This change updates lp_guestaccount() to be a *global* paramater, rather than

per-share.  I beleive that almost all the things that this could have done on
a per-share basis can be done with other tools, like 'force user'.

Almost all the user's of this paramater used it as a global anyway...

While this is one step at a time, I hope it will allow me to considerably
simplfy the make_connection() code, particularly for the user-level security
case.

This already removes an absolute truckload of extra attempted password lookups
on the guest account.

Andrew Bartlett

7 files changed, 21 insertions, 28 deletions

diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c
index cfdf3a6acce..d442f73a936 100644
--- a/source/auth/auth_util.c
+++ b/source/auth/auth_util.c
@@ -687,7 +687,7 @@ void free_server_info(auth_serversupplied_info **server_info)
 
 BOOL make_server_info_guest(auth_serversupplied_info **server_info) 
 {
-	struct passwd *pass = sys_getpwnam(lp_guestaccount(-1));
+	struct passwd *pass = sys_getpwnam(lp_guestaccount());
 	
 	if (pass) {
 		if (!make_server_info_pw(server_info, pass)) {
diff --git a/source/param/loadparm.c b/source/param/loadparm.c
index cf5f31953d0..f1ee1803f3c 100644
--- a/source/param/loadparm.c
+++ b/source/param/loadparm.c
@@ -166,6 +166,7 @@ typedef struct
 	char *szAddShareCommand;
 	char *szChangeShareCommand;
 	char *szDeleteShareCommand;
+	char *szGuestaccount;
 	int max_log_size;
 	int mangled_stack;
 	int max_xmit;
@@ -286,7 +287,6 @@ typedef struct
 	char *szService;
 	char *szPath;
 	char *szUsername;
-	char *szGuestaccount;
 	char **szInvalidUsers;
 	char **szValidUsers;
 	char **szAdminUsers;
@@ -401,7 +401,6 @@ static service sDefault = {
 	NULL,			/* szService */
 	NULL,			/* szPath */
 	NULL,			/* szUsername */
-	NULL,			/* szGuestAccount  - this is set in init_globals() */
 	NULL,			/* szInvalidUsers */
 	NULL,			/* szValidUsers */
 	NULL,			/* szAdminUsers */
@@ -679,6 +678,7 @@ static struct parm_struct parm_table[] = {
 	{"root directory", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, 0},
 	{"root dir", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, 0},
 	{"root", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, 0},
+	{"guest account", P_STRING, P_GLOBAL, &Globals.szGuestaccount, NULL, NULL, FLAG_BASIC},
 	
 	{"pam password change", P_BOOL, P_GLOBAL, &Globals.bPamPasswordChange, NULL, NULL, 0},
 	{"passwd program", P_STRING, P_GLOBAL, &Globals.szPasswdProgram, NULL, NULL, 0},
@@ -698,7 +698,6 @@ static struct parm_struct parm_table[] = {
 	{"user", P_STRING, P_LOCAL, &sDefault.szUsername, NULL, NULL, 0},
 	{"users", P_STRING, P_LOCAL, &sDefault.szUsername, NULL, NULL, 0},
 	
-	{"guest account", P_STRING, P_LOCAL, &sDefault.szGuestaccount, NULL, NULL, FLAG_BASIC | FLAG_SHARE | FLAG_PRINT | FLAG_GLOBAL},
 	{"invalid users", P_LIST, P_LOCAL, &sDefault.szInvalidUsers, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
 	{"valid users", P_LIST, P_LOCAL, &sDefault.szValidUsers, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
 	{"admin users", P_LIST, P_LOCAL, &sDefault.szAdminUsers, NULL, NULL, FLAG_GLOBAL | FLAG_SHARE},
@@ -1177,7 +1176,6 @@ static void init_globals(void)
 			    parm_table[i].ptr)
 				string_set(parm_table[i].ptr, "");
 
-		string_set(&sDefault.szGuestaccount, GUEST_ACCOUNT);
 		string_set(&sDefault.fstype, FSTYPE_STRING);
 
 		init_printer_values();
@@ -1191,6 +1189,8 @@ static void init_globals(void)
 	string_set(&Globals.szSMBPasswdFile, SMB_PASSWD_FILE);
 	string_set(&Globals.szPrivateDir, PRIVATE_DIR);
 	string_set(&Globals.szPassdbModulePath, "");
+
+	string_set(&Globals.szGuestaccount, GUEST_ACCOUNT);
 	
 	/*
 	 * Allow the default PASSWD_CHAT to be overridden in local.h.
@@ -1483,6 +1483,7 @@ FN_GLOBAL_STRING(lp_panic_action, &Globals.szPanicAction)
 FN_GLOBAL_STRING(lp_adduser_script, &Globals.szAddUserScript)
 FN_GLOBAL_STRING(lp_deluser_script, &Globals.szDelUserScript)
 
+FN_GLOBAL_STRING(lp_guestaccount, &Globals.szGuestaccount)
 FN_GLOBAL_STRING(lp_addgroup_script, &Globals.szAddGroupScript)
 FN_GLOBAL_STRING(lp_delgroup_script, &Globals.szDelGroupScript)
 FN_GLOBAL_STRING(lp_addusertogroup_script, &Globals.szAddUserToGroupScript)
@@ -1620,7 +1621,6 @@ FN_LOCAL_STRING(lp_servicename, szService)
 FN_LOCAL_STRING(lp_pathname, szPath)
 FN_LOCAL_STRING(lp_dontdescend, szDontdescend)
 FN_LOCAL_STRING(lp_username, szUsername)
-FN_LOCAL_STRING(lp_guestaccount, szGuestaccount)
 FN_LOCAL_LIST(lp_invalid_users, szInvalidUsers)
 FN_LOCAL_LIST(lp_valid_users, szValidUsers)
 FN_LOCAL_LIST(lp_admin_users, szAdminUsers)
diff --git a/source/rpc_server/srv_pipe.c b/source/rpc_server/srv_pipe.c
index e3969f7ea8a..b9c40e719b4 100644
--- a/source/rpc_server/srv_pipe.c
+++ b/source/rpc_server/srv_pipe.c
@@ -265,7 +265,6 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlm
 	int nt_pw_len;
 	int lm_pw_len;
 	fstring user_name;
-	fstring pipe_user_name;
 	fstring domain;
 	fstring wks;
 
@@ -326,14 +325,7 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlm
 	 * Allow guest access. Patch from Shirish Kalele <kalele@veritas.com>.
 	 */
 
-	if((strlen(user_name) == 0) && 
-	   (ntlmssp_resp->hdr_nt_resp.str_str_len==0))
-	{
-
-		fstrcpy(pipe_user_name, lp_guestaccount(-1));
-		DEBUG(100,("Null user in NTLMSSP verification. Using guest = %s\n", pipe_user_name));
-
-	} else {
+	if (*user_name) {
 
 	 	/* 
 		 * Do the length checking only if user is not NULL.
@@ -367,8 +359,8 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlm
 	p->ntlmssp_auth_validated = NT_STATUS_IS_OK(nt_status);
 	
 	if (!p->ntlmssp_auth_validated) {
-		DEBUG(1,("api_pipe_ntlmssp_verify: User %s\\%s from machine %s \
-failed authentication on named pipe %s.\n", domain, pipe_user_name, wks, p->name ));
+		DEBUG(1,("api_pipe_ntlmssp_verify: User [%s]\\[%s] from machine %s \
+failed authentication on named pipe %s.\n", domain, user_name, wks, p->name ));
 		free_server_info(&server_info);
 		return False;
 	}
@@ -413,7 +405,7 @@ failed authentication on named pipe %s.\n", domain, pipe_user_name, wks, p->name
 	}
 
 	fstrcpy(p->user_name, user_name);
-	fstrcpy(p->pipe_user_name, pipe_user_name);
+	fstrcpy(p->pipe_user_name, pdb_get_username(server_info->sam_account));
 	fstrcpy(p->domain, domain);
 	fstrcpy(p->wks, wks);
 
@@ -434,7 +426,7 @@ failed authentication on named pipe %s.\n", domain, pipe_user_name, wks, p->name
 	p->pipe_user.gid = *pgid;
 
 	/* Set up pipe user group membership. */
-	initialise_groups(pipe_user_name, p->pipe_user.uid, p->pipe_user.gid);
+	initialise_groups(p->pipe_user_name, p->pipe_user.uid, p->pipe_user.gid);
 	get_current_groups( &p->pipe_user.ngroups, &p->pipe_user.groups);
 
 	if (server_info->ptok)
diff --git a/source/smbd/auth_util.c b/source/smbd/auth_util.c
index cfdf3a6acce..d442f73a936 100644
--- a/source/smbd/auth_util.c
+++ b/source/smbd/auth_util.c
@@ -687,7 +687,7 @@ void free_server_info(auth_serversupplied_info **server_info)
 
 BOOL make_server_info_guest(auth_serversupplied_info **server_info) 
 {
-	struct passwd *pass = sys_getpwnam(lp_guestaccount(-1));
+	struct passwd *pass = sys_getpwnam(lp_guestaccount());
 	
 	if (pass) {
 		if (!make_server_info_pw(server_info, pass)) {
diff --git a/source/smbd/password.c b/source/smbd/password.c
index cbd4d14681f..b2687980acf 100644
--- a/source/smbd/password.c
+++ b/source/smbd/password.c
@@ -474,11 +474,12 @@ BOOL authorise_login(int snum,char *user, DATA_BLOB password,
 			return False;
 		}
 
-		if (!vuser->guest && user_ok(vuser->user.unix_name,snum)) {
+		if ((!vuser->guest && user_ok(vuser->user.unix_name,snum)) || 
+		    (vuser->guest && GUEST_OK(snum))) {
 			fstrcpy(user,vuser->user.unix_name);
-			*guest = False;
-			DEBUG(3,("authorise_login: ACCEPTED: validated uid ok as non-guest \
-(user=%s)\n", user));
+			*guest = vuser->guest;
+			DEBUG(3,("authorise_login: ACCEPTED: validated based on vuid as %sguest \
+(user=%s)\n", vuser->guest ? "" : "non-", user));
 			return True;
 		}
 	}
@@ -577,7 +578,7 @@ and given password ok (%s)\n", user));
 	/* check for a normal guest connection */
 	if (!ok && GUEST_OK(snum)) {
 		fstring guestname;
-		StrnCpy(guestname,lp_guestaccount(snum),sizeof(guestname)-1);
+		StrnCpy(guestname,lp_guestaccount(),sizeof(guestname)-1);
 		if (Get_Pwnam(guestname)) {
 			fstrcpy(user,guestname);
 			ok = True;
diff --git a/source/smbd/sesssetup.c b/source/smbd/sesssetup.c
index 23d99d73526..e2edd5703ec 100644
--- a/source/smbd/sesssetup.c
+++ b/source/smbd/sesssetup.c
@@ -383,7 +383,7 @@ static int reply_spnego_anonymous(connection_struct *conn, char *inbuf, char *ou
 
 	nt_status = check_password(user_info, &server_info);
 
-	sess_vuid = register_vuid(server_info, lp_guestaccount(-1));
+	sess_vuid = register_vuid(server_info, lp_guestaccount());
 	free_server_info(&server_info);
   
 	if (sess_vuid == -1) {
@@ -644,7 +644,7 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,
 	if (*user) {
 		pstrcpy(sub_user, user);
 	} else {
-		pstrcpy(sub_user, lp_guestaccount(-1));
+		pstrcpy(sub_user, lp_guestaccount());
 	}
 
 	pstrcpy(current_user_info.smb_name,sub_user);
diff --git a/source/smbd/uid.c b/source/smbd/uid.c
index e40b4707fcf..4329e3fb76a 100644
--- a/source/smbd/uid.c
+++ b/source/smbd/uid.c
@@ -36,7 +36,7 @@ BOOL change_to_guest(void)
 	static fstring guest_name;
 
 	if (!pass) {
-		pass = Get_Pwnam(lp_guestaccount(-1));
+		pass = sys_getpwnam(lp_guestaccount());
 		if (!pass)
 			return(False);
 		guest_uid = pass->pw_uid;