2 Unix SMB/CIFS implementation.
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Jeremy Allison 1997-2001.
6 Copyright (C) Volker Lendecke 2006
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "system/filesys.h"
25 #include "lib/gencache.h"
27 /*******************************************************************
28 Map a username from a dos name to a unix name by looking in the username
29 map. Note that this modifies the name in place.
30 This is the main function that should be called *once* on
31 any incoming or new username - in order to canonicalize the name.
32 This is being done to de-couple the case conversions from the user mapping
33 function. Previously, the map_username was being called
34 every time Get_Pwnam_alloc was called.
35 Returns True if username was changed, false otherwise.
36 ********************************************************************/
38 static char *last_from
= NULL
;
39 static char *last_to
= NULL
;
41 static const char *get_last_from(void)
49 static const char *get_last_to(void)
57 static bool set_last_from_to(const char *from
, const char *to
)
59 char *orig_from
= last_from
;
60 char *orig_to
= last_to
;
62 last_from
= SMB_STRDUP(from
);
63 last_to
= SMB_STRDUP(to
);
68 if (!last_from
|| !last_to
) {
76 static char *skip_space(char *s
)
78 while (isspace((int)(*s
))) {
84 static bool fetch_map_from_gencache(TALLOC_CTX
*ctx
,
91 if (lp_username_map_cache_time() == 0) {
95 key
= talloc_asprintf_strupper_m(ctx
, "USERNAME_MAP/%s",
100 found
= gencache_get(key
, ctx
, &value
, NULL
);
105 TALLOC_FREE(*p_user_out
);
113 static void store_map_in_gencache(TALLOC_CTX
*ctx
, const char *from
, const char *to
)
116 int cache_time
= lp_username_map_cache_time();
118 if (cache_time
== 0) {
122 key
= talloc_asprintf_strupper_m(ctx
, "USERNAME_MAP/%s",
127 gencache_set(key
, to
, cache_time
+ time(NULL
));
131 /****************************************************************************
132 Check if a user is in a netgroup user list. If at first we don't succeed,
134 ****************************************************************************/
136 bool user_in_netgroup(TALLOC_CTX
*ctx
, const char *user
, const char *ngname
)
138 #if defined(HAVE_NETGROUP) && defined(HAVE_INNETGR)
139 char nis_domain_buf
[256];
140 const char *nis_domain
= NULL
;
141 char *lowercase_user
= NULL
;
143 if (getdomainname(nis_domain_buf
, sizeof(nis_domain_buf
)) == 0) {
144 nis_domain
= &nis_domain_buf
[0];
146 DEBUG(5,("Unable to get default yp domain, "
147 "let's try without specifying it\n"));
151 DEBUG(5,("looking for user %s of domain %s in netgroup %s\n",
152 user
, nis_domain
? nis_domain
: "(ANY)", ngname
));
154 if (innetgr(ngname
, NULL
, user
, nis_domain
)) {
155 DEBUG(5,("user_in_netgroup: Found\n"));
160 * Ok, innetgr is case sensitive. Try once more with lowercase
161 * just in case. Attempt to fix #703. JRA.
163 lowercase_user
= talloc_strdup(ctx
, user
);
164 if (!lowercase_user
) {
167 if (!strlower_m(lowercase_user
)) {
168 TALLOC_FREE(lowercase_user
);
172 if (strcmp(user
,lowercase_user
) == 0) {
173 /* user name was already lower case! */
174 TALLOC_FREE(lowercase_user
);
178 DEBUG(5,("looking for user %s of domain %s in netgroup %s\n",
179 lowercase_user
, nis_domain
? nis_domain
: "(ANY)", ngname
));
181 if (innetgr(ngname
, NULL
, lowercase_user
, nis_domain
)) {
182 DEBUG(5,("user_in_netgroup: Found\n"));
183 TALLOC_FREE(lowercase_user
);
186 #endif /* HAVE_NETGROUP and HAVE_INNETGR */
190 /****************************************************************************
191 Check if a user is in a user list - can check combinations of UNIX
193 ****************************************************************************/
195 bool user_in_list(TALLOC_CTX
*ctx
, const char *user
, const char * const *list
)
200 DEBUG(10,("user_in_list: checking user %s in list\n", user
));
204 DEBUG(10,("user_in_list: checking user |%s| against |%s|\n",
208 * Check raw username.
210 if (strequal(user
, *list
))
214 * Now check to see if any combination
215 * of UNIX and netgroups has been specified.
220 * Old behaviour. Check netgroup list
221 * followed by UNIX list.
223 if(user_in_netgroup(ctx
, user
, *list
+1))
225 if(user_in_group(user
, *list
+1))
227 } else if (**list
== '+') {
229 if((*(*list
+1)) == '&') {
231 * Search UNIX list followed by netgroup.
233 if(user_in_group(user
, *list
+2))
235 if(user_in_netgroup(ctx
, user
, *list
+2))
241 * Just search UNIX list.
244 if(user_in_group(user
, *list
+1))
248 } else if (**list
== '&') {
250 if(*(*list
+1) == '+') {
252 * Search netgroup list followed by UNIX list.
254 if(user_in_netgroup(ctx
, user
, *list
+2))
256 if(user_in_group(user
, *list
+2))
260 * Just search netgroup list.
262 if(user_in_netgroup(ctx
, user
, *list
+1))
272 bool map_username(TALLOC_CTX
*ctx
, const char *user_in
, char **p_user_out
)
274 const struct loadparm_substitution
*lp_sub
=
275 loadparm_s3_global_substitution();
277 char *mapfile
= lp_username_map(talloc_tos(), lp_sub
);
280 bool mapped_user
= False
;
281 char *cmd
= lp_username_map_script(talloc_tos(), lp_sub
);
288 /* Initially make a copy of the incoming name. */
289 *p_user_out
= talloc_strdup(ctx
, user_in
);
294 if (strequal(user_in
,get_last_to()))
297 if (strequal(user_in
,get_last_from())) {
298 DEBUG(3,("Mapped user %s to %s\n",user_in
,get_last_to()));
299 TALLOC_FREE(*p_user_out
);
300 *p_user_out
= talloc_strdup(ctx
, get_last_to());
304 if (fetch_map_from_gencache(ctx
, user_in
, p_user_out
)) {
308 /* first try the username map script */
312 char *command
= NULL
;
313 int numlines
, ret
, fd
;
315 command
= talloc_asprintf(ctx
,
323 DEBUG(10,("Running [%s]\n", command
));
324 ret
= smbrun(command
, &fd
, NULL
);
325 DEBUGADD(10,("returned [%d]\n", ret
));
327 TALLOC_FREE(command
);
336 qlines
= fd_lines_load(fd
, &numlines
, 0, ctx
);
337 DEBUGADD(10,("Lines returned = [%d]\n", numlines
));
340 /* should be either no lines or a single line with the mapped username */
342 if (numlines
&& qlines
) {
343 DEBUG(3,("Mapped user %s to %s\n", user_in
, qlines
[0] ));
344 set_last_from_to(user_in
, qlines
[0]);
345 store_map_in_gencache(ctx
, user_in
, qlines
[0]);
346 TALLOC_FREE(*p_user_out
);
347 *p_user_out
= talloc_strdup(ctx
, qlines
[0]);
355 return numlines
!= 0;
358 /* ok. let's try the mapfile */
362 f
= fopen(mapfile
, "r");
364 DEBUG(0,("can't open username map %s. Error %s\n",mapfile
, strerror(errno
) ));
368 DEBUG(4,("Scanning username map %s\n",mapfile
));
370 while((s
=fgets_slash(NULL
,buf
,sizeof(buf
),f
))!=NULL
) {
372 char *dosname
= strchr_m(unixname
,'=');
374 bool return_if_mapped
= False
;
381 unixname
= skip_space(unixname
);
383 if ('!' == *unixname
) {
384 return_if_mapped
= True
;
385 unixname
= skip_space(unixname
+1);
388 if (!*unixname
|| strchr_m("#;",*unixname
))
392 int l
= strlen(unixname
);
393 while (l
&& isspace((int)unixname
[l
-1])) {
399 /* skip lines like 'user = ' */
401 dosuserlist
= str_list_make_v3(ctx
, dosname
, NULL
);
403 DEBUG(0,("Bad username map entry. Unable to build user list. Ignoring.\n"));
407 if (strchr_m(dosname
,'*') ||
408 user_in_list(ctx
, user_in
, (const char * const *)dosuserlist
)) {
409 DEBUG(3,("Mapped user %s to %s\n",user_in
,unixname
));
412 set_last_from_to(user_in
, unixname
);
413 store_map_in_gencache(ctx
, user_in
, unixname
);
414 TALLOC_FREE(*p_user_out
);
415 *p_user_out
= talloc_strdup(ctx
, unixname
);
417 TALLOC_FREE(dosuserlist
);
422 if ( return_if_mapped
) {
423 TALLOC_FREE(dosuserlist
);
429 TALLOC_FREE(dosuserlist
);
435 * If we didn't successfully map a user in the loop above,
436 * setup the last_from and last_to as an optimization so
437 * that we don't scan the file again for the same user.
440 DEBUG(8, ("The user '%s' has no mapping. "
441 "Skip it next time.\n", user_in
));
442 set_last_from_to(user_in
, user_in
);
443 store_map_in_gencache(ctx
, user_in
, user_in
);