2 Unix SMB/Netbios implementation.
5 Copyright (C) Andrew Tridgell 1992-1998
6 Copyright (C) Jeremy Allison 1997-2001.
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 /* internal functions */
26 static struct passwd
*uname_string_combinations(char *s
, struct passwd
* (*fn
) (char *), int N
);
27 static struct passwd
*uname_string_combinations2(char *s
, int offset
, struct passwd
* (*fn
) (char *), int N
);
29 /*****************************************************************
30 Check if a user or group name is local (this is a *local* name for
31 *local* people, there's nothing for you here...).
32 *****************************************************************/
34 BOOL
name_is_local(const char *name
)
36 return !strchr(name
, *lp_winbind_separator());
39 /****************************************************************************
40 Get a users home directory.
41 ****************************************************************************/
43 char *get_user_home_dir(char *user
)
45 static struct passwd
*pass
;
47 pass
= Get_Pwnam(user
, False
);
50 /* Return home directory from struct passwd. */
54 /****************************************************************************
55 Get a users home service directory. Returns in dos codepage.
56 ****************************************************************************/
58 char *get_user_service_home_dir(char *user
)
60 static struct passwd
*pass
;
63 /* Ensure the user exists. */
65 pass
= Get_Pwnam(user
, False
);
69 /* If a path is specified in [homes] then use it instead of the
70 user's home directory from struct passwd. */
72 if ((snum
= lp_servicenumber_unix(HOMES_NAME
)) != -1) {
73 static pstring home_dir
;
75 pstrcpy(home_dir
, lp_pathname_unix(snum
));
76 standard_sub_home(snum
, user
, home_dir
, sizeof(home_dir
));
79 unix_to_dos(home_dir
);
84 /* Return home directory from struct passwd. */
86 return(unix_to_dos(pass
->pw_dir
));
89 /*******************************************************************
90 Map a username from a dos name to a unix name by looking in the username
91 map. Note that this modifies the name in place.
92 This is the main function that should be called *once* on
93 any incoming or new username - in order to canonicalize the name.
94 This is being done to de-couple the case conversions from the user mapping
95 function. Previously, the map_username was being called
96 every time Get_Pwnam was called.
97 Returns True if username was changed, false otherwise.
98 ********************************************************************/
100 BOOL
map_username(char *user
)
102 static BOOL initialised
=False
;
103 static fstring last_from
,last_to
;
105 char *mapfile
= lp_username_map();
108 BOOL mapped_user
= False
;
117 *last_from
= *last_to
= 0;
121 if (strequal_unix(user
,last_to
))
124 if (strequal_unix(user
,last_from
)) {
125 DEBUG(3,("Mapped user %s to %s\n",user
,last_to
));
126 fstrcpy(user
,last_to
);
130 f
= x_fopen(mapfile
,O_RDONLY
, 0);
132 DEBUG(0,("can't open username map %s. Error %s\n",mapfile
, strerror(errno
) ));
136 DEBUG(4,("Scanning username map %s\n",mapfile
));
138 while((s
=fgets_slash(buf
,sizeof(buf
),f
))!=NULL
) {
140 char *dosname
= strchr(unixname
,'=');
141 BOOL return_if_mapped
= False
;
148 while (isspace((int)*unixname
))
150 if ('!' == *unixname
) {
151 return_if_mapped
= True
;
154 while (*unixname
&& isspace((int)*unixname
))
158 if (!*unixname
|| strchr("#;",*unixname
))
162 int l
= strlen(unixname
);
163 while (l
&& isspace((int)unixname
[l
-1])) {
169 if (strchr(dosname
,'*') || user_in_list(user
,dosname
)) {
170 DEBUG(3,("Mapped user %s to %s\n",user
,unixname
));
172 fstrcpy(last_from
,user
);
173 sscanf(unixname
,"%s",user
);
174 fstrcpy(last_to
,user
);
175 if(return_if_mapped
) {
185 * Setup the last_from and last_to as an optimization so
186 * that we don't scan the file again for the same user.
188 fstrcpy(last_from
,user
);
189 fstrcpy(last_to
,user
);
194 /****************************************************************************
196 ****************************************************************************/
198 static struct passwd
*_Get_Pwnam(char *s
)
202 ret
= sys_getpwnam(s
);
204 #ifdef HAVE_GETPWANAM
205 struct passwd_adjunct
*pwret
;
206 pwret
= getpwanam(s
);
207 if (pwret
&& pwret
->pwa_passwd
)
208 pstrcpy(ret
->pw_passwd
,pwret
->pwa_passwd
);
215 /****************************************************************************
216 A wrapper for getpwnam(). The following variations are tried...
218 - as transmitted IF a different case
219 - in all upper case IF that is different from the transmitted username
220 - using the lp_usernamelevel() for permutations
221 Note that this can change user! The user name is in Unix code page.
222 ****************************************************************************/
224 struct passwd
*Get_Pwnam(char *user
,BOOL allow_change
)
226 fstring user2
, orig_username
;
227 int usernamelevel
= lp_usernamelevel();
230 if (!user
|| !(*user
))
233 /* make a few copies to work with */
234 fstrcpy(orig_username
, user
);
236 /* allow_change was False, so make a copy and temporarily
237 assign the char* user to the temp copy */
242 /* try in all lower case first as this is the most
243 common case on UNIX systems */
248 ret
= _Get_Pwnam(user
);
252 /* try as transmitted, but only if the original username
253 gives us a different case */
254 if (strcmp(user
, orig_username
) != 0) {
255 ret
= _Get_Pwnam(orig_username
);
258 fstrcpy(user
, orig_username
);
264 /* finally, try in all caps if that is a new case */
269 if (strcmp(user
, orig_username
) != 0) {
270 ret
= _Get_Pwnam(user
);
275 /* Try all combinations up to usernamelevel. */
280 ret
= uname_string_combinations(user
, _Get_Pwnam
, usernamelevel
);
288 /****************************************************************************
289 Check if a user is in a netgroup user list.
290 ****************************************************************************/
292 static BOOL
user_in_netgroup_list(char *user
,char *ngname
)
295 static char *mydomain
= NULL
;
296 if (mydomain
== NULL
)
297 yp_get_default_domain(&mydomain
);
299 if(mydomain
== NULL
) {
300 DEBUG(5,("Unable to get default yp domain\n"));
304 DEBUG(5,("looking for user %s of domain %s in netgroup %s\n",
305 user
, mydomain
, ngname
));
306 DEBUG(5,("innetgr is %s\n", innetgr(ngname
, NULL
, user
, mydomain
)
307 ? "True" : "False"));
309 if (innetgr(ngname
, NULL
, user
, mydomain
))
311 #endif /* HAVE_NETGROUP */
315 /****************************************************************************
316 Check if a user is in a winbind group.
317 ****************************************************************************/
319 static BOOL
user_in_winbind_group_list(char *user
,char *gname
, BOOL
*winbind_answered
)
322 static gid_t
*groups
= NULL
;
323 static int num_groups
= 0;
324 static fstring last_user
= "";
328 *winbind_answered
= False
;
330 /* try to user the last user we looked up */
331 /* otherwise fall back to lookups */
333 if ( !strequal_unix( last_user
, user
) || !groups
)
335 /* clear any cached information */
338 fstrcpy( last_user
, "" );
341 * Get the gid's that this user belongs to.
344 if ((num_groups
= winbind_getgroups2(user
, &groups
)) == -1)
347 if ( num_groups
== -1 )
350 if ( num_groups
== 0 ) {
351 *winbind_answered
= True
;
355 /* save the last username */
357 fstrcpy( last_user
, user
);
361 DEBUG(10,("user_in_winbind_group_list: using cached user groups for [%s]\n", user
));
363 if ( DEBUGLEVEL
>= 10 ) {
364 DEBUG(10,("user_in_winbind_group_list: using groups -- "));
365 for ( i
=0; i
<num_groups
; i
++ )
366 DEBUGADD(10,("%d ", groups
[i
]));
371 * Now we have the gid list for this user - convert the gname
372 * to a gid_t via either winbind or the local UNIX lookup and do the comparison.
375 if ((gid
= nametogid(gname
)) == (gid_t
)-1) {
376 DEBUG(0,("user_in_winbind_group_list: winbind_lookup_name for group %s failed.\n",
381 DEBUG(10, ("user_in_winbind_group_list: group %s [%d]\n", gname
, gid
));
383 for (i
= 0; i
< num_groups
; i
++) {
384 if (gid
== groups
[i
]) {
386 DEBUG(10,("user_in_winbind_group_list: user |%s| is in group |%s|\n",
392 *winbind_answered
= True
;
396 fstrcpy( last_user
, "" );
398 *winbind_answered
= False
;
403 /****************************************************************************
404 Check if a user is in a UNIX group.
405 Names are in UNIX character set format.
406 ****************************************************************************/
408 static BOOL
user_in_unix_group_list(char *user
,const char *gname
)
410 struct passwd
*pass
= Get_Pwnam(user
,False
);
411 struct sys_userlist
*user_list
;
412 struct sys_userlist
*member
;
414 DEBUG(10,("user_in_unix_group_list: checking user %s in group %s\n", user
, gname
));
417 * We need to check the users primary group as this
418 * group is implicit and often not listed in the group database.
422 if (strequal_unix(gname
, gidtoname(pass
->pw_gid
))) {
423 DEBUG(10,("user_in_unix_group_list: group %s is primary group.\n", gname
));
428 user_list
= get_users_in_group(gname
);
429 if (user_list
== NULL
) {
430 DEBUG(10,("user_in_unix_group_list: no such group %s\n", gname
));
434 for (member
= user_list
; member
; member
= member
->next
) {
435 DEBUG(10,("user_in_unix_group_list: checking user %s against member %s\n",
436 user
, member
->unix_name
));
437 if (strequal_unix(member
->unix_name
,user
)) {
438 free_userlist(user_list
);
439 DEBUG(10,("user_in_unix_group_list: user |%s| is in group |%s|\n", user
, gname
));
444 free_userlist(user_list
);
448 /****************************************************************************
449 Check if a user is in a group list. Ask winbind first, then use UNIX.
450 Names are in UNIX character set format.
451 ****************************************************************************/
453 BOOL
user_in_group_list(char *user
,char *gname
)
455 BOOL winbind_answered
= False
;
458 ret
= user_in_winbind_group_list(user
, gname
, &winbind_answered
);
459 if (!winbind_answered
)
460 ret
= user_in_unix_group_list(user
, gname
);
463 DEBUG(10,("user_in_group_list: user |%s| is in group |%s|\n", user
, gname
));
467 /****************************************************************************
468 Check if a user is in a user list - can check combinations of UNIX
470 Names are in UNIX character set format.
471 ****************************************************************************/
473 BOOL
user_in_list(char *user
,char *list
)
478 DEBUG(10,("user_in_list: checking user %s in list %s\n", user
, list
));
480 while (next_token(&p
,tok
,LIST_SEP
, sizeof(tok
))) {
482 DEBUG(10,("user_in_list: checking user |%s| against |%s|\n", user
, tok
));
485 * Check raw username.
487 if (strequal_unix(user
,tok
)) {
488 DEBUG(10,("user_in_list: user |%s| matches |%s|\n", user
, tok
));
493 * Now check to see if any combination
494 * of UNIX and netgroups has been specified.
499 * Old behaviour. Check netgroup list
500 * followed by UNIX list.
502 if(user_in_netgroup_list(user
,&tok
[1]))
504 if(user_in_group_list(user
,&tok
[1]))
506 } else if (*tok
== '+') {
510 * Search UNIX list followed by netgroup.
512 if(user_in_group_list(user
,&tok
[2]))
514 if(user_in_netgroup_list(user
,&tok
[2]))
520 * Just search UNIX list.
523 if(user_in_group_list(user
,&tok
[1]))
527 } else if (*tok
== '&') {
531 * Search netgroup list followed by UNIX list.
533 if(user_in_netgroup_list(user
,&tok
[2]))
535 if(user_in_group_list(user
,&tok
[2]))
539 * Just search netgroup list.
541 if(user_in_netgroup_list(user
,&tok
[1]))
544 } else if (!name_is_local(tok
)) {
546 * If user name did not match and token is not
547 * a unix group and the token has a winbind separator in the
548 * name then see if it is a Windows group.
552 enum SID_NAME_USE name_type
;
553 BOOL winbind_answered
= False
;
556 /* Check to see if name is a Windows group */
557 if (winbind_lookup_name(NULL
, tok
, &g_sid
, &name_type
)
558 && ( name_type
==SID_NAME_DOM_GRP
|| name_type
==SID_NAME_ALIAS
) )
561 /* Check if user name is in the Windows group */
562 ret
= user_in_winbind_group_list(user
, tok
, &winbind_answered
);
564 if (winbind_answered
&& ret
== True
) {
565 DEBUG(10,("user_in_list: user |%s| is in group |%s|\n", user
, tok
));
574 /* Slightly modified version of user_in_list() function to use a
575 P_LIST type instead of a P_STRING. */
577 BOOL
user_in_plist(char *user
, char **the_list
)
581 if (!the_list
|| !*the_list
)
584 DEBUG(10,("user_in_plist: checking user %s in list\n", user
));
586 /* First check usernames only */
592 /* Check raw username */
594 if (strequal_unix(user
, *list
)) {
595 DEBUG(10,("user_in_plist: user |%s| matches |%s|\n", user
, *list
));
602 /* Now check groups */
609 * Now check to see if any combination
610 * of UNIX and netgroups has been specified.
615 * Old behaviour. Check netgroup list
616 * followed by UNIX list.
618 if(user_in_netgroup_list(user
, *list
+ 1))
620 if(user_in_group_list(user
, *list
+ 1))
622 } else if (**list
== '+') {
624 if((*(*list
+ 1)) == '&') {
626 * Search UNIX list followed by netgroup.
628 if(user_in_group_list(user
, *list
+ 2))
630 if(user_in_netgroup_list(user
, *list
+ 2))
636 * Just search UNIX list.
639 if(user_in_group_list(user
, *list
+ 1))
643 } else if (**list
== '&') {
645 if(*(*list
+ 1) == '+') {
647 * Search netgroup list followed by UNIX list.
649 if(user_in_netgroup_list(user
, *list
+ 2))
651 if(user_in_group_list(user
, *list
+ 2))
655 * Just search netgroup list.
657 if(user_in_netgroup_list(user
, *list
+ 1))
660 } else if (!name_is_local(*list
)) {
662 * If user name did not match and token is not
663 * a unix group and the token has a winbind separator in the
664 * name then see if it is a Windows group.
668 enum SID_NAME_USE name_type
;
669 BOOL winbind_answered
= False
;
672 /* Check to see if name is a Windows group; Win2k native mode DCs
673 will return domain local groups; while NT4 or mixed mode 2k DCs
676 if ( winbind_lookup_name(NULL
, *list
, &g_sid
, &name_type
)
677 && ( name_type
==SID_NAME_DOM_GRP
|| name_type
==SID_NAME_ALIAS
) )
679 /* Check if user name is in the Windows group */
680 ret
= user_in_winbind_group_list(user
, *list
, &winbind_answered
);
682 if (winbind_answered
&& ret
== True
) {
683 DEBUG(10,("user_in_plist: user |%s| is in group |%s|\n", user
, *list
));
694 /* The functions below have been taken from password.c and slightly modified */
695 /****************************************************************************
696 Apply a function to upper/lower case combinations
697 of a string and return true if one of them returns true.
698 Try all combinations with N uppercase letters.
699 offset is the first char to try and change (start with 0)
700 it assumes the string starts lowercased
701 ****************************************************************************/
703 static struct passwd
*uname_string_combinations2(char *s
,int offset
,struct passwd
*(*fn
)(char *),int N
)
705 ssize_t len
= (ssize_t
)strlen(s
);
709 if (N
<= 0 || offset
>= len
)
712 for (i
=offset
;i
<(len
-(N
-1));i
++) {
714 if (!islower((int)c
))
717 ret
= uname_string_combinations2(s
,i
+1,fn
,N
-1);
725 /****************************************************************************
726 Apply a function to upper/lower case combinations
727 of a string and return true if one of them returns true.
728 Try all combinations with up to N uppercase letters.
729 offset is the first char to try and change (start with 0)
730 it assumes the string starts lowercased
731 ****************************************************************************/
733 static struct passwd
* uname_string_combinations(char *s
,struct passwd
* (*fn
)(char *),int N
)
739 ret
= uname_string_combinations2(s
,0,fn
,n
);
747 /****************************************************************************
748 these wrappers allow appliance mode to work. In appliance mode the username
749 takes the form DOMAIN/user
750 ****************************************************************************/
752 struct passwd
*smb_getpwnam(char *user
, BOOL allow_change
)
758 pw
= Get_Pwnam(user
, allow_change
);
763 * If it is a domain qualified name and it isn't in our password
764 * database but the domain portion matches our local machine name then
765 * lookup just the username portion locally.
768 sep
= lp_winbind_separator();
769 p
= strchr(user
,*sep
);
770 if (p
&& strncasecmp(global_myname_unix(), user
, strlen(global_myname_unix()))==0)
771 return Get_Pwnam(p
+1, allow_change
);