Jeremy.
#include "includes.h"
-extern struct current_user current_user;
-
/****************************************************************************
Run a file if it is a magic script.
****************************************************************************/
/* Initial delete on close was set and no one else
* wrote a real delete on close. */
- if (current_user.vuid != fsp->vuid) {
+ if (get_current_vuid(conn) != fsp->vuid) {
become_user(conn, fsp->vuid);
became_user = True;
}
fsp->delete_on_close = true;
- set_delete_on_close_lck(lck, True, ¤t_user.ut);
+ set_delete_on_close_lck(lck, True, get_current_utok(conn));
if (became_user) {
unbecome_user();
}
*/
fsp->update_write_time_on_close = false;
- if (!unix_token_equal(lck->delete_token, ¤t_user.ut)) {
+ if (!unix_token_equal(lck->delete_token, get_current_utok(conn))) {
/* Become the user who requested the delete. */
DEBUG(5,("close_remove_share_mode: file %s. "
* directories we don't care if anyone else
* wrote a real delete on close. */
- if (current_user.vuid != fsp->vuid) {
+ if (get_current_vuid(fsp->conn) != fsp->vuid) {
become_user(fsp->conn, fsp->vuid);
became_user = True;
}
send_stat_cache_delete_message(fsp->fsp_name->base_name);
- set_delete_on_close_lck(lck, True, ¤t_user.ut);
+ set_delete_on_close_lck(lck, True, get_current_utok(fsp->conn));
fsp->delete_on_close = true;
if (became_user) {
unbecome_user();
struct security_descriptor *secdesc = NULL;
bool ret;
- if (conn->server_info->utok.uid == 0 || conn->admin_user) {
+ if (get_current_uid(conn) == (uid_t)0) {
/* I'm sorry sir, I didn't know you were root... */
return true;
}
goto out;
}
- status = se_access_check(secdesc, conn->server_info->ptok,
+ status = se_access_check(secdesc, get_current_nttok(conn),
access_mask, &access_granted);
ret = NT_STATUS_IS_OK(status);
ret = false;
goto out;
}
- if (conn->server_info->utok.uid == 0 || conn->admin_user) {
+ if (get_current_uid(conn) == (uid_t)0) {
/* I'm sorry sir, I didn't know you were root... */
ret = true;
goto out;
* or the owner of the directory as we have no possible
* chance of deleting. Otherwise, go on and check the ACL.
*/
- if ((conn->server_info->utok.uid !=
+ if ((get_current_uid(conn) !=
smb_fname_parent->st.st_ex_uid) &&
- (conn->server_info->utok.uid != smb_fname->st.st_ex_uid)) {
+ (get_current_uid(conn) != smb_fname->st.st_ex_uid)) {
DEBUG(10,("can_delete_file_in_directory: not "
"owner of file %s or directory %s",
smb_fname_str_dbg(smb_fname),
DEBUG(10,("can_access_file_data: requesting 0x%x on file %s\n",
(unsigned int)access_mask, smb_fname_str_dbg(smb_fname)));
- if (conn->server_info->utok.uid == 0 || conn->admin_user) {
+ if (get_current_uid(conn) == (uid_t)0) {
/* I'm sorry sir, I didn't know you were root... */
return True;
}
SMB_ASSERT(VALID_STAT(smb_fname->st));
/* Check primary owner access. */
- if (conn->server_info->utok.uid == smb_fname->st.st_ex_uid) {
+ if (get_current_uid(conn) == smb_fname->st.st_ex_uid) {
switch (access_mask) {
case FILE_READ_DATA:
return (smb_fname->st.st_ex_mode & S_IRUSR) ?
vuser->server_info->sam_account);
}
/* modelled after NTAS 3.51 reply */
- SSVAL(p,usri11_priv,conn->admin_user?USER_PRIV_ADMIN:USER_PRIV_USER);
+ SSVAL(p,usri11_priv,
+ (get_current_uid(conn) == sec_initial_uid())?
+ USER_PRIV_ADMIN:USER_PRIV_USER);
SIVAL(p,usri11_auth_flags,AF_OP_PRINT); /* auth flags */
SIVALS(p,usri11_password_age,-1); /* password age */
SIVAL(p,usri11_homedir,PTR_DIFF(p2,p)); /* home dir */
memset(p+22,' ',16); /* password */
SIVALS(p,38,-1); /* password age */
SSVAL(p,42,
- conn->admin_user?USER_PRIV_ADMIN:USER_PRIV_USER);
+ (get_current_uid(conn) == sec_initial_uid())?
+ USER_PRIV_ADMIN:USER_PRIV_USER);
SIVAL(p,44,PTR_DIFF(p2,*rdata)); /* home dir */
strlcpy(p2, vuser ? pdb_get_homedir(
vuser->server_info->sam_account) : "",
PACKI(&desc,"W",0); /* code */
PACKS(&desc,"B21",name); /* eff. name */
PACKS(&desc,"B",""); /* pad */
- PACKI(&desc,"W", conn->admin_user?USER_PRIV_ADMIN:USER_PRIV_USER);
+ PACKI(&desc,"W",
+ (get_current_uid(conn) == sec_initial_uid())?
+ USER_PRIV_ADMIN:USER_PRIV_USER);
PACKI(&desc,"D",0); /* auth flags XXX */
PACKI(&desc,"W",0); /* num logons */
PACKI(&desc,"W",0); /* bad pw count */
{
*access_granted = 0;
- if (conn->server_info->utok.uid == 0 || conn->admin_user) {
+ if (get_current_uid(conn) == (uid_t)0) {
/* I'm sorry sir, I didn't know you were root... */
*access_granted = access_desired;
if (access_desired & SEC_FLAG_MAXIMUM_ALLOWED) {
new_file_created = True;
}
- set_share_mode(lck, fsp, conn->server_info->utok.uid, 0,
+ set_share_mode(lck, fsp, get_current_uid(conn), 0,
fsp->oplock_type);
/* Handle strange delete on close create semantics. */
return status;
}
- set_share_mode(lck, fsp, conn->server_info->utok.uid, 0, NO_OPLOCK);
+ set_share_mode(lck, fsp, get_current_uid(conn), 0, NO_OPLOCK);
/* For directories the delete on close bit at open time seems
always to be honored on close... See test 19 in Samba4 BASE-DELETE. */
#include "includes.h"
-extern struct current_user current_user;
extern const struct generic_mapping file_generic_mapping;
#undef DBGC_CLASS
if (lp_force_unknown_acl_user(SNUM(conn))) {
/* this allows take ownership to work
* reasonably */
- *puser = current_user.ut.uid;
+ *puser = get_current_uid(conn);
} else {
DEBUG(3,("unpack_nt_owners: unable to validate"
" owner sid for %s\n",
if (lp_force_unknown_acl_user(SNUM(conn))) {
/* this allows take group ownership to work
* reasonably */
- *pgrp = current_user.ut.gid;
+ *pgrp = get_current_gid(conn);
} else {
DEBUG(3,("unpack_nt_owners: unable to validate"
" group sid.\n"));
* if it's the current user, we already have the unix token
* and don't need to do the complex user_in_group_sid() call
*/
- if (uid_ace->unix_ug.uid == current_user.ut.uid) {
+ if (uid_ace->unix_ug.uid == get_current_uid(conn)) {
+ const UNIX_USER_TOKEN *curr_utok = NULL;
size_t i;
- if (group_ace->unix_ug.gid == current_user.ut.gid) {
+ if (group_ace->unix_ug.gid == get_current_gid(conn)) {
return True;
}
- for (i=0; i < current_user.ut.ngroups; i++) {
- if (group_ace->unix_ug.gid == current_user.ut.groups[i]) {
+ curr_utok = get_current_utok(conn);
+ for (i=0; i < curr_utok->ngroups; i++) {
+ if (group_ace->unix_ug.gid == curr_utok->groups[i]) {
return True;
}
}
static bool current_user_in_group(connection_struct *conn, gid_t gid)
{
int i;
+ const UNIX_USER_TOKEN *utok = get_current_utok(conn);
- for (i = 0; i < current_user.ut.ngroups; i++) {
- if (current_user.ut.groups[i] == gid) {
+ for (i = 0; i < utok->ngroups; i++) {
+ if (utok->groups[i] == gid) {
return True;
}
}
/* Case (2) / (3) */
if (lp_enable_privileges()) {
- bool has_take_ownership_priv = user_has_privileges(current_user.nt_user_token,
+ bool has_take_ownership_priv = user_has_privileges(get_current_nttok(conn),
&se_take_ownership);
- bool has_restore_priv = user_has_privileges(current_user.nt_user_token,
+ bool has_restore_priv = user_has_privileges(get_current_nttok(conn),
&se_restore);
/* Case (2) */
- if ( ( has_take_ownership_priv && ( uid == current_user.ut.uid ) ) ||
+ if ( ( has_take_ownership_priv && ( uid == get_current_uid(conn) ) ) ||
/* Case (3) */
( has_restore_priv ) ) {
and also copes with the case where the SID in a take ownership ACL is
a local SID on the users workstation
*/
- if (uid != current_user.ut.uid) {
+ if (uid != get_current_uid(conn)) {
errno = EPERM;
return -1;
}