2 Unix SMB/CIFS implementation.
3 Main SMB reply routines
4 Copyright (C) Andrew Tridgell 1992-1998
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 /****************************************************************************
24 Read the a hosts.equiv or .rhosts file and check if it
25 allows this user from this machine.
26 ****************************************************************************/
28 static BOOL check_user_equiv(const char *user, const char *remote, const char *equiv_file)
33 char **lines = file_lines_load(equiv_file, NULL);
36 DEBUG(5, ("check_user_equiv %s %s %s\n", user, remote, equiv_file));
37 if (! lines) return False;
38 for (i=0; lines[i]; i++) {
40 trim_string(buf," "," ");
42 if (buf[0] != '#' && buf[0] != '\n')
44 BOOL is_group = False;
47 if (strcmp(buf, "NO_PLUS\n") == 0)
49 DEBUG(6, ("check_user_equiv NO_PLUS\n"));
56 if (*bp == '\n' && plus_allowed)
58 /* a bare plus means everbody allowed */
59 DEBUG(6, ("check_user_equiv everybody allowed\n"));
60 file_lines_free(lines);
64 else if (buf[0] == '-')
74 file_host = strtok(bp, " \t\n");
75 file_user = strtok(NULL, " \t\n");
76 DEBUG(7, ("check_user_equiv %s %s\n", file_host ? file_host : "(null)",
77 file_user ? file_user : "(null)" ));
78 if (file_host && *file_host)
82 #if defined(HAVE_NETGROUP) && defined(HAVE_YP_GET_DEFAULT_DOMAIN)
85 static char *mydomain = NULL;
87 yp_get_default_domain(&mydomain);
88 if (mydomain && innetgr(file_host,remote,user,mydomain))
94 DEBUG(1,("Netgroups not configured\n"));
100 /* the fact that remote has come from a call of gethostbyaddr
101 * means that it may have the fully qualified domain name
102 * so we could look up the file version to get it into
103 * a canonical form, but I would rather just type it
104 * in full in the equiv file
106 if (!host_ok && !is_group && strequal(remote, file_host))
112 /* is it this user */
113 if (file_user == 0 || strequal(user, file_user))
115 DEBUG(5, ("check_user_equiv matched %s%s %s\n",
116 (plus ? "+" : "-"), file_host,
117 (file_user ? file_user : "")));
118 file_lines_free(lines);
119 return (plus ? True : False);
125 file_lines_free(lines);
130 /****************************************************************************
131 check for a possible hosts equiv or rhosts entry for the user
132 ****************************************************************************/
134 static BOOL check_hosts_equiv(struct passwd *pass)
141 fname = lp_hosts_equiv();
143 /* note: don't allow hosts.equiv on root */
144 if (fname && *fname && (pass->pw_uid != 0)) {
145 if (check_user_equiv(pass->pw_name,client_name(),fname))
153 /****************************************************************************
154 Check for a valid .rhosts/hosts.equiv entry for this user
155 ****************************************************************************/
157 static NTSTATUS check_hostsequiv_security(const struct auth_context *auth_context,
158 void *my_private_data,
160 const auth_usersupplied_info *user_info,
161 auth_serversupplied_info **server_info)
163 NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
164 struct passwd *pass = Get_Pwnam(user_info->internal_username.str);
167 if (check_hosts_equiv(pass)) {
168 nt_status = NT_STATUS_OK;
169 make_server_info_pw(server_info, pass);
172 nt_status = NT_STATUS_NO_SUCH_USER;
178 /* module initialisation */
179 BOOL auth_init_hostsequiv(struct auth_context *auth_context, auth_methods **auth_method)
181 if (!make_auth_methods(auth_context, auth_method)) {
185 (*auth_method)->auth = check_hostsequiv_security;
190 /****************************************************************************
191 Check for a valid .rhosts/hosts.equiv entry for this user
192 ****************************************************************************/
194 static NTSTATUS check_rhosts_security(const struct auth_context *auth_context,
195 void *my_private_data,
197 const auth_usersupplied_info *user_info,
198 auth_serversupplied_info **server_info)
200 NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
201 struct passwd *pass = Get_Pwnam(user_info->internal_username.str);
205 char *home = pass->pw_dir;
207 slprintf(rhostsfile, sizeof(rhostsfile)-1, "%s/.rhosts", home);
209 if (check_user_equiv(pass->pw_name,client_name(),rhostsfile)) {
210 nt_status = NT_STATUS_OK;
211 make_server_info_pw(server_info, pass);
216 nt_status = NT_STATUS_NO_SUCH_USER;
222 /* module initialisation */
223 BOOL auth_init_rhosts(struct auth_context *auth_context, auth_methods **auth_method)
225 if (!make_auth_methods(auth_context, auth_method)) {
229 (*auth_method)->auth = check_rhosts_security;