which may save us from giving away root access if there
is a bug in allocating these fields. */
- result->uid = -1;
- result->gid = -1;
+ result->utok.uid = -1;
+ result->utok.gid = -1;
return result;
}
result->unix_name = pwd->pw_name;
/* Ensure that we keep pwd->pw_name, because we will free pwd below */
talloc_steal(result, pwd->pw_name);
- result->gid = pwd->pw_gid;
- result->uid = pwd->pw_uid;
+ result->utok.gid = pwd->pw_gid;
+ result->utok.uid = pwd->pw_uid;
TALLOC_FREE(pwd);
status = create_token_from_username(server_info,
server_info->unix_name,
server_info->guest,
- &server_info->uid,
- &server_info->gid,
+ &server_info->utok.uid,
+ &server_info->utok.gid,
&server_info->unix_name,
&server_info->ptok);
/* Convert the SIDs to gids. */
- server_info->n_groups = 0;
- server_info->groups = NULL;
+ server_info->utok.ngroups = 0;
+ server_info->utok.groups = NULL;
/* Start at index 1, where the groups start. */
"ignoring it\n", sid_string_dbg(sid)));
continue;
}
- add_gid_to_array_unique(server_info, gid, &server_info->groups,
- &server_info->n_groups);
+ add_gid_to_array_unique(server_info, gid,
+ &server_info->utok.groups,
+ &server_info->utok.ngroups);
}
debug_nt_user_token(DBGC_AUTH, 10, server_info->ptok);
return NT_STATUS_NO_MEMORY;
}
- result->uid = pwd->pw_uid;
- result->gid = pwd->pw_gid;
+ result->utok.uid = pwd->pw_uid;
+ result->utok.gid = pwd->pw_gid;
status = pdb_enum_group_memberships(result, sampass,
&result->sids, &gids,
}
dst->guest = src->guest;
- dst->uid = src->uid;
- dst->gid = src->gid;
- dst->n_groups = src->n_groups;
- if (src->n_groups != 0) {
- dst->groups = (gid_t *)TALLOC_MEMDUP(
- dst, src->groups, sizeof(gid_t)*dst->n_groups);
+ dst->utok.uid = src->utok.uid;
+ dst->utok.gid = src->utok.gid;
+ dst->utok.ngroups = src->utok.ngroups;
+ if (src->utok.ngroups != 0) {
+ dst->utok.groups = (gid_t *)TALLOC_MEMDUP(
+ dst, src->utok.groups,
+ sizeof(gid_t)*dst->utok.ngroups);
} else {
- dst->groups = NULL;
+ dst->utok.groups = NULL;
}
if (src->ptok) {
/* Fill in the unix info we found on the way */
- result->uid = uid;
- result->gid = gid;
+ result->utok.uid = uid;
+ result->utok.gid = gid;
/* Create a 'combined' list of all SIDs we might want in the SD */
/* Fill in the unix info we found on the way */
- result->uid = uid;
- result->gid = gid;
+ result->utok.uid = uid;
+ result->utok.gid = gid;
/* Create a 'combined' list of all SIDs we might want in the SD */
check_ntlm_password and the token creation. */
size_t num_sids;
- uid_t uid;
- gid_t gid;
-
- /* This groups info is needed for when we become_user() for this uid */
- size_t n_groups;
- gid_t *groups;
-
+ struct unix_user_token utok;
+
/* NT group information taken from the info3 structure */
NT_USER_TOKEN *ptok;
SE_PRIV privileges;
} NT_USER_TOKEN;
-typedef struct _unix_token {
+typedef struct unix_user_token {
uid_t uid;
gid_t gid;
- int ngroups;
+ size_t ngroups;
gid_t *groups;
} UNIX_USER_TOKEN;
lp_servicename(SNUM(conn)),
conn->server_info->unix_name,
conn->connectpath,
- conn->server_info->gid,
+ conn->server_info->utok.gid,
get_smb_user_name(),
"",
str);
lp_servicename(SNUM(conn)),
conn->server_info->unix_name,
conn->connectpath,
- conn->server_info->gid,
+ conn->server_info->utok.gid,
conn->server_info->sanitized_username,
pdb_get_domain(conn->server_info->sam_account),
targethost);
} else {
sbuf->st_mode = S_IRWXU;
}
- sbuf->st_uid = handle->conn->server_info->uid;
- sbuf->st_gid = handle->conn->server_info->gid;
+ sbuf->st_uid = handle->conn->server_info->utok.uid;
+ sbuf->st_gid = handle->conn->server_info->utok.gid;
}
return ret;
} else {
sbuf->st_mode = S_IRWXU;
}
- sbuf->st_uid = handle->conn->server_info->uid;
- sbuf->st_gid = handle->conn->server_info->gid;
+ sbuf->st_uid = handle->conn->server_info->utok.uid;
+ sbuf->st_gid = handle->conn->server_info->utok.gid;
}
return ret;
}
lp_servicename(SNUM(conn)),
conn->server_info->unix_name,
conn->connectpath,
- conn->server_info->gid,
+ conn->server_info->utok.gid,
conn->server_info->sanitized_username,
pdb_get_domain(conn->server_info->sam_account),
prefix);
repository = talloc_sub_advanced(NULL, lp_servicename(SNUM(conn)),
conn->server_info->unix_name,
conn->connectpath,
- conn->server_info->gid,
+ conn->server_info->utok.gid,
conn->server_info->sanitized_username,
pdb_get_domain(conn->server_info->sam_account),
recycle_repository(handle));
* Store the UNIX credential data (uid/gid pair) in the pipe structure.
*/
- p->pipe_user.ut.uid = a->server_info->uid;
- p->pipe_user.ut.gid = a->server_info->gid;
+ p->pipe_user.ut.uid = a->server_info->utok.uid;
+ p->pipe_user.ut.gid = a->server_info->utok.gid;
/*
* We're an authenticated bind over smbd, so the session key needs to
return False;
}
- p->pipe_user.ut.ngroups = a->server_info->n_groups;
+ p->pipe_user.ut.ngroups = a->server_info->utok.ngroups;
if (p->pipe_user.ut.ngroups) {
- if (!(p->pipe_user.ut.groups = (gid_t *)memdup(a->server_info->groups,
- sizeof(gid_t) * p->pipe_user.ut.ngroups))) {
+ if (!(p->pipe_user.ut.groups = (gid_t *)memdup(
+ a->server_info->utok.groups,
+ sizeof(gid_t) * p->pipe_user.ut.ngroups))) {
DEBUG(0,("failed to memdup group list to p->pipe_user.groups\n"));
return False;
}
crec.pid = procid_self();
crec.cnum = conn?conn->cnum:-1;
if (conn) {
- crec.uid = conn->server_info->uid;
- crec.gid = conn->server_info->gid;
+ crec.uid = conn->server_info->utok.uid;
+ crec.gid = conn->server_info->utok.gid;
strlcpy(crec.servicename, lp_servicename(SNUM(conn)),
sizeof(crec.servicename));
}
NTSTATUS status;
/* access check */
- if (conn->server_info->uid != 0) {
+ if (conn->server_info->utok.uid != 0) {
DEBUG(3, ("open_fake_file_shared: access_denied to "
"service[%s] file[%s] user[%s]\n",
lp_servicename(SNUM(conn)), fname,
if (!S_ISDIR(sbuf.st_mode)) {
return False;
}
- if (conn->server_info->uid == 0 || conn->admin_user) {
+ if (conn->server_info->utok.uid == 0 || conn->admin_user) {
/* I'm sorry sir, I didn't know you were root... */
return True;
}
* for bug #3348. Don't assume owning sticky bit
* directory means write access allowed.
*/
- if (conn->server_info->uid != sbuf_file.st_uid) {
+ if (conn->server_info->utok.uid != sbuf_file.st_uid) {
return False;
}
}
DEBUG(10,("can_access_file_data: requesting 0x%x on file %s\n",
(unsigned int)access_mask, fname ));
- if (conn->server_info->uid == 0 || conn->admin_user) {
+ if (conn->server_info->utok.uid == 0 || conn->admin_user) {
/* I'm sorry sir, I didn't know you were root... */
return True;
}
}
/* Check primary owner access. */
- if (conn->server_info->uid == psbuf->st_uid) {
+ if (conn->server_info->utok.uid == psbuf->st_uid) {
switch (access_mask) {
case FILE_READ_DATA:
return (psbuf->st_mode & S_IRUSR) ? True : False;
lp_servicename(SNUM(conn)),
conn->server_info->unix_name,
conn->connectpath,
- conn->server_info->gid,
+ conn->server_info->utok.gid,
conn->server_info->sanitized_username,
pdb_get_domain(conn->server_info->sam_account),
buf);
lp_servicename(SNUM(conn)),
conn->server_info->unix_name,
conn->connectpath,
- conn->server_info->gid,
+ conn->server_info->utok.gid,
conn->server_info->sanitized_username,
pdb_get_domain(conn->server_info->sam_account),
buf);
lp_servicename(SNUM(conn)),
conn->server_info->unix_name,
conn->connectpath,
- conn->server_info->gid,
+ conn->server_info->utok.gid,
conn->server_info->sanitized_username,
pdb_get_domain(conn->server_info->sam_account),
buf);
lp_servicename(SNUM(conn)),
conn->server_info->unix_name,
conn->connectpath,
- conn->server_info->gid,
+ conn->server_info->utok.gid,
conn->server_info->sanitized_username,
pdb_get_domain(conn->server_info->sam_account),
comment);
user_struct *vuser = get_valid_user_struct(vuid);
if(vuser != NULL) {
DEBUG(3,(" Username of UID %d is %s\n",
- (int)vuser->server_info->uid,
+ (int)vuser->server_info->utok.uid,
vuser->server_info->unix_name));
}
if(vuser != NULL) {
DEBUG(3,(" Username of UID %d is %s\n",
- (int)vuser->server_info->uid,
+ (int)vuser->server_info->utok.uid,
vuser->server_info->unix_name));
}
new_file_created = True;
}
- set_share_mode(lck, fsp, conn->server_info->uid, 0, fsp->oplock_type,
- new_file_created);
+ set_share_mode(lck, fsp, conn->server_info->utok.uid, 0,
+ fsp->oplock_type, new_file_created);
/* Handle strange delete on close create semantics. */
if ((create_options & FILE_DELETE_ON_CLOSE)
return status;
}
- set_share_mode(lck, fsp, conn->server_info->uid, 0, NO_OPLOCK, True);
+ set_share_mode(lck, fsp, conn->server_info->utok.uid, 0, NO_OPLOCK,
+ True);
/* For directories the delete on close bit at open time seems
always to be honored on close... See test 19 in Samba4 BASE-DELETE. */
vuser->server_info, tmp);
DEBUG(10,("register_existing_vuid: (%u,%u) %s %s %s guest=%d\n",
- (unsigned int)vuser->server_info->uid,
- (unsigned int)vuser->server_info->gid,
+ (unsigned int)vuser->server_info->utok.uid,
+ (unsigned int)vuser->server_info->utok.gid,
vuser->server_info->unix_name,
vuser->server_info->sanitized_username,
pdb_get_domain(vuser->server_info->sam_account),
}
DEBUG(3,("register_existing_vuid: UNIX uid %d is UNIX user %s, "
- "and will be vuid %u\n", (int)vuser->server_info->uid,
+ "and will be vuid %u\n", (int)vuser->server_info->utok.uid,
vuser->server_info->unix_name, vuser->vuid));
next_vuid++;
Get the list of current groups.
****************************************************************************/
-static int get_current_groups(gid_t gid, int *p_ngroups, gid_t **p_groups)
+static int get_current_groups(gid_t gid, size_t *p_ngroups, gid_t **p_groups)
{
int i;
gid_t grp;
status = find_forced_group(
conn->force_user, snum, conn->server_info->unix_name,
&conn->server_info->ptok->user_sids[1],
- &conn->server_info->gid);
+ &conn->server_info->utok.gid);
if (!NT_STATUS_IS_OK(status)) {
conn_free(conn);
lp_servicename(SNUM(conn)),
conn->server_info->unix_name,
conn->connectpath,
- conn->server_info->gid,
+ conn->server_info->utok.gid,
conn->server_info->sanitized_username,
pdb_get_domain(conn->server_info->sam_account),
lp_pathname(snum));
lp_servicename(SNUM(conn)),
conn->server_info->unix_name,
conn->connectpath,
- conn->server_info->gid,
+ conn->server_info->utok.gid,
conn->server_info->sanitized_username,
pdb_get_domain(conn->server_info->sam_account),
lp_rootpreexec(snum));
lp_servicename(SNUM(conn)),
conn->server_info->unix_name,
conn->connectpath,
- conn->server_info->gid,
+ conn->server_info->utok.gid,
conn->server_info->sanitized_username,
pdb_get_domain(conn->server_info->sam_account),
lp_preexec(snum));
lp_servicename(SNUM(conn)),
conn->server_info->unix_name,
conn->connectpath,
- conn->server_info->gid,
+ conn->server_info->utok.gid,
conn->server_info->sanitized_username,
pdb_get_domain(conn->server_info->sam_account),
lp_postexec(SNUM(conn)));
lp_servicename(SNUM(conn)),
conn->server_info->unix_name,
conn->connectpath,
- conn->server_info->gid,
+ conn->server_info->utok.gid,
conn->server_info->sanitized_username,
pdb_get_domain(conn->server_info->sam_account),
lp_rootpostexec(SNUM(conn)));
fstrcpy(sessionid.hostname, hostname);
sessionid.id_num = i; /* Only valid for utmp sessions */
sessionid.pid = pid;
- sessionid.uid = vuser->server_info->uid;
- sessionid.gid = vuser->server_info->gid;
+ sessionid.uid = vuser->server_info->utok.uid;
+ sessionid.gid = vuser->server_info->utok.gid;
fstrcpy(sessionid.remote_machine, get_remote_machine_name());
fstrcpy(sessionid.ip_addr_str,
client_addr(get_client_fd(),addr,sizeof(addr)));
*/
if((lp_security() == SEC_SHARE) && (current_user.conn == conn) &&
- (current_user.ut.uid == conn->server_info->uid)) {
+ (current_user.ut.uid == conn->server_info->utok.uid)) {
DEBUG(4,("change_to_user: Skipping user change - already "
"user\n"));
return(True);
} else if ((current_user.conn == conn) &&
(vuser != NULL) && (current_user.vuid == vuid) &&
- (current_user.ut.uid == vuser->server_info->uid)) {
+ (current_user.ut.uid == vuser->server_info->utok.uid)) {
DEBUG(4,("change_to_user: Skipping user change - already "
"user\n"));
return(True);
*/
if (conn->force_user) /* security = share sets this too */ {
- uid = conn->server_info->uid;
- gid = conn->server_info->gid;
- group_list = conn->server_info->groups;
- num_groups = conn->server_info->n_groups;
+ uid = conn->server_info->utok.uid;
+ gid = conn->server_info->utok.gid;
+ group_list = conn->server_info->utok.groups;
+ num_groups = conn->server_info->utok.ngroups;
} else if (vuser) {
- uid = conn->admin_user ? 0 : vuser->server_info->uid;
- gid = conn->server_info->gid;
- num_groups = conn->server_info->n_groups;
- group_list = conn->server_info->groups;
+ uid = conn->admin_user ? 0 : vuser->server_info->utok.uid;
+ gid = conn->server_info->utok.gid;
+ num_groups = conn->server_info->utok.ngroups;
+ group_list = conn->server_info->utok.groups;
} else {
DEBUG(2,("change_to_user: Invalid vuid used %d in accessing "
"share %s.\n",vuid, lp_servicename(snum) ));
int i;
for (i = 0; i < num_groups; i++) {
- if (group_list[i] == conn->server_info->gid) {
- gid = conn->server_info->gid;
+ if (group_list[i]
+ == conn->server_info->utok.gid) {
+ gid = conn->server_info->utok.gid;
gid_to_sid(&conn->server_info->ptok
->user_sids[1], gid);
break;
}
}
} else {
- gid = conn->server_info->gid;
+ gid = conn->server_info->utok.gid;
gid_to_sid(&conn->server_info->ptok->user_sids[1],
gid);
}