2 Unix SMB/Netbios implementation.
5 Copyright (C) Andrew Tridgell 1992-1998
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 /* internal functions */
25 static struct passwd *uname_string_combinations(char *s, struct passwd * (*fn) (const char *), int N);
26 static struct passwd *uname_string_combinations2(char *s, int offset, struct passwd * (*fn) (const char *), int N);
28 /****************************************************************************
29 Get a users home directory.
30 ****************************************************************************/
32 char *get_user_home_dir(const char *user)
34 static struct passwd *pass;
36 pass = Get_Pwnam(user);
38 if (!pass) return(NULL);
43 /*******************************************************************
44 Map a username from a dos name to a unix name by looking in the username
45 map. Note that this modifies the name in place.
46 This is the main function that should be called *once* on
47 any incoming or new username - in order to canonicalize the name.
48 This is being done to de-couple the case conversions from the user mapping
49 function. Previously, the map_username was being called
50 every time Get_Pwnam was called.
51 Returns True if username was changed, false otherwise.
52 ********************************************************************/
54 BOOL map_username(char *user)
56 static BOOL initialised=False;
57 static fstring last_from,last_to;
59 char *mapfile = lp_username_map();
62 BOOL mapped_user = False;
71 *last_from = *last_to = 0;
75 if (strequal(user,last_to))
78 if (strequal(user,last_from)) {
79 DEBUG(3,("Mapped user %s to %s\n",user,last_to));
80 fstrcpy(user,last_to);
84 f = x_fopen(mapfile,O_RDONLY, 0);
86 DEBUG(0,("can't open username map %s. Error %s\n",mapfile, strerror(errno) ));
90 DEBUG(4,("Scanning username map %s\n",mapfile));
92 while((s=fgets_slash(buf,sizeof(buf),f))!=NULL) {
94 char *dosname = strchr_m(unixname,'=');
96 BOOL return_if_mapped = False;
103 while (isspace(*unixname))
105 if ('!' == *unixname) {
106 return_if_mapped = True;
108 while (*unixname && isspace(*unixname))
112 if (!*unixname || strchr_m("#;",*unixname))
116 int l = strlen(unixname);
117 while (l && isspace(unixname[l-1])) {
123 dosuserlist = lp_list_make(dosname);
125 DEBUG(0,("Unable to build user list\n"));
129 if (strchr_m(dosname,'*') || user_in_list(user, dosuserlist)) {
130 DEBUG(3,("Mapped user %s to %s\n",user,unixname));
132 fstrcpy(last_from,user);
133 sscanf(unixname,"%s",user);
134 fstrcpy(last_to,user);
135 if(return_if_mapped) {
136 lp_list_free (&dosuserlist);
142 lp_list_free (&dosuserlist);
148 * Setup the last_from and last_to as an optimization so
149 * that we don't scan the file again for the same user.
151 fstrcpy(last_from,user);
152 fstrcpy(last_to,user);
157 /****************************************************************************
159 ****************************************************************************/
161 static struct passwd *_Get_Pwnam(const char *s)
165 ret = sys_getpwnam(s);
167 #ifdef HAVE_GETPWANAM
168 struct passwd_adjunct *pwret;
169 pwret = getpwanam(s);
170 if (pwret && pwret->pwa_passwd) {
171 pstrcpy(ret->pw_passwd,pwret->pwa_passwd);
181 * A wrapper for getpwnam(). The following variations are tried:
183 * - in all lower case if this differs from transmitted
184 * - in all upper case if this differs from transmitted
185 * - using lp_usernamelevel() for permutations.
187 struct passwd *Get_Pwnam_internals(const char *user, char *user2)
189 struct passwd *ret = NULL;
191 if (!user2 || !(*user2))
194 if (!user || !(*user))
197 /* Try in all lower case first as this is the most
198 common case on UNIX systems */
200 DEBUG(5,("Trying _Get_Pwnam(), username as lowercase is %s\n",user2));
201 ret = _Get_Pwnam(user2);
205 /* Try as given, if username wasn't originally lowercase */
206 if(strcmp(user,user2) != 0) {
207 DEBUG(5,("Trying _Get_Pwnam(), username as given is %s\n",user));
208 ret = _Get_Pwnam(user);
213 /* Try as uppercase, if username wasn't originally uppercase */
215 if(strcmp(user,user2) != 0) {
216 DEBUG(5,("Trying _Get_Pwnam(), username as uppercase is %s\n",user2));
217 ret = _Get_Pwnam(user2);
222 /* Try all combinations up to usernamelevel */
224 DEBUG(5,("Checking combinations of %d uppercase letters in %s\n",lp_usernamelevel(),user2));
225 ret = uname_string_combinations(user2, _Get_Pwnam, lp_usernamelevel());
228 DEBUG(5,("Get_Pwnam %s find a valid username!\n",ret ? "did":"didn't"));
232 /****************************************************************************
233 Get_Pwnam wrapper for modification.
234 NOTE: This can potentially modify 'user'!
235 ****************************************************************************/
237 struct passwd *Get_Pwnam_Modify(char *user)
242 fstrcpy(user2, user);
244 ret = Get_Pwnam_internals(user, user2);
246 /* If caller wants the modified username, ensure they get it */
249 /* We can safely assume ret is NULL if none of the above succeed */
253 /****************************************************************************
254 Get_Pwnam wrapper without modification.
255 NOTE: This with NOT modify 'user'!
256 ****************************************************************************/
258 struct passwd *Get_Pwnam(const char *user)
263 fstrcpy(user2, user);
265 ret = Get_Pwnam_internals(user, user2);
267 /* We can safely assume ret is NULL if none of the above succeed */
271 /****************************************************************************
272 Check if a user is in a netgroup user list.
273 ****************************************************************************/
275 static BOOL user_in_netgroup_list(const char *user, const char *ngname)
278 static char *mydomain = NULL;
279 if (mydomain == NULL)
280 yp_get_default_domain(&mydomain);
282 if(mydomain == NULL) {
283 DEBUG(5,("Unable to get default yp domain\n"));
285 DEBUG(5,("looking for user %s of domain %s in netgroup %s\n",
286 user, mydomain, ngname));
287 DEBUG(5,("innetgr is %s\n",
288 innetgr(ngname, NULL, user, mydomain)
289 ? "TRUE" : "FALSE"));
291 if (innetgr(ngname, NULL, user, mydomain))
294 #endif /* HAVE_NETGROUP */
298 /****************************************************************************
299 Check if a user is in a winbind group.
300 ****************************************************************************/
302 static BOOL user_in_winbind_group_list(char *user,char *gname, BOOL *winbind_answered)
306 gid_t *groups = NULL;
310 *winbind_answered = False;
313 * Get the gid's that this user belongs to.
316 if ((num_groups = winbind_getgroups(user, 0, NULL)) == -1)
319 if (num_groups == 0) {
320 *winbind_answered = True;
324 if ((groups = (gid_t *)malloc(sizeof(gid_t) * num_groups )) == NULL) {
325 DEBUG(0,("user_in_winbind_group_list: malloc fail.\n"));
329 if ((num_groups = winbind_getgroups(user, num_groups, groups)) == -1) {
330 DEBUG(0,("user_in_winbind_group_list: second winbind_getgroups call \
331 failed with error %s\n", strerror(errno) ));
336 * Now we have the gid list for this user - convert the gname
337 * to a gid_t via either winbind or the local UNIX lookup and do the comparison.
340 if ((gid = nametogid(gname)) == (gid_t)-1) {
341 DEBUG(0,("user_in_winbind_group_list: winbind_lookup_name for group %s failed.\n",
346 for (i = 0; i < num_groups; i++) {
347 if (gid == groups[i]) {
353 *winbind_answered = True;
359 *winbind_answered = False;
364 /****************************************************************************
365 Check if a user is in a UNIX group.
366 ****************************************************************************/
368 static BOOL user_in_unix_group_list(const char *user,const char *gname)
372 struct passwd *pass = Get_Pwnam(user);
374 DEBUG(10,("user_in_unix_group_list: checking user %s in group %s\n", user, gname));
377 * We need to check the users primary group as this
378 * group is implicit and often not listed in the group database.
382 gptr = getgrgid(pass->pw_gid);
383 if (gptr && strequal(gptr->gr_name,gname)) {
384 DEBUG(10,("user_in_unix_group_list: group %s is primary group.\n", gname ));
389 if ((gptr = (struct group *)getgrnam(gname)) == NULL) {
390 DEBUG(10,("user_in_unix_group_list: no such group %s\n", gname ));
394 member = gptr->gr_mem;
395 while (member && *member) {
396 DEBUG(10,("user_in_unix_group_list: checking user %s against member %s\n", user, *member ));
397 if (strequal(*member,user)) {
406 /****************************************************************************
407 Check if a user is in a group list. Ask winbind first, then use UNIX.
408 ****************************************************************************/
410 BOOL user_in_group_list(char *user,char *gname)
412 BOOL winbind_answered = False;
413 BOOL ret = user_in_winbind_group_list(user, gname, &winbind_answered);
415 if (winbind_answered)
418 return user_in_unix_group_list(user, gname);
421 /****************************************************************************
422 Check if a user is in a user list - can check combinations of UNIX
424 ****************************************************************************/
426 BOOL user_in_list(char *user,char **list)
429 if (!list || !*list) return False;
431 DEBUG(10,("user_in_list: checking user %s in list\n", user));
435 * Check raw username.
437 if (strequal(user, *list))
441 * Now check to see if any combination
442 * of UNIX and netgroups has been specified.
447 * Old behaviour. Check netgroup list
448 * followed by UNIX list.
450 if(user_in_netgroup_list(user, *list +1))
452 if(user_in_group_list(user, *list +1))
454 } else if (**list == '+') {
456 if((*(*list +1)) == '&') {
458 * Search UNIX list followed by netgroup.
460 if(user_in_group_list(user, *list +2))
462 if(user_in_netgroup_list(user, *list +2))
468 * Just search UNIX list.
471 if(user_in_group_list(user, *list +1))
475 } else if (**list == '&') {
477 if(*(*list +1) == '+') {
479 * Search netgroup list followed by UNIX list.
481 if(user_in_netgroup_list(user, *list +2))
483 if(user_in_group_list(user, *list +2))
487 * Just search netgroup list.
489 if(user_in_netgroup_list(user, *list +1))
499 /* The functions below have been taken from password.c and slightly modified */
500 /****************************************************************************
501 Apply a function to upper/lower case combinations
502 of a string and return true if one of them returns true.
503 Try all combinations with N uppercase letters.
504 offset is the first char to try and change (start with 0)
505 it assumes the string starts lowercased
506 ****************************************************************************/
508 static struct passwd *uname_string_combinations2(char *s,int offset,struct passwd *(*fn)(char *),int N)
510 ssize_t len = (ssize_t)strlen(s);
514 #ifdef PASSWORD_LENGTH
515 len = MIN(len,PASSWORD_LENGTH);
518 if (N <= 0 || offset >= len)
521 for (i=offset;i<(len-(N-1));i++) {
526 ret = uname_string_combinations2(s,i+1,fn,N-1);
534 /****************************************************************************
535 Apply a function to upper/lower case combinations
536 of a string and return true if one of them returns true.
537 Try all combinations with up to N uppercase letters.
538 offset is the first char to try and change (start with 0)
539 it assumes the string starts lowercased
540 ****************************************************************************/
542 static struct passwd * uname_string_combinations(char *s,struct passwd * (*fn)(char *),int N)
548 ret = uname_string_combinations2(s,0,fn,n);
556 /****************************************************************************
557 these wrappers allow appliance mode to work. In appliance mode the username
558 takes the form DOMAIN/user
559 ****************************************************************************/
560 struct passwd *smb_getpwnam(char *user, BOOL allow_change)
565 extern pstring global_myname;
568 pw = Get_Pwnam_Modify(user);
570 pw = Get_Pwnam(user);
574 /* if it is a domain qualified name and it isn't in our password
575 database but the domain portion matches our local machine name then
576 lookup just the username portion locally */
577 sep = lp_winbind_separator();
578 if (!sep || !*sep) sep = "\\";
579 p = strchr_m(user,*sep);
581 strncasecmp(global_myname, user, strlen(global_myname))==0) {
583 pw = Get_Pwnam_Modify(p+1);