return(ret);
}
-
-/****************************************************************************
-validate a group username entry. Return the username or NULL
-****************************************************************************/
-static const char *validate_group(struct server_context *smb, const char *group, DATA_BLOB password,int snum)
-{
-#ifdef HAVE_GETGRENT
- {
- struct group *gptr;
- setgrent();
- while ((gptr = (struct group *)getgrent())) {
- if (strequal(gptr->gr_name,group))
- break;
- }
-
- /*
- * As user_ok can recurse doing a getgrent(), we must
- * copy the member list into a pstring on the stack before
- * use. Bug pointed out by leon@eatworms.swmed.edu.
- */
-
- if (gptr) {
- pstring member_list;
- char *member;
- size_t copied_len = 0;
- int i;
-
- *member_list = '\0';
- member = member_list;
-
- for(i = 0; gptr->gr_mem && gptr->gr_mem[i]; i++) {
- size_t member_len = strlen(gptr->gr_mem[i]) + 1;
- if( copied_len + member_len < sizeof(pstring)) {
-
- DEBUG(10,("validate_group: = gr_mem = %s\n", gptr->gr_mem[i]));
-
- safe_strcpy(member, gptr->gr_mem[i], sizeof(pstring) - copied_len - 1);
- copied_len += member_len;
- member += copied_len;
- } else {
- *member = '\0';
- }
- }
-
- endgrent();
-
- member = member_list;
- while (*member) {
- const char *name = member;
- if (user_ok(name,snum, NULL, 0) &&
- password_ok(smb,name,password)) {
- endgrent();
- return(&name[0]);
- }
-
- DEBUG(10,("validate_group = member = %s\n", member));
-
- member += strlen(member) + 1;
- }
- } else {
- endgrent();
- return NULL;
- }
- }
-#endif
- return(NULL);
-}
-
-/****************************************************************************
- Check for authority to login to a service with a given username/password.
- Note this is *NOT* used when logging on using sessionsetup_and_X.
-****************************************************************************/
-
-BOOL authorise_login(struct server_context *smb,
- int snum, const char *user, DATA_BLOB password,
- BOOL *guest)
-{
- BOOL ok = False;
-
-#if DEBUG_PASSWORD
- DEBUG(100,("authorise_login: checking authorisation on user=%s pass=%s\n",
- user,password.data));
-#endif
-
- *guest = False;
-
- /* there are several possibilities:
- 1) login as the given user with given password
- 2) login as a previously registered username with the given password
- 3) login as a session list username with the given password
- 4) login as a previously validated user/password pair
- 5) login as the "user =" user with given password
- 6) login as the "user =" user with no password (guest connection)
- 7) login as guest user with no password
-
- if the service is guest_only then steps 1 to 5 are skipped
- */
-
- /* now check the list of session users */
- if (!ok) {
- char *auser;
- char *user_list = strdup(smb->users.session_users);
- if (!user_list)
- return(False);
-
- for (auser=strtok(user_list,LIST_SEP); !ok && auser;
- auser = strtok(NULL,LIST_SEP)) {
- const char *user2 = auser;
-
- if (!user_ok(user2,snum, NULL, 0))
- continue;
-
- if (password_ok(smb, user2,password)) {
- ok = True;
- DEBUG(3,("authorise_login: ACCEPTED: session list username (%s) \
-and given password ok\n", user2));
- }
- }
-
- SAFE_FREE(user_list);
- }
-
- /* check the user= fields and the given password */
- if (!ok && lp_username(snum)) {
- const char *auser;
- pstring user_list;
- StrnCpy(user_list,lp_username(snum),sizeof(pstring));
-
- pstring_sub(user_list,"%S",lp_servicename(snum));
-
- for (auser=strtok(user_list,LIST_SEP); auser && !ok;
- auser = strtok(NULL,LIST_SEP)) {
- if (*auser == '@') {
- auser = validate_group(smb, auser+1,password,snum);
- if (auser) {
- ok = True;
- DEBUG(3,("authorise_login: ACCEPTED: group username \
-and given password ok (%s)\n", auser));
- }
- } else {
- const char *user2 = auser;
- if (user_ok(user2,snum, NULL, 0) && password_ok(smb, user2,password)) {
- ok = True;
- DEBUG(3,("authorise_login: ACCEPTED: user list username \
-and given password ok (%s)\n", user2));
- }
- }
- }
- }
-
- /* check for a normal guest connection */
- if (!ok && GUEST_OK(snum)) {
- const char *guestname = lp_guestaccount();
- if (Get_Pwnam(guestname)) {
- ok = True;
- DEBUG(3,("authorise_login: ACCEPTED: guest account and guest ok (%s)\n", guestname));
- } else {
- DEBUG(0,("authorise_login: Invalid guest account %s??\n",guestname));
- }
- *guest = True;
- }
-
- if (ok && !user_ok(user, snum, NULL, 0)) {
- DEBUG(0,("authorise_login: rejected invalid user %s\n",user));
- ok = False;
- }
-
- return(ok);
-}
git.samba.org / ira / wip.git / commitdiff