2025-02-26 21:57:41 +03:00 · 2010-06-02 19:39:18 +02:00 · 2010-06-02 19:39:18 +02:00 · 9097bdddd0
commit 9097bdddd0
parent fad86ddf55
4 changed files with 140 additions and 139 deletions
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@ -772,6 +772,7 @@ AUTH_OBJ = auth/auth.o @AUTH_STATIC@ auth/auth_util.o auth/token_util.o \
 	   auth/server_info.o \
 	   auth/server_info_sam.o \
 	   auth/user_info.o \
+	   auth/user_util.o \
 	   auth/auth_compat.o auth/auth_ntlmssp.o \
 	   $(PLAINTEXT_AUTH_OBJ) $(SLCACHE_OBJ) $(DCUTIL_OBJ)

@ -783,7 +784,7 @@ BUILDOPT_OBJ = smbd/build_options.o

 SMBD_OBJ_SRV = smbd/server_reload.o \
 	       smbd/files.o smbd/connection.o \
-	       smbd/utmp.o smbd/session.o smbd/map_username.o \
+	       smbd/utmp.o smbd/session.o \
               smbd/dfree.o smbd/dir.o smbd/password.o smbd/conn.o \
 	       smbd/share_access.o smbd/fileio.o \
               smbd/ipc.o smbd/lanman.o smbd/negprot.o \
--- a/source3/smbd/map_username.c
+++ b/source3/smbd/map_username.c
@ -1,20 +1,20 @@
-/* 
+/*
   Unix SMB/CIFS implementation.
   Username handling
   Copyright (C) Andrew Tridgell 1992-1998
   Copyright (C) Jeremy Allison 1997-2001.
   Copyright (C) Volker Lendecke 2006
-   
+
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 3 of the License, or
   (at your option) any later version.
-   
+
   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.
-   
+
   You should have received a copy of the GNU General Public License
   along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
@ -120,6 +120,139 @@ static void store_map_in_gencache(const char *from, const char *to)
 	TALLOC_FREE(key);
 }

+/****************************************************************************
+ Check if a user is in a netgroup user list. If at first we don't succeed,
+ try lower case.
+****************************************************************************/
+
+bool user_in_netgroup(const char *user, const char *ngname)
+{
+#ifdef HAVE_NETGROUP
+	static char *my_yp_domain = NULL;
+	fstring lowercase_user;
+
+	if (my_yp_domain == NULL) {
+		yp_get_default_domain(&my_yp_domain);
+	}
+
+	if (my_yp_domain == NULL) {
+		DEBUG(5,("Unable to get default yp domain, "
+			"let's try without specifying it\n"));
+	}
+
+	DEBUG(5,("looking for user %s of domain %s in netgroup %s\n",
+		user, my_yp_domain?my_yp_domain:"(ANY)", ngname));
+
+	if (innetgr(ngname, NULL, user, my_yp_domain)) {
+		DEBUG(5,("user_in_netgroup: Found\n"));
+		return true;
+	}
+
+	/*
+	 * Ok, innetgr is case sensitive. Try once more with lowercase
+	 * just in case. Attempt to fix #703. JRA.
+	 */
+	fstrcpy(lowercase_user, user);
+	strlower_m(lowercase_user);
+
+	if (strcmp(user,lowercase_user) == 0) {
+		/* user name was already lower case! */
+		return false;
+	}
+
+	DEBUG(5,("looking for user %s of domain %s in netgroup %s\n",
+		lowercase_user, my_yp_domain?my_yp_domain:"(ANY)", ngname));
+
+	if (innetgr(ngname, NULL, lowercase_user, my_yp_domain)) {
+		DEBUG(5,("user_in_netgroup: Found\n"));
+		return true;
+	}
+#endif /* HAVE_NETGROUP */
+	return false;
+}
+
+/****************************************************************************
+ Check if a user is in a user list - can check combinations of UNIX
+ and netgroup lists.
+****************************************************************************/
+
+bool user_in_list(const char *user,const char **list)
+{
+	if (!list || !*list)
+		return False;
+
+	DEBUG(10,("user_in_list: checking user %s in list\n", user));
+
+	while (*list) {
+
+		DEBUG(10,("user_in_list: checking user |%s| against |%s|\n",
+			  user, *list));
+
+		/*
+		 * Check raw username.
+		 */
+		if (strequal(user, *list))
+			return(True);
+
+		/*
+		 * Now check to see if any combination
+		 * of UNIX and netgroups has been specified.
+		 */
+
+		if(**list == '@') {
+			/*
+			 * Old behaviour. Check netgroup list
+			 * followed by UNIX list.
+			 */
+			if(user_in_netgroup(user, *list +1))
+				return True;
+			if(user_in_group(user, *list +1))
+				return True;
+		} else if (**list == '+') {
+
+			if((*(*list +1)) == '&') {
+				/*
+				 * Search UNIX list followed by netgroup.
+				 */
+				if(user_in_group(user, *list +2))
+					return True;
+				if(user_in_netgroup(user, *list +2))
+					return True;
+
+			} else {
+
+				/*
+				 * Just search UNIX list.
+				 */
+
+				if(user_in_group(user, *list +1))
+					return True;
+			}
+
+		} else if (**list == '&') {
+
+			if(*(*list +1) == '+') {
+				/*
+				 * Search netgroup list followed by UNIX list.
+				 */
+				if(user_in_netgroup(user, *list +2))
+					return True;
+				if(user_in_group(user, *list +2))
+					return True;
+			} else {
+				/*
+				 * Just search netgroup list.
+				 */
+				if(user_in_netgroup(user, *list +1))
+					return True;
+			}
+		}
+
+		list++;
+	}
+	return(False);
+}
+
 bool map_username(fstring user)
 {
 	XFILE *f;
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@ -403,139 +403,6 @@ const char *get_session_workgroup(struct smbd_server_connection *sconn)
 	return sconn->smb1.sessions.session_workgroup;
 }

-/****************************************************************************
- Check if a user is in a netgroup user list. If at first we don't succeed,
- try lower case.
-****************************************************************************/
-
-bool user_in_netgroup(const char *user, const char *ngname)
-{
-#ifdef HAVE_NETGROUP
-	static char *my_yp_domain = NULL;
-	fstring lowercase_user;
-
-	if (my_yp_domain == NULL) {
-		yp_get_default_domain(&my_yp_domain);
-	}
-
-	if (my_yp_domain == NULL) {
-		DEBUG(5,("Unable to get default yp domain, "
-			"let's try without specifying it\n"));
-	}
-
-	DEBUG(5,("looking for user %s of domain %s in netgroup %s\n",
-		user, my_yp_domain?my_yp_domain:"(ANY)", ngname));
-
-	if (innetgr(ngname, NULL, user, my_yp_domain)) {
-		DEBUG(5,("user_in_netgroup: Found\n"));
-		return true;
-	}
-
-	/*
-	 * Ok, innetgr is case sensitive. Try once more with lowercase
-	 * just in case. Attempt to fix #703. JRA.
-	 */
-	fstrcpy(lowercase_user, user);
-	strlower_m(lowercase_user);
-
-	if (strcmp(user,lowercase_user) == 0) {
-		/* user name was already lower case! */
-		return false;
-	}
-
-	DEBUG(5,("looking for user %s of domain %s in netgroup %s\n",
-		lowercase_user, my_yp_domain?my_yp_domain:"(ANY)", ngname));
-
-	if (innetgr(ngname, NULL, lowercase_user, my_yp_domain)) {
-		DEBUG(5,("user_in_netgroup: Found\n"));
-		return true;
-	}
-#endif /* HAVE_NETGROUP */
-	return false;
-}
-
-/****************************************************************************
- Check if a user is in a user list - can check combinations of UNIX
- and netgroup lists.
-****************************************************************************/
-
-bool user_in_list(const char *user,const char **list)
-{
-	if (!list || !*list)
-		return False;
-
-	DEBUG(10,("user_in_list: checking user %s in list\n", user));
-
-	while (*list) {
-
-		DEBUG(10,("user_in_list: checking user |%s| against |%s|\n",
-			  user, *list));
-
-		/*
-		 * Check raw username.
-		 */
-		if (strequal(user, *list))
-			return(True);
-
-		/*
-		 * Now check to see if any combination
-		 * of UNIX and netgroups has been specified.
-		 */
-
-		if(**list == '@') {
-			/*
-			 * Old behaviour. Check netgroup list
-			 * followed by UNIX list.
-			 */
-			if(user_in_netgroup(user, *list +1))
-				return True;
-			if(user_in_group(user, *list +1))
-				return True;
-		} else if (**list == '+') {
-
-			if((*(*list +1)) == '&') {
-				/*
-				 * Search UNIX list followed by netgroup.
-				 */
-				if(user_in_group(user, *list +2))
-					return True;
-				if(user_in_netgroup(user, *list +2))
-					return True;
-
-			} else {
-
-				/*
-				 * Just search UNIX list.
-				 */
-
-				if(user_in_group(user, *list +1))
-					return True;
-			}
-
-		} else if (**list == '&') {
-
-			if(*(*list +1) == '+') {
-				/*
-				 * Search netgroup list followed by UNIX list.
-				 */
-				if(user_in_netgroup(user, *list +2))
-					return True;
-				if(user_in_group(user, *list +2))
-					return True;
-			} else {
-				/*
-				 * Just search netgroup list.
-				 */
-				if(user_in_netgroup(user, *list +1))
-					return True;
-			}
-		}
-
-		list++;
-	}
-	return(False);
-}
-
 /****************************************************************************
 Check if a username is valid.
 ****************************************************************************/
--- a/source3/wscript_build
+++ b/source3/wscript_build
@ -524,7 +524,7 @@ AUTH_NETLOGOND_SRC = 'auth/auth_netlogond.c'
 AUTH_STATIC = ''
 AUTH_SRC = '''${AUTH_STATIC} auth/auth.c auth/auth_util.c auth/token_util.c
           auth/auth_compat.c auth/auth_ntlmssp.c auth/user_info.c auth/check_samsec.c
-           auth/server_info.c auth/server_info_sam.c
+           auth/user_util.c auth/server_info.c auth/server_info_sam.c
           ${PLAINTEXT_AUTH_SRC} ${SLCACHE_SRC} ${DCUTIL_SRC}'''

 #FIXME: set IDMAP_STATIC during configuration