From: Volker Lendecke Date: Thu, 19 Jun 2008 14:54:12 +0000 (+0200) Subject: Wrap the unix token info in a unix_user_token in auth_serversupplied_info X-Git-Url: http://git.samba.org/samba.git/?p=kai%2Fsamba.git;a=commitdiff_plain;h=40f5eab5eb515937e1b23cf6762b77c194d29b9d Wrap the unix token info in a unix_user_token in auth_serversupplied_info No functional change, this is a preparation for more current_user ref removal (This used to be commit dcaedf345e62ab74ea87f0a3fa1e3199c75c5445) --- diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 790b2f0624c..f3fccb0a881 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -480,8 +480,8 @@ static auth_serversupplied_info *make_server_info(TALLOC_CTX *mem_ctx) which may save us from giving away root access if there is a bug in allocating these fields. */ - result->uid = -1; - result->gid = -1; + result->utok.uid = -1; + result->utok.gid = -1; return result; } @@ -526,8 +526,8 @@ NTSTATUS make_server_info_sam(auth_serversupplied_info **server_info, result->unix_name = pwd->pw_name; /* Ensure that we keep pwd->pw_name, because we will free pwd below */ talloc_steal(result, pwd->pw_name); - result->gid = pwd->pw_gid; - result->uid = pwd->pw_uid; + result->utok.gid = pwd->pw_gid; + result->utok.uid = pwd->pw_uid; TALLOC_FREE(pwd); @@ -653,8 +653,8 @@ NTSTATUS create_local_token(auth_serversupplied_info *server_info) status = create_token_from_username(server_info, server_info->unix_name, server_info->guest, - &server_info->uid, - &server_info->gid, + &server_info->utok.uid, + &server_info->utok.gid, &server_info->unix_name, &server_info->ptok); @@ -675,8 +675,8 @@ NTSTATUS create_local_token(auth_serversupplied_info *server_info) /* Convert the SIDs to gids. */ - server_info->n_groups = 0; - server_info->groups = NULL; + server_info->utok.ngroups = 0; + server_info->utok.groups = NULL; /* Start at index 1, where the groups start. */ @@ -689,8 +689,9 @@ NTSTATUS create_local_token(auth_serversupplied_info *server_info) "ignoring it\n", sid_string_dbg(sid))); continue; } - add_gid_to_array_unique(server_info, gid, &server_info->groups, - &server_info->n_groups); + add_gid_to_array_unique(server_info, gid, + &server_info->utok.groups, + &server_info->utok.ngroups); } debug_nt_user_token(DBGC_AUTH, 10, server_info->ptok); @@ -1043,8 +1044,8 @@ NTSTATUS make_server_info_pw(auth_serversupplied_info **server_info, return NT_STATUS_NO_MEMORY; } - result->uid = pwd->pw_uid; - result->gid = pwd->pw_gid; + result->utok.uid = pwd->pw_uid; + result->utok.gid = pwd->pw_gid; status = pdb_enum_group_memberships(result, sampass, &result->sids, &gids, @@ -1228,14 +1229,15 @@ struct auth_serversupplied_info *copy_serverinfo(TALLOC_CTX *mem_ctx, } dst->guest = src->guest; - dst->uid = src->uid; - dst->gid = src->gid; - dst->n_groups = src->n_groups; - if (src->n_groups != 0) { - dst->groups = (gid_t *)TALLOC_MEMDUP( - dst, src->groups, sizeof(gid_t)*dst->n_groups); + dst->utok.uid = src->utok.uid; + dst->utok.gid = src->utok.gid; + dst->utok.ngroups = src->utok.ngroups; + if (src->utok.ngroups != 0) { + dst->utok.groups = (gid_t *)TALLOC_MEMDUP( + dst, src->utok.groups, + sizeof(gid_t)*dst->utok.ngroups); } else { - dst->groups = NULL; + dst->utok.groups = NULL; } if (src->ptok) { @@ -1660,8 +1662,8 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, /* Fill in the unix info we found on the way */ - result->uid = uid; - result->gid = gid; + result->utok.uid = uid; + result->utok.gid = gid; /* Create a 'combined' list of all SIDs we might want in the SD */ @@ -1906,8 +1908,8 @@ NTSTATUS make_server_info_wbcAuthUserInfo(TALLOC_CTX *mem_ctx, /* Fill in the unix info we found on the way */ - result->uid = uid; - result->gid = gid; + result->utok.uid = uid; + result->utok.gid = gid; /* Create a 'combined' list of all SIDs we might want in the SD */ diff --git a/source3/include/auth.h b/source3/include/auth.h index 56b8144a246..adcd6e943f9 100644 --- a/source3/include/auth.h +++ b/source3/include/auth.h @@ -47,13 +47,8 @@ typedef struct auth_serversupplied_info { check_ntlm_password and the token creation. */ size_t num_sids; - uid_t uid; - gid_t gid; - - /* This groups info is needed for when we become_user() for this uid */ - size_t n_groups; - gid_t *groups; - + struct unix_user_token utok; + /* NT group information taken from the info3 structure */ NT_USER_TOKEN *ptok; diff --git a/source3/include/smb.h b/source3/include/smb.h index 76cc389a108..7ae66f1cedb 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -378,10 +378,10 @@ typedef struct nt_user_token { SE_PRIV privileges; } NT_USER_TOKEN; -typedef struct _unix_token { +typedef struct unix_user_token { uid_t uid; gid_t gid; - int ngroups; + size_t ngroups; gid_t *groups; } UNIX_USER_TOKEN; diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c index 926bb8233d7..c0162fcbc4e 100644 --- a/source3/lib/substitute.c +++ b/source3/lib/substitute.c @@ -910,7 +910,7 @@ char *standard_sub_conn(TALLOC_CTX *ctx, connection_struct *conn, const char *st lp_servicename(SNUM(conn)), conn->server_info->unix_name, conn->connectpath, - conn->server_info->gid, + conn->server_info->utok.gid, get_smb_user_name(), "", str); diff --git a/source3/modules/vfs_expand_msdfs.c b/source3/modules/vfs_expand_msdfs.c index 3654ae43512..0d09d213e11 100644 --- a/source3/modules/vfs_expand_msdfs.c +++ b/source3/modules/vfs_expand_msdfs.c @@ -145,7 +145,7 @@ static char *expand_msdfs_target(TALLOC_CTX *ctx, lp_servicename(SNUM(conn)), conn->server_info->unix_name, conn->connectpath, - conn->server_info->gid, + conn->server_info->utok.gid, conn->server_info->sanitized_username, pdb_get_domain(conn->server_info->sam_account), targethost); diff --git a/source3/modules/vfs_fake_perms.c b/source3/modules/vfs_fake_perms.c index ef0a2c3d9e7..29893221471 100644 --- a/source3/modules/vfs_fake_perms.c +++ b/source3/modules/vfs_fake_perms.c @@ -37,8 +37,8 @@ static int fake_perms_stat(vfs_handle_struct *handle, const char *fname, SMB_STR } else { sbuf->st_mode = S_IRWXU; } - sbuf->st_uid = handle->conn->server_info->uid; - sbuf->st_gid = handle->conn->server_info->gid; + sbuf->st_uid = handle->conn->server_info->utok.uid; + sbuf->st_gid = handle->conn->server_info->utok.gid; } return ret; @@ -55,8 +55,8 @@ static int fake_perms_fstat(vfs_handle_struct *handle, files_struct *fsp, SMB_ST } else { sbuf->st_mode = S_IRWXU; } - sbuf->st_uid = handle->conn->server_info->uid; - sbuf->st_gid = handle->conn->server_info->gid; + sbuf->st_uid = handle->conn->server_info->utok.uid; + sbuf->st_gid = handle->conn->server_info->utok.gid; } return ret; } diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c index 3005de38296..3cefbcda342 100644 --- a/source3/modules/vfs_full_audit.c +++ b/source3/modules/vfs_full_audit.c @@ -703,7 +703,7 @@ static char *audit_prefix(TALLOC_CTX *ctx, connection_struct *conn) lp_servicename(SNUM(conn)), conn->server_info->unix_name, conn->connectpath, - conn->server_info->gid, + conn->server_info->utok.gid, conn->server_info->sanitized_username, pdb_get_domain(conn->server_info->sam_account), prefix); diff --git a/source3/modules/vfs_recycle.c b/source3/modules/vfs_recycle.c index 207f04bc475..acc1936e5f8 100644 --- a/source3/modules/vfs_recycle.c +++ b/source3/modules/vfs_recycle.c @@ -432,7 +432,7 @@ static int recycle_unlink(vfs_handle_struct *handle, const char *file_name) repository = talloc_sub_advanced(NULL, lp_servicename(SNUM(conn)), conn->server_info->unix_name, conn->connectpath, - conn->server_info->gid, + conn->server_info->utok.gid, conn->server_info->sanitized_username, pdb_get_domain(conn->server_info->sam_account), recycle_repository(handle)); diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 52e4fdfd5ba..dcc4cd448f6 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -660,8 +660,8 @@ static bool pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob) * Store the UNIX credential data (uid/gid pair) in the pipe structure. */ - p->pipe_user.ut.uid = a->server_info->uid; - p->pipe_user.ut.gid = a->server_info->gid; + p->pipe_user.ut.uid = a->server_info->utok.uid; + p->pipe_user.ut.gid = a->server_info->utok.gid; /* * We're an authenticated bind over smbd, so the session key needs to @@ -675,10 +675,11 @@ static bool pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob) return False; } - p->pipe_user.ut.ngroups = a->server_info->n_groups; + p->pipe_user.ut.ngroups = a->server_info->utok.ngroups; if (p->pipe_user.ut.ngroups) { - if (!(p->pipe_user.ut.groups = (gid_t *)memdup(a->server_info->groups, - sizeof(gid_t) * p->pipe_user.ut.ngroups))) { + if (!(p->pipe_user.ut.groups = (gid_t *)memdup( + a->server_info->utok.groups, + sizeof(gid_t) * p->pipe_user.ut.ngroups))) { DEBUG(0,("failed to memdup group list to p->pipe_user.groups\n")); return False; } diff --git a/source3/smbd/connection.c b/source3/smbd/connection.c index 97f36971c86..8dd5964f5f4 100644 --- a/source3/smbd/connection.c +++ b/source3/smbd/connection.c @@ -152,8 +152,8 @@ bool claim_connection(connection_struct *conn, const char *name, crec.pid = procid_self(); crec.cnum = conn?conn->cnum:-1; if (conn) { - crec.uid = conn->server_info->uid; - crec.gid = conn->server_info->gid; + crec.uid = conn->server_info->utok.uid; + crec.gid = conn->server_info->utok.gid; strlcpy(crec.servicename, lp_servicename(SNUM(conn)), sizeof(crec.servicename)); } diff --git a/source3/smbd/fake_file.c b/source3/smbd/fake_file.c index 47982d4f00c..8dd9abee1ad 100644 --- a/source3/smbd/fake_file.c +++ b/source3/smbd/fake_file.c @@ -109,7 +109,7 @@ NTSTATUS open_fake_file(connection_struct *conn, NTSTATUS status; /* access check */ - if (conn->server_info->uid != 0) { + if (conn->server_info->utok.uid != 0) { DEBUG(3, ("open_fake_file_shared: access_denied to " "service[%s] file[%s] user[%s]\n", lp_servicename(SNUM(conn)), fname, diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c index e61a8c3a5a2..84c993d06b0 100644 --- a/source3/smbd/file_access.c +++ b/source3/smbd/file_access.c @@ -82,7 +82,7 @@ bool can_delete_file_in_directory(connection_struct *conn, const char *fname) if (!S_ISDIR(sbuf.st_mode)) { return False; } - if (conn->server_info->uid == 0 || conn->admin_user) { + if (conn->server_info->utok.uid == 0 || conn->admin_user) { /* I'm sorry sir, I didn't know you were root... */ return True; } @@ -104,7 +104,7 @@ bool can_delete_file_in_directory(connection_struct *conn, const char *fname) * for bug #3348. Don't assume owning sticky bit * directory means write access allowed. */ - if (conn->server_info->uid != sbuf_file.st_uid) { + if (conn->server_info->utok.uid != sbuf_file.st_uid) { return False; } } @@ -147,7 +147,7 @@ bool can_access_file_data(connection_struct *conn, const char *fname, SMB_STRUCT DEBUG(10,("can_access_file_data: requesting 0x%x on file %s\n", (unsigned int)access_mask, fname )); - if (conn->server_info->uid == 0 || conn->admin_user) { + if (conn->server_info->utok.uid == 0 || conn->admin_user) { /* I'm sorry sir, I didn't know you were root... */ return True; } @@ -160,7 +160,7 @@ bool can_access_file_data(connection_struct *conn, const char *fname, SMB_STRUCT } /* Check primary owner access. */ - if (conn->server_info->uid == psbuf->st_uid) { + if (conn->server_info->utok.uid == psbuf->st_uid) { switch (access_mask) { case FILE_READ_DATA: return (psbuf->st_mode & S_IRUSR) ? True : False; diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c index 31d4a398421..226e0d57896 100644 --- a/source3/smbd/lanman.c +++ b/source3/smbd/lanman.c @@ -102,7 +102,7 @@ static int CopyExpanded(connection_struct *conn, lp_servicename(SNUM(conn)), conn->server_info->unix_name, conn->connectpath, - conn->server_info->gid, + conn->server_info->utok.gid, conn->server_info->sanitized_username, pdb_get_domain(conn->server_info->sam_account), buf); @@ -153,7 +153,7 @@ static int StrlenExpanded(connection_struct *conn, int snum, char *s) lp_servicename(SNUM(conn)), conn->server_info->unix_name, conn->connectpath, - conn->server_info->gid, + conn->server_info->utok.gid, conn->server_info->sanitized_username, pdb_get_domain(conn->server_info->sam_account), buf); @@ -183,7 +183,7 @@ static char *Expand(connection_struct *conn, int snum, char *s) lp_servicename(SNUM(conn)), conn->server_info->unix_name, conn->connectpath, - conn->server_info->gid, + conn->server_info->utok.gid, conn->server_info->sanitized_username, pdb_get_domain(conn->server_info->sam_account), buf); @@ -3009,7 +3009,7 @@ static bool api_RNetServerGetInfo(connection_struct *conn,uint16 vuid, lp_servicename(SNUM(conn)), conn->server_info->unix_name, conn->connectpath, - conn->server_info->gid, + conn->server_info->utok.gid, conn->server_info->sanitized_username, pdb_get_domain(conn->server_info->sam_account), comment); @@ -3346,7 +3346,7 @@ static bool api_RNetUserGetInfo(connection_struct *conn, uint16 vuid, user_struct *vuser = get_valid_user_struct(vuid); if(vuser != NULL) { DEBUG(3,(" Username of UID %d is %s\n", - (int)vuser->server_info->uid, + (int)vuser->server_info->utok.uid, vuser->server_info->unix_name)); } @@ -3602,7 +3602,7 @@ static bool api_WWkstaUserLogon(connection_struct *conn,uint16 vuid, if(vuser != NULL) { DEBUG(3,(" Username of UID %d is %s\n", - (int)vuser->server_info->uid, + (int)vuser->server_info->utok.uid, vuser->server_info->unix_name)); } diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 5a1af426387..3cec80c6dfb 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -1847,8 +1847,8 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, new_file_created = True; } - set_share_mode(lck, fsp, conn->server_info->uid, 0, fsp->oplock_type, - new_file_created); + set_share_mode(lck, fsp, conn->server_info->utok.uid, 0, + fsp->oplock_type, new_file_created); /* Handle strange delete on close create semantics. */ if ((create_options & FILE_DELETE_ON_CLOSE) @@ -2247,7 +2247,8 @@ NTSTATUS open_directory(connection_struct *conn, return status; } - set_share_mode(lck, fsp, conn->server_info->uid, 0, NO_OPLOCK, True); + set_share_mode(lck, fsp, conn->server_info->utok.uid, 0, NO_OPLOCK, + True); /* For directories the delete on close bit at open time seems always to be honored on close... See test 19 in Samba4 BASE-DELETE. */ diff --git a/source3/smbd/password.c b/source3/smbd/password.c index ebc72350b5a..1d3514429f3 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -271,8 +271,8 @@ int register_existing_vuid(uint16 vuid, vuser->server_info, tmp); DEBUG(10,("register_existing_vuid: (%u,%u) %s %s %s guest=%d\n", - (unsigned int)vuser->server_info->uid, - (unsigned int)vuser->server_info->gid, + (unsigned int)vuser->server_info->utok.uid, + (unsigned int)vuser->server_info->utok.gid, vuser->server_info->unix_name, vuser->server_info->sanitized_username, pdb_get_domain(vuser->server_info->sam_account), @@ -289,7 +289,7 @@ int register_existing_vuid(uint16 vuid, } DEBUG(3,("register_existing_vuid: UNIX uid %d is UNIX user %s, " - "and will be vuid %u\n", (int)vuser->server_info->uid, + "and will be vuid %u\n", (int)vuser->server_info->utok.uid, vuser->server_info->unix_name, vuser->vuid)); next_vuid++; diff --git a/source3/smbd/sec_ctx.c b/source3/smbd/sec_ctx.c index 0f307f6a647..a618f06e6b2 100644 --- a/source3/smbd/sec_ctx.c +++ b/source3/smbd/sec_ctx.c @@ -145,7 +145,7 @@ static void gain_root(void) Get the list of current groups. ****************************************************************************/ -static int get_current_groups(gid_t gid, int *p_ngroups, gid_t **p_groups) +static int get_current_groups(gid_t gid, size_t *p_ngroups, gid_t **p_groups) { int i; gid_t grp; diff --git a/source3/smbd/service.c b/source3/smbd/service.c index ac233a97b73..1ad48451ff5 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -823,7 +823,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, status = find_forced_group( conn->force_user, snum, conn->server_info->unix_name, &conn->server_info->ptok->user_sids[1], - &conn->server_info->gid); + &conn->server_info->utok.gid); if (!NT_STATUS_IS_OK(status)) { conn_free(conn); @@ -839,7 +839,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, lp_servicename(SNUM(conn)), conn->server_info->unix_name, conn->connectpath, - conn->server_info->gid, + conn->server_info->utok.gid, conn->server_info->sanitized_username, pdb_get_domain(conn->server_info->sam_account), lp_pathname(snum)); @@ -961,7 +961,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, lp_servicename(SNUM(conn)), conn->server_info->unix_name, conn->connectpath, - conn->server_info->gid, + conn->server_info->utok.gid, conn->server_info->sanitized_username, pdb_get_domain(conn->server_info->sam_account), lp_rootpreexec(snum)); @@ -1000,7 +1000,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, lp_servicename(SNUM(conn)), conn->server_info->unix_name, conn->connectpath, - conn->server_info->gid, + conn->server_info->utok.gid, conn->server_info->sanitized_username, pdb_get_domain(conn->server_info->sam_account), lp_preexec(snum)); @@ -1325,7 +1325,7 @@ void close_cnum(connection_struct *conn, uint16 vuid) lp_servicename(SNUM(conn)), conn->server_info->unix_name, conn->connectpath, - conn->server_info->gid, + conn->server_info->utok.gid, conn->server_info->sanitized_username, pdb_get_domain(conn->server_info->sam_account), lp_postexec(SNUM(conn))); @@ -1341,7 +1341,7 @@ void close_cnum(connection_struct *conn, uint16 vuid) lp_servicename(SNUM(conn)), conn->server_info->unix_name, conn->connectpath, - conn->server_info->gid, + conn->server_info->utok.gid, conn->server_info->sanitized_username, pdb_get_domain(conn->server_info->sam_account), lp_rootpostexec(SNUM(conn))); diff --git a/source3/smbd/session.c b/source3/smbd/session.c index 5e5a184efaf..3b431a19be0 100644 --- a/source3/smbd/session.c +++ b/source3/smbd/session.c @@ -168,8 +168,8 @@ bool session_claim(user_struct *vuser) fstrcpy(sessionid.hostname, hostname); sessionid.id_num = i; /* Only valid for utmp sessions */ sessionid.pid = pid; - sessionid.uid = vuser->server_info->uid; - sessionid.gid = vuser->server_info->gid; + sessionid.uid = vuser->server_info->utok.uid; + sessionid.gid = vuser->server_info->utok.gid; fstrcpy(sessionid.remote_machine, get_remote_machine_name()); fstrcpy(sessionid.ip_addr_str, client_addr(get_client_fd(),addr,sizeof(addr))); diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c index 2bc5595661c..8998f6a371b 100644 --- a/source3/smbd/uid.c +++ b/source3/smbd/uid.c @@ -192,13 +192,13 @@ bool change_to_user(connection_struct *conn, uint16 vuid) */ if((lp_security() == SEC_SHARE) && (current_user.conn == conn) && - (current_user.ut.uid == conn->server_info->uid)) { + (current_user.ut.uid == conn->server_info->utok.uid)) { DEBUG(4,("change_to_user: Skipping user change - already " "user\n")); return(True); } else if ((current_user.conn == conn) && (vuser != NULL) && (current_user.vuid == vuid) && - (current_user.ut.uid == vuser->server_info->uid)) { + (current_user.ut.uid == vuser->server_info->utok.uid)) { DEBUG(4,("change_to_user: Skipping user change - already " "user\n")); return(True); @@ -221,15 +221,15 @@ bool change_to_user(connection_struct *conn, uint16 vuid) */ if (conn->force_user) /* security = share sets this too */ { - uid = conn->server_info->uid; - gid = conn->server_info->gid; - group_list = conn->server_info->groups; - num_groups = conn->server_info->n_groups; + uid = conn->server_info->utok.uid; + gid = conn->server_info->utok.gid; + group_list = conn->server_info->utok.groups; + num_groups = conn->server_info->utok.ngroups; } else if (vuser) { - uid = conn->admin_user ? 0 : vuser->server_info->uid; - gid = conn->server_info->gid; - num_groups = conn->server_info->n_groups; - group_list = conn->server_info->groups; + uid = conn->admin_user ? 0 : vuser->server_info->utok.uid; + gid = conn->server_info->utok.gid; + num_groups = conn->server_info->utok.ngroups; + group_list = conn->server_info->utok.groups; } else { DEBUG(2,("change_to_user: Invalid vuid used %d in accessing " "share %s.\n",vuid, lp_servicename(snum) )); @@ -255,15 +255,16 @@ bool change_to_user(connection_struct *conn, uint16 vuid) int i; for (i = 0; i < num_groups; i++) { - if (group_list[i] == conn->server_info->gid) { - gid = conn->server_info->gid; + if (group_list[i] + == conn->server_info->utok.gid) { + gid = conn->server_info->utok.gid; gid_to_sid(&conn->server_info->ptok ->user_sids[1], gid); break; } } } else { - gid = conn->server_info->gid; + gid = conn->server_info->utok.gid; gid_to_sid(&conn->server_info->ptok->user_sids[1], gid); }