1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00

include/local.h:

include/smb.h:
param/loadparm.c: Made GUEST_SESSSETUP run time selectable. Horror of horrors :-).
printing/printing.c: Added J.F.'s latest fix.
rpc_parse/parse_misc.c:
parse_reg.c:
rpcclient/cmd_reg.c:
rpcclient/display.c: SGI compiler signed/unsigned issues.
smbd/reply.c: Made GUEST_SESSSETUP run time selectable. Horror of horrors :-).
utils/testparm.c: Added extra test.
Jeremy.
This commit is contained in:
Jeremy Allison 0001-01-01 00:00:00 +00:00
parent aa2c424f5a
commit 9668a5ef50
12 changed files with 81 additions and 38 deletions

View File

@ -104,29 +104,6 @@
#define PRIME_NMBD 1
#endif
/* do you want session setups at user level security with a invalid
password to be rejected or allowed in as guest? WinNT rejects them
but it can be a pain as it means "net view" needs to use a password
You have 3 choices:
GUEST_SESSSETUP = 0 means session setups with an invalid password
are rejected.
GUEST_SESSSETUP = 1 means session setups with an invalid password
are rejected, unless the username does not exist, in which case it
is treated as a guest login
GUEST_SESSSETUP = 2 means session setups with an invalid password
are treated as a guest login
Note that GUEST_SESSSETUP only has an effect in user or server
level security.
*/
#ifndef GUEST_SESSSETUP
#define GUEST_SESSSETUP 0
#endif
/* the default pager to use for the client "more" command. Users can
override this with the PAGER environment variable */
#ifndef PAGER

View File

@ -32,7 +32,7 @@
#include "rpc_misc.h"
/* security descriptor structures */
#include "rpc_secdes.h"
#include "rpc_secdes.h"
/* different dce/rpc pipes */
#include "rpc_lsa.h"

View File

@ -1035,6 +1035,7 @@ int lp_lm_interval(void);
int lp_machine_password_timeout(void);
int lp_change_notify_timeout(void);
int lp_stat_cache_size(void);
int lp_map_to_guest(void);
int lp_ldap_port(void);
char *lp_preexec(int );
char *lp_postexec(int );

View File

@ -1684,6 +1684,31 @@ struct nmb_name {
#define NEW_PW_FORMAT_SPACE_PADDED_LEN 14
/*
Do you want session setups at user level security with a invalid
password to be rejected or allowed in as guest? WinNT rejects them
but it can be a pain as it means "net view" needs to use a password
You have 3 choices in the setting of map_to_guest:
"NEVER_MAP_TO_GUEST" means session setups with an invalid password
are rejected. This is the default.
"MAP_TO_GUEST_ON_BAD_USER" means session setups with an invalid password
are rejected, unless the username does not exist, in which case it
is treated as a guest login
"MAP_TO_GUEST_ON_BAD_PASSWORD" means session setups with an invalid password
are treated as a guest login
Note that map_to_guest only has an effect in user or server
level security.
*/
#define NEVER_MAP_TO_GUEST 0
#define MAP_TO_GUEST_ON_BAD_USER 1
#define MAP_TO_GUEST_ON_BAD_PASSWORD 2
#endif /* _SMB_H */
/* _SMB_H */

View File

@ -182,6 +182,7 @@ typedef struct
int machine_password_timeout;
int change_notify_timeout;
int stat_cache_size;
int map_to_guest;
#ifdef WITH_LDAP
int ldap_port;
#endif /* WITH_LDAP */
@ -468,6 +469,29 @@ static struct enum_list enum_case[] = {{CASE_LOWER, "lower"}, {CASE_UPPER, "uppe
static struct enum_list enum_lm_announce[] = {{0, "False"}, {1, "True"}, {2, "Auto"}, {-1, NULL}};
/*
Do you want session setups at user level security with a invalid
password to be rejected or allowed in as guest? WinNT rejects them
but it can be a pain as it means "net view" needs to use a password
You have 3 choices in the setting of map_to_guest:
"Never" means session setups with an invalid password
are rejected. This is the default.
"Bad User" means session setups with an invalid password
are rejected, unless the username does not exist, in which case it
is treated as a guest login
"Bad Password" means session setups with an invalid password
are treated as a guest login
Note that map_to_guest only has an effect in user or server
level security.
*/
static struct enum_list enum_map_to_guest[] = {{NEVER_MAP_TO_GUEST, "Never"}, {MAP_TO_GUEST_ON_BAD_USER, "Bad User"}, {MAP_TO_GUEST_ON_BAD_PASSWORD, "Bad Password"}, {-1, NULL}};
#ifdef WITH_SSL
static struct enum_list enum_ssl_version[] = {{SMB_SSL_V2, "ssl2"}, {SMB_SSL_V3, "ssl3"},
{SMB_SSL_V23, "ssl2or3"}, {SMB_SSL_TLS1, "tls1"}, {-1, NULL}};
@ -492,6 +516,7 @@ static struct parm_struct parm_table[] =
{"encrypt passwords",P_BOOL, P_GLOBAL, &Globals.bEncryptPasswords, NULL, NULL, FLAG_BASIC},
{"update encrypted", P_BOOL, P_GLOBAL, &Globals.bUpdateEncrypt, NULL, NULL, FLAG_BASIC},
{"use rhosts", P_BOOL, P_GLOBAL, &Globals.bUseRhosts, NULL, NULL, 0},
{"map to guest", P_ENUM, P_GLOBAL, &Globals.map_to_guest, NULL, enum_map_to_guest, 0},
{"null passwords", P_BOOL, P_GLOBAL, &Globals.bNullPasswords, NULL, NULL, 0},
{"password server", P_STRING, P_GLOBAL, &Globals.szPasswordServer, NULL, NULL, 0},
{"smb passwd file", P_STRING, P_GLOBAL, &Globals.szSMBPasswdFile, NULL, NULL, 0},
@ -868,6 +893,7 @@ static void init_globals(void)
Globals.bNTSmbSupport = True; /* Do NT SMB's by default. */
Globals.bNTPipeSupport = True; /* Do NT pipes by default. */
Globals.bStatCache = True; /* use stat cache by default */
Globals.map_to_guest = 0; /* By Default, "Never" */
#ifdef WITH_LDAP
/* default values for ldap */
@ -1187,6 +1213,7 @@ FN_GLOBAL_INTEGER(lp_lm_interval,&Globals.lm_interval)
FN_GLOBAL_INTEGER(lp_machine_password_timeout,&Globals.machine_password_timeout)
FN_GLOBAL_INTEGER(lp_change_notify_timeout,&Globals.change_notify_timeout)
FN_GLOBAL_INTEGER(lp_stat_cache_size,&Globals.stat_cache_size)
FN_GLOBAL_INTEGER(lp_map_to_guest,&Globals.map_to_guest)
#ifdef WITH_LDAP
FN_GLOBAL_INTEGER(lp_ldap_port,&Globals.ldap_port)

View File

@ -222,15 +222,18 @@ static BOOL parse_lpq_bsd(char *line,print_queue_struct *buf,BOOL first)
char *tok[MAXTOK];
int count = 0;
pstring line2;
pstrcpy(line2,line);
#ifdef OSF1
int length;
length = strlen(line);
if (line[length-3] == ':')
length = strlen(line2);
if (line2[length-3] == ':')
return(False);
#endif /* OSF1 */
tok[0] = strtok(line," \t");
tok[0] = strtok(line2," \t");
count++;
while (((tok[count] = strtok(NULL," \t")) != NULL) && (count < MAXTOK)) {

View File

@ -400,7 +400,7 @@ creates a BUFFER3 structure from a hex string.
void make_buffer3_hex(BUFFER3 *str, char *buf)
{
ZERO_STRUCTP(str);
str->buf_max_len = str->buf_len = strhex_to_str(str->buffer, sizeof(str->buffer), buf);
str->buf_max_len = str->buf_len = strhex_to_str((char *)str->buffer, sizeof(str->buffer), buf);
}
/*******************************************************************

View File

@ -90,7 +90,7 @@ void make_reg_q_create_key(REG_Q_CREATE_KEY *q_c, POLICY_HND *hnd,
int len_name = name != NULL ? strlen(name ) + 1: 0;
int len_class = class != NULL ? strlen(class) + 1: 0;
static char data[] =
static unsigned char data[] =
{
0x01, 0x00, 0x00, 0x80,
0x00, 0x00, 0x00, 0x00,

View File

@ -471,7 +471,7 @@ void cmd_reg_create_val(struct client_info *info)
}
DEBUG(10,("key data:\n"));
dump_data(10, value.buffer, value.buf_len);
dump_data(10, (char *)value.buffer, value.buf_len);
/* open WINREG session. */
res = res ? cli_nt_session_open(smb_cli, PIPE_WINREG) : False;

View File

@ -1245,11 +1245,10 @@ char *get_reg_val_type_str(uint32 type)
}
default:
{
snprintf(typestr, sizeof(typestr), "[%d]", type);
return typestr;
break;
}
}
snprintf(typestr, sizeof(typestr), "[%d]", type);
return typestr;
}

View File

@ -701,14 +701,21 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int
{
if (lp_security() >= SEC_USER)
{
#if (GUEST_SESSSETUP == 0)
return(ERROR(ERRSRV,ERRbadpw));
#endif
#if (GUEST_SESSSETUP == 1)
if (Get_Pwnam(user,True))
if (lp_map_to_guest() == NEVER_MAP_TO_GUEST)
return(ERROR(ERRSRV,ERRbadpw));
#endif
if (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_USER)
{
if (Get_Pwnam(user,True))
return(ERROR(ERRSRV,ERRbadpw));
}
/*
* ..else if lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD
* Then always map to guest account - as done below.
*/
}
if (*smb_apasswd || !Get_Pwnam(user,True))
pstrcpy(user,lp_guestaccount(-1));
DEBUG(3,("Registered username %s for guest access\n",user));

View File

@ -52,6 +52,10 @@ static void do_global_checks(void)
'security=share' mode.\n");
}
if (lp_security() == SEC_DOMAIN && !lp_encrypted_passwords()) {
printf("ERROR: in 'security=domain' mode the 'encrypt passwords' parameter must also be set to 'true'.\n");
}
if (lp_wins_support() && *lp_wins_server()) {
printf("ERROR: both 'wins support = true' and 'wins server = <server>' \
cannot be set in the smb.conf file. nmbd will abort with this setting.\n");