2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Jeremy Allison 1997-2001.
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 /* internal functions */
25 static struct passwd *uname_string_combinations(char *s, struct passwd * (*fn) (const char *), int N);
26 static struct passwd *uname_string_combinations2(char *s, int offset, struct passwd * (*fn) (const char *), int N);
28 /*****************************************************************
29 Check if a user or group name is local (this is a *local* name for
30 *local* people, there's nothing for you here...).
31 *****************************************************************/
33 BOOL name_is_local(const char *name)
35 return !(strchr_m(name, *lp_winbind_separator()));
38 /*****************************************************************
39 Splits passed user or group name to domain and user/group name parts
40 Returns True if name was splitted and False otherwise.
41 *****************************************************************/
43 BOOL split_domain_and_name(const char *name, char *domain, char* username)
45 char *p = strchr(name,*lp_winbind_separator());
48 /* Parse a string of the form DOMAIN/user into a domain and a user */
49 DEBUG(10,("split_domain_and_name: checking whether name |%s| local or not\n", name));
52 fstrcpy(username, p+1);
53 fstrcpy(domain, name);
54 domain[PTR_DIFF(p, name)] = 0;
55 } else if (lp_winbind_use_default_domain()) {
56 fstrcpy(username, name);
57 fstrcpy(domain, lp_workgroup());
61 DEBUG(10,("split_domain_and_name: all is fine, domain is |%s| and name is |%s|\n", domain, username));
65 /****************************************************************************
66 Get a users home directory.
67 ****************************************************************************/
69 char *get_user_home_dir(const char *user)
71 static struct passwd *pass;
73 /* Ensure the user exists. */
75 pass = Get_Pwnam(user);
79 /* Return home directory from struct passwd. */
84 /****************************************************************************
85 Get a users service home directory.
86 ****************************************************************************/
88 char *get_user_service_home_dir(const char *user)
90 static struct passwd *pass;
93 /* Ensure the user exists. */
95 pass = Get_Pwnam(user);
100 /* If a path is specified in [homes] then use it instead of the
101 user's home directory from struct passwd. */
103 if ((snum = lp_servicenumber(HOMES_NAME)) != -1) {
104 static pstring home_dir;
106 pstrcpy(home_dir, lp_pathname(snum));
107 standard_sub_home(snum, user, home_dir);
113 /* Return home directory from struct passwd. */
115 return(pass->pw_dir);
118 /*******************************************************************
119 Map a username from a dos name to a unix name by looking in the username
120 map. Note that this modifies the name in place.
121 This is the main function that should be called *once* on
122 any incoming or new username - in order to canonicalize the name.
123 This is being done to de-couple the case conversions from the user mapping
124 function. Previously, the map_username was being called
125 every time Get_Pwnam was called.
126 Returns True if username was changed, false otherwise.
127 ********************************************************************/
129 BOOL map_username(char *user)
131 static BOOL initialised=False;
132 static fstring last_from,last_to;
134 char *mapfile = lp_username_map();
137 BOOL mapped_user = False;
146 *last_from = *last_to = 0;
150 if (strequal(user,last_to))
153 if (strequal(user,last_from)) {
154 DEBUG(3,("Mapped user %s to %s\n",user,last_to));
155 fstrcpy(user,last_to);
159 f = x_fopen(mapfile,O_RDONLY, 0);
161 DEBUG(0,("can't open username map %s. Error %s\n",mapfile, strerror(errno) ));
165 DEBUG(4,("Scanning username map %s\n",mapfile));
167 while((s=fgets_slash(buf,sizeof(buf),f))!=NULL) {
169 char *dosname = strchr_m(unixname,'=');
171 BOOL return_if_mapped = False;
178 while (isspace((int)*unixname))
181 if ('!' == *unixname) {
182 return_if_mapped = True;
184 while (*unixname && isspace((int)*unixname))
188 if (!*unixname || strchr_m("#;",*unixname))
192 int l = strlen(unixname);
193 while (l && isspace((int)unixname[l-1])) {
199 dosuserlist = lp_list_make(dosname);
201 DEBUG(0,("Unable to build user list\n"));
205 if (strchr_m(dosname,'*') || user_in_list(user, dosuserlist)) {
206 DEBUG(3,("Mapped user %s to %s\n",user,unixname));
208 fstrcpy(last_from,user);
209 sscanf(unixname,"%s",user);
210 fstrcpy(last_to,user);
211 if(return_if_mapped) {
212 lp_list_free (&dosuserlist);
218 lp_list_free (&dosuserlist);
224 * Setup the last_from and last_to as an optimization so
225 * that we don't scan the file again for the same user.
227 fstrcpy(last_from,user);
228 fstrcpy(last_to,user);
233 /****************************************************************************
234 * A wrapper for sys_getpwnam(). The following variations are tried:
236 * - in all lower case if this differs from transmitted
237 * - in all upper case if this differs from transmitted
238 * - using lp_usernamelevel() for permutations.
239 ****************************************************************************/
241 static struct passwd *Get_Pwnam_internals(const char *user, char *user2)
243 struct passwd *ret = NULL;
245 if (!user2 || !(*user2))
248 if (!user || !(*user))
251 /* Try in all lower case first as this is the most
252 common case on UNIX systems */
254 DEBUG(5,("Trying _Get_Pwnam(), username as lowercase is %s\n",user2));
255 ret = sys_getpwnam(user2);
259 /* Try as given, if username wasn't originally lowercase */
260 if(strcmp(user, user2) != 0) {
261 DEBUG(5,("Trying _Get_Pwnam(), username as given is %s\n", user));
262 ret = sys_getpwnam(user);
267 /* Try as uppercase, if username wasn't originally uppercase */
269 if(strcmp(user, user2) != 0) {
270 DEBUG(5,("Trying _Get_Pwnam(), username as uppercase is %s\n", user2));
271 ret = sys_getpwnam(user2);
276 /* Try all combinations up to usernamelevel */
278 DEBUG(5,("Checking combinations of %d uppercase letters in %s\n", lp_usernamelevel(), user2));
279 ret = uname_string_combinations(user2, sys_getpwnam, lp_usernamelevel());
282 DEBUG(5,("Get_Pwnam_internals %s find user [%s]!\n",ret ? "did":"didn't", user));
286 /****************************************************************************
287 Get_Pwnam wrapper for modification.
288 NOTE: This can potentially modify 'user'!
289 ****************************************************************************/
291 struct passwd *Get_Pwnam_Modify(char *user)
296 fstrcpy(user2, user);
298 ret = Get_Pwnam_internals(user, user2);
300 /* If caller wants the modified username, ensure they get it */
303 /* We can safely assume ret is NULL if none of the above succeed */
307 /****************************************************************************
308 Get_Pwnam wrapper without modification.
309 NOTE: This with NOT modify 'user'!
310 ****************************************************************************/
312 struct passwd *Get_Pwnam(const char *user)
317 fstrcpy(user2, user);
319 DEBUG(5,("Finding user %s\n", user));
321 ret = Get_Pwnam_internals(user, user2);
323 DEBUG(5,("Get_Pwnam %s find user [%s]!\n",ret ? "did":"didn't", user));
328 /****************************************************************************
329 Check if a user is in a netgroup user list.
330 ****************************************************************************/
332 static BOOL user_in_netgroup_list(const char *user, const char *ngname)
335 static char *mydomain = NULL;
336 if (mydomain == NULL)
337 yp_get_default_domain(&mydomain);
339 if(mydomain == NULL) {
340 DEBUG(5,("Unable to get default yp domain\n"));
344 DEBUG(5,("looking for user %s of domain %s in netgroup %s\n",
345 user, mydomain, ngname));
346 DEBUG(5,("innetgr is %s\n", innetgr(ngname, NULL, user, mydomain)
347 ? "TRUE" : "FALSE"));
349 if (innetgr(ngname, NULL, user, mydomain))
351 #endif /* HAVE_NETGROUP */
355 /****************************************************************************
356 Check if a user is in a winbind group.
357 ****************************************************************************/
359 static BOOL user_in_winbind_group_list(const char *user, const char *gname, BOOL *winbind_answered)
363 gid_t *groups = NULL;
367 *winbind_answered = False;
370 * Get the gid's that this user belongs to.
373 if ((num_groups = winbind_getgroups(user, 0, NULL)) == -1)
376 if (num_groups == 0) {
377 *winbind_answered = True;
381 if ((groups = (gid_t *)malloc(sizeof(gid_t) * num_groups )) == NULL) {
382 DEBUG(0,("user_in_winbind_group_list: malloc fail.\n"));
386 if ((num_groups = winbind_getgroups(user, num_groups, groups)) == -1) {
387 DEBUG(0,("user_in_winbind_group_list: second winbind_getgroups call \
388 failed with error %s\n", strerror(errno) ));
393 * Now we have the gid list for this user - convert the gname
394 * to a gid_t via either winbind or the local UNIX lookup and do the comparison.
397 if ((gid = nametogid(gname)) == (gid_t)-1) {
398 DEBUG(0,("user_in_winbind_group_list: winbind_lookup_name for group %s failed.\n",
403 for (i = 0; i < num_groups; i++) {
404 if (gid == groups[i]) {
410 *winbind_answered = True;
416 *winbind_answered = False;
421 /****************************************************************************
422 Check if a user is in a UNIX group.
423 ****************************************************************************/
425 static BOOL user_in_unix_group_list(const char *user,const char *gname)
427 struct passwd *pass = Get_Pwnam(user);
428 struct sys_userlist *user_list;
429 struct sys_userlist *member;
431 DEBUG(10,("user_in_unix_group_list: checking user %s in group %s\n", user, gname));
434 * We need to check the users primary group as this
435 * group is implicit and often not listed in the group database.
439 if (strequal(gname,gidtoname(pass->pw_gid))) {
440 DEBUG(10,("user_in_unix_group_list: group %s is primary group.\n", gname ));
445 user_list = get_users_in_group(gname);
446 if (user_list == NULL) {
447 DEBUG(10,("user_in_unix_group_list: no such group %s\n", gname ));
451 for (member = user_list; member; member = member->next) {
452 DEBUG(10,("user_in_unix_group_list: checking user %s against member %s\n",
453 user, member->unix_name ));
454 if (strequal(member->unix_name,user)) {
455 free_userlist(user_list);
460 free_userlist(user_list);
464 /****************************************************************************
465 Check if a user is in a group list. Ask winbind first, then use UNIX.
466 ****************************************************************************/
468 BOOL user_in_group_list(const char *user, const char *gname)
470 BOOL winbind_answered = False;
473 ret = user_in_winbind_group_list(user, gname, &winbind_answered);
474 if (!winbind_answered)
475 ret = user_in_unix_group_list(user, gname);
478 DEBUG(10,("user_in_group_list: user |%s| is in group |%s|\n", user, gname));
482 /****************************************************************************
483 Check if a user is in a user list - can check combinations of UNIX
485 ****************************************************************************/
487 BOOL user_in_list(const char *user,char **list)
492 DEBUG(10,("user_in_list: checking user %s in list\n", user));
496 DEBUG(10,("user_in_list: checking user |%s| in group |%s|\n", user, *list));
499 * Check raw username.
501 if (strequal(user, *list))
505 * Now check to see if any combination
506 * of UNIX and netgroups has been specified.
511 * Old behaviour. Check netgroup list
512 * followed by UNIX list.
514 if(user_in_netgroup_list(user, *list +1))
516 if(user_in_group_list(user, *list +1))
518 } else if (**list == '+') {
520 if((*(*list +1)) == '&') {
522 * Search UNIX list followed by netgroup.
524 if(user_in_group_list(user, *list +2))
526 if(user_in_netgroup_list(user, *list +2))
532 * Just search UNIX list.
535 if(user_in_group_list(user, *list +1))
539 } else if (**list == '&') {
541 if(*(*list +1) == '+') {
543 * Search netgroup list followed by UNIX list.
545 if(user_in_netgroup_list(user, *list +2))
547 if(user_in_group_list(user, *list +2))
551 * Just search netgroup list.
553 if(user_in_netgroup_list(user, *list +1))
556 } else if (!name_is_local(*list)) {
558 * If user name did not match and token is not
559 * a unix group and the token has a winbind separator in the
560 * name then see if it is a Windows group.
564 enum SID_NAME_USE name_type;
565 BOOL winbind_answered = False;
567 fstring groupname, domain;
569 /* Parse a string of the form DOMAIN/user into a domain and a user */
571 char *p = strchr(*list,*lp_winbind_separator());
573 DEBUG(10,("user_in_list: checking if user |%s| is in winbind group |%s|\n", user, *list));
576 fstrcpy(groupname, p+1);
577 fstrcpy(domain, *list);
578 domain[PTR_DIFF(p, *list)] = 0;
580 /* Check to see if name is a Windows group */
581 if (winbind_lookup_name(domain, groupname, &g_sid, &name_type) && name_type == SID_NAME_DOM_GRP) {
583 /* Check if user name is in the Windows group */
584 ret = user_in_winbind_group_list(user, *list, &winbind_answered);
586 if (winbind_answered && ret == True) {
587 DEBUG(10,("user_in_list: user |%s| is in winbind group |%s|\n", user, *list));
599 /* The functions below have been taken from password.c and slightly modified */
600 /****************************************************************************
601 Apply a function to upper/lower case combinations
602 of a string and return true if one of them returns true.
603 Try all combinations with N uppercase letters.
604 offset is the first char to try and change (start with 0)
605 it assumes the string starts lowercased
606 ****************************************************************************/
608 static struct passwd *uname_string_combinations2(char *s,int offset,struct passwd *(*fn)(const char *),int N)
610 ssize_t len = (ssize_t)strlen(s);
614 if (N <= 0 || offset >= len)
617 for (i=offset;i<(len-(N-1));i++) {
619 if (!islower((int)c))
622 ret = uname_string_combinations2(s,i+1,fn,N-1);
630 /****************************************************************************
631 Apply a function to upper/lower case combinations
632 of a string and return true if one of them returns true.
633 Try all combinations with up to N uppercase letters.
634 offset is the first char to try and change (start with 0)
635 it assumes the string starts lowercased
636 ****************************************************************************/
638 static struct passwd * uname_string_combinations(char *s,struct passwd * (*fn)(const char *),int N)
644 ret = uname_string_combinations2(s,0,fn,n);
651 /****************************************************************************
652 These wrappers allow appliance mode to work. In appliance mode the username
653 takes the form DOMAIN/user.
654 ****************************************************************************/
656 struct passwd *smb_getpwnam(char *user, BOOL allow_change)
661 extern pstring global_myname;
664 pw = Get_Pwnam_Modify(user);
666 pw = Get_Pwnam(user);
672 * If it is a domain qualified name and it isn't in our password
673 * database but the domain portion matches our local machine name then
674 * lookup just the username portion locally.
677 sep = lp_winbind_separator();
678 p = strchr_m(user,*sep);
679 if (p && strncasecmp(global_myname, user, strlen(global_myname))==0) {
681 pw = Get_Pwnam_Modify(p+1);