This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
#include "system/filesys.h"
#include "system/passwd.h"
#include "auth/auth.h"
-#include "smb_server/smb_server.h"
#include "ntvfs/ntvfs.h"
+#include "libcli/wbclient/wbclient.h"
+#include "param/param.h"
struct unixuid_private {
- struct sidmap_context *sidmap;
+ struct wbc_context *wbc_ctx;
struct unix_sec_ctx *last_sec_ctx;
struct security_token *last_token;
};
struct security_token *token,
struct unix_sec_ctx **sec)
{
- struct unixuid_private *private = ntvfs->private_data;
+ struct unixuid_private *priv = ntvfs->private_data;
int i;
NTSTATUS status;
+ struct id_mapping *ids;
+ struct composite_context *ctx;
*sec = talloc(req, struct unix_sec_ctx);
/* we can't do unix security without a user and group */
return NT_STATUS_ACCESS_DENIED;
}
- status = sidmap_sid_to_unixuid(private->sidmap,
- token->user_sid, &(*sec)->uid);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
+ ids = talloc_array(req, struct id_mapping, token->num_sids);
+ NT_STATUS_HAVE_NO_MEMORY(ids);
- status = sidmap_sid_to_unixgid(private->sidmap,
- token->group_sid, &(*sec)->gid);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
+ ids[0].unixid = NULL;
+ ids[0].sid = token->user_sid;
+ ids[0].status = NT_STATUS_NONE_MAPPED;
+
+ ids[1].unixid = NULL;
+ ids[1].sid = token->group_sid;
+ ids[1].status = NT_STATUS_NONE_MAPPED;
(*sec)->ngroups = token->num_sids - 2;
(*sec)->groups = talloc_array(*sec, gid_t, (*sec)->ngroups);
- if ((*sec)->groups == NULL) {
- return NT_STATUS_NO_MEMORY;
+ NT_STATUS_HAVE_NO_MEMORY((*sec)->groups);
+
+ for (i=0;i<(*sec)->ngroups;i++) {
+ ids[i+2].unixid = NULL;
+ ids[i+2].sid = token->sids[i+2];
+ ids[i+2].status = NT_STATUS_NONE_MAPPED;
+ }
+
+ ctx = wbc_sids_to_xids_send(priv->wbc_ctx, ids, token->num_sids, ids);
+ NT_STATUS_HAVE_NO_MEMORY(ctx);
+
+ status = wbc_sids_to_xids_recv(ctx, &ids);
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ if (ids[0].unixid->type == ID_TYPE_BOTH ||
+ ids[0].unixid->type == ID_TYPE_UID) {
+ (*sec)->uid = ids[0].unixid->id;
+ } else {
+ return NT_STATUS_INVALID_SID;
+ }
+
+ if (ids[1].unixid->type == ID_TYPE_BOTH ||
+ ids[1].unixid->type == ID_TYPE_GID) {
+ (*sec)->gid = ids[1].unixid->id;
+ } else {
+ return NT_STATUS_INVALID_SID;
}
for (i=0;i<(*sec)->ngroups;i++) {
- status = sidmap_sid_to_unixgid(private->sidmap,
- token->sids[i+2], &(*sec)->groups[i]);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
+ if (ids[i+2].unixid->type == ID_TYPE_BOTH ||
+ ids[i+2].unixid->type == ID_TYPE_GID) {
+ (*sec)->groups[i] = ids[i+2].unixid->id;
+ } else {
+ return NT_STATUS_INVALID_SID;
}
}
token = req->session_info->security_token;
- *sec = save_unix_security(req);
+ *sec = save_unix_security(ntvfs);
if (*sec == NULL) {
return NT_STATUS_NO_MEMORY;
}
} else {
status = nt_token_to_unix_security(ntvfs, req, token, &newsec);
if (!NT_STATUS_IS_OK(status)) {
+ talloc_free(*sec);
return status;
}
if (private->last_sec_ctx) {
status = set_unix_security(newsec);
if (!NT_STATUS_IS_OK(status)) {
+ talloc_free(*sec);
return status;
}
NTSTATUS status2; \
struct unix_sec_ctx *sec; \
status = unixuid_setup_security(ntvfs, req, &sec); \
- if (NT_STATUS_IS_OK(status)) status = ntvfs_next_##op args; \
+ NT_STATUS_NOT_OK_RETURN(status); \
+ status = ntvfs_next_##op args; \
status2 = set_unix_security(sec); \
+ talloc_free(sec); \
if (!NT_STATUS_IS_OK(status2)) smb_panic("Unable to reset security context"); \
} while (0)
return NT_STATUS_NO_MEMORY;
}
- private->sidmap = sidmap_open(private);
- if (private->sidmap == NULL) {
- return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ private->wbc_ctx = wbc_init(private, ntvfs->ctx->msg_ctx,
+ ntvfs->ctx->event_ctx);
+ if (private->wbc_ctx == NULL) {
+ talloc_free(private);
+ return NT_STATUS_INTERNAL_ERROR;
}
ntvfs->private_data = private;
change notify
*/
static NTSTATUS unixuid_notify(struct ntvfs_module_context *ntvfs,
- struct ntvfs_request *req, struct smb_notify *info)
+ struct ntvfs_request *req, union smb_notify *info)
{
NTSTATUS status;
static NTSTATUS unixuid_search_first(struct ntvfs_module_context *ntvfs,
struct ntvfs_request *req, union smb_search_first *io,
void *search_private,
- BOOL (*callback)(void *, union smb_search_data *))
+ bool (*callback)(void *, const union smb_search_data *))
{
NTSTATUS status;
static NTSTATUS unixuid_search_next(struct ntvfs_module_context *ntvfs,
struct ntvfs_request *req, union smb_search_next *io,
void *search_private,
- BOOL (*callback)(void *, union smb_search_data *))
+ bool (*callback)(void *, const union smb_search_data *))
{
NTSTATUS status;
{
NTSTATUS ret;
struct ntvfs_ops ops;
+ NTVFS_CURRENT_CRITICAL_SIZES(vers);
ZERO_STRUCT(ops);
/* we register under all 3 backend types, as we are not type specific */
ops.type = NTVFS_DISK;
- ret = ntvfs_register(&ops);
+ ret = ntvfs_register(&ops, &vers);
if (!NT_STATUS_IS_OK(ret)) goto failed;
ops.type = NTVFS_PRINT;
- ret = ntvfs_register(&ops);
+ ret = ntvfs_register(&ops, &vers);
if (!NT_STATUS_IS_OK(ret)) goto failed;
ops.type = NTVFS_IPC;
- ret = ntvfs_register(&ops);
+ ret = ntvfs_register(&ops, &vers);
if (!NT_STATUS_IS_OK(ret)) goto failed;
failed:
git.samba.org / jelmer / samba4-debian.git / blobdiff