From a75f1ba9d4b314f793bf7877f329dc420546c4b0 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 22 Nov 2002 02:40:21 +0000
Subject: [PATCH] Add support for 'restrict anonymous=2' and make the doco give
 a slight hint as to what it now does in 3.0.  Needs more work, but better
 than documenting the old functionality :-).

As the security benifits of this are nullified by a setting of 'guest ok' on
any share, we might want to put some documentation there too.

Andrew Bartlett
(This used to be commit ab812ada56b740ac986de8e1f4ca36641ec61c01)
---
 docs/docbook/manpages/smb.conf.5.sgml | 28 +++++----------------------
 source3/param/loadparm.c              |  4 +++-
 2 files changed, 8 insertions(+), 24 deletions(-)

diff --git a/docs/docbook/manpages/smb.conf.5.sgml b/docs/docbook/manpages/smb.conf.5.sgml
index 8452e973290..6ed870ed3ef 100644
--- a/docs/docbook/manpages/smb.conf.5.sgml
+++ b/docs/docbook/manpages/smb.conf.5.sgml
@@ -6544,30 +6544,12 @@
 
 		<varlistentry>
 		<term><anchor id="RESTRICTANONYMOUS">restrict anonymous (G)</term>
-		<listitem><para>This is a boolean parameter.  If it is <constant>yes</constant>, then 
-		anonymous access to the server will be restricted, namely in the 
-		case where the server is expecting the client to send a username, 
-		but it doesn't.  Setting it to <constant>yes</constant> will force these anonymous 
- 		connections to be denied, and the client will be required to always 
-		supply a username and password when connecting. Use of this parameter 
-		is only recommended for homogeneous NT client environments.</para>
+		<listitem><para>This is a integer parameter, and
+		mirrors as much as possible the functinality the
+		<constant>RestrictAnonymous</constant>
+                registry key does on NT/Win2k.  
 
-		<para>This parameter makes the use of macro expansions that rely
-		on the username (%U, %G, etc) consistent.  NT 4.0 
-		likes to use anonymous connections when refreshing the share list, 
-		and this is a way to work around that.</para>
-
-		<para>When restrict anonymous is <constant>yes</constant>, all anonymous connections 
-		are denied no matter what they are for.  This can effect the ability 
-		of a machine to access the Samba Primary Domain Controller to revalidate 
-		its machine account after someone else has logged on the client 
-		interactively.  The NT client will display a message saying that 
-		the machine's account in  the domain doesn't exist or the password is 
-		bad.  The best way to deal  with this is to reboot NT client machines 
-		between interactive logons,  using "Shutdown and Restart", rather 
-		than "Close all programs and logon as a different user".</para>
-
-		<para>Default: <command>restrict anonymous = no</command></para>
+		<para>Default: <command>restrict anonymous = 0</command></para>
 		</listitem>
 		</varlistentry>
 
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index ff2fe48b604..454519aecbd 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -3625,7 +3625,9 @@ BOOL lp_load(const char *pszFname, BOOL global_only, BOOL save_defaults,
 	lp_add_auto_services(lp_auto_services());
 
 	if (add_ipc) {
-		lp_add_ipc("IPC$", True);
+		/* When 'restrict anonymous = 2' guest connections to ipc$
+		   are denied */
+		lp_add_ipc("IPC$", (lp_restrict_anonymous() < 2));
 		lp_add_ipc("ADMIN$", False);
 	}