2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Jeremy Allison 1997-2001.
6 Copyright (C) Volker Lendecke 2006
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "lib/util/util_file.h"
24 #include "system/filesys.h"
26 #include "lib/gencache.h"
28 /*******************************************************************
29 Map a username from a dos name to a unix name by looking in the username
30 map. Note that this modifies the name in place.
31 This is the main function that should be called *once* on
32 any incoming or new username - in order to canonicalize the name.
33 This is being done to de-couple the case conversions from the user mapping
34 function. Previously, the map_username was being called
35 every time Get_Pwnam_alloc was called.
36 Returns True if username was changed, false otherwise.
37 ********************************************************************/
39 static char *last_from = NULL;
40 static char *last_to = NULL;
42 static const char *get_last_from(void)
50 static const char *get_last_to(void)
58 static bool set_last_from_to(const char *from, const char *to)
60 char *orig_from = last_from;
61 char *orig_to = last_to;
63 last_from = SMB_STRDUP(from);
64 last_to = SMB_STRDUP(to);
69 if (!last_from || !last_to) {
77 static char *skip_space(char *s)
79 while (isspace((int)(*s))) {
85 static bool fetch_map_from_gencache(TALLOC_CTX *ctx,
92 if (lp_username_map_cache_time() == 0) {
96 key = talloc_asprintf_strupper_m(ctx, "USERNAME_MAP/%s",
101 found = gencache_get(key, ctx, &value, NULL);
106 TALLOC_FREE(*p_user_out);
114 static void store_map_in_gencache(TALLOC_CTX *ctx, const char *from, const char *to)
117 int cache_time = lp_username_map_cache_time();
119 if (cache_time == 0) {
123 key = talloc_asprintf_strupper_m(ctx, "USERNAME_MAP/%s",
128 gencache_set(key, to, cache_time + time(NULL));
132 /****************************************************************************
133 Check if a user is in a netgroup user list. If at first we don't succeed,
135 ****************************************************************************/
137 bool user_in_netgroup(TALLOC_CTX *ctx, const char *user, const char *ngname)
139 #if defined(HAVE_NETGROUP) && defined(HAVE_INNETGR)
140 char nis_domain_buf[256];
141 const char *nis_domain = NULL;
142 char *lowercase_user = NULL;
144 if (getdomainname(nis_domain_buf, sizeof(nis_domain_buf)) == 0) {
145 nis_domain = &nis_domain_buf[0];
147 DEBUG(5,("Unable to get default yp domain, "
148 "let's try without specifying it\n"));
152 DEBUG(5,("looking for user %s of domain %s in netgroup %s\n",
153 user, nis_domain ? nis_domain : "(ANY)", ngname));
155 if (innetgr(ngname, NULL, user, nis_domain)) {
156 DEBUG(5,("user_in_netgroup: Found\n"));
161 * Ok, innetgr is case sensitive. Try once more with lowercase
162 * just in case. Attempt to fix #703. JRA.
164 lowercase_user = talloc_strdup(ctx, user);
165 if (!lowercase_user) {
168 if (!strlower_m(lowercase_user)) {
169 TALLOC_FREE(lowercase_user);
173 if (strcmp(user,lowercase_user) == 0) {
174 /* user name was already lower case! */
175 TALLOC_FREE(lowercase_user);
179 DEBUG(5,("looking for user %s of domain %s in netgroup %s\n",
180 lowercase_user, nis_domain ? nis_domain : "(ANY)", ngname));
182 if (innetgr(ngname, NULL, lowercase_user, nis_domain)) {
183 DEBUG(5,("user_in_netgroup: Found\n"));
184 TALLOC_FREE(lowercase_user);
187 #endif /* HAVE_NETGROUP and HAVE_INNETGR */
191 /****************************************************************************
192 Check if a user is in a user list - can check combinations of UNIX
194 ****************************************************************************/
196 bool user_in_list(TALLOC_CTX *ctx, const char *user, const char * const *list)
201 DEBUG(10,("user_in_list: checking user %s in list\n", user));
205 DEBUG(10,("user_in_list: checking user |%s| against |%s|\n",
209 * Check raw username.
211 if (strequal(user, *list))
215 * Now check to see if any combination
216 * of UNIX and netgroups has been specified.
221 * Old behaviour. Check netgroup list
222 * followed by UNIX list.
224 if(user_in_netgroup(ctx, user, *list +1))
226 if(user_in_group(user, *list +1))
228 } else if (**list == '+') {
230 if((*(*list +1)) == '&') {
232 * Search UNIX list followed by netgroup.
234 if(user_in_group(user, *list +2))
236 if(user_in_netgroup(ctx, user, *list +2))
242 * Just search UNIX list.
245 if(user_in_group(user, *list +1))
249 } else if (**list == '&') {
251 if(*(*list +1) == '+') {
253 * Search netgroup list followed by UNIX list.
255 if(user_in_netgroup(ctx, user, *list +2))
257 if(user_in_group(user, *list +2))
261 * Just search netgroup list.
263 if(user_in_netgroup(ctx, user, *list +1))
273 bool map_username(TALLOC_CTX *ctx, const char *user_in, char **p_user_out)
275 const struct loadparm_substitution *lp_sub =
276 loadparm_s3_global_substitution();
278 char *mapfile = lp_username_map(talloc_tos(), lp_sub);
281 bool mapped_user = False;
282 char *cmd = lp_username_map_script(talloc_tos(), lp_sub);
289 /* Initially make a copy of the incoming name. */
290 *p_user_out = talloc_strdup(ctx, user_in);
295 if (strequal(user_in,get_last_to()))
298 if (strequal(user_in,get_last_from())) {
299 DEBUG(3,("Mapped user %s to %s\n",user_in,get_last_to()));
300 TALLOC_FREE(*p_user_out);
301 *p_user_out = talloc_strdup(ctx, get_last_to());
305 if (fetch_map_from_gencache(ctx, user_in, p_user_out)) {
309 /* first try the username map script */
313 char *command = NULL;
314 int numlines, ret, fd;
316 command = talloc_asprintf(ctx,
324 DEBUG(10,("Running [%s]\n", command));
325 ret = smbrun(command, &fd, NULL);
326 DEBUGADD(10,("returned [%d]\n", ret));
328 TALLOC_FREE(command);
337 qlines = fd_lines_load(fd, &numlines, 0, ctx);
338 DEBUGADD(10,("Lines returned = [%d]\n", numlines));
341 /* should be either no lines or a single line with the mapped username */
343 if (numlines && qlines) {
344 DEBUG(3,("Mapped user %s to %s\n", user_in, qlines[0] ));
345 set_last_from_to(user_in, qlines[0]);
346 store_map_in_gencache(ctx, user_in, qlines[0]);
347 TALLOC_FREE(*p_user_out);
348 *p_user_out = talloc_strdup(ctx, qlines[0]);
356 return numlines != 0;
359 /* ok. let's try the mapfile */
363 f = fopen(mapfile, "r");
365 DEBUG(0,("can't open username map %s. Error %s\n",mapfile, strerror(errno) ));
369 DEBUG(4,("Scanning username map %s\n",mapfile));
371 while((s=fgets_slash(NULL,buf,sizeof(buf),f))!=NULL) {
373 char *dosname = strchr_m(unixname,'=');
375 bool return_if_mapped = False;
382 unixname = skip_space(unixname);
384 if ('!' == *unixname) {
385 return_if_mapped = True;
386 unixname = skip_space(unixname+1);
389 if (!*unixname || strchr_m("#;",*unixname))
393 int l = strlen(unixname);
394 while (l && isspace((int)unixname[l-1])) {
400 /* skip lines like 'user = ' */
402 dosuserlist = str_list_make_v3(ctx, dosname, NULL);
404 DEBUG(0,("Bad username map entry. Unable to build user list. Ignoring.\n"));
408 if (strchr_m(dosname,'*') ||
409 user_in_list(ctx, user_in, (const char * const *)dosuserlist)) {
410 DEBUG(3,("Mapped user %s to %s\n",user_in,unixname));
413 set_last_from_to(user_in, unixname);
414 store_map_in_gencache(ctx, user_in, unixname);
415 TALLOC_FREE(*p_user_out);
416 *p_user_out = talloc_strdup(ctx, unixname);
418 TALLOC_FREE(dosuserlist);
423 if ( return_if_mapped ) {
424 TALLOC_FREE(dosuserlist);
430 TALLOC_FREE(dosuserlist);
436 * If we didn't successfully map a user in the loop above,
437 * setup the last_from and last_to as an optimization so
438 * that we don't scan the file again for the same user.
441 DEBUG(8, ("The user '%s' has no mapping. "
442 "Skip it next time.\n", user_in));
443 set_last_from_to(user_in, user_in);
444 store_map_in_gencache(ctx, user_in, user_in);