From 43a4e1dbf99902e641aca02329f855685f8b01ec Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 7 Jan 2004 10:11:24 +0000 Subject: [PATCH] Don't duplicate pulling the 'IPC' username from secrets.tdb, instead just use one function for both places. Andrew Bartlett (This used to be commit 85da181e8a0ade839f6d595fabdf4cea606f82e1) --- source3/nsswitch/wbinfo.c | 12 ++++++------ source3/passdb/secrets.c | 40 ++++++++++++++++++++++++++++++++++++++- 2 files changed, 45 insertions(+), 7 deletions(-) diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c index 7d25524f8ee..74f341a4904 100644 --- a/source3/nsswitch/wbinfo.c +++ b/source3/nsswitch/wbinfo.c @@ -909,14 +909,14 @@ static void wbinfo_get_auth_user(void) char *user, *domain, *password; /* Lift data from secrets file */ + + secrets_fetch_ipc_userpass(&user, &domain, &password); - secrets_init(); + if ((!user || !*user) && (!domain || !*domain ) && (!password || !*password)){ - user = secrets_fetch(SECRETS_AUTH_USER, NULL); - domain = secrets_fetch(SECRETS_AUTH_DOMAIN, NULL); - password = secrets_fetch(SECRETS_AUTH_PASSWORD, NULL); - - if (!user && !domain && !password) { + SAFE_FREE(user); + SAFE_FREE(domain); + SAFE_FREE(password); d_printf("No authorised user configured\n"); return; } diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c index 8a146f0d688..1b545488cdf 100644 --- a/source3/passdb/secrets.c +++ b/source3/passdb/secrets.c @@ -3,7 +3,8 @@ Copyright (C) Andrew Tridgell 1992-2001 Copyright (C) Andrew Bartlett 2002 Copyright (C) Rafal Szczesniak 2002 - + Copyright (C) Tim Potter 2001 + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or @@ -791,3 +792,40 @@ BOOL secrets_fetch_afs_key(const char *cell, struct afs_key *result) return True; } + +/****************************************************************************** + When kerberos is not available, choose between anonymous or + authenticated connections. + + We need to use an authenticated connection if DCs have the + RestrictAnonymous registry entry set > 0, or the "Additional + restrictions for anonymous connections" set in the win2k Local + Security Policy. + + Caller to free() result in domain, username, password +*******************************************************************************/ +void secrets_fetch_ipc_userpass(char **username, char **domain, char **password) +{ + *username = secrets_fetch(SECRETS_AUTH_USER, NULL); + *domain = secrets_fetch(SECRETS_AUTH_DOMAIN, NULL); + *password = secrets_fetch(SECRETS_AUTH_PASSWORD, NULL); + + if (*username && **username) { + + if (!*domain || !**domain) + *domain = smb_xstrdup(lp_workgroup()); + + if (!*password || !**password) + *password = smb_xstrdup(""); + + DEBUG(3, ("IPC$ connections done by user %s\\%s\n", + *domain, *username)); + + } else { + DEBUG(3, ("IPC$ connections done anonymously\n")); + *username = smb_xstrdup(""); + *domain = smb_xstrdup(""); + *password = smb_xstrdup(""); + } +} +