関数 | |
user_struct * | get_valid_user_struct (uint16 vuid) |
user_struct * | get_partial_auth_user_struct (uint16 vuid) |
void | invalidate_vuid (uint16 vuid) |
void | invalidate_intermediate_vuid (uint16 vuid) |
void | invalidate_all_vuids (void) |
int | register_vuid (auth_serversupplied_info *server_info, DATA_BLOB session_key, DATA_BLOB response_blob, const char *smb_name) |
register that a valid login has been performed, establish 'session'. | |
void | add_session_user (const char *user) |
void | add_session_workgroup (const char *workgroup) |
const char * | get_session_workgroup (void) |
BOOL | user_in_netgroup (const char *user, const char *ngname) |
BOOL | user_in_list (const char *user, const char **list) |
static BOOL | user_ok (const char *user, int snum) |
static char * | validate_group (char *group, DATA_BLOB password, int snum) |
BOOL | authorise_login (int snum, fstring user, DATA_BLOB password, BOOL *guest) |
変数 | |
static char * | session_userlist = NULL |
static int | len_session_userlist = 0 |
static char * | session_workgroup = NULL |
static user_struct * | validated_users |
static int | next_vuid = VUID_OFFSET |
static int | num_validated_vuids |
user_struct* get_valid_user_struct | ( | uint16 | vuid | ) |
password.c の 40 行で定義されています。
参照先 user_struct::next・user_struct::server_info・validated_users・user_struct::vuid.
参照元 _lsa_unk_get_connuser()・_net_sam_logoff()・_net_sam_logon_internal()・api_reply()・api_RNetUserGetInfo()・api_WWkstaUserLogon()・change_to_user()・invalidate_vuid()・is_owner()・make_connection()・make_internal_rpc_pipe_p()・pipe_access_check()・print_job_start()・register_vuid()・reply_ulogoffX()・switch_message().
00041 { 00042 user_struct *usp; 00043 int count=0; 00044 00045 if (vuid == UID_FIELD_INVALID) 00046 return NULL; 00047 00048 for (usp=validated_users;usp;usp=usp->next,count++) { 00049 if (vuid == usp->vuid && usp->server_info) { 00050 if (count > 10) { 00051 DLIST_PROMOTE(validated_users, usp); 00052 } 00053 return usp; 00054 } 00055 } 00056 00057 return NULL; 00058 }
user_struct* get_partial_auth_user_struct | ( | uint16 | vuid | ) |
password.c の 64 行で定義されています。
参照先 user_struct::next・user_struct::server_info・validated_users・user_struct::vuid.
参照元 invalidate_intermediate_vuid()・register_vuid()・reply_sesssetup_and_X_spnego().
00065 { 00066 user_struct *usp; 00067 int count=0; 00068 00069 if (vuid == UID_FIELD_INVALID) 00070 return NULL; 00071 00072 for (usp=validated_users;usp;usp=usp->next,count++) { 00073 if (vuid == usp->vuid && !usp->server_info) { 00074 if (count > 10) { 00075 DLIST_PROMOTE(validated_users, usp); 00076 } 00077 return usp; 00078 } 00079 } 00080 00081 return NULL; 00082 }
void invalidate_vuid | ( | uint16 | vuid | ) |
password.c の 88 行で定義されています。
参照先 auth_ntlmssp_end()・user_struct::auth_ntlmssp_state・conn_clear_vuid_cache()・data_blob_free()・get_valid_user_struct()・user_struct::groups・user_struct::homedir・user_struct::logon_script・user_struct::nt_user_token・num_validated_vuids・user_struct::server_info・user_struct::session_key・user_struct::session_keystr・session_yield()・user_struct::unix_homedir・validated_users.
参照元 invalidate_all_vuids()・register_vuid()・reply_ulogoffX().
00089 { 00090 user_struct *vuser = get_valid_user_struct(vuid); 00091 00092 if (vuser == NULL) 00093 return; 00094 00095 SAFE_FREE(vuser->homedir); 00096 SAFE_FREE(vuser->unix_homedir); 00097 SAFE_FREE(vuser->logon_script); 00098 00099 if (vuser->auth_ntlmssp_state) { 00100 auth_ntlmssp_end(&vuser->auth_ntlmssp_state); 00101 } 00102 00103 session_yield(vuser); 00104 SAFE_FREE(vuser->session_keystr); 00105 00106 TALLOC_FREE(vuser->server_info); 00107 00108 data_blob_free(&vuser->session_key); 00109 00110 DLIST_REMOVE(validated_users, vuser); 00111 00112 /* clear the vuid from the 'cache' on each connection, and 00113 from the vuid 'owner' of connections */ 00114 conn_clear_vuid_cache(vuid); 00115 00116 SAFE_FREE(vuser->groups); 00117 TALLOC_FREE(vuser->nt_user_token); 00118 00119 SAFE_FREE(vuser); 00120 num_validated_vuids--; 00121 }
void invalidate_intermediate_vuid | ( | uint16 | vuid | ) |
password.c の 123 行で定義されています。
参照先 auth_ntlmssp_end()・user_struct::auth_ntlmssp_state・get_partial_auth_user_struct()・num_validated_vuids・validated_users.
参照元 reply_sesssetup_and_X_spnego()・reply_spnego_auth()・reply_spnego_negotiate()・reply_spnego_ntlmssp().
00124 { 00125 user_struct *vuser = get_partial_auth_user_struct(vuid); 00126 00127 if (vuser == NULL) 00128 return; 00129 00130 if (vuser->auth_ntlmssp_state) { 00131 auth_ntlmssp_end(&vuser->auth_ntlmssp_state); 00132 } 00133 00134 DLIST_REMOVE(validated_users, vuser); 00135 00136 SAFE_FREE(vuser); 00137 num_validated_vuids--; 00138 }
void invalidate_all_vuids | ( | void | ) |
password.c の 144 行で定義されています。
参照先 invalidate_vuid()・user_struct::next・validated_users・user_struct::vuid.
参照元 exit_server_common()・setup_new_vc_session().
00145 { 00146 user_struct *usp, *next=NULL; 00147 00148 for (usp=validated_users;usp;usp=next) { 00149 next = usp->next; 00150 00151 invalidate_vuid(usp->vuid); 00152 } 00153 }
int register_vuid | ( | auth_serversupplied_info * | server_info, | |
DATA_BLOB | session_key, | |||
DATA_BLOB | response_blob, | |||
const char * | smb_name | |||
) |
register that a valid login has been performed, establish 'session'.
server_info | The token returned from the authentication process. (now 'owned' by register_vuid) | |
session_key | The User session key for the login session (now also 'owned' by register_vuid) | |
respose_blob | The NT challenge-response, if available. (May be freed after this call) | |
smb_name | The untranslated name of the user |
password.c の 173 行で定義されています。
参照先 add_home_service()・data_blob_free()・userdom_struct::domain・dup_nt_token()・userdom_struct::full_name・get_partial_auth_user_struct()・get_valid_user_struct()・getpwnam_alloc()・auth_serversupplied_info::gid・user_struct::gid・auth_serversupplied_info::groups・user_struct::groups・auth_serversupplied_info::guest・user_struct::guest・user_struct::homedir・user_struct::homes_snum・invalidate_vuid()・user_struct::logon_script・memdup()・auth_serversupplied_info::n_groups・user_struct::n_groups・next_vuid・user_struct::nt_user_token・num_validated_vuids・pdb_get_domain()・pdb_get_fullname()・pdb_get_homedir()・pdb_get_logon_script()・pdb_get_unix_homedir()・PDB_UNIXHOMEDIR・auth_serversupplied_info::ptok・auth_serversupplied_info::sam_account・SEC_SHARE・user_struct::server_info・session_claim()・user_struct::session_key・set_current_user_info()・userdom_struct::smb_name・smb_panic()・smb_xstrdup()・srv_is_signing_negotiated()・srv_set_signing()・srv_signing_started()・auth_serversupplied_info::uid・user_struct::uid・user_struct::unix_homedir・auth_serversupplied_info::unix_name・userdom_struct::unix_name・user_struct::user・validated_users・user_struct::vuid.
参照元 reply_sesssetup_and_X()・reply_sesssetup_and_X_spnego()・reply_spnego_kerberos()・reply_spnego_ntlmssp().
00176 { 00177 user_struct *vuser = NULL; 00178 00179 /* Paranoia check. */ 00180 if(lp_security() == SEC_SHARE) { 00181 smb_panic("Tried to register uid in security=share\n"); 00182 } 00183 00184 /* Limit allowed vuids to 16bits - VUID_OFFSET. */ 00185 if (num_validated_vuids >= 0xFFFF-VUID_OFFSET) { 00186 data_blob_free(&session_key); 00187 TALLOC_FREE(server_info); 00188 return UID_FIELD_INVALID; 00189 } 00190 00191 if((vuser = SMB_MALLOC_P(user_struct)) == NULL) { 00192 DEBUG(0,("Failed to malloc users struct!\n")); 00193 data_blob_free(&session_key); 00194 TALLOC_FREE(server_info); 00195 return UID_FIELD_INVALID; 00196 } 00197 00198 ZERO_STRUCTP(vuser); 00199 00200 /* Allocate a free vuid. Yes this is a linear search... :-) */ 00201 while( (get_valid_user_struct(next_vuid) != NULL) 00202 || (get_partial_auth_user_struct(next_vuid) != NULL) ) { 00203 next_vuid++; 00204 /* Check for vuid wrap. */ 00205 if (next_vuid == UID_FIELD_INVALID) 00206 next_vuid = VUID_OFFSET; 00207 } 00208 00209 DEBUG(10,("register_vuid: allocated vuid = %u\n", 00210 (unsigned int)next_vuid )); 00211 00212 vuser->vuid = next_vuid; 00213 00214 if (!server_info) { 00215 /* 00216 * This happens in an unfinished NTLMSSP session setup. We 00217 * need to allocate a vuid between the first and second calls 00218 * to NTLMSSP. 00219 */ 00220 next_vuid++; 00221 num_validated_vuids++; 00222 00223 vuser->server_info = NULL; 00224 00225 DLIST_ADD(validated_users, vuser); 00226 00227 return vuser->vuid; 00228 } 00229 00230 /* the next functions should be done by a SID mapping system (SMS) as 00231 * the new real sam db won't have reference to unix uids or gids 00232 */ 00233 00234 vuser->uid = server_info->uid; 00235 vuser->gid = server_info->gid; 00236 00237 vuser->n_groups = server_info->n_groups; 00238 if (vuser->n_groups) { 00239 if (!(vuser->groups = (gid_t *)memdup(server_info->groups, 00240 sizeof(gid_t) * 00241 vuser->n_groups))) { 00242 DEBUG(0,("register_vuid: failed to memdup " 00243 "vuser->groups\n")); 00244 data_blob_free(&session_key); 00245 free(vuser); 00246 TALLOC_FREE(server_info); 00247 return UID_FIELD_INVALID; 00248 } 00249 } 00250 00251 vuser->guest = server_info->guest; 00252 fstrcpy(vuser->user.unix_name, server_info->unix_name); 00253 00254 /* This is a potentially untrusted username */ 00255 alpha_strcpy(vuser->user.smb_name, smb_name, ". _-$", 00256 sizeof(vuser->user.smb_name)); 00257 00258 fstrcpy(vuser->user.domain, pdb_get_domain(server_info->sam_account)); 00259 fstrcpy(vuser->user.full_name, 00260 pdb_get_fullname(server_info->sam_account)); 00261 00262 { 00263 /* Keep the homedir handy */ 00264 const char *homedir = 00265 pdb_get_homedir(server_info->sam_account); 00266 const char *logon_script = 00267 pdb_get_logon_script(server_info->sam_account); 00268 00269 if (!IS_SAM_DEFAULT(server_info->sam_account, 00270 PDB_UNIXHOMEDIR)) { 00271 const char *unix_homedir = 00272 pdb_get_unix_homedir(server_info->sam_account); 00273 if (unix_homedir) { 00274 vuser->unix_homedir = 00275 smb_xstrdup(unix_homedir); 00276 } 00277 } else { 00278 struct passwd *passwd = 00279 getpwnam_alloc(NULL, vuser->user.unix_name); 00280 if (passwd) { 00281 vuser->unix_homedir = 00282 smb_xstrdup(passwd->pw_dir); 00283 TALLOC_FREE(passwd); 00284 } 00285 } 00286 00287 if (homedir) { 00288 vuser->homedir = smb_xstrdup(homedir); 00289 } 00290 if (logon_script) { 00291 vuser->logon_script = smb_xstrdup(logon_script); 00292 } 00293 } 00294 00295 vuser->session_key = session_key; 00296 00297 DEBUG(10,("register_vuid: (%u,%u) %s %s %s guest=%d\n", 00298 (unsigned int)vuser->uid, 00299 (unsigned int)vuser->gid, 00300 vuser->user.unix_name, vuser->user.smb_name, 00301 vuser->user.domain, vuser->guest )); 00302 00303 DEBUG(3, ("User name: %s\tReal name: %s\n", vuser->user.unix_name, 00304 vuser->user.full_name)); 00305 00306 if (server_info->ptok) { 00307 vuser->nt_user_token = dup_nt_token(NULL, server_info->ptok); 00308 } else { 00309 DEBUG(1, ("server_info does not contain a user_token - " 00310 "cannot continue\n")); 00311 TALLOC_FREE(server_info); 00312 data_blob_free(&session_key); 00313 SAFE_FREE(vuser->homedir); 00314 SAFE_FREE(vuser->unix_homedir); 00315 SAFE_FREE(vuser->logon_script); 00316 00317 SAFE_FREE(vuser); 00318 return UID_FIELD_INVALID; 00319 } 00320 00321 /* use this to keep tabs on all our info from the authentication */ 00322 vuser->server_info = server_info; 00323 00324 DEBUG(3,("UNIX uid %d is UNIX user %s, and will be vuid %u\n", 00325 (int)vuser->uid,vuser->user.unix_name, vuser->vuid)); 00326 00327 next_vuid++; 00328 num_validated_vuids++; 00329 00330 DLIST_ADD(validated_users, vuser); 00331 00332 if (!session_claim(vuser)) { 00333 DEBUG(1, ("Failed to claim session for vuid=%d\n", 00334 vuser->vuid)); 00335 invalidate_vuid(vuser->vuid); 00336 return UID_FIELD_INVALID; 00337 } 00338 00339 /* Register a home dir service for this user iff 00340 00341 (a) This is not a guest connection, 00342 (b) we have a home directory defined 00343 (c) there s not an existing static share by that name 00344 00345 If a share exists by this name (autoloaded or not) reuse it . */ 00346 00347 vuser->homes_snum = -1; 00348 00349 if ( (!vuser->guest) && vuser->unix_homedir && *(vuser->unix_homedir)) 00350 { 00351 int servicenumber = lp_servicenumber(vuser->user.unix_name); 00352 00353 if ( servicenumber == -1 ) { 00354 DEBUG(3, ("Adding homes service for user '%s' using " 00355 "home directory: '%s'\n", 00356 vuser->user.unix_name, vuser->unix_homedir)); 00357 vuser->homes_snum = 00358 add_home_service(vuser->user.unix_name, 00359 vuser->user.unix_name, 00360 vuser->unix_homedir); 00361 } else { 00362 DEBUG(3, ("Using static (or previously created) " 00363 "service for user '%s'; path = '%s'\n", 00364 vuser->user.unix_name, 00365 lp_pathname(servicenumber) )); 00366 vuser->homes_snum = servicenumber; 00367 } 00368 } 00369 00370 if (srv_is_signing_negotiated() && !vuser->guest && 00371 !srv_signing_started()) { 00372 /* Try and turn on server signing on the first non-guest 00373 * sessionsetup. */ 00374 srv_set_signing(vuser->session_key, response_blob); 00375 } 00376 00377 /* fill in the current_user_info struct */ 00378 set_current_user_info( &vuser->user ); 00379 00380 00381 return vuser->vuid; 00382 }
void add_session_user | ( | const char * | user | ) |
password.c の 388 行で定義されています。
参照先 Get_Pwnam()・in_list()・len_session_userlist・session_userlist.
参照元 make_connection_snum()・reply_sesssetup_and_X()・reply_special().
00389 { 00390 fstring suser; 00391 struct passwd *passwd; 00392 00393 if (!(passwd = Get_Pwnam(user))) 00394 return; 00395 00396 fstrcpy(suser,passwd->pw_name); 00397 00398 if(!*suser) 00399 return; 00400 00401 if( session_userlist && in_list(suser,session_userlist,False) ) 00402 return; 00403 00404 if( !session_userlist || 00405 (strlen(suser) + strlen(session_userlist) + 2 >= 00406 len_session_userlist) ) { 00407 char *newlist; 00408 00409 if (len_session_userlist > 128 * PSTRING_LEN) { 00410 DEBUG(3,("add_session_user: session userlist already " 00411 "too large.\n")); 00412 return; 00413 } 00414 newlist = (char *)SMB_REALLOC_KEEP_OLD_ON_ERROR( 00415 session_userlist, 00416 len_session_userlist + PSTRING_LEN ); 00417 if( newlist == NULL ) { 00418 DEBUG(1,("Unable to resize session_userlist\n")); 00419 return; 00420 } 00421 if (!session_userlist) { 00422 *newlist = '\0'; 00423 } 00424 session_userlist = newlist; 00425 len_session_userlist += PSTRING_LEN; 00426 } 00427 00428 safe_strcat(session_userlist," ",len_session_userlist-1); 00429 safe_strcat(session_userlist,suser,len_session_userlist-1); 00430 }
void add_session_workgroup | ( | const char * | workgroup | ) |
password.c の 437 行で定義されています。
参照先 session_workgroup・smb_xstrdup().
00438 { 00439 if (session_workgroup) { 00440 SAFE_FREE(session_workgroup); 00441 } 00442 session_workgroup = smb_xstrdup(workgroup); 00443 }
const char* get_session_workgroup | ( | void | ) |
password.c の 450 行で定義されています。
参照先 session_workgroup.
参照元 password_ok().
00451 { 00452 return session_workgroup; 00453 }
BOOL user_in_netgroup | ( | const char * | user, | |
const char * | ngname | |||
) |
password.c の 460 行で定義されています。
参照先 strlower_m().
参照元 token_contains_name()・user_in_list().
00461 { 00462 #ifdef HAVE_NETGROUP 00463 static char *mydomain = NULL; 00464 fstring lowercase_user; 00465 00466 if (mydomain == NULL) 00467 yp_get_default_domain(&mydomain); 00468 00469 if(mydomain == NULL) { 00470 DEBUG(5,("Unable to get default yp domain, let's try without specifying it\n")); 00471 } 00472 00473 DEBUG(5,("looking for user %s of domain %s in netgroup %s\n", 00474 user, mydomain?mydomain:"(ANY)", ngname)); 00475 00476 if (innetgr(ngname, NULL, user, mydomain)) { 00477 DEBUG(5,("user_in_netgroup: Found\n")); 00478 return (True); 00479 } else { 00480 00481 /* 00482 * Ok, innetgr is case sensitive. Try once more with lowercase 00483 * just in case. Attempt to fix #703. JRA. 00484 */ 00485 00486 fstrcpy(lowercase_user, user); 00487 strlower_m(lowercase_user); 00488 00489 DEBUG(5,("looking for user %s of domain %s in netgroup %s\n", 00490 lowercase_user, mydomain?mydomain:"(ANY)", ngname)); 00491 00492 if (innetgr(ngname, NULL, lowercase_user, mydomain)) { 00493 DEBUG(5,("user_in_netgroup: Found\n")); 00494 return (True); 00495 } 00496 } 00497 #endif /* HAVE_NETGROUP */ 00498 return False; 00499 }
BOOL user_in_list | ( | const char * | user, | |
const char ** | list | |||
) |
password.c の 506 行で定義されています。
参照先 strequal()・user_in_group()・user_in_netgroup().
参照元 map_username()・user_ok().
00507 { 00508 if (!list || !*list) 00509 return False; 00510 00511 DEBUG(10,("user_in_list: checking user %s in list\n", user)); 00512 00513 while (*list) { 00514 00515 DEBUG(10,("user_in_list: checking user |%s| against |%s|\n", 00516 user, *list)); 00517 00518 /* 00519 * Check raw username. 00520 */ 00521 if (strequal(user, *list)) 00522 return(True); 00523 00524 /* 00525 * Now check to see if any combination 00526 * of UNIX and netgroups has been specified. 00527 */ 00528 00529 if(**list == '@') { 00530 /* 00531 * Old behaviour. Check netgroup list 00532 * followed by UNIX list. 00533 */ 00534 if(user_in_netgroup(user, *list +1)) 00535 return True; 00536 if(user_in_group(user, *list +1)) 00537 return True; 00538 } else if (**list == '+') { 00539 00540 if((*(*list +1)) == '&') { 00541 /* 00542 * Search UNIX list followed by netgroup. 00543 */ 00544 if(user_in_group(user, *list +2)) 00545 return True; 00546 if(user_in_netgroup(user, *list +2)) 00547 return True; 00548 00549 } else { 00550 00551 /* 00552 * Just search UNIX list. 00553 */ 00554 00555 if(user_in_group(user, *list +1)) 00556 return True; 00557 } 00558 00559 } else if (**list == '&') { 00560 00561 if(*(*list +1) == '+') { 00562 /* 00563 * Search netgroup list followed by UNIX list. 00564 */ 00565 if(user_in_netgroup(user, *list +2)) 00566 return True; 00567 if(user_in_group(user, *list +2)) 00568 return True; 00569 } else { 00570 /* 00571 * Just search netgroup list. 00572 */ 00573 if(user_in_netgroup(user, *list +1)) 00574 return True; 00575 } 00576 } 00577 00578 list++; 00579 } 00580 return(False); 00581 }
static BOOL user_ok | ( | const char * | user, | |
int | snum | |||
) | [static] |
password.c の 587 行で定義されています。
参照先 str_list_copy()・str_list_free()・str_list_make()・str_list_sub_basic()・str_list_substitute()・user_in_list()・valid.
参照元 authorise_login()・validate_group().
00588 { 00589 char **valid, **invalid; 00590 BOOL ret; 00591 00592 valid = invalid = NULL; 00593 ret = True; 00594 00595 if (lp_invalid_users(snum)) { 00596 str_list_copy(&invalid, lp_invalid_users(snum)); 00597 if (invalid && 00598 str_list_substitute(invalid, "%S", lp_servicename(snum))) { 00599 00600 /* This is used in sec=share only, so no current user 00601 * around to pass to str_list_sub_basic() */ 00602 00603 if ( invalid && str_list_sub_basic(invalid, "", "") ) { 00604 ret = !user_in_list(user, 00605 (const char **)invalid); 00606 } 00607 } 00608 } 00609 if (invalid) 00610 str_list_free (&invalid); 00611 00612 if (ret && lp_valid_users(snum)) { 00613 str_list_copy(&valid, lp_valid_users(snum)); 00614 if ( valid && 00615 str_list_substitute(valid, "%S", lp_servicename(snum)) ) { 00616 00617 /* This is used in sec=share only, so no current user 00618 * around to pass to str_list_sub_basic() */ 00619 00620 if ( valid && str_list_sub_basic(valid, "", "") ) { 00621 ret = user_in_list(user, (const char **)valid); 00622 } 00623 } 00624 } 00625 if (valid) 00626 str_list_free (&valid); 00627 00628 if (ret && lp_onlyuser(snum)) { 00629 char **user_list = str_list_make (lp_username(snum), NULL); 00630 if (user_list && 00631 str_list_substitute(user_list, "%S", 00632 lp_servicename(snum))) { 00633 ret = user_in_list(user, (const char **)user_list); 00634 } 00635 if (user_list) str_list_free (&user_list); 00636 } 00637 00638 return(ret); 00639 }
static char* validate_group | ( | char * | group, | |
DATA_BLOB | password, | |||
int | snum | |||
) | [static] |
password.c の 645 行で定義されています。
参照先 host・name・password・password_ok()・strequal()・user_ok().
参照元 authorise_login().
00646 { 00647 #ifdef HAVE_NETGROUP 00648 { 00649 char *host, *user, *domain; 00650 setnetgrent(group); 00651 while (getnetgrent(&host, &user, &domain)) { 00652 if (user) { 00653 if (user_ok(user, snum) && 00654 password_ok(user,password)) { 00655 endnetgrent(); 00656 return(user); 00657 } 00658 } 00659 } 00660 endnetgrent(); 00661 } 00662 #endif 00663 00664 #ifdef HAVE_GETGRENT 00665 { 00666 struct group *gptr; 00667 setgrent(); 00668 while ((gptr = (struct group *)getgrent())) { 00669 if (strequal(gptr->gr_name,group)) 00670 break; 00671 } 00672 00673 /* 00674 * As user_ok can recurse doing a getgrent(), we must 00675 * copy the member list into a pstring on the stack before 00676 * use. Bug pointed out by leon@eatworms.swmed.edu. 00677 */ 00678 00679 if (gptr) { 00680 pstring member_list; 00681 char *member; 00682 size_t copied_len = 0; 00683 int i; 00684 00685 *member_list = '\0'; 00686 member = member_list; 00687 00688 for(i = 0; gptr->gr_mem && gptr->gr_mem[i]; i++) { 00689 size_t member_len = strlen(gptr->gr_mem[i])+1; 00690 if(copied_len+member_len < sizeof(pstring)) { 00691 00692 DEBUG(10,("validate_group: = gr_mem = " 00693 "%s\n", gptr->gr_mem[i])); 00694 00695 safe_strcpy(member, gptr->gr_mem[i], 00696 sizeof(pstring) - 00697 copied_len - 1); 00698 copied_len += member_len; 00699 member += copied_len; 00700 } else { 00701 *member = '\0'; 00702 } 00703 } 00704 00705 endgrent(); 00706 00707 member = member_list; 00708 while (*member) { 00709 static fstring name; 00710 fstrcpy(name,member); 00711 if (user_ok(name,snum) && 00712 password_ok(name,password)) { 00713 endgrent(); 00714 return(&name[0]); 00715 } 00716 00717 DEBUG(10,("validate_group = member = %s\n", 00718 member)); 00719 00720 member += strlen(member) + 1; 00721 } 00722 } else { 00723 endgrent(); 00724 return NULL; 00725 } 00726 } 00727 #endif 00728 return(NULL); 00729 }
password.c の 736 行で定義されています。
参照先 Get_Pwnam()・password・password_ok()・pstring_sub()・session_userlist・user_ok()・validate_group().
00738 { 00739 BOOL ok = False; 00740 00741 #ifdef DEBUG_PASSWORD 00742 DEBUG(100,("authorise_login: checking authorisation on " 00743 "user=%s pass=%s\n", user,password.data)); 00744 #endif 00745 00746 *guest = False; 00747 00748 /* there are several possibilities: 00749 1) login as the given user with given password 00750 2) login as a previously registered username with the given 00751 password 00752 3) login as a session list username with the given password 00753 4) login as a previously validated user/password pair 00754 5) login as the "user =" user with given password 00755 6) login as the "user =" user with no password 00756 (guest connection) 00757 7) login as guest user with no password 00758 00759 if the service is guest_only then steps 1 to 5 are skipped 00760 */ 00761 00762 /* now check the list of session users */ 00763 if (!ok) { 00764 char *auser; 00765 char *user_list = NULL; 00766 00767 if ( session_userlist ) 00768 user_list = SMB_STRDUP(session_userlist); 00769 else 00770 user_list = SMB_STRDUP(""); 00771 00772 if (!user_list) 00773 return(False); 00774 00775 for (auser=strtok(user_list,LIST_SEP); !ok && auser; 00776 auser = strtok(NULL,LIST_SEP)) { 00777 fstring user2; 00778 fstrcpy(user2,auser); 00779 if (!user_ok(user2,snum)) 00780 continue; 00781 00782 if (password_ok(user2,password)) { 00783 ok = True; 00784 fstrcpy(user,user2); 00785 DEBUG(3,("authorise_login: ACCEPTED: session " 00786 "list username (%s) and given " 00787 "password ok\n", user)); 00788 } 00789 } 00790 00791 SAFE_FREE(user_list); 00792 } 00793 00794 /* check the user= fields and the given password */ 00795 if (!ok && lp_username(snum)) { 00796 char *auser; 00797 pstring user_list; 00798 pstrcpy(user_list,lp_username(snum)); 00799 00800 pstring_sub(user_list,"%S",lp_servicename(snum)); 00801 00802 for (auser=strtok(user_list,LIST_SEP); auser && !ok; 00803 auser = strtok(NULL,LIST_SEP)) { 00804 if (*auser == '@') { 00805 auser = validate_group(auser+1,password,snum); 00806 if (auser) { 00807 ok = True; 00808 fstrcpy(user,auser); 00809 DEBUG(3,("authorise_login: ACCEPTED: " 00810 "group username and given " 00811 "password ok (%s)\n", user)); 00812 } 00813 } else { 00814 fstring user2; 00815 fstrcpy(user2,auser); 00816 if (user_ok(user2,snum) && 00817 password_ok(user2,password)) { 00818 ok = True; 00819 fstrcpy(user,user2); 00820 DEBUG(3,("authorise_login: ACCEPTED: " 00821 "user list username and " 00822 "given password ok (%s)\n", 00823 user)); 00824 } 00825 } 00826 } 00827 } 00828 00829 /* check for a normal guest connection */ 00830 if (!ok && GUEST_OK(snum)) { 00831 fstring guestname; 00832 fstrcpy(guestname,lp_guestaccount()); 00833 if (Get_Pwnam(guestname)) { 00834 fstrcpy(user,guestname); 00835 ok = True; 00836 DEBUG(3,("authorise_login: ACCEPTED: guest account " 00837 "and guest ok (%s)\n", user)); 00838 } else { 00839 DEBUG(0,("authorise_login: Invalid guest account " 00840 "%s??\n",guestname)); 00841 } 00842 *guest = True; 00843 } 00844 00845 if (ok && !user_ok(user, snum)) { 00846 DEBUG(0,("authorise_login: rejected invalid user %s\n",user)); 00847 ok = False; 00848 } 00849 00850 return(ok); 00851 }
char* session_userlist = NULL [static] |
int len_session_userlist = 0 [static] |
char* session_workgroup = NULL [static] |
user_struct* validated_users [static] |
int next_vuid = VUID_OFFSET [static] |
int num_validated_vuids [static] |