The branch, v3-3-test has been updated via 5f8a5e68ea166fbeda3af6e5ec381ec09d06f0f6 (commit) via 5595cdf837edb82db69a3e57bcf3108be7feeeb8 (commit) via 4c31cc0b62f532eafdc44398b29b773ad8cb0646 (commit) via e895e44cc7d675d128430fb53c138e5e8736e59f (commit) via dcaedf345e62ab74ea87f0a3fa1e3199c75c5445 (commit) via 64e9372ab997739d46669c0cc4a4c6edb11d5e64 (commit) via 8d364c4c3311b406847158fc37e9208d298cf8ba (commit) from c65d425fec964bc0b8778b596615a8bcce0378aa (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log ----------------------------------------------------------------- commit 5f8a5e68ea166fbeda3af6e5ec381ec09d06f0f6 Author: Volker Lendecke <[EMAIL PROTECTED]> Date: Thu Jun 19 18:48:10 2008 +0200 Remove current_user references from nttrans.c commit 5595cdf837edb82db69a3e57bcf3108be7feeeb8 Author: Volker Lendecke <[EMAIL PROTECTED]> Date: Thu Jun 19 18:46:57 2008 +0200 Remove current_user references from trans2.c This involved replacing the CHECK_NTQUOTA_HANDLE_OK macro by a function. commit 4c31cc0b62f532eafdc44398b29b773ad8cb0646 Author: Volker Lendecke <[EMAIL PROTECTED]> Date: Thu Jun 19 18:36:54 2008 +0200 Remove some current_user references from trans2.c commit e895e44cc7d675d128430fb53c138e5e8736e59f Author: Volker Lendecke <[EMAIL PROTECTED]> Date: Thu Jun 19 18:21:41 2008 +0200 Remove reference to current_user from reply.c commit dcaedf345e62ab74ea87f0a3fa1e3199c75c5445 Author: Volker Lendecke <[EMAIL PROTECTED]> Date: Thu Jun 19 16:54:12 2008 +0200 Wrap the unix token info in a unix_user_token in auth_serversupplied_info No functional change, this is a preparation for more current_user ref removal commit 64e9372ab997739d46669c0cc4a4c6edb11d5e64 Author: Volker Lendecke <[EMAIL PROTECTED]> Date: Thu Jun 19 16:31:59 2008 +0200 Remove the "current_user" arg from fsp_belongs_conn fsp_belongs_conn only used the vuid struct member anyway, and this is available in the smb_request structure as well. commit 8d364c4c3311b406847158fc37e9208d298cf8ba Author: Volker Lendecke <[EMAIL PROTECTED]> Date: Thu Jun 19 16:31:59 2008 +0200 Remove the "current_user" arg from check_fsp check_fsp only used the vuid struct member anyway, and this is available in the smb_request structure as well. ----------------------------------------------------------------------- Summary of changes: source/auth/auth_util.c | 48 +++++++++++----------- source/include/auth.h | 9 +--- source/include/ntquotas.h | 5 -- source/include/proto.h | 8 ++- source/include/smb.h | 4 +- source/include/smb_macros.h | 2 - source/lib/substitute.c | 2 +- source/modules/vfs_expand_msdfs.c | 2 +- source/modules/vfs_fake_perms.c | 8 ++-- source/modules/vfs_full_audit.c | 2 +- source/modules/vfs_recycle.c | 2 +- source/rpc_server/srv_pipe.c | 11 +++-- source/smbd/connection.c | 4 +- source/smbd/fake_file.c | 2 +- source/smbd/file_access.c | 8 ++-- source/smbd/lanman.c | 12 +++--- source/smbd/nttrans.c | 17 ++++---- source/smbd/open.c | 7 ++- source/smbd/password.c | 6 +- source/smbd/reply.c | 80 +++++++++++++++++++++++++----------- source/smbd/sec_ctx.c | 2 +- source/smbd/service.c | 12 +++--- source/smbd/session.c | 4 +- source/smbd/trans2.c | 56 ++++++++++++++----------- source/smbd/uid.c | 27 ++++++------ 25 files changed, 185 insertions(+), 155 deletions(-) Changeset truncated at 500 lines: diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c index 790b2f0..f3fccb0 100644 --- a/source/auth/auth_util.c +++ b/source/auth/auth_util.c @@ -480,8 +480,8 @@ static auth_serversupplied_info *make_server_info(TALLOC_CTX *mem_ctx) which may save us from giving away root access if there is a bug in allocating these fields. */ - result->uid = -1; - result->gid = -1; + result->utok.uid = -1; + result->utok.gid = -1; return result; } @@ -526,8 +526,8 @@ NTSTATUS make_server_info_sam(auth_serversupplied_info **server_info, result->unix_name = pwd->pw_name; /* Ensure that we keep pwd->pw_name, because we will free pwd below */ talloc_steal(result, pwd->pw_name); - result->gid = pwd->pw_gid; - result->uid = pwd->pw_uid; + result->utok.gid = pwd->pw_gid; + result->utok.uid = pwd->pw_uid; TALLOC_FREE(pwd); @@ -653,8 +653,8 @@ NTSTATUS create_local_token(auth_serversupplied_info *server_info) status = create_token_from_username(server_info, server_info->unix_name, server_info->guest, - &server_info->uid, - &server_info->gid, + &server_info->utok.uid, + &server_info->utok.gid, &server_info->unix_name, &server_info->ptok); @@ -675,8 +675,8 @@ NTSTATUS create_local_token(auth_serversupplied_info *server_info) /* Convert the SIDs to gids. */ - server_info->n_groups = 0; - server_info->groups = NULL; + server_info->utok.ngroups = 0; + server_info->utok.groups = NULL; /* Start at index 1, where the groups start. */ @@ -689,8 +689,9 @@ NTSTATUS create_local_token(auth_serversupplied_info *server_info) "ignoring it\n", sid_string_dbg(sid))); continue; } - add_gid_to_array_unique(server_info, gid, &server_info->groups, - &server_info->n_groups); + add_gid_to_array_unique(server_info, gid, + &server_info->utok.groups, + &server_info->utok.ngroups); } debug_nt_user_token(DBGC_AUTH, 10, server_info->ptok); @@ -1043,8 +1044,8 @@ NTSTATUS make_server_info_pw(auth_serversupplied_info **server_info, return NT_STATUS_NO_MEMORY; } - result->uid = pwd->pw_uid; - result->gid = pwd->pw_gid; + result->utok.uid = pwd->pw_uid; + result->utok.gid = pwd->pw_gid; status = pdb_enum_group_memberships(result, sampass, &result->sids, &gids, @@ -1228,14 +1229,15 @@ struct auth_serversupplied_info *copy_serverinfo(TALLOC_CTX *mem_ctx, } dst->guest = src->guest; - dst->uid = src->uid; - dst->gid = src->gid; - dst->n_groups = src->n_groups; - if (src->n_groups != 0) { - dst->groups = (gid_t *)TALLOC_MEMDUP( - dst, src->groups, sizeof(gid_t)*dst->n_groups); + dst->utok.uid = src->utok.uid; + dst->utok.gid = src->utok.gid; + dst->utok.ngroups = src->utok.ngroups; + if (src->utok.ngroups != 0) { + dst->utok.groups = (gid_t *)TALLOC_MEMDUP( + dst, src->utok.groups, + sizeof(gid_t)*dst->utok.ngroups); } else { - dst->groups = NULL; + dst->utok.groups = NULL; } if (src->ptok) { @@ -1660,8 +1662,8 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, /* Fill in the unix info we found on the way */ - result->uid = uid; - result->gid = gid; + result->utok.uid = uid; + result->utok.gid = gid; /* Create a 'combined' list of all SIDs we might want in the SD */ @@ -1906,8 +1908,8 @@ NTSTATUS make_server_info_wbcAuthUserInfo(TALLOC_CTX *mem_ctx, /* Fill in the unix info we found on the way */ - result->uid = uid; - result->gid = gid; + result->utok.uid = uid; + result->utok.gid = gid; /* Create a 'combined' list of all SIDs we might want in the SD */ diff --git a/source/include/auth.h b/source/include/auth.h index 56b8144..adcd6e9 100644 --- a/source/include/auth.h +++ b/source/include/auth.h @@ -47,13 +47,8 @@ typedef struct auth_serversupplied_info { check_ntlm_password and the token creation. */ size_t num_sids; - uid_t uid; - gid_t gid; - - /* This groups info is needed for when we become_user() for this uid */ - size_t n_groups; - gid_t *groups; - + struct unix_user_token utok; + /* NT group information taken from the info3 structure */ NT_USER_TOKEN *ptok; diff --git a/source/include/ntquotas.h b/source/include/ntquotas.h index 5b92b66..ed503b3 100644 --- a/source/include/ntquotas.h +++ b/source/include/ntquotas.h @@ -88,9 +88,4 @@ typedef struct _SMB_NTQUOTA_HANDLE { SMB_NTQUOTA_LIST *tmp_list; } SMB_NTQUOTA_HANDLE; -#define CHECK_NTQUOTA_HANDLE_OK(fsp,conn) (FNUM_OK(fsp,conn) &&\ - (fsp)->fake_file_handle &&\ - ((fsp)->fake_file_handle->type == FAKE_FILE_TYPE_QUOTA) &&\ - (fsp)->fake_file_handle->private_data) - #endif /*_NTQUOTAS_H */ diff --git a/source/include/proto.h b/source/include/proto.h index 70eaf32..3064267 100644 --- a/source/include/proto.h +++ b/source/include/proto.h @@ -10089,11 +10089,13 @@ size_t srvstr_get_path(TALLOC_CTX *ctx, int flags, NTSTATUS *err); bool check_fsp_open(connection_struct *conn, struct smb_request *req, - files_struct *fsp, struct current_user *user); + files_struct *fsp); bool check_fsp(connection_struct *conn, struct smb_request *req, - files_struct *fsp, struct current_user *user); + files_struct *fsp); +bool check_fsp_ntquota_handle(connection_struct *conn, struct smb_request *req, + files_struct *fsp); bool fsp_belongs_conn(connection_struct *conn, struct smb_request *req, - files_struct *fsp, struct current_user *user); + files_struct *fsp); void reply_special(char *inbuf); void reply_tcon(struct smb_request *req); void reply_tcon_and_X(struct smb_request *req); diff --git a/source/include/smb.h b/source/include/smb.h index 76cc389..7ae66f1 100644 --- a/source/include/smb.h +++ b/source/include/smb.h @@ -378,10 +378,10 @@ typedef struct nt_user_token { SE_PRIV privileges; } NT_USER_TOKEN; -typedef struct _unix_token { +typedef struct unix_user_token { uid_t uid; gid_t gid; - int ngroups; + size_t ngroups; gid_t *groups; } UNIX_USER_TOKEN; diff --git a/source/include/smb_macros.h b/source/include/smb_macros.h index 0e21431..20e2a9a 100644 --- a/source/include/smb_macros.h +++ b/source/include/smb_macros.h @@ -75,8 +75,6 @@ return ERROR_NT(NT_STATUS_INVALID_HANDLE); \ } while(0) -#define FNUM_OK(fsp,c) ((fsp) && !(fsp)->is_directory && (c)==(fsp)->conn && current_user.vuid==(fsp)->vuid) - /* you must add the following extern declaration to files using this macro * (do not add it to the macro as that causes nested extern declaration warnings) * extern struct current_user current_user; diff --git a/source/lib/substitute.c b/source/lib/substitute.c index 926bb82..c0162fc 100644 --- a/source/lib/substitute.c +++ b/source/lib/substitute.c @@ -910,7 +910,7 @@ char *standard_sub_conn(TALLOC_CTX *ctx, connection_struct *conn, const char *st lp_servicename(SNUM(conn)), conn->server_info->unix_name, conn->connectpath, - conn->server_info->gid, + conn->server_info->utok.gid, get_smb_user_name(), "", str); diff --git a/source/modules/vfs_expand_msdfs.c b/source/modules/vfs_expand_msdfs.c index 3654ae4..0d09d21 100644 --- a/source/modules/vfs_expand_msdfs.c +++ b/source/modules/vfs_expand_msdfs.c @@ -145,7 +145,7 @@ static char *expand_msdfs_target(TALLOC_CTX *ctx, lp_servicename(SNUM(conn)), conn->server_info->unix_name, conn->connectpath, - conn->server_info->gid, + conn->server_info->utok.gid, conn->server_info->sanitized_username, pdb_get_domain(conn->server_info->sam_account), targethost); diff --git a/source/modules/vfs_fake_perms.c b/source/modules/vfs_fake_perms.c index ef0a2c3..2989322 100644 --- a/source/modules/vfs_fake_perms.c +++ b/source/modules/vfs_fake_perms.c @@ -37,8 +37,8 @@ static int fake_perms_stat(vfs_handle_struct *handle, const char *fname, SMB_STR } else { sbuf->st_mode = S_IRWXU; } - sbuf->st_uid = handle->conn->server_info->uid; - sbuf->st_gid = handle->conn->server_info->gid; + sbuf->st_uid = handle->conn->server_info->utok.uid; + sbuf->st_gid = handle->conn->server_info->utok.gid; } return ret; @@ -55,8 +55,8 @@ static int fake_perms_fstat(vfs_handle_struct *handle, files_struct *fsp, SMB_ST } else { sbuf->st_mode = S_IRWXU; } - sbuf->st_uid = handle->conn->server_info->uid; - sbuf->st_gid = handle->conn->server_info->gid; + sbuf->st_uid = handle->conn->server_info->utok.uid; + sbuf->st_gid = handle->conn->server_info->utok.gid; } return ret; } diff --git a/source/modules/vfs_full_audit.c b/source/modules/vfs_full_audit.c index 3005de3..3cefbcd 100644 --- a/source/modules/vfs_full_audit.c +++ b/source/modules/vfs_full_audit.c @@ -703,7 +703,7 @@ static char *audit_prefix(TALLOC_CTX *ctx, connection_struct *conn) lp_servicename(SNUM(conn)), conn->server_info->unix_name, conn->connectpath, - conn->server_info->gid, + conn->server_info->utok.gid, conn->server_info->sanitized_username, pdb_get_domain(conn->server_info->sam_account), prefix); diff --git a/source/modules/vfs_recycle.c b/source/modules/vfs_recycle.c index 207f04b..acc1936 100644 --- a/source/modules/vfs_recycle.c +++ b/source/modules/vfs_recycle.c @@ -432,7 +432,7 @@ static int recycle_unlink(vfs_handle_struct *handle, const char *file_name) repository = talloc_sub_advanced(NULL, lp_servicename(SNUM(conn)), conn->server_info->unix_name, conn->connectpath, - conn->server_info->gid, + conn->server_info->utok.gid, conn->server_info->sanitized_username, pdb_get_domain(conn->server_info->sam_account), recycle_repository(handle)); diff --git a/source/rpc_server/srv_pipe.c b/source/rpc_server/srv_pipe.c index 52e4fdf..dcc4cd4 100644 --- a/source/rpc_server/srv_pipe.c +++ b/source/rpc_server/srv_pipe.c @@ -660,8 +660,8 @@ static bool pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob) * Store the UNIX credential data (uid/gid pair) in the pipe structure. */ - p->pipe_user.ut.uid = a->server_info->uid; - p->pipe_user.ut.gid = a->server_info->gid; + p->pipe_user.ut.uid = a->server_info->utok.uid; + p->pipe_user.ut.gid = a->server_info->utok.gid; /* * We're an authenticated bind over smbd, so the session key needs to @@ -675,10 +675,11 @@ static bool pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob) return False; } - p->pipe_user.ut.ngroups = a->server_info->n_groups; + p->pipe_user.ut.ngroups = a->server_info->utok.ngroups; if (p->pipe_user.ut.ngroups) { - if (!(p->pipe_user.ut.groups = (gid_t *)memdup(a->server_info->groups, - sizeof(gid_t) * p->pipe_user.ut.ngroups))) { + if (!(p->pipe_user.ut.groups = (gid_t *)memdup( + a->server_info->utok.groups, + sizeof(gid_t) * p->pipe_user.ut.ngroups))) { DEBUG(0,("failed to memdup group list to p->pipe_user.groups\n")); return False; } diff --git a/source/smbd/connection.c b/source/smbd/connection.c index 97f3697..8dd5964 100644 --- a/source/smbd/connection.c +++ b/source/smbd/connection.c @@ -152,8 +152,8 @@ bool claim_connection(connection_struct *conn, const char *name, crec.pid = procid_self(); crec.cnum = conn?conn->cnum:-1; if (conn) { - crec.uid = conn->server_info->uid; - crec.gid = conn->server_info->gid; + crec.uid = conn->server_info->utok.uid; + crec.gid = conn->server_info->utok.gid; strlcpy(crec.servicename, lp_servicename(SNUM(conn)), sizeof(crec.servicename)); } diff --git a/source/smbd/fake_file.c b/source/smbd/fake_file.c index 47982d4..8dd9abe 100644 --- a/source/smbd/fake_file.c +++ b/source/smbd/fake_file.c @@ -109,7 +109,7 @@ NTSTATUS open_fake_file(connection_struct *conn, NTSTATUS status; /* access check */ - if (conn->server_info->uid != 0) { + if (conn->server_info->utok.uid != 0) { DEBUG(3, ("open_fake_file_shared: access_denied to " "service[%s] file[%s] user[%s]\n", lp_servicename(SNUM(conn)), fname, diff --git a/source/smbd/file_access.c b/source/smbd/file_access.c index e61a8c3..84c993d 100644 --- a/source/smbd/file_access.c +++ b/source/smbd/file_access.c @@ -82,7 +82,7 @@ bool can_delete_file_in_directory(connection_struct *conn, const char *fname) if (!S_ISDIR(sbuf.st_mode)) { return False; } - if (conn->server_info->uid == 0 || conn->admin_user) { + if (conn->server_info->utok.uid == 0 || conn->admin_user) { /* I'm sorry sir, I didn't know you were root... */ return True; } @@ -104,7 +104,7 @@ bool can_delete_file_in_directory(connection_struct *conn, const char *fname) * for bug #3348. Don't assume owning sticky bit * directory means write access allowed. */ - if (conn->server_info->uid != sbuf_file.st_uid) { + if (conn->server_info->utok.uid != sbuf_file.st_uid) { return False; } } @@ -147,7 +147,7 @@ bool can_access_file_data(connection_struct *conn, const char *fname, SMB_STRUCT DEBUG(10,("can_access_file_data: requesting 0x%x on file %s\n", (unsigned int)access_mask, fname )); - if (conn->server_info->uid == 0 || conn->admin_user) { + if (conn->server_info->utok.uid == 0 || conn->admin_user) { /* I'm sorry sir, I didn't know you were root... */ return True; } @@ -160,7 +160,7 @@ bool can_access_file_data(connection_struct *conn, const char *fname, SMB_STRUCT } /* Check primary owner access. */ - if (conn->server_info->uid == psbuf->st_uid) { + if (conn->server_info->utok.uid == psbuf->st_uid) { switch (access_mask) { case FILE_READ_DATA: return (psbuf->st_mode & S_IRUSR) ? True : False; diff --git a/source/smbd/lanman.c b/source/smbd/lanman.c index 31d4a39..226e0d5 100644 --- a/source/smbd/lanman.c +++ b/source/smbd/lanman.c @@ -102,7 +102,7 @@ static int CopyExpanded(connection_struct *conn, lp_servicename(SNUM(conn)), conn->server_info->unix_name, conn->connectpath, - conn->server_info->gid, + conn->server_info->utok.gid, conn->server_info->sanitized_username, pdb_get_domain(conn->server_info->sam_account), buf); @@ -153,7 +153,7 @@ static int StrlenExpanded(connection_struct *conn, int snum, char *s) lp_servicename(SNUM(conn)), conn->server_info->unix_name, conn->connectpath, - conn->server_info->gid, + conn->server_info->utok.gid, conn->server_info->sanitized_username, pdb_get_domain(conn->server_info->sam_account), buf); @@ -183,7 +183,7 @@ static char *Expand(connection_struct *conn, int snum, char *s) lp_servicename(SNUM(conn)), conn->server_info->unix_name, conn->connectpath, - conn->server_info->gid, + conn->server_info->utok.gid, conn->server_info->sanitized_username, pdb_get_domain(conn->server_info->sam_account), buf); @@ -3009,7 +3009,7 @@ static bool api_RNetServerGetInfo(connection_struct *conn,uint16 vuid, lp_servicename(SNUM(conn)), conn->server_info->unix_name, conn->connectpath, - conn->server_info->gid, + conn->server_info->utok.gid, conn->server_info->sanitized_username, pdb_get_domain(conn->server_info->sam_account), comment); @@ -3346,7 +3346,7 @@ static bool api_RNetUserGetInfo(connection_struct *conn, uint16 vuid, user_struct *vuser = get_valid_user_struct(vuid); if(vuser != NULL) { DEBUG(3,(" Username of UID %d is %s\n", - (int)vuser->server_info->uid, + (int)vuser->server_info->utok.uid, vuser->server_info->unix_name)); } @@ -3602,7 +3602,7 @@ static bool api_WWkstaUserLogon(connection_struct *conn,uint16 vuid, if(vuser != NULL) { DEBUG(3,(" Username of UID %d is %s\n", - (int)vuser->server_info->uid, + (int)vuser->server_info->utok.uid, vuser->server_info->unix_name)); } diff --git a/source/smbd/nttrans.c b/source/smbd/nttrans.c index cbe1299..12f4da6 100644 --- a/source/smbd/nttrans.c +++ b/source/smbd/nttrans.c @@ -22,7 +22,6 @@ extern int max_send; extern enum protocol_types Protocol; -extern struct current_user current_user; static const char *known_nt_pipes[] = { "\\LANMAN", @@ -1520,7 +1519,7 @@ static void call_nt_transact_rename(connection_struct *conn, } fsp = file_fsp(SVAL(params, 0)); - if (!check_fsp(conn, req, fsp, ¤t_user)) { + if (!check_fsp(conn, req, fsp)) { return; } srvstr_get_path_wcard(ctx, params, req->flags2, &new_name, params+4, @@ -1773,7 +1772,7 @@ static void call_nt_transact_ioctl(connection_struct *conn, DEBUG(10,("FSCTL_CREATE_OR_GET_OBJECT_ID: called on FID[0x%04X]\n",fidnum)); - if (!fsp_belongs_conn(conn, req, fsp, ¤t_user)) { + if (!fsp_belongs_conn(conn, req, fsp)) { return; } @@ -1828,7 +1827,7 @@ static void call_nt_transact_ioctl(connection_struct *conn, uint32 i; char *cur_pdata; - if (!fsp_belongs_conn(conn, req, fsp, ¤t_user)) { + if (!fsp_belongs_conn(conn, req, fsp)) { return; } @@ -1951,7 +1950,7 @@ static void call_nt_transact_ioctl(connection_struct *conn, DEBUG(10,("FSCTL_FIND_FILES_BY_SID: called on FID[0x%04X]\n",fidnum)); - if (!fsp_belongs_conn(conn, req, fsp, ¤t_user)) { + if (!fsp_belongs_conn(conn, req, fsp)) { return; } @@ -2036,7 +2035,7 @@ static void call_nt_transact_get_user_quota(connection_struct *conn, ZERO_STRUCT(qt); /* access check */ - if (current_user.ut.uid != 0) { + if (conn->server_info->utok.uid != 0) { DEBUG(1,("get_user_quota: access_denied service [%s] user " "[%s]\n", lp_servicename(SNUM(conn)), conn->server_info->unix_name)); @@ -2056,7 +2055,7 @@ static void call_nt_transact_get_user_quota(connection_struct *conn, /* maybe we can check the quota_fnum */ fsp = file_fsp(SVAL(params,0)); - if (!CHECK_NTQUOTA_HANDLE_OK(fsp,conn)) { + if (!check_fsp_ntquota_handle(conn, req, fsp)) { DEBUG(3,("TRANSACT_GET_USER_QUOTA: no valid QUOTA HANDLE\n")); reply_nterror(req, NT_STATUS_INVALID_HANDLE); -- Samba Shared Repository