sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-14 19:24:43 +03:00
Code

r5528: Expand the invalid-workstation-scheme. Workstation-Names with leading

Browse Source 
'@'-sign are expanded on-the-fly as posix-groups of workstations. This
allows optional, more flexible login-control in larger networks.

Guenther
(This used to be commit 8f143b6800e0b6964c8ba4ba9607dc74da12ae59)
This commit is contained in:
Günther Deschner 2005-02-24 00:26:24 +00:00 committed by Gerald (Jerry) Carter
parent 9fa9ca4f8b
commit 051d9d7894
1 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
source3/auth/auth_sam.c
View File

@ -170,9 +170,13 @@ static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx,
if (*workstation_list) {
BOOL invalid_ws = True;
fstring tok;
const char *s = workstation_list;
fstring tok;
const char *machine_name = talloc_asprintf(mem_ctx, "%s$", user_info->wksta_name.str);
if (machine_name == NULL)
return NT_STATUS_NO_MEMORY;
while (next_token(&s, tok, ",", sizeof(tok))) {
DEBUG(10,("sam_account_ok: checking for workstation match %s and %s (len=%d)\n",
@ -181,6 +185,14 @@ static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx,
invalid_ws = False;
break;
}
if (tok[0] == '@') {
DEBUG(10,("sam_account_ok: checking for workstation %s in group: %s\n",
machine_name, tok + 1));
if (user_in_group_list(machine_name, tok + 1, NULL, 0)) {
invalid_ws = False;
break;
}
}
}
if (invalid_ws)