(!initialize_password_db(False))
+ exit(1);
+
if (!idmap_init())
exit(1);
- if(!initialize_password_db(False))
+ if (!idmap_init_wellknown_sids())
exit(1);
static_init_rpc;