Rework the 'guest account get's RID 501' code again...
authorAndrew Bartlett <abartlet@samba.org>
Sat, 17 Aug 2002 04:51:27 +0000 (04:51 +0000)
committerAndrew Bartlett <abartlet@samba.org>
Sat, 17 Aug 2002 04:51:27 +0000 (04:51 +0000)
This moves it right into the passdb subsystem, where we can do this in
just one (or 2) places.  Due to the fact that this code can be in a tight loop,
I've had to make 'guest account' a 'const' paramater, where % macros cannot be
used.  In any case, if the 'guest account' varies, we are in for some nasty
cases in the other code, so it's useful anyway.

Andrew Bartlett
(This used to be commit 8718e5e7b2651edad15f52a4262dc745df7ad70f)

docs/docbook/manpages/smb.conf.5.sgml
source3/param/loadparm.c
source3/passdb/passdb.c
source3/passdb/pdb_unix.c

index 2aeb312924af36d9dba43913e86f6876829d83dd..1e713147c99feb91707196b584f435604858b8f7 100644 (file)
                <command>su -</command> command) and trying to print using the 
                system print command such as <command>lpr(1)</command> or <command>
                lp(1)</command>.</para>
+
+               <para>This paramater does not accept % marcos, becouse
+               many parts of the system require this value to be
+               constant for correct operation</para>
                
                <para>Default: <emphasis>specified at compile time, usually 
                "nobody"</emphasis></para>
index 9e4ce615e819690024b9f372f5a15c5a45dc1dc4..b16f4483f842547e56bcbe629386bb7ec10d6e3d 100644 (file)
@@ -1525,7 +1525,7 @@ FN_GLOBAL_STRING(lp_panic_action, &Globals.szPanicAction)
 FN_GLOBAL_STRING(lp_adduser_script, &Globals.szAddUserScript)
 FN_GLOBAL_STRING(lp_deluser_script, &Globals.szDelUserScript)
 
-FN_GLOBAL_STRING(lp_guestaccount, &Globals.szGuestaccount)
+FN_GLOBAL_CONST_STRING(lp_guestaccount, &Globals.szGuestaccount)
 FN_GLOBAL_STRING(lp_addgroup_script, &Globals.szAddGroupScript)
 FN_GLOBAL_STRING(lp_delgroup_script, &Globals.szDelGroupScript)
 FN_GLOBAL_STRING(lp_addusertogroup_script, &Globals.szAddUserToGroupScript)
index fdcda0268dc9bf7b6d39c7909c5e46b317cab29b..a9c6f0729bd0e60627c5880b461c4de7e03c24bb 100644 (file)
@@ -157,6 +157,12 @@ NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sam_account, const struct passwd *pwd)
 {
        GROUP_MAP map;
 
+       const char *guest_account = lp_guestaccount();
+       if (!(guest_account && *guest_account)) {
+               DEBUG(1, ("NULL guest account!?!?\n"));
+               return NT_STATUS_UNSUCCESSFUL;
+       }
+
        if (!pwd) {
                return NT_STATUS_UNSUCCESSFUL;
        }
@@ -183,24 +189,36 @@ NTSTATUS pdb_fill_sam_pw(SAM_ACCOUNT *sam_account, const struct passwd *pwd)
           -- abartlet 11-May-02
        */
 
-       if (!pdb_set_user_sid_from_rid(sam_account, 
-                                      fallback_pdb_uid_to_user_rid(pwd->pw_uid))) {
-               DEBUG(0,("Can't set User SID from RID!\n"));
-               return NT_STATUS_INVALID_PARAMETER;
-       }
 
-       /* call the mapping code here */
-       if(get_group_map_from_gid(pwd->pw_gid, &map, MAPPING_WITHOUT_PRIV)) {
-               if (!pdb_set_group_sid(sam_account,&map.sid)){
-                       DEBUG(0,("Can't set Group SID!\n"));
-                       return NT_STATUS_INVALID_PARAMETER;
+       /* Ensure this *must* be set right */
+       if (strcmp(pwd->pw_name, guest_account) == 0) {
+               if (!pdb_set_user_sid_from_rid(sam_account, DOMAIN_USER_RID_GUEST)) {
+                       return NT_STATUS_UNSUCCESSFUL;
                }
-       } 
-       else {
-               if (!pdb_set_group_sid_from_rid(sam_account,pdb_gid_to_group_rid(pwd->pw_gid))) {
-                       DEBUG(0,("Can't set Group SID\n"));
+               if (!pdb_set_group_sid_from_rid(sam_account, DOMAIN_GROUP_RID_GUESTS)) {
+                       return NT_STATUS_UNSUCCESSFUL;
+               }
+       } else {
+
+               if (!pdb_set_user_sid_from_rid(sam_account, 
+                                              fallback_pdb_uid_to_user_rid(pwd->pw_uid))) {
+                       DEBUG(0,("Can't set User SID from RID!\n"));
                        return NT_STATUS_INVALID_PARAMETER;
                }
+               
+               /* call the mapping code here */
+               if(get_group_map_from_gid(pwd->pw_gid, &map, MAPPING_WITHOUT_PRIV)) {
+                       if (!pdb_set_group_sid(sam_account,&map.sid)){
+                               DEBUG(0,("Can't set Group SID!\n"));
+                               return NT_STATUS_INVALID_PARAMETER;
+                       }
+               } 
+               else {
+                       if (!pdb_set_group_sid_from_rid(sam_account,pdb_gid_to_group_rid(pwd->pw_gid))) {
+                               DEBUG(0,("Can't set Group SID\n"));
+                               return NT_STATUS_INVALID_PARAMETER;
+                       }
+               }
        }
 
        /* check if this is a user account or a machine account */
@@ -574,14 +592,6 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use
                        fstrcpy(name, "Administrator");
                }
                return True;
-
-       } else if (rid == DOMAIN_USER_RID_GUEST) {
-               char *p = lp_guestaccount();
-               *psid_name_use = SID_NAME_USER;
-               if(!next_token(&p, name, NULL, sizeof(fstring)))
-                       fstrcpy(name, "Guest");
-               return True;
-
        }
 
        /*
@@ -597,6 +607,7 @@ BOOL local_lookup_sid(DOM_SID *sid, char *name, enum SID_NAME_USE *psid_name_use
        }
                
        /* This now does the 'generic' mapping in pdb_unix */
+       /* 'guest' is also handled there */
        if (pdb_getsampwsid(sam_account, sid)) {
                fstrcpy(name, pdb_get_username(sam_account));
                *psid_name_use = SID_NAME_USER;
@@ -845,23 +856,10 @@ BOOL local_sid_to_uid(uid_t *puid, const DOM_SID *psid, enum SID_NAME_USE *name_
                        return False;
                }
                
-               if (rid == DOMAIN_USER_RID_GUEST) {
-                       struct passwd *pw = getpwnam_alloc(lp_guestaccount());
-                       if (!pw) {
-                               DEBUG(1, ("getpwnam on guest account '%s' failed!\n", lp_guestaccount())); 
-                               return False;
-                       }
-                       *puid = pw->pw_uid;
-                       passwd_free(&pw);
-                       DEBUG(5,("local_sid_to_uid: Guest account (SID %s) mapped to guest account id %ld.\n", 
-                                sid_to_string(str, psid), (signed long int)(*puid)));
-               } else {
-                       
-                       *puid = fallback_pdb_user_rid_to_uid(rid);
-                       
-                       DEBUG(5,("local_sid_to_uid: SID %s algorithmicly mapped to %ld mapped becouse SID was not found in passdb.\n", 
-                                sid_to_string(str, psid), (signed long int)(*puid)));
-               }
+               *puid = fallback_pdb_user_rid_to_uid(rid);
+               
+               DEBUG(5,("local_sid_to_uid: SID %s algorithmicly mapped to %ld mapped becouse SID was not found in passdb.\n", 
+                        sid_to_string(str, psid), (signed long int)(*puid)));
        }
 
        *name_type = SID_NAME_USER;
index 88334f2b703f1db2fc0a63409fe371fea9c50195..06f12164eb871ee84b3502d0c0a531fe74aa90e1 100644 (file)
@@ -49,19 +49,32 @@ static BOOL unixsam_getsampwrid (struct pdb_methods *methods,
 {
        struct passwd *pass;
        BOOL ret = False;
+       const char *guest_account = lp_guestaccount();
+       if (!(guest_account && *guest_account)) {
+               DEBUG(1, ("NULL guest account!?!?\n"));
+               return False;
+       }
+
        if (!methods) {
                DEBUG(0,("invalid methods\n"));
                return False;
        }
-
-       if (pdb_rid_is_user(rid)) {
-               pass = getpwuid_alloc(fallback_pdb_user_rid_to_uid (rid));
-               
-               if (pass) {
-                       ret = NT_STATUS_IS_OK(pdb_fill_sam_pw(user, pass));
-                       passwd_free(&pass);
+       
+       if (rid == DOMAIN_USER_RID_GUEST) {
+               pass = getpwnam_alloc(guest_account);
+               if (!pass) {
+                       DEBUG(1, ("guest account %s does not seem to exist...\n", guest_account));
+                       return False;
                }
+       } else if (pdb_rid_is_user(rid)) {
+               pass = getpwuid_alloc(fallback_pdb_user_rid_to_uid (rid));
+       } else {
+               return False;
        }
+
+       ret = NT_STATUS_IS_OK(pdb_fill_sam_pw(user, pass));
+       passwd_free(&pass);
+
        return ret;
 }