#define PRIME_NMBD 1
#endif
-/* do you want session setups at user level security with a invalid
- password to be rejected or allowed in as guest? WinNT rejects them
- but it can be a pain as it means "net view" needs to use a password
-
- You have 3 choices:
-
- GUEST_SESSSETUP = 0 means session setups with an invalid password
- are rejected.
-
- GUEST_SESSSETUP = 1 means session setups with an invalid password
- are rejected, unless the username does not exist, in which case it
- is treated as a guest login
-
- GUEST_SESSSETUP = 2 means session setups with an invalid password
- are treated as a guest login
-
- Note that GUEST_SESSSETUP only has an effect in user or server
- level security.
- */
-#ifndef GUEST_SESSSETUP
-#define GUEST_SESSSETUP 0
-#endif
-
/* the default pager to use for the client "more" command. Users can
override this with the PAGER environment variable */
#ifndef PAGER
#include "rpc_misc.h"
/* security descriptor structures */
-#include "rpc_secdes.h"
+#include "rpc_secdes.h"
/* different dce/rpc pipes */
#include "rpc_lsa.h"
int lp_machine_password_timeout(void);
int lp_change_notify_timeout(void);
int lp_stat_cache_size(void);
+int lp_map_to_guest(void);
int lp_ldap_port(void);
char *lp_preexec(int );
char *lp_postexec(int );
#define NEW_PW_FORMAT_SPACE_PADDED_LEN 14
+/*
+ Do you want session setups at user level security with a invalid
+ password to be rejected or allowed in as guest? WinNT rejects them
+ but it can be a pain as it means "net view" needs to use a password
+
+ You have 3 choices in the setting of map_to_guest:
+
+ "NEVER_MAP_TO_GUEST" means session setups with an invalid password
+ are rejected. This is the default.
+
+ "MAP_TO_GUEST_ON_BAD_USER" means session setups with an invalid password
+ are rejected, unless the username does not exist, in which case it
+ is treated as a guest login
+
+ "MAP_TO_GUEST_ON_BAD_PASSWORD" means session setups with an invalid password
+ are treated as a guest login
+
+ Note that map_to_guest only has an effect in user or server
+ level security.
+*/
+
+#define NEVER_MAP_TO_GUEST 0
+#define MAP_TO_GUEST_ON_BAD_USER 1
+#define MAP_TO_GUEST_ON_BAD_PASSWORD 2
+
#endif /* _SMB_H */
/* _SMB_H */
int machine_password_timeout;
int change_notify_timeout;
int stat_cache_size;
+ int map_to_guest;
#ifdef WITH_LDAP
int ldap_port;
#endif /* WITH_LDAP */
static struct enum_list enum_lm_announce[] = {{0, "False"}, {1, "True"}, {2, "Auto"}, {-1, NULL}};
+/*
+ Do you want session setups at user level security with a invalid
+ password to be rejected or allowed in as guest? WinNT rejects them
+ but it can be a pain as it means "net view" needs to use a password
+
+ You have 3 choices in the setting of map_to_guest:
+
+ "Never" means session setups with an invalid password
+ are rejected. This is the default.
+
+ "Bad User" means session setups with an invalid password
+ are rejected, unless the username does not exist, in which case it
+ is treated as a guest login
+
+ "Bad Password" means session setups with an invalid password
+ are treated as a guest login
+
+ Note that map_to_guest only has an effect in user or server
+ level security.
+*/
+
+static struct enum_list enum_map_to_guest[] = {{NEVER_MAP_TO_GUEST, "Never"}, {MAP_TO_GUEST_ON_BAD_USER, "Bad User"}, {MAP_TO_GUEST_ON_BAD_PASSWORD, "Bad Password"}, {-1, NULL}};
+
#ifdef WITH_SSL
static struct enum_list enum_ssl_version[] = {{SMB_SSL_V2, "ssl2"}, {SMB_SSL_V3, "ssl3"},
{SMB_SSL_V23, "ssl2or3"}, {SMB_SSL_TLS1, "tls1"}, {-1, NULL}};
{"encrypt passwords",P_BOOL, P_GLOBAL, &Globals.bEncryptPasswords, NULL, NULL, FLAG_BASIC},
{"update encrypted", P_BOOL, P_GLOBAL, &Globals.bUpdateEncrypt, NULL, NULL, FLAG_BASIC},
{"use rhosts", P_BOOL, P_GLOBAL, &Globals.bUseRhosts, NULL, NULL, 0},
+ {"map to guest", P_ENUM, P_GLOBAL, &Globals.map_to_guest, NULL, enum_map_to_guest, 0},
{"null passwords", P_BOOL, P_GLOBAL, &Globals.bNullPasswords, NULL, NULL, 0},
{"password server", P_STRING, P_GLOBAL, &Globals.szPasswordServer, NULL, NULL, 0},
{"smb passwd file", P_STRING, P_GLOBAL, &Globals.szSMBPasswdFile, NULL, NULL, 0},
Globals.bNTSmbSupport = True; /* Do NT SMB's by default. */
Globals.bNTPipeSupport = True; /* Do NT pipes by default. */
Globals.bStatCache = True; /* use stat cache by default */
+ Globals.map_to_guest = 0; /* By Default, "Never" */
#ifdef WITH_LDAP
/* default values for ldap */
FN_GLOBAL_INTEGER(lp_machine_password_timeout,&Globals.machine_password_timeout)
FN_GLOBAL_INTEGER(lp_change_notify_timeout,&Globals.change_notify_timeout)
FN_GLOBAL_INTEGER(lp_stat_cache_size,&Globals.stat_cache_size)
+FN_GLOBAL_INTEGER(lp_map_to_guest,&Globals.map_to_guest)
#ifdef WITH_LDAP
FN_GLOBAL_INTEGER(lp_ldap_port,&Globals.ldap_port)
char *tok[MAXTOK];
int count = 0;
+ pstring line2;
+
+ pstrcpy(line2,line);
#ifdef OSF1
int length;
- length = strlen(line);
- if (line[length-3] == ':')
+ length = strlen(line2);
+ if (line2[length-3] == ':')
return(False);
#endif /* OSF1 */
- tok[0] = strtok(line," \t");
+ tok[0] = strtok(line2," \t");
count++;
while (((tok[count] = strtok(NULL," \t")) != NULL) && (count < MAXTOK)) {
void make_buffer3_hex(BUFFER3 *str, char *buf)
{
ZERO_STRUCTP(str);
- str->buf_max_len = str->buf_len = strhex_to_str(str->buffer, sizeof(str->buffer), buf);
+ str->buf_max_len = str->buf_len = strhex_to_str((char *)str->buffer, sizeof(str->buffer), buf);
}
/*******************************************************************
int len_name = name != NULL ? strlen(name ) + 1: 0;
int len_class = class != NULL ? strlen(class) + 1: 0;
- static char data[] =
+ static unsigned char data[] =
{
0x01, 0x00, 0x00, 0x80,
0x00, 0x00, 0x00, 0x00,
}
DEBUG(10,("key data:\n"));
- dump_data(10, value.buffer, value.buf_len);
+ dump_data(10, (char *)value.buffer, value.buf_len);
/* open WINREG session. */
res = res ? cli_nt_session_open(smb_cli, PIPE_WINREG) : False;
}
default:
{
- snprintf(typestr, sizeof(typestr), "[%d]", type);
- return typestr;
break;
}
}
+ snprintf(typestr, sizeof(typestr), "[%d]", type);
return typestr;
}
{
if (lp_security() >= SEC_USER)
{
-#if (GUEST_SESSSETUP == 0)
- return(ERROR(ERRSRV,ERRbadpw));
-#endif
-#if (GUEST_SESSSETUP == 1)
- if (Get_Pwnam(user,True))
+ if (lp_map_to_guest() == NEVER_MAP_TO_GUEST)
return(ERROR(ERRSRV,ERRbadpw));
-#endif
+
+ if (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_USER)
+ {
+ if (Get_Pwnam(user,True))
+ return(ERROR(ERRSRV,ERRbadpw));
+ }
+
+ /*
+ * ..else if lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD
+ * Then always map to guest account - as done below.
+ */
}
+
if (*smb_apasswd || !Get_Pwnam(user,True))
pstrcpy(user,lp_guestaccount(-1));
DEBUG(3,("Registered username %s for guest access\n",user));
'security=share' mode.\n");
}
+ if (lp_security() == SEC_DOMAIN && !lp_encrypted_passwords()) {
+ printf("ERROR: in 'security=domain' mode the 'encrypt passwords' parameter must also be set to 'true'.\n");
+ }
+
if (lp_wins_support() && *lp_wins_server()) {
printf("ERROR: both 'wins support = true' and 'wins server = <server>' \
cannot be set in the smb.conf file. nmbd will abort with this setting.\n");