smbd/share_access.c

ソースコードを見る。

関数

static BOOL do_group_checks (const char **name, const char **pattern)
static BOOL token_contains_name (TALLOC_CTX *mem_ctx, const char *username, const char *sharename, const struct nt_user_token *token, const char *name)
BOOL token_contains_name_in_list (const char *username, const char *sharename, const struct nt_user_token *token, const char **list)
BOOL user_ok_token (const char *username, struct nt_user_token *token, int snum)
BOOL is_share_read_only_for_token (const char *username, struct nt_user_token *token, int snum)

変数

userdom_struct current_user_info


関数

static BOOL do_group_checks ( const char **  name,
const char **  pattern 
) [static]

share_access.c33 行で定義されています。

参照元 token_contains_name().

00034 {
00035         if ((*name)[0] == '@') {
00036                 *pattern = "&+";
00037                 *name += 1;
00038                 return True;
00039         }
00040 
00041         if (((*name)[0] == '+') && ((*name)[1] == '&')) {
00042                 *pattern = "+&";
00043                 *name += 2;
00044                 return True;
00045         }
00046 
00047         if ((*name)[0] == '+') {
00048                 *pattern = "+";
00049                 *name += 1;
00050                 return True;
00051         }
00052 
00053         if (((*name)[0] == '&') && ((*name)[1] == '+')) {
00054                 *pattern = "&+";
00055                 *name += 2;
00056                 return True;
00057         }
00058 
00059         if ((*name)[0] == '&') {
00060                 *pattern = "&";
00061                 *name += 1;
00062                 return True;
00063         }
00064 
00065         return False;
00066 }

static BOOL token_contains_name ( TALLOC_CTX mem_ctx,
const char *  username,
const char *  sharename,
const struct nt_user_token token,
const char *  name 
) [static]

share_access.c68 行で定義されています。

参照先 current_user_infodo_group_checks()userdom_struct::domainlookup_name_smbconf()nt_token_check_sid()SID_NAME_ALIASSID_NAME_DOM_GRPSID_NAME_USERSID_NAME_WKN_GRPsid_type_lookup()smb_panic()string_to_sid()talloc_string_sub()talloc_sub_basic()typeuser_in_netgroup().

参照元 token_contains_name_in_list().

00073 {
00074         const char *prefix;
00075         DOM_SID sid;
00076         enum lsa_SidType type;
00077 
00078         if (username != NULL) {
00079                 name = talloc_sub_basic(mem_ctx, username,
00080                                         current_user_info.domain, name);
00081         }
00082         if (sharename != NULL) {
00083                 name = talloc_string_sub(mem_ctx, name, "%S", sharename);
00084         }
00085 
00086         if (name == NULL) {
00087                 /* This is too security sensitive, better panic than return a
00088                  * result that might be interpreted in a wrong way. */
00089                 smb_panic("substitutions failed\n");
00090         }
00091         
00092         /* check to see is we already have a SID */
00093 
00094         if ( string_to_sid( &sid, name ) ) {
00095                 DEBUG(5,("token_contains_name: Checking for SID [%s] in token\n", name));
00096                 return nt_token_check_sid( &sid, token );
00097         }
00098 
00099         if (!do_group_checks(&name, &prefix)) {
00100                 if (!lookup_name_smbconf(mem_ctx, name, LOOKUP_NAME_ALL,
00101                                  NULL, NULL, &sid, &type)) {
00102                         DEBUG(5, ("lookup_name %s failed\n", name));
00103                         return False;
00104                 }
00105                 if (type != SID_NAME_USER) {
00106                         DEBUG(5, ("%s is a %s, expected a user\n",
00107                                   name, sid_type_lookup(type)));
00108                         return False;
00109                 }
00110                 return nt_token_check_sid(&sid, token);
00111         }
00112 
00113         for (/* initialized above */ ; *prefix != '\0'; prefix++) {
00114                 if (*prefix == '+') {
00115                         if (!lookup_name_smbconf(mem_ctx, name,
00116                                          LOOKUP_NAME_ALL|LOOKUP_NAME_GROUP,
00117                                          NULL, NULL, &sid, &type)) {
00118                                 DEBUG(5, ("lookup_name %s failed\n", name));
00119                                 return False;
00120                         }
00121                         if ((type != SID_NAME_DOM_GRP) &&
00122                             (type != SID_NAME_ALIAS) &&
00123                             (type != SID_NAME_WKN_GRP)) {
00124                                 DEBUG(5, ("%s is a %s, expected a group\n",
00125                                           name, sid_type_lookup(type)));
00126                                 return False;
00127                         }
00128                         if (nt_token_check_sid(&sid, token)) {
00129                                 return True;
00130                         }
00131                         continue;
00132                 }
00133                 if (*prefix == '&') {
00134                         if (user_in_netgroup(username, name)) {
00135                                 return True;
00136                         }
00137                         continue;
00138                 }
00139                 smb_panic("got invalid prefix from do_groups_check\n");
00140         }
00141         return False;
00142 }

BOOL token_contains_name_in_list ( const char *  username,
const char *  sharename,
const struct nt_user_token token,
const char **  list 
)

share_access.c155 行で定義されています。

参照先 auth_context::mem_ctxsmb_panic()token_contains_name().

参照元 _spoolss_deleteprinterdriver()_spoolss_deleteprinterdriverex()_spoolss_open_printer_ex()is_share_read_only_for_token()print_access_check()user_ok_token().

00159 {
00160         TALLOC_CTX *mem_ctx;
00161 
00162         if (list == NULL) {
00163                 return False;
00164         }
00165 
00166         if ( (mem_ctx = talloc_new(NULL)) == NULL ) {
00167                 smb_panic("talloc_new failed\n");
00168         }
00169 
00170         while (*list != NULL) {
00171                 if (token_contains_name(mem_ctx, username, sharename,token, *list)) {
00172                         TALLOC_FREE(mem_ctx);
00173                         return True;
00174                 }
00175                 list += 1;
00176         }
00177 
00178         TALLOC_FREE(mem_ctx);
00179         return False;
00180 }

BOOL user_ok_token ( const char *  username,
struct nt_user_token token,
int  snum 
)

share_access.c195 行で定義されています。

参照先 list()token_contains_name_in_list().

参照元 _spoolss_open_printer_ex()make_connection_snum().

00196 {
00197         if (lp_invalid_users(snum) != NULL) {
00198                 if (token_contains_name_in_list(username, lp_servicename(snum),
00199                                                 token,
00200                                                 lp_invalid_users(snum))) {
00201                         DEBUG(10, ("User %s in 'invalid users'\n", username));
00202                         return False;
00203                 }
00204         }
00205 
00206         if (lp_valid_users(snum) != NULL) {
00207                 if (!token_contains_name_in_list(username,
00208                                                  lp_servicename(snum), token,
00209                                                  lp_valid_users(snum))) {
00210                         DEBUG(10, ("User %s not in 'valid users'\n",
00211                                    username));
00212                         return False;
00213                 }
00214         }
00215 
00216         if (lp_onlyuser(snum)) {
00217                 const char *list[2];
00218                 list[0] = lp_username(snum);
00219                 list[1] = NULL;
00220                 if ((list[0] == NULL) || (*list[0] == '\0')) {
00221                         DEBUG(0, ("'only user = yes' and no 'username ='\n"));
00222                         return False;
00223                 }
00224                 if (!token_contains_name_in_list(NULL, lp_servicename(snum),
00225                                                  token, list)) {
00226                         DEBUG(10, ("%s != 'username'\n", username));
00227                         return False;
00228                 }
00229         }
00230 
00231         DEBUG(10, ("user_ok_token: share %s is ok for unix user %s\n",
00232                    lp_servicename(snum), username));
00233 
00234         return True;
00235 }

BOOL is_share_read_only_for_token ( const char *  username,
struct nt_user_token token,
int  snum 
)

share_access.c251 行で定義されています。

参照先 resulttoken_contains_name_in_list().

00253 {
00254         BOOL result = lp_readonly(snum);
00255 
00256         if (lp_readlist(snum) != NULL) {
00257                 if (token_contains_name_in_list(username,
00258                                                 lp_servicename(snum), token,
00259                                                 lp_readlist(snum))) {
00260                         result = True;
00261                 }
00262         }
00263 
00264         if (lp_writelist(snum) != NULL) {
00265                 if (token_contains_name_in_list(username,
00266                                                 lp_servicename(snum), token,
00267                                                 lp_writelist(snum))) {
00268                         result = False;
00269                 }
00270         }
00271 
00272         DEBUG(10,("is_share_read_only_for_user: share %s is %s for unix user "
00273                   "%s\n", lp_servicename(snum),
00274                   result ? "read-only" : "read-write", username));
00275 
00276         return result;
00277 }


変数

userdom_struct current_user_info

substitute.c29 行で定義されています。


Sambaに対してSat Aug 29 21:24:29 2009に生成されました。  doxygen 1.4.7