diff options
author | Andrew Bartlett <abartlet@samba.org> | 2003-02-22 11:34:04 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2003-02-22 11:34:04 +0000 |
commit | ab43a25b2893506d5de305626dfbbf98966f1f78 (patch) | |
tree | 653e18d5b5c979f86d04cc66ac09e2164b8ab189 | |
parent | 4fdb86eb3b9b7eb01a90e3f3a846fb9f223d7208 (diff) | |
download | samba-ab43a25b2893506d5de305626dfbbf98966f1f78.tar.gz samba-ab43a25b2893506d5de305626dfbbf98966f1f78.tar.bz2 samba-ab43a25b2893506d5de305626dfbbf98966f1f78.zip |
First check if the user is in the passdb, then check Get_Pwnam().
We check passdb becouse the user might have things like a logon script set,
but we have to check the passdb becouse the user might not be in smbpasswd at
all.
This is in preperation for the removal of unixsam as an assuption.
Andrew Bartlett
(This used to be commit 61e3e2695860c58f9b0e8d1856972318666682c8)
-rw-r--r-- | source3/auth/auth_rhosts.c | 62 | ||||
-rw-r--r-- | source3/auth/auth_util.c | 30 |
2 files changed, 61 insertions, 31 deletions
diff --git a/source3/auth/auth_rhosts.c b/source3/auth/auth_rhosts.c index 4ed0e6bbc4..d8e1b01942 100644 --- a/source3/auth/auth_rhosts.c +++ b/source3/auth/auth_rhosts.c @@ -129,23 +129,19 @@ static BOOL check_user_equiv(const char *user, const char *remote, const char *e return False; } - /**************************************************************************** check for a possible hosts equiv or rhosts entry for the user ****************************************************************************/ -static BOOL check_hosts_equiv(struct passwd *pass) +static BOOL check_hosts_equiv(SAM_ACCOUNT *account) { char *fname = NULL; - if (!pass) - return(False); - fname = lp_hosts_equiv(); /* note: don't allow hosts.equiv on root */ - if (fname && *fname && (pass->pw_uid != 0)) { - if (check_user_equiv(pass->pw_name,client_name(),fname)) + if (IS_SAM_UNIX_USER(account) && fname && *fname && (pdb_get_uid(account) != 0)) { + if (check_user_equiv(pdb_get_username(account),client_name(),fname)) return(True); } @@ -164,15 +160,15 @@ static NTSTATUS check_hostsequiv_security(const struct auth_context *auth_contex auth_serversupplied_info **server_info) { NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE; - struct passwd *pass = Get_Pwnam(user_info->internal_username.str); - - if (pass) { - if (check_hosts_equiv(pass)) { - nt_status = NT_STATUS_OK; - make_server_info_pw(server_info, pass); - } - } else { - nt_status = NT_STATUS_NO_SUCH_USER; + SAM_ACCOUNT *account = NULL; + if (!NT_STATUS_IS_OK(nt_status = + auth_get_sam_account(user_info->internal_username.str, + &account))) { + return nt_status; + } + + if (check_hosts_equiv(account)) { + nt_status = make_server_info_sam(server_info, account); } return nt_status; @@ -186,6 +182,7 @@ NTSTATUS auth_init_hostsequiv(struct auth_context *auth_context, const char* par } (*auth_method)->auth = check_hostsequiv_security; + (*auth_method)->name = "hostsequiv"; return NT_STATUS_OK; } @@ -201,24 +198,26 @@ static NTSTATUS check_rhosts_security(const struct auth_context *auth_context, auth_serversupplied_info **server_info) { NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE; - struct passwd *pass = Get_Pwnam(user_info->internal_username.str); - pstring rhostsfile; + SAM_ACCOUNT *account = NULL; - if (pass) { - char *home = pass->pw_dir; - if (home) { - slprintf(rhostsfile, sizeof(rhostsfile)-1, "%s/.rhosts", home); - become_root(); - if (check_user_equiv(pass->pw_name,client_name(),rhostsfile)) { - nt_status = NT_STATUS_OK; - make_server_info_pw(server_info, pass); - } - unbecome_root(); - } - } else { - nt_status = NT_STATUS_NO_SUCH_USER; + if (!NT_STATUS_IS_OK(nt_status = + auth_get_sam_account(user_info->internal_username.str, + &account))) { + return nt_status; } + pstring rhostsfile; + + char *home = pdb_get_unix_homedir(account); + if (home) { + slprintf(rhostsfile, sizeof(rhostsfile)-1, "%s/.rhosts", home); + become_root(); + if (check_user_equiv(pdb_get_username(account),client_name(),rhostsfile)) { + nt_status = make_server_info_sam(server_info, account); + } + unbecome_root(); + } + return nt_status; } @@ -230,5 +229,6 @@ NTSTATUS auth_init_rhosts(struct auth_context *auth_context, const char *param, } (*auth_method)->auth = check_rhosts_security; + (*auth_method)->name = "rhosts"; return NT_STATUS_OK; } diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 352d058f20..7d85153bd0 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -78,6 +78,36 @@ void smb_user_control(const auth_usersupplied_info *user_info, auth_serversuppli } /**************************************************************************** + Create a SAM_ACCOUNT - either by looking in the pdb, or by faking it up from + unix info. +****************************************************************************/ + +NTSTATUS auth_get_sam_account(const char *user, SAM_ACCOUNT **account) +{ + BOOL pdb_ret; + NTSTATUS nt_status; + if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam(account))) { + return nt_status; + } + + become_root(); + pdb_ret = pdb_getsampwnam(*account, user); + unbecome_root(); + + if (!pdb_ret) { + + struct passwd *pass = Get_Pwnam(user); + if (!pass) + return NT_STATUS_NO_SUCH_USER; + + if (!NT_STATUS_IS_OK(nt_status = pdb_fill_sam_pw(*account, pass))) { + return nt_status; + } + } + return NT_STATUS_OK; +} + +/**************************************************************************** Create an auth_usersupplied_data structure ****************************************************************************/ |