2 Unix SMB/Netbios implementation.
5 Copyright (C) Andrew Tridgell 1992-1998
6 Copyright (C) Jeremy Allison 1997-2001.
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 /* internal functions */
26 static struct passwd *uname_string_combinations(char *s, struct passwd * (*fn) (const char *), int N);
27 static struct passwd *uname_string_combinations2(char *s, int offset, struct passwd * (*fn) (const char *), int N);
29 /*****************************************************************
30 Check if a user or group name is local (this is a *local* name for
31 *local* people, there's nothing for you here...).
32 *****************************************************************/
34 BOOL name_is_local(const char *name)
36 return !strchr_m(name, *lp_winbind_separator());
39 /****************************************************************************
40 Get a users home directory.
41 ****************************************************************************/
43 char *get_user_home_dir(const char *user)
45 static struct passwd *pass;
47 pass = Get_Pwnam(user);
54 /*******************************************************************
55 Map a username from a dos name to a unix name by looking in the username
56 map. Note that this modifies the name in place.
57 This is the main function that should be called *once* on
58 any incoming or new username - in order to canonicalize the name.
59 This is being done to de-couple the case conversions from the user mapping
60 function. Previously, the map_username was being called
61 every time Get_Pwnam was called.
62 Returns True if username was changed, false otherwise.
63 ********************************************************************/
65 BOOL map_username(char *user)
67 static BOOL initialised=False;
68 static fstring last_from,last_to;
70 char *mapfile = lp_username_map();
73 BOOL mapped_user = False;
82 *last_from = *last_to = 0;
86 if (strequal(user,last_to))
89 if (strequal(user,last_from)) {
90 DEBUG(3,("Mapped user %s to %s\n",user,last_to));
91 fstrcpy(user,last_to);
95 f = x_fopen(mapfile,O_RDONLY, 0);
97 DEBUG(0,("can't open username map %s. Error %s\n",mapfile, strerror(errno) ));
101 DEBUG(4,("Scanning username map %s\n",mapfile));
103 while((s=fgets_slash(buf,sizeof(buf),f))!=NULL) {
105 char *dosname = strchr_m(unixname,'=');
107 BOOL return_if_mapped = False;
114 while (isspace(*unixname))
117 if ('!' == *unixname) {
118 return_if_mapped = True;
120 while (*unixname && isspace(*unixname))
124 if (!*unixname || strchr_m("#;",*unixname))
128 int l = strlen(unixname);
129 while (l && isspace(unixname[l-1])) {
135 dosuserlist = lp_list_make(dosname);
137 DEBUG(0,("Unable to build user list\n"));
141 if (strchr_m(dosname,'*') || user_in_list(user, dosuserlist)) {
142 DEBUG(3,("Mapped user %s to %s\n",user,unixname));
144 fstrcpy(last_from,user);
145 sscanf(unixname,"%s",user);
146 fstrcpy(last_to,user);
147 if(return_if_mapped) {
148 lp_list_free (&dosuserlist);
154 lp_list_free (&dosuserlist);
160 * Setup the last_from and last_to as an optimization so
161 * that we don't scan the file again for the same user.
163 fstrcpy(last_from,user);
164 fstrcpy(last_to,user);
169 /****************************************************************************
171 ****************************************************************************/
173 static struct passwd *_Get_Pwnam(const char *s)
177 ret = sys_getpwnam(s);
179 #ifdef HAVE_GETPWANAM
180 struct passwd_adjunct *pwret;
181 pwret = getpwanam(s);
182 if (pwret && pwret->pwa_passwd)
183 pstrcpy(ret->pw_passwd,pwret->pwa_passwd);
191 /****************************************************************************
192 * A wrapper for getpwnam(). The following variations are tried:
194 * - in all lower case if this differs from transmitted
195 * - in all upper case if this differs from transmitted
196 * - using lp_usernamelevel() for permutations.
197 ****************************************************************************/
199 struct passwd *Get_Pwnam_internals(const char *user, char *user2)
201 struct passwd *ret = NULL;
203 if (!user2 || !(*user2))
206 if (!user || !(*user))
209 /* Try in all lower case first as this is the most
210 common case on UNIX systems */
212 DEBUG(5,("Trying _Get_Pwnam(), username as lowercase is %s\n",user2));
213 ret = _Get_Pwnam(user2);
217 /* Try as given, if username wasn't originally lowercase */
218 if(strcmp(user,user2) != 0) {
219 DEBUG(5,("Trying _Get_Pwnam(), username as given is %s\n",user));
220 ret = _Get_Pwnam(user);
225 /* Try as uppercase, if username wasn't originally uppercase */
227 if(strcmp(user,user2) != 0) {
228 DEBUG(5,("Trying _Get_Pwnam(), username as uppercase is %s\n",user2));
229 ret = _Get_Pwnam(user2);
234 /* Try all combinations up to usernamelevel */
236 DEBUG(5,("Checking combinations of %d uppercase letters in %s\n",lp_usernamelevel(),user2));
237 ret = uname_string_combinations(user2, _Get_Pwnam, lp_usernamelevel());
240 DEBUG(5,("Get_Pwnam %s find a valid username!\n",ret ? "did":"didn't"));
244 /****************************************************************************
245 Get_Pwnam wrapper for modification.
246 NOTE: This can potentially modify 'user'!
247 ****************************************************************************/
249 struct passwd *Get_Pwnam_Modify(char *user)
254 fstrcpy(user2, user);
256 ret = Get_Pwnam_internals(user, user2);
258 /* If caller wants the modified username, ensure they get it */
261 /* We can safely assume ret is NULL if none of the above succeed */
265 /****************************************************************************
266 Get_Pwnam wrapper without modification.
267 NOTE: This with NOT modify 'user'!
268 ****************************************************************************/
270 struct passwd *Get_Pwnam(const char *user)
275 fstrcpy(user2, user);
277 ret = Get_Pwnam_internals(user, user2);
279 /* We can safely assume ret is NULL if none of the above succeed */
283 /****************************************************************************
284 Check if a user is in a netgroup user list.
285 ****************************************************************************/
287 static BOOL user_in_netgroup_list(const char *user, const char *ngname)
290 static char *mydomain = NULL;
291 if (mydomain == NULL)
292 yp_get_default_domain(&mydomain);
294 if(mydomain == NULL) {
295 DEBUG(5,("Unable to get default yp domain\n"));
299 DEBUG(5,("looking for user %s of domain %s in netgroup %s\n",
300 user, mydomain, ngname));
301 DEBUG(5,("innetgr is %s\n", innetgr(ngname, NULL, user, mydomain)
302 ? "TRUE" : "FALSE"));
304 if (innetgr(ngname, NULL, user, mydomain))
306 #endif /* HAVE_NETGROUP */
310 /****************************************************************************
311 Check if a user is in a winbind group.
312 ****************************************************************************/
314 static BOOL user_in_winbind_group_list(const char *user, const char *gname, BOOL *winbind_answered)
318 gid_t *groups = NULL;
322 *winbind_answered = False;
325 * Get the gid's that this user belongs to.
328 if ((num_groups = winbind_getgroups(user, 0, NULL)) == -1)
331 if (num_groups == 0) {
332 *winbind_answered = True;
336 if ((groups = (gid_t *)malloc(sizeof(gid_t) * num_groups )) == NULL) {
337 DEBUG(0,("user_in_winbind_group_list: malloc fail.\n"));
341 if ((num_groups = winbind_getgroups(user, num_groups, groups)) == -1) {
342 DEBUG(0,("user_in_winbind_group_list: second winbind_getgroups call \
343 failed with error %s\n", strerror(errno) ));
348 * Now we have the gid list for this user - convert the gname
349 * to a gid_t via either winbind or the local UNIX lookup and do the comparison.
352 if ((gid = nametogid(gname)) == (gid_t)-1) {
353 DEBUG(0,("user_in_winbind_group_list: winbind_lookup_name for group %s failed.\n",
358 for (i = 0; i < num_groups; i++) {
359 if (gid == groups[i]) {
365 *winbind_answered = True;
371 *winbind_answered = False;
376 /****************************************************************************
377 Check if a user is in a UNIX group.
378 ****************************************************************************/
380 static BOOL user_in_unix_group_list(const char *user,const char *gname)
384 struct passwd *pass = Get_Pwnam(user);
386 DEBUG(10,("user_in_unix_group_list: checking user %s in group %s\n", user, gname));
389 * We need to check the users primary group as this
390 * group is implicit and often not listed in the group database.
394 if (strequal(gname,gidtoname(pass->pw_gid))) {
395 DEBUG(10,("user_in_unix_group_list: group %s is primary group.\n", gname ));
400 if ((gptr = (struct group *)getgrnam(gname)) == NULL) {
401 DEBUG(10,("user_in_unix_group_list: no such group %s\n", gname ));
405 member = gptr->gr_mem;
406 while (member && *member) {
407 DEBUG(10,("user_in_unix_group_list: checking user %s against member %s\n", user, *member ));
408 if (strequal(*member,user)) {
417 /****************************************************************************
418 Check if a user is in a group list. Ask winbind first, then use UNIX.
419 ****************************************************************************/
421 BOOL user_in_group_list(const char *user, const char *gname)
423 BOOL winbind_answered = False;
426 ret = user_in_winbind_group_list(user, gname, &winbind_answered);
427 if (!winbind_answered)
428 ret = user_in_unix_group_list(user, gname);
431 DEBUG(10,("user_in_group_list: user |%s| is in group |%s|\n", user, gname));
435 /****************************************************************************
436 Check if a user is in a user list - can check combinations of UNIX
438 ****************************************************************************/
440 BOOL user_in_list(const char *user,char **list)
445 DEBUG(10,("user_in_list: checking user %s in list\n", user));
449 DEBUG(10,("user_in_list: checking user |%s| in group |%s|\n", user, *list));
452 * Check raw username.
454 if (strequal(user, *list))
458 * Now check to see if any combination
459 * of UNIX and netgroups has been specified.
464 * Old behaviour. Check netgroup list
465 * followed by UNIX list.
467 if(user_in_netgroup_list(user, *list +1))
469 if(user_in_group_list(user, *list +1))
471 } else if (**list == '+') {
473 if((*(*list +1)) == '&') {
475 * Search UNIX list followed by netgroup.
477 if(user_in_group_list(user, *list +2))
479 if(user_in_netgroup_list(user, *list +2))
485 * Just search UNIX list.
488 if(user_in_group_list(user, *list +1))
492 } else if (**list == '&') {
494 if(*(*list +1) == '+') {
496 * Search netgroup list followed by UNIX list.
498 if(user_in_netgroup_list(user, *list +2))
500 if(user_in_group_list(user, *list +2))
504 * Just search netgroup list.
506 if(user_in_netgroup_list(user, *list +1))
509 } else if (!name_is_local(*list)) {
511 * If user name did not match and token is not
512 * a unix group and the token has a winbind separator in the
513 * name then see if it is a Windows group.
517 enum SID_NAME_USE name_type;
518 BOOL winbind_answered = False;
521 /* Check to see if name is a Windows group */
522 if (winbind_lookup_name(*list, &g_sid, &name_type) && name_type == SID_NAME_DOM_GRP) {
524 /* Check if user name is in the Windows group */
525 ret = user_in_winbind_group_list(user, *list, &winbind_answered);
527 if (winbind_answered && ret == True) {
528 DEBUG(10,("user_in_list: user |%s| is in group |%s|\n", user, *list));
539 /* The functions below have been taken from password.c and slightly modified */
540 /****************************************************************************
541 Apply a function to upper/lower case combinations
542 of a string and return true if one of them returns true.
543 Try all combinations with N uppercase letters.
544 offset is the first char to try and change (start with 0)
545 it assumes the string starts lowercased
546 ****************************************************************************/
548 static struct passwd *uname_string_combinations2(char *s,int offset,struct passwd *(*fn)(const char *),int N)
550 ssize_t len = (ssize_t)strlen(s);
554 #ifdef PASSWORD_LENGTH
555 len = MIN(len,PASSWORD_LENGTH);
558 if (N <= 0 || offset >= len)
561 for (i=offset;i<(len-(N-1));i++) {
566 ret = uname_string_combinations2(s,i+1,fn,N-1);
574 /****************************************************************************
575 Apply a function to upper/lower case combinations
576 of a string and return true if one of them returns true.
577 Try all combinations with up to N uppercase letters.
578 offset is the first char to try and change (start with 0)
579 it assumes the string starts lowercased
580 ****************************************************************************/
582 static struct passwd * uname_string_combinations(char *s,struct passwd * (*fn)(const char *),int N)
588 ret = uname_string_combinations2(s,0,fn,n);
595 /****************************************************************************
596 These wrappers allow appliance mode to work. In appliance mode the username
597 takes the form DOMAIN/user.
598 ****************************************************************************/
600 struct passwd *smb_getpwnam(char *user, BOOL allow_change)
605 extern pstring global_myname;
608 pw = Get_Pwnam_Modify(user);
610 pw = Get_Pwnam(user);
616 * If it is a domain qualified name and it isn't in our password
617 * database but the domain portion matches our local machine name then
618 * lookup just the username portion locally.
621 sep = lp_winbind_separator();
622 p = strchr_m(user,*sep);
623 if (p && strncasecmp(global_myname, user, strlen(global_myname))==0) {
625 pw = Get_Pwnam_Modify(p+1);