mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
Kill off the //server/share%user hack in share level security.
This should help make much of this code simpiler.
Andrew Bartlett
(This used to be commit fb0c3629c3
)
This commit is contained in:
parent
cde3f0fae1
commit
7892c494e7
@ -1598,7 +1598,7 @@ NTSTATUS _srv_net_file_query_secdesc(pipes_struct *p, SRV_Q_NET_FILE_QUERY_SECDE
|
||||
BOOL bad_path;
|
||||
int access_mode;
|
||||
int action;
|
||||
NTSTATUS ecode;
|
||||
NTSTATUS nt_status;
|
||||
struct current_user user;
|
||||
fstring user_name;
|
||||
connection_struct *conn = NULL;
|
||||
@ -1612,14 +1612,11 @@ NTSTATUS _srv_net_file_query_secdesc(pipes_struct *p, SRV_Q_NET_FILE_QUERY_SECDE
|
||||
/* Null password is ok - we are already an authenticated user... */
|
||||
*null_pw = '\0';
|
||||
|
||||
get_current_user(&user, p);
|
||||
fstrcpy(user_name, uidtoname(user.uid));
|
||||
|
||||
conn = make_connection(qualname, user_name, null_pw, 0, "A:", user.vuid, &ecode);
|
||||
conn = make_connection(qualname, null_pw, 0, "A:", user.vuid, &nt_status);
|
||||
|
||||
if (conn == NULL) {
|
||||
DEBUG(3,("_srv_net_file_query_secdesc: Unable to connect to %s\n", qualname));
|
||||
r_u->status = ecode;
|
||||
r_u->status = nt_status;
|
||||
goto error_exit;
|
||||
}
|
||||
|
||||
@ -1690,7 +1687,7 @@ NTSTATUS _srv_net_file_set_secdesc(pipes_struct *p, SRV_Q_NET_FILE_SET_SECDESC *
|
||||
BOOL bad_path;
|
||||
int access_mode;
|
||||
int action;
|
||||
NTSTATUS ecode;
|
||||
NTSTATUS nt_status;
|
||||
struct current_user user;
|
||||
fstring user_name;
|
||||
connection_struct *conn = NULL;
|
||||
@ -1705,14 +1702,11 @@ NTSTATUS _srv_net_file_set_secdesc(pipes_struct *p, SRV_Q_NET_FILE_SET_SECDESC *
|
||||
/* Null password is ok - we are already an authenticated user... */
|
||||
*null_pw = '\0';
|
||||
|
||||
get_current_user(&user, p);
|
||||
fstrcpy(user_name, uidtoname(user.uid));
|
||||
|
||||
conn = make_connection(qualname, user_name, null_pw, 0, "A:", user.vuid, &ecode);
|
||||
conn = make_connection(qualname, null_pw, 0, "A:", user.vuid, &nt_status);
|
||||
|
||||
if (conn == NULL) {
|
||||
DEBUG(3,("_srv_net_file_set_secdesc: Unable to connect to %s\n", qualname));
|
||||
r_u->status = ecode;
|
||||
r_u->status = nt_status;
|
||||
goto error_exit;
|
||||
}
|
||||
|
||||
|
@ -470,14 +470,6 @@ BOOL authorise_login(int snum,char *user,char *password, int pwlen,
|
||||
*/
|
||||
|
||||
if (!(GUEST_ONLY(snum) && GUEST_OK(snum))) {
|
||||
/* check the given username and password */
|
||||
if (!ok && (*user) && user_ok(user,snum)) {
|
||||
ok = password_ok(user,password, pwlen);
|
||||
if (ok)
|
||||
DEBUG(3,("authorise_login: ACCEPTED: given username (%s) password ok\n",
|
||||
user ));
|
||||
}
|
||||
|
||||
/* check for a previously registered guest username */
|
||||
if (!ok && (vuser != 0) && vuser->guest) {
|
||||
if (user_ok(vuser->user.unix_name,snum) &&
|
||||
|
@ -163,7 +163,6 @@ int reply_tcon(connection_struct *conn,
|
||||
char *inbuf,char *outbuf, int dum_size, int dum_buffsize)
|
||||
{
|
||||
pstring service;
|
||||
pstring user;
|
||||
pstring password;
|
||||
pstring dev;
|
||||
int outsize = 0;
|
||||
@ -174,47 +173,19 @@ int reply_tcon(connection_struct *conn,
|
||||
|
||||
START_PROFILE(SMBtcon);
|
||||
|
||||
*service = *user = *password = *dev = 0;
|
||||
*service = *password = *dev = 0;
|
||||
|
||||
p = smb_buf(inbuf)+1;
|
||||
p += srvstr_pull(inbuf, service, p, sizeof(service), -1, STR_TERMINATE) + 1;
|
||||
p += srvstr_pull(inbuf, password, p, sizeof(password), -1, STR_TERMINATE) + 1;
|
||||
p += srvstr_pull(inbuf, dev, p, sizeof(dev), -1, STR_TERMINATE) + 1;
|
||||
|
||||
*user = 0;
|
||||
p = strchr_m(service,'%');
|
||||
if (p != NULL) {
|
||||
*p = 0;
|
||||
fstrcpy(user,p+1);
|
||||
}
|
||||
|
||||
p = strrchr_m(service,'\\');
|
||||
if (p) {
|
||||
pstrcpy(service, p+1);
|
||||
}
|
||||
|
||||
/*
|
||||
* If the vuid is valid, we should be using that....
|
||||
*/
|
||||
|
||||
if (*user == '\0' && (lp_security() != SEC_SHARE) && validated_username(vuid)) {
|
||||
pstrcpy(user,validated_username(vuid));
|
||||
} else {
|
||||
|
||||
/*
|
||||
* Pass the user through the NT -> unix user mapping
|
||||
* function.
|
||||
*/
|
||||
|
||||
(void)map_username(user);
|
||||
|
||||
/*
|
||||
* Do any UNIX username case mangling.
|
||||
*/
|
||||
(void)Get_Pwnam( user, True);
|
||||
}
|
||||
|
||||
conn = make_connection(service,user,password,pwlen,dev,vuid,&ecode);
|
||||
conn = make_connection(service,password,pwlen,dev,vuid,&ecode);
|
||||
|
||||
if (!conn) {
|
||||
END_PROFILE(SMBtcon);
|
||||
@ -226,8 +197,8 @@ int reply_tcon(connection_struct *conn,
|
||||
SSVAL(outbuf,smb_vwv1,conn->cnum);
|
||||
SSVAL(outbuf,smb_tid,conn->cnum);
|
||||
|
||||
DEBUG(3,("tcon service=%s user=%s cnum=%d\n",
|
||||
service, user, conn->cnum));
|
||||
DEBUG(3,("tcon service=%s cnum=%d\n",
|
||||
service, conn->cnum));
|
||||
|
||||
END_PROFILE(SMBtcon);
|
||||
return(outsize);
|
||||
@ -240,7 +211,6 @@ int reply_tcon(connection_struct *conn,
|
||||
int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int length,int bufsize)
|
||||
{
|
||||
fstring service;
|
||||
pstring user;
|
||||
pstring password;
|
||||
pstring devicename;
|
||||
NTSTATUS ecode;
|
||||
@ -250,7 +220,7 @@ int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt
|
||||
char *p, *q;
|
||||
START_PROFILE(SMBtconX);
|
||||
|
||||
*service = *user = *password = *devicename = 0;
|
||||
*service = *password = *devicename = 0;
|
||||
|
||||
/* we might have to close an old one */
|
||||
if ((SVAL(inbuf,smb_vwv2) & 0x1) && conn) {
|
||||
@ -289,38 +259,11 @@ int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt
|
||||
else
|
||||
fstrcpy(service,path);
|
||||
|
||||
q = strchr_m(service,'%');
|
||||
if (q) {
|
||||
*q++ = 0;
|
||||
fstrcpy(user,q);
|
||||
}
|
||||
p += srvstr_pull(inbuf, devicename, p, sizeof(devicename), 6, STR_ASCII);
|
||||
|
||||
DEBUG(4,("Got device type %s\n",devicename));
|
||||
|
||||
/*
|
||||
* If the vuid is valid, we should be using that....
|
||||
*/
|
||||
|
||||
if (*user == '\0' && (lp_security() != SEC_SHARE) && validated_username(vuid)) {
|
||||
pstrcpy(user,validated_username(vuid));
|
||||
} else {
|
||||
|
||||
/*
|
||||
* Pass the user through the NT -> unix user mapping
|
||||
* function.
|
||||
*/
|
||||
|
||||
(void)map_username(user);
|
||||
|
||||
/*
|
||||
* Do any UNIX username case mangling.
|
||||
*/
|
||||
(void)Get_Pwnam(user, True);
|
||||
|
||||
}
|
||||
|
||||
conn = make_connection(service,user,password,passlen,devicename,vuid,&ecode);
|
||||
conn = make_connection(service,password,passlen,devicename,vuid,&ecode);
|
||||
|
||||
if (!conn) {
|
||||
END_PROFILE(SMBtconX);
|
||||
@ -355,8 +298,8 @@ int reply_tcon_and_X(connection_struct *conn, char *inbuf,char *outbuf,int lengt
|
||||
}
|
||||
|
||||
|
||||
DEBUG(3,("tconX service=%s user=%s\n",
|
||||
service, user));
|
||||
DEBUG(3,("tconX service=%s \n",
|
||||
service));
|
||||
|
||||
/* set the incoming and outgoing tid to the just created one */
|
||||
SSVAL(inbuf,smb_tid,conn->cnum);
|
||||
|
@ -318,7 +318,7 @@ static void set_admin_user(connection_struct *conn)
|
||||
/****************************************************************************
|
||||
make a connection to a service
|
||||
****************************************************************************/
|
||||
connection_struct *make_connection(char *service,char *user,char *password,
|
||||
connection_struct *make_connection(char *service,char *password,
|
||||
int pwlen, char *dev,uint16 vuid, NTSTATUS *status)
|
||||
{
|
||||
int snum;
|
||||
@ -326,7 +326,8 @@ connection_struct *make_connection(char *service,char *user,char *password,
|
||||
BOOL guest = False;
|
||||
BOOL force = False;
|
||||
connection_struct *conn;
|
||||
int ret;
|
||||
|
||||
fstring user;
|
||||
|
||||
strlower(service);
|
||||
|
||||
@ -345,28 +346,20 @@ connection_struct *make_connection(char *service,char *user,char *password,
|
||||
}
|
||||
|
||||
if (strequal(service,HOMES_NAME)) {
|
||||
if (*user && Get_Pwnam(user,True)) {
|
||||
fstring dos_username;
|
||||
fstrcpy(dos_username, user);
|
||||
return(make_connection(dos_username,user,password,
|
||||
pwlen,dev,vuid,status));
|
||||
}
|
||||
|
||||
if(lp_security() != SEC_SHARE) {
|
||||
if (validated_username(vuid)) {
|
||||
fstring dos_username;
|
||||
fstrcpy(user,validated_username(vuid));
|
||||
fstrcpy(dos_username, user);
|
||||
return(make_connection(dos_username,user,password,pwlen,dev,vuid,status));
|
||||
fstring unix_username;
|
||||
fstrcpy(unix_username,validated_username(vuid));
|
||||
return(make_connection(unix_username,password,pwlen,dev,vuid,status));
|
||||
}
|
||||
} else {
|
||||
/* Security = share. Try with current_user_info.smb_name
|
||||
* as the username. */
|
||||
if(*current_user_info.smb_name) {
|
||||
fstring dos_username;
|
||||
fstrcpy(user,current_user_info.smb_name);
|
||||
fstrcpy(dos_username, user);
|
||||
return(make_connection(dos_username,user,password,pwlen,dev,vuid,status));
|
||||
fstring unix_username;
|
||||
fstrcpy(unix_username,current_user_info.smb_name);
|
||||
map_username(unix_username);
|
||||
return(make_connection(unix_username,password,pwlen,dev,vuid,status));
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -375,15 +368,13 @@ connection_struct *make_connection(char *service,char *user,char *password,
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/* lowercase the user name */
|
||||
strlower(user);
|
||||
|
||||
/* add it as a possible user name if we
|
||||
are in share mode security */
|
||||
if (lp_security() == SEC_SHARE) {
|
||||
add_session_user(service);
|
||||
}
|
||||
|
||||
|
||||
/* shall we let them in? */
|
||||
if (!authorise_login(snum,user,password,pwlen,&guest,&force,vuid)) {
|
||||
DEBUG( 2, ( "Invalid username/password for %s [%s]\n", service, user ) );
|
||||
@ -574,6 +565,7 @@ connection_struct *make_connection(char *service,char *user,char *password,
|
||||
|
||||
/* execute any "root preexec = " line */
|
||||
if (*lp_rootpreexec(SNUM(conn))) {
|
||||
int ret;
|
||||
pstring cmd;
|
||||
pstrcpy(cmd,lp_rootpreexec(SNUM(conn)));
|
||||
standard_sub_conn(conn,cmd);
|
||||
@ -630,6 +622,7 @@ connection_struct *make_connection(char *service,char *user,char *password,
|
||||
|
||||
/* execute any "preexec = " line */
|
||||
if (*lp_preexec(SNUM(conn))) {
|
||||
int ret;
|
||||
pstring cmd;
|
||||
pstrcpy(cmd,lp_preexec(SNUM(conn)));
|
||||
standard_sub_conn(conn,cmd);
|
||||
|
Loading…
Reference in New Issue
Block a user