summaryrefslogtreecommitdiff
path: root/source3/auth
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2005-02-24 00:26:24 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 10:55:45 -0500
commit051d9d7894662d59af1b71d2ea36910d7aac5f38 (patch)
treeb173dd540c30ac29ade68e61a921cde3e71d042b /source3/auth
parent9fa9ca4f8bc712cfdbc9658f72295bd815f3dc61 (diff)
downloadsamba-051d9d7894662d59af1b71d2ea36910d7aac5f38.tar.gz
samba-051d9d7894662d59af1b71d2ea36910d7aac5f38.tar.bz2
samba-051d9d7894662d59af1b71d2ea36910d7aac5f38.zip
r5528: Expand the invalid-workstation-scheme. Workstation-Names with leading
'@'-sign are expanded on-the-fly as posix-groups of workstations. This allows optional, more flexible login-control in larger networks. Guenther (This used to be commit 8f143b6800e0b6964c8ba4ba9607dc74da12ae59)
Diffstat (limited to 'source3/auth')
-rw-r--r--source3/auth/auth_sam.c14
1 files changed, 13 insertions, 1 deletions
diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c
index 2633cc92c3..db05ac97f8 100644
--- a/source3/auth/auth_sam.c
+++ b/source3/auth/auth_sam.c
@@ -170,9 +170,13 @@ static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx,
if (*workstation_list) {
BOOL invalid_ws = True;
+ fstring tok;
const char *s = workstation_list;
+
+ const char *machine_name = talloc_asprintf(mem_ctx, "%s$", user_info->wksta_name.str);
+ if (machine_name == NULL)
+ return NT_STATUS_NO_MEMORY;
- fstring tok;
while (next_token(&s, tok, ",", sizeof(tok))) {
DEBUG(10,("sam_account_ok: checking for workstation match %s and %s (len=%d)\n",
@@ -181,6 +185,14 @@ static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx,
invalid_ws = False;
break;
}
+ if (tok[0] == '@') {
+ DEBUG(10,("sam_account_ok: checking for workstation %s in group: %s\n",
+ machine_name, tok + 1));
+ if (user_in_group_list(machine_name, tok + 1, NULL, 0)) {
+ invalid_ws = False;
+ break;
+ }
+ }
}
if (invalid_ws)