Context Navigation

source: branches/samba-3.0/source/smbd/password.c@ 124

Last change on this file since 124 was 124, checked in by Paul Smedley, 18 years ago
Update source to 3.0.28a
File size: 22.5 KB

Line
1	/*
2	Unix SMB/CIFS implementation.
3	Password and authentication handling
4	Copyright (C) Andrew Tridgell 1992-1998
5
6	This program is free software; you can redistribute it and/or modify
7	it under the terms of the GNU General Public License as published by
8	the Free Software Foundation; either version 2 of the License, or
9	(at your option) any later version.
10
11	This program is distributed in the hope that it will be useful,
12	but WITHOUT ANY WARRANTY; without even the implied warranty of
13	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14	GNU General Public License for more details.
15
16	You should have received a copy of the GNU General Public License
17	along with this program; if not, write to the Free Software
18	Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
19	*/
20
21	#include "includes.h"
22
23	/* users from session setup */
24	static char *session_userlist = NULL;
25	static int len_session_userlist = 0;
26	/* workgroup from session setup. */
27	static char *session_workgroup = NULL;
28
29	/* this holds info on user ids that are already validated for this VC */
30	static user_struct *validated_users;
31	static int next_vuid = VUID_OFFSET;
32	static int num_validated_vuids;
33
34	/****************************************************************************
35	Check if a uid has been validated, and return an pointer to the user_struct
36	if it has. NULL if not. vuid is biased by an offset. This allows us to
37	tell random client vuid's (normally zero) from valid vuids.
38	****************************************************************************/
39
40	user_struct *get_valid_user_struct(uint16 vuid)
41	{
42	user_struct *usp;
43	int count=0;
44
45	if (vuid == UID_FIELD_INVALID)
46	return NULL;
47
48	for (usp=validated_users;usp;usp=usp->next,count++) {
49	if (vuid == usp->vuid && usp->server_info) {
50	if (count > 10) {
51	DLIST_PROMOTE(validated_users, usp);
52	}
53	return usp;
54	}
55	}
56
57	return NULL;
58	}
59
60	/****************************************************************************
61	Get the user struct of a partial NTLMSSP login
62	****************************************************************************/
63
64	user_struct *get_partial_auth_user_struct(uint16 vuid)
65	{
66	user_struct *usp;
67	int count=0;
68
69	if (vuid == UID_FIELD_INVALID)
70	return NULL;
71
72	for (usp=validated_users;usp;usp=usp->next,count++) {
73	if (vuid == usp->vuid && !usp->server_info) {
74	if (count > 10) {
75	DLIST_PROMOTE(validated_users, usp);
76	}
77	return usp;
78	}
79	}
80
81	return NULL;
82	}
83
84	/****************************************************************************
85	Invalidate a uid.
86	****************************************************************************/
87
88	void invalidate_vuid(uint16 vuid)
89	{
90	user_struct *vuser = get_valid_user_struct(vuid);
91
92	if (vuser == NULL)
93	return;
94
95	SAFE_FREE(vuser->homedir);
96	SAFE_FREE(vuser->unix_homedir);
97	SAFE_FREE(vuser->logon_script);
98
99	if (vuser->auth_ntlmssp_state) {
100	auth_ntlmssp_end(&vuser->auth_ntlmssp_state);
101	}
102
103	session_yield(vuser);
104	SAFE_FREE(vuser->session_keystr);
105
106	TALLOC_FREE(vuser->server_info);
107
108	data_blob_free(&vuser->session_key);
109
110	DLIST_REMOVE(validated_users, vuser);
111
112	/* clear the vuid from the 'cache' on each connection, and
113	from the vuid 'owner' of connections */
114	conn_clear_vuid_cache(vuid);
115
116	SAFE_FREE(vuser->groups);
117	TALLOC_FREE(vuser->nt_user_token);
118
119	SAFE_FREE(vuser);
120	num_validated_vuids--;
121	}
122
123	void invalidate_intermediate_vuid(uint16 vuid)
124	{
125	user_struct *vuser = get_partial_auth_user_struct(vuid);
126
127	if (vuser == NULL)
128	return;
129
130	if (vuser->auth_ntlmssp_state) {
131	auth_ntlmssp_end(&vuser->auth_ntlmssp_state);
132	}
133
134	DLIST_REMOVE(validated_users, vuser);
135
136	SAFE_FREE(vuser);
137	num_validated_vuids--;
138	}
139
140	/****************************************************************************
141	Invalidate all vuid entries for this process.
142	****************************************************************************/
143
144	void invalidate_all_vuids(void)
145	{
146	user_struct usp, next=NULL;
147
148	for (usp=validated_users;usp;usp=next) {
149	next = usp->next;
150
151	invalidate_vuid(usp->vuid);
152	}
153	}
154
155	/**
156	* register that a valid login has been performed, establish 'session'.
157	* @param server_info The token returned from the authentication process.
158	* (now 'owned' by register_vuid)
159	*
160	* @param session_key The User session key for the login session (now also
161	* 'owned' by register_vuid)
162	*
163	* @param respose_blob The NT challenge-response, if available. (May be
164	* freed after this call)
165	*
166	* @param smb_name The untranslated name of the user
167	*
168	* @return Newly allocated vuid, biased by an offset. (This allows us to
169	* tell random client vuid's (normally zero) from valid vuids.)
170	*
171	*/
172
173	int register_vuid(auth_serversupplied_info *server_info,
174	DATA_BLOB session_key, DATA_BLOB response_blob,
175	const char *smb_name)
176	{
177	user_struct *vuser = NULL;
178
179	/* Paranoia check. */
180	if(lp_security() == SEC_SHARE) {
181	smb_panic("Tried to register uid in security=share\n");
182	}
183
184	/* Limit allowed vuids to 16bits - VUID_OFFSET. */
185	if (num_validated_vuids >= 0xFFFF-VUID_OFFSET) {
186	data_blob_free(&session_key);
187	TALLOC_FREE(server_info);
188	return UID_FIELD_INVALID;
189	}
190
191	if((vuser = SMB_MALLOC_P(user_struct)) == NULL) {
192	DEBUG(0,("Failed to malloc users struct!\n"));
193	data_blob_free(&session_key);
194	TALLOC_FREE(server_info);
195	return UID_FIELD_INVALID;
196	}
197
198	ZERO_STRUCTP(vuser);
199
200	/* Allocate a free vuid. Yes this is a linear search... :-) */
201	while( (get_valid_user_struct(next_vuid) != NULL)
202	\|\| (get_partial_auth_user_struct(next_vuid) != NULL) ) {
203	next_vuid++;
204	/* Check for vuid wrap. */
205	if (next_vuid == UID_FIELD_INVALID)
206	next_vuid = VUID_OFFSET;
207	}
208
209	DEBUG(10,("register_vuid: allocated vuid = %u\n",
210	(unsigned int)next_vuid ));
211
212	vuser->vuid = next_vuid;
213
214	if (!server_info) {
215	/*
216	* This happens in an unfinished NTLMSSP session setup. We
217	* need to allocate a vuid between the first and second calls
218	* to NTLMSSP.
219	*/
220	next_vuid++;
221	num_validated_vuids++;
222
223	vuser->server_info = NULL;
224
225	DLIST_ADD(validated_users, vuser);
226
227	return vuser->vuid;
228	}
229
230	/* the next functions should be done by a SID mapping system (SMS) as
231	* the new real sam db won't have reference to unix uids or gids
232	*/
233
234	vuser->uid = server_info->uid;
235	vuser->gid = server_info->gid;
236
237	vuser->n_groups = server_info->n_groups;
238	if (vuser->n_groups) {
239	if (!(vuser->groups = (gid_t *)memdup(server_info->groups,
240	sizeof(gid_t) *
241	vuser->n_groups))) {
242	DEBUG(0,("register_vuid: failed to memdup "
243	"vuser->groups\n"));
244	data_blob_free(&session_key);
245	free(vuser);
246	TALLOC_FREE(server_info);
247	return UID_FIELD_INVALID;
248	}
249	}
250
251	vuser->guest = server_info->guest;
252	fstrcpy(vuser->user.unix_name, server_info->unix_name);
253
254	/* This is a potentially untrusted username */
255	alpha_strcpy(vuser->user.smb_name, smb_name, ". _-$",
256	sizeof(vuser->user.smb_name));
257
258	fstrcpy(vuser->user.domain, pdb_get_domain(server_info->sam_account));
259	fstrcpy(vuser->user.full_name,
260	pdb_get_fullname(server_info->sam_account));
261
262	{
263	/* Keep the homedir handy */
264	const char *homedir =
265	pdb_get_homedir(server_info->sam_account);
266	const char *logon_script =
267	pdb_get_logon_script(server_info->sam_account);
268
269	if (!IS_SAM_DEFAULT(server_info->sam_account,
270	PDB_UNIXHOMEDIR)) {
271	const char *unix_homedir =
272	pdb_get_unix_homedir(server_info->sam_account);
273
274	if (unix_homedir) {
275	vuser->unix_homedir =
276	smb_xstrdup(unix_homedir);
277	}
278	} else {
279	struct passwd *passwd =
280	getpwnam_alloc(NULL, vuser->user.unix_name);
281	if (passwd) {
282	vuser->unix_homedir =
283	smb_xstrdup(passwd->pw_dir);
284	TALLOC_FREE(passwd);
285	}
286	}
287
288	if (homedir) {
289	vuser->homedir = smb_xstrdup(homedir);
290	}
291	if (logon_script) {
292	vuser->logon_script = smb_xstrdup(logon_script);
293	}
294	}
295
296	vuser->session_key = session_key;
297
298	DEBUG(10,("register_vuid: (%u,%u) %s %s %s guest=%d\n",
299	(unsigned int)vuser->uid,
300	(unsigned int)vuser->gid,
301	vuser->user.unix_name, vuser->user.smb_name,
302	vuser->user.domain, vuser->guest ));
303
304	DEBUG(3, ("User name: %s\tReal name: %s\n", vuser->user.unix_name,
305	vuser->user.full_name));
306
307	if (server_info->ptok) {
308	vuser->nt_user_token = dup_nt_token(NULL, server_info->ptok);
309	} else {
310	DEBUG(1, ("server_info does not contain a user_token - "
311	"cannot continue\n"));
312	TALLOC_FREE(server_info);
313	data_blob_free(&session_key);
314	SAFE_FREE(vuser->homedir);
315	SAFE_FREE(vuser->unix_homedir);
316	SAFE_FREE(vuser->logon_script);
317
318	SAFE_FREE(vuser);
319	return UID_FIELD_INVALID;
320	}
321
322	/* use this to keep tabs on all our info from the authentication */
323	vuser->server_info = server_info;
324
325	DEBUG(3,("UNIX uid %d is UNIX user %s, and will be vuid %u\n",
326	(int)vuser->uid,vuser->user.unix_name, vuser->vuid));
327
328	next_vuid++;
329	num_validated_vuids++;
330
331	DLIST_ADD(validated_users, vuser);
332
333	if (!session_claim(vuser)) {
334	DEBUG(1, ("Failed to claim session for vuid=%d\n",
335	vuser->vuid));
336	invalidate_vuid(vuser->vuid);
337	return UID_FIELD_INVALID;
338	}
339
340	/* Register a home dir service for this user iff
341
342	(a) This is not a guest connection,
343	(b) we have a home directory defined
344	(c) there s not an existing static share by that name
345
346	If a share exists by this name (autoloaded or not) reuse it . */
347
348	vuser->homes_snum = -1;
349
350	#ifdef __OS2__
351	/* On OS/2 we use drive letters which have a colon. This is also the field
352	separator in master.passwd, so we use a $ instead of a colon for the drive
353	separator, ie e$/user instead of e:/user. This code simply exchanges any $
354	for a : in the user's homedir */
355	if (vuser->unix_homedir[1] == '$')
356	vuser->unix_homedir[1] = ':';
357	#endif
358
359
360	if ( (!vuser->guest) && vuser->unix_homedir && *(vuser->unix_homedir))
361	{
362	int servicenumber = lp_servicenumber(vuser->user.unix_name);
363
364	if ( servicenumber == -1 ) {
365	DEBUG(3, ("Adding homes service for user '%s' using "
366	"home directory: '%s'\n",
367	vuser->user.unix_name, vuser->unix_homedir));
368	vuser->homes_snum =
369	add_home_service(vuser->user.unix_name,
370	vuser->user.unix_name,
371	vuser->unix_homedir);
372	} else {
373	DEBUG(3, ("Using static (or previously created) "
374	"service for user '%s'; path = '%s'\n",
375	vuser->user.unix_name,
376	lp_pathname(servicenumber) ));
377	vuser->homes_snum = servicenumber;
378	}
379	}
380
381	if (srv_is_signing_negotiated() && !vuser->guest &&
382	!srv_signing_started()) {
383	/* Try and turn on server signing on the first non-guest
384	* sessionsetup. */
385	srv_set_signing(vuser->session_key, response_blob);
386	}
387
388	/* fill in the current_user_info struct */
389	set_current_user_info( &vuser->user );
390
391
392	return vuser->vuid;
393	}
394
395	/****************************************************************************
396	Add a name to the session users list.
397	****************************************************************************/
398
399	void add_session_user(const char *user)
400	{
401	fstring suser;
402	struct passwd *passwd;
403
404	if (!(passwd = Get_Pwnam(user)))
405	return;
406
407	fstrcpy(suser,passwd->pw_name);
408
409	if(!*suser)
410	return;
411
412	if( session_userlist && in_list(suser,session_userlist,False) )
413	return;
414
415	if( !session_userlist \|\|
416	(strlen(suser) + strlen(session_userlist) + 2 >=
417	len_session_userlist) ) {
418	char *newlist;
419
420	if (len_session_userlist > 128 * PSTRING_LEN) {
421	DEBUG(3,("add_session_user: session userlist already "
422	"too large.\n"));
423	return;
424	}
425	newlist = (char *)SMB_REALLOC_KEEP_OLD_ON_ERROR(
426	session_userlist,
427	len_session_userlist + PSTRING_LEN );
428	if( newlist == NULL ) {
429	DEBUG(1,("Unable to resize session_userlist\n"));
430	return;
431	}
432	if (!session_userlist) {
433	*newlist = '\0';
434	}
435	session_userlist = newlist;
436	len_session_userlist += PSTRING_LEN;
437	}
438
439	safe_strcat(session_userlist," ",len_session_userlist-1);
440	safe_strcat(session_userlist,suser,len_session_userlist-1);
441	}
442
443	/****************************************************************************
444	In security=share mode we need to store the client workgroup, as that's
445	what Vista uses for the NTLMv2 calculation.
446	****************************************************************************/
447
448	void add_session_workgroup(const char *workgroup)
449	{
450	if (session_workgroup) {
451	SAFE_FREE(session_workgroup);
452	}
453	session_workgroup = smb_xstrdup(workgroup);
454	}
455
456	/****************************************************************************
457	In security=share mode we need to return the client workgroup, as that's
458	what Vista uses for the NTLMv2 calculation.
459	****************************************************************************/
460
461	const char *get_session_workgroup(void)
462	{
463	return session_workgroup;
464	}
465
466	/****************************************************************************
467	Check if a user is in a netgroup user list. If at first we don't succeed,
468	try lower case.
469	****************************************************************************/
470
471	BOOL user_in_netgroup(const char user, const char ngname)
472	{
473	#ifdef HAVE_NETGROUP
474	static char *mydomain = NULL;
475	fstring lowercase_user;
476
477	if (mydomain == NULL)
478	yp_get_default_domain(&mydomain);
479
480	if(mydomain == NULL) {
481	DEBUG(5,("Unable to get default yp domain, let's try without specifying it\n"));
482	}
483
484	DEBUG(5,("looking for user %s of domain %s in netgroup %s\n",
485	user, mydomain?mydomain:"(ANY)", ngname));
486
487	if (innetgr(ngname, NULL, user, mydomain)) {
488	DEBUG(5,("user_in_netgroup: Found\n"));
489	return (True);
490	} else {
491
492	/*
493	* Ok, innetgr is case sensitive. Try once more with lowercase
494	* just in case. Attempt to fix #703. JRA.
495	*/
496
497	fstrcpy(lowercase_user, user);
498	strlower_m(lowercase_user);
499
500	DEBUG(5,("looking for user %s of domain %s in netgroup %s\n",
501	lowercase_user, mydomain?mydomain:"(ANY)", ngname));
502
503	if (innetgr(ngname, NULL, lowercase_user, mydomain)) {
504	DEBUG(5,("user_in_netgroup: Found\n"));
505	return (True);
506	}
507	}
508	#endif /* HAVE_NETGROUP */
509	return False;
510	}
511
512	/****************************************************************************
513	Check if a user is in a user list - can check combinations of UNIX
514	and netgroup lists.
515	****************************************************************************/
516
517	BOOL user_in_list(const char user,const char *list)
518	{
519	if (!list \|\| !*list)
520	return False;
521
522	DEBUG(10,("user_in_list: checking user %s in list\n", user));
523
524	while (*list) {
525
526	DEBUG(10,("user_in_list: checking user \|%s\| against \|%s\|\n",
527	user, *list));
528
529	/*
530	* Check raw username.
531	*/
532	if (strequal(user, *list))
533	return(True);
534
535	/*
536	* Now check to see if any combination
537	* of UNIX and netgroups has been specified.
538	*/
539
540	if(**list == '@') {
541	/*
542	* Old behaviour. Check netgroup list
543	* followed by UNIX list.
544	*/
545	if(user_in_netgroup(user, *list +1))
546	return True;
547	if(user_in_group(user, *list +1))
548	return True;
549	} else if (**list == '+') {
550
551	if(((list +1)) == '&') {
552	/*
553	* Search UNIX list followed by netgroup.
554	*/
555	if(user_in_group(user, *list +2))
556	return True;
557	if(user_in_netgroup(user, *list +2))
558	return True;
559
560	} else {
561
562	/*
563	* Just search UNIX list.
564	*/
565
566	if(user_in_group(user, *list +1))
567	return True;
568	}
569
570	} else if (**list == '&') {
571
572	if((list +1) == '+') {
573	/*
574	* Search netgroup list followed by UNIX list.
575	*/
576	if(user_in_netgroup(user, *list +2))
577	return True;
578	if(user_in_group(user, *list +2))
579	return True;
580	} else {
581	/*
582	* Just search netgroup list.
583	*/
584	if(user_in_netgroup(user, *list +1))
585	return True;
586	}
587	}
588
589	list++;
590	}
591	return(False);
592	}
593
594	/****************************************************************************
595	Check if a username is valid.
596	****************************************************************************/
597
598	static BOOL user_ok(const char *user, int snum)
599	{
600	char valid, invalid;
601	BOOL ret;
602
603	valid = invalid = NULL;
604	ret = True;
605
606	if (lp_invalid_users(snum)) {
607	str_list_copy(&invalid, lp_invalid_users(snum));
608	if (invalid &&
609	str_list_substitute(invalid, "%S", lp_servicename(snum))) {
610
611	/* This is used in sec=share only, so no current user
612	* around to pass to str_list_sub_basic() */
613
614	if ( invalid && str_list_sub_basic(invalid, "", "") ) {
615	ret = !user_in_list(user,
616	(const char **)invalid);
617	}
618	}
619	}
620	if (invalid)
621	str_list_free (&invalid);
622
623	if (ret && lp_valid_users(snum)) {
624	str_list_copy(&valid, lp_valid_users(snum));
625	if ( valid &&
626	str_list_substitute(valid, "%S", lp_servicename(snum)) ) {
627
628	/* This is used in sec=share only, so no current user
629	* around to pass to str_list_sub_basic() */
630
631	if ( valid && str_list_sub_basic(valid, "", "") ) {
632	ret = user_in_list(user, (const char **)valid);
633	}
634	}
635	}
636	if (valid)
637	str_list_free (&valid);
638
639	if (ret && lp_onlyuser(snum)) {
640	char **user_list = str_list_make (lp_username(snum), NULL);
641	if (user_list &&
642	str_list_substitute(user_list, "%S",
643	lp_servicename(snum))) {
644	ret = user_in_list(user, (const char **)user_list);
645	}
646	if (user_list) str_list_free (&user_list);
647	}
648
649	return(ret);
650	}
651
652	/****************************************************************************
653	Validate a group username entry. Return the username or NULL.
654	****************************************************************************/
655
656	static char validate_group(char group, DATA_BLOB password,int snum)
657	{
658	#ifdef HAVE_NETGROUP
659	{
660	char host, user, *domain;
661	setnetgrent(group);
662	while (getnetgrent(&host, &user, &domain)) {
663	if (user) {
664	if (user_ok(user, snum) &&
665	password_ok(user,password)) {
666	endnetgrent();
667	return(user);
668	}
669	}
670	}
671	endnetgrent();
672	}
673	#endif
674
675	#ifdef HAVE_GETGRENT
676	{
677	struct group *gptr;
678	setgrent();
679	while ((gptr = (struct group *)getgrent())) {
680	if (strequal(gptr->gr_name,group))
681	break;
682	}
683
684	/*
685	* As user_ok can recurse doing a getgrent(), we must
686	* copy the member list into a pstring on the stack before
687	* use. Bug pointed out by [email protected].
688	*/
689
690	if (gptr) {
691	pstring member_list;
692	char *member;
693	size_t copied_len = 0;
694	int i;
695
696	*member_list = '\0';
697	member = member_list;
698
699	for(i = 0; gptr->gr_mem && gptr->gr_mem[i]; i++) {
700	size_t member_len = strlen(gptr->gr_mem[i])+1;
701	if(copied_len+member_len < sizeof(pstring)) {
702
703	DEBUG(10,("validate_group: = gr_mem = "
704	"%s\n", gptr->gr_mem[i]));
705
706	safe_strcpy(member, gptr->gr_mem[i],
707	sizeof(pstring) -
708	copied_len - 1);
709	copied_len += member_len;
710	member += copied_len;
711	} else {
712	*member = '\0';
713	}
714	}
715
716	endgrent();
717
718	member = member_list;
719	while (*member) {
720	static fstring name;
721	fstrcpy(name,member);
722	if (user_ok(name,snum) &&
723	password_ok(name,password)) {
724	endgrent();
725	return(&name[0]);
726	}
727
728	DEBUG(10,("validate_group = member = %s\n",
729	member));
730
731	member += strlen(member) + 1;
732	}
733	} else {
734	endgrent();
735	return NULL;
736	}
737	}
738	#endif
739	return(NULL);
740	}
741
742	/****************************************************************************
743	Check for authority to login to a service with a given username/password.
744	Note this is NOT used when logging on using sessionsetup_and_X.
745	****************************************************************************/
746
747	BOOL authorise_login(int snum, fstring user, DATA_BLOB password,
748	BOOL *guest)
749	{
750	BOOL ok = False;
751
752	#ifdef DEBUG_PASSWORD
753	DEBUG(100,("authorise_login: checking authorisation on "
754	"user=%s pass=%s\n", user,password.data));
755	#endif
756
757	*guest = False;
758
759	/* there are several possibilities:
760	1) login as the given user with given password
761	2) login as a previously registered username with the given
762	password
763	3) login as a session list username with the given password
764	4) login as a previously validated user/password pair
765	5) login as the "user =" user with given password
766	6) login as the "user =" user with no password
767	(guest connection)
768	7) login as guest user with no password
769
770	if the service is guest_only then steps 1 to 5 are skipped
771	*/
772
773	/* now check the list of session users */
774	if (!ok) {
775	char *auser;
776	char *user_list = NULL;
777
778	if ( session_userlist )
779	user_list = SMB_STRDUP(session_userlist);
780	else
781	user_list = SMB_STRDUP("");
782
783	if (!user_list)
784	return(False);
785
786	for (auser=strtok(user_list,LIST_SEP); !ok && auser;
787	auser = strtok(NULL,LIST_SEP)) {
788	fstring user2;
789	fstrcpy(user2,auser);
790	if (!user_ok(user2,snum))
791	continue;
792
793	if (password_ok(user2,password)) {
794	ok = True;
795	fstrcpy(user,user2);
796	DEBUG(3,("authorise_login: ACCEPTED: session "
797	"list username (%s) and given "
798	"password ok\n", user));
799	}
800	}
801
802	SAFE_FREE(user_list);
803	}
804
805	/* check the user= fields and the given password */
806	if (!ok && lp_username(snum)) {
807	char *auser;
808	pstring user_list;
809	pstrcpy(user_list,lp_username(snum));
810
811	pstring_sub(user_list,"%S",lp_servicename(snum));
812
813	for (auser=strtok(user_list,LIST_SEP); auser && !ok;
814	auser = strtok(NULL,LIST_SEP)) {
815	if (*auser == '@') {
816	auser = validate_group(auser+1,password,snum);
817	if (auser) {
818	ok = True;
819	fstrcpy(user,auser);
820	DEBUG(3,("authorise_login: ACCEPTED: "
821	"group username and given "
822	"password ok (%s)\n", user));
823	}
824	} else {
825	fstring user2;
826	fstrcpy(user2,auser);
827	if (user_ok(user2,snum) &&
828	password_ok(user2,password)) {
829	ok = True;
830	fstrcpy(user,user2);
831	DEBUG(3,("authorise_login: ACCEPTED: "
832	"user list username and "
833	"given password ok (%s)\n",
834	user));
835	}
836	}
837	}
838	}
839
840	/* check for a normal guest connection */
841	if (!ok && GUEST_OK(snum)) {
842	fstring guestname;
843	fstrcpy(guestname,lp_guestaccount());
844	if (Get_Pwnam(guestname)) {
845	fstrcpy(user,guestname);
846	ok = True;
847	DEBUG(3,("authorise_login: ACCEPTED: guest account "
848	"and guest ok (%s)\n", user));
849	} else {
850	DEBUG(0,("authorise_login: Invalid guest account "
851	"%s??\n",guestname));
852	}
853	*guest = True;
854	}
855
856	if (ok && !user_ok(user, snum)) {
857	DEBUG(0,("authorise_login: rejected invalid user %s\n",user));
858	ok = False;
859	}
860
861	return(ok);
862	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: