1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00

Kill off the //server/share%user hack in share level security.

This should help make much of this code simpiler.

Andrew Bartlett
(This used to be commit fb0c3629c3)
This commit is contained in:
Andrew Bartlett 2001-09-15 12:55:59 +00:00
parent cde3f0fae1
commit 7892c494e7
4 changed files with 27 additions and 105 deletions

View File

@ -1598,7 +1598,7 @@ NTSTATUS _srv_net_file_query_secdesc(pipes_struct *p, SRV_Q_NET_FILE_QUERY_SECDE
BOOL bad_path;
int access_mode;
int action;
NTSTATUS ecode;
NTSTATUS nt_status;
struct current_user user;
fstring user_name;
connection_struct *conn = NULL;
@ -1612,14 +1612,11 @@ NTSTATUS _srv_net_file_query_secdesc(pipes_struct *p, SRV_Q_NET_FILE_QUERY_SECDE
/* Null password is ok - we are already an authenticated user... */
*null_pw = '\0';
get_current_user(&user, p);
fstrcpy(user_name, uidtoname(user.uid));
conn = make_connection(qualname, user_name, null_pw, 0, "A:", user.vuid, &ecode);
conn = make_connection(qualname, null_pw, 0, "A:", user.vuid, &nt_status);
if (conn == NULL) {
DEBUG(3,("_srv_net_file_query_secdesc: Unable to connect to %s\n", qualname));
r_u->status = ecode;
r_u->status = nt_status;
goto error_exit;
}
@ -1690,7 +1687,7 @@ NTSTATUS _srv_net_file_set_secdesc(pipes_struct *p, SRV_Q_NET_FILE_SET_SECDESC *
BOOL bad_path;
int access_mode;
int action;
NTSTATUS ecode;
NTSTATUS nt_status;
struct current_user user;
fstring user_name;
connection_struct *conn = NULL;
@ -1705,14 +1702,11 @@ NTSTATUS _srv_net_file_set_secdesc(pipes_struct *p, SRV_Q_NET_FILE_SET_SECDESC *
/* Null password is ok - we are already an authenticated user... */
*null_pw = '\0';
get_current_user(&user, p);
fstrcpy(user_name, uidtoname(user.uid));
conn = make_connection(qualname, user_name, null_pw, 0, "A:", user.vuid, &ecode);
conn = make_connection(qualname, null_pw, 0, "A:", user.vuid, &nt_status);
if (conn == NULL) {
DEBUG(3,("_srv_net_file_set_secdesc: Unable to connect to %s\n", qualname));
r_u->status = ecode;
r_u->status = nt_status;
goto error_exit;
}

View File

@ -470,14 +470,6 @@ BOOL authorise_login(int snum,char *user,char *password, int pwlen,
*/
if (!(GUEST_ONLY(snum) && GUEST_OK(snum))) {
/* check the given username and password */
if (!ok && (*user) && user_ok(user,snum)) {
ok = password_ok(user,password, pwlen);
if (ok)
DEBUG(3,("authorise_login: ACCEPTED: given username (%s) password ok\n",
user ));
}
/* check for a previously registered guest username */
if (!ok && (vuser != 0) && vuser->guest) {
if (user_ok(vuser->user.unix_name,snum) &&

View File

@ -163,7 +163,6 @@ int reply_tcon(connection_struct *conn,
char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
{
pstring service;
pstring user;
pstring password;
pstring dev;
int outsize = 0;
@ -174,47 +173,19 @@ int reply_tcon(connection_struct *conn,
START_PROFILE(SMBtcon);
*service = *user = *password = *dev = 0;
*service = *password = *dev = 0;
p = smb_buf(inbuf)+1;
p += srvstr_pull(inbuf, service, p, sizeof(service), -1, STR_TERMINATE) + 1;
p += srvstr_pull(inbuf, password, p, sizeof(password), -1, STR_TERMINATE) + 1;
p += srvstr_pull(inbuf, dev, p, sizeof(dev), -1, STR_TERMINATE) + 1;
*user = 0;
p = strchr_m(service,'%');
if (p != NULL) {
*p = 0;
fstrcpy(user,p+1);
}
p = strrchr_m(service,'\\');
if (p) {
pstrcpy(service, p+1);
}
/*
* If the vuid is valid, we should be using that....
*/
if (*user == '\0' && (lp_security() != SEC_SHARE) && validated_username(vuid)) {
pstrcpy(user,validated_username(vuid));
} else {
/*
* Pass the user through the NT -> unix user mapping
* function.
*/
(void)map_username(user);
/*
* Do any UNIX username case mangling.
*/
(void)Get_Pwnam( user, True);
}
conn = make_connection(service,user,password,pwlen,dev,vuid,&ecode);
conn = make_connection(service,password,pwlen,dev,vuid,&ecode);
if (!conn) {
END_PROFILE(SMBtcon);
@ -226,8 +197,8 @@ int reply_tcon(connection_struct *conn,
SSVAL(outbuf,smb_vwv1,conn->cnum);
SSVAL(outbuf,smb_tid,conn->cnum);
DEBUG(3,("tcon service=%s user=%s cnum=%d\n",
service, user, conn->cnum));
DEBUG(3,("tcon service=%s cnum=%d\n",
service, conn->cnum));
END_PROFILE(SMBtcon);
return(outsize);
@ -240,7 +211,6 @@ int reply_tcon(connection_struct *conn,
int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize)
{
fstring service;
pstring user;
pstring password;
pstring devicename;
NTSTATUS ecode;
@ -250,7 +220,7 @@ int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt
char *p, *q;
START_PROFILE(SMBtconX);
*service = *user = *password = *devicename = 0;
*service = *password = *devicename = 0;
/* we might have to close an old one */
if ((SVAL(inbuf,smb_vwv2) & 0x1) && conn) {
@ -289,38 +259,11 @@ int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt
else
fstrcpy(service,path);
q = strchr_m(service,'%');
if (q) {
*q++ = 0;
fstrcpy(user,q);
}
p += srvstr_pull(inbuf, devicename, p, sizeof(devicename), 6, STR_ASCII);
DEBUG(4,("Got device type %s\n",devicename));
/*
* If the vuid is valid, we should be using that....
*/
if (*user == '\0' && (lp_security() != SEC_SHARE) && validated_username(vuid)) {
pstrcpy(user,validated_username(vuid));
} else {
/*
* Pass the user through the NT -> unix user mapping
* function.
*/
(void)map_username(user);
/*
* Do any UNIX username case mangling.
*/
(void)Get_Pwnam(user, True);
}
conn = make_connection(service,user,password,passlen,devicename,vuid,&ecode);
conn = make_connection(service,password,passlen,devicename,vuid,&ecode);
if (!conn) {
END_PROFILE(SMBtconX);
@ -355,8 +298,8 @@ int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt
}
DEBUG(3,("tconX service=%s user=%s\n",
service, user));
DEBUG(3,("tconX service=%s \n",
service));
/* set the incoming and outgoing tid to the just created one */
SSVAL(inbuf,smb_tid,conn->cnum);

View File

@ -318,7 +318,7 @@ static void set_admin_user(connection_struct *conn)
/****************************************************************************
make a connection to a service
****************************************************************************/
connection_struct *make_connection(char *service,char *user,char *password,
connection_struct *make_connection(char *service,char *password,
int pwlen, char *dev,uint16 vuid, NTSTATUS *status)
{
int snum;
@ -326,7 +326,8 @@ connection_struct *make_connection(char *service,char *user,char *password,
BOOL guest = False;
BOOL force = False;
connection_struct *conn;
int ret;
fstring user;
strlower(service);
@ -345,28 +346,20 @@ connection_struct *make_connection(char *service,char *user,char *password,
}
if (strequal(service,HOMES_NAME)) {
if (*user && Get_Pwnam(user,True)) {
fstring dos_username;
fstrcpy(dos_username, user);
return(make_connection(dos_username,user,password,
pwlen,dev,vuid,status));
}
if(lp_security() != SEC_SHARE) {
if (validated_username(vuid)) {
fstring dos_username;
fstrcpy(user,validated_username(vuid));
fstrcpy(dos_username, user);
return(make_connection(dos_username,user,password,pwlen,dev,vuid,status));
fstring unix_username;
fstrcpy(unix_username,validated_username(vuid));
return(make_connection(unix_username,password,pwlen,dev,vuid,status));
}
} else {
/* Security = share. Try with current_user_info.smb_name
* as the username. */
if(*current_user_info.smb_name) {
fstring dos_username;
fstrcpy(user,current_user_info.smb_name);
fstrcpy(dos_username, user);
return(make_connection(dos_username,user,password,pwlen,dev,vuid,status));
fstring unix_username;
fstrcpy(unix_username,current_user_info.smb_name);
map_username(unix_username);
return(make_connection(unix_username,password,pwlen,dev,vuid,status));
}
}
}
@ -375,15 +368,13 @@ connection_struct *make_connection(char *service,char *user,char *password,
return NULL;
}
/* lowercase the user name */
strlower(user);
/* add it as a possible user name if we
are in share mode security */
if (lp_security() == SEC_SHARE) {
add_session_user(service);
}
/* shall we let them in? */
if (!authorise_login(snum,user,password,pwlen,&guest,&force,vuid)) {
DEBUG( 2, ( "Invalid username/password for %s [%s]\n", service, user ) );
@ -574,6 +565,7 @@ connection_struct *make_connection(char *service,char *user,char *password,
/* execute any "root preexec = " line */
if (*lp_rootpreexec(SNUM(conn))) {
int ret;
pstring cmd;
pstrcpy(cmd,lp_rootpreexec(SNUM(conn)));
standard_sub_conn(conn,cmd);
@ -630,6 +622,7 @@ connection_struct *make_connection(char *service,char *user,char *password,
/* execute any "preexec = " line */
if (*lp_preexec(SNUM(conn))) {
int ret;
pstring cmd;
pstrcpy(cmd,lp_preexec(SNUM(conn)));
standard_sub_conn(conn,cmd);