#define TEVENT_DEPRECATED
#include <tevent.h>
-#if defined(UID_WRAPPER)
-#if !defined(UID_WRAPPER_REPLACE) && !defined(UID_WRAPPER_NOT_REPLACE)
-#define UID_WRAPPER_REPLACE
-#include "../uid_wrapper/uid_wrapper.h"
-#endif
-#else
-#define uwrap_enabled() 0
-#endif
-
-
NTSTATUS ntvfs_unixuid_init(void);
struct unixuid_private {
struct wbc_context *wbc_ctx;
- struct unix_sec_ctx *last_sec_ctx;
+ struct security_unix_token *last_sec_ctx;
struct security_token *last_token;
};
-
-struct unix_sec_ctx {
- uid_t uid;
- gid_t gid;
- unsigned int ngroups;
- gid_t *groups;
-};
-
/*
- pull the current security context into a unix_sec_ctx
+ pull the current security context into a security_unix_token
*/
-static struct unix_sec_ctx *save_unix_security(TALLOC_CTX *mem_ctx)
+static struct security_unix_token *save_unix_security(TALLOC_CTX *mem_ctx)
{
- struct unix_sec_ctx *sec = talloc(mem_ctx, struct unix_sec_ctx);
+ struct security_unix_token *sec = talloc(mem_ctx, struct security_unix_token);
if (sec == NULL) {
return NULL;
}
}
/*
- set the current security context from a unix_sec_ctx
+ set the current security context from a security_unix_token
*/
-static NTSTATUS set_unix_security(struct unix_sec_ctx *sec)
+static NTSTATUS set_unix_security(struct security_unix_token *sec)
{
seteuid(0);
void *stack_ptr,
const char *location)
{
- struct unix_sec_ctx *sec_ctx;
+ struct security_unix_token *sec_ctx;
if (unixuid_nesting_level == 0) {
/* we don't need to do anything unless we are nested
DEBUG(0,("%s: Failed to save security context\n", location));
return -1;
}
- *(struct unix_sec_ctx **)stack_ptr = sec_ctx;
+ *(struct security_unix_token **)stack_ptr = sec_ctx;
if (seteuid(0) != 0 || setegid(0) != 0) {
DEBUG(0,("%s: Failed to change to root\n", location));
return -1;
/* called when we come out of a nesting level */
NTSTATUS status;
- sec_ctx = *(struct unix_sec_ctx **)stack_ptr;
+ sec_ctx = *(struct security_unix_token **)stack_ptr;
if (sec_ctx == NULL) {
/* this happens the first time this function
is called, as we install the hook while
return 0;
}
- sec_ctx = talloc_get_type_abort(sec_ctx, struct unix_sec_ctx);
+ sec_ctx = talloc_get_type_abort(sec_ctx, struct security_unix_token);
status = set_unix_security(sec_ctx);
talloc_free(sec_ctx);
if (!NT_STATUS_IS_OK(status)) {
/*
- form a unix_sec_ctx from the current security_token
+ form a security_unix_token from the current security_token
*/
static NTSTATUS nt_token_to_unix_security(struct ntvfs_module_context *ntvfs,
struct ntvfs_request *req,
struct security_token *token,
- struct unix_sec_ctx **sec)
+ struct security_unix_token **sec)
{
struct unixuid_private *priv = ntvfs->private_data;
- int i;
- NTSTATUS status;
- struct id_map *ids;
- struct composite_context *ctx;
- *sec = talloc(req, struct unix_sec_ctx);
-
- /* we can't do unix security without a user and group */
- if (token->num_sids < 2) {
- return NT_STATUS_ACCESS_DENIED;
- }
-
- ids = talloc_array(req, struct id_map, token->num_sids);
- NT_STATUS_HAVE_NO_MEMORY(ids);
-
- (*sec)->ngroups = token->num_sids - 2;
- (*sec)->groups = talloc_array(*sec, gid_t, (*sec)->ngroups);
- NT_STATUS_HAVE_NO_MEMORY((*sec)->groups);
-
- for (i=0;i<token->num_sids;i++) {
- ZERO_STRUCT(ids[i].xid);
- ids[i].sid = &token->sids[i];
- ids[i].status = ID_UNKNOWN;
- }
- ctx = wbc_sids_to_xids_send(priv->wbc_ctx, ids, token->num_sids, ids);
- NT_STATUS_HAVE_NO_MEMORY(ctx);
-
- status = wbc_sids_to_xids_recv(ctx, &ids);
- NT_STATUS_NOT_OK_RETURN(status);
-
- if (ids[0].xid.type == ID_TYPE_BOTH ||
- ids[0].xid.type == ID_TYPE_UID) {
- (*sec)->uid = ids[0].xid.id;
- } else {
- return NT_STATUS_INVALID_SID;
- }
-
- if (ids[1].xid.type == ID_TYPE_BOTH ||
- ids[1].xid.type == ID_TYPE_GID) {
- (*sec)->gid = ids[1].xid.id;
- } else {
- return NT_STATUS_INVALID_SID;
- }
-
- for (i=0;i<(*sec)->ngroups;i++) {
- if (ids[i+2].xid.type == ID_TYPE_BOTH ||
- ids[i+2].xid.type == ID_TYPE_GID) {
- (*sec)->groups[i] = ids[i+2].xid.id;
- } else {
- return NT_STATUS_INVALID_SID;
- }
- }
-
- return NT_STATUS_OK;
+ return security_token_to_unix_token(req,
+ priv->wbc_ctx,
+ token, sec);
}
/*
setup our unix security context according to the session authentication info
*/
static NTSTATUS unixuid_setup_security(struct ntvfs_module_context *ntvfs,
- struct ntvfs_request *req, struct unix_sec_ctx **sec)
+ struct ntvfs_request *req, struct security_unix_token **sec)
{
struct unixuid_private *priv = ntvfs->private_data;
struct security_token *token;
- struct unix_sec_ctx *newsec;
+ struct security_unix_token *newsec;
NTSTATUS status;
/* If we are asked to set up, but have not had a successful
*/
#define PASS_THRU_REQ(ntvfs, req, op, args) do { \
NTSTATUS status2; \
- struct unix_sec_ctx *sec; \
+ struct security_unix_token *sec; \
status = unixuid_setup_security(ntvfs, req, &sec); \
NT_STATUS_NOT_OK_RETURN(status); \
unixuid_nesting_level++; \
git.samba.org / kai / samba.git / blobdiff