From 20efe2fe6cbc4b5cf861a3296e29f5495637f79c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 25 May 2002 07:37:44 +0000 Subject: Clean up a few unused functions, add a bit of static etc. Importantly: The removal of the silly 'delete user script' behaviour when secuity=domain. I have left the name the same - as it still does the (previously documented, but not in smb.conf(5)) sane behaviour of deleting users on request. When we decide what to do with the 'add user' functionality, we might rename it. Andrew Bartlett (This used to be commit cdcfe3671eb7570e15649b77f708e6579055e7bc) --- docs/docbook/manpages/smb.conf.5.sgml | 47 ++++++----------------------------- source3/auth/auth_util.c | 28 --------------------- source3/lib/substitute.c | 19 +------------- source3/lib/username.c | 2 +- source3/libsmb/cliconnect.c | 3 ++- source3/libsmb/pwd_cache.c | 2 +- source3/rpc_server/srv_samr_nt.c | 18 ++++++++++++++ source3/smbd/password.c | 2 +- 8 files changed, 32 insertions(+), 89 deletions(-) diff --git a/docs/docbook/manpages/smb.conf.5.sgml b/docs/docbook/manpages/smb.conf.5.sgml index 4911d3a914..aabc7bfcda 100644 --- a/docs/docbook/manpages/smb.conf.5.sgml +++ b/docs/docbook/manpages/smb.conf.5.sgml @@ -1903,47 +1903,16 @@ delete user script (G) This is the full pathname to a script that will - be run AS ROOT by - smbd(8) under special circumstances - described below. + be run by smbd(8) + when managing user's with remote RPC (NT) tools. + - Normally, a Samba server requires that UNIX users are - created for all users accessing files on this server. For sites - that use Windows NT account databases as their primary user database - creating these users and keeping the user list in sync with the - Windows NT PDC is an onerous task. This option allows - smbd to delete the required UNIX users ON - DEMAND when a user accesses the Samba server and the - Windows NT user no longer exists. - - In order to use this option, smbd must be - set to security = domain or security = - user and delete user script - must be set to a full pathname for a script - that will delete a UNIX user given one argument of %u, - which expands into the UNIX user name to delete. + This script is called when a remote client removes a user + from the server, normally using 'User Manager for Domains' or + rpcclient. - When the Windows user attempts to access the Samba server, - at login (session setup in the SMB protocol) - time, smbd contacts the - password server and attempts to authenticate - the given user with the given password. If the authentication fails - with the specific Domain error code meaning that the user no longer - exists then smbd attempts to find a UNIX user in - the UNIX password database that matches the Windows user account. If - this lookup succeeds, and delete user script is - set then smbd will all the specified script - AS ROOT, expanding any %u - argument to be the user name to delete. - - This script should delete the given UNIX username. In this way, - UNIX users are dynamically deleted to match existing Windows NT - accounts. - - See also security = domain, - password server - , add user script - . + This script should delete the given UNIX username. + Default: delete user script = <empty string> diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 7179252ce7..0d7a952c04 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -48,24 +48,6 @@ static int smb_create_user(const char *unix_user, const char *homedir) return ret; } -/**************************************************************************** - Delete a UNIX user on demand. -****************************************************************************/ - -int smb_delete_user(const char *unix_user) -{ - pstring del_script; - int ret; - - pstrcpy(del_script, lp_deluser_script()); - if (! *del_script) - return -1; - all_string_sub(del_script, "%u", unix_user, sizeof(pstring)); - ret = smbrun(del_script,NULL); - DEBUG(3,("smb_delete_user: Running the command `%s' gave %d\n",del_script,ret)); - return ret; -} - /**************************************************************************** Add and Delete UNIX users on demand, based on NTSTATUS codes. ****************************************************************************/ @@ -88,16 +70,6 @@ void smb_user_control(const auth_usersupplied_info *user_info, auth_serversuppli smb_create_user(user_info->internal_username.str, NULL); } } - } else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER)) { - /* - * User failed to validate ok against Domain controller. - * If the failure was "user doesn't exist" and admin - * wants us to try and delete that UNIX user on the fly, - * do so. - */ - if (lp_deluser_script()) { - smb_delete_user(user_info->internal_username.str); - } } } diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c index 09921c145d..6c56cdd480 100644 --- a/source3/lib/substitute.c +++ b/source3/lib/substitute.c @@ -226,7 +226,7 @@ void standard_sub_basic(const char *smb_name, char *str) Do some standard substitutions in a string. ****************************************************************************/ -void standard_sub_advanced(int snum, const char *user, const char *connectpath, gid_t gid, const char *smb_name, char *str) +static void standard_sub_advanced(int snum, const char *user, const char *connectpath, gid_t gid, const char *smb_name, char *str) { char *p, *s, *home; @@ -391,20 +391,3 @@ void standard_sub_snum(int snum, char *str) standard_sub_advanced(snum, cached_user, "", -1, current_user_info.smb_name, str); } -/******************************************************************* - Substitute strings with useful parameters. -********************************************************************/ - -void standard_sub_vuser(char *str, user_struct *vuser) -{ - standard_sub_advanced(-1, vuser->user.unix_name, "", -1, current_user_info.smb_name, str); -} - -/******************************************************************* - Substitute strings with useful parameters. -********************************************************************/ - -void standard_sub_vsnum(char *str, user_struct *vuser, int snum) -{ - standard_sub_advanced(snum, vuser->user.unix_name, "", -1, current_user_info.smb_name, str); -} diff --git a/source3/lib/username.c b/source3/lib/username.c index f6ce765b41..be8acfb4d6 100644 --- a/source3/lib/username.c +++ b/source3/lib/username.c @@ -30,7 +30,7 @@ static struct passwd *uname_string_combinations2(char *s, int offset, struct pas *local* people, there's nothing for you here...). *****************************************************************/ -BOOL name_is_local(const char *name) +static BOOL name_is_local(const char *name) { return !(strchr_m(name, *lp_winbind_separator())); } diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 7d18692236..0b6436b508 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -1130,8 +1130,9 @@ again: DEBUG(1,("failed tcon_X\n")); nt_status = cli_nt_error(cli); cli_shutdown(cli); - if (NT_STATUS_IS_OK(nt_status)) + if (NT_STATUS_IS_OK(nt_status)) { nt_status = NT_STATUS_UNSUCCESSFUL; + } return nt_status; } } diff --git a/source3/libsmb/pwd_cache.c b/source3/libsmb/pwd_cache.c index 8b79788fed..fc0602507a 100644 --- a/source3/libsmb/pwd_cache.c +++ b/source3/libsmb/pwd_cache.c @@ -73,7 +73,7 @@ void pwd_set_cleartext(struct pwd_info *pwd, char *clr) Gets a cleartext password. ****************************************************************************/ -void pwd_get_cleartext(struct pwd_info *pwd, char *clr) +void pwd_get_cleartext(struct pwd_info *pwd, fstring clr) { if (pwd->cleartext) fstrcpy(clr, pwd->password); diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 6a623bd2a0..c889581fae 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -3174,6 +3174,24 @@ NTSTATUS _samr_del_groupmem(pipes_struct *p, SAMR_Q_DEL_GROUPMEM *q_u, SAMR_R_DE } +/**************************************************************************** + Delete a UNIX user on demand. +****************************************************************************/ + +static int smb_delete_user(const char *unix_user) +{ + pstring del_script; + int ret; + + pstrcpy(del_script, lp_deluser_script()); + if (! *del_script) + return -1; + all_string_sub(del_script, "%u", unix_user, sizeof(pstring)); + ret = smbrun(del_script,NULL); + DEBUG(3,("smb_delete_user: Running the command `%s' gave %d\n",del_script,ret)); + return ret; +} + /********************************************************************* _samr_delete_dom_user *********************************************************************/ diff --git a/source3/smbd/password.c b/source3/smbd/password.c index a8fd2b47f1..e50ba4ec1b 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -346,7 +346,7 @@ void add_session_user(char *user) /**************************************************************************** check if a username is valid ****************************************************************************/ -BOOL user_ok(char *user,int snum) +BOOL user_ok(const char *user,int snum) { char **valid, **invalid; BOOL ret; -- cgit