2010-06-02 19:39:18 +02:00
/*
2006-02-13 17:08:25 +00:00
Unix SMB / CIFS implementation .
Username handling
Copyright ( C ) Andrew Tridgell 1992 - 1998
Copyright ( C ) Jeremy Allison 1997 - 2001.
Copyright ( C ) Volker Lendecke 2006
2010-06-02 19:39:18 +02:00
2006-02-13 17:08:25 +00:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-09 19:25:36 +00:00
the Free Software Foundation ; either version 3 of the License , or
2006-02-13 17:08:25 +00:00
( at your option ) any later version .
2010-06-02 19:39:18 +02:00
2006-02-13 17:08:25 +00:00
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
2010-06-02 19:39:18 +02:00
2006-02-13 17:08:25 +00:00
You should have received a copy of the GNU General Public License
2007-07-10 00:52:41 +00:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2006-02-13 17:08:25 +00:00
*/
# include "includes.h"
2011-02-25 23:20:06 +01:00
# include "system/filesys.h"
2011-03-25 02:28:05 +01:00
# include "auth.h"
2018-10-18 21:53:36 +02:00
# include "lib/gencache.h"
2006-02-13 17:08:25 +00:00
/*******************************************************************
Map a username from a dos name to a unix name by looking in the username
map . Note that this modifies the name in place .
This is the main function that should be called * once * on
any incoming or new username - in order to canonicalize the name .
This is being done to de - couple the case conversions from the user mapping
function . Previously , the map_username was being called
2007-12-19 15:02:59 +01:00
every time Get_Pwnam_alloc was called .
2006-02-13 17:08:25 +00:00
Returns True if username was changed , false otherwise .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2010-05-31 18:33:38 +02:00
static char * last_from = NULL ;
static char * last_to = NULL ;
2007-12-17 17:27:29 -08:00
static const char * get_last_from ( void )
{
if ( ! last_from ) {
return " " ;
}
return last_from ;
}
static const char * get_last_to ( void )
{
if ( ! last_to ) {
return " " ;
}
return last_to ;
}
static bool set_last_from_to ( const char * from , const char * to )
{
char * orig_from = last_from ;
char * orig_to = last_to ;
last_from = SMB_STRDUP ( from ) ;
last_to = SMB_STRDUP ( to ) ;
SAFE_FREE ( orig_from ) ;
SAFE_FREE ( orig_to ) ;
if ( ! last_from | | ! last_to ) {
SAFE_FREE ( last_from ) ;
SAFE_FREE ( last_to ) ;
return false ;
}
return true ;
}
2010-04-09 14:30:54 +02:00
static char * skip_space ( char * s )
{
while ( isspace ( ( int ) ( * s ) ) ) {
s + = 1 ;
}
return s ;
}
2010-11-09 12:07:25 -08:00
static bool fetch_map_from_gencache ( TALLOC_CTX * ctx ,
const char * user_in ,
char * * p_user_out )
2010-04-09 17:19:13 +02:00
{
char * key , * value ;
bool found ;
if ( lp_username_map_cache_time ( ) = = 0 ) {
return false ;
}
2010-11-09 12:07:25 -08:00
key = talloc_asprintf_strupper_m ( ctx , " USERNAME_MAP/%s " ,
user_in ) ;
2010-04-09 17:19:13 +02:00
if ( key = = NULL ) {
return false ;
}
2013-09-04 08:57:59 +02:00
found = gencache_get ( key , ctx , & value , NULL ) ;
2010-04-09 17:19:13 +02:00
TALLOC_FREE ( key ) ;
if ( ! found ) {
return false ;
}
2010-11-09 12:07:25 -08:00
TALLOC_FREE ( * p_user_out ) ;
2013-09-04 08:57:59 +02:00
* p_user_out = value ;
2010-11-09 12:07:25 -08:00
if ( ! * p_user_out ) {
return false ;
}
2010-04-09 17:19:13 +02:00
return true ;
}
2010-11-09 12:07:25 -08:00
static void store_map_in_gencache ( TALLOC_CTX * ctx , const char * from , const char * to )
2010-04-09 17:19:13 +02:00
{
char * key ;
int cache_time = lp_username_map_cache_time ( ) ;
if ( cache_time = = 0 ) {
return ;
}
2010-11-09 12:07:25 -08:00
key = talloc_asprintf_strupper_m ( ctx , " USERNAME_MAP/%s " ,
2010-04-09 17:19:13 +02:00
from ) ;
if ( key = = NULL ) {
return ;
}
gencache_set ( key , to , cache_time + time ( NULL ) ) ;
TALLOC_FREE ( key ) ;
}
2010-06-02 19:39:18 +02:00
/****************************************************************************
2022-06-03 15:07:18 +02:00
Check if a user is in a netgroup user list . If at first we don ' t succeed ,
try lower case .
2021-04-20 17:59:34 +02:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2010-06-02 19:39:18 +02:00
2022-06-03 15:07:18 +02:00
bool user_in_netgroup ( TALLOC_CTX * ctx , const char * user , const char * ngname )
2021-04-20 17:59:34 +02:00
{
2022-07-14 18:51:09 +05:30
# if defined(HAVE_NETGROUP) && defined(HAVE_INNETGR)
2022-06-03 15:07:18 +02:00
char nis_domain_buf [ 256 ] ;
const char * nis_domain = NULL ;
char * lowercase_user = NULL ;
if ( getdomainname ( nis_domain_buf , sizeof ( nis_domain_buf ) ) = = 0 ) {
nis_domain = & nis_domain_buf [ 0 ] ;
} else {
DEBUG ( 5 , ( " Unable to get default yp domain, "
" let's try without specifying it \n " ) ) ;
nis_domain = NULL ;
}
DEBUG ( 5 , ( " looking for user %s of domain %s in netgroup %s \n " ,
user , nis_domain ? nis_domain : " (ANY) " , ngname ) ) ;
if ( innetgr ( ngname , NULL , user , nis_domain ) ) {
DEBUG ( 5 , ( " user_in_netgroup: Found \n " ) ) ;
return true ;
}
2010-06-02 19:39:18 +02:00
2022-06-03 15:07:18 +02:00
/*
* Ok , innetgr is case sensitive . Try once more with lowercase
* just in case . Attempt to fix # 703. JRA .
*/
lowercase_user = talloc_strdup ( ctx , user ) ;
if ( ! lowercase_user ) {
return false ;
}
if ( ! strlower_m ( lowercase_user ) ) {
2022-06-07 11:06:04 +02:00
TALLOC_FREE ( lowercase_user ) ;
2010-06-02 19:39:18 +02:00
return false ;
}
2022-06-03 15:07:18 +02:00
if ( strcmp ( user , lowercase_user ) = = 0 ) {
/* user name was already lower case! */
2022-06-07 11:06:04 +02:00
TALLOC_FREE ( lowercase_user ) ;
2022-06-03 15:07:18 +02:00
return false ;
}
2022-06-03 14:01:36 +02:00
2022-06-03 15:07:18 +02:00
DEBUG ( 5 , ( " looking for user %s of domain %s in netgroup %s \n " ,
lowercase_user , nis_domain ? nis_domain : " (ANY) " , ngname ) ) ;
2010-06-02 19:39:18 +02:00
2022-06-03 15:07:18 +02:00
if ( innetgr ( ngname , NULL , lowercase_user , nis_domain ) ) {
DEBUG ( 5 , ( " user_in_netgroup: Found \n " ) ) ;
2022-06-07 11:06:04 +02:00
TALLOC_FREE ( lowercase_user ) ;
2022-06-03 15:07:18 +02:00
return true ;
}
2022-07-14 18:51:09 +05:30
# endif /* HAVE_NETGROUP and HAVE_INNETGR */
2022-06-03 15:07:18 +02:00
return false ;
}
2010-06-02 19:39:18 +02:00
2022-06-03 15:07:18 +02:00
/****************************************************************************
Check if a user is in a user list - can check combinations of UNIX
and netgroup lists .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
bool user_in_list ( TALLOC_CTX * ctx , const char * user , const char * const * list )
{
if ( ! list | | ! * list )
return False ;
2010-06-02 19:39:18 +02:00
2022-06-03 15:07:18 +02:00
DEBUG ( 10 , ( " user_in_list: checking user %s in list \n " , user ) ) ;
while ( * list ) {
DEBUG ( 10 , ( " user_in_list: checking user |%s| against |%s| \n " ,
user , * list ) ) ;
/*
* Check raw username .
*/
if ( strequal ( user , * list ) )
return ( True ) ;
/*
* Now check to see if any combination
* of UNIX and netgroups has been specified .
*/
if ( * * list = = ' @ ' ) {
/*
* Old behaviour . Check netgroup list
* followed by UNIX list .
*/
if ( user_in_netgroup ( ctx , user , * list + 1 ) )
return True ;
if ( user_in_group ( user , * list + 1 ) )
return True ;
} else if ( * * list = = ' + ' ) {
if ( ( * ( * list + 1 ) ) = = ' & ' ) {
/*
* Search UNIX list followed by netgroup .
*/
if ( user_in_group ( user , * list + 2 ) )
return True ;
if ( user_in_netgroup ( ctx , user , * list + 2 ) )
return True ;
} else {
/*
* Just search UNIX list .
*/
if ( user_in_group ( user , * list + 1 ) )
return True ;
}
} else if ( * * list = = ' & ' ) {
if ( * ( * list + 1 ) = = ' + ' ) {
/*
* Search netgroup list followed by UNIX list .
*/
if ( user_in_netgroup ( ctx , user , * list + 2 ) )
return True ;
if ( user_in_group ( user , * list + 2 ) )
return True ;
} else {
/*
* Just search netgroup list .
*/
if ( user_in_netgroup ( ctx , user , * list + 1 ) )
return True ;
}
2010-06-02 19:39:18 +02:00
}
list + + ;
}
2022-06-03 15:07:18 +02:00
return ( False ) ;
2010-06-02 19:39:18 +02:00
}
2010-11-09 12:07:25 -08:00
bool map_username ( TALLOC_CTX * ctx , const char * user_in , char * * p_user_out )
2006-02-13 17:08:25 +00:00
{
2019-11-05 12:11:54 +01:00
const struct loadparm_substitution * lp_sub =
loadparm_s3_global_substitution ( ) ;
2016-11-22 01:38:16 +01:00
FILE * f ;
2019-11-05 12:11:54 +01:00
char * mapfile = lp_username_map ( talloc_tos ( ) , lp_sub ) ;
2006-02-13 17:08:25 +00:00
char * s ;
2007-11-12 18:12:26 -08:00
char buf [ 512 ] ;
2007-10-18 17:40:25 -07:00
bool mapped_user = False ;
2019-11-05 12:12:51 +01:00
char * cmd = lp_username_map_script ( talloc_tos ( ) , lp_sub ) ;
2007-11-12 18:12:26 -08:00
2010-11-09 12:07:25 -08:00
* p_user_out = NULL ;
if ( ! user_in )
return false ;
/* Initially make a copy of the incoming name. */
* p_user_out = talloc_strdup ( ctx , user_in ) ;
if ( ! * p_user_out ) {
2007-11-12 18:12:26 -08:00
return false ;
2010-11-09 12:07:25 -08:00
}
2007-11-12 18:12:26 -08:00
2010-11-09 12:07:25 -08:00
if ( strequal ( user_in , get_last_to ( ) ) )
2007-11-12 18:12:26 -08:00
return false ;
2006-02-13 17:08:25 +00:00
2010-11-09 12:07:25 -08:00
if ( strequal ( user_in , get_last_from ( ) ) ) {
DEBUG ( 3 , ( " Mapped user %s to %s \n " , user_in , get_last_to ( ) ) ) ;
TALLOC_FREE ( * p_user_out ) ;
* p_user_out = talloc_strdup ( ctx , get_last_to ( ) ) ;
2007-11-12 18:12:26 -08:00
return true ;
2006-02-13 17:08:25 +00:00
}
2007-11-12 18:12:26 -08:00
2010-11-09 12:07:25 -08:00
if ( fetch_map_from_gencache ( ctx , user_in , p_user_out ) ) {
2010-04-09 17:19:13 +02:00
return true ;
}
2006-02-13 17:08:25 +00:00
/* first try the username map script */
2007-11-12 18:12:26 -08:00
2006-02-13 17:08:25 +00:00
if ( * cmd ) {
char * * qlines ;
2007-11-12 18:12:26 -08:00
char * command = NULL ;
2006-02-13 17:08:25 +00:00
int numlines , ret , fd ;
2010-11-09 12:07:25 -08:00
command = talloc_asprintf ( ctx ,
2007-11-12 18:12:26 -08:00
" %s \" %s \" " ,
cmd ,
2010-11-09 12:07:25 -08:00
user_in ) ;
2007-11-12 18:12:26 -08:00
if ( ! command ) {
return false ;
}
2006-02-13 17:08:25 +00:00
DEBUG ( 10 , ( " Running [%s] \n " , command ) ) ;
2016-10-12 09:55:15 -06:00
ret = smbrun ( command , & fd , NULL ) ;
2006-02-13 17:08:25 +00:00
DEBUGADD ( 10 , ( " returned [%d] \n " , ret ) ) ;
2010-04-09 14:05:09 +02:00
TALLOC_FREE ( command ) ;
2006-02-13 17:08:25 +00:00
if ( ret ! = 0 ) {
if ( fd ! = - 1 )
close ( fd ) ;
return False ;
}
numlines = 0 ;
2010-11-09 12:07:25 -08:00
qlines = fd_lines_load ( fd , & numlines , 0 , ctx ) ;
2006-02-13 17:08:25 +00:00
DEBUGADD ( 10 , ( " Lines returned = [%d] \n " , numlines ) ) ;
close ( fd ) ;
/* should be either no lines or a single line with the mapped username */
2006-06-28 01:25:29 +00:00
if ( numlines & & qlines ) {
2010-11-09 12:07:25 -08:00
DEBUG ( 3 , ( " Mapped user %s to %s \n " , user_in , qlines [ 0 ] ) ) ;
set_last_from_to ( user_in , qlines [ 0 ] ) ;
store_map_in_gencache ( ctx , user_in , qlines [ 0 ] ) ;
TALLOC_FREE ( * p_user_out ) ;
* p_user_out = talloc_strdup ( ctx , qlines [ 0 ] ) ;
if ( ! * p_user_out ) {
return false ;
}
2006-02-13 17:08:25 +00:00
}
2008-10-12 17:34:43 +02:00
TALLOC_FREE ( qlines ) ;
2007-11-12 18:12:26 -08:00
2006-02-13 17:08:25 +00:00
return numlines ! = 0 ;
}
/* ok. let's try the mapfile */
if ( ! * mapfile )
return False ;
2016-11-22 01:38:16 +01:00
f = fopen ( mapfile , " r " ) ;
2006-02-13 17:08:25 +00:00
if ( ! f ) {
DEBUG ( 0 , ( " can't open username map %s. Error %s \n " , mapfile , strerror ( errno ) ) ) ;
return False ;
}
DEBUG ( 4 , ( " Scanning username map %s \n " , mapfile ) ) ;
2016-11-22 01:38:16 +01:00
while ( ( s = fgets_slash ( NULL , buf , sizeof ( buf ) , f ) ) ! = NULL ) {
2006-02-13 17:08:25 +00:00
char * unixname = s ;
char * dosname = strchr_m ( unixname , ' = ' ) ;
char * * dosuserlist ;
2007-10-18 17:40:25 -07:00
bool return_if_mapped = False ;
2006-02-13 17:08:25 +00:00
if ( ! dosname )
continue ;
* dosname + + = 0 ;
2010-04-09 14:30:54 +02:00
unixname = skip_space ( unixname ) ;
2006-02-13 17:08:25 +00:00
if ( ' ! ' = = * unixname ) {
return_if_mapped = True ;
2010-04-09 14:30:54 +02:00
unixname = skip_space ( unixname + 1 ) ;
2006-02-13 17:08:25 +00:00
}
2007-12-17 17:27:29 -08:00
2006-02-13 17:08:25 +00:00
if ( ! * unixname | | strchr_m ( " #; " , * unixname ) )
continue ;
{
int l = strlen ( unixname ) ;
while ( l & & isspace ( ( int ) unixname [ l - 1 ] ) ) {
unixname [ l - 1 ] = 0 ;
l - - ;
}
}
2006-03-01 15:11:56 +00:00
/* skip lines like 'user = ' */
2010-11-09 12:07:25 -08:00
dosuserlist = str_list_make_v3 ( ctx , dosname , NULL ) ;
2006-02-13 17:08:25 +00:00
if ( ! dosuserlist ) {
2006-03-01 15:11:56 +00:00
DEBUG ( 0 , ( " Bad username map entry. Unable to build user list. Ignoring. \n " ) ) ;
continue ;
2006-02-13 17:08:25 +00:00
}
if ( strchr_m ( dosname , ' * ' ) | |
2014-02-26 20:16:26 +01:00
user_in_list ( ctx , user_in , ( const char * const * ) dosuserlist ) ) {
2010-11-09 12:07:25 -08:00
DEBUG ( 3 , ( " Mapped user %s to %s \n " , user_in , unixname ) ) ;
2006-02-13 17:08:25 +00:00
mapped_user = True ;
2007-12-17 17:27:29 -08:00
2010-11-09 12:07:25 -08:00
set_last_from_to ( user_in , unixname ) ;
store_map_in_gencache ( ctx , user_in , unixname ) ;
TALLOC_FREE ( * p_user_out ) ;
* p_user_out = talloc_strdup ( ctx , unixname ) ;
if ( ! * p_user_out ) {
TALLOC_FREE ( dosuserlist ) ;
2016-11-22 01:38:16 +01:00
fclose ( f ) ;
2010-11-09 12:07:25 -08:00
return false ;
}
2007-12-17 17:27:29 -08:00
2006-02-13 17:08:25 +00:00
if ( return_if_mapped ) {
2008-02-04 20:57:35 +01:00
TALLOC_FREE ( dosuserlist ) ;
2016-11-22 01:38:16 +01:00
fclose ( f ) ;
2006-02-13 17:08:25 +00:00
return True ;
}
}
2007-12-17 17:27:29 -08:00
2008-02-04 20:57:35 +01:00
TALLOC_FREE ( dosuserlist ) ;
2006-02-13 17:08:25 +00:00
}
2016-11-22 01:38:16 +01:00
fclose ( f ) ;
2006-02-13 17:08:25 +00:00
/*
2013-04-05 14:07:37 +02:00
* If we didn ' t successfully map a user in the loop above ,
* setup the last_from and last_to as an optimization so
2006-02-13 17:08:25 +00:00
* that we don ' t scan the file again for the same user .
*/
2013-04-05 14:07:37 +02:00
if ( ! mapped_user ) {
DEBUG ( 8 , ( " The user '%s' has no mapping. "
" Skip it next time. \n " , user_in ) ) ;
set_last_from_to ( user_in , user_in ) ;
store_map_in_gencache ( ctx , user_in , user_in ) ;
}
2006-02-13 17:08:25 +00:00
return mapped_user ;
}