From 395aa946cd4fb9d5e07dd2fee418045a8064dfab Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 9 Nov 2001 11:16:06 +0000 Subject: This change updates lp_guestaccount() to be a *global* paramater, rather than per-share. I beleive that almost all the things that this could have done on a per-share basis can be done with other tools, like 'force user'. Almost all the user's of this paramater used it as a global anyway... While this is one step at a time, I hope it will allow me to considerably simplfy the make_connection() code, particularly for the user-level security case. This already removes an absolute truckload of extra attempted password lookups on the guest account. Andrew Bartlett (This used to be commit 8e708332eded210c1d1fe0cebca3c9c19f054b71) --- source3/rpc_server/srv_pipe.c | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) (limited to 'source3/rpc_server') diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index e3969f7ea8..b9c40e719b 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -265,7 +265,6 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlm int nt_pw_len; int lm_pw_len; fstring user_name; - fstring pipe_user_name; fstring domain; fstring wks; @@ -326,14 +325,7 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlm * Allow guest access. Patch from Shirish Kalele . */ - if((strlen(user_name) == 0) && - (ntlmssp_resp->hdr_nt_resp.str_str_len==0)) - { - - fstrcpy(pipe_user_name, lp_guestaccount(-1)); - DEBUG(100,("Null user in NTLMSSP verification. Using guest = %s\n", pipe_user_name)); - - } else { + if (*user_name) { /* * Do the length checking only if user is not NULL. @@ -367,8 +359,8 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlm p->ntlmssp_auth_validated = NT_STATUS_IS_OK(nt_status); if (!p->ntlmssp_auth_validated) { - DEBUG(1,("api_pipe_ntlmssp_verify: User %s\\%s from machine %s \ -failed authentication on named pipe %s.\n", domain, pipe_user_name, wks, p->name )); + DEBUG(1,("api_pipe_ntlmssp_verify: User [%s]\\[%s] from machine %s \ +failed authentication on named pipe %s.\n", domain, user_name, wks, p->name )); free_server_info(&server_info); return False; } @@ -413,7 +405,7 @@ failed authentication on named pipe %s.\n", domain, pipe_user_name, wks, p->name } fstrcpy(p->user_name, user_name); - fstrcpy(p->pipe_user_name, pipe_user_name); + fstrcpy(p->pipe_user_name, pdb_get_username(server_info->sam_account)); fstrcpy(p->domain, domain); fstrcpy(p->wks, wks); @@ -434,7 +426,7 @@ failed authentication on named pipe %s.\n", domain, pipe_user_name, wks, p->name p->pipe_user.gid = *pgid; /* Set up pipe user group membership. */ - initialise_groups(pipe_user_name, p->pipe_user.uid, p->pipe_user.gid); + initialise_groups(p->pipe_user_name, p->pipe_user.uid, p->pipe_user.gid); get_current_groups( &p->pipe_user.ngroups, &p->pipe_user.groups); if (server_info->ptok) -- cgit