diff options
Diffstat (limited to 'source3')
-rw-r--r-- | source3/param/loadparm.c | 2 | ||||
-rw-r--r-- | source3/passdb/passdb.c | 76 | ||||
-rw-r--r-- | source3/passdb/pdb_unix.c | 27 |
3 files changed, 58 insertions, 47 deletions
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 9e4ce615e8..b16f4483f8 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -1525,7 +1525,7 @@ FN_GLOBAL_STRING(lp_panic_action, &Globals.szPanicAction) FN_GLOBAL_STRING(lp_adduser_script, &Globals.szAddUserScript) FN_GLOBAL_STRING(lp_deluser_script, &Globals.szDelUserScript) -FN_GLOBAL_STRING(lp_guestaccount, &Globals.szGuestaccount) +FN_GLOBAL_CONST_STRING(lp_guestaccount, &Globals.szGuestaccount) FN_GLOBAL_STRING(lp_addgroup_script, &Globals.szAddGroupScript) FN_GLOBAL_STRING(lp_delgroup_script, &Globals.szDelGroupScript) FN_GLOBAL_STRING(lp_addusertogroup_script, &Globals.szAddUserToGroupScript) diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index fdcda0268d..a9c6f0729b 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -157,6 +157,12 @@ NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sam_account, const struct passwd *pwd) { GROUP_MAP map; + const char *guest_account = lp_guestaccount(); + if (!(guest_account && *guest_account)) { + DEBUG(1, ("NULL guest account!?!?\n")); + return NT_STATUS_UNSUCCESSFUL; + } + if (!pwd) { return NT_STATUS_UNSUCCESSFUL; } @@ -183,24 +189,36 @@ NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sam_account, const struct passwd *pwd) -- abartlet 11-May-02 */ - if (!pdb_set_user_sid_from_rid(sam_account, - fallback_pdb_uid_to_user_rid(pwd->pw_uid))) { - DEBUG(0,("Can't set User SID from RID!\n")); - return NT_STATUS_INVALID_PARAMETER; - } - /* call the mapping code here */ - if(get_group_map_from_gid(pwd->pw_gid, &map, MAPPING_WITHOUT_PRIV)) { - if (!pdb_set_group_sid(sam_account,&map.sid)){ - DEBUG(0,("Can't set Group SID!\n")); - return NT_STATUS_INVALID_PARAMETER; + /* Ensure this *must* be set right */ + if (strcmp(pwd->pw_name, guest_account) == 0) { + if (!pdb_set_user_sid_from_rid(sam_account, DOMAIN_USER_RID_GUEST)) { + return NT_STATUS_UNSUCCESSFUL; } - } - else { - if (!pdb_set_group_sid_from_rid(sam_account,pdb_gid_to_group_rid(pwd->pw_gid))) { - DEBUG(0,("Can't set Group SID\n")); + if (!pdb_set_group_sid_from_rid(sam_account, DOMAIN_GROUP_RID_GUESTS)) { + return NT_STATUS_UNSUCCESSFUL; + } + } else { + + if (!pdb_set_user_sid_from_rid(sam_account, + fallback_pdb_uid_to_user_rid(pwd->pw_uid))) { + DEBUG(0,("Can't set User SID from RID!\n")); return NT_STATUS_INVALID_PARAMETER; } + + /* call the mapping code here */ + if(get_group_map_from_gid(pwd->pw_gid, &map, MAPPING_WITHOUT_PRIV)) { + if (!pdb_set_group_sid(sam_account,&map.sid)){ + DEBUG(0,("Can't set Group SID!\n")); + return NT_STATUS_INVALID_PARAMETER; + } + } + else { + if (!pdb_set_group_sid_from_rid(sam_account,pdb_gid_to_group_rid(pwd->pw_gid))) { + DEBUG(0,("Can't set Group SID\n")); + return NT_STATUS_INVALID_PARAMETER; + } + } } /* check if this is a user account or a machine account */ @@ -574,14 +592,6 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use fstrcpy(name, "Administrator"); } return True; - - } else if (rid == DOMAIN_USER_RID_GUEST) { - char *p = lp_guestaccount(); - *psid_name_use = SID_NAME_USER; - if(!next_token(&p, name, NULL, sizeof(fstring))) - fstrcpy(name, "Guest"); - return True; - } /* @@ -597,6 +607,7 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use } /* This now does the 'generic' mapping in pdb_unix */ + /* 'guest' is also handled there */ if (pdb_getsampwsid(sam_account, sid)) { fstrcpy(name, pdb_get_username(sam_account)); *psid_name_use = SID_NAME_USER; @@ -845,23 +856,10 @@ BOOL local_sid_to_uid(uid_t *puid, const DOM_SID *psid, enum SID_NAME_USE *name_ return False; } - if (rid == DOMAIN_USER_RID_GUEST) { - struct passwd *pw = getpwnam_alloc(lp_guestaccount()); - if (!pw) { - DEBUG(1, ("getpwnam on guest account '%s' failed!\n", lp_guestaccount())); - return False; - } - *puid = pw->pw_uid; - passwd_free(&pw); - DEBUG(5,("local_sid_to_uid: Guest account (SID %s) mapped to guest account id %ld.\n", - sid_to_string(str, psid), (signed long int)(*puid))); - } else { - - *puid = fallback_pdb_user_rid_to_uid(rid); - - DEBUG(5,("local_sid_to_uid: SID %s algorithmicly mapped to %ld mapped becouse SID was not found in passdb.\n", - sid_to_string(str, psid), (signed long int)(*puid))); - } + *puid = fallback_pdb_user_rid_to_uid(rid); + + DEBUG(5,("local_sid_to_uid: SID %s algorithmicly mapped to %ld mapped becouse SID was not found in passdb.\n", + sid_to_string(str, psid), (signed long int)(*puid))); } *name_type = SID_NAME_USER; diff --git a/source3/passdb/pdb_unix.c b/source3/passdb/pdb_unix.c index 88334f2b70..06f12164eb 100644 --- a/source3/passdb/pdb_unix.c +++ b/source3/passdb/pdb_unix.c @@ -49,19 +49,32 @@ static BOOL unixsam_getsampwrid (struct pdb_methods *methods, { struct passwd *pass; BOOL ret = False; + const char *guest_account = lp_guestaccount(); + if (!(guest_account && *guest_account)) { + DEBUG(1, ("NULL guest account!?!?\n")); + return False; + } + if (!methods) { DEBUG(0,("invalid methods\n")); return False; } - - if (pdb_rid_is_user(rid)) { - pass = getpwuid_alloc(fallback_pdb_user_rid_to_uid (rid)); - - if (pass) { - ret = NT_STATUS_IS_OK(pdb_fill_sam_pw(user, pass)); - passwd_free(&pass); + + if (rid == DOMAIN_USER_RID_GUEST) { + pass = getpwnam_alloc(guest_account); + if (!pass) { + DEBUG(1, ("guest account %s does not seem to exist...\n", guest_account)); + return False; } + } else if (pdb_rid_is_user(rid)) { + pass = getpwuid_alloc(fallback_pdb_user_rid_to_uid (rid)); + } else { + return False; } + + ret = NT_STATUS_IS_OK(pdb_fill_sam_pw(user, pass)); + passwd_free(&pass); + return ret; } |