summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/local.h23
-rw-r--r--source3/include/ntdomain.h2
-rw-r--r--source3/include/proto.h1
-rw-r--r--source3/include/smb.h25
-rw-r--r--source3/param/loadparm.c27
-rw-r--r--source3/printing/printing.c9
-rw-r--r--source3/rpc_parse/parse_misc.c2
-rw-r--r--source3/rpc_parse/parse_reg.c2
-rw-r--r--source3/rpcclient/cmd_reg.c2
-rw-r--r--source3/rpcclient/display.c3
-rw-r--r--source3/smbd/reply.c19
-rw-r--r--source3/utils/testparm.c4
12 files changed, 81 insertions, 38 deletions
diff --git a/source3/include/local.h b/source3/include/local.h
index c609f65342..e6e2fd4bad 100644
--- a/source3/include/local.h
+++ b/source3/include/local.h
@@ -104,29 +104,6 @@
#define PRIME_NMBD 1
#endif
-/* do you want session setups at user level security with a invalid
- password to be rejected or allowed in as guest? WinNT rejects them
- but it can be a pain as it means "net view" needs to use a password
-
- You have 3 choices:
-
- GUEST_SESSSETUP = 0 means session setups with an invalid password
- are rejected.
-
- GUEST_SESSSETUP = 1 means session setups with an invalid password
- are rejected, unless the username does not exist, in which case it
- is treated as a guest login
-
- GUEST_SESSSETUP = 2 means session setups with an invalid password
- are treated as a guest login
-
- Note that GUEST_SESSSETUP only has an effect in user or server
- level security.
- */
-#ifndef GUEST_SESSSETUP
-#define GUEST_SESSSETUP 0
-#endif
-
/* the default pager to use for the client "more" command. Users can
override this with the PAGER environment variable */
#ifndef PAGER
diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h
index 5b53834efe..edbe87ab8d 100644
--- a/source3/include/ntdomain.h
+++ b/source3/include/ntdomain.h
@@ -32,7 +32,7 @@
#include "rpc_misc.h"
/* security descriptor structures */
-#include "rpc_secdes.h"
+#include "rpc_secdes.h"
/* different dce/rpc pipes */
#include "rpc_lsa.h"
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 143f397e0a..61394c9ad9 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1035,6 +1035,7 @@ int lp_lm_interval(void);
int lp_machine_password_timeout(void);
int lp_change_notify_timeout(void);
int lp_stat_cache_size(void);
+int lp_map_to_guest(void);
int lp_ldap_port(void);
char *lp_preexec(int );
char *lp_postexec(int );
diff --git a/source3/include/smb.h b/source3/include/smb.h
index a8b0c745b2..db7b251d65 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -1684,6 +1684,31 @@ struct nmb_name {
#define NEW_PW_FORMAT_SPACE_PADDED_LEN 14
+/*
+ Do you want session setups at user level security with a invalid
+ password to be rejected or allowed in as guest? WinNT rejects them
+ but it can be a pain as it means "net view" needs to use a password
+
+ You have 3 choices in the setting of map_to_guest:
+
+ "NEVER_MAP_TO_GUEST" means session setups with an invalid password
+ are rejected. This is the default.
+
+ "MAP_TO_GUEST_ON_BAD_USER" means session setups with an invalid password
+ are rejected, unless the username does not exist, in which case it
+ is treated as a guest login
+
+ "MAP_TO_GUEST_ON_BAD_PASSWORD" means session setups with an invalid password
+ are treated as a guest login
+
+ Note that map_to_guest only has an effect in user or server
+ level security.
+*/
+
+#define NEVER_MAP_TO_GUEST 0
+#define MAP_TO_GUEST_ON_BAD_USER 1
+#define MAP_TO_GUEST_ON_BAD_PASSWORD 2
+
#endif /* _SMB_H */
/* _SMB_H */
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index bfc1b801e7..8b35116858 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -182,6 +182,7 @@ typedef struct
int machine_password_timeout;
int change_notify_timeout;
int stat_cache_size;
+ int map_to_guest;
#ifdef WITH_LDAP
int ldap_port;
#endif /* WITH_LDAP */
@@ -468,6 +469,29 @@ static struct enum_list enum_case[] = {{CASE_LOWER, "lower"}, {CASE_UPPER, "uppe
static struct enum_list enum_lm_announce[] = {{0, "False"}, {1, "True"}, {2, "Auto"}, {-1, NULL}};
+/*
+ Do you want session setups at user level security with a invalid
+ password to be rejected or allowed in as guest? WinNT rejects them
+ but it can be a pain as it means "net view" needs to use a password
+
+ You have 3 choices in the setting of map_to_guest:
+
+ "Never" means session setups with an invalid password
+ are rejected. This is the default.
+
+ "Bad User" means session setups with an invalid password
+ are rejected, unless the username does not exist, in which case it
+ is treated as a guest login
+
+ "Bad Password" means session setups with an invalid password
+ are treated as a guest login
+
+ Note that map_to_guest only has an effect in user or server
+ level security.
+*/
+
+static struct enum_list enum_map_to_guest[] = {{NEVER_MAP_TO_GUEST, "Never"}, {MAP_TO_GUEST_ON_BAD_USER, "Bad User"}, {MAP_TO_GUEST_ON_BAD_PASSWORD, "Bad Password"}, {-1, NULL}};
+
#ifdef WITH_SSL
static struct enum_list enum_ssl_version[] = {{SMB_SSL_V2, "ssl2"}, {SMB_SSL_V3, "ssl3"},
{SMB_SSL_V23, "ssl2or3"}, {SMB_SSL_TLS1, "tls1"}, {-1, NULL}};
@@ -492,6 +516,7 @@ static struct parm_struct parm_table[] =
{"encrypt passwords",P_BOOL, P_GLOBAL, &Globals.bEncryptPasswords, NULL, NULL, FLAG_BASIC},
{"update encrypted", P_BOOL, P_GLOBAL, &Globals.bUpdateEncrypt, NULL, NULL, FLAG_BASIC},
{"use rhosts", P_BOOL, P_GLOBAL, &Globals.bUseRhosts, NULL, NULL, 0},
+ {"map to guest", P_ENUM, P_GLOBAL, &Globals.map_to_guest, NULL, enum_map_to_guest, 0},
{"null passwords", P_BOOL, P_GLOBAL, &Globals.bNullPasswords, NULL, NULL, 0},
{"password server", P_STRING, P_GLOBAL, &Globals.szPasswordServer, NULL, NULL, 0},
{"smb passwd file", P_STRING, P_GLOBAL, &Globals.szSMBPasswdFile, NULL, NULL, 0},
@@ -868,6 +893,7 @@ static void init_globals(void)
Globals.bNTSmbSupport = True; /* Do NT SMB's by default. */
Globals.bNTPipeSupport = True; /* Do NT pipes by default. */
Globals.bStatCache = True; /* use stat cache by default */
+ Globals.map_to_guest = 0; /* By Default, "Never" */
#ifdef WITH_LDAP
/* default values for ldap */
@@ -1187,6 +1213,7 @@ FN_GLOBAL_INTEGER(lp_lm_interval,&Globals.lm_interval)
FN_GLOBAL_INTEGER(lp_machine_password_timeout,&Globals.machine_password_timeout)
FN_GLOBAL_INTEGER(lp_change_notify_timeout,&Globals.change_notify_timeout)
FN_GLOBAL_INTEGER(lp_stat_cache_size,&Globals.stat_cache_size)
+FN_GLOBAL_INTEGER(lp_map_to_guest,&Globals.map_to_guest)
#ifdef WITH_LDAP
FN_GLOBAL_INTEGER(lp_ldap_port,&Globals.ldap_port)
diff --git a/source3/printing/printing.c b/source3/printing/printing.c
index faa099c359..2aecb58047 100644
--- a/source3/printing/printing.c
+++ b/source3/printing/printing.c
@@ -222,15 +222,18 @@ static BOOL parse_lpq_bsd(char *line,print_queue_struct *buf,BOOL first)
char *tok[MAXTOK];
int count = 0;
+ pstring line2;
+
+ pstrcpy(line2,line);
#ifdef OSF1
int length;
- length = strlen(line);
- if (line[length-3] == ':')
+ length = strlen(line2);
+ if (line2[length-3] == ':')
return(False);
#endif /* OSF1 */
- tok[0] = strtok(line," \t");
+ tok[0] = strtok(line2," \t");
count++;
while (((tok[count] = strtok(NULL," \t")) != NULL) && (count < MAXTOK)) {
diff --git a/source3/rpc_parse/parse_misc.c b/source3/rpc_parse/parse_misc.c
index 3a74d11e52..b21057033f 100644
--- a/source3/rpc_parse/parse_misc.c
+++ b/source3/rpc_parse/parse_misc.c
@@ -400,7 +400,7 @@ creates a BUFFER3 structure from a hex string.
void make_buffer3_hex(BUFFER3 *str, char *buf)
{
ZERO_STRUCTP(str);
- str->buf_max_len = str->buf_len = strhex_to_str(str->buffer, sizeof(str->buffer), buf);
+ str->buf_max_len = str->buf_len = strhex_to_str((char *)str->buffer, sizeof(str->buffer), buf);
}
/*******************************************************************
diff --git a/source3/rpc_parse/parse_reg.c b/source3/rpc_parse/parse_reg.c
index 329da974fb..2c871ab873 100644
--- a/source3/rpc_parse/parse_reg.c
+++ b/source3/rpc_parse/parse_reg.c
@@ -90,7 +90,7 @@ void make_reg_q_create_key(REG_Q_CREATE_KEY *q_c, POLICY_HND *hnd,
int len_name = name != NULL ? strlen(name ) + 1: 0;
int len_class = class != NULL ? strlen(class) + 1: 0;
- static char data[] =
+ static unsigned char data[] =
{
0x01, 0x00, 0x00, 0x80,
0x00, 0x00, 0x00, 0x00,
diff --git a/source3/rpcclient/cmd_reg.c b/source3/rpcclient/cmd_reg.c
index 48b6d385bb..6430db2627 100644
--- a/source3/rpcclient/cmd_reg.c
+++ b/source3/rpcclient/cmd_reg.c
@@ -471,7 +471,7 @@ void cmd_reg_create_val(struct client_info *info)
}
DEBUG(10,("key data:\n"));
- dump_data(10, value.buffer, value.buf_len);
+ dump_data(10, (char *)value.buffer, value.buf_len);
/* open WINREG session. */
res = res ? cli_nt_session_open(smb_cli, PIPE_WINREG) : False;
diff --git a/source3/rpcclient/display.c b/source3/rpcclient/display.c
index e173ced009..c55358bc9c 100644
--- a/source3/rpcclient/display.c
+++ b/source3/rpcclient/display.c
@@ -1245,11 +1245,10 @@ char *get_reg_val_type_str(uint32 type)
}
default:
{
- snprintf(typestr, sizeof(typestr), "[%d]", type);
- return typestr;
break;
}
}
+ snprintf(typestr, sizeof(typestr), "[%d]", type);
return typestr;
}
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 67c2abb9b5..d3131b5fea 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -701,14 +701,21 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int
{
if (lp_security() >= SEC_USER)
{
-#if (GUEST_SESSSETUP == 0)
- return(ERROR(ERRSRV,ERRbadpw));
-#endif
-#if (GUEST_SESSSETUP == 1)
- if (Get_Pwnam(user,True))
+ if (lp_map_to_guest() == NEVER_MAP_TO_GUEST)
return(ERROR(ERRSRV,ERRbadpw));
-#endif
+
+ if (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_USER)
+ {
+ if (Get_Pwnam(user,True))
+ return(ERROR(ERRSRV,ERRbadpw));
+ }
+
+ /*
+ * ..else if lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD
+ * Then always map to guest account - as done below.
+ */
}
+
if (*smb_apasswd || !Get_Pwnam(user,True))
pstrcpy(user,lp_guestaccount(-1));
DEBUG(3,("Registered username %s for guest access\n",user));
diff --git a/source3/utils/testparm.c b/source3/utils/testparm.c
index 6697dc7fd9..92bf5cb384 100644
--- a/source3/utils/testparm.c
+++ b/source3/utils/testparm.c
@@ -52,6 +52,10 @@ static void do_global_checks(void)
'security=share' mode.\n");
}
+ if (lp_security() == SEC_DOMAIN && !lp_encrypted_passwords()) {
+ printf("ERROR: in 'security=domain' mode the 'encrypt passwords' parameter must also be set to 'true'.\n");
+ }
+
if (lp_wins_support() && *lp_wins_server()) {
printf("ERROR: both 'wins support = true' and 'wins server = <server>' \
cannot be set in the smb.conf file. nmbd will abort with this setting.\n");