From 01e04614c7c466fdbdc398c782acaa931965f925 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 3 Nov 1998 02:25:28 +0000 Subject: Makefile.in configure configure.in include/proto.h smbd/noquotas.c smbd/quotas.c: Added quotas patch for autoconf from Dejan Ilic . printing/printing.c: Filenames with spaces patch from Allan Bjorklund utils/nmblookup.c: Fix usage() function. smbd/reply.c: Split out the security=server and security=domain checks into check_server_security() and check_domain_security() to aid the writing of the 'hack' appliance mode invented by John Schimmel. Jeremy. (This used to be commit f09ab9b52251087a58af92ec753537ca34a970fc) --- source3/smbd/noquotas.c | 31 ++++++++++++ source3/smbd/quotas.c | 8 --- source3/smbd/reply.c | 130 ++++++++++++++++++++++++++++++++---------------- 3 files changed, 117 insertions(+), 52 deletions(-) create mode 100644 source3/smbd/noquotas.c (limited to 'source3/smbd') diff --git a/source3/smbd/noquotas.c b/source3/smbd/noquotas.c new file mode 100644 index 0000000000..c62fb368c7 --- /dev/null +++ b/source3/smbd/noquotas.c @@ -0,0 +1,31 @@ +/* + Unix SMB/Netbios implementation. + Version 1.9. + No support for quotas :-). + Copyright (C) Andrew Tridgell 1992-1998 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +/* + * Needed for auto generation of proto.h. + */ + +BOOL disk_quotas(char *path, int *bsize, int *dfree, int *dsize) +{ + return False; +} diff --git a/source3/smbd/quotas.c b/source3/smbd/quotas.c index 716c2357c6..d610bbe15a 100644 --- a/source3/smbd/quotas.c +++ b/source3/smbd/quotas.c @@ -1,4 +1,3 @@ -#ifdef QUOTAS /* Unix SMB/Netbios implementation. Version 1.9. @@ -658,10 +657,3 @@ BOOL disk_quotas(char *path, int *bsize, int *dfree, int *dsize) } #endif - -#else -/* this keeps fussy compilers happy */ - void quotas_dummy(void); - void quotas_dummy(void) {} -#endif /* QUOTAS */ - diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 1d8ccd61eb..67c2abb9b5 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -447,10 +447,42 @@ static int session_trust_account(connection_struct *conn, char *inbuf, char *out return(ERROR(0, 0xc0000000|NT_STATUS_LOGON_FAILURE)); } +/**************************************************************************** + Check for a valid username and password in security=server mode. +****************************************************************************/ + +static BOOL check_server_security(char *orig_user, char *domain, + char *smb_apasswd, int smb_apasslen, + char *smb_ntpasswd, int smb_ntpasslen) +{ + if(lp_security() != SEC_SERVER) + return False; + + return server_validate(orig_user, domain, + smb_apasswd, smb_apasslen, + smb_ntpasswd, smb_ntpasslen); +} + +/**************************************************************************** + Check for a valid username and password in security=domain mode. +****************************************************************************/ + +static BOOL check_domain_security(char *orig_user, char *domain, + char *smb_apasswd, int smb_apasslen, + char *smb_ntpasswd, int smb_ntpasslen) +{ + if(lp_security() != SEC_DOMAIN) + return False; + + return domain_client_validate(orig_user, domain, + smb_apasswd, smb_apasslen, + smb_ntpasswd, smb_ntpasslen); +} /**************************************************************************** reply to a session setup command ****************************************************************************/ + int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize) { uint16 sess_vuid; @@ -582,12 +614,12 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int /* If no username is sent use the guest account */ if (!*user) - { - pstrcpy(user,lp_guestaccount(-1)); - /* If no user and no password then set guest flag. */ - if( *smb_apasswd == 0) - guest = True; - } + { + pstrcpy(user,lp_guestaccount(-1)); + /* If no user and no password then set guest flag. */ + if( *smb_apasswd == 0) + guest = True; + } strlower(user); @@ -631,48 +663,58 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int if(!guest && strequal(user,lp_guestaccount(-1)) && (*smb_apasswd == 0)) guest = True; - if (!guest && !(lp_security() == SEC_SERVER && - /* Check with orig_user for security=server and - security=domain. */ - server_validate(orig_user, domain, - smb_apasswd, smb_apasslen, - smb_ntpasswd, smb_ntpasslen)) && - !(lp_security() == SEC_DOMAIN && - domain_client_validate(orig_user, domain, + /* + * Check with orig_user for security=server and + * security=domain. + */ + + if (!guest && + !check_server_security(orig_user, domain, smb_apasswd, smb_apasslen, - smb_ntpasswd, smb_ntpasslen)) && + smb_ntpasswd, smb_ntpasslen) && + !check_domain_security(orig_user, domain, + smb_apasswd, smb_apasslen, + smb_ntpasswd, smb_ntpasslen) && !check_hosts_equiv(user) ) + { + + /* + * If we get here then the user wasn't guest and the remote + * authentication methods failed. Check the authentication + * methods on this local server. + * + * If an NT password was supplied try and validate with that + * first. This is superior as the passwords are mixed case + * 128 length unicode. + */ + + if(smb_ntpasslen) { + if(!password_ok(user, smb_ntpasswd,smb_ntpasslen,NULL)) + DEBUG(0,("NT Password did not match ! Defaulting to Lanman\n")); + else + valid_nt_password = True; + } - /* now check if it's a valid username/password */ - /* If an NT password was supplied try and validate with that - first. This is superior as the passwords are mixed case - 128 length unicode */ - if(smb_ntpasslen) - { - if(!password_ok(user, smb_ntpasswd,smb_ntpasslen,NULL)) - DEBUG(0,("NT Password did not match ! Defaulting to Lanman\n")); - else - valid_nt_password = True; - } - if (!valid_nt_password && !password_ok(user, smb_apasswd,smb_apasslen,NULL)) - { - if (lp_security() >= SEC_USER) { + if (!valid_nt_password && !password_ok(user, smb_apasswd,smb_apasslen,NULL)) + { + if (lp_security() >= SEC_USER) + { #if (GUEST_SESSSETUP == 0) - return(ERROR(ERRSRV,ERRbadpw)); + return(ERROR(ERRSRV,ERRbadpw)); #endif #if (GUEST_SESSSETUP == 1) - if (Get_Pwnam(user,True)) - return(ERROR(ERRSRV,ERRbadpw)); + if (Get_Pwnam(user,True)) + return(ERROR(ERRSRV,ERRbadpw)); #endif - } - if (*smb_apasswd || !Get_Pwnam(user,True)) - pstrcpy(user,lp_guestaccount(-1)); - DEBUG(3,("Registered username %s for guest access\n",user)); - guest = True; - } + } + if (*smb_apasswd || !Get_Pwnam(user,True)) + pstrcpy(user,lp_guestaccount(-1)); + DEBUG(3,("Registered username %s for guest access\n",user)); + guest = True; } + } if (!Get_Pwnam(user,True)) { DEBUG(3,("No such user %s - using guest account\n",user)); @@ -682,12 +724,12 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int if (!strequal(user,lp_guestaccount(-1)) && lp_servicenumber(user) < 0) - { - int homes = lp_servicenumber(HOMES_NAME); - char *home = get_home_dir(user); - if (homes >= 0 && home) - lp_add_home(user,homes,home); - } + { + int homes = lp_servicenumber(HOMES_NAME); + char *home = get_home_dir(user); + if (homes >= 0 && home) + lp_add_home(user,homes,home); + } /* it's ok - setup a reply */ -- cgit