summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
Diffstat (limited to 'source3')
-rw-r--r--source3/Makefile.in5
-rw-r--r--source3/auth/auth_rhosts.c293
-rw-r--r--source3/configure.in3
-rw-r--r--source3/param/loadparm.c3
-rw-r--r--source3/utils/testparm.c9
5 files changed, 1 insertions, 312 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 2d0ac9ab7a..32243b4759 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -383,7 +383,6 @@ DCUTIL_OBJ = libsmb/namequery_dc.o libsmb/trustdom_cache.o libsmb/trusts_util.o
AUTH_BUILTIN_OBJ = auth/auth_builtin.o
AUTH_DOMAIN_OBJ = auth/auth_domain.o
AUTH_SAM_OBJ = auth/auth_sam.o
-AUTH_RHOSTS_OBJ = auth/auth_rhosts.o
AUTH_SERVER_OBJ = auth/auth_server.o
AUTH_UNIX_OBJ = auth/auth_unix.o
AUTH_WINBIND_OBJ = auth/auth_winbind.o
@@ -1216,10 +1215,6 @@ bin/pam_winbind.@SHLIBEXT@: $(PAM_WINBIND_PICOBJ) bin/.dummy
@$(SHLD) $(LDSHFLAGS) -o $@ $(PAM_WINBIND_PICOBJ) \
@SONAMEFLAG@`basename $@` -lpam @INIPARSERLIBS@
-bin/rhosts.@SHLIBEXT@: $(AUTH_RHOSTS_OBJ:.o=.@PICSUFFIX@)
- @echo "Building plugin $@"
- @$(SHLD) $(LDSHFLAGS) -o $@ $(AUTH_RHOSTS_OBJ:.o=.@PICSUFFIX@) @SONAMEFLAG@`basename $@`
-
bin/builtin.@SHLIBEXT@: $(AUTH_BUILTIN_OBJ:.o=.@PICSUFFIX@)
@echo "Building plugin $@"
@$(SHLD) $(LDSHFLAGS) -o $@ $(AUTH_BUILTIN_OBJ:.o=.@PICSUFFIX@) @SONAMEFLAG@`basename $@`
diff --git a/source3/auth/auth_rhosts.c b/source3/auth/auth_rhosts.c
deleted file mode 100644
index 23e276bc84..0000000000
--- a/source3/auth/auth_rhosts.c
+++ /dev/null
@@ -1,293 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- Main SMB reply routines
- Copyright (C) Andrew Tridgell 1992-1998
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_AUTH
-
-/****************************************************************************
- Create a struct samu - either by looking in the pdb, or by faking it up from
- unix info.
-****************************************************************************/
-
-static NTSTATUS auth_get_sam_account(const char *user, struct samu **account)
-{
- BOOL pdb_ret;
- NTSTATUS nt_status = NT_STATUS_NO_SUCH_USER;
-
- if ( !(*account = samu_new( NULL )) ) {
- return NT_STATUS_NO_MEMORY;
- }
-
- become_root();
- pdb_ret = pdb_getsampwnam(*account, user);
- unbecome_root();
-
- if (!pdb_ret)
- {
- struct passwd *pass;
-
- if ( !(pass = Get_Pwnam( user )) ) {
- return NT_STATUS_NO_SUCH_USER;
- }
-
- nt_status = samu_set_unix( *account, pass );
- }
-
- return nt_status;
-}
-
-/****************************************************************************
- Read the a hosts.equiv or .rhosts file and check if it
- allows this user from this machine.
-****************************************************************************/
-
-static BOOL check_user_equiv(const char *user, const char *remote, const char *equiv_file)
-{
- int plus_allowed = 1;
- char *file_host;
- char *file_user;
- char **lines = file_lines_load(equiv_file, NULL,0);
- int i;
-
- DEBUG(5, ("check_user_equiv %s %s %s\n", user, remote, equiv_file));
- if (! lines) {
- return False;
- }
- for (i=0; lines[i]; i++) {
- char *buf = lines[i];
- trim_char(buf,' ',' ');
-
- if (buf[0] != '#' && buf[0] != '\n') {
- BOOL is_group = False;
- int plus = 1;
- char *bp = buf;
-
- if (strcmp(buf, "NO_PLUS\n") == 0) {
- DEBUG(6, ("check_user_equiv NO_PLUS\n"));
- plus_allowed = 0;
- } else {
- if (buf[0] == '+') {
- bp++;
- if (*bp == '\n' && plus_allowed) {
- /* a bare plus means everbody allowed */
- DEBUG(6, ("check_user_equiv everybody allowed\n"));
- file_lines_free(lines);
- return True;
- }
- } else if (buf[0] == '-') {
- bp++;
- plus = 0;
- }
- if (*bp == '@') {
- is_group = True;
- bp++;
- }
- file_host = strtok(bp, " \t\n");
- file_user = strtok(NULL, " \t\n");
- DEBUG(7, ("check_user_equiv %s %s\n", file_host ? file_host : "(null)",
- file_user ? file_user : "(null)" ));
-
- if (file_host && *file_host) {
- BOOL host_ok = False;
-
-#if defined(HAVE_NETGROUP) && defined(HAVE_YP_GET_DEFAULT_DOMAIN)
- if (is_group) {
- static char *mydomain = NULL;
- if (!mydomain) {
- yp_get_default_domain(&mydomain);
- }
- if (mydomain && innetgr(file_host,remote,user,mydomain)) {
- host_ok = True;
- }
- }
-#else
- if (is_group) {
- DEBUG(1,("Netgroups not configured\n"));
- continue;
- }
-#endif
-
- /* is it this host */
- /* the fact that remote has come from a call of gethostbyaddr
- * means that it may have the fully qualified domain name
- * so we could look up the file version to get it into
- * a canonical form, but I would rather just type it
- * in full in the equiv file
- */
-
- if (!host_ok && !is_group && strequal(remote, file_host)) {
- host_ok = True;
- }
-
- if (!host_ok) {
- continue;
- }
-
- /* is it this user */
- if (file_user == 0 || strequal(user, file_user)) {
- DEBUG(5, ("check_user_equiv matched %s%s %s\n",
- (plus ? "+" : "-"), file_host,
- (file_user ? file_user : "")));
- file_lines_free(lines);
- return (plus ? True : False);
- }
- }
- }
- }
- }
-
- file_lines_free(lines);
- return False;
-}
-
-/****************************************************************************
-check for a possible hosts equiv or rhosts entry for the user
-****************************************************************************/
-
-static BOOL check_hosts_equiv(struct samu *account)
-{
- uid_t uid;
- char *fname = NULL;
-
- fname = lp_hosts_equiv();
- if (!sid_to_uid(pdb_get_user_sid(account), &uid))
- return False;
-
- /* note: don't allow hosts.equiv on root */
- if (fname && *fname && uid != 0) {
- if (check_user_equiv(pdb_get_username(account),client_name(),fname))
- return True;
- }
-
- return False;
-}
-
-
-/****************************************************************************
- Check for a valid .rhosts/hosts.equiv entry for this user
-****************************************************************************/
-
-static NTSTATUS check_hostsequiv_security(const struct auth_context *auth_context,
- void *my_private_data,
- TALLOC_CTX *mem_ctx,
- const auth_usersupplied_info *user_info,
- auth_serversupplied_info **server_info)
-{
- NTSTATUS nt_status;
- struct samu *account = NULL;
- if (!NT_STATUS_IS_OK(nt_status =
- auth_get_sam_account(user_info->internal_username,
- &account))) {
- if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER))
- nt_status = NT_STATUS_NOT_IMPLEMENTED;
- return nt_status;
- }
-
- if (check_hosts_equiv(account)) {
- nt_status = make_server_info_sam(server_info, account);
- if (!NT_STATUS_IS_OK(nt_status)) {
- TALLOC_FREE(account);
- }
- } else {
- TALLOC_FREE(account);
- nt_status = NT_STATUS_NOT_IMPLEMENTED;
- }
-
- return nt_status;
-}
-
-/* module initialisation */
-static NTSTATUS auth_init_hostsequiv(struct auth_context *auth_context, const char* param, auth_methods **auth_method)
-{
- if (!make_auth_methods(auth_context, auth_method)) {
- return NT_STATUS_NO_MEMORY;
- }
-
- (*auth_method)->auth = check_hostsequiv_security;
- (*auth_method)->name = "hostsequiv";
- return NT_STATUS_OK;
-}
-
-
-/****************************************************************************
- Check for a valid .rhosts/hosts.equiv entry for this user
-****************************************************************************/
-
-static NTSTATUS check_rhosts_security(const struct auth_context *auth_context,
- void *my_private_data,
- TALLOC_CTX *mem_ctx,
- const auth_usersupplied_info *user_info,
- auth_serversupplied_info **server_info)
-{
- NTSTATUS nt_status;
- struct samu *account = NULL;
- pstring rhostsfile;
- const char *home;
-
- if (!NT_STATUS_IS_OK(nt_status =
- auth_get_sam_account(user_info->internal_username,
- &account))) {
- if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER))
- nt_status = NT_STATUS_NOT_IMPLEMENTED;
- return nt_status;
- }
-
- home = pdb_get_unix_homedir(account);
-
- if (home) {
- slprintf(rhostsfile, sizeof(rhostsfile)-1, "%s/.rhosts", home);
- become_root();
- if (check_user_equiv(pdb_get_username(account),client_name(),rhostsfile)) {
- nt_status = make_server_info_sam(server_info, account);
- if (!NT_STATUS_IS_OK(nt_status)) {
- TALLOC_FREE(account);
- }
- } else {
- TALLOC_FREE(account);
- }
- unbecome_root();
- } else {
- TALLOC_FREE(account);
- nt_status = NT_STATUS_NOT_IMPLEMENTED;
- }
-
- return nt_status;
-}
-
-/* module initialisation */
-static NTSTATUS auth_init_rhosts(struct auth_context *auth_context, const char *param, auth_methods **auth_method)
-{
- if (!make_auth_methods(auth_context, auth_method)) {
- return NT_STATUS_NO_MEMORY;
- }
-
- (*auth_method)->auth = check_rhosts_security;
- (*auth_method)->name = "rhosts";
- return NT_STATUS_OK;
-}
-
-NTSTATUS auth_rhosts_init(void)
-{
- smb_register_auth(AUTH_INTERFACE_VERSION, "rhosts", auth_init_rhosts);
- smb_register_auth(AUTH_INTERFACE_VERSION, "hostsequiv", auth_init_hostsequiv);
- return NT_STATUS_OK;
-}
diff --git a/source3/configure.in b/source3/configure.in
index 21545a34af..079202ac3b 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -545,7 +545,7 @@ DYNEXP=
dnl Add modules that have to be built by default here
dnl These have to be built static:
-default_static_modules="pdb_smbpasswd pdb_tdbsam rpc_lsa rpc_samr rpc_reg rpc_lsa_ds rpc_wks rpc_svcctl rpc_ntsvcs rpc_net rpc_netdfs rpc_srv rpc_spoolss rpc_eventlog auth_rhosts auth_sam auth_unix auth_winbind auth_server auth_domain auth_builtin"
+default_static_modules="pdb_smbpasswd pdb_tdbsam rpc_lsa rpc_samr rpc_reg rpc_lsa_ds rpc_wks rpc_svcctl rpc_ntsvcs rpc_net rpc_netdfs rpc_srv rpc_spoolss rpc_eventlog auth_sam auth_unix auth_winbind auth_server auth_domain auth_builtin"
dnl These are preferably build shared, and static if dlopen() is not available
default_shared_modules="vfs_recycle vfs_audit vfs_extd_audit vfs_full_audit vfs_netatalk vfs_fake_perms vfs_default_quota vfs_readonly vfs_cap vfs_expand_msdfs vfs_shadow_copy charset_CP850 charset_CP437 auth_script"
@@ -5522,7 +5522,6 @@ SMB_MODULE(charset_CP437, modules/CP437.o, "bin/CP437.$SHLIBEXT", CHARSET)
SMB_MODULE(charset_macosxfs, modules/charset_macosxfs.o,"bin/macosxfs.$SHLIBEXT", CHARSET)
SMB_SUBSYSTEM(CHARSET,lib/iconv.o)
-SMB_MODULE(auth_rhosts, \$(AUTH_RHOSTS_OBJ), "bin/rhosts.$SHLIBEXT", AUTH)
SMB_MODULE(auth_sam, \$(AUTH_SAM_OBJ), "bin/sam.$SHLIBEXT", AUTH)
SMB_MODULE(auth_unix, \$(AUTH_UNIX_OBJ), "bin/unix.$SHLIBEXT", AUTH)
SMB_MODULE(auth_winbind, \$(AUTH_WINBIND_OBJ), "bin/winbind.$SHLIBEXT", AUTH)
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 38e1bd6dd0..c4ef9ef3ea 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -114,7 +114,6 @@ typedef struct {
char *szGetQuota;
char *szSetQuota;
char *szMsgCommand;
- char *szHostsEquiv;
char *szServerString;
char *szAutoServices;
char *szPasswdProgram;
@@ -852,7 +851,6 @@ static struct parm_struct parm_table[] = {
{"client schannel", P_ENUM, P_GLOBAL, &Globals.clientSchannel, NULL, enum_bool_auto, FLAG_BASIC | FLAG_ADVANCED},
{"server schannel", P_ENUM, P_GLOBAL, &Globals.serverSchannel, NULL, enum_bool_auto, FLAG_BASIC | FLAG_ADVANCED},
{"allow trusted domains", P_BOOL, P_GLOBAL, &Globals.bAllowTrustedDomains, NULL, NULL, FLAG_ADVANCED},
- {"hosts equiv", P_STRING, P_GLOBAL, &Globals.szHostsEquiv, NULL, NULL, FLAG_ADVANCED},
{"map to guest", P_ENUM, P_GLOBAL, &Globals.map_to_guest, NULL, enum_map_to_guest, FLAG_ADVANCED},
{"null passwords", P_BOOL, P_GLOBAL, &Globals.bNullPasswords, NULL, NULL, FLAG_ADVANCED},
{"obey pam restrictions", P_BOOL, P_GLOBAL, &Globals.bObeyPamRestrictions, NULL, NULL, FLAG_ADVANCED},
@@ -1773,7 +1771,6 @@ FN_GLOBAL_STRING(lp_defaultservice, &Globals.szDefaultService)
FN_GLOBAL_STRING(lp_msg_command, &Globals.szMsgCommand)
FN_GLOBAL_STRING(lp_get_quota_command, &Globals.szGetQuota)
FN_GLOBAL_STRING(lp_set_quota_command, &Globals.szSetQuota)
-FN_GLOBAL_STRING(lp_hosts_equiv, &Globals.szHostsEquiv)
FN_GLOBAL_STRING(lp_auto_services, &Globals.szAutoServices)
FN_GLOBAL_STRING(lp_passwd_program, &Globals.szPasswdProgram)
FN_GLOBAL_STRING(lp_passwd_chat, &Globals.szPasswdChat)
diff --git a/source3/utils/testparm.c b/source3/utils/testparm.c
index 8b9ff4710e..fe2d26afca 100644
--- a/source3/utils/testparm.c
+++ b/source3/utils/testparm.c
@@ -96,15 +96,6 @@ to a valid password server.\n", sec_setting );
/*
- * Check 'hosts equiv' and 'use rhosts' compatibility with 'hostname lookup' value.
- */
-
- if(*lp_hosts_equiv() && !lp_hostname_lookups()) {
- fprintf(stderr, "ERROR: The setting 'hosts equiv = %s' requires that 'hostname lookups = yes'.\n", lp_hosts_equiv());
- ret = 1;
- }
-
- /*
* Password chat sanity checks.
*/