search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
few edits
[Samba.git] / source / lib / username.c
blob3cc90ee418eb0a646ee6834cea43bf1ac3b3a60f
1 /*
2 Unix SMB/Netbios implementation.
3 Version 1.9.
4 Username handling
5 Copyright (C) Andrew Tridgell 1992-1998
6 Copyright (C) Jeremy Allison 1997-2001.
7
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
12
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
17
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21 */
22
23 #include "includes.h"
24
25 /* internal functions */
26 static struct passwd *uname_string_combinations(char *s, struct passwd * (*fn) (char *), int N);
27 static struct passwd *uname_string_combinations2(char *s, int offset, struct passwd * (*fn) (char *), int N);
28
29 /*****************************************************************
30 Check if a user or group name is local (this is a *local* name for
31 *local* people, there's nothing for you here...).
32 *****************************************************************/
33
34 BOOL name_is_local(const char *name)
35 {
36 return !strchr(name, *lp_winbind_separator());
37 }
38
39 /****************************************************************************
40 Get a users home directory.
41 ****************************************************************************/
42
43 char *get_user_home_dir(char *user)
44 {
45 static struct passwd *pass;
46
47 pass = Get_Pwnam(user, False);
48 if (!pass)
49 return(NULL);
50 /* Return home directory from struct passwd. */
51 return(pass->pw_dir);
52 }
53
54 /****************************************************************************
55 Get a users home service directory.
56 ****************************************************************************/
57
58 char *get_user_service_home_dir(char *user)
59 {
60 static struct passwd *pass;
61 int snum;
62
63 /* Ensure the user exists. */
64
65 pass = Get_Pwnam(user, False);
66 if (!pass)
67 return(NULL);
68
69 /* If a path is specified in [homes] then use it instead of the
70 user's home directory from struct passwd. */
71
72 if ((snum = lp_servicenumber(HOMES_NAME)) != -1) {
73 static pstring home_dir;
74
75 pstrcpy(home_dir, lp_pathname(snum));
76 standard_sub_home(snum, user, home_dir, sizeof(home_dir));
77
78 if (home_dir[0])
79 return home_dir;
80 }
81
82 /* Return home directory from struct passwd. */
83
84 return(pass->pw_dir);
85 }
86
87 /*******************************************************************
88 Map a username from a dos name to a unix name by looking in the username
89 map. Note that this modifies the name in place.
90 This is the main function that should be called *once* on
91 any incoming or new username - in order to canonicalize the name.
92 This is being done to de-couple the case conversions from the user mapping
93 function. Previously, the map_username was being called
94 every time Get_Pwnam was called.
95 Returns True if username was changed, false otherwise.
96 ********************************************************************/
97
98 BOOL map_username(char *user)
99 {
100 static BOOL initialised=False;
101 static fstring last_from,last_to;
102 FILE *f;
103 char *mapfile = lp_username_map();
104 char *s;
105 pstring buf;
106 BOOL mapped_user = False;
107
108 if (!*user)
109 return False;
110
111 if (!*mapfile)
112 return False;
113
114 if (!initialised) {
115 *last_from = *last_to = 0;
116 initialised = True;
117 }
118
119 if (strequal(user,last_to))
120 return False;
121
122 if (strequal(user,last_from)) {
123 DEBUG(3,("Mapped user %s to %s\n",user,last_to));
124 fstrcpy(user,last_to);
125 return True;
126 }
127
128 f = sys_fopen(mapfile,"r");
129 if (!f) {
130 DEBUG(0,("can't open username map %s. Error %s\n",mapfile, strerror(errno) ));
131 return False;
132 }
133
134 DEBUG(4,("Scanning username map %s\n",mapfile));
135
136 while((s=fgets_slash(buf,sizeof(buf),f))!=NULL) {
137 char *unixname = s;
138 char *dosname = strchr(unixname,'=');
139 BOOL return_if_mapped = False;
140
141 if (!dosname)
142 continue;
143
144 *dosname++ = 0;
145
146 while (isspace((int)*unixname))
147 unixname++;
148 if ('!' == *unixname) {
149 return_if_mapped = True;
150 unixname++;
151
152 while (*unixname && isspace((int)*unixname))
153 unixname++;
154 }
155
156 if (!*unixname || strchr("#;",*unixname))
157 continue;
158
159 {
160 int l = strlen(unixname);
161 while (l && isspace((int)unixname[l-1])) {
162 unixname[l-1] = 0;
163 l--;
164 }
165 }
166
167 if (strchr(dosname,'*') || user_in_list(user,dosname)) {
168 DEBUG(3,("Mapped user %s to %s\n",user,unixname));
169 mapped_user = True;
170 fstrcpy(last_from,user);
171 sscanf(unixname,"%s",user);
172 fstrcpy(last_to,user);
173 if(return_if_mapped) {
174 fclose(f);
175 return True;
176 }
177 }
178 }
179
180 fclose(f);
181
182 /*
183 * Setup the last_from and last_to as an optimization so
184 * that we don't scan the file again for the same user.
185 */
186 fstrcpy(last_from,user);
187 fstrcpy(last_to,user);
188
189 return mapped_user;
190 }
191
192 /****************************************************************************
193 Get_Pwnam wrapper.
194 ****************************************************************************/
195
196 static struct passwd *_Get_Pwnam(char *s)
197 {
198 struct passwd *ret;
199
200 ret = sys_getpwnam(s);
201 if (ret) {
202 #ifdef HAVE_GETPWANAM
203 struct passwd_adjunct *pwret;
204 pwret = getpwanam(s);
205 if (pwret && pwret->pwa_passwd)
206 pstrcpy(ret->pw_passwd,pwret->pwa_passwd);
207 #endif
208 }
209
210 return(ret);
211 }
212
213 /****************************************************************************
214 A wrapper for getpwnam(). The following variations are tried...
215 - in all lower case
216 - as transmitted IF a different case
217 - in all upper case IF that is different from the transmitted username
218 - using the lp_usernamelevel() for permutations
219 Note that this can change user! The user name is in Unix code page.
220 ****************************************************************************/
221
222 struct passwd *Get_Pwnam(char *user,BOOL allow_change)
223 {
224 fstring user2, orig_username;
225 int usernamelevel = lp_usernamelevel();
226 struct passwd *ret;
227
228 if (!user || !(*user))
229 return(NULL);
230
231 /* make a few copies to work with */
232 fstrcpy(orig_username, user);
233 if (!allow_change) {
234 /* allow_change was False, so make a copy and temporarily
235 assign the char* user to the temp copy */
236 fstrcpy(user2,user);
237 user = &user2[0];
238 }
239
240 /* try in all lower case first as this is the most
241 common case on UNIX systems */
242 unix_to_dos(user);
243 strlower(user);
244 dos_to_unix(user);
245
246 ret = _Get_Pwnam(user);
247 if (ret)
248 return(ret);
249
250 /* try as transmitted, but only if the original username
251 gives us a different case */
252 if (strcmp(user, orig_username) != 0) {
253 ret = _Get_Pwnam(orig_username);
254 if (ret) {
255 if (allow_change)
256 fstrcpy(user, orig_username);
257
258 return(ret);
259 }
260 }
261
262 /* finally, try in all caps if that is a new case */
263 unix_to_dos(user);
264 strupper(user);
265 dos_to_unix(user);
266
267 if (strcmp(user, orig_username) != 0) {
268 ret = _Get_Pwnam(user);
269 if (ret)
270 return(ret);
271 }
272
273 /* Try all combinations up to usernamelevel. */
274 unix_to_dos(user);
275 strlower(user);
276 dos_to_unix(user);
277
278 ret = uname_string_combinations(user, _Get_Pwnam, usernamelevel);
279
280 if (ret)
281 return(ret);
282
283 return(NULL);
284 }
285
286 /****************************************************************************
287 Check if a user is in a netgroup user list.
288 ****************************************************************************/
289
290 static BOOL user_in_netgroup_list(char *user,char *ngname)
291 {
292 #ifdef HAVE_NETGROUP
293 static char *mydomain = NULL;
294 if (mydomain == NULL)
295 yp_get_default_domain(&mydomain);
296
297 if(mydomain == NULL) {
298 DEBUG(5,("Unable to get default yp domain\n"));
299 return False;
300 }
301
302 DEBUG(5,("looking for user %s of domain %s in netgroup %s\n",
303 user, mydomain, ngname));
304 DEBUG(5,("innetgr is %s\n", innetgr(ngname, NULL, user, mydomain)
305 ? "True" : "False"));
306
307 if (innetgr(ngname, NULL, user, mydomain))
308 return (True);
309 #endif /* HAVE_NETGROUP */
310 return False;
311 }
312
313 /****************************************************************************
314 Check if a user is in a winbind group.
315 ****************************************************************************/
316
317 static BOOL user_in_winbind_group_list(char *user,char *gname, BOOL *winbind_answered)
318 {
319 int num_groups;
320 int i;
321 gid_t *groups = NULL;
322 gid_t gid;
323 BOOL ret = False;
324
325 *winbind_answered = False;
326
327 /*
328 * Get the gid's that this user belongs to.
329 */
330
331 if ((num_groups = winbind_getgroups(user, 0, NULL)) == -1)
332 return False;
333
334 if (num_groups == 0) {
335 *winbind_answered = True;
336 return False;
337 }
338
339 if ((groups = (gid_t *)malloc(sizeof(gid_t) * num_groups )) == NULL) {
340 DEBUG(0,("user_in_winbind_group_list: malloc fail.\n"));
341 goto err;
342 }
343
344 if ((num_groups = winbind_getgroups(user, num_groups, groups)) == -1) {
345 DEBUG(0,("user_in_winbind_group_list: second winbind_getgroups call \
346 failed with error %s\n", strerror(errno) ));
347 goto err;
348 }
349
350 /*
351 * Now we have the gid list for this user - convert the gname
352 * to a gid_t via either winbind or the local UNIX lookup and do the comparison.
353 */
354
355 if ((gid = nametogid(gname)) == (gid_t)-1) {
356 DEBUG(0,("user_in_winbind_group_list: winbind_lookup_name for group %s failed.\n",
357 gname ));
358 goto err;
359 }
360
361 for (i = 0; i < num_groups; i++) {
362 if (gid == groups[i]) {
363 ret = True;
364 DEBUG(10,("user_in_winbind_group_list: user |%s| is in group |%s|\n",
365 user, gname ));
366 break;
367 }
368 }
369
370 *winbind_answered = True;
371 SAFE_FREE(groups);
372 return ret;
373
374 err:
375
376 *winbind_answered = False;
377 SAFE_FREE(groups);
378 return False;
379 }
380
381 /****************************************************************************
382 Check if a user is in a UNIX group.
383 Names are in UNIX character set format.
384 ****************************************************************************/
385
386 static BOOL user_in_unix_group_list(char *user,const char *gname)
387 {
388 struct passwd *pass = Get_Pwnam(user,False);
389 struct sys_userlist *user_list;
390 struct sys_userlist *member;
391
392 DEBUG(10,("user_in_unix_group_list: checking user %s in group %s\n", user, gname));
393
394 /*
395 * We need to check the users primary group as this
396 * group is implicit and often not listed in the group database.
397 */
398
399 if (pass) {
400 if (strequal_unix(gname, gidtoname(pass->pw_gid))) {
401 DEBUG(10,("user_in_unix_group_list: group %s is primary group.\n", gname ));
402 return True;
403 }
404 }
405
406 user_list = get_users_in_group(gname);
407 if (user_list == NULL) {
408 DEBUG(10,("user_in_unix_group_list: no such group %s\n", gname ));
409 return False;
410 }
411
412 for (member = user_list; member; member = member->next) {
413 DEBUG(10,("user_in_unix_group_list: checking user %s against member %s\n",
414 user, member->unix_name ));
415 if (strequal_unix(member->unix_name,user)) {
416 free_userlist(user_list);
417 DEBUG(10,("user_in_unix_group_list: user |%s| is in group |%s|\n", user, gname));
418 return(True);
419 }
420 }
421
422 free_userlist(user_list);
423 return False;
424 }
425
426 /****************************************************************************
427 Check if a user is in a group list. Ask winbind first, then use UNIX.
428 Names are in UNIX character set format.
429 ****************************************************************************/
430
431 BOOL user_in_group_list(char *user,char *gname)
432 {
433 BOOL winbind_answered = False;
434 BOOL ret;
435
436 ret = user_in_winbind_group_list(user, gname, &winbind_answered);
437 if (!winbind_answered)
438 ret = user_in_unix_group_list(user, gname);
439
440 if (ret)
441 DEBUG(10,("user_in_group_list: user |%s| is in group |%s|\n", user, gname));
442 return ret;
443 }
444
445 /****************************************************************************
446 Check if a user is in a user list - can check combinations of UNIX
447 and netgroup lists.
448 Names are in UNIX character set format.
449 ****************************************************************************/
450
451 BOOL user_in_list(char *user,char *list)
452 {
453 pstring tok;
454 char *p=list;
455
456 DEBUG(10,("user_in_list: checking user %s in list %s\n", user, list));
457
458 while (next_token(&p,tok,LIST_SEP, sizeof(tok))) {
459
460 DEBUG(10,("user_in_list: checking user |%s| against |%s|\n", user, tok));
461
462 /*
463 * Check raw username.
464 */
465 if (strequal_unix(user,tok)) {
466 DEBUG(10,("user_in_list: user |%s| matches |%s|\n", user, tok));
467 return(True);
468 }
469
470 /*
471 * Now check to see if any combination
472 * of UNIX and netgroups has been specified.
473 */
474
475 if(*tok == '@') {
476 /*
477 * Old behaviour. Check netgroup list
478 * followed by UNIX list.
479 */
480 if(user_in_netgroup_list(user,&tok[1]))
481 return True;
482 if(user_in_group_list(user,&tok[1]))
483 return True;
484 } else if (*tok == '+') {
485
486 if(tok[1] == '&') {
487 /*
488 * Search UNIX list followed by netgroup.
489 */
490 if(user_in_group_list(user,&tok[2]))
491 return True;
492 if(user_in_netgroup_list(user,&tok[2]))
493 return True;
494
495 } else {
496
497 /*
498 * Just search UNIX list.
499 */
500
501 if(user_in_group_list(user,&tok[1]))
502 return True;
503 }
504
505 } else if (*tok == '&') {
506
507 if(tok[1] == '+') {
508 /*
509 * Search netgroup list followed by UNIX list.
510 */
511 if(user_in_netgroup_list(user,&tok[2]))
512 return True;
513 if(user_in_group_list(user,&tok[2]))
514 return True;
515 } else {
516 /*
517 * Just search netgroup list.
518 */
519 if(user_in_netgroup_list(user,&tok[1]))
520 return True;
521 }
522 } else if (!name_is_local(tok)) {
523 /*
524 * If user name did not match and token is not
525 * a unix group and the token has a winbind separator in the
526 * name then see if it is a Windows group.
527 */
528
529 DOM_SID g_sid;
530 enum SID_NAME_USE name_type;
531 BOOL winbind_answered = False;
532 BOOL ret;
533
534 /* Check to see if name is a Windows group */
535 if (winbind_lookup_name(NULL, tok, &g_sid, &name_type) && name_type == SID_NAME_DOM_GRP) {
536
537 /* Check if user name is in the Windows group */
538 ret = user_in_winbind_group_list(user, tok, &winbind_answered);
539
540 if (winbind_answered && ret == True) {
541 DEBUG(10,("user_in_list: user |%s| is in group |%s|\n", user, tok));
542 return ret;
543 }
544 }
545 }
546 }
547 return(False);
548 }
549
550 /* The functions below have been taken from password.c and slightly modified */
551 /****************************************************************************
552 Apply a function to upper/lower case combinations
553 of a string and return true if one of them returns true.
554 Try all combinations with N uppercase letters.
555 offset is the first char to try and change (start with 0)
556 it assumes the string starts lowercased
557 ****************************************************************************/
558
559 static struct passwd *uname_string_combinations2(char *s,int offset,struct passwd *(*fn)(char *),int N)
560 {
561 ssize_t len = (ssize_t)strlen(s);
562 int i;
563 struct passwd *ret;
564
565 if (N <= 0 || offset >= len)
566 return(fn(s));
567
568 for (i=offset;i<(len-(N-1));i++) {
569 char c = s[i];
570 if (!islower((int)c))
571 continue;
572 s[i] = toupper(c);
573 ret = uname_string_combinations2(s,i+1,fn,N-1);
574 if(ret)
575 return(ret);
576 s[i] = c;
577 }
578 return(NULL);
579 }
580
581 /****************************************************************************
582 Apply a function to upper/lower case combinations
583 of a string and return true if one of them returns true.
584 Try all combinations with up to N uppercase letters.
585 offset is the first char to try and change (start with 0)
586 it assumes the string starts lowercased
587 ****************************************************************************/
588
589 static struct passwd * uname_string_combinations(char *s,struct passwd * (*fn)(char *),int N)
590 {
591 int n;
592 struct passwd *ret;
593
594 for (n=1;n<=N;n++) {
595 ret = uname_string_combinations2(s,0,fn,n);
596 if(ret)
597 return(ret);
598 }
599 return(NULL);
600 }
601
602
603 /****************************************************************************
604 these wrappers allow appliance mode to work. In appliance mode the username
605 takes the form DOMAIN/user
606 ****************************************************************************/
607 struct passwd *smb_getpwnam(char *user, BOOL allow_change)
608 {
609 struct passwd *pw;
610 char *p;
611 char *sep;
612 extern pstring global_myname;
613
614 pw = Get_Pwnam(user, allow_change);
615 if (pw)
616 return pw;
617
618 /*
619 * If it is a domain qualified name and it isn't in our password
620 * database but the domain portion matches our local machine name then
621 * lookup just the username portion locally.
622 */
623
624 sep = lp_winbind_separator();
625 p = strchr(user,*sep);
626 if (p && strncasecmp(global_myname, user, strlen(global_myname))==0)
627 return Get_Pwnam(p+1, allow_change);
628
629 return NULL;
630 }
Samba GIT mirror