if (((lp_server_role() == ROLE_DOMAIN_MEMBER) && !winbind_ping()) ||
(server_info->nss_token)) {
status = create_token_from_username(session_info,
- session_info->unix_name,
+ session_info->unix_info->unix_name,
session_info->guest,
&session_info->unix_token->uid,
&session_info->unix_token->gid,
- &session_info->unix_name,
+ &session_info->unix_info->unix_name,
&session_info->security_token);
} else {
alpha_strcpy(tmp, (*session_info)->info3->base.account_name.string,
". _-$", sizeof(tmp));
- (*session_info)->sanitized_username = talloc_strdup(*session_info, tmp);
+ (*session_info)->unix_info->sanitized_username = talloc_strdup(*session_info, tmp);
status = NT_STATUS_OK;
done:
}
dst->extra = src->extra;
- dst->unix_name = talloc_strdup(dst, src->unix_name);
+ /* This element must be provided to convert back to an auth_serversupplied_info */
+ SMB_ASSERT(src->unix_info);
+ dst->unix_name = talloc_strdup(dst, src->unix_info->unix_name);
if (!dst->unix_name) {
TALLOC_FREE(dst);
return NULL;
}
- dst->sanitized_username = talloc_strdup(dst, src->sanitized_username);
+ dst->sanitized_username = talloc_strdup(dst, src->unix_info->sanitized_username);
if (!dst->sanitized_username) {
TALLOC_FREE(dst);
return NULL;
}
dst->extra = src->extra;
- dst->unix_name = talloc_strdup(dst, src->unix_name);
- if (!dst->unix_name) {
+ dst->unix_info = talloc_zero(dst, struct auth_user_info_unix);
+ if (!dst->unix_info) {
TALLOC_FREE(dst);
return NULL;
}
- dst->sanitized_username = talloc_strdup(dst, src->sanitized_username);
- if (!dst->sanitized_username) {
+ dst->unix_info->unix_name = talloc_strdup(dst, src->unix_name);
+ if (!dst->unix_info->unix_name) {
+ TALLOC_FREE(dst);
+ return NULL;
+ }
+
+ dst->unix_info->sanitized_username = talloc_strdup(dst, src->sanitized_username);
+ if (!dst->unix_info->sanitized_username) {
TALLOC_FREE(dst);
return NULL;
}
}
dst->extra = src->extra;
- dst->unix_name = talloc_strdup(dst, src->unix_name);
- if (!dst->unix_name) {
- TALLOC_FREE(dst);
- return NULL;
- }
+ if (src->unix_info) {
+ dst->unix_info = talloc_zero(dst, struct auth_user_info_unix);
+ if (!dst->unix_info) {
+ TALLOC_FREE(dst);
+ return NULL;
+ }
- dst->sanitized_username = talloc_strdup(dst, src->sanitized_username);
- if (!dst->sanitized_username) {
- TALLOC_FREE(dst);
- return NULL;
+ dst->unix_info->unix_name = talloc_strdup(dst, src->unix_info->unix_name);
+ if (!dst->unix_info->unix_name) {
+ TALLOC_FREE(dst);
+ return NULL;
+ }
+
+ dst->unix_info->sanitized_username = talloc_strdup(dst, src->unix_info->sanitized_username);
+ if (!dst->unix_info->sanitized_username) {
+ TALLOC_FREE(dst);
+ return NULL;
+ }
}
return dst;
*/
bool nss_token;
- char *unix_name;
-
- /*
- * For performance reasons we keep an alpha_strcpy-sanitized version
- * of the username around as long as the global variable current_user
- * still exists. If we did not do keep this, we'd have to call
- * alpha_strcpy whenever we do a become_user(), potentially on every
- * smb request. See set_current_user_info.
- */
- char *sanitized_username;
+ struct auth_user_info_unix *unix_info;
};
struct auth_context {
}
afs_username = talloc_sub_advanced(ctx,
- SNUM(conn), conn->session_info->unix_name,
+ SNUM(conn), conn->session_info->unix_info->unix_name,
conn->connectpath, conn->session_info->unix_token->gid,
- conn->session_info->sanitized_username,
+ conn->session_info->unix_info->sanitized_username,
pdb_get_domain(conn->session_info->sam_account),
afs_username);
if (!afs_username) {
char *standard_sub_conn(TALLOC_CTX *ctx, connection_struct *conn, const char *str)
{
- /* Make clear that we require the optional unix_token in the source3 code */
+ /* Make clear that we require the optional unix_token and unix_info in the source3 code */
SMB_ASSERT(conn->session_info->unix_token);
+ SMB_ASSERT(conn->session_info->unix_info);
return talloc_sub_advanced(ctx,
lp_servicename(SNUM(conn)),
- conn->session_info->unix_name,
+ conn->session_info->unix_info->unix_name,
conn->connectpath,
conn->session_info->unix_token->gid,
get_smb_user_name(),
fsp->wcp = NULL; /* Write cache pointer. */
DEBUG(2,("%s opened file %s read=%s write=%s (numopen=%d)\n",
- conn->session_info->unix_name,
+ conn->session_info->unix_info->unix_name,
smb_fname_str_dbg(smb_fname),
BOOLSTR(fsp->can_read), BOOLSTR(fsp->can_write),
conn->num_files_open));
targethost = talloc_sub_advanced(ctx,
lp_servicename(SNUM(conn)),
- conn->session_info->unix_name,
+ conn->session_info->unix_info->unix_name,
conn->connectpath,
conn->session_info->unix_token->gid,
- conn->session_info->sanitized_username,
+ conn->session_info->unix_info->sanitized_username,
conn->session_info->info3->base.domain.string,
targethost);
}
result = talloc_sub_advanced(ctx,
lp_servicename(SNUM(conn)),
- conn->session_info->unix_name,
+ conn->session_info->unix_info->unix_name,
conn->connectpath,
conn->session_info->unix_token->gid,
- conn->session_info->sanitized_username,
+ conn->session_info->unix_info->sanitized_username,
conn->session_info->info3->base.domain.string,
prefix);
TALLOC_FREE(prefix);
int rc = -1;
repository = talloc_sub_advanced(NULL, lp_servicename(SNUM(conn)),
- conn->session_info->unix_name,
+ conn->session_info->unix_info->unix_name,
conn->connectpath,
conn->session_info->unix_token->gid,
- conn->session_info->sanitized_username,
+ conn->session_info->unix_info->sanitized_username,
conn->session_info->info3->base.domain.string,
recycle_repository(handle));
ALLOC_CHECK(repository, done);
* function.
*/
username = smb_traffic_analyzer_anonymize( talloc_tos(),
- handle->conn->session_info->sanitized_username,
+ handle->conn->session_info->unix_info->sanitized_username,
handle);
if (!username) {
if (!pjob || !server_info)
return False;
- return strequal(pjob->user, server_info->sanitized_username);
+ return strequal(pjob->user, server_info->unix_info->sanitized_username);
}
/****************************************************************************
fstrcpy(pjob.clientmachine, clientmachine);
fstrcpy(pjob.user, lp_printjob_username(snum));
- standard_sub_advanced(sharename, server_info->sanitized_username,
+ standard_sub_advanced(sharename, server_info->unix_info->sanitized_username,
path, server_info->unix_token->gid,
- server_info->sanitized_username,
+ server_info->unix_info->sanitized_username,
server_info->info3->base.domain.string,
pjob.user, sizeof(pjob.user)-1);
/* ensure NULL termination */
return NT_STATUS_NO_MEMORY;
}
} else {
- username = p->session_info->sanitized_username;
+ username = p->session_info->unix_info->sanitized_username;
domname = p->session_info->info3->base.domain.string;
}
status = ntstatus_keeperror(status, tmp);
DEBUG(2,("%s closed file %s (numopen=%d) %s\n",
- conn->session_info->unix_name, fsp_str_dbg(fsp),
+ conn->session_info->unix_info->unix_name, fsp_str_dbg(fsp),
conn->num_files_open - 1,
nt_errstr(status) ));
"service[%s] file[%s] user[%s]\n",
lp_servicename(SNUM(conn)),
smb_fname_str_dbg(smb_fname),
- conn->session_info->unix_name));
+ conn->session_info->unix_info->unix_name));
return NT_STATUS_ACCESS_DENIED;
}
}
buf = talloc_sub_advanced(ctx,
lp_servicename(SNUM(conn)),
- conn->session_info->unix_name,
+ conn->session_info->unix_info->unix_name,
conn->connectpath,
conn->session_info->unix_token->gid,
- conn->session_info->sanitized_username,
+ conn->session_info->unix_info->sanitized_username,
conn->session_info->info3->base.domain.string,
buf);
if (!buf) {
}
buf = talloc_sub_advanced(ctx,
lp_servicename(SNUM(conn)),
- conn->session_info->unix_name,
+ conn->session_info->unix_info->unix_name,
conn->connectpath,
conn->session_info->unix_token->gid,
- conn->session_info->sanitized_username,
+ conn->session_info->unix_info->sanitized_username,
conn->session_info->info3->base.domain.string,
buf);
if (!buf) {
p += 4;
SIVAL(p,0,PTR_DIFF(p2,*rdata));
- strlcpy(p2,conn->session_info->sanitized_username,PTR_DIFF(endp,p2));
+ strlcpy(p2,conn->session_info->unix_info->sanitized_username,PTR_DIFF(endp,p2));
p2 = skip_string(*rdata,*rdata_len,p2);
if (!p2) {
return False;
if(vuser != NULL) {
DEBUG(3,(" Username of UID %d is %s\n",
(int)vuser->session_info->unix_token->uid,
- vuser->session_info->unix_name));
+ vuser->session_info->unix_info->unix_name));
}
uLevel = get_safe_SVAL(param,tpscnt,p,0,-1);
TALLOC_FREE(conn);
return NT_STATUS_NO_MEMORY;
}
- vfs_user = conn->session_info->unix_name;
+ vfs_user = conn->session_info->unix_info->unix_name;
} else {
/* use current authenticated user in absence of session_info */
vfs_user = get_current_username();
if (!( strequal(pdp->servicename, lp_servicename(SNUM(conn)))
|| (strequal(pdp->servicename, HOMES_NAME)
&& strequal(lp_servicename(SNUM(conn)),
- conn->session_info->sanitized_username) )) ) {
+ conn->session_info->unix_info->sanitized_username) )) ) {
/* The given sharename doesn't match this connection. */
TALLOC_FREE(pdp);
if (get_current_uid(conn) != 0) {
DEBUG(1,("get_user_quota: access_denied service [%s] user "
"[%s]\n", lp_servicename(SNUM(conn)),
- conn->session_info->unix_name));
+ conn->session_info->unix_info->unix_name));
reply_nterror(req, NT_STATUS_ACCESS_DENIED);
return;
}
if (get_current_uid(conn) != 0) {
DEBUG(1,("set_user_quota: access_denied service [%s] user "
"[%s]\n", lp_servicename(SNUM(conn)),
- conn->session_info->unix_name));
+ conn->session_info->unix_info->unix_name));
reply_nterror(req, NT_STATUS_ACCESS_DENIED);
return;
}
fsp->wcp = NULL; /* Write cache pointer. */
DEBUG(2,("%s opened file %s read=%s write=%s (numopen=%d)\n",
- conn->session_info->unix_name,
+ conn->session_info->unix_info->unix_name,
smb_fname_str_dbg(smb_fname),
BOOLSTR(fsp->can_read), BOOLSTR(fsp->can_write),
conn->num_files_open));
/* This is a potentially untrusted username */
alpha_strcpy(tmp, smb_name, ". _-$", sizeof(tmp));
- vuser->session_info->sanitized_username = talloc_strdup(
+ vuser->session_info->unix_info->sanitized_username = talloc_strdup(
vuser->session_info, tmp);
- /* Make clear that we require the optional unix_token in the source3 code */
+ /* Make clear that we require the optional unix_token and unix_info in the source3 code */
SMB_ASSERT(vuser->session_info->unix_token);
+ SMB_ASSERT(vuser->session_info->unix_info);
DEBUG(10,("register_existing_vuid: (%u,%u) %s %s %s guest=%d\n",
(unsigned int)vuser->session_info->unix_token->uid,
(unsigned int)vuser->session_info->unix_token->gid,
- vuser->session_info->unix_name,
- vuser->session_info->sanitized_username,
+ vuser->session_info->unix_info->unix_name,
+ vuser->session_info->unix_info->sanitized_username,
vuser->session_info->info3->base.domain.string,
vuser->session_info->guest ));
DEBUG(3, ("register_existing_vuid: User name: %s\t"
- "Real name: %s\n", vuser->session_info->unix_name,
+ "Real name: %s\n", vuser->session_info->unix_info->unix_name,
vuser->session_info->info3->base.full_name.string));
if (!vuser->session_info->security_token) {
DEBUG(3,("register_existing_vuid: UNIX uid %d is UNIX user %s, "
"and will be vuid %u\n", (int)vuser->session_info->unix_token->uid,
- vuser->session_info->unix_name, vuser->vuid));
+ vuser->session_info->unix_info->unix_name, vuser->vuid));
if (!session_claim(sconn, vuser)) {
DEBUG(1, ("register_existing_vuid: Failed to claim session "
if (!vuser->session_info->guest) {
vuser->homes_snum = register_homes_share(
- vuser->session_info->unix_name);
+ vuser->session_info->unix_info->unix_name);
}
if (srv_is_signing_negotiated(sconn) &&
/* fill in the current_user_info struct */
set_current_user_info(
- vuser->session_info->sanitized_username,
- vuser->session_info->unix_name,
+ vuser->session_info->unix_info->sanitized_username,
+ vuser->session_info->unix_info->unix_name,
vuser->session_info->info3->base.domain.string);
return vuser->vuid;
vuser = get_valid_user_struct(sconn, session_tag);
if (vuser) {
set_current_user_info(
- vuser->session_info->sanitized_username,
- vuser->session_info->unix_name,
+ vuser->session_info->unix_info->sanitized_username,
+ vuser->session_info->unix_info->unix_name,
vuser->session_info->info3->base.domain.string);
}
}
return NT_STATUS_ACCESS_DENIED;
}
} else {
- if (!user_ok_token(vuid_serverinfo->unix_name,
+ if (!user_ok_token(vuid_serverinfo->unix_info->unix_name,
vuid_serverinfo->info3->base.domain.string,
vuid_serverinfo->security_token, snum)) {
DEBUG(2, ("user '%s' (from session setup) not "
"permitted to access this share "
"(%s)\n",
- vuid_serverinfo->unix_name,
+ vuid_serverinfo->unix_info->unix_name,
lp_servicename(snum)));
return NT_STATUS_ACCESS_DENIED;
}
if (*lp_force_group(snum)) {
status = find_forced_group(
- conn->force_user, snum, conn->session_info->unix_name,
+ conn->force_user, snum, conn->session_info->unix_info->unix_name,
&conn->session_info->security_token->sids[1],
&conn->session_info->unix_token->gid);
conn->force_user = true;
}
- add_session_user(sconn, conn->session_info->unix_name);
+ add_session_user(sconn, conn->session_info->unix_info->unix_name);
conn->num_files_open = 0;
conn->lastused = conn->lastused_count = time(NULL);
{
char *s = talloc_sub_advanced(talloc_tos(),
lp_servicename(SNUM(conn)),
- conn->session_info->unix_name,
+ conn->session_info->unix_info->unix_name,
conn->connectpath,
conn->session_info->unix_token->gid,
- conn->session_info->sanitized_username,
+ conn->session_info->unix_info->sanitized_username,
conn->session_info->info3->base.domain.string,
lp_pathname(snum));
if (!s) {
filesystem operation that we do. */
if (SMB_VFS_CONNECT(conn, lp_servicename(snum),
- conn->session_info->unix_name) < 0) {
+ conn->session_info->unix_info->unix_name) < 0) {
DEBUG(0,("make_connection: VFS make connection failed!\n"));
*pstatus = NT_STATUS_UNSUCCESSFUL;
goto err_root_exit;
if (*lp_rootpreexec(snum)) {
char *cmd = talloc_sub_advanced(talloc_tos(),
lp_servicename(SNUM(conn)),
- conn->session_info->unix_name,
+ conn->session_info->unix_info->unix_name,
conn->connectpath,
conn->session_info->unix_token->gid,
- conn->session_info->sanitized_username,
+ conn->session_info->unix_info->sanitized_username,
conn->session_info->info3->base.domain.string,
lp_rootpreexec(snum));
DEBUG(5,("cmd=%s\n",cmd));
if (*lp_preexec(snum)) {
char *cmd = talloc_sub_advanced(talloc_tos(),
lp_servicename(SNUM(conn)),
- conn->session_info->unix_name,
+ conn->session_info->unix_info->unix_name,
conn->connectpath,
conn->session_info->unix_token->gid,
- conn->session_info->sanitized_username,
+ conn->session_info->unix_info->sanitized_username,
conn->session_info->info3->base.domain.string,
lp_preexec(snum));
ret = smbrun(cmd,NULL);
dbgtext( "%s", srv_is_signing_active(sconn) ? "signed " : "");
dbgtext( "connect to service %s ", lp_servicename(snum) );
dbgtext( "initially as user %s ",
- conn->session_info->unix_name );
+ conn->session_info->unix_info->unix_name );
dbgtext( "(uid=%d, gid=%d) ", (int)effuid, (int)effgid );
dbgtext( "(pid %d)\n", (int)sys_getpid() );
}
change_to_user(conn, vuid)) {
char *cmd = talloc_sub_advanced(talloc_tos(),
lp_servicename(SNUM(conn)),
- conn->session_info->unix_name,
+ conn->session_info->unix_info->unix_name,
conn->connectpath,
conn->session_info->unix_token->gid,
- conn->session_info->sanitized_username,
+ conn->session_info->unix_info->sanitized_username,
conn->session_info->info3->base.domain.string,
lp_postexec(SNUM(conn)));
smbrun(cmd,NULL);
if (*lp_rootpostexec(SNUM(conn))) {
char *cmd = talloc_sub_advanced(talloc_tos(),
lp_servicename(SNUM(conn)),
- conn->session_info->unix_name,
+ conn->session_info->unix_info->unix_name,
conn->connectpath,
conn->session_info->unix_token->gid,
- conn->session_info->sanitized_username,
+ conn->session_info->unix_info->sanitized_username,
conn->session_info->info3->base.domain.string,
lp_rootpostexec(SNUM(conn)));
smbrun(cmd,NULL);
/* Make clear that we require the optional unix_token in the source3 code */
SMB_ASSERT(vuser->session_info->unix_token);
- fstrcpy(sessionid.username, vuser->session_info->unix_name);
+ fstrcpy(sessionid.username, vuser->session_info->unix_info->unix_name);
fstrcpy(sessionid.hostname, sconn->remote_hostname);
sessionid.id_num = i; /* Only valid for utmp sessions */
sessionid.pid = pid;
return NT_STATUS_ACCESS_DENIED;
}
- set_current_user_info(session->session_info->sanitized_username,
- session->session_info->unix_name,
+ set_current_user_info(session->session_info->unix_info->sanitized_username,
+ session->session_info->unix_info->unix_name,
session->session_info->info3->base.domain.string);
req->session = session;
/* This is a potentially untrusted username */
alpha_strcpy(tmp, user, ". _-$", sizeof(tmp));
- session->session_info->sanitized_username =
+ session->session_info->unix_info->sanitized_username =
talloc_strdup(session->session_info, tmp);
if (!session->session_info->guest) {
session->compat_vuser->homes_snum =
- register_homes_share(session->session_info->unix_name);
+ register_homes_share(session->session_info->unix_info->unix_name);
}
if (!session_claim(session->sconn, session->compat_vuser)) {
auth_ntlmssp_get_username(session->auth_ntlmssp_state),
". _-$",
sizeof(tmp));
- session->session_info->sanitized_username = talloc_strdup(
+ session->session_info->unix_info->sanitized_username = talloc_strdup(
session->session_info, tmp);
if (!session->compat_vuser->session_info->guest) {
session->compat_vuser->homes_snum =
- register_homes_share(session->session_info->unix_name);
+ register_homes_share(session->session_info->unix_info->unix_name);
}
if (!session_claim(session->sconn, session->compat_vuser)) {
"user %s because it was not found "
"or created at session setup "
"time\n",
- compat_vuser->session_info->unix_name));
+ compat_vuser->session_info->unix_info->unix_name));
return NT_STATUS_BAD_NETWORK_NAME;
}
snum = compat_vuser->homes_snum;
DEBUG(0,("set_user_quota: access_denied "
"service [%s] user [%s]\n",
lp_servicename(SNUM(conn)),
- conn->session_info->unix_name));
+ conn->session_info->unix_info->unix_name));
return NT_STATUS_ACCESS_DENIED;
}
if ((get_current_uid(conn) != 0) || !CAN_WRITE(conn)) {
DEBUG(0,("set_user_quota: access_denied service [%s] user [%s]\n",
lp_servicename(SNUM(conn)),
- conn->session_info->unix_name));
+ conn->session_info->unix_info->unix_name));
reply_nterror(req, NT_STATUS_ACCESS_DENIED);
return;
}
}
}
- if (!user_ok_token(session_info->unix_name,
+ if (!user_ok_token(session_info->unix_info->unix_name,
session_info->info3->base.domain.string,
session_info->security_token, snum))
return(False);
readonly_share = is_share_read_only_for_token(
- session_info->unix_name,
+ session_info->unix_info->unix_name,
session_info->info3->base.domain.string,
session_info->security_token,
conn);
}
admin_user = token_contains_name_in_list(
- session_info->unix_name,
+ session_info->unix_info->unix_name,
session_info->info3->base.domain.string,
NULL, session_info->security_token, lp_admin_users(snum));
if (admin_user) {
DEBUG(2,("check_user_ok: user %s is an admin user. "
"Setting uid as %d\n",
- conn->session_info->unix_name,
+ conn->session_info->unix_info->unix_name,
sec_initial_uid() ));
conn->session_info->unix_token->uid = sec_initial_uid();
}
if (!ok) {
DEBUG(2,("SMB user %s (unix user %s) "
"not permitted access to share %s.\n",
- session_info->sanitized_username,
- session_info->unix_name,
+ session_info->unix_info->sanitized_username,
+ session_info->unix_info->unix_name,
lp_servicename(snum)));
return false;
}