BOOL map_username(char *user);
struct passwd *Get_Pwnam(char *user,BOOL allow_change);
BOOL user_in_list(char *user,char *list);
+struct passwd *smb_getpwnam(char *user, char *domain, BOOL allow_change);
+int smb_initgroups(char *user, char *domain, gid_t group);
/*The following definitions come from lib/util.c */
DOM_GID *gids,
uint32 user_flgs,
- char sess_key[16],
+ char *sess_key,
char *logon_srv,
char *logon_dom,
user_struct *get_valid_user_struct(uint16 vuid);
void invalidate_vuid(uint16 vuid);
char *validated_username(uint16 vuid);
-int setup_groups(char *user, uid_t uid, gid_t gid, int *p_ngroups, gid_t **p_groups);
-uint16 register_vuid(uid_t uid,gid_t gid, char *unix_name, char *requested_name, BOOL guest);
+char *validated_domain(uint16 vuid);
+int setup_groups(char *user, char *domain,
+ uid_t uid, gid_t gid, int *p_ngroups, gid_t **p_groups);
+uint16 register_vuid(uid_t uid,gid_t gid, char *unix_name, char *requested_name,
+ char *domain,BOOL guest);
void add_session_user(char *user);
BOOL smb_password_check(char *password, unsigned char *part_passwd, unsigned char *c8);
BOOL smb_password_ok(struct smb_passwd *smb_pass, uchar chal[8],
}
return(NULL);
}
+
+
+/****************************************************************************
+these wrappers allow appliance mode to work. In appliance mode the username
+takes the form DOMAIN/user
+****************************************************************************/
+struct passwd *smb_getpwnam(char *user, char *domain, BOOL allow_change)
+{
+ struct passwd *pw;
+ fstring userdom;
+
+ pw = Get_Pwnam(user, allow_change);
+ if (pw || !domain || !*domain) return pw;
+
+ slprintf(userdom, sizeof(userdom), "%s/%s", domain, user);
+
+ DEBUG(4,("smb_getpwnam trying userdom %s\n", userdom));
+
+ return Get_Pwnam(userdom, allow_change);
+}
+
+int smb_initgroups(char *user, char *domain, gid_t group)
+{
+ fstring userdom;
+ int ret;
+
+ ret = initgroups(user, group);
+ if (ret==0 || !domain || !*domain) return ret;
+
+ slprintf(userdom, sizeof(userdom), "%s/%s", domain, user);
+
+ DEBUG(4,("smb_initgroups trying userdom %s\n", userdom));
+
+ return initgroups(userdom, group);
+}
****************************************************************************/
char *validated_username(uint16 vuid)
{
- user_struct *vuser = get_valid_user_struct(vuid);
- if (vuser == NULL)
- return 0;
- return(vuser->user.unix_name);
+ user_struct *vuser = get_valid_user_struct(vuid);
+ if (vuser == NULL)
+ return 0;
+ return(vuser->user.unix_name);
+}
+
+/****************************************************************************
+return a validated domain
+****************************************************************************/
+char *validated_domain(uint16 vuid)
+{
+ user_struct *vuser = get_valid_user_struct(vuid);
+ if (vuser == NULL)
+ return 0;
+ return(vuser->user.domain);
}
/****************************************************************************
Setup the groups a user belongs to.
****************************************************************************/
-int setup_groups(char *user, uid_t uid, gid_t gid, int *p_ngroups, gid_t **p_groups)
+int setup_groups(char *user, char *domain,
+ uid_t uid, gid_t gid, int *p_ngroups, gid_t **p_groups)
{
int i,ngroups;
gid_t grp = 0;
gid_t *groups = NULL;
- if (-1 == initgroups(user,gid))
+ if (-1 == smb_initgroups(user,domain,gid))
{
DEBUG(0,("Unable to initgroups. Error was %s\n", strerror(errno) ));
if (getuid() == 0)
has been given. vuid is biased by an offset. This allows us to
tell random client vuid's (normally zero) from valid vuids.
****************************************************************************/
-uint16 register_vuid(uid_t uid,gid_t gid, char *unix_name, char *requested_name, BOOL guest)
+uint16 register_vuid(uid_t uid,gid_t gid, char *unix_name, char *requested_name,
+ char *domain,BOOL guest)
{
user_struct *vuser;
struct passwd *pwfile; /* for getting real name from passwd file */
vuser->guest = guest;
fstrcpy(vuser->user.unix_name,unix_name);
fstrcpy(vuser->user.smb_name,requested_name);
+ fstrcpy(vuser->user.domain,domain);
vuser->n_groups = 0;
vuser->groups = NULL;
/* Find all the groups this uid is in and store them.
Used by become_user() */
- setup_groups(unix_name,uid,gid,
+ setup_groups(unix_name,domain,uid,gid,
&vuser->n_groups,
&vuser->groups);
}
}
- if (!Get_Pwnam(user,True)) {
+ if (!smb_getpwnam(user,domain,True)) {
DEBUG(3,("No such user %s - using guest account\n",user));
pstrcpy(user,lp_guestaccount(-1));
guest = True;
user we should become.
*/
{
- const struct passwd *pw = Get_Pwnam(user,False);
+ const struct passwd *pw = smb_getpwnam(user,domain,False);
if (!pw) {
DEBUG(1,("Username %s is invalid on this system\n",user));
return bad_password_error(inbuf,outbuf);
/* register the name and uid as being validated, so further connections
to a uid can get through without a password, on the same VC */
- sess_vuid = register_vuid(uid,gid,user,sesssetup_user,guest);
+ sess_vuid = register_vuid(uid,gid,user,sesssetup_user,domain,guest);
SSVAL(outbuf,smb_uid,sess_vuid);
SSVAL(inbuf,smb_uid,sess_vuid);
}
/* find out some info about the user */
- pass = Get_Pwnam(user,True);
+ pass = smb_getpwnam(user,validated_domain(vuid),True);
if (pass == NULL) {
DEBUG(0,( "Couldn't find account %s\n",user));
if (!IS_IPC(conn)) {
/* Find all the groups this uid is in and
store them. Used by become_user() */
- setup_groups(conn->user,conn->uid,conn->gid,
+ setup_groups(conn->user,validated_domain(vuid),conn->uid,conn->gid,
&conn->ngroups,&conn->groups);
/* check number of connections */