*/
#include "includes.h"
+#include "system/filesys.h"
+#include "system/passwd.h"
#include "auth/auth.h"
#include "smb_server/smb_server.h"
+#include "ntvfs/ntvfs.h"
struct unixuid_private {
- void *samctx;
+ struct sidmap_context *sidmap;
struct unix_sec_ctx *last_sec_ctx;
- struct nt_user_token *last_token;
+ struct security_token *last_token;
};
-/*
- map a sid to a unix uid
-*/
-static NTSTATUS sid_to_unixuid(struct ntvfs_module_context *ntvfs,
- struct smbsrv_request *req, struct dom_sid *sid, uid_t *uid)
-{
- struct unixuid_private *private = ntvfs->private_data;
- const char *attrs[] = { "sAMAccountName", "unixID", "unixName", "sAMAccountType", NULL };
- int ret;
- const char *s;
- void *ctx;
- struct ldb_message **res;
- const char *sidstr;
- uint_t atype;
-
- ctx = talloc(req, 0);
- sidstr = dom_sid_string(ctx, sid);
-
- ret = samdb_search(private->samctx, ctx, NULL, &res, attrs, "objectSid=%s", sidstr);
- if (ret != 1) {
- DEBUG(0,("sid_to_unixuid: unable to find sam record for sid %s\n", sidstr));
- talloc_free(ctx);
- return NT_STATUS_ACCESS_DENIED;
- }
-
- /* make sure its a user, not a group */
- atype = samdb_result_uint(res[0], "sAMAccountType", 0);
- if (atype && (!(atype & ATYPE_ACCOUNT))) {
- DEBUG(0,("sid_to_unixuid: sid %s is not an account!\n", sidstr));
- talloc_free(ctx);
- return NT_STATUS_ACCESS_DENIED;
- }
-
- /* first try to get the uid directly */
- s = samdb_result_string(res[0], "unixID", NULL);
- if (s != NULL) {
- *uid = strtoul(s, NULL, 0);
- talloc_free(ctx);
- return NT_STATUS_OK;
- }
-
- /* next try via the UnixName attribute */
- s = samdb_result_string(res[0], "unixName", NULL);
- if (s != NULL) {
- struct passwd *pwd = getpwnam(s);
- if (!pwd) {
- DEBUG(0,("unixName %s for sid %s does not exist as a local user\n", s, sidstr));
- talloc_free(ctx);
- return NT_STATUS_ACCESS_DENIED;
- }
- *uid = pwd->pw_uid;
- talloc_free(ctx);
- return NT_STATUS_OK;
- }
-
- /* finally try via the sAMAccountName attribute */
- s = samdb_result_string(res[0], "sAMAccountName", NULL);
- if (s != NULL) {
- struct passwd *pwd = getpwnam(s);
- if (!pwd) {
- DEBUG(0,("sAMAccountName '%s' for sid %s does not exist as a local user\n", s, sidstr));
- talloc_free(ctx);
- return NT_STATUS_ACCESS_DENIED;
- }
- *uid = pwd->pw_uid;
- talloc_free(ctx);
- return NT_STATUS_OK;
- }
-
- DEBUG(0,("sid_to_unixuid: no unixID, unixName or sAMAccountName for sid %s\n", sidstr));
-
- talloc_free(ctx);
- return NT_STATUS_ACCESS_DENIED;
-}
-
-
-/*
- map a sid to a unix gid
-*/
-static NTSTATUS sid_to_unixgid(struct ntvfs_module_context *ntvfs,
- struct smbsrv_request *req, struct dom_sid *sid, gid_t *gid)
-{
- struct unixuid_private *private = ntvfs->private_data;
- const char *attrs[] = { "sAMAccountName", "unixID", "unixName", "sAMAccountType", NULL };
- int ret;
- const char *s;
- void *ctx;
- struct ldb_message **res;
- const char *sidstr;
- uint_t atype;
-
- ctx = talloc(req, 0);
- sidstr = dom_sid_string(ctx, sid);
-
- ret = samdb_search(private->samctx, ctx, NULL, &res, attrs, "objectSid=%s", sidstr);
- if (ret != 1) {
- DEBUG(0,("sid_to_unixgid: unable to find sam record for sid %s\n", sidstr));
- talloc_free(ctx);
- return NT_STATUS_ACCESS_DENIED;
- }
-
- /* make sure its not a user */
- atype = samdb_result_uint(res[0], "sAMAccountType", 0);
- if (atype && atype == ATYPE_NORMAL_ACCOUNT) {
- DEBUG(0,("sid_to_unixgid: sid %s is a ATYPE_NORMAL_ACCOUNT\n", sidstr));
- talloc_free(ctx);
- return NT_STATUS_ACCESS_DENIED;
- }
-
- /* first try to get the gid directly */
- s = samdb_result_string(res[0], "unixID", NULL);
- if (s != NULL) {
- *gid = strtoul(s, NULL, 0);
- talloc_free(ctx);
- return NT_STATUS_OK;
- }
-
- /* next try via the UnixName attribute */
- s = samdb_result_string(res[0], "unixName", NULL);
- if (s != NULL) {
- struct group *grp = getgrnam(s);
- if (!grp) {
- DEBUG(0,("unixName '%s' for sid %s does not exist as a local group\n", s, sidstr));
- talloc_free(ctx);
- return NT_STATUS_ACCESS_DENIED;
- }
- *gid = grp->gr_gid;
- talloc_free(ctx);
- return NT_STATUS_OK;
- }
-
- /* finally try via the sAMAccountName attribute */
- s = samdb_result_string(res[0], "sAMAccountName", NULL);
- if (s != NULL) {
- struct group *grp = getgrnam(s);
- if (!grp) {
- DEBUG(0,("sAMAccountName '%s' for sid %s does not exist as a local group\n", s, sidstr));
- talloc_free(ctx);
- return NT_STATUS_ACCESS_DENIED;
- }
- *gid = grp->gr_gid;
- talloc_free(ctx);
- return NT_STATUS_OK;
- }
-
- DEBUG(0,("sid_to_unixgid: no unixID, unixName or sAMAccountName for sid %s\n", sidstr));
-
- talloc_free(ctx);
- return NT_STATUS_ACCESS_DENIED;
-}
struct unix_sec_ctx {
uid_t uid;
*/
static struct unix_sec_ctx *save_unix_security(TALLOC_CTX *mem_ctx)
{
- struct unix_sec_ctx *sec = talloc_p(mem_ctx, struct unix_sec_ctx);
+ struct unix_sec_ctx *sec = talloc(mem_ctx, struct unix_sec_ctx);
if (sec == NULL) {
return NULL;
}
talloc_free(sec);
return NULL;
}
- sec->groups = talloc_array_p(sec, gid_t, sec->ngroups);
+ sec->groups = talloc_array(sec, gid_t, sec->ngroups);
if (sec->groups == NULL) {
talloc_free(sec);
return NULL;
}
/*
- form a unix_sec_ctx from the current nt_user_token
+ form a unix_sec_ctx from the current security_token
*/
static NTSTATUS nt_token_to_unix_security(struct ntvfs_module_context *ntvfs,
struct smbsrv_request *req,
- struct nt_user_token *token,
+ struct security_token *token,
struct unix_sec_ctx **sec)
{
+ struct unixuid_private *private = ntvfs->private_data;
int i;
NTSTATUS status;
- *sec = talloc_p(req, struct unix_sec_ctx);
+ *sec = talloc(req, struct unix_sec_ctx);
/* we can't do unix security without a user and group */
if (token->num_sids < 2) {
return NT_STATUS_ACCESS_DENIED;
}
- status = sid_to_unixuid(ntvfs, req, token->user_sids[0], &(*sec)->uid);
+ status = sidmap_sid_to_unixuid(private->sidmap,
+ token->user_sid, &(*sec)->uid);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- status = sid_to_unixgid(ntvfs, req, token->user_sids[1], &(*sec)->gid);
+ status = sidmap_sid_to_unixgid(private->sidmap,
+ token->group_sid, &(*sec)->gid);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
(*sec)->ngroups = token->num_sids - 2;
- (*sec)->groups = talloc_array_p(*sec, gid_t, (*sec)->ngroups);
+ (*sec)->groups = talloc_array(*sec, gid_t, (*sec)->ngroups);
if ((*sec)->groups == NULL) {
return NT_STATUS_NO_MEMORY;
}
for (i=0;i<(*sec)->ngroups;i++) {
- status = sid_to_unixgid(ntvfs, req, token->user_sids[i+2], &(*sec)->groups[i]);
+ status = sidmap_sid_to_unixgid(private->sidmap,
+ token->sids[i+2], &(*sec)->groups[i]);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
struct smbsrv_request *req, struct unix_sec_ctx **sec)
{
struct unixuid_private *private = ntvfs->private_data;
- struct nt_user_token *token = req->session->session_info->nt_user_token;
- void *ctx = talloc(req, 0);
+ struct security_token *token;
struct unix_sec_ctx *newsec;
NTSTATUS status;
+ if (req->session == NULL) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ token = req->session->session_info->security_token;
+
*sec = save_unix_security(req);
if (*sec == NULL) {
return NT_STATUS_NO_MEMORY;
}
- if (req->session->session_info->nt_user_token == private->last_token) {
+ if (req->session->session_info->security_token == private->last_token) {
newsec = private->last_sec_ctx;
} else {
status = nt_token_to_unix_security(ntvfs, req, token, &newsec);
if (!NT_STATUS_IS_OK(status)) {
- talloc_free(ctx);
return status;
}
if (private->last_sec_ctx) {
talloc_free(private->last_sec_ctx);
}
private->last_sec_ctx = newsec;
- private->last_token = req->session->session_info->nt_user_token;
+ private->last_token = req->session->session_info->security_token;
talloc_steal(private, newsec);
}
status = set_unix_security(newsec);
if (!NT_STATUS_IS_OK(status)) {
- talloc_free(ctx);
return status;
}
- talloc_free(ctx);
-
return NT_STATUS_OK;
}
struct unixuid_private *private;
NTSTATUS status;
- private = talloc_p(req->tcon, struct unixuid_private);
+ private = talloc(req->tcon, struct unixuid_private);
if (!private) {
return NT_STATUS_NO_MEMORY;
}
- private->samctx = samdb_connect(private);
- if (private->samctx == NULL) {
+ private->sidmap = sidmap_open(private);
+ if (private->sidmap == NULL) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
return status;
}
+/*
+ cancel an async request
+*/
+static NTSTATUS unixuid_cancel(struct ntvfs_module_context *ntvfs,
+ struct smbsrv_request *req)
+{
+ NTSTATUS status;
+
+ PASS_THRU_REQ(ntvfs, req, cancel, (ntvfs, req));
+
+ return status;
+}
+
/*
lock a byte range
*/
ops.trans = unixuid_trans;
ops.logoff = unixuid_logoff;
ops.async_setup = unixuid_async_setup;
+ ops.cancel = unixuid_cancel;
ops.name = "unixuid";
/* we register under all 3 backend types, as we are not type specific */
ops.type = NTVFS_DISK;
- ret = register_backend("ntvfs", &ops);
+ ret = ntvfs_register(&ops);
if (!NT_STATUS_IS_OK(ret)) goto failed;
ops.type = NTVFS_PRINT;
- ret = register_backend("ntvfs", &ops);
+ ret = ntvfs_register(&ops);
if (!NT_STATUS_IS_OK(ret)) goto failed;
ops.type = NTVFS_IPC;
- ret = register_backend("ntvfs", &ops);
+ ret = ntvfs_register(&ops);
if (!NT_STATUS_IS_OK(ret)) goto failed;
failed: