mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
include/local.h:
include/smb.h: param/loadparm.c: Made GUEST_SESSSETUP run time selectable. Horror of horrors :-). printing/printing.c: Added J.F.'s latest fix. rpc_parse/parse_misc.c: parse_reg.c: rpcclient/cmd_reg.c: rpcclient/display.c: SGI compiler signed/unsigned issues. smbd/reply.c: Made GUEST_SESSSETUP run time selectable. Horror of horrors :-). utils/testparm.c: Added extra test. Jeremy.
This commit is contained in:
parent
aa2c424f5a
commit
9668a5ef50
@ -104,29 +104,6 @@
|
||||
#define PRIME_NMBD 1
|
||||
#endif
|
||||
|
||||
/* do you want session setups at user level security with a invalid
|
||||
password to be rejected or allowed in as guest? WinNT rejects them
|
||||
but it can be a pain as it means "net view" needs to use a password
|
||||
|
||||
You have 3 choices:
|
||||
|
||||
GUEST_SESSSETUP = 0 means session setups with an invalid password
|
||||
are rejected.
|
||||
|
||||
GUEST_SESSSETUP = 1 means session setups with an invalid password
|
||||
are rejected, unless the username does not exist, in which case it
|
||||
is treated as a guest login
|
||||
|
||||
GUEST_SESSSETUP = 2 means session setups with an invalid password
|
||||
are treated as a guest login
|
||||
|
||||
Note that GUEST_SESSSETUP only has an effect in user or server
|
||||
level security.
|
||||
*/
|
||||
#ifndef GUEST_SESSSETUP
|
||||
#define GUEST_SESSSETUP 0
|
||||
#endif
|
||||
|
||||
/* the default pager to use for the client "more" command. Users can
|
||||
override this with the PAGER environment variable */
|
||||
#ifndef PAGER
|
||||
|
@ -32,7 +32,7 @@
|
||||
#include "rpc_misc.h"
|
||||
|
||||
/* security descriptor structures */
|
||||
#include "rpc_secdes.h"
|
||||
#include "rpc_secdes.h"
|
||||
|
||||
/* different dce/rpc pipes */
|
||||
#include "rpc_lsa.h"
|
||||
|
@ -1035,6 +1035,7 @@ int lp_lm_interval(void);
|
||||
int lp_machine_password_timeout(void);
|
||||
int lp_change_notify_timeout(void);
|
||||
int lp_stat_cache_size(void);
|
||||
int lp_map_to_guest(void);
|
||||
int lp_ldap_port(void);
|
||||
char *lp_preexec(int );
|
||||
char *lp_postexec(int );
|
||||
|
@ -1684,6 +1684,31 @@ struct nmb_name {
|
||||
|
||||
#define NEW_PW_FORMAT_SPACE_PADDED_LEN 14
|
||||
|
||||
/*
|
||||
Do you want session setups at user level security with a invalid
|
||||
password to be rejected or allowed in as guest? WinNT rejects them
|
||||
but it can be a pain as it means "net view" needs to use a password
|
||||
|
||||
You have 3 choices in the setting of map_to_guest:
|
||||
|
||||
"NEVER_MAP_TO_GUEST" means session setups with an invalid password
|
||||
are rejected. This is the default.
|
||||
|
||||
"MAP_TO_GUEST_ON_BAD_USER" means session setups with an invalid password
|
||||
are rejected, unless the username does not exist, in which case it
|
||||
is treated as a guest login
|
||||
|
||||
"MAP_TO_GUEST_ON_BAD_PASSWORD" means session setups with an invalid password
|
||||
are treated as a guest login
|
||||
|
||||
Note that map_to_guest only has an effect in user or server
|
||||
level security.
|
||||
*/
|
||||
|
||||
#define NEVER_MAP_TO_GUEST 0
|
||||
#define MAP_TO_GUEST_ON_BAD_USER 1
|
||||
#define MAP_TO_GUEST_ON_BAD_PASSWORD 2
|
||||
|
||||
#endif /* _SMB_H */
|
||||
|
||||
/* _SMB_H */
|
||||
|
@ -182,6 +182,7 @@ typedef struct
|
||||
int machine_password_timeout;
|
||||
int change_notify_timeout;
|
||||
int stat_cache_size;
|
||||
int map_to_guest;
|
||||
#ifdef WITH_LDAP
|
||||
int ldap_port;
|
||||
#endif /* WITH_LDAP */
|
||||
@ -468,6 +469,29 @@ static struct enum_list enum_case[] = {{CASE_LOWER, "lower"}, {CASE_UPPER, "uppe
|
||||
|
||||
static struct enum_list enum_lm_announce[] = {{0, "False"}, {1, "True"}, {2, "Auto"}, {-1, NULL}};
|
||||
|
||||
/*
|
||||
Do you want session setups at user level security with a invalid
|
||||
password to be rejected or allowed in as guest? WinNT rejects them
|
||||
but it can be a pain as it means "net view" needs to use a password
|
||||
|
||||
You have 3 choices in the setting of map_to_guest:
|
||||
|
||||
"Never" means session setups with an invalid password
|
||||
are rejected. This is the default.
|
||||
|
||||
"Bad User" means session setups with an invalid password
|
||||
are rejected, unless the username does not exist, in which case it
|
||||
is treated as a guest login
|
||||
|
||||
"Bad Password" means session setups with an invalid password
|
||||
are treated as a guest login
|
||||
|
||||
Note that map_to_guest only has an effect in user or server
|
||||
level security.
|
||||
*/
|
||||
|
||||
static struct enum_list enum_map_to_guest[] = {{NEVER_MAP_TO_GUEST, "Never"}, {MAP_TO_GUEST_ON_BAD_USER, "Bad User"}, {MAP_TO_GUEST_ON_BAD_PASSWORD, "Bad Password"}, {-1, NULL}};
|
||||
|
||||
#ifdef WITH_SSL
|
||||
static struct enum_list enum_ssl_version[] = {{SMB_SSL_V2, "ssl2"}, {SMB_SSL_V3, "ssl3"},
|
||||
{SMB_SSL_V23, "ssl2or3"}, {SMB_SSL_TLS1, "tls1"}, {-1, NULL}};
|
||||
@ -492,6 +516,7 @@ static struct parm_struct parm_table[] =
|
||||
{"encrypt passwords",P_BOOL, P_GLOBAL, &Globals.bEncryptPasswords, NULL, NULL, FLAG_BASIC},
|
||||
{"update encrypted", P_BOOL, P_GLOBAL, &Globals.bUpdateEncrypt, NULL, NULL, FLAG_BASIC},
|
||||
{"use rhosts", P_BOOL, P_GLOBAL, &Globals.bUseRhosts, NULL, NULL, 0},
|
||||
{"map to guest", P_ENUM, P_GLOBAL, &Globals.map_to_guest, NULL, enum_map_to_guest, 0},
|
||||
{"null passwords", P_BOOL, P_GLOBAL, &Globals.bNullPasswords, NULL, NULL, 0},
|
||||
{"password server", P_STRING, P_GLOBAL, &Globals.szPasswordServer, NULL, NULL, 0},
|
||||
{"smb passwd file", P_STRING, P_GLOBAL, &Globals.szSMBPasswdFile, NULL, NULL, 0},
|
||||
@ -868,6 +893,7 @@ static void init_globals(void)
|
||||
Globals.bNTSmbSupport = True; /* Do NT SMB's by default. */
|
||||
Globals.bNTPipeSupport = True; /* Do NT pipes by default. */
|
||||
Globals.bStatCache = True; /* use stat cache by default */
|
||||
Globals.map_to_guest = 0; /* By Default, "Never" */
|
||||
|
||||
#ifdef WITH_LDAP
|
||||
/* default values for ldap */
|
||||
@ -1187,6 +1213,7 @@ FN_GLOBAL_INTEGER(lp_lm_interval,&Globals.lm_interval)
|
||||
FN_GLOBAL_INTEGER(lp_machine_password_timeout,&Globals.machine_password_timeout)
|
||||
FN_GLOBAL_INTEGER(lp_change_notify_timeout,&Globals.change_notify_timeout)
|
||||
FN_GLOBAL_INTEGER(lp_stat_cache_size,&Globals.stat_cache_size)
|
||||
FN_GLOBAL_INTEGER(lp_map_to_guest,&Globals.map_to_guest)
|
||||
|
||||
#ifdef WITH_LDAP
|
||||
FN_GLOBAL_INTEGER(lp_ldap_port,&Globals.ldap_port)
|
||||
|
@ -222,15 +222,18 @@ static BOOL parse_lpq_bsd(char *line,print_queue_struct *buf,BOOL first)
|
||||
|
||||
char *tok[MAXTOK];
|
||||
int count = 0;
|
||||
pstring line2;
|
||||
|
||||
pstrcpy(line2,line);
|
||||
|
||||
#ifdef OSF1
|
||||
int length;
|
||||
length = strlen(line);
|
||||
if (line[length-3] == ':')
|
||||
length = strlen(line2);
|
||||
if (line2[length-3] == ':')
|
||||
return(False);
|
||||
#endif /* OSF1 */
|
||||
|
||||
tok[0] = strtok(line," \t");
|
||||
tok[0] = strtok(line2," \t");
|
||||
count++;
|
||||
|
||||
while (((tok[count] = strtok(NULL," \t")) != NULL) && (count < MAXTOK)) {
|
||||
|
@ -400,7 +400,7 @@ creates a BUFFER3 structure from a hex string.
|
||||
void make_buffer3_hex(BUFFER3 *str, char *buf)
|
||||
{
|
||||
ZERO_STRUCTP(str);
|
||||
str->buf_max_len = str->buf_len = strhex_to_str(str->buffer, sizeof(str->buffer), buf);
|
||||
str->buf_max_len = str->buf_len = strhex_to_str((char *)str->buffer, sizeof(str->buffer), buf);
|
||||
}
|
||||
|
||||
/*******************************************************************
|
||||
|
@ -90,7 +90,7 @@ void make_reg_q_create_key(REG_Q_CREATE_KEY *q_c, POLICY_HND *hnd,
|
||||
int len_name = name != NULL ? strlen(name ) + 1: 0;
|
||||
int len_class = class != NULL ? strlen(class) + 1: 0;
|
||||
|
||||
static char data[] =
|
||||
static unsigned char data[] =
|
||||
{
|
||||
0x01, 0x00, 0x00, 0x80,
|
||||
0x00, 0x00, 0x00, 0x00,
|
||||
|
@ -471,7 +471,7 @@ void cmd_reg_create_val(struct client_info *info)
|
||||
}
|
||||
|
||||
DEBUG(10,("key data:\n"));
|
||||
dump_data(10, value.buffer, value.buf_len);
|
||||
dump_data(10, (char *)value.buffer, value.buf_len);
|
||||
|
||||
/* open WINREG session. */
|
||||
res = res ? cli_nt_session_open(smb_cli, PIPE_WINREG) : False;
|
||||
|
@ -1245,11 +1245,10 @@ char *get_reg_val_type_str(uint32 type)
|
||||
}
|
||||
default:
|
||||
{
|
||||
snprintf(typestr, sizeof(typestr), "[%d]", type);
|
||||
return typestr;
|
||||
break;
|
||||
}
|
||||
}
|
||||
snprintf(typestr, sizeof(typestr), "[%d]", type);
|
||||
return typestr;
|
||||
}
|
||||
|
||||
|
@ -701,14 +701,21 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int
|
||||
{
|
||||
if (lp_security() >= SEC_USER)
|
||||
{
|
||||
#if (GUEST_SESSSETUP == 0)
|
||||
return(ERROR(ERRSRV,ERRbadpw));
|
||||
#endif
|
||||
#if (GUEST_SESSSETUP == 1)
|
||||
if (Get_Pwnam(user,True))
|
||||
if (lp_map_to_guest() == NEVER_MAP_TO_GUEST)
|
||||
return(ERROR(ERRSRV,ERRbadpw));
|
||||
#endif
|
||||
|
||||
if (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_USER)
|
||||
{
|
||||
if (Get_Pwnam(user,True))
|
||||
return(ERROR(ERRSRV,ERRbadpw));
|
||||
}
|
||||
|
||||
/*
|
||||
* ..else if lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD
|
||||
* Then always map to guest account - as done below.
|
||||
*/
|
||||
}
|
||||
|
||||
if (*smb_apasswd || !Get_Pwnam(user,True))
|
||||
pstrcpy(user,lp_guestaccount(-1));
|
||||
DEBUG(3,("Registered username %s for guest access\n",user));
|
||||
|
@ -52,6 +52,10 @@ static void do_global_checks(void)
|
||||
'security=share' mode.\n");
|
||||
}
|
||||
|
||||
if (lp_security() == SEC_DOMAIN && !lp_encrypted_passwords()) {
|
||||
printf("ERROR: in 'security=domain' mode the 'encrypt passwords' parameter must also be set to 'true'.\n");
|
||||
}
|
||||
|
||||
if (lp_wins_support() && *lp_wins_server()) {
|
||||
printf("ERROR: both 'wins support = true' and 'wins server = <server>' \
|
||||
cannot be set in the smb.conf file. nmbd will abort with this setting.\n");
|
||||
|
Loading…
Reference in New Issue
Block a user