static int do_global_checks(void) { int ret = 0; SMB_STRUCT_STAT st; if (lp_security() > SEC_SHARE && lp_revalidate(-1)) { printf("WARNING: the 'revalidate' parameter is ignored in all but \ 'security=share' mode.\n"); }
/**************************************************************************** check for authority to login to a service with a given username/password ****************************************************************************/ BOOL authorise_login(int snum,char *user,char *password, int pwlen, BOOL *guest,BOOL *force,uint16 vuid) { BOOL ok = False; *guest = False; #if DEBUG_PASSWORD DEBUG(100,("checking authorisation on user=%s pass=%s\n",user,password)); #endif /* there are several possibilities: 1) login as the given user with given password 2) login as a previously registered username with the given password 3) login as a session list username with the given password 4) login as a previously validated user/password pair 5) login as the "user ="******"user ="******"ACCEPTED: given username password ok\n")); } /* check for a previously registered guest username */ if (!ok && (vuser != 0) && vuser->guest) { if (user_ok(vuser->name,snum) && password_ok(vuser->name, password, pwlen, NULL)) { pstrcpy(user, vuser->name); vuser->guest = False; DEBUG(3,("ACCEPTED: given password with registered user %s\n", user)); ok = True; } } /* now check the list of session users */ if (!ok) { char *auser; char *user_list = strdup(session_users); if (!user_list) return(False); for (auser=strtok(user_list,LIST_SEP); !ok && auser; auser = strtok(NULL,LIST_SEP)) { fstring user2; fstrcpy(user2,auser); if (!user_ok(user2,snum)) continue; if (password_ok(user2,password, pwlen, NULL)) { ok = True; pstrcpy(user,user2); DEBUG(3,("ACCEPTED: session list username and given password ok\n")); } } free(user_list); } /* check for a previously validated username/password pair */ if (!ok && (!lp_revalidate(snum) || lp_security() > SEC_SHARE) && (vuser != 0) && !vuser->guest && user_ok(vuser->name,snum)) { pstrcpy(user,vuser->name); *guest = False; DEBUG(3,("ACCEPTED: validated uid ok as non-guest\n")); ok = True; } /* check for a rhosts entry */ if (!ok && user_ok(user,snum) && check_hosts_equiv(user)) { ok = True; DEBUG(3,("ACCEPTED: hosts equiv or rhosts entry\n")); } /* check the user= fields and the given password */ if (!ok && lp_username(snum)) { char *auser; pstring user_list; StrnCpy(user_list,lp_username(snum),sizeof(pstring)); string_sub(user_list,"%S",lp_servicename(snum)); for (auser=strtok(user_list,LIST_SEP); auser && !ok; auser = strtok(NULL,LIST_SEP)) { if (*auser == '@') { auser = validate_group(auser+1,password,pwlen,snum); if (auser) { ok = True; pstrcpy(user,auser); DEBUG(3,("ACCEPTED: group username and given password ok\n")); } } else { fstring user2; fstrcpy(user2,auser); if (user_ok(user2,snum) && password_ok(user2,password,pwlen,NULL)) { ok = True; pstrcpy(user,user2); DEBUG(3,("ACCEPTED: user list username and given password ok\n")); } } } } } /* not guest only */ /* check for a normal guest connection */ if (!ok && GUEST_OK(snum)) { fstring guestname; StrnCpy(guestname,lp_guestaccount(snum),sizeof(guestname)-1); if (Get_Pwnam(guestname,True)) { pstrcpy(user,guestname); ok = True; DEBUG(3,("ACCEPTED: guest account and guest ok\n")); } else DEBUG(0,("Invalid guest account %s??\n",guestname)); *guest = True; *force = True; } if (ok && !user_ok(user,snum)) { DEBUG(0,("rejected invalid user %s\n",user)); ok = False; } return(ok); }