summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas Schneider <asn@samba.org>2010-06-02 19:39:18 +0200
committerSimo Sorce <idra@samba.org>2010-06-04 12:12:37 -0400
commit9097bdddd03f81579699e0d0ce725a7453a3a158 (patch)
tree452b12b712e1ed4053d755ee7cdd74dcaaac7156
parentfad86ddf5531c8f5862b697e99c24a7bd526d73e (diff)
downloadsamba-9097bdddd03f81579699e0d0ce725a7453a3a158.tar.gz
samba-9097bdddd03f81579699e0d0ce725a7453a3a158.tar.bz2
samba-9097bdddd03f81579699e0d0ce725a7453a3a158.zip
s3-auth: Moved smbd user functions to a generic place.
Reviewed-by: Simo Sorce <idra@samba.org>
-rw-r--r--source3/Makefile.in3
-rw-r--r--source3/auth/user_util.c (renamed from source3/smbd/map_username.c)141
-rw-r--r--source3/smbd/password.c133
-rw-r--r--source3/wscript_build2
4 files changed, 140 insertions, 139 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 82407e5be0..91e1518e13 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -772,6 +772,7 @@ AUTH_OBJ = auth/auth.o @AUTH_STATIC@ auth/auth_util.o auth/token_util.o \
auth/server_info.o \
auth/server_info_sam.o \
auth/user_info.o \
+ auth/user_util.o \
auth/auth_compat.o auth/auth_ntlmssp.o \
$(PLAINTEXT_AUTH_OBJ) $(SLCACHE_OBJ) $(DCUTIL_OBJ)
@@ -783,7 +784,7 @@ BUILDOPT_OBJ = smbd/build_options.o
SMBD_OBJ_SRV = smbd/server_reload.o \
smbd/files.o smbd/connection.o \
- smbd/utmp.o smbd/session.o smbd/map_username.o \
+ smbd/utmp.o smbd/session.o \
smbd/dfree.o smbd/dir.o smbd/password.o smbd/conn.o \
smbd/share_access.o smbd/fileio.o \
smbd/ipc.o smbd/lanman.o smbd/negprot.o \
diff --git a/source3/smbd/map_username.c b/source3/auth/user_util.c
index 3b3a6b13a4..3d7123c18e 100644
--- a/source3/smbd/map_username.c
+++ b/source3/auth/user_util.c
@@ -1,20 +1,20 @@
-/*
+/*
Unix SMB/CIFS implementation.
Username handling
Copyright (C) Andrew Tridgell 1992-1998
Copyright (C) Jeremy Allison 1997-2001.
Copyright (C) Volker Lendecke 2006
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@@ -120,6 +120,139 @@ static void store_map_in_gencache(const char *from, const char *to)
TALLOC_FREE(key);
}
+/****************************************************************************
+ Check if a user is in a netgroup user list. If at first we don't succeed,
+ try lower case.
+****************************************************************************/
+
+bool user_in_netgroup(const char *user, const char *ngname)
+{
+#ifdef HAVE_NETGROUP
+ static char *my_yp_domain = NULL;
+ fstring lowercase_user;
+
+ if (my_yp_domain == NULL) {
+ yp_get_default_domain(&my_yp_domain);
+ }
+
+ if (my_yp_domain == NULL) {
+ DEBUG(5,("Unable to get default yp domain, "
+ "let's try without specifying it\n"));
+ }
+
+ DEBUG(5,("looking for user %s of domain %s in netgroup %s\n",
+ user, my_yp_domain?my_yp_domain:"(ANY)", ngname));
+
+ if (innetgr(ngname, NULL, user, my_yp_domain)) {
+ DEBUG(5,("user_in_netgroup: Found\n"));
+ return true;
+ }
+
+ /*
+ * Ok, innetgr is case sensitive. Try once more with lowercase
+ * just in case. Attempt to fix #703. JRA.
+ */
+ fstrcpy(lowercase_user, user);
+ strlower_m(lowercase_user);
+
+ if (strcmp(user,lowercase_user) == 0) {
+ /* user name was already lower case! */
+ return false;
+ }
+
+ DEBUG(5,("looking for user %s of domain %s in netgroup %s\n",
+ lowercase_user, my_yp_domain?my_yp_domain:"(ANY)", ngname));
+
+ if (innetgr(ngname, NULL, lowercase_user, my_yp_domain)) {
+ DEBUG(5,("user_in_netgroup: Found\n"));
+ return true;
+ }
+#endif /* HAVE_NETGROUP */
+ return false;
+}
+
+/****************************************************************************
+ Check if a user is in a user list - can check combinations of UNIX
+ and netgroup lists.
+****************************************************************************/
+
+bool user_in_list(const char *user,const char **list)
+{
+ if (!list || !*list)
+ return False;
+
+ DEBUG(10,("user_in_list: checking user %s in list\n", user));
+
+ while (*list) {
+
+ DEBUG(10,("user_in_list: checking user |%s| against |%s|\n",
+ user, *list));
+
+ /*
+ * Check raw username.
+ */
+ if (strequal(user, *list))
+ return(True);
+
+ /*
+ * Now check to see if any combination
+ * of UNIX and netgroups has been specified.
+ */
+
+ if(**list == '@') {
+ /*
+ * Old behaviour. Check netgroup list
+ * followed by UNIX list.
+ */
+ if(user_in_netgroup(user, *list +1))
+ return True;
+ if(user_in_group(user, *list +1))
+ return True;
+ } else if (**list == '+') {
+
+ if((*(*list +1)) == '&') {
+ /*
+ * Search UNIX list followed by netgroup.
+ */
+ if(user_in_group(user, *list +2))
+ return True;
+ if(user_in_netgroup(user, *list +2))
+ return True;
+
+ } else {
+
+ /*
+ * Just search UNIX list.
+ */
+
+ if(user_in_group(user, *list +1))
+ return True;
+ }
+
+ } else if (**list == '&') {
+
+ if(*(*list +1) == '+') {
+ /*
+ * Search netgroup list followed by UNIX list.
+ */
+ if(user_in_netgroup(user, *list +2))
+ return True;
+ if(user_in_group(user, *list +2))
+ return True;
+ } else {
+ /*
+ * Just search netgroup list.
+ */
+ if(user_in_netgroup(user, *list +1))
+ return True;
+ }
+ }
+
+ list++;
+ }
+ return(False);
+}
+
bool map_username(fstring user)
{
XFILE *f;
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 640e634da9..e85f23074f 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -404,139 +404,6 @@ const char *get_session_workgroup(struct smbd_server_connection *sconn)
}
/****************************************************************************
- Check if a user is in a netgroup user list. If at first we don't succeed,
- try lower case.
-****************************************************************************/
-
-bool user_in_netgroup(const char *user, const char *ngname)
-{
-#ifdef HAVE_NETGROUP
- static char *my_yp_domain = NULL;
- fstring lowercase_user;
-
- if (my_yp_domain == NULL) {
- yp_get_default_domain(&my_yp_domain);
- }
-
- if (my_yp_domain == NULL) {
- DEBUG(5,("Unable to get default yp domain, "
- "let's try without specifying it\n"));
- }
-
- DEBUG(5,("looking for user %s of domain %s in netgroup %s\n",
- user, my_yp_domain?my_yp_domain:"(ANY)", ngname));
-
- if (innetgr(ngname, NULL, user, my_yp_domain)) {
- DEBUG(5,("user_in_netgroup: Found\n"));
- return true;
- }
-
- /*
- * Ok, innetgr is case sensitive. Try once more with lowercase
- * just in case. Attempt to fix #703. JRA.
- */
- fstrcpy(lowercase_user, user);
- strlower_m(lowercase_user);
-
- if (strcmp(user,lowercase_user) == 0) {
- /* user name was already lower case! */
- return false;
- }
-
- DEBUG(5,("looking for user %s of domain %s in netgroup %s\n",
- lowercase_user, my_yp_domain?my_yp_domain:"(ANY)", ngname));
-
- if (innetgr(ngname, NULL, lowercase_user, my_yp_domain)) {
- DEBUG(5,("user_in_netgroup: Found\n"));
- return true;
- }
-#endif /* HAVE_NETGROUP */
- return false;
-}
-
-/****************************************************************************
- Check if a user is in a user list - can check combinations of UNIX
- and netgroup lists.
-****************************************************************************/
-
-bool user_in_list(const char *user,const char **list)
-{
- if (!list || !*list)
- return False;
-
- DEBUG(10,("user_in_list: checking user %s in list\n", user));
-
- while (*list) {
-
- DEBUG(10,("user_in_list: checking user |%s| against |%s|\n",
- user, *list));
-
- /*
- * Check raw username.
- */
- if (strequal(user, *list))
- return(True);
-
- /*
- * Now check to see if any combination
- * of UNIX and netgroups has been specified.
- */
-
- if(**list == '@') {
- /*
- * Old behaviour. Check netgroup list
- * followed by UNIX list.
- */
- if(user_in_netgroup(user, *list +1))
- return True;
- if(user_in_group(user, *list +1))
- return True;
- } else if (**list == '+') {
-
- if((*(*list +1)) == '&') {
- /*
- * Search UNIX list followed by netgroup.
- */
- if(user_in_group(user, *list +2))
- return True;
- if(user_in_netgroup(user, *list +2))
- return True;
-
- } else {
-
- /*
- * Just search UNIX list.
- */
-
- if(user_in_group(user, *list +1))
- return True;
- }
-
- } else if (**list == '&') {
-
- if(*(*list +1) == '+') {
- /*
- * Search netgroup list followed by UNIX list.
- */
- if(user_in_netgroup(user, *list +2))
- return True;
- if(user_in_group(user, *list +2))
- return True;
- } else {
- /*
- * Just search netgroup list.
- */
- if(user_in_netgroup(user, *list +1))
- return True;
- }
- }
-
- list++;
- }
- return(False);
-}
-
-/****************************************************************************
Check if a username is valid.
****************************************************************************/
diff --git a/source3/wscript_build b/source3/wscript_build
index 0ff206380d..3ce63adb69 100644
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -524,7 +524,7 @@ AUTH_NETLOGOND_SRC = 'auth/auth_netlogond.c'
AUTH_STATIC = ''
AUTH_SRC = '''${AUTH_STATIC} auth/auth.c auth/auth_util.c auth/token_util.c
auth/auth_compat.c auth/auth_ntlmssp.c auth/user_info.c auth/check_samsec.c
- auth/server_info.c auth/server_info_sam.c
+ auth/user_util.c auth/server_info.c auth/server_info_sam.c
${PLAINTEXT_AUTH_SRC} ${SLCACHE_SRC} ${DCUTIL_SRC}'''
#FIXME: set IDMAP_STATIC during configuration