2025-01-26 10:04:02 +03:00 · - · 44dc339fe7
commit 44dc339fe7
parent 8abdf0e29f
4 changed files with 47 additions and 11 deletions
--- a/source/include/proto.h
+++ b/source/include/proto.h
@ -1632,6 +1632,7 @@ int lp_oplock_contention_limit(int );
 int lp_write_cache_size(int );
 char lp_magicchar(int );
 int lp_winbind_cache_time(void);
+BOOL lp_hide_local_users(void);
 BOOL lp_add_home(char *pszHomename, int iDefaultService, char *pszHomedir);
 int lp_add_service(char *pszService, int iDefaultService);
 BOOL lp_add_printer(char *pszPrintername, int iDefaultService);
--- a/source/param/loadparm.c
+++ b/source/param/loadparm.c
@ -263,6 +263,7 @@ typedef struct
 	BOOL bDebugPid;
 	BOOL bDebugUid;
 	BOOL bHostMSDfs;
+	BOOL bHideLocalUsers;
 }
 global;

@ -992,6 +993,8 @@ static struct parm_struct parm_table[] = {

 	{"fake directory create times", P_BOOL, P_LOCAL, &sDefault.bFakeDirCreateTimes, NULL, NULL, FLAG_SHARE | FLAG_GLOBAL},
 	{"panic action", P_STRING, P_GLOBAL, &Globals.szPanicAction, NULL, NULL, 0},
+	{"hide local users", P_BOOL, P_GLOBAL, &Globals.bHideLocalUsers, NULL,
+	 NULL, 0},

 	{"VFS options", P_SEP, P_SEPARATOR},
 	
@ -1629,7 +1632,10 @@ FN_LOCAL_INTEGER(lp_oplock_contention_limit, iOplockContentionLimit)
 FN_LOCAL_INTEGER(lp_write_cache_size, iWriteCacheSize)
 FN_LOCAL_CHAR(lp_magicchar, magic_char)
 FN_GLOBAL_INTEGER(lp_winbind_cache_time, &Globals.winbind_cache_time)
+FN_GLOBAL_BOOL(lp_hide_local_users, &Globals.bHideLocalUsers)
+
 /* local prototypes */
+
 static int map_parameter(char *pszParmName);
 static BOOL set_boolean(BOOL *pb, char *pszParmValue);
 static int getservicebyname(char *pszServiceName,
--- a/source/passdb/passdb.c
+++ b/source/passdb/passdb.c
@ -33,8 +33,6 @@ extern int DEBUGLEVEL;
 */

 extern DOM_SID global_sam_sid;
-extern pstring global_myname;
-extern fstring global_myworkgroup;

 struct passdb_ops *pdb_ops;

@ -438,8 +436,18 @@ BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use)
 			if(!next_token(&p, name, NULL, sizeof(fstring)))
 				fstrcpy(name, "Guest");
 		} else {
-			uid_t uid = pdb_user_rid_to_uid(rid);
-			struct passwd *pass = sys_getpwuid(uid);
+			uid_t uid;
+			struct passwd *pass;
+			
+			/*
+			 * Don't try to convert the rid to a name if 
+			 * running in appliance mode
+			 */
+			if (lp_hide_local_users())
+				return False;
+			
+			uid = pdb_user_rid_to_uid(rid);
+			pass = sys_getpwuid(uid);

 			*psid_name_use = SID_NAME_USER;

@ -458,8 +466,19 @@ BOOL local_lookup_rid(uint32 rid, char *name, enum SID_NAME_USE *psid_name_use)
 		}

 	} else {
-		gid_t gid = pdb_user_rid_to_gid(rid);
-		struct group *gr = getgrgid(gid);
+		gid_t gid;
+		struct group *gr; 
+
+		/* 
+		 * Don't try to convert the rid to a name if running
+		 * in appliance mode
+		 */
+		
+		if (lp_hide_local_users()) 
+			return False;
+		
+		gid = pdb_user_rid_to_gid(rid);
+		gr = getgrgid(gid);

 		*psid_name_use = SID_NAME_ALIAS;

@ -492,9 +511,6 @@ BOOL local_lookup_name(char *domain, char *user, DOM_SID *psid, enum SID_NAME_US

 	sid_copy(&local_sid, &global_sam_sid);

-	if(!strequal(global_myname, domain) && !strequal(global_myworkgroup, domain))
-		return False;
-
 	/*
 	 * Special case for MACHINE\Everyone. Map to the world_sid.
 	 */
@ -506,6 +522,12 @@ BOOL local_lookup_name(char *domain, char *user, DOM_SID *psid, enum SID_NAME_US
 		return True;
 	}

+	/* 
+	 * Don't lookup local unix users if running in appliance mode
+	 */
+	if (lp_hide_local_users()) 
+		return False;
+
 	(void)map_username(user);

 	if(!(pass = sys_getpwnam(user))) {
--- a/source/rpc_server/srv_samr.c
+++ b/source/rpc_server/srv_samr.c
@ -210,6 +210,10 @@ static BOOL get_passwd_entries(SAM_USER_INFO_21 *pw_buf,
 	(*num_entries) = 0;
 	(*total_entries) = 0;

+	/* Skip all this stuff if we're in appliance mode */
+
+	if (lp_hide_local_users()) goto done;
+
 	if (pw_buf == NULL) return False;

 	if (current_idx == 0) {
@ -340,6 +344,7 @@ static BOOL get_passwd_entries(SAM_USER_INFO_21 *pw_buf,
 		mapped_idx = 0;
 	}

+done:
 	return (*num_entries) > 0;
 }

@ -759,14 +764,16 @@ static BOOL samr_reply_enum_dom_aliases(SAMR_Q_ENUM_DOM_ALIASES *q_u,
 	if (strequal(sid_str, "S-1-5-32"))
 	{
 		char *name;
-		while (num_entries < MAX_SAM_ENTRIES && ((name = builtin_alias_rids[num_entries].name) != NULL))
+		while (!lp_hide_local_users() &&
+		       num_entries < MAX_SAM_ENTRIES && 
+		       ((name = builtin_alias_rids[num_entries].name) != NULL))
 		{
 			init_unistr2(&(pass[num_entries].uni_user_name), name, strlen(name)+1);
 			pass[num_entries].user_rid = builtin_alias_rids[num_entries].rid;
 			num_entries++;
 		}
 	}
-	else if (strequal(sid_str, sam_sid_str))
+	else if (strequal(sid_str, sam_sid_str) && !lp_hide_local_users())
 	{
 		char *name;
 		char *sep;