summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/includes.h1
-rw-r--r--source3/include/proto.h7
-rw-r--r--source3/lib/username.c339
-rw-r--r--source3/param/loadparm.c3
-rw-r--r--source3/rpc_server/srv_util.c87
-rw-r--r--source3/smbd/password.c2
6 files changed, 201 insertions, 238 deletions
diff --git a/source3/include/includes.h b/source3/include/includes.h
index 98854bee82..dae97b121b 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -1219,6 +1219,7 @@ extern char *sys_errlist[];
#endif
/* Lists, trees, caching, datbase... */
+#include "ubi_sLinkList.h"
#include "ubi_dLinkList.h"
#ifndef UBI_BINTREE_H
#include "ubi_Cache.h"
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 9381aacf84..6938be6367 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -200,6 +200,10 @@ void generate_random_buffer( unsigned char *out, int len, BOOL re_seed);
char *getsmbpass(char *prompt) ;
+/*The following definitions come from groupname.c */
+
+void load_groupname_map(void);
+
/*The following definitions come from interface.c */
void load_interfaces(void);
@@ -902,6 +906,7 @@ BOOL api_srvsvc_rpc(pipes_struct *p, prs_struct *data);
/*The following definitions come from lib/rpc/server/srv_util.c */
+BOOL lookup_wellknown_sid_from_name(char *windows_name, DOM_SID *psid);
int make_dom_gids(char *gids_str, DOM_GID **ppgids);
BOOL create_rpc_reply(pipes_struct *p,
uint32 data_start, uint32 data_end);
@@ -941,6 +946,7 @@ char *lp_passwordserver(void);
char *lp_name_resolve_order(void);
char *lp_workgroup(void);
char *lp_username_map(void);
+char *lp_groupname_map(void);
char *lp_character_set(void);
char *lp_logon_script(void);
char *lp_logon_path(void);
@@ -1942,7 +1948,6 @@ char *get_home_dir(char *user);
BOOL map_username(char *user);
struct passwd *Get_Pwnam(char *user,BOOL allow_change);
BOOL user_in_list(char *user,char *list);
-void load_groupname_map(void);
/*The following definitions come from util.c */
diff --git a/source3/lib/username.c b/source3/lib/username.c
index 101f2fc4eb..4237a42078 100644
--- a/source3/lib/username.c
+++ b/source3/lib/username.c
@@ -21,7 +21,6 @@
#include "includes.h"
extern int DEBUGLEVEL;
-extern DOM_SID global_machine_sid;
/* internal functions */
static struct passwd *uname_string_combinations(char *s, struct passwd * (*fn) (char *), int N);
@@ -228,7 +227,70 @@ struct passwd *Get_Pwnam(char *user,BOOL allow_change)
}
/****************************************************************************
-check if a user is in a user list
+check if a user is in a netgroup user list
+****************************************************************************/
+static BOOL user_in_netgroup_list(char *user,char *ngname)
+{
+#ifdef NETGROUP
+ static char *mydomain = NULL;
+ if (mydomain == NULL)
+ yp_get_default_domain(&mydomain);
+
+ if(mydomain == NULL)
+ {
+ DEBUG(5,("Unable to get default yp domain\n"));
+ }
+ else
+ {
+ DEBUG(5,("looking for user %s of domain %s in netgroup %s\n",
+ user, mydomain, ngname));
+ DEBUG(5,("innetgr is %s\n",
+ innetgr(ngname, NULL, user, mydomain)
+ ? "TRUE" : "FALSE"));
+
+ if (innetgr(ngname, NULL, user, mydomain))
+ return (True);
+ }
+#endif /* NETGROUP */
+ return False;
+}
+
+/****************************************************************************
+check if a user is in a UNIX user list
+****************************************************************************/
+static BOOL user_in_group_list(char *user,char *gname)
+{
+#if HAVE_GETGRNAM
+ struct group *gptr;
+ char **member;
+ struct passwd *pass = Get_Pwnam(user,False);
+
+ if (pass)
+ {
+ gptr = getgrgid(pass->pw_gid);
+ if (gptr && strequal(gptr->gr_name,gname))
+ return(True);
+ }
+
+ gptr = (struct group *)getgrnam(gname);
+
+ if (gptr)
+ {
+ member = gptr->gr_mem;
+ while (member && *member)
+ {
+ if (strequal(*member,user))
+ return(True);
+ member++;
+ }
+ }
+#endif /* HAVE_GETGRNAM */
+ return False;
+}
+
+/****************************************************************************
+check if a user is in a user list - can check combinations of UNIX
+and netgroup lists.
****************************************************************************/
BOOL user_in_list(char *user,char *list)
{
@@ -236,65 +298,72 @@ BOOL user_in_list(char *user,char *list)
char *p=list;
while (next_token(&p,tok,LIST_SEP))
- {
- if (strequal(user,tok))
- return(True);
-
-#ifdef NETGROUP
- if (*tok == '@')
- {
- static char *mydomain = NULL;
- if (mydomain == 0)
- yp_get_default_domain(&mydomain);
-
- if(mydomain == 0)
- {
- DEBUG(5,("Unable to get default yp domain\n"));
- }
- else
- {
-
- DEBUG(5,("looking for user %s of domain %s in netgroup %s\n",
- user, mydomain, &tok[1]));
- DEBUG(5,("innetgr is %s\n",
- innetgr(&tok[1], (char *) 0, user, mydomain)
- ? "TRUE" : "FALSE"));
-
- if (innetgr(&tok[1], (char *)0, user, mydomain))
- return (True);
- }
- }
-#endif
+ {
+ /*
+ * Check raw username.
+ */
+ if (strequal(user,tok))
+ return(True);
+ /*
+ * Now check to see if any combination
+ * of UNIX and netgroups has been specified.
+ */
-#if HAVE_GETGRNAM
- if (*tok == '@')
- {
- struct group *gptr;
- char **member;
- struct passwd *pass = Get_Pwnam(user,False);
-
- if (pass) {
- gptr = getgrgid(pass->pw_gid);
- if (gptr && strequal(gptr->gr_name,&tok[1]))
- return(True);
- }
-
- gptr = (struct group *)getgrnam(&tok[1]);
-
- if (gptr)
- {
- member = gptr->gr_mem;
- while (member && *member)
- {
- if (strequal(*member,user))
- return(True);
- member++;
- }
- }
- }
-#endif
+ if(*tok == '@')
+ {
+ /*
+ * Old behaviour. Check netgroup list
+ * followed by UNIX list.
+ */
+ if(user_in_netgroup_list(user,&tok[1]))
+ return True;
+ if(user_in_group_list(user,&tok[1]))
+ return True;
+ }
+ else if (*tok == '+')
+ {
+ if(tok[1] == '&')
+ {
+ /*
+ * Search UNIX list followed by netgroup.
+ */
+ if(user_in_group_list(user,&tok[2]))
+ return True;
+ if(user_in_netgroup_list(user,&tok[2]))
+ return True;
+ }
+ else
+ {
+ /*
+ * Just search UNIX list.
+ */
+ if(user_in_group_list(user,&tok[1]))
+ return True;
+ }
+ }
+ else if (*tok == '&')
+ {
+ if(tok[1] == '&')
+ {
+ /*
+ * Search netgroup list followed by UNIX list.
+ */
+ if(user_in_netgroup_list(user,&tok[2]))
+ return True;
+ if(user_in_group_list(user,&tok[2]))
+ return True;
+ }
+ else
+ {
+ /*
+ * Just search netgroup list.
+ */
+ if(user_in_netgroup_list(user,&tok[1]))
+ return True;
+ }
}
+ }
return(False);
}
@@ -352,157 +421,3 @@ static struct passwd * uname_string_combinations(char *s,struct passwd * (*fn)(c
}
return(NULL);
}
-
-#if 0
-/* JRATEST - under construction. */
-/**************************************************************************
- Groupname map functionality. The code loads a groupname map file and
- (currently) loads it into a linked list. This is slow and memory
- hungry, but can be changed into a more efficient storage format
- if the demands on it become excessive.
-***************************************************************************/
-
-typedef struct groupname_map {
- ubi_slNode next;
-
- char *windows_name;
- DOM_SID windows_sid;
- char *unix_name;
- gid_t unix_gid;
-} groupname_map_entry;
-
-static ubi_slList groupname_map_list;
-
-/**************************************************************************
- Delete all the entries in the groupname map list.
-***************************************************************************/
-
-static void delete_groupname_map_list(void)
-{
- groupname_map_entry *gmep;
-
- while((gmep = (groupname_map_entry *)ubi_slRemHead( groupname_map_list )) != NULL) {
- if(gmep->windows_name)
- free(gmep->windows_name);
- if(gmep->unix_name)
- free(gmep->unix_name);
- free((char *)gmep);
- }
-}
-
-/**************************************************************************
- Load a groupname map file. Sets last accessed timestamp.
-***************************************************************************/
-
-void load_groupname_map(void)
-{
- static time_t groupmap_file_last_modified = (time_t)0;
- static BOOL initialized = False;
- char *groupname_map_file = lp_groupname_map();
- struct stat st;
- FILE *fp;
- char *s;
- pstring buf;
-
- if(!initialized) {
- ubi_slInsert( &groupname_map_list );
- initialized = True;
- }
-
- if (!*groupname_map_file)
- return;
-
- if(stat(groupname_map_file, &st) != 0) {
- DEBUG(0, ("load_groupname_map: Unable to stat file %s. Error was %s\n",
- groupname_map_file, strerror(errno) ));
- return;
- }
-
- /*
- * Check if file has changed.
- */
- if( st.st_mtime <= groupmap_file_last_modified)
- return;
-
- groupmap_file_last_modified = st.st_mtime;
-
- /*
- * Load the file.
- */
-
- fp = fopen(groupname_map_file,"r");
- if (!fp) {
- DEBUG(0,("load_groupname_map: can't open groupname map %s. Error was %s\n",
- mapfile, strerror(errno)));
- return;
- }
-
- /*
- * Throw away any previous list.
- */
- delete_groupname_map_list();
-
- DEBUG(4,("load_groupname_map: Scanning groupname map %s\n",groupname_map_file));
-
- while((s=fgets_slash(buf,sizeof(buf),fp))!=NULL) {
- pstring unixname;
- pstring windows_name;
- struct group *gptr;
- DOM_SID tmp_sid;
-
- DEBUG(10,("load_groupname_map: Read line |%s|\n", s);
-
- if (!*s || strchr("#;",*s))
- continue;
-
- if(!next_token(&s,unixname, "\t\n\r="))
- continue;
-
- if(!next_token(&s,windows_name, "\t\n\r="))
- continue;
-
- trim_string(unixname, " ", " ");
- trim_string(windows_name, " ", " ");
-
- if (!*dosname)
- continue;
-
- if(!*unixname)
- continue;
-
- /*
- * Attempt to get the unix gid_t for this name.
- */
-
- DEBUG(5,("load_groupname_map: Attempting to find unix group %s.\n",
- unixname ));
-
- if((gptr = (struct group *)getgrnam(unixname)) == NULL) {
- DEBUG(0,("load_groupname_map: getgrnam for group %s failed.\
-Error was %s.\n", unixname, strerror(errno) ));
- continue;
- }
-
- /*
- * Now map to an NT SID.
- */
-
- if(!lookup_wellknown_sid_from_name(windows_name, &tmp_sid)) {
- /*
- * It's not a well known name, convert the UNIX gid_t
- * to a rid within this domain SID.
- */
- tmp_sid = global_machine_sid;
- tmp_sid.sub_auths[tmp_sid.num_auths++] =
- pdb_gid_to_group_rid((gid_t)gptr->gr_gid);
- }
-
- /*
- * Create the list entry and add it onto the list.
- */
-
- }
-
- fclose(fp);
-}
-#endif /* JRATEST */
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index e6065ae64b..cf41a75500 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -126,6 +126,7 @@ typedef struct
char *szDomainHostsallow;
char *szDomainHostsdeny;
char *szUsernameMap;
+ char *szGroupnameMap;
char *szCharacterSet;
char *szLogonScript;
char *szLogonPath;
@@ -591,6 +592,7 @@ static struct parm_struct parm_table[] =
{"domain guest group",P_STRING, P_GLOBAL, &Globals.szDomainGuestGroup, NULL, NULL, 0},
{"domain admin users",P_STRING, P_GLOBAL, &Globals.szDomainAdminUsers, NULL, NULL, 0},
{"domain guest users",P_STRING, P_GLOBAL, &Globals.szDomainGuestUsers, NULL, NULL, 0},
+ {"groupname map", P_STRING, P_GLOBAL, &Globals.szGroupnameMap, NULL, NULL, 0},
{"machine password timeout", P_INTEGER, P_GLOBAL, &Globals.machine_password_timeout, NULL, NULL, 0},
{"Logon Options", P_SEP, P_SEPARATOR},
@@ -967,6 +969,7 @@ FN_GLOBAL_STRING(lp_passwordserver,&Globals.szPasswordServer)
FN_GLOBAL_STRING(lp_name_resolve_order,&Globals.szNameResolveOrder)
FN_GLOBAL_STRING(lp_workgroup,&Globals.szWorkGroup)
FN_GLOBAL_STRING(lp_username_map,&Globals.szUsernameMap)
+FN_GLOBAL_STRING(lp_groupname_map,&Globals.szGroupnameMap)
FN_GLOBAL_STRING(lp_character_set,&Globals.szCharacterSet)
FN_GLOBAL_STRING(lp_logon_script,&Globals.szLogonScript)
FN_GLOBAL_STRING(lp_logon_path,&Globals.szLogonPath)
diff --git a/source3/rpc_server/srv_util.c b/source3/rpc_server/srv_util.c
index e05a964c9f..c316661146 100644
--- a/source3/rpc_server/srv_util.c
+++ b/source3/rpc_server/srv_util.c
@@ -42,44 +42,83 @@
#include "nterr.h"
extern int DEBUGLEVEL;
+extern DOM_SID global_machine_sid;
/*
* A list of the rids of well known BUILTIN and Domain users
* and groups.
*/
-rid_name builtin_alias_rids[] =
-{
- { BUILTIN_ALIAS_RID_ADMINS , "Administrators" },
- { BUILTIN_ALIAS_RID_USERS , "Users" },
- { BUILTIN_ALIAS_RID_GUESTS , "Guests" },
- { BUILTIN_ALIAS_RID_POWER_USERS , "Power Users" },
-
- { BUILTIN_ALIAS_RID_ACCOUNT_OPS , "Account Operators" },
- { BUILTIN_ALIAS_RID_SYSTEM_OPS , "System Operators" },
- { BUILTIN_ALIAS_RID_PRINT_OPS , "Print Operators" },
- { BUILTIN_ALIAS_RID_BACKUP_OPS , "Backup Operators" },
- { BUILTIN_ALIAS_RID_REPLICATOR , "Replicator" },
- { 0 , NULL }
+rid_name builtin_alias_rids[] =
+{
+ { BUILTIN_ALIAS_RID_ADMINS , "Administrators" },
+ { BUILTIN_ALIAS_RID_USERS , "Users" },
+ { BUILTIN_ALIAS_RID_GUESTS , "Guests" },
+ { BUILTIN_ALIAS_RID_POWER_USERS , "Power Users" },
+
+ { BUILTIN_ALIAS_RID_ACCOUNT_OPS , "Account Operators" },
+ { BUILTIN_ALIAS_RID_SYSTEM_OPS , "System Operators" },
+ { BUILTIN_ALIAS_RID_PRINT_OPS , "Print Operators" },
+ { BUILTIN_ALIAS_RID_BACKUP_OPS , "Backup Operators" },
+ { BUILTIN_ALIAS_RID_REPLICATOR , "Replicator" },
+ { 0 , NULL }
};
/* array lookup of well-known Domain RID users. */
-rid_name domain_user_rids[] =
-{
- { DOMAIN_USER_RID_ADMIN , "Administrator" },
- { DOMAIN_USER_RID_GUEST , "Guest" },
- { 0 , NULL }
+rid_name domain_user_rids[] =
+{
+ { DOMAIN_USER_RID_ADMIN , "Administrator" },
+ { DOMAIN_USER_RID_GUEST , "Guest" },
+ { 0 , NULL }
};
/* array lookup of well-known Domain RID groups. */
-rid_name domain_group_rids[] =
-{
- { DOMAIN_GROUP_RID_ADMINS , "Domain Admins" },
- { DOMAIN_GROUP_RID_USERS , "Domain Users" },
- { DOMAIN_GROUP_RID_GUESTS , "Domain Guests" },
- { 0 , NULL }
+rid_name domain_group_rids[] =
+{
+ { DOMAIN_GROUP_RID_ADMINS , "Domain Admins" },
+ { DOMAIN_GROUP_RID_USERS , "Domain Users" },
+ { DOMAIN_GROUP_RID_GUESTS , "Domain Guests" },
+ { 0 , NULL }
};
+/**************************************************************************
+ Check if a name matches any of the well known SID values.
+***************************************************************************/
+
+BOOL lookup_wellknown_sid_from_name(char *windows_name, DOM_SID *psid)
+{
+ rid_name *rnp;
+ int i;
+
+ for( i = 0; builtin_alias_rids[i].name != NULL; i++) {
+ rnp = &builtin_alias_rids[i];
+ if(strequal(rnp->name, windows_name)) {
+ string_to_sid( psid, "S-1-5-32" );
+ psid->sub_auths[psid->num_auths++] = rnp->rid;
+ return True;
+ }
+ }
+
+ for( i = 0; domain_user_rids[i].name != NULL; i++ ) {
+ rnp = &domain_user_rids[i];
+ if(strequal(rnp->name, windows_name)) {
+ *psid = global_machine_sid;
+ psid->sub_auths[psid->num_auths++] = rnp->rid;
+ return True;
+ }
+ }
+
+ for( i = 0; domain_group_rids[i].name != NULL; i++ ) {
+ rnp = &domain_group_rids[i];
+ if(strequal(rnp->name, windows_name)) {
+ *psid = global_machine_sid;
+ psid->sub_auths[psid->num_auths++] = rnp->rid;
+ return True;
+ }
+ }
+
+ return False;
+}
int make_dom_gids(char *gids_str, DOM_GID **ppgids)
{
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 48fd7cbe24..277e3a592e 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -961,7 +961,7 @@ Hence we make a direct return to avoid a second chance!!!
#endif
#ifdef HPUX_10_TRUSTED
- return(bigcrypt(password,this_salt,this_crypted));
+ return(strcmp(bigcrypt(password,this_salt),this_crypted) == 0);
#endif
#ifdef NO_CRYPT