diff options
| author | Volker Lendecke <vlendec@samba.org> | 2006-02-13 17:08:25 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:10:06 -0500 |
| commit | 301d51e13a1aa4e633e2da161b0dd260a8a499cd (patch) | |
| tree | 7e8b9acef42b06f5ca2eac42f5b6403a035c8612 /source3/auth | |
| parent | 3b67210eec560d0c79b625ac11acb940e29fe8e0 (diff) | |
| download | samba-301d51e13a1aa4e633e2da161b0dd260a8a499cd.tar.gz samba-301d51e13a1aa4e633e2da161b0dd260a8a499cd.tar.bz2 samba-301d51e13a1aa4e633e2da161b0dd260a8a499cd.zip | |
r13494: Merge the stuff I've done in head the last days.
Volker
(This used to be commit bb40e544de68f01a6e774753f508e69373b39899)
Diffstat (limited to 'source3/auth')
| -rw-r--r-- | source3/auth/auth_util.c | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 1567b6e40b..ad02b24a42 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -1019,6 +1019,72 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, } /*************************************************************************** + Build upon create_token_from_username: + + Expensive helper function to figure out whether a user given its name is + member of a particular group. +***************************************************************************/ +BOOL user_in_group_sid(const char *username, const DOM_SID *group_sid) +{ + NTSTATUS status; + uid_t uid; + gid_t gid; + char *found_username; + struct nt_user_token *token; + BOOL result; + + TALLOC_CTX *mem_ctx; + + mem_ctx = talloc_new(NULL); + if (mem_ctx == NULL) { + DEBUG(0, ("talloc_new failed\n")); + return False; + } + + status = create_token_from_username(mem_ctx, username, False, + &uid, &gid, &found_username, + &token); + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, ("could not create token for %s\n", username)); + return False; + } + + result = nt_token_check_sid(group_sid, token); + + talloc_free(mem_ctx); + return result; + +} + +BOOL user_in_group(const char *username, const char *groupname) +{ + TALLOC_CTX *mem_ctx; + DOM_SID group_sid; + NTSTATUS status; + BOOL ret; + + mem_ctx = talloc_new(NULL); + if (mem_ctx == NULL) { + DEBUG(0, ("talloc_new failed\n")); + return False; + } + + ret = lookup_name(mem_ctx, groupname, LOOKUP_NAME_ALL, + NULL, NULL, &group_sid, NULL); + talloc_free(mem_ctx); + + if (!ret) { + DEBUG(10, ("lookup_name(%s) failed: %s\n", groupname, + nt_errstr(status))); + return False; + } + + return user_in_group_sid(username, &group_sid); +} + + +/*************************************************************************** Make (and fill) a user_info struct from a Kerberos PAC logon_info by conversion to a SAM_ACCOUNT ***************************************************************************/ |