From 04f5ef83b9c3f6fbe484ceda8376982904b35065 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 11 Feb 2011 18:49:15 +1100 Subject: [PATCH] s3-auth struct security_unix_token replaces UNIX_USER_TOKEN --- source3/include/auth.h | 2 +- source3/include/proto.h | 12 ++++++------ source3/include/smb.h | 11 ++--------- source3/locking/locking.c | 22 +++++++++++----------- source3/rpc_server/samr/srv_samr_nt.c | 2 +- source3/smbd/close.c | 4 ++-- source3/smbd/globals.h | 2 +- source3/smbd/msg_idmap.c | 2 +- source3/smbd/posix_acls.c | 4 ++-- source3/smbd/sec_ctx.c | 2 +- source3/smbd/uid.c | 2 +- 11 files changed, 29 insertions(+), 36 deletions(-) diff --git a/source3/include/auth.h b/source3/include/auth.h index 93e42b8f275..3b3f6dc6d1b 100644 --- a/source3/include/auth.h +++ b/source3/include/auth.h @@ -30,7 +30,7 @@ struct auth_serversupplied_info { bool guest; bool system; - struct unix_user_token utok; + struct security_unix_token utok; /* NT group information taken from the info3 structure */ diff --git a/source3/include/proto.h b/source3/include/proto.h index 0a78acda378..96317b9e7f7 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -3040,12 +3040,12 @@ void del_deferred_open_entry(struct share_mode_lock *lck, uint64_t mid, bool remove_share_oplock(struct share_mode_lock *lck, files_struct *fsp); bool downgrade_share_oplock(struct share_mode_lock *lck, files_struct *fsp); NTSTATUS can_set_delete_on_close(files_struct *fsp, uint32 dosmode); -const UNIX_USER_TOKEN *get_delete_on_close_token(struct share_mode_lock *lck, uint32_t name_hash); +const struct security_unix_token *get_delete_on_close_token(struct share_mode_lock *lck, uint32_t name_hash); void set_delete_on_close_lck(files_struct *fsp, struct share_mode_lock *lck, bool delete_on_close, - const UNIX_USER_TOKEN *tok); -bool set_delete_on_close(files_struct *fsp, bool delete_on_close, const UNIX_USER_TOKEN *tok); + const struct security_unix_token *tok); +bool set_delete_on_close(files_struct *fsp, bool delete_on_close, const struct security_unix_token *tok); bool is_delete_on_close_set(struct share_mode_lock *lck, uint32_t name_hash); bool set_sticky_write_time(struct file_id fileid, struct timespec write_time); bool set_write_time(struct file_id fileid, struct timespec write_time); @@ -5112,7 +5112,7 @@ void server_encryption_shutdown(void); /* The following definitions come from smbd/sec_ctx.c */ -bool unix_token_equal(const UNIX_USER_TOKEN *t1, const UNIX_USER_TOKEN *t2); +bool unix_token_equal(const struct security_unix_token *t1, const struct security_unix_token *t2); bool push_sec_ctx(void); void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, struct security_token *token); void set_root_sec_ctx(void); @@ -5282,7 +5282,7 @@ bool become_user(connection_struct *conn, uint16 vuid); bool unbecome_user(void); uid_t get_current_uid(connection_struct *conn); gid_t get_current_gid(connection_struct *conn); -const UNIX_USER_TOKEN *get_current_utok(connection_struct *conn); +const struct security_unix_token *get_current_utok(connection_struct *conn); const struct security_token *get_current_nttok(connection_struct *conn); uint16_t get_current_vuid(connection_struct *conn); @@ -5421,7 +5421,7 @@ NTSTATUS access_check_object( struct security_descriptor *psd, struct security_t uint32 des_access, uint32 *acc_granted, const char *debug ); void map_max_allowed_access(const struct security_token *nt_token, - const struct unix_user_token *unix_token, + const struct security_unix_token *unix_token, uint32_t *pacc_requested); /* The following definitions come from ../libds/common/flag_mapping.c */ diff --git a/source3/include/smb.h b/source3/include/smb.h index 7c9f60d2fe4..882b23471b0 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -203,13 +203,6 @@ struct lsa_name_info { #define PRIMARY_USER_SID_INDEX 0 #define PRIMARY_GROUP_SID_INDEX 1 -typedef struct unix_user_token { - uid_t uid; - gid_t gid; - uint32_t ngroups; - gid_t *groups; -} UNIX_USER_TOKEN; - typedef struct write_cache { SMB_OFF_T file_size; SMB_OFF_T offset; @@ -521,7 +514,7 @@ typedef struct connection_struct { struct current_user { connection_struct *conn; uint16 vuid; - UNIX_USER_TOKEN ut; + struct security_unix_token ut; struct security_token *nt_user_token; }; @@ -689,7 +682,7 @@ Offset Data length. struct delete_token_list { struct delete_token_list *next, *prev; uint32_t name_hash; - UNIX_USER_TOKEN *delete_token; + struct security_unix_token *delete_token; }; struct share_mode_lock { diff --git a/source3/locking/locking.c b/source3/locking/locking.c index 1942f440195..00f384a13bd 100644 --- a/source3/locking/locking.c +++ b/source3/locking/locking.c @@ -584,7 +584,7 @@ static int parse_delete_tokens_list(struct share_mode_lock *lck, memcpy(&pdtl->name_hash, p, sizeof(pdtl->name_hash)); p += sizeof(pdtl->name_hash); - pdtl->delete_token = TALLOC_ZERO_P(pdtl, UNIX_USER_TOKEN); + pdtl->delete_token = TALLOC_ZERO_P(pdtl, struct security_unix_token); if (pdtl->delete_token == NULL) { DEBUG(0,("parse_delete_tokens_list: talloc failed")); return -1; @@ -808,7 +808,7 @@ static TDB_DATA unparse_share_modes(const struct share_mode_lock *lck) /* Store any delete on close tokens. */ for (pdtl = lck->delete_tokens; pdtl; pdtl = pdtl->next) { - UNIX_USER_TOKEN *pdt = pdtl->delete_token; + struct security_unix_token *pdt = pdtl->delete_token; uint32_t token_size = sizeof(uint32_t) + sizeof(uint32_t) + sizeof(uid_t) + @@ -1461,15 +1461,15 @@ NTSTATUS can_set_delete_on_close(files_struct *fsp, uint32 dosmode) } /************************************************************************* - Return a talloced copy of a UNIX_USER_TOKEN. NULL on fail. + Return a talloced copy of a struct security_unix_token. NULL on fail. (Should this be in locking.c.... ?). *************************************************************************/ -static UNIX_USER_TOKEN *copy_unix_token(TALLOC_CTX *ctx, const UNIX_USER_TOKEN *tok) +static struct security_unix_token *copy_unix_token(TALLOC_CTX *ctx, const struct security_unix_token *tok) { - UNIX_USER_TOKEN *cpy; + struct security_unix_token *cpy; - cpy = TALLOC_P(ctx, UNIX_USER_TOKEN); + cpy = TALLOC_P(ctx, struct security_unix_token); if (!cpy) { return NULL; } @@ -1494,7 +1494,7 @@ static UNIX_USER_TOKEN *copy_unix_token(TALLOC_CTX *ctx, const UNIX_USER_TOKEN * static bool add_delete_on_close_token(struct share_mode_lock *lck, uint32_t name_hash, - const UNIX_USER_TOKEN *tok) + const struct security_unix_token *tok) { struct delete_token_list *dtl; @@ -1521,14 +1521,14 @@ static bool add_delete_on_close_token(struct share_mode_lock *lck, changed the delete on close flag. This will be noticed in the close code, the last closer will delete the file if flag is set. - This makes a copy of any UNIX_USER_TOKEN into the + This makes a copy of any struct security_unix_token into the lck entry. This function is used when the lock is already granted. ****************************************************************************/ void set_delete_on_close_lck(files_struct *fsp, struct share_mode_lock *lck, bool delete_on_close, - const UNIX_USER_TOKEN *tok) + const struct security_unix_token *tok) { struct delete_token_list *dtl; bool ret; @@ -1565,7 +1565,7 @@ void set_delete_on_close_lck(files_struct *fsp, SMB_ASSERT(ret); } -bool set_delete_on_close(files_struct *fsp, bool delete_on_close, const UNIX_USER_TOKEN *tok) +bool set_delete_on_close(files_struct *fsp, bool delete_on_close, const struct security_unix_token *tok) { struct share_mode_lock *lck; @@ -1596,7 +1596,7 @@ bool set_delete_on_close(files_struct *fsp, bool delete_on_close, const UNIX_USE return True; } -const UNIX_USER_TOKEN *get_delete_on_close_token(struct share_mode_lock *lck, uint32_t name_hash) +const struct security_unix_token *get_delete_on_close_token(struct share_mode_lock *lck, uint32_t name_hash) { struct delete_token_list *dtl; diff --git a/source3/rpc_server/samr/srv_samr_nt.c b/source3/rpc_server/samr/srv_samr_nt.c index d53d859f552..57965cda741 100644 --- a/source3/rpc_server/samr/srv_samr_nt.c +++ b/source3/rpc_server/samr/srv_samr_nt.c @@ -250,7 +250,7 @@ done: ********************************************************************/ void map_max_allowed_access(const struct security_token *nt_token, - const struct unix_user_token *unix_token, + const struct security_unix_token *unix_token, uint32_t *pacc_requested) { if (!((*pacc_requested) & MAXIMUM_ALLOWED_ACCESS)) { diff --git a/source3/smbd/close.c b/source3/smbd/close.c index 4234f32b7fd..547705bc571 100644 --- a/source3/smbd/close.c +++ b/source3/smbd/close.c @@ -275,7 +275,7 @@ static NTSTATUS close_remove_share_mode(files_struct *fsp, NTSTATUS status = NT_STATUS_OK; NTSTATUS tmp_status; struct file_id id; - const UNIX_USER_TOKEN *del_token = NULL; + const struct security_unix_token *del_token = NULL; /* Ensure any pending write time updates are done. */ if (fsp->update_write_time_event) { @@ -958,7 +958,7 @@ static NTSTATUS close_directory(struct smb_request *req, files_struct *fsp, bool delete_dir = False; NTSTATUS status = NT_STATUS_OK; NTSTATUS status1 = NT_STATUS_OK; - const UNIX_USER_TOKEN *del_token = NULL; + const struct security_unix_token *del_token = NULL; /* * NT can set delete_on_close of the last open diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h index b10268e6d7b..de012483a0c 100644 --- a/source3/smbd/globals.h +++ b/source3/smbd/globals.h @@ -78,7 +78,7 @@ extern struct smb_srv_trans_enc_ctx *partial_srv_trans_enc_ctx; extern struct smb_srv_trans_enc_ctx *srv_trans_enc_ctx; struct sec_ctx { - UNIX_USER_TOKEN ut; + struct security_unix_token ut; struct security_token *token; }; /* A stack of security contexts. We include the current context as being diff --git a/source3/smbd/msg_idmap.c b/source3/smbd/msg_idmap.c index 0987e87064d..8e4d47586c9 100644 --- a/source3/smbd/msg_idmap.c +++ b/source3/smbd/msg_idmap.c @@ -85,7 +85,7 @@ static bool gid_in_use(const struct user_struct* user, gid_t gid) while (user) { if (user->session_info != NULL) { int i; - struct unix_user_token utok = user->session_info->utok; + struct security_unix_token utok = user->session_info->utok; if (utok.gid == gid) { return true; } diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 8707ff799c6..5faf26f8b09 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -1306,7 +1306,7 @@ static bool uid_entry_in_group(connection_struct *conn, canon_ace *uid_ace, cano * and don't need to do the complex user_in_group_sid() call */ if (uid_ace->unix_ug.uid == get_current_uid(conn)) { - const UNIX_USER_TOKEN *curr_utok = NULL; + const struct security_unix_token *curr_utok = NULL; size_t i; if (group_ace->unix_ug.gid == get_current_gid(conn)) { @@ -2652,7 +2652,7 @@ static canon_ace *canonicalise_acl(struct connection_struct *conn, static bool current_user_in_group(connection_struct *conn, gid_t gid) { int i; - const UNIX_USER_TOKEN *utok = get_current_utok(conn); + const struct security_unix_token *utok = get_current_utok(conn); for (i = 0; i < utok->ngroups; i++) { if (utok->groups[i] == gid) { diff --git a/source3/smbd/sec_ctx.c b/source3/smbd/sec_ctx.c index a7479ed67c3..9e409dee41a 100644 --- a/source3/smbd/sec_ctx.c +++ b/source3/smbd/sec_ctx.c @@ -27,7 +27,7 @@ extern struct current_user current_user; Are two UNIX tokens equal ? ****************************************************************************/ -bool unix_token_equal(const UNIX_USER_TOKEN *t1, const UNIX_USER_TOKEN *t2) +bool unix_token_equal(const struct security_unix_token *t1, const struct security_unix_token *t2) { if (t1->uid != t2->uid || t1->gid != t2->gid || t1->ngroups != t2->ngroups) { diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c index 0890ae698cf..9a6b06dd0fb 100644 --- a/source3/smbd/uid.c +++ b/source3/smbd/uid.c @@ -536,7 +536,7 @@ gid_t get_current_gid(connection_struct *conn) doesn't alter this value. ****************************************************************************/ -const UNIX_USER_TOKEN *get_current_utok(connection_struct *conn) +const struct security_unix_token *get_current_utok(connection_struct *conn) { return ¤t_user.ut; } -- 2.34.1