diff options
author | Andreas Schneider <asn@samba.org> | 2010-06-02 19:39:18 +0200 |
---|---|---|
committer | Simo Sorce <idra@samba.org> | 2010-06-04 12:12:37 -0400 |
commit | 9097bdddd03f81579699e0d0ce725a7453a3a158 (patch) | |
tree | 452b12b712e1ed4053d755ee7cdd74dcaaac7156 | |
parent | fad86ddf5531c8f5862b697e99c24a7bd526d73e (diff) | |
download | samba-9097bdddd03f81579699e0d0ce725a7453a3a158.tar.gz samba-9097bdddd03f81579699e0d0ce725a7453a3a158.tar.bz2 samba-9097bdddd03f81579699e0d0ce725a7453a3a158.zip |
s3-auth: Moved smbd user functions to a generic place.
Reviewed-by: Simo Sorce <idra@samba.org>
-rw-r--r-- | source3/Makefile.in | 3 | ||||
-rw-r--r-- | source3/auth/user_util.c (renamed from source3/smbd/map_username.c) | 141 | ||||
-rw-r--r-- | source3/smbd/password.c | 133 | ||||
-rw-r--r-- | source3/wscript_build | 2 |
4 files changed, 140 insertions, 139 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index 82407e5be0..91e1518e13 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -772,6 +772,7 @@ AUTH_OBJ = auth/auth.o @AUTH_STATIC@ auth/auth_util.o auth/token_util.o \ auth/server_info.o \ auth/server_info_sam.o \ auth/user_info.o \ + auth/user_util.o \ auth/auth_compat.o auth/auth_ntlmssp.o \ $(PLAINTEXT_AUTH_OBJ) $(SLCACHE_OBJ) $(DCUTIL_OBJ) @@ -783,7 +784,7 @@ BUILDOPT_OBJ = smbd/build_options.o SMBD_OBJ_SRV = smbd/server_reload.o \ smbd/files.o smbd/connection.o \ - smbd/utmp.o smbd/session.o smbd/map_username.o \ + smbd/utmp.o smbd/session.o \ smbd/dfree.o smbd/dir.o smbd/password.o smbd/conn.o \ smbd/share_access.o smbd/fileio.o \ smbd/ipc.o smbd/lanman.o smbd/negprot.o \ diff --git a/source3/smbd/map_username.c b/source3/auth/user_util.c index 3b3a6b13a4..3d7123c18e 100644 --- a/source3/smbd/map_username.c +++ b/source3/auth/user_util.c @@ -1,20 +1,20 @@ -/* +/* Unix SMB/CIFS implementation. Username handling Copyright (C) Andrew Tridgell 1992-1998 Copyright (C) Jeremy Allison 1997-2001. Copyright (C) Volker Lendecke 2006 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ @@ -120,6 +120,139 @@ static void store_map_in_gencache(const char *from, const char *to) TALLOC_FREE(key); } +/**************************************************************************** + Check if a user is in a netgroup user list. If at first we don't succeed, + try lower case. +****************************************************************************/ + +bool user_in_netgroup(const char *user, const char *ngname) +{ +#ifdef HAVE_NETGROUP + static char *my_yp_domain = NULL; + fstring lowercase_user; + + if (my_yp_domain == NULL) { + yp_get_default_domain(&my_yp_domain); + } + + if (my_yp_domain == NULL) { + DEBUG(5,("Unable to get default yp domain, " + "let's try without specifying it\n")); + } + + DEBUG(5,("looking for user %s of domain %s in netgroup %s\n", + user, my_yp_domain?my_yp_domain:"(ANY)", ngname)); + + if (innetgr(ngname, NULL, user, my_yp_domain)) { + DEBUG(5,("user_in_netgroup: Found\n")); + return true; + } + + /* + * Ok, innetgr is case sensitive. Try once more with lowercase + * just in case. Attempt to fix #703. JRA. + */ + fstrcpy(lowercase_user, user); + strlower_m(lowercase_user); + + if (strcmp(user,lowercase_user) == 0) { + /* user name was already lower case! */ + return false; + } + + DEBUG(5,("looking for user %s of domain %s in netgroup %s\n", + lowercase_user, my_yp_domain?my_yp_domain:"(ANY)", ngname)); + + if (innetgr(ngname, NULL, lowercase_user, my_yp_domain)) { + DEBUG(5,("user_in_netgroup: Found\n")); + return true; + } +#endif /* HAVE_NETGROUP */ + return false; +} + +/**************************************************************************** + Check if a user is in a user list - can check combinations of UNIX + and netgroup lists. +****************************************************************************/ + +bool user_in_list(const char *user,const char **list) +{ + if (!list || !*list) + return False; + + DEBUG(10,("user_in_list: checking user %s in list\n", user)); + + while (*list) { + + DEBUG(10,("user_in_list: checking user |%s| against |%s|\n", + user, *list)); + + /* + * Check raw username. + */ + if (strequal(user, *list)) + return(True); + + /* + * Now check to see if any combination + * of UNIX and netgroups has been specified. + */ + + if(**list == '@') { + /* + * Old behaviour. Check netgroup list + * followed by UNIX list. + */ + if(user_in_netgroup(user, *list +1)) + return True; + if(user_in_group(user, *list +1)) + return True; + } else if (**list == '+') { + + if((*(*list +1)) == '&') { + /* + * Search UNIX list followed by netgroup. + */ + if(user_in_group(user, *list +2)) + return True; + if(user_in_netgroup(user, *list +2)) + return True; + + } else { + + /* + * Just search UNIX list. + */ + + if(user_in_group(user, *list +1)) + return True; + } + + } else if (**list == '&') { + + if(*(*list +1) == '+') { + /* + * Search netgroup list followed by UNIX list. + */ + if(user_in_netgroup(user, *list +2)) + return True; + if(user_in_group(user, *list +2)) + return True; + } else { + /* + * Just search netgroup list. + */ + if(user_in_netgroup(user, *list +1)) + return True; + } + } + + list++; + } + return(False); +} + bool map_username(fstring user) { XFILE *f; diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 640e634da9..e85f23074f 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -404,139 +404,6 @@ const char *get_session_workgroup(struct smbd_server_connection *sconn) } /**************************************************************************** - Check if a user is in a netgroup user list. If at first we don't succeed, - try lower case. -****************************************************************************/ - -bool user_in_netgroup(const char *user, const char *ngname) -{ -#ifdef HAVE_NETGROUP - static char *my_yp_domain = NULL; - fstring lowercase_user; - - if (my_yp_domain == NULL) { - yp_get_default_domain(&my_yp_domain); - } - - if (my_yp_domain == NULL) { - DEBUG(5,("Unable to get default yp domain, " - "let's try without specifying it\n")); - } - - DEBUG(5,("looking for user %s of domain %s in netgroup %s\n", - user, my_yp_domain?my_yp_domain:"(ANY)", ngname)); - - if (innetgr(ngname, NULL, user, my_yp_domain)) { - DEBUG(5,("user_in_netgroup: Found\n")); - return true; - } - - /* - * Ok, innetgr is case sensitive. Try once more with lowercase - * just in case. Attempt to fix #703. JRA. - */ - fstrcpy(lowercase_user, user); - strlower_m(lowercase_user); - - if (strcmp(user,lowercase_user) == 0) { - /* user name was already lower case! */ - return false; - } - - DEBUG(5,("looking for user %s of domain %s in netgroup %s\n", - lowercase_user, my_yp_domain?my_yp_domain:"(ANY)", ngname)); - - if (innetgr(ngname, NULL, lowercase_user, my_yp_domain)) { - DEBUG(5,("user_in_netgroup: Found\n")); - return true; - } -#endif /* HAVE_NETGROUP */ - return false; -} - -/**************************************************************************** - Check if a user is in a user list - can check combinations of UNIX - and netgroup lists. -****************************************************************************/ - -bool user_in_list(const char *user,const char **list) -{ - if (!list || !*list) - return False; - - DEBUG(10,("user_in_list: checking user %s in list\n", user)); - - while (*list) { - - DEBUG(10,("user_in_list: checking user |%s| against |%s|\n", - user, *list)); - - /* - * Check raw username. - */ - if (strequal(user, *list)) - return(True); - - /* - * Now check to see if any combination - * of UNIX and netgroups has been specified. - */ - - if(**list == '@') { - /* - * Old behaviour. Check netgroup list - * followed by UNIX list. - */ - if(user_in_netgroup(user, *list +1)) - return True; - if(user_in_group(user, *list +1)) - return True; - } else if (**list == '+') { - - if((*(*list +1)) == '&') { - /* - * Search UNIX list followed by netgroup. - */ - if(user_in_group(user, *list +2)) - return True; - if(user_in_netgroup(user, *list +2)) - return True; - - } else { - - /* - * Just search UNIX list. - */ - - if(user_in_group(user, *list +1)) - return True; - } - - } else if (**list == '&') { - - if(*(*list +1) == '+') { - /* - * Search netgroup list followed by UNIX list. - */ - if(user_in_netgroup(user, *list +2)) - return True; - if(user_in_group(user, *list +2)) - return True; - } else { - /* - * Just search netgroup list. - */ - if(user_in_netgroup(user, *list +1)) - return True; - } - } - - list++; - } - return(False); -} - -/**************************************************************************** Check if a username is valid. ****************************************************************************/ diff --git a/source3/wscript_build b/source3/wscript_build index 0ff206380d..3ce63adb69 100644 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -524,7 +524,7 @@ AUTH_NETLOGOND_SRC = 'auth/auth_netlogond.c' AUTH_STATIC = '' AUTH_SRC = '''${AUTH_STATIC} auth/auth.c auth/auth_util.c auth/token_util.c auth/auth_compat.c auth/auth_ntlmssp.c auth/user_info.c auth/check_samsec.c - auth/server_info.c auth/server_info_sam.c + auth/user_util.c auth/server_info.c auth/server_info_sam.c ${PLAINTEXT_AUTH_SRC} ${SLCACHE_SRC} ${DCUTIL_SRC}''' #FIXME: set IDMAP_STATIC during configuration |