diff options
-rw-r--r-- | source4/smb_server/password.c | 169 |
1 files changed, 0 insertions, 169 deletions
diff --git a/source4/smb_server/password.c b/source4/smb_server/password.c index 61987518b8..bb78230ff3 100644 --- a/source4/smb_server/password.c +++ b/source4/smb_server/password.c @@ -239,172 +239,3 @@ BOOL user_ok(const char *user,int snum, gid_t *groups, size_t n_groups) return(ret); } - -/**************************************************************************** -validate a group username entry. Return the username or NULL -****************************************************************************/ -static const char *validate_group(struct server_context *smb, const char *group, DATA_BLOB password,int snum) -{ -#ifdef HAVE_GETGRENT - { - struct group *gptr; - setgrent(); - while ((gptr = (struct group *)getgrent())) { - if (strequal(gptr->gr_name,group)) - break; - } - - /* - * As user_ok can recurse doing a getgrent(), we must - * copy the member list into a pstring on the stack before - * use. Bug pointed out by leon@eatworms.swmed.edu. - */ - - if (gptr) { - pstring member_list; - char *member; - size_t copied_len = 0; - int i; - - *member_list = '\0'; - member = member_list; - - for(i = 0; gptr->gr_mem && gptr->gr_mem[i]; i++) { - size_t member_len = strlen(gptr->gr_mem[i]) + 1; - if( copied_len + member_len < sizeof(pstring)) { - - DEBUG(10,("validate_group: = gr_mem = %s\n", gptr->gr_mem[i])); - - safe_strcpy(member, gptr->gr_mem[i], sizeof(pstring) - copied_len - 1); - copied_len += member_len; - member += copied_len; - } else { - *member = '\0'; - } - } - - endgrent(); - - member = member_list; - while (*member) { - const char *name = member; - if (user_ok(name,snum, NULL, 0) && - password_ok(smb,name,password)) { - endgrent(); - return(&name[0]); - } - - DEBUG(10,("validate_group = member = %s\n", member)); - - member += strlen(member) + 1; - } - } else { - endgrent(); - return NULL; - } - } -#endif - return(NULL); -} - -/**************************************************************************** - Check for authority to login to a service with a given username/password. - Note this is *NOT* used when logging on using sessionsetup_and_X. -****************************************************************************/ - -BOOL authorise_login(struct server_context *smb, - int snum, const char *user, DATA_BLOB password, - BOOL *guest) -{ - BOOL ok = False; - -#if DEBUG_PASSWORD - DEBUG(100,("authorise_login: checking authorisation on user=%s pass=%s\n", - user,password.data)); -#endif - - *guest = False; - - /* there are several possibilities: - 1) login as the given user with given password - 2) login as a previously registered username with the given password - 3) login as a session list username with the given password - 4) login as a previously validated user/password pair - 5) login as the "user =" user with given password - 6) login as the "user =" user with no password (guest connection) - 7) login as guest user with no password - - if the service is guest_only then steps 1 to 5 are skipped - */ - - /* now check the list of session users */ - if (!ok) { - char *auser; - char *user_list = strdup(smb->users.session_users); - if (!user_list) - return(False); - - for (auser=strtok(user_list,LIST_SEP); !ok && auser; - auser = strtok(NULL,LIST_SEP)) { - const char *user2 = auser; - - if (!user_ok(user2,snum, NULL, 0)) - continue; - - if (password_ok(smb, user2,password)) { - ok = True; - DEBUG(3,("authorise_login: ACCEPTED: session list username (%s) \ -and given password ok\n", user2)); - } - } - - SAFE_FREE(user_list); - } - - /* check the user= fields and the given password */ - if (!ok && lp_username(snum)) { - const char *auser; - pstring user_list; - StrnCpy(user_list,lp_username(snum),sizeof(pstring)); - - pstring_sub(user_list,"%S",lp_servicename(snum)); - - for (auser=strtok(user_list,LIST_SEP); auser && !ok; - auser = strtok(NULL,LIST_SEP)) { - if (*auser == '@') { - auser = validate_group(smb, auser+1,password,snum); - if (auser) { - ok = True; - DEBUG(3,("authorise_login: ACCEPTED: group username \ -and given password ok (%s)\n", auser)); - } - } else { - const char *user2 = auser; - if (user_ok(user2,snum, NULL, 0) && password_ok(smb, user2,password)) { - ok = True; - DEBUG(3,("authorise_login: ACCEPTED: user list username \ -and given password ok (%s)\n", user2)); - } - } - } - } - - /* check for a normal guest connection */ - if (!ok && GUEST_OK(snum)) { - const char *guestname = lp_guestaccount(); - if (Get_Pwnam(guestname)) { - ok = True; - DEBUG(3,("authorise_login: ACCEPTED: guest account and guest ok (%s)\n", guestname)); - } else { - DEBUG(0,("authorise_login: Invalid guest account %s??\n",guestname)); - } - *guest = True; - } - - if (ok && !user_ok(user, snum, NULL, 0)) { - DEBUG(0,("authorise_login: rejected invalid user %s\n",user)); - ok = False; - } - - return(ok); -} |