From d7bb961859a3501aec4d28842bfffb6190d19a73 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 3 Feb 2012 18:03:10 +1100 Subject: [PATCH] s3-auth: Remove security=share (depricated since 3.6). This patch removes security=share, which Samba implemented by matching the per-share password provided by the client in the Tree Connect with a selection of usernames supplied by the client, the smb.conf or guessed from the environment. The rationale for the removal is that for the bulk of security=share users, we just we need a very simple way to run a 'trust the network' Samba server, where users mark shares as guest ok. This is still supported, and the smb.conf options are documented at https://wiki.samba.org/index.php/Public_Samba_Server At the same time, this closes the door on one of the most arcane areas of Samba authentication. Naturally, full user-name/password authentication remain available in security=user and above. This includes documentation updates for username and only user, which now only do a small amount of what they used to do. Andrew Bartlett -------------- / \ / REST \ / IN \ / PEACE \ / \ | SEC_SHARE | | security=share | | | | | | 5 March | | | | 2012 | *| * * * | * _________)/\\_//(\/(/\)/\//\/\///|_)_______ --- docs-xml/manpages-3/smb.conf.5.xml | 53 --- docs-xml/smbdotconf/security/onlyuser.xml | 22 +- docs-xml/smbdotconf/security/security.xml | 109 +----- docs-xml/smbdotconf/security/serverrole.xml | 3 - docs-xml/smbdotconf/security/username.xml | 51 +-- lib/param/loadparm_server_role.c | 7 +- lib/param/param_enums.c | 1 - libds/common/roles.h | 21 +- source3/Makefile.in | 2 +- source3/auth/auth.c | 11 - source3/auth/auth_compat.c | 169 --------- source3/auth/proto.h | 12 - source3/auth/wscript_build | 2 +- source3/libnet/libnet_join.c | 1 - source3/param/loadparm.c | 17 +- source3/smbd/globals.h | 4 - source3/smbd/negprot.c | 1 - source3/smbd/password.c | 397 -------------------- source3/smbd/process.c | 7 +- source3/smbd/proto.h | 10 +- source3/smbd/reply.c | 38 +- source3/smbd/service.c | 114 ++---- source3/smbd/sesssetup.c | 80 ++-- source3/smbd/smb2_tcon.c | 2 +- source3/smbd/uid.c | 23 +- source3/utils/status.c | 4 - source4/param/tests/loadparm.c | 10 - 27 files changed, 103 insertions(+), 1068 deletions(-) delete mode 100644 source3/auth/auth_compat.c diff --git a/docs-xml/manpages-3/smb.conf.5.xml b/docs-xml/manpages-3/smb.conf.5.xml index f5f252ba46d..becea22531c 100644 --- a/docs-xml/manpages-3/smb.conf.5.xml +++ b/docs-xml/manpages-3/smb.conf.5.xml @@ -670,59 +670,6 @@ chmod 1770 /usr/local/samba/lib/usershares - - NOTE ABOUT USERNAME/PASSWORD VALIDATION - - - There are a number of ways in which a user can connect to a service. The server uses the following steps - in determining if it will allow a connection to a specified service. If all the steps fail, the connection - request is rejected. However, if one of the steps succeeds, the following steps are not checked. - - - - If the service is marked guest only = yes and the server is running with share-level - security (security = share, steps 1 to 5 are skipped. - - - - - - If the client has passed a username/password pair and that username/password pair is validated by the UNIX - system's password programs, the connection is made as that username. This includes the - \\server\service%username method of passing a username. - - - - If the client has previously registered a username with the system and now supplies a correct password for that - username, the connection is allowed. - - - - The client's NetBIOS name and any previously used usernames are checked against the supplied password. If - they match, the connection is allowed as the corresponding user. - - - - If the client has previously validated a username/password pair with the server and the client has passed - the validation token, that username is used. - - - - If a user = field is given in the smb.conf file for the - service and the client has supplied a password, and that password matches (according to the UNIX system's - password checking) with one of the usernames from the user = field, the connection is made as - the username in the user = line. If one of the usernames in the user = list - begins with a @, that name expands to a list of names in the group of the same name. - - - - If the service is a guest service, a connection is made as the username given in the guest account - = for the service, irrespective of the supplied password. - - - - - REGISTRY-BASED CONFIGURATION diff --git a/docs-xml/smbdotconf/security/onlyuser.xml b/docs-xml/smbdotconf/security/onlyuser.xml index b1ef1b76060..ed1bbd53e3d 100644 --- a/docs-xml/smbdotconf/security/onlyuser.xml +++ b/docs-xml/smbdotconf/security/onlyuser.xml @@ -3,20 +3,16 @@ context="S" xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> - This is a boolean option that controls whether - connections with usernames not in the user - list will be allowed. By default this option is disabled so that a - client can supply a username to be used by the server. Enabling - this parameter will force the server to only use the login - names from the user list and is only really - useful in share level security. + To restrict a service to a particular set of users you + can use the parameter. + + This parameter is deprecated + + However, it currently operates only in conjunction with + . The supported way to restrict + a service to a particular set of users is the + parameter. - Note that this also means Samba won't try to deduce - usernames from the service name. This can be annoying for - the [homes] section. To get around this you could use user = - %S which means your user list - will be just the service name, which for home directories is the - name of the user. user diff --git a/docs-xml/smbdotconf/security/security.xml b/docs-xml/smbdotconf/security/security.xml index 74ea569b863..2575d77b992 100644 --- a/docs-xml/smbdotconf/security/security.xml +++ b/docs-xml/smbdotconf/security/security.xml @@ -11,34 +11,18 @@ Samba and is one of the most important settings in the smb.conf file. - The option sets the "security mode bit" in replies to - protocol negotiations with smbd - 8 to turn share level security on or off. Clients decide - based on this bit whether (and how) to transfer user and password - information to the server. - - The default is security = user, as this is - the most common setting needed when talking to Windows 98 and - Windows NT. + the most common setting, used for a standalone file server or a DC. The alternatives are security = ads or security = domain - , which support joining Samba to a Windows domain, along with security = share and security = server, both of which are deprecated. - - In versions of Samba prior to 2.0.0, the default was - security = share mainly because that was - the only option at one stage. + , which support joining Samba to a Windows domain, along with security = server, which is deprecated. You should use security = user and if you want to mainly setup shares without a password (guest shares). This is commonly used for a shared printer server. - It is possible to use smbd in a - hybrid mode where it is offers both user and share - level security under different . - The different settings will now be explained. @@ -65,8 +49,6 @@ the server to automatically map unknown users into the . See the parameter for details on doing this. - See also the section NOTE ABOUT USERNAME/PASSWORD VALIDATION. - SECURITY = DOMAIN This mode will only work correctly if net @@ -94,93 +76,9 @@ the server to automatically map unknown users into the . See the parameter for details on doing this. - See also the section - NOTE ABOUT USERNAME/PASSWORD VALIDATION. - See also the parameter and the parameter. - SECURITY = SHARE - - This option is deprecated as it is incompatible with SMB2 - - When clients connect to a share level security server, they - need not log onto the server with a valid username and password before - attempting to connect to a shared resource (although modern clients - such as Windows 95/98 and Windows NT will send a logon request with - a username but no password when talking to a security = share - server). Instead, the clients send authentication information - (passwords) on a per-share basis, at the time they attempt to connect - to that share. - - Note that smbd ALWAYS - uses a valid UNIX user to act on behalf of the client, even in - security = share level security. - - As clients are not required to send a username to the server - in share level security, smbd uses several - techniques to determine the correct UNIX user to use on behalf - of the client. - - A list of possible UNIX usernames to match with the given - client password is constructed using the following methods : - - - - If the parameter is set, then all the other - stages are missed and only the username is checked. - - - - - Is a username is sent with the share connection - request, then this username (after mapping - see ), - is added as a potential username. - - - - - If the client did a previous logon - request (the SessionSetup SMB call) then the - username sent in this SMB will be added as a potential username. - - - - - The name of the service the client requested is - added as a potential username. - - - - - The NetBIOS name of the client is added to - the list as a potential username. - - - - - Any users on the list are added as potential usernames. - - - - - If the guest only parameter is - not set, then this list is then tried with the supplied password. - The first user for whom the password matches will be used as the - UNIX user. - - If the guest only parameter is - set, or no username can be determined then if the share is marked - as available to the guest account, then this - guest user will be used, otherwise access is denied. - - Note that it can be very confusing - in share-level security as to which UNIX username will eventually - be used in granting access. - - See also the section - NOTE ABOUT USERNAME/PASSWORD VALIDATION. - SECURITY = SERVER @@ -221,9 +119,6 @@ the server to automatically map unknown users into the . See the parameter for details on doing this. - See also the section - NOTE ABOUT USERNAME/PASSWORD VALIDATION. - See also the parameter and the parameter. diff --git a/docs-xml/smbdotconf/security/serverrole.xml b/docs-xml/smbdotconf/security/serverrole.xml index 5832887040e..e4e65c297be 100644 --- a/docs-xml/smbdotconf/security/serverrole.xml +++ b/docs-xml/smbdotconf/security/serverrole.xml @@ -51,9 +51,6 @@ exist as well as the account on the Domain Controller to allow Samba to have a valid UNIX account to map file access to. Winbind can provide this. - See also the section - NOTE ABOUT USERNAME/PASSWORD VALIDATION. - SERVER ROLE = DOMAIN CONTROLLER This mode of operation runs Samba as a domain controller, providing domain logon services to Windows and Samba clients of the domain. Clients must be joined to the domain to create a secure, trusted path across the network. diff --git a/docs-xml/smbdotconf/security/username.xml b/docs-xml/smbdotconf/security/username.xml index 19d8a2ecfd5..a85076c7374 100644 --- a/docs-xml/smbdotconf/security/username.xml +++ b/docs-xml/smbdotconf/security/username.xml @@ -5,57 +5,16 @@ user users - Multiple users may be specified in a comma-delimited - list, in which case the supplied password will be tested against - each username in turn (left to right). - - The deprecated username line is needed only when - the PC is unable to supply its own username. This is the case - for the COREPLUS protocol or where your users have different WfWg - usernames to UNIX usernames. In both these cases you may also be - better using the \\server\share%user syntax instead. - - The username line is not a great - solution in many cases as it means Samba will try to validate - the supplied password against each of the usernames in the - username line in turn. This is slow and - a bad idea for lots of users in case of duplicate passwords. - You may get timeouts or security breaches using this parameter - unwisely. - - Samba relies on the underlying UNIX security. This - parameter does not restrict who can login, it just offers hints - to the Samba server as to what usernames might correspond to the - supplied password. Users can login as whoever they please and - they will be able to do no more damage than if they started a - telnet session. The daemon runs as the user that they log in as, - so they cannot do anything that user cannot do. - To restrict a service to a particular set of users you can use the parameter. - If any of the usernames begin with a '@' then the name - will be looked up first in the NIS netgroups list (if Samba - is compiled with netgroup support), followed by a lookup in - the UNIX groups database and will expand to a list of all users - in the group of that name. - - If any of the usernames begin with a '+' then the name - will be looked up only in the UNIX groups database and will - expand to a list of all users in the group of that name. + This parameter is deprecated - If any of the usernames begin with a '&' then the name - will be looked up only in the NIS netgroups database (if Samba - is compiled with netgroup support) and will expand to a list - of all users in the netgroup group of that name. + However, it currently operates only in conjunction with + . The supported way to restrict + a service to a particular set of users is the + parameter. - Note that searching though a groups database can take - quite some time, and some clients may time out during the - search. - - See the section NOTE ABOUT - USERNAME/PASSWORD VALIDATION for more information on how - this parameter determines access to the services. The guest account if a guest service, diff --git a/lib/param/loadparm_server_role.c b/lib/param/loadparm_server_role.c index 36551593a81..4ba54b91316 100644 --- a/lib/param/loadparm_server_role.c +++ b/lib/param/loadparm_server_role.c @@ -73,11 +73,6 @@ int lp_find_server_role(int server_role, int security, int domain_logons, int do role = ROLE_STANDALONE; switch (security) { - case SEC_SHARE: - if (domain_logons) { - DEBUG(0, ("Server's Role (logon server) conflicts with share-level security\n")); - } - break; case SEC_SERVER: if (domain_logons) { DEBUG(0, ("Server's Role (logon server) conflicts with server-level security\n")); @@ -162,7 +157,7 @@ bool lp_is_security_and_server_role_valid(int server_role, int security) valid = true; break; case ROLE_STANDALONE: - if (security == SEC_SHARE || security == SEC_SERVER || security == SEC_USER) { + if (security == SEC_SERVER || security == SEC_USER) { valid = true; } break; diff --git a/lib/param/param_enums.c b/lib/param/param_enums.c index 606520828c1..42839b41a4f 100644 --- a/lib/param/param_enums.c +++ b/lib/param/param_enums.c @@ -44,7 +44,6 @@ static const struct enum_list enum_protocol[] = { static const struct enum_list enum_security[] = { {SEC_AUTO, "AUTO"}, - {SEC_SHARE, "SHARE"}, {SEC_USER, "USER"}, {SEC_SERVER, "SERVER"}, {SEC_DOMAIN, "DOMAIN"}, diff --git a/libds/common/roles.h b/libds/common/roles.h index 19ea1c4dabc..90281ba788e 100644 --- a/libds/common/roles.h +++ b/libds/common/roles.h @@ -42,9 +42,26 @@ enum server_role { */ #define ROLE_DOMAIN_CONTROLLER ROLE_DOMAIN_BDC -/* security levels for 'security =' option */ +/* security levels for 'security =' option + + -------------- + / \ + / REST \ + / IN \ + / PEACE \ + / \ + | SEC_SHARE | + | security=share | + | | + | | + | 5 March | + | | + | 2012 | + *| * * * | * + _________)/\\_//(\/(/\)/\//\/\///|_)_______ + + */ enum security_types {SEC_AUTO = 0, - SEC_SHARE = 1, SEC_USER = 2, SEC_SERVER = 3, SEC_DOMAIN = 4, diff --git a/source3/Makefile.in b/source3/Makefile.in index d64c5022fa3..2b0002bbf09 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -912,7 +912,7 @@ AUTH_OBJ = auth/auth.o @AUTH_STATIC@ auth/auth_util.o auth/token_util.o \ auth/user_info.o \ auth/user_util.o \ auth/user_krb5.o \ - auth/auth_compat.o auth/auth_ntlmssp.o auth/auth_generic.o \ + auth/auth_ntlmssp.o auth/auth_generic.o \ $(PLAINTEXT_AUTH_OBJ) $(SLCACHE_OBJ) $(DCUTIL_OBJ) MANGLE_OBJ = smbd/mangle.o smbd/mangle_hash.o smbd/mangle_hash2.o diff --git a/source3/auth/auth.c b/source3/auth/auth.c index 1c813a429ad..0c910656051 100644 --- a/source3/auth/auth.c +++ b/source3/auth/auth.c @@ -523,17 +523,6 @@ NTSTATUS make_auth_context_subsystem(TALLOC_CTX *mem_ctx, talloc_tos(), "guest unix", NULL); } break; - case SEC_SHARE: - if (lp_encrypted_passwords()) { - DEBUG(5,("Making default auth method list for security=share, encrypt passwords = yes\n")); - auth_method_list = str_list_make_v3( - talloc_tos(), "guest sam", NULL); - } else { - DEBUG(5,("Making default auth method list for security=share, encrypt passwords = no\n")); - auth_method_list = str_list_make_v3( - talloc_tos(), "guest unix", NULL); - } - break; case SEC_ADS: DEBUG(5,("Making default auth method list for security=ADS\n")); auth_method_list = str_list_make_v3( diff --git a/source3/auth/auth_compat.c b/source3/auth/auth_compat.c deleted file mode 100644 index e7225a27562..00000000000 --- a/source3/auth/auth_compat.c +++ /dev/null @@ -1,169 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Password and authentication handling - Copyright (C) Andrew Bartlett 2001-2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -#include "includes.h" -#include "auth.h" -#include "../lib/tsocket/tsocket.h" - -extern struct auth_context *negprot_global_auth_context; -extern bool global_encrypted_passwords_negotiated; - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_AUTH - -/**************************************************************************** - COMPATIBILITY INTERFACES: - ***************************************************************************/ - -/**************************************************************************** -check if a username/password is OK assuming the password is in plaintext -return True if the password is correct, False otherwise -****************************************************************************/ - -NTSTATUS check_plaintext_password(const char *smb_name, - const struct tsocket_address *remote_address, - DATA_BLOB plaintext_blob, - struct auth_serversupplied_info **server_info) -{ - struct auth_context *plaintext_auth_context = NULL; - struct auth_usersupplied_info *user_info = NULL; - uint8_t chal[8]; - NTSTATUS nt_status; - - nt_status = make_auth_context_subsystem(talloc_tos(), - &plaintext_auth_context); - if (!NT_STATUS_IS_OK(nt_status)) { - return nt_status; - } - - plaintext_auth_context->get_ntlm_challenge(plaintext_auth_context, - chal); - - if (!make_user_info_for_reply(&user_info, - smb_name, lp_workgroup(), - remote_address, - chal, - plaintext_blob)) { - return NT_STATUS_NO_MEMORY; - } - - nt_status = plaintext_auth_context->check_ntlm_password(plaintext_auth_context, - user_info, server_info); - - TALLOC_FREE(plaintext_auth_context); - free_user_info(&user_info); - return nt_status; -} - -static NTSTATUS pass_check_smb(struct auth_context *actx, - const char *smb_name, - const char *domain, - const struct tsocket_address *remote_address, - DATA_BLOB lm_pwd, - DATA_BLOB nt_pwd) - -{ - NTSTATUS nt_status; - struct auth_serversupplied_info *server_info = NULL; - struct auth_usersupplied_info *user_info = NULL; - if (actx == NULL) { - return NT_STATUS_INTERNAL_ERROR; - } - make_user_info_for_reply_enc(&user_info, smb_name, - domain, - remote_address, - lm_pwd, - nt_pwd); - nt_status = actx->check_ntlm_password(actx, user_info, &server_info); - free_user_info(&user_info); - TALLOC_FREE(server_info); - return nt_status; -} - -/**************************************************************************** -check if a username/password pair is ok via the auth subsystem. -return True if the password is correct, False otherwise -****************************************************************************/ - -bool password_ok(struct auth_context *actx, bool global_encrypted, - const char *session_workgroup, - const char *smb_name, - const struct tsocket_address *remote_address, - DATA_BLOB password_blob) -{ - - DATA_BLOB null_password = data_blob_null; - bool encrypted = (global_encrypted && (password_blob.length == 24 || password_blob.length > 46)); - - if (encrypted) { - /* - * The password could be either NTLM or plain LM. Try NTLM first, - * but fall-through as required. - * Vista sends NTLMv2 here - we need to try the client given workgroup. - */ - if (session_workgroup) { - if (NT_STATUS_IS_OK(pass_check_smb(actx, - smb_name, - session_workgroup, - remote_address, - null_password, - password_blob))) { - return True; - } - if (NT_STATUS_IS_OK(pass_check_smb(actx, - smb_name, - session_workgroup, - remote_address, - password_blob, - null_password))) { - return True; - } - } - - if (NT_STATUS_IS_OK(pass_check_smb(actx, - smb_name, - lp_workgroup(), - remote_address, - null_password, - password_blob))) { - return True; - } - - if (NT_STATUS_IS_OK(pass_check_smb(actx, - smb_name, - lp_workgroup(), - remote_address, - password_blob, - null_password))) { - return True; - } - } else { - struct auth_serversupplied_info *server_info = NULL; - NTSTATUS nt_status = check_plaintext_password(smb_name, - remote_address, - password_blob, - &server_info); - TALLOC_FREE(server_info); - if (NT_STATUS_IS_OK(nt_status)) { - return True; - } - } - - return False; -} diff --git a/source3/auth/proto.h b/source3/auth/proto.h index c68b99af906..04f94ae84bc 100644 --- a/source3/auth/proto.h +++ b/source3/auth/proto.h @@ -48,18 +48,6 @@ NTSTATUS make_auth_context_fixed(TALLOC_CTX *mem_ctx, NTSTATUS auth_builtin_init(void); -/* The following definitions come from auth/auth_compat.c */ - -NTSTATUS check_plaintext_password(const char *smb_name, - const struct tsocket_address *remote_address, - DATA_BLOB plaintext_password, - struct auth_serversupplied_info **server_info); -bool password_ok(struct auth_context *actx, bool global_encrypted, - const char *session_workgroup, - const char *smb_name, - const struct tsocket_address *remote_address, - DATA_BLOB password_blob); - /* The following definitions come from auth/auth_domain.c */ void attempt_machine_password_change(void); diff --git a/source3/auth/wscript_build b/source3/auth/wscript_build index 0dba13f7cb3..cf0db42431c 100644 --- a/source3/auth/wscript_build +++ b/source3/auth/wscript_build @@ -12,7 +12,7 @@ AUTH_NETLOGOND_SRC = 'auth_netlogond.c' AUTH_SRC = '''auth.c user_krb5.c - auth_compat.c auth_ntlmssp.c auth_generic.c''' + auth_ntlmssp.c auth_generic.c''' bld.SAMBA3_SUBSYSTEM('TOKEN_UTIL', source='token_util.c', diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 5a36d3422d5..1736ba65fad 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1892,7 +1892,6 @@ static WERROR libnet_join_check_config(TALLOC_CTX *mem_ctx, if (!valid_security) { const char *sec = NULL; switch (lp_security()) { - case SEC_SHARE: sec = "share"; break; case SEC_USER: sec = "user"; break; case SEC_DOMAIN: sec = "domain"; break; case SEC_ADS: sec = "ads"; break; diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 382a273f386..453c8fd8759 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -5286,18 +5286,7 @@ FN_GLOBAL_INTEGER(lp_passwordlevel, pwordlevel) FN_GLOBAL_INTEGER(lp_usernamelevel, unamelevel) FN_GLOBAL_INTEGER(lp_deadtime, deadtime) FN_GLOBAL_BOOL(lp_getwd_cache, getwd_cache) -static FN_GLOBAL_INTEGER(_lp_srv_maxprotocol, srv_maxprotocol) -int lp_srv_maxprotocol(void) -{ - int ret = _lp_srv_maxprotocol(); - if ((ret >= PROTOCOL_SMB2_02) && (lp_security() == SEC_SHARE)) { - DEBUG(2,("WARNING!!: \"security = share\" is incompatible " - "with the SMB2 protocol. Resetting to SMB1.\n" )); - lp_do_parameter(-1, "server max protocol", "NT1"); - return PROTOCOL_NT1; - } - return ret; -} +FN_GLOBAL_INTEGER(lp_srv_maxprotocol, srv_maxprotocol) FN_GLOBAL_INTEGER(lp_srv_minprotocol, srv_minprotocol) FN_GLOBAL_INTEGER(lp_security, security) FN_GLOBAL_LIST(lp_auth_methods, AuthMethods) @@ -9050,9 +9039,7 @@ static bool lp_load_ex(const char *pszFname, set_allowed_client_auth(); - if (lp_security() == SEC_SHARE) { - DEBUG(1, ("WARNING: The security=share option is deprecated\n")); - } else if (lp_security() == SEC_SERVER) { + if (lp_security() == SEC_SERVER) { DEBUG(1, ("WARNING: The security=server option is deprecated\n")); } diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h index 0c4b3b71a4f..075dc564d96 100644 --- a/source3/smbd/globals.h +++ b/source3/smbd/globals.h @@ -531,10 +531,6 @@ struct smbd_server_connection { int max_send; uint16_t last_session_tag; - /* users from session setup */ - char *session_userlist; - /* workgroup from session setup. */ - char *session_workgroup; /* * this holds info on user ids that are already * validated for this VC diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c index 2f3fd450ca3..8a6b509fea0 100644 --- a/source3/smbd/negprot.c +++ b/source3/smbd/negprot.c @@ -299,7 +299,6 @@ static void reply_nt1(struct smb_request *req, uint16 choice) supports it and we can do encrypted passwords */ if (sconn->smb1.negprot.encrypted_passwords && - (lp_security() != SEC_SHARE) && lp_use_spnego() && (req->flags2 & FLAGS2_EXTENDED_SECURITY)) { negotiate_spnego = True; diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 9df99ef6b12..27ba3bd01b9 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -172,12 +172,6 @@ int register_initial_vuid(struct smbd_server_connection *sconn) { user_struct *vuser; - /* Paranoia check. */ - if(lp_security() == SEC_SHARE) { - smb_panic("register_initial_vuid: " - "Tried to register uid in security=share"); - } - /* Limit allowed vuids to 16bits - VUID_OFFSET. */ if (sconn->smb1.sessions.num_validated_vuids >= 0xFFFF-VUID_OFFSET) { return UID_FIELD_INVALID; @@ -352,394 +346,3 @@ int register_existing_vuid(struct smbd_server_connection *sconn, } return UID_FIELD_INVALID; } - -/**************************************************************************** - Add a name to the session users list. -****************************************************************************/ - -void add_session_user(struct smbd_server_connection *sconn, - const char *user) -{ - struct passwd *pw; - char *tmp; - - pw = Get_Pwnam_alloc(talloc_tos(), user); - - if (pw == NULL) { - return; - } - - if (sconn->smb1.sessions.session_userlist == NULL) { - sconn->smb1.sessions.session_userlist = SMB_STRDUP(pw->pw_name); - goto done; - } - - if (in_list(pw->pw_name,sconn->smb1.sessions.session_userlist,false)) { - goto done; - } - - if (strlen(sconn->smb1.sessions.session_userlist) > 128 * 1024) { - DEBUG(3,("add_session_user: session userlist already " - "too large.\n")); - goto done; - } - - if (asprintf(&tmp, "%s %s", - sconn->smb1.sessions.session_userlist, pw->pw_name) == -1) { - DEBUG(3, ("asprintf failed\n")); - goto done; - } - - SAFE_FREE(sconn->smb1.sessions.session_userlist); - sconn->smb1.sessions.session_userlist = tmp; - done: - TALLOC_FREE(pw); -} - -/**************************************************************************** - In security=share mode we need to store the client workgroup, as that's - what Vista uses for the NTLMv2 calculation. -****************************************************************************/ - -void add_session_workgroup(struct smbd_server_connection *sconn, - const char *workgroup) -{ - if (sconn->smb1.sessions.session_workgroup) { - SAFE_FREE(sconn->smb1.sessions.session_workgroup); - } - sconn->smb1.sessions.session_workgroup = smb_xstrdup(workgroup); -} - -/**************************************************************************** - In security=share mode we need to return the client workgroup, as that's - what Vista uses for the NTLMv2 calculation. -****************************************************************************/ - -const char *get_session_workgroup(struct smbd_server_connection *sconn) -{ - return sconn->smb1.sessions.session_workgroup; -} - -/**************************************************************************** - Check if a username is valid. -****************************************************************************/ - -static bool user_ok(const char *user, int snum) -{ - bool ret; - - ret = True; - - if (lp_invalid_users(snum)) { - char **invalid = str_list_copy(talloc_tos(), - lp_invalid_users(snum)); - if (invalid && - str_list_substitute(invalid, "%S", lp_servicename(snum))) { - - /* This is used in sec=share only, so no current user - * around to pass to str_list_sub_basic() */ - - if ( invalid && str_list_sub_basic(invalid, "", "") ) { - ret = !user_in_list(talloc_tos(), user, - (const char **)invalid); - } - } - TALLOC_FREE(invalid); - } - - if (ret && lp_valid_users(snum)) { - char **valid = str_list_copy(talloc_tos(), - lp_valid_users(snum)); - if ( valid && - str_list_substitute(valid, "%S", lp_servicename(snum)) ) { - - /* This is used in sec=share only, so no current user - * around to pass to str_list_sub_basic() */ - - if ( valid && str_list_sub_basic(valid, "", "") ) { - ret = user_in_list(talloc_tos(), user, - (const char **)valid); - } - } - TALLOC_FREE(valid); - } - - if (ret && lp_onlyuser(snum)) { - char **user_list = str_list_make_v3( - talloc_tos(), lp_username(snum), NULL); - if (user_list && - str_list_substitute(user_list, "%S", - lp_servicename(snum))) { - ret = user_in_list(talloc_tos(), user, - (const char **)user_list); - } - TALLOC_FREE(user_list); - } - - return(ret); -} - -/**************************************************************************** - Validate a group username entry. Return the username or NULL. -****************************************************************************/ - -static char *validate_group(struct smbd_server_connection *sconn, - char *group, DATA_BLOB password,int snum) -{ -#ifdef HAVE_NETGROUP - { - char *host, *user, *domain; - struct auth_context *actx = sconn->smb1.negprot.auth_context; - bool enc = sconn->smb1.negprot.encrypted_passwords; - setnetgrent(group); - while (getnetgrent(&host, &user, &domain)) { - if (user) { - if (user_ok(user, snum) && - password_ok(actx, enc, - get_session_workgroup(sconn), - user, - sconn->remote_address, - password)) { - endnetgrent(); - return(user); - } - } - } - endnetgrent(); - } -#endif - -#ifdef HAVE_GETGRENT - { - struct group *gptr; - struct auth_context *actx = sconn->smb1.negprot.auth_context; - bool enc = sconn->smb1.negprot.encrypted_passwords; - - setgrent(); - while ((gptr = (struct group *)getgrent())) { - if (strequal(gptr->gr_name,group)) - break; - } - - /* - * As user_ok can recurse doing a getgrent(), we must - * copy the member list onto the heap before - * use. Bug pointed out by leon@eatworms.swmed.edu. - */ - - if (gptr) { - char *member_list = NULL; - size_t list_len = 0; - char *member; - int i; - - for(i = 0; gptr->gr_mem && gptr->gr_mem[i]; i++) { - list_len += strlen(gptr->gr_mem[i])+1; - } - list_len++; - - member_list = (char *)SMB_MALLOC(list_len); - if (!member_list) { - endgrent(); - return NULL; - } - - *member_list = '\0'; - member = member_list; - - for(i = 0; gptr->gr_mem && gptr->gr_mem[i]; i++) { - size_t member_len = strlen(gptr->gr_mem[i])+1; - - DEBUG(10,("validate_group: = gr_mem = " - "%s\n", gptr->gr_mem[i])); - - strlcpy(member, gptr->gr_mem[i], - list_len - (member-member_list)); - member += member_len; - } - - endgrent(); - - member = member_list; - while (*member) { - if (user_ok(member,snum) && - password_ok(actx, enc, - get_session_workgroup(sconn), - member, - sconn->remote_address, - password)) { - char *name = talloc_strdup(talloc_tos(), - member); - SAFE_FREE(member_list); - return name; - } - - DEBUG(10,("validate_group = member = %s\n", - member)); - - member += strlen(member) + 1; - } - - SAFE_FREE(member_list); - } else { - endgrent(); - return NULL; - } - } -#endif - return(NULL); -} - -/**************************************************************************** - Check for authority to login to a service with a given username/password. - Note this is *NOT* used when logging on using sessionsetup_and_X. -****************************************************************************/ - -bool authorise_login(struct smbd_server_connection *sconn, - int snum, fstring user, DATA_BLOB password, - bool *guest) -{ - bool ok = False; - struct auth_context *actx = sconn->smb1.negprot.auth_context; - bool enc = sconn->smb1.negprot.encrypted_passwords; - -#ifdef DEBUG_PASSWORD - DEBUG(100,("authorise_login: checking authorisation on " - "user=%s pass=%s\n", user,password.data)); -#endif - - *guest = False; - - /* there are several possibilities: - 1) login as the given user with given password - 2) login as a previously registered username with the given - password - 3) login as a session list username with the given password - 4) login as a previously validated user/password pair - 5) login as the "user =" user with given password - 6) login as the "user =" user with no password - (guest connection) - 7) login as guest user with no password - - if the service is guest_only then steps 1 to 5 are skipped - */ - - /* now check the list of session users */ - if (!ok) { - char *auser; - char *user_list = NULL; - char *saveptr; - - if (sconn->smb1.sessions.session_userlist) - user_list = SMB_STRDUP(sconn->smb1.sessions.session_userlist); - else - user_list = SMB_STRDUP(""); - - if (!user_list) - return(False); - - for (auser = strtok_r(user_list, LIST_SEP, &saveptr); - !ok && auser; - auser = strtok_r(NULL, LIST_SEP, &saveptr)) { - fstring user2; - fstrcpy(user2,auser); - if (!user_ok(user2,snum)) - continue; - - if (password_ok(actx, enc, - get_session_workgroup(sconn), - user2, - sconn->remote_address, - password)) { - ok = True; - strlcpy(user,user2,sizeof(fstring)); - DEBUG(3,("authorise_login: ACCEPTED: session " - "list username (%s) and given " - "password ok\n", user)); - } - } - - SAFE_FREE(user_list); - } - - /* check the user= fields and the given password */ - if (!ok && lp_username(snum)) { - TALLOC_CTX *ctx = talloc_tos(); - char *auser; - char *user_list = talloc_strdup(ctx, lp_username(snum)); - char *saveptr; - - if (!user_list) { - goto check_guest; - } - - user_list = talloc_string_sub(ctx, - user_list, - "%S", - lp_servicename(snum)); - - if (!user_list) { - goto check_guest; - } - - for (auser = strtok_r(user_list, LIST_SEP, &saveptr); - auser && !ok; - auser = strtok_r(NULL, LIST_SEP, &saveptr)) { - if (*auser == '@') { - auser = validate_group(sconn,auser+1, - password,snum); - if (auser) { - ok = True; - fstrcpy(user,auser); - DEBUG(3,("authorise_login: ACCEPTED: " - "group username and given " - "password ok (%s)\n", user)); - } - } else { - fstring user2; - fstrcpy(user2,auser); - if (user_ok(user2,snum) && - password_ok(actx, enc, - get_session_workgroup(sconn), - user2, - sconn->remote_address, - password)) { - ok = True; - strlcpy(user,user2,sizeof(fstring)); - DEBUG(3,("authorise_login: ACCEPTED: " - "user list username and " - "given password ok (%s)\n", - user)); - } - } - } - } - - check_guest: - - /* check for a normal guest connection */ - if (!ok && GUEST_OK(snum)) { - struct passwd *guest_pw; - fstring guestname; - fstrcpy(guestname,lp_guestaccount()); - guest_pw = Get_Pwnam_alloc(talloc_tos(), guestname); - if (guest_pw != NULL) { - strlcpy(user,guestname,sizeof(fstring)); - ok = True; - DEBUG(3,("authorise_login: ACCEPTED: guest account " - "and guest ok (%s)\n", user)); - } else { - DEBUG(0,("authorise_login: Invalid guest account " - "%s??\n",guestname)); - } - TALLOC_FREE(guest_pw); - *guest = True; - } - - if (ok && !user_ok(user, snum)) { - DEBUG(0,("authorise_login: rejected invalid user %s\n",user)); - ok = False; - } - - return(ok); -} diff --git a/source3/smbd/process.c b/source3/smbd/process.c index 6ffc06700f9..6c927554f11 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -1364,8 +1364,7 @@ static connection_struct *switch_message(uint8 type, struct smb_request *req, in flags = smb_messages[type].flags; /* In share mode security we must ignore the vuid. */ - session_tag = (lp_security() == SEC_SHARE) - ? UID_FIELD_INVALID : req->vuid; + session_tag = req->vuid; conn = req->conn; DEBUG(3,("switch message %s (pid %d) conn 0x%lx\n", smb_fn_name(type), @@ -3257,10 +3256,6 @@ void smbd_process(struct tevent_context *ev_ctx, sconn->smb1.sessions.done_sesssetup = false; sconn->smb1.sessions.max_send = BUFFER_SIZE; sconn->smb1.sessions.last_session_tag = UID_FIELD_INVALID; - /* users from session setup */ - sconn->smb1.sessions.session_userlist = NULL; - /* workgroup from session setup. */ - sconn->smb1.sessions.session_workgroup = NULL; /* this holds info on user ids that are already validated for this VC */ sconn->smb1.sessions.validated_users = NULL; sconn->smb1.sessions.next_vuid = VUID_OFFSET; diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h index 599180084ef..7321ca698f5 100644 --- a/source3/smbd/proto.h +++ b/source3/smbd/proto.h @@ -707,13 +707,6 @@ int register_existing_vuid(struct smbd_server_connection *sconn, uint16 vuid, struct auth_session_info *session_info, DATA_BLOB response_blob); -void add_session_user(struct smbd_server_connection *sconn, const char *user); -void add_session_workgroup(struct smbd_server_connection *sconn, - const char *workgroup); -const char *get_session_workgroup(struct smbd_server_connection *sconn); -bool authorise_login(struct smbd_server_connection *sconn, - int snum, fstring user, DATA_BLOB password, - bool *guest); /* The following definitions come from smbd/pipes.c */ @@ -986,11 +979,10 @@ struct smbd_smb2_tcon; connection_struct *make_connection_smb2(struct smbd_server_connection *sconn, struct smbd_smb2_tcon *tcon, user_struct *vuser, - DATA_BLOB password, const char *pdev, NTSTATUS *pstatus); connection_struct *make_connection(struct smbd_server_connection *sconn, - const char *service_in, DATA_BLOB password, + const char *service_in, const char *pdev, uint16 vuid, NTSTATUS *status); void close_cnum(connection_struct *conn, uint16 vuid); diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 0ab764c2d4a..26a928f1b4f 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -599,13 +599,6 @@ void reply_special(struct smbd_server_connection *sconn, char *inbuf, size_t inb break; } - /* only add the client's machine name to the list - of possibly valid usernames if we are operating - in share mode security */ - if (lp_security() == SEC_SHARE) { - add_session_user(sconn, get_remote_machine_name()); - } - reload_services(sconn, conn_snum_used, true); reopen_logs(); @@ -656,7 +649,6 @@ void reply_tcon(struct smb_request *req) int pwlen=0; NTSTATUS nt_status; const char *p; - DATA_BLOB password_blob; TALLOC_CTX *ctx = talloc_tos(); struct smbd_server_connection *sconn = req->sconn; @@ -688,14 +680,10 @@ void reply_tcon(struct smb_request *req) service = service_buf; } - password_blob = data_blob(password, pwlen+1); - - conn = make_connection(sconn,service,password_blob,dev, + conn = make_connection(sconn,service,dev, req->vuid,&nt_status); req->conn = conn; - data_blob_clear_free(&password_blob); - if (!conn) { reply_nterror(req, nt_status); END_PROFILE(SMBtcon); @@ -723,7 +711,6 @@ void reply_tcon_and_X(struct smb_request *req) { connection_struct *conn = req->conn; const char *service = NULL; - DATA_BLOB password; TALLOC_CTX *ctx = talloc_tos(); /* what the cleint thinks the device is */ char *client_devicetype = NULL; @@ -761,27 +748,14 @@ void reply_tcon_and_X(struct smb_request *req) } if (sconn->smb1.negprot.encrypted_passwords) { - password = data_blob_talloc(talloc_tos(), req->buf, passlen); - if (lp_security() == SEC_SHARE) { - /* - * Security = share always has a pad byte - * after the password. - */ - p = (const char *)req->buf + passlen + 1; - } else { - p = (const char *)req->buf + passlen; - } + p = (const char *)req->buf + passlen; } else { - password = data_blob_talloc(talloc_tos(), req->buf, passlen+1); - /* Ensure correct termination */ - password.data[passlen]=0; p = (const char *)req->buf + passlen + 1; } p += srvstr_pull_req_talloc(ctx, req, &path, p, STR_TERMINATE); if (path == NULL) { - data_blob_clear_free(&password); reply_nterror(req, NT_STATUS_INVALID_PARAMETER); END_PROFILE(SMBtconX); return; @@ -794,7 +768,6 @@ void reply_tcon_and_X(struct smb_request *req) if (*path=='\\') { q = strchr_m(path+2,'\\'); if (!q) { - data_blob_clear_free(&password); reply_nterror(req, NT_STATUS_BAD_NETWORK_NAME); END_PROFILE(SMBtconX); return; @@ -809,7 +782,6 @@ void reply_tcon_and_X(struct smb_request *req) MIN(6, smbreq_bufrem(req, p)), STR_ASCII); if (client_devicetype == NULL) { - data_blob_clear_free(&password); reply_nterror(req, NT_STATUS_INVALID_PARAMETER); END_PROFILE(SMBtconX); return; @@ -817,12 +789,10 @@ void reply_tcon_and_X(struct smb_request *req) DEBUG(4,("Client requested device type [%s] for share [%s]\n", client_devicetype, service)); - conn = make_connection(sconn, service, password, client_devicetype, + conn = make_connection(sconn, service, client_devicetype, req->vuid, &nt_status); req->conn =conn; - data_blob_clear_free(&password); - if (!conn) { reply_nterror(req, nt_status); END_PROFILE(SMBtconX); @@ -2117,7 +2087,7 @@ void reply_ulogoffX(struct smb_request *req) /* in user level security we are supposed to close any files open by this user */ - if ((vuser != NULL) && (lp_security() != SEC_SHARE)) { + if (vuser != NULL) { file_close_user(sconn, req->vuid); } diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 8436fbee91f..c53323381ea 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -381,7 +381,6 @@ static NTSTATUS find_forced_group(bool force_user, static NTSTATUS create_connection_session_info(struct smbd_server_connection *sconn, TALLOC_CTX *mem_ctx, int snum, struct auth_session_info *session_info, - DATA_BLOB password, struct auth_session_info **presult) { if (lp_guest_only(snum)) { @@ -425,29 +424,7 @@ static NTSTATUS create_connection_session_info(struct smbd_server_connection *sc return NT_STATUS_OK; } - if (lp_security() == SEC_SHARE) { - - fstring user; - bool guest; - - /* add the sharename as a possible user name if we - are in share mode security */ - - add_session_user(sconn, lp_servicename(snum)); - - /* shall we let them in? */ - - if (!authorise_login(sconn, snum,user,password,&guest)) { - DEBUG( 2, ( "Invalid username/password for [%s]\n", - lp_servicename(snum)) ); - return NT_STATUS_WRONG_PASSWORD; - } - - return make_session_info_from_username(mem_ctx, user, guest, - presult); - } - - DEBUG(0, ("invalid VUID (vuser) but not in security=share\n")); + DEBUG(0, ("invalid VUID (vuser)\n")); return NT_STATUS_ACCESS_DENIED; } @@ -557,7 +534,6 @@ static void create_share_access_mask(connection_struct *conn, int snum) static NTSTATUS make_connection_snum(struct smbd_server_connection *sconn, connection_struct *conn, int snum, user_struct *vuser, - DATA_BLOB password, const char *pdev) { struct smb_filename *smb_fname_cpath = NULL; @@ -582,7 +558,7 @@ static NTSTATUS make_connection_snum(struct smbd_server_connection *sconn, conn->params->service = snum; status = create_connection_session_info(sconn, - conn, snum, vuser ? vuser->session_info : NULL, password, + conn, snum, vuser ? vuser->session_info : NULL, &conn->session_info); if (!NT_STATUS_IS_OK(status)) { @@ -591,12 +567,10 @@ static NTSTATUS make_connection_snum(struct smbd_server_connection *sconn, goto err_root_exit; } - if ((lp_guest_only(snum)) || (lp_security() == SEC_SHARE)) { + if (lp_guest_only(snum)) { conn->force_user = true; } - add_session_user(sconn, conn->session_info->unix_info->unix_name); - conn->num_files_open = 0; conn->lastused = conn->lastused_count = time(NULL); conn->used = True; @@ -630,7 +604,7 @@ static NTSTATUS make_connection_snum(struct smbd_server_connection *sconn, goto err_root_exit; } - conn->vuid = (vuser != NULL) ? vuser->vuid : UID_FIELD_INVALID; + conn->vuid = vuser->vuid; { char *s = talloc_sub_advanced(talloc_tos(), @@ -930,7 +904,6 @@ static NTSTATUS make_connection_snum(struct smbd_server_connection *sconn, static connection_struct *make_connection_smb1(struct smbd_server_connection *sconn, int snum, user_struct *vuser, - DATA_BLOB password, const char *pdev, NTSTATUS *pstatus) { @@ -944,7 +917,6 @@ static connection_struct *make_connection_smb1(struct smbd_server_connection *sc conn, snum, vuser, - password, pdev); if (!NT_STATUS_IS_OK(*pstatus)) { conn_free(conn); @@ -961,7 +933,6 @@ static connection_struct *make_connection_smb1(struct smbd_server_connection *sc connection_struct *make_connection_smb2(struct smbd_server_connection *sconn, struct smbd_smb2_tcon *tcon, user_struct *vuser, - DATA_BLOB password, const char *pdev, NTSTATUS *pstatus) { @@ -976,7 +947,6 @@ connection_struct *make_connection_smb2(struct smbd_server_connection *sconn, conn, tcon->snum, vuser, - password, pdev); if (!NT_STATUS_IS_OK(*pstatus)) { conn_free(conn); @@ -992,7 +962,7 @@ connection_struct *make_connection_smb2(struct smbd_server_connection *sconn, ****************************************************************************/ connection_struct *make_connection(struct smbd_server_connection *sconn, - const char *service_in, DATA_BLOB password, + const char *service_in, const char *pdev, uint16 vuid, NTSTATUS *status) { @@ -1017,14 +987,12 @@ connection_struct *make_connection(struct smbd_server_connection *sconn, return NULL; } - if(lp_security() != SEC_SHARE) { - vuser = get_valid_user_struct(sconn, vuid); - if (!vuser) { - DEBUG(1,("make_connection: refusing to connect with " - "no session setup\n")); - *status = NT_STATUS_ACCESS_DENIED; - return NULL; - } + vuser = get_valid_user_struct(sconn, vuid); + if (!vuser) { + DEBUG(1,("make_connection: refusing to connect with " + "no session setup\n")); + *status = NT_STATUS_ACCESS_DENIED; + return NULL; } /* Logic to try and connect to the correct [homes] share, preferably @@ -1037,57 +1005,28 @@ connection_struct *make_connection(struct smbd_server_connection *sconn, */ if (strequal(service_in,HOMES_NAME)) { - if(lp_security() != SEC_SHARE) { - DATA_BLOB no_pw = data_blob_null; - if (vuser->homes_snum == -1) { - DEBUG(2, ("[homes] share not available for " - "this user because it was not found " - "or created at session setup " - "time\n")); - *status = NT_STATUS_BAD_NETWORK_NAME; - return NULL; - } - DEBUG(5, ("making a connection to [homes] service " - "created at session setup time\n")); - return make_connection_smb1(sconn, - vuser->homes_snum, - vuser, no_pw, - dev, status); - } else { - /* Security = share. Try with - * current_user_info.smb_name as the username. */ - if (*current_user_info.smb_name) { - char *unix_username = NULL; - (void)map_username(talloc_tos(), - current_user_info.smb_name, - &unix_username); - snum = find_service(talloc_tos(), - unix_username, - &unix_username); - if (!unix_username) { - *status = NT_STATUS_NO_MEMORY; - } - return NULL; - } - if (snum != -1) { - DEBUG(5, ("making a connection to 'homes' " - "service %s based on " - "security=share\n", service_in)); - return make_connection_smb1(sconn, - snum, NULL, - password, - dev, status); - } + if (vuser->homes_snum == -1) { + DEBUG(2, ("[homes] share not available for " + "this user because it was not found " + "or created at session setup " + "time\n")); + *status = NT_STATUS_BAD_NETWORK_NAME; + return NULL; } - } else if ((lp_security() != SEC_SHARE) && (vuser->homes_snum != -1) + DEBUG(5, ("making a connection to [homes] service " + "created at session setup time\n")); + return make_connection_smb1(sconn, + vuser->homes_snum, + vuser, + dev, status); + } else if ((vuser->homes_snum != -1) && strequal(service_in, lp_servicename(vuser->homes_snum))) { - DATA_BLOB no_pw = data_blob_null; DEBUG(5, ("making a connection to 'homes' service [%s] " "created at session setup time\n", service_in)); return make_connection_smb1(sconn, vuser->homes_snum, - vuser, no_pw, + vuser, dev, status); } @@ -1134,7 +1073,6 @@ connection_struct *make_connection(struct smbd_server_connection *sconn, DEBUG(5, ("making a connection to 'normal' service %s\n", service)); return make_connection_smb1(sconn, snum, vuser, - password, dev, status); } diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 987b626d6bc..da306b97bc7 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -561,11 +561,7 @@ void reply_sesssetup_and_X(struct smb_request *req) if (doencrypt) { lm_resp = data_blob(p, passlen1); nt_resp = data_blob(p+passlen1, passlen2); - } else if (lp_security() != SEC_SHARE) { - /* - * In share level we should ignore any passwords, so - * only read them if we're not. - */ + } else { char *pass = NULL; bool unic= smb_flag2 & FLAGS2_UNICODE_STRINGS; @@ -673,27 +669,6 @@ void reply_sesssetup_and_X(struct smb_request *req) reload_services(sconn, conn_snum_used, true); - if (lp_security() == SEC_SHARE) { - char *sub_user_mapped = NULL; - /* In share level we should ignore any passwords */ - - data_blob_free(&lm_resp); - data_blob_free(&nt_resp); - data_blob_clear_free(&plaintext_password); - - (void)map_username(talloc_tos(), sub_user, &sub_user_mapped); - if (!sub_user_mapped) { - reply_nterror(req, NT_STATUS_NO_MEMORY); - END_PROFILE(SMBsesssetupX); - return; - } - fstrcpy(sub_user, sub_user_mapped); - add_session_user(sconn, sub_user); - add_session_workgroup(sconn, domain); - /* Then force it to null for the benfit of the code below */ - user = ""; - } - if (!*user) { nt_status = check_guest_password(sconn->remote_address, &server_info); @@ -796,36 +771,31 @@ void reply_sesssetup_and_X(struct smb_request *req) /* register the name and uid as being validated, so further connections to a uid can get through without a password, on the same VC */ - if (lp_security() == SEC_SHARE) { - sess_vuid = UID_FIELD_INVALID; - TALLOC_FREE(session_info); - } else { - /* Ignore the initial vuid. */ - sess_vuid = register_initial_vuid(sconn); - if (sess_vuid == UID_FIELD_INVALID) { - data_blob_free(&nt_resp); - data_blob_free(&lm_resp); - reply_nterror(req, nt_status_squash( - NT_STATUS_LOGON_FAILURE)); - END_PROFILE(SMBsesssetupX); - return; - } - /* register_existing_vuid keeps the session_info */ - sess_vuid = register_existing_vuid(sconn, sess_vuid, - session_info, - nt_resp.data ? nt_resp : lm_resp); - if (sess_vuid == UID_FIELD_INVALID) { - data_blob_free(&nt_resp); - data_blob_free(&lm_resp); - reply_nterror(req, nt_status_squash( - NT_STATUS_LOGON_FAILURE)); - END_PROFILE(SMBsesssetupX); - return; - } - - /* current_user_info is changed on new vuid */ - reload_services(sconn, conn_snum_used, true); + /* Ignore the initial vuid. */ + sess_vuid = register_initial_vuid(sconn); + if (sess_vuid == UID_FIELD_INVALID) { + data_blob_free(&nt_resp); + data_blob_free(&lm_resp); + reply_nterror(req, nt_status_squash( + NT_STATUS_LOGON_FAILURE)); + END_PROFILE(SMBsesssetupX); + return; } + /* register_existing_vuid keeps the session_info */ + sess_vuid = register_existing_vuid(sconn, sess_vuid, + session_info, + nt_resp.data ? nt_resp : lm_resp); + if (sess_vuid == UID_FIELD_INVALID) { + data_blob_free(&nt_resp); + data_blob_free(&lm_resp); + reply_nterror(req, nt_status_squash( + NT_STATUS_LOGON_FAILURE)); + END_PROFILE(SMBsesssetupX); + return; + } + + /* current_user_info is changed on new vuid */ + reload_services(sconn, conn_snum_used, true); data_blob_free(&nt_resp); data_blob_free(&lm_resp); diff --git a/source3/smbd/smb2_tcon.c b/source3/smbd/smb2_tcon.c index b7e5ce0877e..56c42889b6b 100644 --- a/source3/smbd/smb2_tcon.c +++ b/source3/smbd/smb2_tcon.c @@ -232,7 +232,7 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req, compat_conn = make_connection_smb2(req->sconn, tcon, req->session->compat_vuser, - data_blob_null, "???", + "???", &status); if (compat_conn == NULL) { TALLOC_FREE(tcon); diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c index 3847d393d7e..84cb61cd143 100644 --- a/source3/smbd/uid.c +++ b/source3/smbd/uid.c @@ -288,19 +288,7 @@ bool change_to_user(connection_struct *conn, uint16_t vuid) vuser = get_valid_user_struct(conn->sconn, vuid); - /* - * We need a separate check in security=share mode due to vuid - * always being UID_FIELD_INVALID. If we don't do this then - * in share mode security we are *always* changing uid's between - * SMB's - this hurts performance - Badly. - */ - - if((lp_security() == SEC_SHARE) && (current_user.conn == conn) && - (current_user.ut.uid == conn->session_info->unix_token->uid)) { - DEBUG(4,("Skipping user change - already " - "user\n")); - return(True); - } else if ((current_user.conn == conn) && + if ((current_user.conn == conn) && (vuser != NULL) && (current_user.vuid == vuid) && (current_user.ut.uid == vuser->session_info->unix_token->uid)) { DEBUG(4,("Skipping user change - already " @@ -308,16 +296,15 @@ bool change_to_user(connection_struct *conn, uint16_t vuid) return(True); } - session_info = vuser ? vuser->session_info : conn->session_info; - - if (session_info == NULL) { - /* Invalid vuid sent - even with security = share. */ + if (vuser == NULL) { + /* Invalid vuid sent */ DEBUG(2,("Invalid vuid %d used on " "share %s.\n", vuid, lp_servicename(snum) )); return false; } - /* security = share sets force_user. */ + session_info = vuser->session_info; + if (!conn->force_user && vuser == NULL) { DEBUG(2,("Invalid vuid used %d in accessing " "share %s.\n", vuid, lp_servicename(snum) )); diff --git a/source3/utils/status.c b/source3/utils/status.c index 8f8f3945cbf..0755f9fdf27 100644 --- a/source3/utils/status.c +++ b/source3/utils/status.c @@ -418,10 +418,6 @@ static int traverse_sessionid(const char *key, struct sessionid *session, d_printf("\nSamba version %s\n",samba_version_string()); d_printf("PID Username Group Machine \n"); d_printf("-------------------------------------------------------------------\n"); - if (lp_security() == SEC_SHARE) { - d_printf(" \n"); - } sessionid_traverse_read(traverse_sessionid, NULL); diff --git a/source4/param/tests/loadparm.c b/source4/param/tests/loadparm.c index 5f274399124..a8a6d78866b 100644 --- a/source4/param/tests/loadparm.c +++ b/source4/param/tests/loadparm.c @@ -237,15 +237,6 @@ static bool test_server_role_security_domain(struct torture_context *tctx) return true; } -static bool test_server_role_security_share(struct torture_context *tctx) -{ - struct loadparm_context *lp_ctx = loadparm_init(tctx); - torture_assert(tctx, lpcfg_set_option(lp_ctx, "security=share"), "lpcfg_set_option failed"); - torture_assert_int_equal(tctx, lpcfg_server_role(lp_ctx), ROLE_STANDALONE, "ROLE should be STANDALONE"); - torture_assert_int_equal(tctx, lpcfg_security(lp_ctx), SEC_SHARE, "security should be share"); - return true; -} - static bool test_server_role_security_server(struct torture_context *tctx) { struct loadparm_context *lp_ctx = loadparm_init(tctx); @@ -282,7 +273,6 @@ struct torture_suite *torture_local_loadparm(TALLOC_CTX *mem_ctx) torture_suite_add_simple_test(suite, "test_server_role_dc_domain_logons_and_not_master", test_server_role_dc_domain_logons_and_not_master); torture_suite_add_simple_test(suite, "test_server_role_security_ads", test_server_role_security_ads); torture_suite_add_simple_test(suite, "test_server_role_security_domain", test_server_role_security_domain); - torture_suite_add_simple_test(suite, "test_server_role_security_share", test_server_role_security_share); torture_suite_add_simple_test(suite, "test_server_role_security_server", test_server_role_security_server); return suite;