diff options
author | Jeremy Allison <jra@samba.org> | 1998-06-10 19:45:13 +0000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 1998-06-10 19:45:13 +0000 |
commit | 72bf410b6e9b85f8fbff7f6175661829bef35f62 (patch) | |
tree | 11c6f694c2f4b4c3bb2e9325b071215a6d0dfbbf | |
parent | 1b86bead993051f93ea1570ad404e270b06045d3 (diff) | |
download | samba-72bf410b6e9b85f8fbff7f6175661829bef35f62.tar.gz samba-72bf410b6e9b85f8fbff7f6175661829bef35f62.tar.bz2 samba-72bf410b6e9b85f8fbff7f6175661829bef35f62.zip |
De-coupled the mapping of a Windows to UNIX username from the Get_Pwnam
username case conversion wrapper. It is now (very) explicit where we are
mapping between an incoming Windows username, and when we are doing a
UNIX password entry lookup, which may change the case of the given
username.
This makes things *much* clearer (IMHO:-) and will ease the adding of
the 'groupname map' parameter, and the addition of the special 'jeremy'
mode for Samba where unix users will not be needed. (We must think of
a better name for it :-).
Jeremy.
(This used to be commit fb6ed81844e7cb6049749e43ac9b4adfaf4ca2de)
-rw-r--r-- | source3/lib/username.c | 53 | ||||
-rw-r--r-- | source3/lsarpcd/srv_lsa.c | 13 | ||||
-rw-r--r-- | source3/rpc_server/srv_lsa.c | 13 | ||||
-rw-r--r-- | source3/rpc_server/srv_netlog.c | 10 | ||||
-rw-r--r-- | source3/smbd/ipc.c | 26 | ||||
-rw-r--r-- | source3/smbd/reply.c | 41 |
6 files changed, 125 insertions, 31 deletions
diff --git a/source3/lib/username.c b/source3/lib/username.c index 6c65d5d8cb..d5ecfe9166 100644 --- a/source3/lib/username.c +++ b/source3/lib/username.c @@ -22,18 +22,18 @@ #include "includes.h" extern int DEBUGLEVEL; -/* internal functions - modified versions of the ones in password.c */ +/* internal functions */ static struct passwd *uname_string_combinations(char *s, struct passwd * (*fn) (char *), int N); static struct passwd *uname_string_combinations2(char *s, int offset, struct passwd * (*fn) (char *), int N); /**************************************************************************** -get a users home directory. tries as-is then lower case +get a users home directory. ****************************************************************************/ char *get_home_dir(char *user) { static struct passwd *pass; - pass = Get_Pwnam(user,False); + pass = Get_Pwnam(user, False); if (!pass) return(NULL); return(pass->pw_dir); @@ -42,26 +42,34 @@ char *get_home_dir(char *user) /******************************************************************* map a username from a dos name to a unix name by looking in the username -map +map. Note that this modifies the name in place. +This is the main function that should be called *once* on +any incoming or new username - in order to canonicalize the name. +This is being done to de-couple the case conversions from the user mapping +function. Previously, the map_username was being called +every time Get_Pwnam was called. ********************************************************************/ void map_username(char *user) { - static int depth=0; static BOOL initialised=False; static fstring last_from,last_to; FILE *f; char *s; char *mapfile = lp_username_map(); - if (!*mapfile || depth) return; if (!*user) return; + if (!*mapfile) { + return; + } + if (!initialised) { *last_from = *last_to = 0; initialised = True; } - if (strequal(user,last_to)) return; + if (strequal(user,last_to)) + return; if (strequal(user,last_from)) { DEBUG(3,("Mapped user %s to %s\n",user,last_to)); @@ -77,20 +85,17 @@ void map_username(char *user) DEBUG(4,("Scanning username map %s\n",mapfile)); - depth++; - for (; (s=fgets_slash(NULL,80,f)); free(s)) { char *unixname = s; char *dosname = strchr(unixname,'='); - BOOL break_if_mapped = False; + BOOL return_if_mapped = False; if (!dosname) continue; *dosname++ = 0; while (isspace(*unixname)) unixname++; - if ('!' == *unixname) - { - break_if_mapped = True; + if ('!' == *unixname) { + return_if_mapped = True; unixname++; while (*unixname && isspace(*unixname)) unixname++; } @@ -100,30 +105,29 @@ void map_username(char *user) { int l = strlen(unixname); while (l && isspace(unixname[l-1])) { - unixname[l-1] = 0; - l--; + unixname[l-1] = 0; + l--; } } if (strchr(dosname,'*') || user_in_list(user,dosname)) { DEBUG(3,("Mapped user %s to %s\n",user,unixname)); - StrnCpy(last_from,user,sizeof(last_from)-1); + fstrcpy(last_from,user); sscanf(unixname,"%s",user); - StrnCpy(last_to,user,sizeof(last_to)-1); - if(break_if_mapped) { + fstrcpy(last_to,user); + if(return_if_mapped) { free(s); - break; + fclose(f); + return; } } } fclose(f); - - depth--; } /**************************************************************************** -internals of Get_Pwnam wrapper +Get_Pwnam wrapper ****************************************************************************/ static struct passwd *_Get_Pwnam(char *s) { @@ -151,7 +155,7 @@ static struct passwd *_Get_Pwnam(char *s) /**************************************************************************** a wrapper for getpwnam() that tries with all lower and all upper case if the initial name fails. Also tried with first letter capitalised -Note that this changes user! +Note that this can change user! ****************************************************************************/ struct passwd *Get_Pwnam(char *user,BOOL allow_change) { @@ -170,8 +174,6 @@ struct passwd *Get_Pwnam(char *user,BOOL allow_change) user = &user2[0]; } - map_username(user); - ret = _Get_Pwnam(user); if (ret) return(ret); @@ -208,7 +210,6 @@ struct passwd *Get_Pwnam(char *user,BOOL allow_change) return(NULL); } - /**************************************************************************** check if a user is in a user list ****************************************************************************/ diff --git a/source3/lsarpcd/srv_lsa.c b/source3/lsarpcd/srv_lsa.c index e723b532b1..43f463a8ab 100644 --- a/source3/lsarpcd/srv_lsa.c +++ b/source3/lsarpcd/srv_lsa.c @@ -371,7 +371,18 @@ static void api_lsa_lookup_names( int uid, prs_struct *data, /* convert received RIDs to strings, so we can do them. */ for (i = 0; i < q_l.num_entries; i++) { - char *user_name = unistr2(q_l.lookup_name[i].str.buffer); + fstring user_name; + fstrcpy(user_name, unistr2(q_l.lookup_name[i].str.buffer)); + /* + * Map to the UNIX username. + */ + map_username(user_name); + + /* + * Do any case conversions. + */ + (void)Get_Pwnam(user_name, True); + if (!pdb_name_to_rid(user_name, &dom_rids[i], &dummy_g_rid)) { /* WHOOPS! we should really do something about this... */ diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c index e723b532b1..43f463a8ab 100644 --- a/source3/rpc_server/srv_lsa.c +++ b/source3/rpc_server/srv_lsa.c @@ -371,7 +371,18 @@ static void api_lsa_lookup_names( int uid, prs_struct *data, /* convert received RIDs to strings, so we can do them. */ for (i = 0; i < q_l.num_entries; i++) { - char *user_name = unistr2(q_l.lookup_name[i].str.buffer); + fstring user_name; + fstrcpy(user_name, unistr2(q_l.lookup_name[i].str.buffer)); + /* + * Map to the UNIX username. + */ + map_username(user_name); + + /* + * Do any case conversions. + */ + (void)Get_Pwnam(user_name, True); + if (!pdb_name_to_rid(user_name, &dom_rids[i], &dummy_g_rid)) { /* WHOOPS! we should really do something about this... */ diff --git a/source3/rpc_server/srv_netlog.c b/source3/rpc_server/srv_netlog.c index 38481cd2d3..8bcf1682bc 100644 --- a/source3/rpc_server/srv_netlog.c +++ b/source3/rpc_server/srv_netlog.c @@ -641,6 +641,16 @@ static void api_net_sam_logon( int uid, DEBUG(3,("User:[%s]\n", samlogon_user)); + /* + * Convert to a UNIX username. + */ + map_username(samlogon_user); + + /* + * Do any case conversions. + */ + (void)Get_Pwnam(samlogon_user, True); + become_root(True); smb_pass = getsmbpwnam(samlogon_user); unbecome_root(True); diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index a9e0bec3ed..f92e376575 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -1633,6 +1633,18 @@ static BOOL api_SetUserPassword(int cnum,uint16 vuid, char *param,char *data, DEBUG(3,("Set password for <%s>\n",user)); /* + * Pass the user through the NT -> unix user mapping + * function. + */ + + map_username(user); + + /* + * Do any UNIX username case mangling. + */ + (void)Get_Pwnam( user, True); + + /* * Attempt the plaintext password change first. * Older versions of Windows seem to do this. */ @@ -1706,6 +1718,20 @@ static BOOL api_SamOEMChangePassword(int cnum,uint16 vuid, char *param,char *dat fstrcpy(user,p); p = skip_string(p,1); + DEBUG(3,("api_SamOEMChangePassword: Change password for <%s>\n",user)); + + /* + * Pass the user through the NT -> unix user mapping + * function. + */ + + map_username(user); + + /* + * Do any UNIX username case mangling. + */ + (void)Get_Pwnam( user, True); + if(check_oem_password( user, (unsigned char *)data, &sampw, new_passwd, (int)sizeof(new_passwd)) == False) { return True; diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 5ed30a7e8f..c9b0c6852d 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -232,6 +232,18 @@ int reply_tcon(char *inbuf,char *outbuf, int dum_size, int dum_buffsize) parse_connect(smb_buf(inbuf)+1,service,user,password,&pwlen,dev); + /* + * Pass the user through the NT -> unix user mapping + * function. + */ + + map_username(user); + + /* + * Do any UNIX username case mangling. + */ + (void)Get_Pwnam( user, True); + connection_num = make_connection(service,user,password,pwlen,dev,vuid); if (connection_num < 0) @@ -300,6 +312,18 @@ int reply_tcon_and_X(char *inbuf,char *outbuf,int length,int bufsize) DEBUG(4,("Got device type %s\n",devicename)); } + /* + * Pass the user through the NT -> unix user mapping + * function. + */ + + map_username(user); + + /* + * Do any UNIX username case mangling. + */ + (void)Get_Pwnam( user, True); + connection_num = make_connection(service,user,password,passlen,devicename,vuid); if (connection_num < 0) @@ -599,11 +623,22 @@ int reply_sesssetup_and_X(char *inbuf,char *outbuf,int length,int bufsize) reload_services(True); + /* + * Pass the user through the NT -> unix user mapping + * function. + */ + + map_username(user); + + /* + * Do any UNIX username case mangling. + */ + (void)Get_Pwnam( user, True); + add_session_user(user); - /* Check if the given username was the guest user with no password. - We need to do this check after add_session_user() as that - call can potentially change the username (via map_user). + /* + * Check if the given username was the guest user with no password. */ if(!guest && strequal(user,lp_guestaccount(-1)) && (*smb_apasswd == 0)) |