diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2003-02-24 02:35:54 +0000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2003-02-24 02:35:54 +0000 |
| commit | e72ecdc862804339912325fe848401e8ec57cde7 (patch) | |
| tree | 4ac1832cbe804e956e8700606a57e985bde0d3b7 /source3/auth/auth_rhosts.c | |
| parent | 0fc93128b8e510c3ccc161044068d9f3960635da (diff) | |
| download | samba-e72ecdc862804339912325fe848401e8ec57cde7.tar.gz samba-e72ecdc862804339912325fe848401e8ec57cde7.tar.bz2 samba-e72ecdc862804339912325fe848401e8ec57cde7.zip | |
Merge of server-side authentication changes to 3.0:
- user_ok() and user_in_group() now take a list of groups, instead of
looking for the user in the members of all groups.
- The 'server_info' returned from the authentication is now kept around
- in future we won't copy the sesion key, username etc, we will just
referece them directly.
- rhosts upgraded to use the SAM if possible, otherwise fake up based on
getpwnam().
- auth_util code to deal with groups upgraded to deal with non-winbind domain
members again.
Andrew Bartlett
(This used to be commit 74b5436c75114170ce7c780c19226103d0df9060)
Diffstat (limited to 'source3/auth/auth_rhosts.c')
| -rw-r--r-- | source3/auth/auth_rhosts.c | 68 |
1 files changed, 39 insertions, 29 deletions
diff --git a/source3/auth/auth_rhosts.c b/source3/auth/auth_rhosts.c index 4ed0e6bbc4..5451f7d930 100644 --- a/source3/auth/auth_rhosts.c +++ b/source3/auth/auth_rhosts.c @@ -129,23 +129,19 @@ static BOOL check_user_equiv(const char *user, const char *remote, const char *e return False; } - /**************************************************************************** check for a possible hosts equiv or rhosts entry for the user ****************************************************************************/ -static BOOL check_hosts_equiv(struct passwd *pass) +static BOOL check_hosts_equiv(SAM_ACCOUNT *account) { char *fname = NULL; - if (!pass) - return(False); - fname = lp_hosts_equiv(); /* note: don't allow hosts.equiv on root */ - if (fname && *fname && (pass->pw_uid != 0)) { - if (check_user_equiv(pass->pw_name,client_name(),fname)) + if (IS_SAM_UNIX_USER(account) && fname && *fname && (pdb_get_uid(account) != 0)) { + if (check_user_equiv(pdb_get_username(account),client_name(),fname)) return(True); } @@ -164,15 +160,18 @@ static NTSTATUS check_hostsequiv_security(const struct auth_context *auth_contex auth_serversupplied_info **server_info) { NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE; - struct passwd *pass = Get_Pwnam(user_info->internal_username.str); - - if (pass) { - if (check_hosts_equiv(pass)) { - nt_status = NT_STATUS_OK; - make_server_info_pw(server_info, pass); - } + SAM_ACCOUNT *account = NULL; + if (!NT_STATUS_IS_OK(nt_status = + auth_get_sam_account(user_info->internal_username.str, + &account))) { + return nt_status; + } + + if (check_hosts_equiv(account)) { + nt_status = make_server_info_sam(server_info, account); } else { - nt_status = NT_STATUS_NO_SUCH_USER; + pdb_free_sam(&account); + nt_status = NT_STATUS_LOGON_FAILURE; } return nt_status; @@ -186,6 +185,7 @@ NTSTATUS auth_init_hostsequiv(struct auth_context *auth_context, const char* par } (*auth_method)->auth = check_hostsequiv_security; + (*auth_method)->name = "hostsequiv"; return NT_STATUS_OK; } @@ -201,24 +201,33 @@ static NTSTATUS check_rhosts_security(const struct auth_context *auth_context, auth_serversupplied_info **server_info) { NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE; - struct passwd *pass = Get_Pwnam(user_info->internal_username.str); + SAM_ACCOUNT *account = NULL; pstring rhostsfile; + const char *home; - if (pass) { - char *home = pass->pw_dir; - if (home) { - slprintf(rhostsfile, sizeof(rhostsfile)-1, "%s/.rhosts", home); - become_root(); - if (check_user_equiv(pass->pw_name,client_name(),rhostsfile)) { - nt_status = NT_STATUS_OK; - make_server_info_pw(server_info, pass); - } - unbecome_root(); - } - } else { - nt_status = NT_STATUS_NO_SUCH_USER; + if (!NT_STATUS_IS_OK(nt_status = + auth_get_sam_account(user_info->internal_username.str, + &account))) { + return nt_status; } + home = pdb_get_unix_homedir(account); + + if (home) { + slprintf(rhostsfile, sizeof(rhostsfile)-1, "%s/.rhosts", home); + become_root(); + if (check_user_equiv(pdb_get_username(account),client_name(),rhostsfile)) { + nt_status = make_server_info_sam(server_info, account); + } else { + pdb_free_sam(&account); + nt_status = NT_STATUS_LOGON_FAILURE; + } + unbecome_root(); + } else { + pdb_free_sam(&account); + nt_status = NT_STATUS_LOGON_FAILURE; + } + return nt_status; } @@ -230,5 +239,6 @@ NTSTATUS auth_init_rhosts(struct auth_context *auth_context, const char *param, } (*auth_method)->auth = check_rhosts_security; + (*auth_method)->name = "rhosts"; return NT_STATUS_OK; } |