2 Unix SMB/Netbios implementation.
4 Main SMB reply routines
5 Copyright (C) Andrew Tridgell 1992-1998
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 extern int DEBUGLEVEL;
27 /****************************************************************************
28 Read the a hosts.equiv or .rhosts file and check if it
29 allows this user from this machine.
30 ****************************************************************************/
32 static BOOL check_user_equiv(const char *user, const char *remote, const char *equiv_file)
37 char **lines = file_lines_load(equiv_file, NULL);
40 DEBUG(5, ("check_user_equiv %s %s %s\n", user, remote, equiv_file));
41 if (! lines) return False;
42 for (i=0; lines[i]; i++) {
44 trim_string(buf," "," ");
46 if (buf[0] != '#' && buf[0] != '\n')
48 BOOL is_group = False;
51 if (strcmp(buf, "NO_PLUS\n") == 0)
53 DEBUG(6, ("check_user_equiv NO_PLUS\n"));
60 if (*bp == '\n' && plus_allowed)
62 /* a bare plus means everbody allowed */
63 DEBUG(6, ("check_user_equiv everybody allowed\n"));
64 file_lines_free(lines);
68 else if (buf[0] == '-')
78 file_host = strtok(bp, " \t\n");
79 file_user = strtok(NULL, " \t\n");
80 DEBUG(7, ("check_user_equiv %s %s\n", file_host ? file_host : "(null)",
81 file_user ? file_user : "(null)" ));
82 if (file_host && *file_host)
86 #if defined(HAVE_NETGROUP) && defined(HAVE_YP_GET_DEFAULT_DOMAIN)
89 static char *mydomain = NULL;
91 yp_get_default_domain(&mydomain);
92 if (mydomain && innetgr(file_host,remote,user,mydomain))
98 DEBUG(1,("Netgroups not configured\n"));
103 /* is it this host */
104 /* the fact that remote has come from a call of gethostbyaddr
105 * means that it may have the fully qualified domain name
106 * so we could look up the file version to get it into
107 * a canonical form, but I would rather just type it
108 * in full in the equiv file
110 if (!host_ok && !is_group && strequal(remote, file_host))
116 /* is it this user */
117 if (file_user == 0 || strequal(user, file_user))
119 DEBUG(5, ("check_user_equiv matched %s%s %s\n",
120 (plus ? "+" : "-"), file_host,
121 (file_user ? file_user : "")));
122 file_lines_free(lines);
123 return (plus ? True : False);
129 file_lines_free(lines);
134 /****************************************************************************
135 check for a possible hosts equiv or rhosts entry for the user
136 ****************************************************************************/
137 static BOOL check_hosts_equiv(char *user) /* should be const... */
141 struct passwd *pass = Get_Pwnam(user,False);
146 fname = lp_hosts_equiv();
148 /* note: don't allow hosts.equiv on root */
149 if (fname && *fname && (pass->pw_uid != 0)) {
150 if (check_user_equiv(pass->pw_name,client_name(),fname))
156 char *home = pass->pw_dir;
158 slprintf(rhostsfile, sizeof(rhostsfile)-1, "%s/.rhosts", home);
159 if (check_user_equiv(pass->pw_name,client_name(),rhostsfile))
167 /****************************************************************************
168 Check for a valid .rhosts/hosts.equiv entry for this user
169 ****************************************************************************/
171 NTSTATUS check_rhosts_security(const auth_usersupplied_info *user_info,
172 auth_serversupplied_info *server_info)
174 NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
177 if (check_hosts_equiv(user_info->unix_username.str)) {
178 nt_status = NT_STATUS_OK;
git.samba.org / kai / samba.git / blob