updated the 3.0 branch from the head branch - ready for alpha18

(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
author: Andrew Tridgell <tridge@samba.org> 2002-07-15 10:35:28 +0000
committer: Andrew Tridgell <tridge@samba.org> 2002-07-15 10:35:28 +0000
commit: e90b65284812aaa5ff9e9935ce9bbad7791cbbcd (patch)
tree: 9e744d1dc2f93934a4b49166a37383d3cb2b2139 /source3/smbd/password.c
parent: ec167dc9cc0ec2ee461837c25a371d2981744208 (diff)
download: samba-e90b65284812aaa5ff9e9935ce9bbad7791cbbcd.tar.gz
samba-e90b65284812aaa5ff9e9935ce9bbad7791cbbcd.tar.bz2
samba-e90b65284812aaa5ff9e9935ce9bbad7791cbbcd.zip
1 files changed, 73 insertions, 109 deletions
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 629157f22d..82c0cef77d 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -259,9 +259,19 @@ int register_vuid(auth_serversupplied_info *server_info, char *smb_name)
 	{
 		/* Keep the homedir handy */
 		const char *homedir = pdb_get_homedir(server_info->sam_account);
+		const char *unix_homedir = pdb_get_unix_homedir(server_info->sam_account);
+		const char *logon_script = pdb_get_logon_script(server_info->sam_account);
 		if (homedir) {
 			vuser->homedir = smb_xstrdup(homedir);
 		}
+
+		if (unix_homedir) {
+			vuser->unix_homedir = smb_xstrdup(unix_homedir);
+		}
+
+		if (logon_script) {
+			vuser->logon_script = smb_xstrdup(logon_script);
+		}
 	}
 
 	memcpy(vuser->session_key, server_info->session_key, sizeof(vuser->session_key));
@@ -279,7 +289,7 @@ int register_vuid(auth_serversupplied_info *server_info, char *smb_name)
 	/* Find all the groups this uid is in and store them. 
 		Used by change_to_user() */
 	initialise_groups(vuser->user.unix_name, vuser->uid, vuser->gid);
-	get_current_groups( &vuser->n_groups, &vuser->groups);
+	get_current_groups(vuser->gid, &vuser->n_groups, &vuser->groups);
 
 	if (server_info->ptok)
 		add_supplementary_nt_login_groups(&vuser->n_groups, &vuser->groups, &server_info->ptok);
@@ -301,9 +311,11 @@ int register_vuid(auth_serversupplied_info *server_info, char *smb_name)
 	}
 
 	/* Register a home dir service for this user */
-	if ((!vuser->guest) && vuser->homedir && *(vuser->homedir)
+	if ((!vuser->guest) && vuser->unix_homedir && *(vuser->unix_homedir)
 		&& (lp_servicenumber(vuser->user.unix_name) < 0)) {
-		add_home_service(vuser->user.unix_name, vuser->homedir);	  
+		vuser->homes_snum = add_home_service(vuser->user.unix_name, vuser->user.unix_name, vuser->unix_homedir);	  
+	} else {
+		vuser->homes_snum = -1;
 	}
 	
 	return vuser->vuid;
@@ -336,7 +348,7 @@ void add_session_user(char *user)
 /****************************************************************************
 check if a username is valid
 ****************************************************************************/
-BOOL user_ok(char *user,int snum)
+BOOL user_ok(const char *user,int snum)
 {
 	char **valid, **invalid;
 	BOOL ret;
@@ -345,27 +357,27 @@ BOOL user_ok(char *user,int snum)
 	ret = True;
 
 	if (lp_invalid_users(snum)) {
-		lp_list_copy(&invalid, lp_invalid_users(snum));
-		if (invalid && lp_list_substitute(invalid, "%S", lp_servicename(snum))) {
+		str_list_copy(&invalid, lp_invalid_users(snum));
+		if (invalid && str_list_substitute(invalid, "%S", lp_servicename(snum))) {
 			ret = !user_in_list(user, invalid);
 		}
 	}
-	if (invalid) lp_list_free (&invalid);
+	if (invalid) str_list_free (&invalid);
 
 	if (ret && lp_valid_users(snum)) {
-		lp_list_copy(&valid, lp_valid_users(snum));
-		if (valid && lp_list_substitute(valid, "%S", lp_servicename(snum))) {
+		str_list_copy(&valid, lp_valid_users(snum));
+		if (valid && str_list_substitute(valid, "%S", lp_servicename(snum))) {
 			ret = user_in_list(user,valid);
 		}
 	}
-	if (valid) lp_list_free (&valid);
+	if (valid) str_list_free (&valid);
 
 	if (ret && lp_onlyuser(snum)) {
-		char **user_list = lp_list_make (lp_username(snum));
-		if (user_list && lp_list_substitute(user_list, "%S", lp_servicename(snum))) {
+		char **user_list = str_list_make (lp_username(snum));
+		if (user_list && str_list_substitute(user_list, "%S", lp_servicename(snum))) {
 			ret = user_in_list(user, user_list);
 		}
-		if (user_list) lp_list_free (&user_list);
+		if (user_list) str_list_free (&user_list);
 	}
 
 	return(ret);
@@ -462,42 +474,17 @@ static char *validate_group(char *group, DATA_BLOB password,int snum)
 ****************************************************************************/
 
 BOOL authorise_login(int snum,char *user, DATA_BLOB password, 
-		     BOOL *guest,BOOL *force,uint16 vuid)
+		     BOOL *guest)
 {
 	BOOL ok = False;
-	user_struct *vuser = get_valid_user_struct(vuid);
-
+	
 #if DEBUG_PASSWORD
-	DEBUG(100,("authorise_login: checking authorisation on user=%s pass=%s vuid=%d\n",
-			user,password.data, vuid));
+	DEBUG(100,("authorise_login: checking authorisation on user=%s pass=%s\n",
+		   user,password.data));
 #endif
 
 	*guest = False;
   
-	if (GUEST_ONLY(snum))
-		*force = True;
-
-	if (!GUEST_ONLY(snum) && (lp_security() > SEC_SHARE)) {
-
-		/*
-		 * We should just use the given vuid from a sessionsetup_and_X.
-		 */
-
-		if (!vuser) {
-			DEBUG(1,("authorise_login: refusing user '%s' with no session setup\n", user));
-			return False;
-		}
-
-		if ((!vuser->guest && user_ok(vuser->user.unix_name,snum)) || 
-		    (vuser->guest && GUEST_OK(snum))) {
-			fstrcpy(user,vuser->user.unix_name);
-			*guest = vuser->guest;
-			DEBUG(3,("authorise_login: ACCEPTED: validated based on vuid as %sguest \
-(user=%s)\n", vuser->guest ? "" : "non-", user));
-			return True;
-		}
-	}
- 
 	/* there are several possibilities:
 		1) login as the given user with given password
 		2) login as a previously registered username with the given password
@@ -510,84 +497,61 @@ BOOL authorise_login(int snum,char *user, DATA_BLOB password,
 		if the service is guest_only then steps 1 to 5 are skipped
 	*/
 
-	if (!(GUEST_ONLY(snum) && GUEST_OK(snum))) {
-		/* check for a previously registered guest username */
-		if (!ok && (vuser != 0) && vuser->guest) {	  
-			if (user_ok(vuser->user.unix_name,snum) &&
-					password_ok(vuser->user.unix_name, password)) {
-				fstrcpy(user, vuser->user.unix_name);
-				*guest = False;
-				DEBUG(3,("authorise_login: ACCEPTED: given password with registered user %s\n", user));
+	/* now check the list of session users */
+	if (!ok) {
+		char *auser;
+		char *user_list = strdup(session_users);
+		if (!user_list)
+			return(False);
+		
+		for (auser=strtok(user_list,LIST_SEP); !ok && auser;
+		     auser = strtok(NULL,LIST_SEP)) {
+			fstring user2;
+			fstrcpy(user2,auser);
+			if (!user_ok(user2,snum))
+				continue;
+			
+			if (password_ok(user2,password)) {
 				ok = True;
+				fstrcpy(user,user2);
+				DEBUG(3,("authorise_login: ACCEPTED: session list username (%s) \
+and given password ok\n", user));
 			}
 		}
-
-		/* now check the list of session users */
-		if (!ok) {
-			char *auser;
-			char *user_list = strdup(session_users);
-			if (!user_list)
-				return(False);
-
-			for (auser=strtok(user_list,LIST_SEP); !ok && auser;
-									auser = strtok(NULL,LIST_SEP)) {
+		
+		SAFE_FREE(user_list);
+	}
+	
+	/* check the user= fields and the given password */
+	if (!ok && lp_username(snum)) {
+		char *auser;
+		pstring user_list;
+		StrnCpy(user_list,lp_username(snum),sizeof(pstring));
+		
+		pstring_sub(user_list,"%S",lp_servicename(snum));
+		
+		for (auser=strtok(user_list,LIST_SEP); auser && !ok;
+		     auser = strtok(NULL,LIST_SEP)) {
+			if (*auser == '@') {
+				auser = validate_group(auser+1,password,snum);
+				if (auser) {
+					ok = True;
+					fstrcpy(user,auser);
+					DEBUG(3,("authorise_login: ACCEPTED: group username \
+and given password ok (%s)\n", user));
+				}
+			} else {
 				fstring user2;
 				fstrcpy(user2,auser);
-				if (!user_ok(user2,snum))
-					continue;
-		  
-				if (password_ok(user2,password)) {
+				if (user_ok(user2,snum) && password_ok(user2,password)) {
 					ok = True;
 					fstrcpy(user,user2);
-					DEBUG(3,("authorise_login: ACCEPTED: session list username (%s) \
-and given password ok\n", user));
-				}
-			}
-
-			SAFE_FREE(user_list);
-		}
-
-		/* check for a previously validated username/password pair */
-		if (!ok && (lp_security() > SEC_SHARE) && (vuser != 0) && !vuser->guest &&
-							user_ok(vuser->user.unix_name,snum)) {
-			fstrcpy(user,vuser->user.unix_name);
-			*guest = False;
-			DEBUG(3,("authorise_login: ACCEPTED: validated uid (%s) as non-guest\n",
-				user));
-			ok = True;
-		}
-
-		/* check the user= fields and the given password */
-		if (!ok && lp_username(snum)) {
-			char *auser;
-			pstring user_list;
-			StrnCpy(user_list,lp_username(snum),sizeof(pstring));
-
-			pstring_sub(user_list,"%S",lp_servicename(snum));
-	  
-			for (auser=strtok(user_list,LIST_SEP); auser && !ok;
-											auser = strtok(NULL,LIST_SEP)) {
-				if (*auser == '@') {
-					auser = validate_group(auser+1,password,snum);
-					if (auser) {
-						ok = True;
-						fstrcpy(user,auser);
-						DEBUG(3,("authorise_login: ACCEPTED: group username \
+					DEBUG(3,("authorise_login: ACCEPTED: user list username \
 and given password ok (%s)\n", user));
-					}
-				} else {
-					fstring user2;
-					fstrcpy(user2,auser);
-					if (user_ok(user2,snum) && password_ok(user2,password)) {
-						ok = True;
-						fstrcpy(user,user2);
-						DEBUG(3,("authorise_login: ACCEPTED: user list username \
-and given password ok (%s)\n", user));
-					}
 				}
 			}
 		}
-	} /* not guest only */
+	}
 
 	/* check for a normal guest connection */
 	if (!ok && GUEST_OK(snum)) {
author	Andrew Tridgell <tridge@samba.org>	2002-07-15 10:35:28 +0000
committer	Andrew Tridgell <tridge@samba.org>	2002-07-15 10:35:28 +0000
commit	e90b65284812aaa5ff9e9935ce9bbad7791cbbcd (patch)
tree	9e744d1dc2f93934a4b49166a37383d3cb2b2139 /source3/smbd/password.c
parent	ec167dc9cc0ec2ee461837c25a371d2981744208 (diff)
download	samba-e90b65284812aaa5ff9e9935ce9bbad7791cbbcd.tar.gz samba-e90b65284812aaa5ff9e9935ce9bbad7791cbbcd.tar.bz2 samba-e90b65284812aaa5ff9e9935ce9bbad7791cbbcd.zip