static bool user_ok(const char *user, int snum)
{
char **valid, **invalid;
bool ret;
valid = invalid = NULL;
ret = True;
if (lp_invalid_users(snum)) {
invalid = str_list_copy(talloc_tos(), lp_invalid_users(snum));
if (invalid &&
str_list_substitute(invalid, "%S", lp_servicename(snum))) {
/* This is used in sec=share only, so no current user
* around to pass to str_list_sub_basic() */
if ( invalid && str_list_sub_basic(invalid, "", "") ) {
ret = !user_in_list(user,
(const char **)invalid);
}
}
}
TALLOC_FREE(invalid);
if (ret && lp_valid_users(snum)) {
valid = str_list_copy(talloc_tos(), lp_valid_users(snum));
if ( valid &&
str_list_substitute(valid, "%S", lp_servicename(snum)) ) {
/* This is used in sec=share only, so no current user
* around to pass to str_list_sub_basic() */
if ( valid && str_list_sub_basic(valid, "", "") ) {
ret = user_in_list(user, (const char **)valid);
}
}
}
TALLOC_FREE(valid);
if (ret && lp_onlyuser(snum)) {
char **user_list = str_list_make_v3(
talloc_tos(), lp_username(snum), NULL);
if (user_list &&
str_list_substitute(user_list, "%S",
lp_servicename(snum))) {
ret = user_in_list(user, (const char **)user_list);
}
TALLOC_FREE(user_list);
}
return(ret);
}
static BOOL user_ok(const char *user, int snum)
{
char **valid, **invalid;
BOOL ret;
valid = invalid = NULL;
ret = True;
if (lp_invalid_users(snum)) {
str_list_copy(&invalid, lp_invalid_users(snum));
if (invalid &&
str_list_substitute(invalid, "%S", lp_servicename(snum))) {
if ( invalid &&
str_list_sub_basic(invalid,
current_user_info.smb_name) ) {
ret = !user_in_list(user,
(const char **)invalid);
}
}
}
if (invalid)
str_list_free (&invalid);
if (ret && lp_valid_users(snum)) {
str_list_copy(&valid, lp_valid_users(snum));
if ( valid &&
str_list_substitute(valid, "%S", lp_servicename(snum)) ) {
if ( valid &&
str_list_sub_basic(valid,
current_user_info.smb_name) ) {
ret = user_in_list(user, (const char **)valid);
}
}
}
if (valid)
str_list_free (&valid);
if (ret && lp_onlyuser(snum)) {
char **user_list = str_list_make (lp_username(snum), NULL);
if (user_list &&
str_list_substitute(user_list, "%S",
lp_servicename(snum))) {
ret = user_in_list(user, (const char **)user_list);
}
if (user_list) str_list_free (&user_list);
}
return(ret);
}
static BOOL is_share_read_only_for_user(connection_struct *conn, user_struct *vuser)
{
char **list;
const char *service = lp_servicename(conn->service);
BOOL read_only_ret = lp_readonly(conn->service);
if (!service)
return read_only_ret;
str_list_copy(&list, lp_readlist(conn->service));
if (list) {
if (!str_list_sub_basic(list, vuser->user.smb_name) ) {
DEBUG(0, ("is_share_read_only_for_user: ERROR: read list substitution failed\n"));
}
if (!str_list_substitute(list, "%S", service)) {
DEBUG(0, ("is_share_read_only_for_user: ERROR: read list service substitution failed\n"));
}
if (user_in_list(vuser->user.unix_name, (const char **)list, vuser->groups, vuser->n_groups)) {
read_only_ret = True;
}
str_list_free(&list);
}
str_list_copy(&list, lp_writelist(conn->service));
if (list) {
if (!str_list_sub_basic(list, vuser->user.smb_name) ) {
DEBUG(0, ("is_share_read_only_for_user: ERROR: write list substitution failed\n"));
}
if (!str_list_substitute(list, "%S", service)) {
DEBUG(0, ("is_share_read_only_for_user: ERROR: write list service substitution failed\n"));
}
if (user_in_list(vuser->user.unix_name, (const char **)list, vuser->groups, vuser->n_groups)) {
read_only_ret = False;
}
str_list_free(&list);
}
DEBUG(10,("is_share_read_only_for_user: share %s is %s for unix user %s\n",
service, read_only_ret ? "read-only" : "read-write", vuser->user.unix_name ));
return read_only_ret;
}
NTSTATUS make_auth_context_subsystem(TALLOC_CTX *mem_ctx,
struct auth_context **auth_context)
{
char **auth_method_list = NULL;
NTSTATUS nt_status;
if (lp_auth_methods()
&& !(auth_method_list = str_list_copy(talloc_tos(),
lp_auth_methods()))) {
return NT_STATUS_NO_MEMORY;
}
if (auth_method_list == NULL) {
switch (lp_security())
{
case SEC_DOMAIN:
DEBUG(5,("Making default auth method list for security=domain\n"));
auth_method_list = str_list_make_v3(
talloc_tos(), "guest sam winbind:ntdomain",
NULL);
break;
case SEC_SERVER:
DEBUG(5,("Making default auth method list for security=server\n"));
auth_method_list = str_list_make_v3(
talloc_tos(), "guest sam smbserver",
NULL);
break;
case SEC_USER:
if (lp_encrypted_passwords()) {
if ((lp_server_role() == ROLE_DOMAIN_PDC) || (lp_server_role() == ROLE_DOMAIN_BDC)) {
DEBUG(5,("Making default auth method list for DC, security=user, encrypt passwords = yes\n"));
auth_method_list = str_list_make_v3(
talloc_tos(),
"guest sam winbind:trustdomain",
NULL);
} else {
DEBUG(5,("Making default auth method list for standalone security=user, encrypt passwords = yes\n"));
auth_method_list = str_list_make_v3(
talloc_tos(), "guest sam",
NULL);
}
} else {
DEBUG(5,("Making default auth method list for security=user, encrypt passwords = no\n"));
auth_method_list = str_list_make_v3(
talloc_tos(), "guest unix", NULL);
}
break;
case SEC_ADS:
DEBUG(5,("Making default auth method list for security=ADS\n"));
auth_method_list = str_list_make_v3(
talloc_tos(), "guest sam winbind:ntdomain",
NULL);
break;
default:
DEBUG(5,("Unknown auth method!\n"));
return NT_STATUS_UNSUCCESSFUL;
}
} else {
DEBUG(5,("Using specified auth order\n"));
}
nt_status = make_auth_context_text_list(mem_ctx, auth_context,
auth_method_list);
TALLOC_FREE(auth_method_list);
return nt_status;
}
