예제 #1
0
static bool user_ok(const char *user, int snum)
{
	char **valid, **invalid;
	bool ret;

	valid = invalid = NULL;
	ret = True;

	if (lp_invalid_users(snum)) {
		invalid = str_list_copy(talloc_tos(), lp_invalid_users(snum));
		if (invalid &&
		    str_list_substitute(invalid, "%S", lp_servicename(snum))) {

			/* This is used in sec=share only, so no current user
			 * around to pass to str_list_sub_basic() */

			if ( invalid && str_list_sub_basic(invalid, "", "") ) {
				ret = !user_in_list(user,
						    (const char **)invalid);
			}
		}
	}
	TALLOC_FREE(invalid);

	if (ret && lp_valid_users(snum)) {
		valid = str_list_copy(talloc_tos(), lp_valid_users(snum));
		if ( valid &&
		     str_list_substitute(valid, "%S", lp_servicename(snum)) ) {

			/* This is used in sec=share only, so no current user
			 * around to pass to str_list_sub_basic() */

			if ( valid && str_list_sub_basic(valid, "", "") ) {
				ret = user_in_list(user, (const char **)valid);
			}
		}
	}
	TALLOC_FREE(valid);

	if (ret && lp_onlyuser(snum)) {
		char **user_list = str_list_make_v3(
			talloc_tos(), lp_username(snum), NULL);
		if (user_list &&
		    str_list_substitute(user_list, "%S",
					lp_servicename(snum))) {
			ret = user_in_list(user, (const char **)user_list);
		}
		TALLOC_FREE(user_list);
	}

	return(ret);
}
예제 #2
0
static BOOL user_ok(const char *user, int snum)
{
	char **valid, **invalid;
	BOOL ret;

	valid = invalid = NULL;
	ret = True;

	if (lp_invalid_users(snum)) {
		str_list_copy(&invalid, lp_invalid_users(snum));
		if (invalid &&
		    str_list_substitute(invalid, "%S", lp_servicename(snum))) {
			if ( invalid &&
			     str_list_sub_basic(invalid,
						current_user_info.smb_name) ) {
				ret = !user_in_list(user,
						    (const char **)invalid);
			}
		}
	}
	if (invalid)
		str_list_free (&invalid);

	if (ret && lp_valid_users(snum)) {
		str_list_copy(&valid, lp_valid_users(snum));
		if ( valid &&
		     str_list_substitute(valid, "%S", lp_servicename(snum)) ) {
			if ( valid &&
			     str_list_sub_basic(valid,
						current_user_info.smb_name) ) {
				ret = user_in_list(user, (const char **)valid);
			}
		}
	}
	if (valid)
		str_list_free (&valid);

	if (ret && lp_onlyuser(snum)) {
		char **user_list = str_list_make (lp_username(snum), NULL);
		if (user_list &&
		    str_list_substitute(user_list, "%S",
					lp_servicename(snum))) {
			ret = user_in_list(user, (const char **)user_list);
		}
		if (user_list) str_list_free (&user_list);
	}

	return(ret);
}
예제 #3
0
파일: uid.c 프로젝트: niubl/camera_project
static BOOL is_share_read_only_for_user(connection_struct *conn, user_struct *vuser)
{
	char **list;
	const char *service = lp_servicename(conn->service);
	BOOL read_only_ret = lp_readonly(conn->service);

	if (!service)
		return read_only_ret;

	str_list_copy(&list, lp_readlist(conn->service));
	if (list) {
		if (!str_list_sub_basic(list, vuser->user.smb_name) ) {
			DEBUG(0, ("is_share_read_only_for_user: ERROR: read list substitution failed\n"));
		}
		if (!str_list_substitute(list, "%S", service)) {
			DEBUG(0, ("is_share_read_only_for_user: ERROR: read list service substitution failed\n"));
		}
		if (user_in_list(vuser->user.unix_name, (const char **)list, vuser->groups, vuser->n_groups)) {
			read_only_ret = True;
		}
		str_list_free(&list);
	}

	str_list_copy(&list, lp_writelist(conn->service));
	if (list) {
		if (!str_list_sub_basic(list, vuser->user.smb_name) ) {
			DEBUG(0, ("is_share_read_only_for_user: ERROR: write list substitution failed\n"));
		}
		if (!str_list_substitute(list, "%S", service)) {
			DEBUG(0, ("is_share_read_only_for_user: ERROR: write list service substitution failed\n"));
		}
		if (user_in_list(vuser->user.unix_name, (const char **)list, vuser->groups, vuser->n_groups)) {
			read_only_ret = False;
		}
		str_list_free(&list);
	}

	DEBUG(10,("is_share_read_only_for_user: share %s is %s for unix user %s\n",
		service, read_only_ret ? "read-only" : "read-write", vuser->user.unix_name ));

	return read_only_ret;
}
예제 #4
0
파일: auth.c 프로젝트: sprymak/samba
NTSTATUS make_auth_context_subsystem(TALLOC_CTX *mem_ctx,
				     struct auth_context **auth_context)
{
	char **auth_method_list = NULL; 
	NTSTATUS nt_status;

	if (lp_auth_methods()
	    && !(auth_method_list = str_list_copy(talloc_tos(), 
			      lp_auth_methods()))) {
		return NT_STATUS_NO_MEMORY;
	}

	if (auth_method_list == NULL) {
		switch (lp_security()) 
		{
		case SEC_DOMAIN:
			DEBUG(5,("Making default auth method list for security=domain\n"));
			auth_method_list = str_list_make_v3(
				talloc_tos(), "guest sam winbind:ntdomain",
				NULL);
			break;
		case SEC_SERVER:
			DEBUG(5,("Making default auth method list for security=server\n"));
			auth_method_list = str_list_make_v3(
				talloc_tos(), "guest sam smbserver",
				NULL);
			break;
		case SEC_USER:
			if (lp_encrypted_passwords()) {	
				if ((lp_server_role() == ROLE_DOMAIN_PDC) || (lp_server_role() == ROLE_DOMAIN_BDC)) {
					DEBUG(5,("Making default auth method list for DC, security=user, encrypt passwords = yes\n"));
					auth_method_list = str_list_make_v3(
						talloc_tos(),
						"guest sam winbind:trustdomain",
						NULL);
				} else {
					DEBUG(5,("Making default auth method list for standalone security=user, encrypt passwords = yes\n"));
					auth_method_list = str_list_make_v3(
						talloc_tos(), "guest sam",
						NULL);
				}
			} else {
				DEBUG(5,("Making default auth method list for security=user, encrypt passwords = no\n"));
				auth_method_list = str_list_make_v3(
					talloc_tos(), "guest unix", NULL);
			}
			break;
		case SEC_ADS:
			DEBUG(5,("Making default auth method list for security=ADS\n"));
			auth_method_list = str_list_make_v3(
				talloc_tos(), "guest sam winbind:ntdomain",
				NULL);
			break;
		default:
			DEBUG(5,("Unknown auth method!\n"));
			return NT_STATUS_UNSUCCESSFUL;
		}
	} else {
		DEBUG(5,("Using specified auth order\n"));
	}

	nt_status = make_auth_context_text_list(mem_ctx, auth_context,
						auth_method_list);

	TALLOC_FREE(auth_method_list);
	return nt_status;
}