2 Unix SMB/CIFS implementation.
3 Password and authentication handling
4 Copyright (C) Andrew Tridgell 1992-1998
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 /****************************************************************************
25 check if a uid has been validated, and return an pointer to the user_struct
26 if it has. NULL if not. vuid is biased by an offset. This allows us to
27 tell random client vuid's (normally zero) from valid vuids.
28 ****************************************************************************/
29 struct user_struct *get_valid_user_struct(struct server_context *smb, uint16 vuid)
34 if (vuid == UID_FIELD_INVALID)
37 for (usp=smb->users.validated_users;usp;usp=usp->next,count++) {
38 if (vuid == usp->vuid) {
40 DLIST_PROMOTE(smb->users.validated_users, usp);
49 /****************************************************************************
51 ****************************************************************************/
52 void invalidate_vuid(struct server_context *smb, uint16 vuid)
54 user_struct *vuser = get_valid_user_struct(smb, vuid);
59 data_blob_free(&vuser->session_key);
63 free_server_info(&vuser->server_info);
65 DLIST_REMOVE(smb->users.validated_users, vuser);
67 /* clear the vuid from the 'cache' on each connection, and
68 from the vuid 'owner' of connections */
69 /* REWRITE: conn_clear_vuid_cache(smb, vuid); */
71 delete_nt_token(&vuser->nt_user_token);
73 smb->users.num_validated_vuids--;
76 /****************************************************************************
77 invalidate all vuid entries for this process
78 ****************************************************************************/
79 void invalidate_all_vuids(struct server_context *smb)
81 user_struct *usp, *next=NULL;
83 for (usp=smb->users.validated_users;usp;usp=next) {
86 invalidate_vuid(smb, usp->vuid);
91 * register that a valid login has been performed, establish 'session'.
92 * @param server_info The token returned from the authentication process.
93 * (now 'owned' by register_vuid)
95 * @param session_key The User session key for the login session (now also 'owned' by register_vuid)
97 * @param smb_name The untranslated name of the user
99 * @return Newly allocated vuid, biased by an offset. (This allows us to
100 * tell random client vuid's (normally zero) from valid vuids.)
104 int register_vuid(struct server_context *smb,
105 struct auth_serversupplied_info *server_info,
106 DATA_BLOB *session_key,
107 const char *smb_name)
109 user_struct *vuser = NULL;
111 /* Ensure no vuid gets registered in share level security. */
112 if(lp_security() == SEC_SHARE)
113 return UID_FIELD_INVALID;
115 /* Limit allowed vuids to 16bits - VUID_OFFSET. */
116 if (smb->users.num_validated_vuids >= 0xFFFF-VUID_OFFSET)
117 return UID_FIELD_INVALID;
119 if((vuser = (user_struct *)malloc( sizeof(user_struct) )) == NULL) {
120 DEBUG(0,("Failed to malloc users struct!\n"));
121 return UID_FIELD_INVALID;
126 /* Allocate a free vuid. Yes this is a linear search... :-) */
127 while (get_valid_user_struct(smb, smb->users.next_vuid) != NULL ) {
128 smb->users.next_vuid++;
129 /* Check for vuid wrap. */
130 if (smb->users.next_vuid == UID_FIELD_INVALID)
131 smb->users.next_vuid = VUID_OFFSET;
134 DEBUG(10,("register_vuid: allocated vuid = %u\n",
135 (unsigned int)smb->users.next_vuid));
137 vuser->vuid = smb->users.next_vuid;
139 vuser->guest = server_info->guest;
141 vuser->session_key = *session_key;
143 DEBUG(10,("register_vuid: guest=%d\n", vuser->guest ));
145 if (server_info->ptok) {
146 vuser->nt_user_token = dup_nt_token(server_info->ptok);
148 DEBUG(1, ("server_info does not contain a user_token - cannot continue\n"));
149 free_server_info(&server_info);
152 return UID_FIELD_INVALID;
155 /* use this to keep tabs on all our info from the authentication */
156 vuser->server_info = server_info;
158 smb->users.next_vuid++;
159 smb->users.num_validated_vuids++;
161 DLIST_ADD(smb->users.validated_users, vuser);
163 if (!session_claim(smb, vuser)) {
164 DEBUG(1,("Failed to claim session for vuid=%d\n", vuser->vuid));
165 invalidate_vuid(smb, vuser->vuid);
173 /****************************************************************************
174 add a name to the session users list
175 ****************************************************************************/
176 void add_session_user(struct server_context *smb, const char *user)
179 struct passwd *passwd;
181 if (!(passwd = Get_Pwnam(user))) return;
183 suser = strdup(passwd->pw_name);
188 if (suser && *suser && !in_list(suser,smb->users.session_users,False)) {
190 if (!smb->users.session_users) {
191 asprintf(&p, "%s", suser);
193 asprintf(&p, "%s %s", smb->users.session_users, suser);
195 SAFE_FREE(smb->users.session_users);
196 smb->users.session_users = p;
203 /****************************************************************************
204 check if a username is valid
205 ****************************************************************************/
206 BOOL user_ok(const char *user,int snum, gid_t *groups, size_t n_groups)
208 char **valid, **invalid;
211 valid = invalid = NULL;
214 if (lp_invalid_users(snum)) {
215 str_list_copy(&invalid, lp_invalid_users(snum));
216 if (invalid && str_list_substitute(invalid, "%S", lp_servicename(snum))) {
217 ret = !user_in_list(user, (const char **)invalid, groups, n_groups);
221 str_list_free (&invalid);
223 if (ret && lp_valid_users(snum)) {
224 str_list_copy(&valid, lp_valid_users(snum));
225 if (valid && str_list_substitute(valid, "%S", lp_servicename(snum))) {
226 ret = user_in_list(user, (const char **)valid, groups, n_groups);
230 str_list_free (&valid);
232 if (ret && lp_onlyuser(snum)) {
233 char **user_list = str_list_make (lp_username(snum), NULL);
234 if (user_list && str_list_substitute(user_list, "%S", lp_servicename(snum))) {
235 ret = user_in_list(user, (const char **)user_list, groups, n_groups);
237 if (user_list) str_list_free (&user_list);