diff options
author | Günther Deschner <gd@samba.org> | 2005-02-24 00:26:24 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:55:45 -0500 |
commit | 8f143b6800e0b6964c8ba4ba9607dc74da12ae59 (patch) | |
tree | 53abc016ff47efa397fd17a94e0bb8cdbf22a844 /source/auth/auth_sam.c | |
parent | 3660b7e64d9a17bcaa4f43c6d782b0b1d52ed6ab (diff) | |
download | samba-8f143b6800e0b6964c8ba4ba9607dc74da12ae59.tar.gz samba-8f143b6800e0b6964c8ba4ba9607dc74da12ae59.tar.xz samba-8f143b6800e0b6964c8ba4ba9607dc74da12ae59.zip |
r5528: Expand the invalid-workstation-scheme. Workstation-Names with leading
'@'-sign are expanded on-the-fly as posix-groups of workstations. This
allows optional, more flexible login-control in larger networks.
Guenther
Diffstat (limited to 'source/auth/auth_sam.c')
-rw-r--r-- | source/auth/auth_sam.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/source/auth/auth_sam.c b/source/auth/auth_sam.c index 2633cc92c37..db05ac97f88 100644 --- a/source/auth/auth_sam.c +++ b/source/auth/auth_sam.c @@ -170,9 +170,13 @@ static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx, if (*workstation_list) { BOOL invalid_ws = True; + fstring tok; const char *s = workstation_list; + + const char *machine_name = talloc_asprintf(mem_ctx, "%s$", user_info->wksta_name.str); + if (machine_name == NULL) + return NT_STATUS_NO_MEMORY; - fstring tok; while (next_token(&s, tok, ",", sizeof(tok))) { DEBUG(10,("sam_account_ok: checking for workstation match %s and %s (len=%d)\n", @@ -181,6 +185,14 @@ static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx, invalid_ws = False; break; } + if (tok[0] == '@') { + DEBUG(10,("sam_account_ok: checking for workstation %s in group: %s\n", + machine_name, tok + 1)); + if (user_in_group_list(machine_name, tok + 1, NULL, 0)) { + invalid_ws = False; + break; + } + } } if (invalid_ws) |