username.c

samba-3.0.22.tar.gz 编译smb服务器的源码

/****************************************************************************
 Check if a user is in a winbind group.
****************************************************************************/
  
static BOOL user_in_winbind_group_list(const char *user, const char *gname,
				       BOOL *winbind_answered)
{
	int i;
 	gid_t gid, gid_low, gid_high;
 	BOOL ret = False;
	static gid_t *groups = NULL;
	static int num_groups = 0;
	static fstring last_user = "";
 
 	*winbind_answered = False;
 
	if ((gid = nametogid(gname)) == (gid_t)-1) {
 		DEBUG(0,("user_in_winbind_group_list: nametogid for group %s "
			 "failed.\n", gname ));
 		goto err;
 	}

	if (!lp_idmap_gid(&gid_low, &gid_high)) {
		DEBUG(4, ("winbind gid range not configured, therefore %s "
			  "cannot be a winbind group\n", gname));
 		goto err;
	}

	if (gid < gid_low || gid > gid_high) {
		DEBUG(4, ("group %s is not a winbind group\n", gname));
 		goto err;
	}
 
	/* try to user the last user we looked up */
	/* otherwise fall back to lookups */
	
	if ( !strequal( last_user, user ) || !groups )
 	{
		/* clear any cached information */
		
 	 	SAFE_FREE(groups);
		fstrcpy( last_user, "" );

	 	/*
 		 * Get the gid's that this user belongs to.
 		 */
 
	 	if ((num_groups = winbind_getgroups(user, &groups)) == -1)
 			return False;
			
		if ( num_groups == -1 )
			return False;
 
	 	if ( num_groups == 0 ) {
 			*winbind_answered = True;
 			return False;
 		}
 		
		/* save the last username */
		
		fstrcpy( last_user, user );
		
	}
	else 
		DEBUG(10,("user_in_winbind_group_list: using cached user "
			  "groups for [%s]\n", user));
 
 	if ( DEBUGLEVEL >= 10 ) {
		DEBUG(10,("user_in_winbind_group_list: using groups -- "));
	 	for ( i=0; i<num_groups; i++ )
			DEBUGADD(10,("%lu ", (unsigned long)groups[i]));
		DEBUGADD(10,("\n"));	
	}
 
	/*
	 * Now we have the gid list for this user - convert the gname to a
	 * gid_t via either winbind or the local UNIX lookup and do the
	 * comparison.
	 */
 
 	for (i = 0; i < num_groups; i++) {
 		if (gid == groups[i]) {
 			ret = True;
 			break;
 		}
 	}
 
 	*winbind_answered = True;
 	SAFE_FREE(groups);
 	return ret;
 
   err:
 
 	*winbind_answered = False;
 	SAFE_FREE(groups);
 	return False;
}	      
 
/****************************************************************************
 Check if a user is in a UNIX group.
****************************************************************************/

BOOL user_in_unix_group_list(const char *user,const char *gname)
{
	struct passwd *pass = Get_Pwnam(user);
	struct sys_userlist *user_list;
	struct sys_userlist *member;

	DEBUG(10,("user_in_unix_group_list: checking user %s in group %s\n",
		  user, gname));

 	/*
 	 * We need to check the users primary group as this
 	 * group is implicit and often not listed in the group database.
 	 */
 
 	if (pass) {
 		if (strequal(gname,gidtoname(pass->pw_gid))) {
 			DEBUG(10,("user_in_unix_group_list: group %s is "
				  "primary group.\n", gname ));
 			return True;
 		}
 	}
 
	user_list = get_users_in_group(gname);
 	if (user_list == NULL) {
 		DEBUG(10,("user_in_unix_group_list: no such group %s\n",
			  gname ));
 		return False;
 	}

	for (member = user_list; member; member = member->next) {
 		DEBUG(10,("user_in_unix_group_list: checking user %s against "
			  "member %s\n", user, member->unix_name ));
  		if (strequal(member->unix_name,user)) {
			free_userlist(user_list);
  			return(True);
  		}
	}

	free_userlist(user_list);
	return False;
}	      

/****************************************************************************
 Check if a user is in a group list. Ask winbind first, then use UNIX.
****************************************************************************/

BOOL user_in_group_list(const char *user, const char *gname, gid_t *groups,
			size_t n_groups)
{
	BOOL winbind_answered = False;
	BOOL ret;
	gid_t gid;
	unsigned i;

	gid = nametogid(gname);
	if (gid == (gid_t)-1) 
		return False;

	if (groups && n_groups > 0) {
		for (i=0; i < n_groups; i++) {
			if (groups[i] == gid) {
				return True;
			}
		}
		return False;
	}

	/* fallback if we don't yet have the group list */

	ret = user_in_winbind_group_list(user, gname, &winbind_answered);
	if (!winbind_answered)
		ret = user_in_unix_group_list(user, gname);

	if (ret)
		DEBUG(10,("user_in_group_list: user |%s| is in group |%s|\n",
			  user, gname));
	return ret;
}

/****************************************************************************
 Check if a user is in a user list - can check combinations of UNIX
 and netgroup lists.
****************************************************************************/

BOOL user_in_list(const char *user,const char **list, gid_t *groups,
		  size_t n_groups)
{
	if (!list || !*list)
		return False;

	DEBUG(10,("user_in_list: checking user %s in list\n", user));

	while (*list) {

		DEBUG(10,("user_in_list: checking user |%s| against |%s|\n",
			  user, *list));

		/*
		 * Check raw username.
		 */
		if (strequal(user, *list))
			return(True);

		/*
		 * Now check to see if any combination
		 * of UNIX and netgroups has been specified.
		 */

		if(**list == '@') {
			/*
			 * Old behaviour. Check netgroup list
			 * followed by UNIX list.
			 */
			if(user_in_netgroup_list(user, *list +1))
				return True;
			if(user_in_group_list(user, *list +1, groups,
					      n_groups))
				return True;
		} else if (**list == '+') {

			if((*(*list +1)) == '&') {
				/*
				 * Search UNIX list followed by netgroup.
				 */
				if(user_in_group_list(user, *list +2, groups,
						      n_groups))
					return True;
				if(user_in_netgroup_list(user, *list +2))
					return True;

			} else {

				/*
				 * Just search UNIX list.
				 */

				if(user_in_group_list(user, *list +1, groups,
						      n_groups))
					return True;
			}

		} else if (**list == '&') {

			if(*(*list +1) == '+') {
				/*
				 * Search netgroup list followed by UNIX list.
				 */
				if(user_in_netgroup_list(user, *list +2))
					return True;
				if(user_in_group_list(user, *list +2, groups,
						      n_groups))
					return True;
			} else {
				/*
				 * Just search netgroup list.
				 */
				if(user_in_netgroup_list(user, *list +1))
					return True;
			}
		} else if (!name_is_local(*list)) {
			/*
			 * If user name did not match and token is not a unix
			 * group and the token has a winbind separator in the
			 * name then see if it is a Windows group.
			 */

			DOM_SID g_sid;
			enum SID_NAME_USE name_type;
			BOOL winbind_answered = False;
			BOOL ret;
			fstring groupname, domain;
			
			/* Parse a string of the form DOMAIN/user into a
			 * domain and a user */

			char *p = strchr(*list,*lp_winbind_separator());
			
			DEBUG(10,("user_in_list: checking if user |%s| is in "
				  "winbind group |%s|\n", user, *list));

			if (p) {
				fstrcpy(groupname, p+1);
				fstrcpy(domain, *list);
				domain[PTR_DIFF(p, *list)] = 0;

				/* Check to see if name is a Windows group;
				   Win2k native mode DCs will return domain
				   local groups; while NT4 or mixed mode 2k
				   DCs will not */
			
				if ( winbind_lookup_name(domain, groupname,
							 &g_sid, &name_type) 
				     && ( name_type==SID_NAME_DOM_GRP || 
					  (strequal(lp_workgroup(), domain) &&
					   name_type==SID_NAME_ALIAS) ) )
				{
					
					/* Check if user name is in the
					 * Windows group */
					ret = user_in_winbind_group_list(
						user, *list,
						&winbind_answered);
					
					if (winbind_answered && ret == True) {
						DEBUG(10,("user_in_list: user "
							  "|%s| is in winbind "
							  "group |%s|\n",
							  user, *list));
						return ret;
					}
				}
			}
		}
    
		list++;
	}
	return(False);
}

/* The functions below have been taken from password.c and slightly modified */
/****************************************************************************
 Apply a function to upper/lower case combinations
 of a string and return true if one of them returns true.
 Try all combinations with N uppercase letters.
 offset is the first char to try and change (start with 0)
 it assumes the string starts lowercased
****************************************************************************/

static struct passwd *uname_string_combinations2(char *s,int offset,struct passwd *(*fn)(const char *),int N)
{
	ssize_t len = (ssize_t)strlen(s);
	int i;
	struct passwd *ret;

	if (N <= 0 || offset >= len)
		return(fn(s));

	for (i=offset;i<(len-(N-1));i++) {
		char c = s[i];
		if (!islower_ascii((int)c))
			continue;
		s[i] = toupper_ascii(c);
		ret = uname_string_combinations2(s,i+1,fn,N-1);
		if(ret)
			return(ret);
		s[i] = c;
	}
	return(NULL);
}

/****************************************************************************
 Apply a function to upper/lower case combinations
 of a string and return true if one of them returns true.
 Try all combinations with up to N uppercase letters.
 offset is the first char to try and change (start with 0)
 it assumes the string starts lowercased
****************************************************************************/

static struct passwd * uname_string_combinations(char *s,struct passwd * (*fn)(const char *),int N)
{
	int n;
	struct passwd *ret;

	for (n=1;n<=N;n++) {
		ret = uname_string_combinations2(s,0,fn,n);
		if(ret)
			return(ret);
	}  
	return(NULL);
}