From 9668a5ef50be2e6b575f9989e87ee2ff8da5ac1d Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 10 Nov 1998 20:51:25 +0000 Subject: [PATCH] include/local.h: include/smb.h: param/loadparm.c: Made GUEST_SESSSETUP run time selectable. Horror of horrors :-). printing/printing.c: Added J.F.'s latest fix. rpc_parse/parse_misc.c: parse_reg.c: rpcclient/cmd_reg.c: rpcclient/display.c: SGI compiler signed/unsigned issues. smbd/reply.c: Made GUEST_SESSSETUP run time selectable. Horror of horrors :-). utils/testparm.c: Added extra test. Jeremy. --- source/include/local.h | 23 ----------------------- source/include/ntdomain.h | 2 +- source/include/proto.h | 1 + source/include/smb.h | 25 +++++++++++++++++++++++++ source/param/loadparm.c | 27 +++++++++++++++++++++++++++ source/printing/printing.c | 9 ++++++--- source/rpc_parse/parse_misc.c | 2 +- source/rpc_parse/parse_reg.c | 2 +- source/rpcclient/cmd_reg.c | 2 +- source/rpcclient/display.c | 3 +-- source/smbd/reply.c | 19 +++++++++++++------ source/utils/testparm.c | 4 ++++ 12 files changed, 81 insertions(+), 38 deletions(-) diff --git a/source/include/local.h b/source/include/local.h index c609f65342f..e6e2fd4badb 100644 --- a/source/include/local.h +++ b/source/include/local.h @@ -104,29 +104,6 @@ #define PRIME_NMBD 1 #endif -/* do you want session setups at user level security with a invalid - password to be rejected or allowed in as guest? WinNT rejects them - but it can be a pain as it means "net view" needs to use a password - - You have 3 choices: - - GUEST_SESSSETUP = 0 means session setups with an invalid password - are rejected. - - GUEST_SESSSETUP = 1 means session setups with an invalid password - are rejected, unless the username does not exist, in which case it - is treated as a guest login - - GUEST_SESSSETUP = 2 means session setups with an invalid password - are treated as a guest login - - Note that GUEST_SESSSETUP only has an effect in user or server - level security. - */ -#ifndef GUEST_SESSSETUP -#define GUEST_SESSSETUP 0 -#endif - /* the default pager to use for the client "more" command. Users can override this with the PAGER environment variable */ #ifndef PAGER diff --git a/source/include/ntdomain.h b/source/include/ntdomain.h index 5b53834efe5..edbe87ab8d8 100644 --- a/source/include/ntdomain.h +++ b/source/include/ntdomain.h @@ -32,7 +32,7 @@ #include "rpc_misc.h" /* security descriptor structures */ -#include "rpc_secdes.h" +#include "rpc_secdes.h" /* different dce/rpc pipes */ #include "rpc_lsa.h" diff --git a/source/include/proto.h b/source/include/proto.h index 143f397e0ad..61394c9ad98 100644 --- a/source/include/proto.h +++ b/source/include/proto.h @@ -1035,6 +1035,7 @@ int lp_lm_interval(void); int lp_machine_password_timeout(void); int lp_change_notify_timeout(void); int lp_stat_cache_size(void); +int lp_map_to_guest(void); int lp_ldap_port(void); char *lp_preexec(int ); char *lp_postexec(int ); diff --git a/source/include/smb.h b/source/include/smb.h index a8b0c745b2d..db7b251d65e 100644 --- a/source/include/smb.h +++ b/source/include/smb.h @@ -1684,6 +1684,31 @@ struct nmb_name { #define NEW_PW_FORMAT_SPACE_PADDED_LEN 14 +/* + Do you want session setups at user level security with a invalid + password to be rejected or allowed in as guest? WinNT rejects them + but it can be a pain as it means "net view" needs to use a password + + You have 3 choices in the setting of map_to_guest: + + "NEVER_MAP_TO_GUEST" means session setups with an invalid password + are rejected. This is the default. + + "MAP_TO_GUEST_ON_BAD_USER" means session setups with an invalid password + are rejected, unless the username does not exist, in which case it + is treated as a guest login + + "MAP_TO_GUEST_ON_BAD_PASSWORD" means session setups with an invalid password + are treated as a guest login + + Note that map_to_guest only has an effect in user or server + level security. +*/ + +#define NEVER_MAP_TO_GUEST 0 +#define MAP_TO_GUEST_ON_BAD_USER 1 +#define MAP_TO_GUEST_ON_BAD_PASSWORD 2 + #endif /* _SMB_H */ /* _SMB_H */ diff --git a/source/param/loadparm.c b/source/param/loadparm.c index bfc1b801e77..8b351168586 100644 --- a/source/param/loadparm.c +++ b/source/param/loadparm.c @@ -182,6 +182,7 @@ typedef struct int machine_password_timeout; int change_notify_timeout; int stat_cache_size; + int map_to_guest; #ifdef WITH_LDAP int ldap_port; #endif /* WITH_LDAP */ @@ -468,6 +469,29 @@ static struct enum_list enum_case[] = {{CASE_LOWER, "lower"}, {CASE_UPPER, "uppe static struct enum_list enum_lm_announce[] = {{0, "False"}, {1, "True"}, {2, "Auto"}, {-1, NULL}}; +/* + Do you want session setups at user level security with a invalid + password to be rejected or allowed in as guest? WinNT rejects them + but it can be a pain as it means "net view" needs to use a password + + You have 3 choices in the setting of map_to_guest: + + "Never" means session setups with an invalid password + are rejected. This is the default. + + "Bad User" means session setups with an invalid password + are rejected, unless the username does not exist, in which case it + is treated as a guest login + + "Bad Password" means session setups with an invalid password + are treated as a guest login + + Note that map_to_guest only has an effect in user or server + level security. +*/ + +static struct enum_list enum_map_to_guest[] = {{NEVER_MAP_TO_GUEST, "Never"}, {MAP_TO_GUEST_ON_BAD_USER, "Bad User"}, {MAP_TO_GUEST_ON_BAD_PASSWORD, "Bad Password"}, {-1, NULL}}; + #ifdef WITH_SSL static struct enum_list enum_ssl_version[] = {{SMB_SSL_V2, "ssl2"}, {SMB_SSL_V3, "ssl3"}, {SMB_SSL_V23, "ssl2or3"}, {SMB_SSL_TLS1, "tls1"}, {-1, NULL}}; @@ -492,6 +516,7 @@ static struct parm_struct parm_table[] = {"encrypt passwords",P_BOOL, P_GLOBAL, &Globals.bEncryptPasswords, NULL, NULL, FLAG_BASIC}, {"update encrypted", P_BOOL, P_GLOBAL, &Globals.bUpdateEncrypt, NULL, NULL, FLAG_BASIC}, {"use rhosts", P_BOOL, P_GLOBAL, &Globals.bUseRhosts, NULL, NULL, 0}, + {"map to guest", P_ENUM, P_GLOBAL, &Globals.map_to_guest, NULL, enum_map_to_guest, 0}, {"null passwords", P_BOOL, P_GLOBAL, &Globals.bNullPasswords, NULL, NULL, 0}, {"password server", P_STRING, P_GLOBAL, &Globals.szPasswordServer, NULL, NULL, 0}, {"smb passwd file", P_STRING, P_GLOBAL, &Globals.szSMBPasswdFile, NULL, NULL, 0}, @@ -868,6 +893,7 @@ static void init_globals(void) Globals.bNTSmbSupport = True; /* Do NT SMB's by default. */ Globals.bNTPipeSupport = True; /* Do NT pipes by default. */ Globals.bStatCache = True; /* use stat cache by default */ + Globals.map_to_guest = 0; /* By Default, "Never" */ #ifdef WITH_LDAP /* default values for ldap */ @@ -1187,6 +1213,7 @@ FN_GLOBAL_INTEGER(lp_lm_interval,&Globals.lm_interval) FN_GLOBAL_INTEGER(lp_machine_password_timeout,&Globals.machine_password_timeout) FN_GLOBAL_INTEGER(lp_change_notify_timeout,&Globals.change_notify_timeout) FN_GLOBAL_INTEGER(lp_stat_cache_size,&Globals.stat_cache_size) +FN_GLOBAL_INTEGER(lp_map_to_guest,&Globals.map_to_guest) #ifdef WITH_LDAP FN_GLOBAL_INTEGER(lp_ldap_port,&Globals.ldap_port) diff --git a/source/printing/printing.c b/source/printing/printing.c index faa099c3593..2aecb580473 100644 --- a/source/printing/printing.c +++ b/source/printing/printing.c @@ -222,15 +222,18 @@ static BOOL parse_lpq_bsd(char *line,print_queue_struct *buf,BOOL first) char *tok[MAXTOK]; int count = 0; + pstring line2; + + pstrcpy(line2,line); #ifdef OSF1 int length; - length = strlen(line); - if (line[length-3] == ':') + length = strlen(line2); + if (line2[length-3] == ':') return(False); #endif /* OSF1 */ - tok[0] = strtok(line," \t"); + tok[0] = strtok(line2," \t"); count++; while (((tok[count] = strtok(NULL," \t")) != NULL) && (count < MAXTOK)) { diff --git a/source/rpc_parse/parse_misc.c b/source/rpc_parse/parse_misc.c index 3a74d11e52c..b21057033f0 100644 --- a/source/rpc_parse/parse_misc.c +++ b/source/rpc_parse/parse_misc.c @@ -400,7 +400,7 @@ creates a BUFFER3 structure from a hex string. void make_buffer3_hex(BUFFER3 *str, char *buf) { ZERO_STRUCTP(str); - str->buf_max_len = str->buf_len = strhex_to_str(str->buffer, sizeof(str->buffer), buf); + str->buf_max_len = str->buf_len = strhex_to_str((char *)str->buffer, sizeof(str->buffer), buf); } /******************************************************************* diff --git a/source/rpc_parse/parse_reg.c b/source/rpc_parse/parse_reg.c index 329da974fb4..2c871ab8735 100644 --- a/source/rpc_parse/parse_reg.c +++ b/source/rpc_parse/parse_reg.c @@ -90,7 +90,7 @@ void make_reg_q_create_key(REG_Q_CREATE_KEY *q_c, POLICY_HND *hnd, int len_name = name != NULL ? strlen(name ) + 1: 0; int len_class = class != NULL ? strlen(class) + 1: 0; - static char data[] = + static unsigned char data[] = { 0x01, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, diff --git a/source/rpcclient/cmd_reg.c b/source/rpcclient/cmd_reg.c index 48b6d385bb2..6430db2627a 100644 --- a/source/rpcclient/cmd_reg.c +++ b/source/rpcclient/cmd_reg.c @@ -471,7 +471,7 @@ void cmd_reg_create_val(struct client_info *info) } DEBUG(10,("key data:\n")); - dump_data(10, value.buffer, value.buf_len); + dump_data(10, (char *)value.buffer, value.buf_len); /* open WINREG session. */ res = res ? cli_nt_session_open(smb_cli, PIPE_WINREG) : False; diff --git a/source/rpcclient/display.c b/source/rpcclient/display.c index e173ced009b..c55358bc9c2 100644 --- a/source/rpcclient/display.c +++ b/source/rpcclient/display.c @@ -1245,11 +1245,10 @@ char *get_reg_val_type_str(uint32 type) } default: { - snprintf(typestr, sizeof(typestr), "[%d]", type); - return typestr; break; } } + snprintf(typestr, sizeof(typestr), "[%d]", type); return typestr; } diff --git a/source/smbd/reply.c b/source/smbd/reply.c index 67c2abb9b54..d3131b5fea3 100644 --- a/source/smbd/reply.c +++ b/source/smbd/reply.c @@ -701,14 +701,21 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int { if (lp_security() >= SEC_USER) { -#if (GUEST_SESSSETUP == 0) - return(ERROR(ERRSRV,ERRbadpw)); -#endif -#if (GUEST_SESSSETUP == 1) - if (Get_Pwnam(user,True)) + if (lp_map_to_guest() == NEVER_MAP_TO_GUEST) return(ERROR(ERRSRV,ERRbadpw)); -#endif + + if (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_USER) + { + if (Get_Pwnam(user,True)) + return(ERROR(ERRSRV,ERRbadpw)); + } + + /* + * ..else if lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD + * Then always map to guest account - as done below. + */ } + if (*smb_apasswd || !Get_Pwnam(user,True)) pstrcpy(user,lp_guestaccount(-1)); DEBUG(3,("Registered username %s for guest access\n",user)); diff --git a/source/utils/testparm.c b/source/utils/testparm.c index 6697dc7fd9d..92bf5cb3847 100644 --- a/source/utils/testparm.c +++ b/source/utils/testparm.c @@ -52,6 +52,10 @@ static void do_global_checks(void) 'security=share' mode.\n"); } + if (lp_security() == SEC_DOMAIN && !lp_encrypted_passwords()) { + printf("ERROR: in 'security=domain' mode the 'encrypt passwords' parameter must also be set to 'true'.\n"); + } + if (lp_wins_support() && *lp_wins_server()) { printf("ERROR: both 'wins support = true' and 'wins server = ' \ cannot be set in the smb.conf file. nmbd will abort with this setting.\n");