diff options
Diffstat (limited to 'source3')
-rw-r--r-- | source3/Makefile.in | 5 | ||||
-rw-r--r-- | source3/auth/auth.c | 18 | ||||
-rwxr-xr-x | source3/include/rpc_spoolss.h | 4 | ||||
-rw-r--r-- | source3/include/smb.h | 1 | ||||
-rw-r--r-- | source3/param/loadparm.c | 1 | ||||
-rw-r--r-- | source3/registry/regfio.c | 2 | ||||
-rw-r--r-- | source3/smbd/sesssetup.c | 17 |
7 files changed, 34 insertions, 14 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index d00b56872f..a0e297a1a1 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -270,7 +270,8 @@ RPC_NETLOG_OBJ = rpc_server/srv_netlog.o rpc_server/srv_netlog_nt.o RPC_SAMR_OBJ = rpc_server/srv_samr.o rpc_server/srv_samr_nt.o \ rpc_server/srv_samr_util.o -RPC_REG_OBJ = rpc_server/srv_reg.o rpc_server/srv_reg_nt.o +REGFIO_OBJ = registry/regfio.o + RPC_REG_OBJ = rpc_server/srv_reg.o rpc_server/srv_reg_nt.o $(REGFIO_OBJ) RPC_LSA_DS_OBJ = rpc_server/srv_lsa_ds.o rpc_server/srv_lsa_ds_nt.o @@ -371,8 +372,6 @@ AUTH_OBJ = auth/auth.o @AUTH_STATIC@ auth/auth_util.o auth/auth_compat.o \ MANGLE_OBJ = smbd/mangle.o smbd/mangle_hash.o smbd/mangle_map.o smbd/mangle_hash2.o -REGFIO_OBJ = registry/regfio.o - SMBD_OBJ_MAIN = smbd/server.o BUILDOPT_OBJ = smbd/build_options.o diff --git a/source3/auth/auth.c b/source3/auth/auth.c index b777e97cc9..e38279a140 100644 --- a/source3/auth/auth.c +++ b/source3/auth/auth.c @@ -215,6 +215,7 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context, if (!user_info || !auth_context || !server_info) return NT_STATUS_LOGON_FAILURE; + DEBUG(3, ("check_ntlm_password: Checking password for unmapped user [%s]\\[%s]@[%s] with the new password interface\n", user_info->client_domain.str, user_info->smb_name.str, user_info->wksta_name.str)); @@ -305,12 +306,19 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context, unix_username)); } } - if (!NT_STATUS_IS_OK(nt_status)) { - DEBUG(2, ("check_ntlm_password: Authentication for user [%s] -> [%s] FAILED with error %s\n", - user_info->smb_name.str, user_info->internal_username.str, - nt_errstr(nt_status))); - ZERO_STRUCTP(server_info); + if (lp_map_to_guest() == MAP_TO_GUEST_ON_VALID_DOMAIN_USER ){ + /*user_info->smb_name.str = lp_guestaccount();*/ + become_root(); + nt_status = smb_pam_accountcheck(lp_guestaccount()); + unbecome_root(); + make_server_info_guest(server_info); + }else{ + DEBUG(2, ("check_ntlm_password: Authentication for user [%s] -> [%s] FAILED with error %s\n", + user_info->smb_name.str, user_info->internal_username.str, + nt_errstr(nt_status))); + ZERO_STRUCTP(server_info); + } } return nt_status; } diff --git a/source3/include/rpc_spoolss.h b/source3/include/rpc_spoolss.h index c49b423283..d0422e8d6e 100755 --- a/source3/include/rpc_spoolss.h +++ b/source3/include/rpc_spoolss.h @@ -191,8 +191,8 @@ /* ACE masks for the various print permissions */ #define PRINTER_ACE_FULL_CONTROL (GENERIC_ALL_ACCESS|PRINTER_ALL_ACCESS) -#define PRINTER_ACE_MANAGE_DOCUMENTS READ_CONTROL_ACCESS -#define PRINTER_ACE_PRINT (READ_CONTROL_ACCESS|PRINTER_ACCESS_USE) +#define PRINTER_ACE_MANAGE_DOCUMENTS (GENERIC_ALL_ACCESS|READ_CONTROL_ACCESS) +#define PRINTER_ACE_PRINT (GENERIC_EXECUTE_ACCESS|READ_CONTROL_ACCESS|PRINTER_ACCESS_USE) /* Notify field types */ diff --git a/source3/include/smb.h b/source3/include/smb.h index 35ae5723b0..4161c6c788 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -1654,6 +1654,7 @@ struct unix_error_map { #include "client.h" */ +#define MAP_TO_GUEST_ON_VALID_DOMAIN_USER 3 /* * Size of new password account encoding string. This is enough space to * hold 11 ACB characters, plus the surrounding [] and a terminating null. diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index ac6dbb4d4a..c90d214be6 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -754,6 +754,7 @@ static const struct enum_list enum_smb_signing_vals[] = { are rejected, unless the username does not exist, in which case it is treated as a guest login + {MAP_TO_GUEST_ON_VALID_DOMAIN_USER, "Non-UNIX Valid Domain User"}, "Bad Password" means session setups with an invalid password are treated as a guest login diff --git a/source3/registry/regfio.c b/source3/registry/regfio.c index 6049b9bdd6..dc69b3f9ed 100644 --- a/source3/registry/regfio.c +++ b/source3/registry/regfio.c @@ -1679,7 +1679,7 @@ static int hashrec_cmp( REGF_HASH_REC *h1, REGF_HASH_REC *h2 ) SEC_DESC *sec_desc, REGF_NK_REC *parent ) { REGF_NK_REC *nk; - REGF_HBIN *vlist_hbin; + REGF_HBIN *vlist_hbin = NULL; uint32 size; if ( !(nk = TALLOC_ZERO_P( file->mem_ctx, REGF_NK_REC )) ) diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 9fbf0b1d51..0209dc2597 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -125,6 +125,7 @@ static NTSTATUS check_guest_password(auth_serversupplied_info **server_info) return nt_status; } + if (!make_user_info_guest(&user_info)) { (auth_context->free)(&auth_context); return NT_STATUS_NO_MEMORY; @@ -146,6 +147,7 @@ static int reply_spnego_kerberos(connection_struct *conn, int length, int bufsize, DATA_BLOB *secblob) { + int map_domainuser_to_guest = 0; DATA_BLOB ticket; char *client, *p, *domain; fstring netbios_domain_name; @@ -245,14 +247,19 @@ static int reply_spnego_kerberos(connection_struct *conn, } asprintf(&user, "%s%c%s", domain, *lp_winbind_separator(), client); - /* lookup the passwd struct, create a new user if necessary */ + if (lp_map_to_guest() == MAP_TO_GUEST_ON_VALID_DOMAIN_USER ){ + map_domainuser_to_guest == 1; + fstrcpy(user,lp_guestaccount()); + pw = smb_getpwnam( user, real_username, True ); + } else { map_username( user ); pw = smb_getpwnam( user, real_username, True ); if (!pw) { + } DEBUG(1,("Username %s is invalid on this system\n",user)); SAFE_FREE(user); SAFE_FREE(client); @@ -265,16 +272,20 @@ static int reply_spnego_kerberos(connection_struct *conn, sub_set_smb_name( real_username ); reload_services(True); - - if (!NT_STATUS_IS_OK(ret = make_server_info_pw(&server_info, real_username, pw))) + if (map_domainuser_to_guest == 1) { + make_server_info_guest(&server_info); + }else{ + if (!NT_STATUS_IS_OK(ret = make_server_info_pw(&server_info, real_username, pw))) { DEBUG(1,("make_server_info_from_pw failed!\n")); SAFE_FREE(user); SAFE_FREE(client); data_blob_free(&ap_rep); + data_blob_free(&session_key); return ERROR_NT(ret); } + } /* make_server_info_pw does not set the domain. Without this we end up * with the local netbios name in substitutions for %D. */ |