sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-27 14:04:05 +03:00
Code

Makefile: Added ubi_sLinkList.o as the groupname.o file needs it. Added groupname.o

Browse Source 
includes.h: Added ubi_sLinkList.h include.
loadparm.c: Added groupname map parameter.
password.c: Fix HPUX big_crypt.
username.c: New user_in_list() code. Moved groupname map code to groupname.c
lib/rpc/server/srv_util.c: Added lookup_wellknown_sid_from_name().

New groupname map stuff. Note that nothing currently uses this but at
compiles ok.

Jeremy.
This commit is contained in:
Jeremy Allison -
parent a70b929ec7
commit beef636a4d
6 changed files with 202 additions and 239 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
source/include/includes.h
View File

@ -1219,6 +1219,7 @@ extern char *sys_errlist[];
#endif
/* Lists, trees, caching, datbase... */
#include "ubi_sLinkList.h"
#include "ubi_dLinkList.h"
#ifndef UBI_BINTREE_H
#include "ubi_Cache.h"

7
source/include/proto.h
View File

@ -200,6 +200,10 @@ void generate_random_buffer( unsigned char *out, int len, BOOL re_seed);
char *getsmbpass(char *prompt) ;
/*The following definitions come from groupname.c */
void load_groupname_map(void);
/*The following definitions come from interface.c */
void load_interfaces(void);
@ -902,6 +906,7 @@ BOOL api_srvsvc_rpc(pipes_struct *p, prs_struct *data);
/*The following definitions come from lib/rpc/server/srv_util.c */
BOOL lookup_wellknown_sid_from_name(char *windows_name, DOM_SID *psid);
int make_dom_gids(char *gids_str, DOM_GID **ppgids);
BOOL create_rpc_reply(pipes_struct *p,
uint32 data_start, uint32 data_end);
@ -941,6 +946,7 @@ char *lp_passwordserver(void);
char *lp_name_resolve_order(void);
char *lp_workgroup(void);
char *lp_username_map(void);
char *lp_groupname_map(void);
char *lp_character_set(void);
char *lp_logon_script(void);
char *lp_logon_path(void);
@ -1942,7 +1948,6 @@ char *get_home_dir(char *user);
BOOL map_username(char *user);
struct passwd *Get_Pwnam(char *user,BOOL allow_change);
BOOL user_in_list(char *user,char *list);
void load_groupname_map(void);
/*The following definitions come from util.c */

341
source/lib/username.c
View File

@ -21,7 +21,6 @@
#include "includes.h"
extern int DEBUGLEVEL;
extern DOM_SID global_machine_sid;
/* internal functions */
static struct passwd *uname_string_combinations(char *s, struct passwd * (*fn) (char *), int N);
@ -228,7 +227,70 @@ struct passwd *Get_Pwnam(char *user,BOOL allow_change)
}
/****************************************************************************
check if a user is in a user list
check if a user is in a netgroup user list
****************************************************************************/
static BOOL user_in_netgroup_list(char *user,char *ngname)
{
#ifdef NETGROUP
static char *mydomain = NULL;
if (mydomain == NULL)
yp_get_default_domain(&mydomain);
if(mydomain == NULL)
{
DEBUG(5,("Unable to get default yp domain\n"));
}
else
{
DEBUG(5,("looking for user %s of domain %s in netgroup %s\n",
user, mydomain, ngname));
DEBUG(5,("innetgr is %s\n",
innetgr(ngname, NULL, user, mydomain)
? "TRUE" : "FALSE"));
if (innetgr(ngname, NULL, user, mydomain))
return (True);
}
#endif /* NETGROUP */
return False;
}
/****************************************************************************
check if a user is in a UNIX user list
****************************************************************************/
static BOOL user_in_group_list(char *user,char *gname)
{
#if HAVE_GETGRNAM
struct group *gptr;
char **member;
struct passwd *pass = Get_Pwnam(user,False);
if (pass)
{
gptr = getgrgid(pass->pw_gid);
if (gptr && strequal(gptr->gr_name,gname))
return(True);
}
gptr = (struct group *)getgrnam(gname);
if (gptr)
{
member = gptr->gr_mem;
while (member && *member)
{
if (strequal(*member,user))
return(True);
member++;
}
}
#endif /* HAVE_GETGRNAM */
return False;
}
/****************************************************************************
check if a user is in a user list - can check combinations of UNIX
and netgroup lists.
****************************************************************************/
BOOL user_in_list(char *user,char *list)
{
@ -236,65 +298,72 @@ BOOL user_in_list(char *user,char *list)
char *p=list;
while (next_token(&p,tok,LIST_SEP))
{
/*
* Check raw username.
*/
if (strequal(user,tok))
return(True);
/*
* Now check to see if any combination
* of UNIX and netgroups has been specified.
*/
if(*tok == '@')
{
if (strequal(user,tok))
return(True);
#ifdef NETGROUP
if (*tok == '@')
{
static char *mydomain = NULL;
if (mydomain == 0)
yp_get_default_domain(&mydomain);
if(mydomain == 0)
{
DEBUG(5,("Unable to get default yp domain\n"));
}
else
{
DEBUG(5,("looking for user %s of domain %s in netgroup %s\n",
user, mydomain, &tok[1]));
DEBUG(5,("innetgr is %s\n",
innetgr(&tok[1], (char *) 0, user, mydomain)
? "TRUE" : "FALSE"));
if (innetgr(&tok[1], (char *)0, user, mydomain))
return (True);
}
}
#endif
#if HAVE_GETGRNAM
if (*tok == '@')
{
struct group *gptr;
char **member;
struct passwd *pass = Get_Pwnam(user,False);
if (pass) {
gptr = getgrgid(pass->pw_gid);
if (gptr && strequal(gptr->gr_name,&tok[1]))
return(True);
}
gptr = (struct group *)getgrnam(&tok[1]);
if (gptr)
{
member = gptr->gr_mem;
while (member && *member)
{
if (strequal(*member,user))
return(True);
member++;
}
}
}
#endif
/*
* Old behaviour. Check netgroup list
* followed by UNIX list.
*/
if(user_in_netgroup_list(user,&tok[1]))
return True;
if(user_in_group_list(user,&tok[1]))
return True;
}
else if (*tok == '+')
{
if(tok[1] == '&')
{
/*
* Search UNIX list followed by netgroup.
*/
if(user_in_group_list(user,&tok[2]))
return True;
if(user_in_netgroup_list(user,&tok[2]))
return True;
}
else
{
/*
* Just search UNIX list.
*/
if(user_in_group_list(user,&tok[1]))
return True;
}
}
else if (*tok == '&')
{
if(tok[1] == '&')
{
/*
* Search netgroup list followed by UNIX list.
*/
if(user_in_netgroup_list(user,&tok[2]))
return True;
if(user_in_group_list(user,&tok[2]))
return True;
}
else
{
/*
* Just search netgroup list.
*/
if(user_in_netgroup_list(user,&tok[1]))
return True;
}
}
}
return(False);
}
@ -352,157 +421,3 @@ static struct passwd * uname_string_combinations(char *s,struct passwd * (*fn)(c
}
return(NULL);
}
#if 0
/* JRATEST - under construction. */
/**************************************************************************
Groupname map functionality. The code loads a groupname map file and
(currently) loads it into a linked list. This is slow and memory
hungry, but can be changed into a more efficient storage format
if the demands on it become excessive.
***************************************************************************/
typedef struct groupname_map {
ubi_slNode next;
char *windows_name;
DOM_SID windows_sid;
char *unix_name;
gid_t unix_gid;
} groupname_map_entry;
static ubi_slList groupname_map_list;
/**************************************************************************
Delete all the entries in the groupname map list.
***************************************************************************/
static void delete_groupname_map_list(void)
{
groupname_map_entry *gmep;
while((gmep = (groupname_map_entry *)ubi_slRemHead( groupname_map_list )) != NULL) {
if(gmep->windows_name)
free(gmep->windows_name);
if(gmep->unix_name)
free(gmep->unix_name);
free((char *)gmep);
}
}
/**************************************************************************
Load a groupname map file. Sets last accessed timestamp.
***************************************************************************/
void load_groupname_map(void)
{
static time_t groupmap_file_last_modified = (time_t)0;
static BOOL initialized = False;
char *groupname_map_file = lp_groupname_map();
struct stat st;
FILE *fp;
char *s;
pstring buf;
if(!initialized) {
ubi_slInsert( &groupname_map_list );
initialized = True;
}
if (!*groupname_map_file)
return;
if(stat(groupname_map_file, &st) != 0) {
DEBUG(0, ("load_groupname_map: Unable to stat file %s. Error was %s\n",
groupname_map_file, strerror(errno) ));
return;
}
/*
* Check if file has changed.
*/
if( st.st_mtime <= groupmap_file_last_modified)
return;
groupmap_file_last_modified = st.st_mtime;
/*
* Load the file.
*/
fp = fopen(groupname_map_file,"r");
if (!fp) {
DEBUG(0,("load_groupname_map: can't open groupname map %s. Error was %s\n",
mapfile, strerror(errno)));
return;
}
/*
* Throw away any previous list.
*/
delete_groupname_map_list();
DEBUG(4,("load_groupname_map: Scanning groupname map %s\n",groupname_map_file));
while((s=fgets_slash(buf,sizeof(buf),fp))!=NULL) {
pstring unixname;
pstring windows_name;
struct group *gptr;
DOM_SID tmp_sid;
DEBUG(10,("load_groupname_map: Read line |%s|\n", s);
if (!*s || strchr("#;",*s))
continue;
if(!next_token(&s,unixname, "\t\n\r="))
continue;
if(!next_token(&s,windows_name, "\t\n\r="))
continue;
trim_string(unixname, " ", " ");
trim_string(windows_name, " ", " ");
if (!*dosname)
continue;
if(!*unixname)
continue;
/*
* Attempt to get the unix gid_t for this name.
*/
DEBUG(5,("load_groupname_map: Attempting to find unix group %s.\n",
unixname ));
if((gptr = (struct group *)getgrnam(unixname)) == NULL) {
DEBUG(0,("load_groupname_map: getgrnam for group %s failed.\
Error was %s.\n", unixname, strerror(errno) ));
continue;
}
/*
* Now map to an NT SID.
*/
if(!lookup_wellknown_sid_from_name(windows_name, &tmp_sid)) {
/*
* It's not a well known name, convert the UNIX gid_t
* to a rid within this domain SID.
*/
tmp_sid = global_machine_sid;
tmp_sid.sub_auths[tmp_sid.num_auths++] =
pdb_gid_to_group_rid((gid_t)gptr->gr_gid);
}
/*
* Create the list entry and add it onto the list.
*/
}
fclose(fp);
}
#endif /* JRATEST */

3
source/param/loadparm.c
View File

@ -126,6 +126,7 @@ typedef struct
char *szDomainHostsallow;
char *szDomainHostsdeny;
char *szUsernameMap;
char *szGroupnameMap;
char *szCharacterSet;
char *szLogonScript;
char *szLogonPath;
@ -591,6 +592,7 @@ static struct parm_struct parm_table[] =
{"domain guest group",P_STRING, P_GLOBAL, &Globals.szDomainGuestGroup, NULL, NULL, 0},
{"domain admin users",P_STRING, P_GLOBAL, &Globals.szDomainAdminUsers, NULL, NULL, 0},
{"domain guest users",P_STRING, P_GLOBAL, &Globals.szDomainGuestUsers, NULL, NULL, 0},
{"groupname map", P_STRING, P_GLOBAL, &Globals.szGroupnameMap, NULL, NULL, 0},
{"machine password timeout", P_INTEGER, P_GLOBAL, &Globals.machine_password_timeout, NULL, NULL, 0},
{"Logon Options", P_SEP, P_SEPARATOR},
@ -967,6 +969,7 @@ FN_GLOBAL_STRING(lp_passwordserver,&Globals.szPasswordServer)
FN_GLOBAL_STRING(lp_name_resolve_order,&Globals.szNameResolveOrder)
FN_GLOBAL_STRING(lp_workgroup,&Globals.szWorkGroup)
FN_GLOBAL_STRING(lp_username_map,&Globals.szUsernameMap)
FN_GLOBAL_STRING(lp_groupname_map,&Globals.szGroupnameMap)
FN_GLOBAL_STRING(lp_character_set,&Globals.szCharacterSet)
FN_GLOBAL_STRING(lp_logon_script,&Globals.szLogonScript)
FN_GLOBAL_STRING(lp_logon_path,&Globals.szLogonPath)

87
source/rpc_server/srv_util.c
View File

@ -42,44 +42,83 @@
#include "nterr.h"
extern int DEBUGLEVEL;
extern DOM_SID global_machine_sid;
/*
* A list of the rids of well known BUILTIN and Domain users
* and groups.
*/
rid_name builtin_alias_rids[] =
{
{ BUILTIN_ALIAS_RID_ADMINS , "Administrators" },
{ BUILTIN_ALIAS_RID_USERS , "Users" },
{ BUILTIN_ALIAS_RID_GUESTS , "Guests" },
{ BUILTIN_ALIAS_RID_POWER_USERS , "Power Users" },
{ BUILTIN_ALIAS_RID_ACCOUNT_OPS , "Account Operators" },
{ BUILTIN_ALIAS_RID_SYSTEM_OPS , "System Operators" },
{ BUILTIN_ALIAS_RID_PRINT_OPS , "Print Operators" },
{ BUILTIN_ALIAS_RID_BACKUP_OPS , "Backup Operators" },
{ BUILTIN_ALIAS_RID_REPLICATOR , "Replicator" },
{ 0 , NULL }
rid_name builtin_alias_rids[] =
{
{ BUILTIN_ALIAS_RID_ADMINS , "Administrators" },
{ BUILTIN_ALIAS_RID_USERS , "Users" },
{ BUILTIN_ALIAS_RID_GUESTS , "Guests" },
{ BUILTIN_ALIAS_RID_POWER_USERS , "Power Users" },
{ BUILTIN_ALIAS_RID_ACCOUNT_OPS , "Account Operators" },
{ BUILTIN_ALIAS_RID_SYSTEM_OPS , "System Operators" },
{ BUILTIN_ALIAS_RID_PRINT_OPS , "Print Operators" },
{ BUILTIN_ALIAS_RID_BACKUP_OPS , "Backup Operators" },
{ BUILTIN_ALIAS_RID_REPLICATOR , "Replicator" },
{ 0 , NULL }
};
/* array lookup of well-known Domain RID users. */
rid_name domain_user_rids[] =
{
{ DOMAIN_USER_RID_ADMIN , "Administrator" },
{ DOMAIN_USER_RID_GUEST , "Guest" },
{ 0 , NULL }
rid_name domain_user_rids[] =
{
{ DOMAIN_USER_RID_ADMIN , "Administrator" },
{ DOMAIN_USER_RID_GUEST , "Guest" },
{ 0 , NULL }
};
/* array lookup of well-known Domain RID groups. */
rid_name domain_group_rids[] =
{
{ DOMAIN_GROUP_RID_ADMINS , "Domain Admins" },
{ DOMAIN_GROUP_RID_USERS , "Domain Users" },
{ DOMAIN_GROUP_RID_GUESTS , "Domain Guests" },
{ 0 , NULL }
rid_name domain_group_rids[] =
{
{ DOMAIN_GROUP_RID_ADMINS , "Domain Admins" },
{ DOMAIN_GROUP_RID_USERS , "Domain Users" },
{ DOMAIN_GROUP_RID_GUESTS , "Domain Guests" },
{ 0 , NULL }
};
/**************************************************************************
Check if a name matches any of the well known SID values.
***************************************************************************/
BOOL lookup_wellknown_sid_from_name(char *windows_name, DOM_SID *psid)
{
rid_name *rnp;
int i;
for( i = 0; builtin_alias_rids[i].name != NULL; i++) {
rnp = &builtin_alias_rids[i];
if(strequal(rnp->name, windows_name)) {
string_to_sid( psid, "S-1-5-32" );
psid->sub_auths[psid->num_auths++] = rnp->rid;
return True;
}
}
for( i = 0; domain_user_rids[i].name != NULL; i++ ) {
rnp = &domain_user_rids[i];
if(strequal(rnp->name, windows_name)) {
*psid = global_machine_sid;
psid->sub_auths[psid->num_auths++] = rnp->rid;
return True;
}
}
for( i = 0; domain_group_rids[i].name != NULL; i++ ) {
rnp = &domain_group_rids[i];
if(strequal(rnp->name, windows_name)) {
*psid = global_machine_sid;
psid->sub_auths[psid->num_auths++] = rnp->rid;
return True;
}
}
return False;
}
int make_dom_gids(char *gids_str, DOM_GID **ppgids)
{

2
source/smbd/password.c
View File

@ -961,7 +961,7 @@ Hence we make a direct return to avoid a second chance!!!
#endif
#ifdef HPUX_10_TRUSTED
return(bigcrypt(password,this_salt,this_crypted));
return(strcmp(bigcrypt(password,this_salt),this_crypted) == 0);
#endif
#ifdef NO_CRYPT