2 Unix SMB/CIFS implementation.
3 Main SMB reply routines
4 Copyright (C) Andrew Tridgell 1992-1998
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 #define DBGC_CLASS DBGC_AUTH
26 /****************************************************************************
27 Create a SAM_ACCOUNT - either by looking in the pdb, or by faking it up from
29 ****************************************************************************/
31 static NTSTATUS
auth_get_sam_account(const char *user
, SAM_ACCOUNT
**account
)
35 if (!NT_STATUS_IS_OK(nt_status
= pdb_init_sam(account
))) {
40 pdb_ret
= pdb_getsampwnam(*account
, user
);
45 struct passwd
*pass
= Get_Pwnam(user
);
47 return NT_STATUS_NO_SUCH_USER
;
49 if (!NT_STATUS_IS_OK(nt_status
= pdb_fill_sam_pw(*account
, pass
))) {
56 /****************************************************************************
57 Read the a hosts.equiv or .rhosts file and check if it
58 allows this user from this machine.
59 ****************************************************************************/
61 static BOOL
check_user_equiv(const char *user
, const char *remote
, const char *equiv_file
)
66 char **lines
= file_lines_load(equiv_file
, NULL
,0);
69 DEBUG(5, ("check_user_equiv %s %s %s\n", user
, remote
, equiv_file
));
73 for (i
=0; lines
[i
]; i
++) {
75 trim_char(buf
,' ',' ');
77 if (buf
[0] != '#' && buf
[0] != '\n') {
78 BOOL is_group
= False
;
82 if (strcmp(buf
, "NO_PLUS\n") == 0) {
83 DEBUG(6, ("check_user_equiv NO_PLUS\n"));
88 if (*bp
== '\n' && plus_allowed
) {
89 /* a bare plus means everbody allowed */
90 DEBUG(6, ("check_user_equiv everybody allowed\n"));
91 file_lines_free(lines
);
94 } else if (buf
[0] == '-') {
102 file_host
= strtok(bp
, " \t\n");
103 file_user
= strtok(NULL
, " \t\n");
104 DEBUG(7, ("check_user_equiv %s %s\n", file_host
? file_host
: "(null)",
105 file_user
? file_user
: "(null)" ));
107 if (file_host
&& *file_host
) {
108 BOOL host_ok
= False
;
110 #if defined(HAVE_NETGROUP) && defined(HAVE_YP_GET_DEFAULT_DOMAIN)
112 static char *mydomain
= NULL
;
114 yp_get_default_domain(&mydomain
);
116 if (mydomain
&& innetgr(file_host
,remote
,user
,mydomain
)) {
122 DEBUG(1,("Netgroups not configured\n"));
127 /* is it this host */
128 /* the fact that remote has come from a call of gethostbyaddr
129 * means that it may have the fully qualified domain name
130 * so we could look up the file version to get it into
131 * a canonical form, but I would rather just type it
132 * in full in the equiv file
135 if (!host_ok
&& !is_group
&& strequal(remote
, file_host
)) {
143 /* is it this user */
144 if (file_user
== 0 || strequal(user
, file_user
)) {
145 DEBUG(5, ("check_user_equiv matched %s%s %s\n",
146 (plus
? "+" : "-"), file_host
,
147 (file_user
? file_user
: "")));
148 file_lines_free(lines
);
149 return (plus
? True
: False
);
156 file_lines_free(lines
);
160 /****************************************************************************
161 check for a possible hosts equiv or rhosts entry for the user
162 ****************************************************************************/
164 static BOOL
check_hosts_equiv(SAM_ACCOUNT
*account
)
169 fname
= lp_hosts_equiv();
170 if (!sid_to_uid(pdb_get_user_sid(account
), &uid
))
173 /* note: don't allow hosts.equiv on root */
174 if (fname
&& *fname
&& uid
!= 0) {
175 if (check_user_equiv(pdb_get_username(account
),client_name(),fname
))
183 /****************************************************************************
184 Check for a valid .rhosts/hosts.equiv entry for this user
185 ****************************************************************************/
187 static NTSTATUS
check_hostsequiv_security(const struct auth_context
*auth_context
,
188 void *my_private_data
,
190 const auth_usersupplied_info
*user_info
,
191 auth_serversupplied_info
**server_info
)
194 SAM_ACCOUNT
*account
= NULL
;
195 if (!NT_STATUS_IS_OK(nt_status
=
196 auth_get_sam_account(user_info
->internal_username
,
198 if (NT_STATUS_EQUAL(nt_status
, NT_STATUS_NO_SUCH_USER
))
199 nt_status
= NT_STATUS_NOT_IMPLEMENTED
;
203 if (check_hosts_equiv(account
)) {
204 nt_status
= make_server_info_sam(server_info
, account
);
205 if (!NT_STATUS_IS_OK(nt_status
)) {
206 pdb_free_sam(&account
);
209 pdb_free_sam(&account
);
210 nt_status
= NT_STATUS_NOT_IMPLEMENTED
;
216 /* module initialisation */
217 static NTSTATUS
auth_init_hostsequiv(struct auth_context
*auth_context
, const char* param
, auth_methods
**auth_method
)
219 if (!make_auth_methods(auth_context
, auth_method
)) {
220 return NT_STATUS_NO_MEMORY
;
223 (*auth_method
)->auth
= check_hostsequiv_security
;
224 (*auth_method
)->name
= "hostsequiv";
229 /****************************************************************************
230 Check for a valid .rhosts/hosts.equiv entry for this user
231 ****************************************************************************/
233 static NTSTATUS
check_rhosts_security(const struct auth_context
*auth_context
,
234 void *my_private_data
,
236 const auth_usersupplied_info
*user_info
,
237 auth_serversupplied_info
**server_info
)
240 SAM_ACCOUNT
*account
= NULL
;
244 if (!NT_STATUS_IS_OK(nt_status
=
245 auth_get_sam_account(user_info
->internal_username
,
247 if (NT_STATUS_EQUAL(nt_status
, NT_STATUS_NO_SUCH_USER
))
248 nt_status
= NT_STATUS_NOT_IMPLEMENTED
;
252 home
= pdb_get_unix_homedir(account
);
255 slprintf(rhostsfile
, sizeof(rhostsfile
)-1, "%s/.rhosts", home
);
257 if (check_user_equiv(pdb_get_username(account
),client_name(),rhostsfile
)) {
258 nt_status
= make_server_info_sam(server_info
, account
);
259 if (!NT_STATUS_IS_OK(nt_status
)) {
260 pdb_free_sam(&account
);
263 pdb_free_sam(&account
);
267 pdb_free_sam(&account
);
268 nt_status
= NT_STATUS_NOT_IMPLEMENTED
;
274 /* module initialisation */
275 static NTSTATUS
auth_init_rhosts(struct auth_context
*auth_context
, const char *param
, auth_methods
**auth_method
)
277 if (!make_auth_methods(auth_context
, auth_method
)) {
278 return NT_STATUS_NO_MEMORY
;
281 (*auth_method
)->auth
= check_rhosts_security
;
282 (*auth_method
)->name
= "rhosts";
286 NTSTATUS
auth_rhosts_init(void)
288 smb_register_auth(AUTH_INTERFACE_VERSION
, "rhosts", auth_init_rhosts
);
289 smb_register_auth(AUTH_INTERFACE_VERSION
, "hostsequiv", auth_init_hostsequiv
);