svn commit: samba r5528 - branches/SAMBA_3_0/source/auth trunk/source/auth

Thu Feb 24 00:26:25 GMT 2005

Author: gd
Date: 2005-02-24 00:26:24 +0000 (Thu, 24 Feb 2005)
New Revision: 5528

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=5528

Log:
Expand the invalid-workstation-scheme. Workstation-Names with leading
'@'-sign are expanded on-the-fly as posix-groups of workstations. This
allows optional, more flexible login-control in larger networks.

Guenther

Modified:
   branches/SAMBA_3_0/source/auth/auth_sam.c
   trunk/source/auth/auth_sam.c


Changeset:
Modified: branches/SAMBA_3_0/source/auth/auth_sam.c
===================================================================

--- branches/SAMBA_3_0/source/auth/auth_sam.c	2005-02-24 00:11:42 UTC (rev 5527)
+++ branches/SAMBA_3_0/source/auth/auth_sam.c	2005-02-24 00:26:24 UTC (rev 5528)
@@ -170,9 +170,13 @@
 
 	if (*workstation_list) {
 		BOOL invalid_ws = True;
+		fstring tok;
 		const char *s = workstation_list;
+
+		const char *machine_name = talloc_asprintf(mem_ctx, "%s$", user_info->wksta_name.str);
+		if (machine_name == NULL)
+			return NT_STATUS_NO_MEMORY;
 			
-		fstring tok;
 			
 		while (next_token(&s, tok, ",", sizeof(tok))) {
 			DEBUG(10,("sam_account_ok: checking for workstation match %s and %s (len=%d)\n",
@@ -181,6 +185,14 @@
 				invalid_ws = False;
 				break;
 			}
+			if (tok[0] == '@') {
+				DEBUG(10,("sam_account_ok: checking for workstation %s in group: %s\n", 
+					machine_name, tok + 1));
+				if (user_in_group_list(machine_name, tok + 1, NULL, 0)) {
+					invalid_ws = False;
+					break;
+				}
+			}
 		}
 		
 		if (invalid_ws) 

Modified: trunk/source/auth/auth_sam.c
===================================================================
--- trunk/source/auth/auth_sam.c	2005-02-24 00:11:42 UTC (rev 5527)
+++ trunk/source/auth/auth_sam.c	2005-02-24 00:26:24 UTC (rev 5528)
@@ -170,9 +170,13 @@
 
 	if (*workstation_list) {
 		BOOL invalid_ws = True;
+		fstring tok;
 		const char *s = workstation_list;
+
+		const char *machine_name = talloc_asprintf(mem_ctx, "%s$", user_info->wksta_name.str);
+		if (machine_name == NULL)
+			return NT_STATUS_NO_MEMORY;
 			
-		fstring tok;
 			
 		while (next_token(&s, tok, ",", sizeof(tok))) {
 			DEBUG(10,("sam_account_ok: checking for workstation match %s and %s (len=%d)\n",
@@ -181,6 +185,14 @@
 				invalid_ws = False;
 				break;
 			}
+			if (tok[0] == '@') {
+				DEBUG(10,("sam_account_ok: checking for workstation %s in group: %s\n", 
+					machine_name, tok + 1));
+				if (user_in_group_list(machine_name, tok + 1, NULL, 0)) {
+					invalid_ws = False;
+					break;
+				}
+			}
 		}
 		
 		if (invalid_ws) 

