diff options
author | Andrew Bartlett <abartlet@samba.org> | 2003-02-24 02:35:54 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2003-02-24 02:35:54 +0000 |
commit | e72ecdc862804339912325fe848401e8ec57cde7 (patch) | |
tree | 4ac1832cbe804e956e8700606a57e985bde0d3b7 /source3/rpc_server | |
parent | 0fc93128b8e510c3ccc161044068d9f3960635da (diff) | |
download | samba-e72ecdc862804339912325fe848401e8ec57cde7.tar.gz samba-e72ecdc862804339912325fe848401e8ec57cde7.tar.bz2 samba-e72ecdc862804339912325fe848401e8ec57cde7.zip |
Merge of server-side authentication changes to 3.0:
- user_ok() and user_in_group() now take a list of groups, instead of
looking for the user in the members of all groups.
- The 'server_info' returned from the authentication is now kept around
- in future we won't copy the sesion key, username etc, we will just
referece them directly.
- rhosts upgraded to use the SAM if possible, otherwise fake up based on
getpwnam().
- auth_util code to deal with groups upgraded to deal with non-winbind domain
members again.
Andrew Bartlett
(This used to be commit 74b5436c75114170ce7c780c19226103d0df9060)
Diffstat (limited to 'source3/rpc_server')
-rw-r--r-- | source3/rpc_server/srv_netlog_nt.c | 2 | ||||
-rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 20 | ||||
-rw-r--r-- | source3/rpc_server/srv_spoolss_nt.c | 6 |
3 files changed, 14 insertions, 14 deletions
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 8070cdd984..6182da53d9 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -668,7 +668,7 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * fstring group_sid_string; uchar user_sess_key[16]; uchar netlogon_sess_key[16]; - + sampw = server_info->sam_account; /* set up pointer indicating user/password failed to be found */ diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 2896fd79e4..d766e9c19e 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -3427,7 +3427,7 @@ NTSTATUS _samr_add_aliasmem(pipes_struct *p, SAMR_Q_ADD_ALIASMEM *q_u, SAMR_R_AD fstrcpy(grp_name, grp->gr_name); /* if the user is already in the group */ - if(user_in_group_list(pwd->pw_name, grp_name)) { + if(user_in_unix_group_list(pwd->pw_name, grp_name)) { passwd_free(&pwd); return NT_STATUS_MEMBER_IN_ALIAS; } @@ -3439,7 +3439,7 @@ NTSTATUS _samr_add_aliasmem(pipes_struct *p, SAMR_Q_ADD_ALIASMEM *q_u, SAMR_R_AD smb_add_user_group(grp_name, pwd->pw_name); /* check if the user has been added then ... */ - if(!user_in_group_list(pwd->pw_name, grp_name)) { + if(!user_in_unix_group_list(pwd->pw_name, grp_name)) { passwd_free(&pwd); return NT_STATUS_MEMBER_NOT_IN_ALIAS; /* don't know what to reply else */ } @@ -3485,7 +3485,7 @@ NTSTATUS _samr_del_aliasmem(pipes_struct *p, SAMR_Q_DEL_ALIASMEM *q_u, SAMR_R_DE if ((grp=getgrgid(map.gid)) == NULL) return NT_STATUS_NO_SUCH_ALIAS; - /* we need to copy the name otherwise it's overloaded in user_in_group_list */ + /* we need to copy the name otherwise it's overloaded in user_in_unix_group_list */ fstrcpy(grp_name, grp->gr_name); /* check if the user exists before trying to remove it from the group */ @@ -3497,7 +3497,7 @@ NTSTATUS _samr_del_aliasmem(pipes_struct *p, SAMR_Q_DEL_ALIASMEM *q_u, SAMR_R_DE } /* if the user is not in the group */ - if(!user_in_group_list(pdb_get_username(sam_pass), grp_name)) { + if(!user_in_unix_group_list(pdb_get_username(sam_pass), grp_name)) { pdb_free_sam(&sam_pass); return NT_STATUS_MEMBER_IN_ALIAS; } @@ -3505,7 +3505,7 @@ NTSTATUS _samr_del_aliasmem(pipes_struct *p, SAMR_Q_DEL_ALIASMEM *q_u, SAMR_R_DE smb_delete_user_group(grp_name, pdb_get_username(sam_pass)); /* check if the user has been removed then ... */ - if(user_in_group_list(pdb_get_username(sam_pass), grp_name)) { + if(user_in_unix_group_list(pdb_get_username(sam_pass), grp_name)) { pdb_free_sam(&sam_pass); return NT_STATUS_MEMBER_NOT_IN_ALIAS; /* don't know what to reply else */ } @@ -3583,11 +3583,11 @@ NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_AD return NT_STATUS_NO_SUCH_GROUP; } - /* we need to copy the name otherwise it's overloaded in user_in_group_list */ + /* we need to copy the name otherwise it's overloaded in user_in_unix_group_list */ fstrcpy(grp_name, grp->gr_name); /* if the user is already in the group */ - if(user_in_group_list(pwd->pw_name, grp_name)) { + if(user_in_unix_group_list(pwd->pw_name, grp_name)) { passwd_free(&pwd); return NT_STATUS_MEMBER_IN_GROUP; } @@ -3601,7 +3601,7 @@ NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_AD smb_add_user_group(grp_name, pwd->pw_name); /* check if the user has been added then ... */ - if(!user_in_group_list(pwd->pw_name, grp_name)) { + if(!user_in_unix_group_list(pwd->pw_name, grp_name)) { passwd_free(&pwd); return NT_STATUS_MEMBER_NOT_IN_GROUP; /* don't know what to reply else */ } @@ -3662,7 +3662,7 @@ NTSTATUS _samr_del_groupmem(pipes_struct *p, SAMR_Q_DEL_GROUPMEM *q_u, SAMR_R_DE } /* if the user is not in the group */ - if (!user_in_group_list(pdb_get_username(sam_pass), grp_name)) { + if (!user_in_unix_group_list(pdb_get_username(sam_pass), grp_name)) { pdb_free_sam(&sam_pass); return NT_STATUS_MEMBER_NOT_IN_GROUP; } @@ -3670,7 +3670,7 @@ NTSTATUS _samr_del_groupmem(pipes_struct *p, SAMR_Q_DEL_GROUPMEM *q_u, SAMR_R_DE smb_delete_user_group(grp_name, pdb_get_username(sam_pass)); /* check if the user has been removed then ... */ - if (user_in_group_list(pdb_get_username(sam_pass), grp_name)) { + if (user_in_unix_group_list(pdb_get_username(sam_pass), grp_name)) { pdb_free_sam(&sam_pass); return NT_STATUS_ACCESS_DENIED; /* don't know what to reply else */ } diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index 3605c1a24d..93566c2bb7 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -1606,7 +1606,7 @@ Can't find printer handle we created for printer %s\n", name )); /* if the user is not root and not a printer admin, then fail */ if ( user.uid != 0 - && !user_in_list(uidtoname(user.uid), lp_printer_admin(snum)) ) + && !user_in_list(uidtoname(user.uid), lp_printer_admin(snum), user.groups, user.ngroups) ) { close_printer_handle(p, handle); return WERR_ACCESS_DENIED; @@ -1653,7 +1653,7 @@ Can't find printer handle we created for printer %s\n", name )); /* check smb.conf parameters and the the sec_desc */ - if (!user_ok(uidtoname(user.uid), snum) || !print_access_check(&user, snum, printer_default->access_required)) { + if (!user_ok(uidtoname(user.uid), snum, user.groups, user.ngroups) || !print_access_check(&user, snum, printer_default->access_required)) { DEBUG(3, ("access DENIED for printer open\n")); close_printer_handle(p, handle); return WERR_ACCESS_DENIED; @@ -8992,7 +8992,7 @@ WERROR _spoolss_enumprinterdataex(pipes_struct *p, SPOOL_Q_ENUMPRINTERDATAEX *q_ done: if ( printer ) - free_a_printer(&printer, 2); + free_a_printer(&printer, 2); return result; } |