1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
samba-mirror/source3/lib/username.c

233 lines
6.6 KiB
C
Raw Normal View History

/*
Unix SMB/CIFS implementation.
Username handling
Copyright (C) Andrew Tridgell 1992-1998
Copyright (C) Jeremy Allison 1997-2001.
Copyright (C) Andrew Bartlett 2002
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
2011-02-14 23:39:10 +03:00
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
2011-02-14 23:39:10 +03:00
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
#include "system/passwd.h"
#include "memcache.h"
#include "../lib/util/util_pw.h"
/* internal functions */
static struct passwd *uname_string_combinations(char *s, TALLOC_CTX *mem_ctx,
struct passwd * (*fn) (TALLOC_CTX *mem_ctx, const char *),
int N);
static struct passwd *uname_string_combinations2(char *s, TALLOC_CTX *mem_ctx, int offset,
struct passwd * (*fn) (TALLOC_CTX *mem_ctx, const char *),
int N);
static struct passwd *getpwnam_alloc_cached(TALLOC_CTX *mem_ctx, const char *name)
{
struct passwd *pw, *for_cache;
pw = (struct passwd *)memcache_lookup_talloc(
NULL, GETPWNAM_CACHE, data_blob_string_const_null(name));
if (pw != NULL) {
return tcopy_passwd(mem_ctx, pw);
}
pw = sys_getpwnam(name);
if (pw == NULL) {
return NULL;
}
for_cache = tcopy_passwd(talloc_tos(), pw);
if (for_cache == NULL) {
return NULL;
}
memcache_add_talloc(NULL, GETPWNAM_CACHE,
data_blob_string_const_null(name), &for_cache);
return tcopy_passwd(mem_ctx, pw);
}
/****************************************************************************
Flush all cached passwd structs.
****************************************************************************/
void flush_pwnam_cache(void)
{
memcache_flush(NULL, GETPWNAM_CACHE);
}
/****************************************************************************
Get a users home directory.
****************************************************************************/
char *get_user_home_dir(TALLOC_CTX *mem_ctx, const char *user)
{
struct passwd *pass;
char *result;
/* Ensure the user exists. */
pass = Get_Pwnam_alloc(mem_ctx, user);
if (!pass)
return(NULL);
/* Return home directory from struct passwd. */
result = talloc_move(mem_ctx, &pass->pw_dir);
TALLOC_FREE(pass);
return result;
}
/****************************************************************************
A nice *big* change to the fundemental way we do things. Samba (ab)uses the returns from getpwnam() a lot - in particular it keeps them around for a long time - often past the next call... This adds a getpwnam_alloc and a getpwuid_alloc to the collection. These function as expected, returning a malloced structure that can be free()ed with passwd_free(&passwd). This patch also cuts down on the number of calls to getpwnam - mostly by taking advantage of the fact that the passdb interface is already case-insensiteve. With this patch most of the recursive cases have been removed (that I know of) and the problems are reduced further by not using the sys_ interface in the new code. This means that pointers to the cache won't be affected. (This is a tempoary HACK, I intend to kill the password cache entirly). The only change I'm a little worried about is the change to rpc_server/srv_samr_nt.c for private groups. In this case we are getting groups from the new group mapping DB. Do we still need to check for private groups? I've toned down the check to a case sensitve match with the new code, but we might be able to kill it entirly. I've also added a make_modifyable_passwd() function, that copies a passwd struct into the form that the old sys_getpw* code provided. As far as I can tell this is only actually used in the pass_check.c crazies, where I moved the final 'special case' for shadow passwords (out of _Get_Pwnam()). The matching case for getpwent() is dealt with already, in lib/util_getent.c Also included in here is a small change to register the [homes] share at vuid creation rather than just in one varient of the session setup. (This picks up the SPNEGO cases). The home directory is now stored on the vuid, and I am hoping this might provide a saner way to do %H substitions. TODO: Kill off remaining Get_Pwnam_Modify calls (they are not needed), change the remaining sys_getpwnam() callers to use getpwnam_alloc() and move Get_Pwnam to return an allocated struct. Andrew Bartlett (This used to be commit 1d86c7f94230bc53daebd4d2cd829da6292e05da)
2002-01-17 11:45:58 +03:00
* A wrapper for sys_getpwnam(). The following variations are tried:
* - as transmitted
* - in all lower case if this differs from transmitted
* - in all upper case if this differs from transmitted
* - using lp_usernamelevel() for permutations.
****************************************************************************/
static struct passwd *Get_Pwnam_internals(TALLOC_CTX *mem_ctx,
const char *user, char *user2)
{
struct passwd *ret = NULL;
if (!user2 || !(*user2))
return(NULL);
if (!user || !(*user))
return(NULL);
/* Try in all lower case first as this is the most
common case on UNIX systems */
strlower_m(user2);
DEBUG(5,("Trying _Get_Pwnam(), username as lowercase is %s\n",user2));
ret = getpwnam_alloc_cached(mem_ctx, user2);
if(ret)
goto done;
/* Try as given, if username wasn't originally lowercase */
if(strcmp(user, user2) != 0) {
DEBUG(5,("Trying _Get_Pwnam(), username as given is %s\n",
user));
ret = getpwnam_alloc_cached(mem_ctx, user);
if(ret)
goto done;
A nice *big* change to the fundemental way we do things. Samba (ab)uses the returns from getpwnam() a lot - in particular it keeps them around for a long time - often past the next call... This adds a getpwnam_alloc and a getpwuid_alloc to the collection. These function as expected, returning a malloced structure that can be free()ed with passwd_free(&passwd). This patch also cuts down on the number of calls to getpwnam - mostly by taking advantage of the fact that the passdb interface is already case-insensiteve. With this patch most of the recursive cases have been removed (that I know of) and the problems are reduced further by not using the sys_ interface in the new code. This means that pointers to the cache won't be affected. (This is a tempoary HACK, I intend to kill the password cache entirly). The only change I'm a little worried about is the change to rpc_server/srv_samr_nt.c for private groups. In this case we are getting groups from the new group mapping DB. Do we still need to check for private groups? I've toned down the check to a case sensitve match with the new code, but we might be able to kill it entirly. I've also added a make_modifyable_passwd() function, that copies a passwd struct into the form that the old sys_getpw* code provided. As far as I can tell this is only actually used in the pass_check.c crazies, where I moved the final 'special case' for shadow passwords (out of _Get_Pwnam()). The matching case for getpwent() is dealt with already, in lib/util_getent.c Also included in here is a small change to register the [homes] share at vuid creation rather than just in one varient of the session setup. (This picks up the SPNEGO cases). The home directory is now stored on the vuid, and I am hoping this might provide a saner way to do %H substitions. TODO: Kill off remaining Get_Pwnam_Modify calls (they are not needed), change the remaining sys_getpwnam() callers to use getpwnam_alloc() and move Get_Pwnam to return an allocated struct. Andrew Bartlett (This used to be commit 1d86c7f94230bc53daebd4d2cd829da6292e05da)
2002-01-17 11:45:58 +03:00
}
/* Try as uppercase, if username wasn't originally uppercase */
strupper_m(user2);
if(strcmp(user, user2) != 0) {
DEBUG(5,("Trying _Get_Pwnam(), username as uppercase is %s\n",
user2));
ret = getpwnam_alloc_cached(mem_ctx, user2);
if(ret)
goto done;
}
/* Try all combinations up to usernamelevel */
strlower_m(user2);
DEBUG(5,("Checking combinations of %d uppercase letters in %s\n",
lp_usernamelevel(), user2));
ret = uname_string_combinations(user2, mem_ctx, getpwnam_alloc_cached,
lp_usernamelevel());
done:
DEBUG(5,("Get_Pwnam_internals %s find user [%s]!\n",ret ?
"did":"didn't", user));
return ret;
}
/****************************************************************************
Get_Pwnam wrapper without modification.
NOTE: This with NOT modify 'user'!
This will return an allocated structure
****************************************************************************/
struct passwd *Get_Pwnam_alloc(TALLOC_CTX *mem_ctx, const char *user)
{
fstring user2;
if ( *user == '\0' ) {
DEBUG(10,("Get_Pwnam: empty username!\n"));
return NULL;
}
fstrcpy(user2, user);
DEBUG(5,("Finding user %s\n", user));
2011-02-14 23:41:00 +03:00
return Get_Pwnam_internals(mem_ctx, user, user2);
}
/* The functions below have been taken from password.c and slightly modified */
/****************************************************************************
Apply a function to upper/lower case combinations
of a string and return true if one of them returns true.
Try all combinations with N uppercase letters.
offset is the first char to try and change (start with 0)
it assumes the string starts lowercased
****************************************************************************/
static struct passwd *uname_string_combinations2(char *s, TALLOC_CTX *mem_ctx,
int offset,
struct passwd *(*fn)(TALLOC_CTX *mem_ctx, const char *),
int N)
{
ssize_t len = (ssize_t)strlen(s);
int i;
struct passwd *ret;
if (N <= 0 || offset >= len)
return(fn(mem_ctx, s));
for (i=offset;i<(len-(N-1));i++) {
char c = s[i];
if (!islower_ascii((int)c))
continue;
s[i] = toupper_ascii(c);
ret = uname_string_combinations2(s, mem_ctx, i+1, fn, N-1);
if(ret)
return(ret);
s[i] = c;
}
return(NULL);
}
/****************************************************************************
Apply a function to upper/lower case combinations
of a string and return true if one of them returns true.
Try all combinations with up to N uppercase letters.
offset is the first char to try and change (start with 0)
it assumes the string starts lowercased
****************************************************************************/
static struct passwd * uname_string_combinations(char *s, TALLOC_CTX *mem_ctx,
struct passwd * (*fn)(TALLOC_CTX *mem_ctx, const char *),
int N)
{
int n;
struct passwd *ret;
for (n=1;n<=N;n++) {
ret = uname_string_combinations2(s,mem_ctx,0,fn,n);
if(ret)
return(ret);
}
return(NULL);
}