The branch, master has been updated via a18ffe26b3b smbd: RIP user_struct via 5f85090d78c smbd: use smbXsrv_session_info_lookup() in become_user_without_service() via cdab99ba1e7 smbd: remove using vuser from smbd_smb2_tree_connect() via 1d797a839d4 smbd: don't use vuser in make_connection() via 758c42ec5dd smbd: remove unused vuser arg from make_connection_smb2() via 893aba4d65b smbd: remove unused vuser arg from make_connection_smb1() via 9ef30c75b06 smbd: use req->session instead of vuser->session in make_connection_smb1() via 8be0ca8e19b smbd: remove use of user_struct from reply_ulogoffX() via 4b89100dc8d smbd: use smbXsrv_session_local_traverse() in id_in_use() via 18b43aeb574 smbd: add smbXsrv_session_local_traverse() via d2b5f85d221 smbd: remove enum server_allocated_state magic from get_valid_user_struct() via c3d22018679 smbd: use get_valid_smbXsrv_session() in invalidate_vuid() via dd9735b1da7 smbd: add get_valid_smbXsrv_session() via a22b503819c smbd: use session->global->auth_session_info in switch_message() via 54d626cc77e smbd: remove dependency on session->compat in smbXsrv_session_logoff() via 25524c8e78b smbd: use smbXsrv_session_info_lookup() in api_reply() via c3f890fb1e9 smbd: use smbXsrv_session_info_lookup() in api_WWkstaUserLogon() via 46f51912aea smbd: share level security is long gone... via 57d4689273f smbd: use smbXsrv_session_info_lookup() in change_to_user_and_service() via e80aca04278 smbd: introduce smbXsrv_session_info_lookup() via 96fd0ddd02e smbd: remove vuser arg from make_connection_snum() via c1d0a70d19e smbd: use session->global->auth_session_info in make_connection_snum() via 61fa0f99768 smbd: remove vuid from struct user_struct via bcadd7d798e smbd: use session->global->session_wire_id instead of session->compat->vuid via 5992f8fa93a smbd: pass smbXsrv_session to make_connection_snum() via 8aae1ef5c0b smbd: move homes_snum from struct user_struct to struct smbXsrv_session via aa27bceff19 smbd: add session to struct smb_request via 15ee379ef11 s3: lib: dbwrap. Cleanup. Add a couple of missing 'return NULL' statements on talloc fail. via 36ea1e188d5 s3: lib: dbwrap_ctdb: Ensure value_valid is set true if we find the record in the marshall buffer. from c6d880a1150 s3-rpcserver: fix security level check for DsRGetForestTrustInformation
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit a18ffe26b3be13e45622172c4ade258cfc8fa783 Author: Ralph Boehme <s...@samba.org> Date: Mon Jan 6 10:14:11 2020 +0100 smbd: RIP user_struct At last, the nail in the coffin. :) Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> Autobuild-User(master): Jeremy Allison <j...@samba.org> Autobuild-Date(master): Mon Jan 13 21:09:01 UTC 2020 on sn-devel-184 commit 5f85090d78c11c9c4ef58954b947a8bc71481e18 Author: Ralph Boehme <s...@samba.org> Date: Thu Jan 2 17:24:47 2020 +0100 smbd: use smbXsrv_session_info_lookup() in become_user_without_service() Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit cdab99ba1e7ef48faeacf7ec45651ce5b48dc5d4 Author: Ralph Boehme <s...@samba.org> Date: Thu Jan 2 17:21:06 2020 +0100 smbd: remove using vuser from smbd_smb2_tree_connect() Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 1d797a839d4f96da649ff13bf8c6c7ea4b52ae44 Author: Ralph Boehme <s...@samba.org> Date: Thu Jan 2 17:16:38 2020 +0100 smbd: don't use vuser in make_connection() Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 758c42ec5dd3dd8bba7b4f74741dc9b02cfb0d73 Author: Ralph Boehme <s...@samba.org> Date: Thu Jan 2 17:09:26 2020 +0100 smbd: remove unused vuser arg from make_connection_smb2() Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 893aba4d65b6f2bdcd49ba3618f882fad0d5df49 Author: Ralph Boehme <s...@samba.org> Date: Thu Jan 2 17:07:23 2020 +0100 smbd: remove unused vuser arg from make_connection_smb1() Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 9ef30c75b065876fee05103a4ad1b0d70d2d86c6 Author: Ralph Boehme <s...@samba.org> Date: Thu Jan 2 17:06:23 2020 +0100 smbd: use req->session instead of vuser->session in make_connection_smb1() Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 8be0ca8e19b861d13038769289325537c101072b Author: Ralph Boehme <s...@samba.org> Date: Thu Jan 2 16:26:03 2020 +0100 smbd: remove use of user_struct from reply_ulogoffX() Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 4b89100dc8d7620657fa1e6335d47df97188c102 Author: Ralph Boehme <s...@samba.org> Date: Thu Jan 2 14:47:51 2020 +0100 smbd: use smbXsrv_session_local_traverse() in id_in_use() Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 18b43aeb5747f0982e4296960f23986a5f536960 Author: Ralph Boehme <s...@samba.org> Date: Thu Jan 2 11:42:05 2020 +0100 smbd: add smbXsrv_session_local_traverse() Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit d2b5f85d221626ce505143c7c129c41603dcb24a Author: Ralph Boehme <s...@samba.org> Date: Mon Jan 6 10:12:32 2020 +0100 smbd: remove enum server_allocated_state magic from get_valid_user_struct() This has been obsoleted a long time ago by a129e271b5385853fb39a8e54b56b508b00a3e41. Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit c3d22018679c6aa83c4a5ae3e480532a3f5eccca Author: Ralph Boehme <s...@samba.org> Date: Mon Jan 6 08:20:14 2020 +0100 smbd: use get_valid_smbXsrv_session() in invalidate_vuid() Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit dd9735b1da73b6c27feda32230e3fc843746fd2b Author: Ralph Boehme <s...@samba.org> Date: Mon Jan 6 08:19:18 2020 +0100 smbd: add get_valid_smbXsrv_session() In memory of get_valid_user_struct() and functionally equivalent it only returns the session if session setup was successfully completed and session->global->auth_session_info is valid. This function is similar to smbXsrv_session_local_lookup() and it's wrappers, but it doesn't implement the state checks of those. get_valid_smbXsrv_session() is NOT meant to be called to validate the session wire-id of incoming SMB requests, it MUST only be used in later internal processing where the session wire-id has already been validated. Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit a22b503819ce19f8857484bb6c2ee21ce6b75a7f Author: Ralph Boehme <s...@samba.org> Date: Thu Jan 2 08:07:31 2020 +0100 smbd: use session->global->auth_session_info in switch_message() Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 54d626cc77e33c47912489d234df667d3d394f75 Author: Ralph Boehme <s...@samba.org> Date: Wed Jan 1 18:38:59 2020 +0100 smbd: remove dependency on session->compat in smbXsrv_session_logoff() This is not needed anymore because a previous commit changes this to use session->global->session_wire_id insteaf of session->compat->vuid, so we're not depending on session->compat anymore. Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 25524c8e78b0a927bcea5851d7282af0f0a0654e Author: Ralph Boehme <s...@samba.org> Date: Wed Jan 1 15:20:05 2020 +0100 smbd: use smbXsrv_session_info_lookup() in api_reply() Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit c3f890fb1e982603c7f24033fc1e5d73535fbbb8 Author: Ralph Boehme <s...@samba.org> Date: Wed Jan 1 12:15:29 2020 +0100 smbd: use smbXsrv_session_info_lookup() in api_WWkstaUserLogon() Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 46f51912aea157433537af27097a0127c7626085 Author: Ralph Boehme <s...@samba.org> Date: Wed Jan 1 09:47:38 2020 +0100 smbd: share level security is long gone... vuid will always be valid as will be vuser. Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 57d4689273f01bb458c33ff6577e1ac3f179ece9 Author: Ralph Boehme <s...@samba.org> Date: Wed Jan 1 01:06:45 2020 +0100 smbd: use smbXsrv_session_info_lookup() in change_to_user_and_service() Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit e80aca04278e6bfd35744ca852549669cee8a8e2 Author: Ralph Boehme <s...@samba.org> Date: Wed Jan 1 01:06:24 2020 +0100 smbd: introduce smbXsrv_session_info_lookup() Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 96fd0ddd02eae05024102b5ed8dc7fb158ed1785 Author: Ralph Boehme <s...@samba.org> Date: Mon Dec 30 10:28:25 2019 +0100 smbd: remove vuser arg from make_connection_snum() Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit c1d0a70d19ec03f8a1fd770e53db7a921af1282d Author: Ralph Boehme <s...@samba.org> Date: Mon Dec 30 10:26:26 2019 +0100 smbd: use session->global->auth_session_info in make_connection_snum() Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 61fa0f99768bf3519cafd2c49d0b774bc4c22841 Author: Ralph Boehme <s...@samba.org> Date: Sun Dec 29 14:33:00 2019 +0100 smbd: remove vuid from struct user_struct The previous commit removed all users of struct user_struct.vuid. Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit bcadd7d798e0cc9bb58835ecac1799dfea8a4cb8 Author: Ralph Boehme <s...@samba.org> Date: Sun Dec 29 14:33:00 2019 +0100 smbd: use session->global->session_wire_id instead of session->compat->vuid session->compat->vuid is set to session->global->session_wire_id after a successful session setup, so both variables will always carry the same value. Cf the next commit which removes vuid from user_struct. Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 5992f8fa93adfcd6fc9e5c0632fc36f02ce271ca Author: Ralph Boehme <s...@samba.org> Date: Sun Dec 29 14:34:42 2019 +0100 smbd: pass smbXsrv_session to make_connection_snum() Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 8aae1ef5c0b9c50f892e01316fdac5dc6504ecbb Author: Ralph Boehme <s...@samba.org> Date: Sun Dec 29 08:31:45 2019 +0100 smbd: move homes_snum from struct user_struct to struct smbXsrv_session No change in behaviour. A first step in removing user_struct. Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit aa27bceff194bf1d6665bcb66dd3ba750a59b598 Author: Ralph Boehme <s...@samba.org> Date: Sun Dec 29 08:30:22 2019 +0100 smbd: add session to struct smb_request Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 15ee379ef11d86670aeea7fa4b8bf740dd259593 Author: Jeremy Allison <j...@samba.org> Date: Fri Jan 10 15:55:29 2020 -0800 s3: lib: dbwrap. Cleanup. Add a couple of missing 'return NULL' statements on talloc fail. Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> commit 36ea1e188d5ea8d40c47ffc466a494c1160e471c Author: Jeremy Allison <j...@samba.org> Date: Fri Jan 10 15:52:31 2020 -0800 s3: lib: dbwrap_ctdb: Ensure value_valid is set true if we find the record in the marshall buffer. Found by "Christopher O Cowan - christopher.o.co...@ibm.com" <christopher.o.co...@ibm.com> Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> ----------------------------------------------------------------------- Summary of changes: source3/include/vfs.h | 7 ++ source3/lib/dbwrap/dbwrap_ctdb.c | 3 + source3/librpc/idl/smbXsrv.idl | 2 +- source3/smbd/files.c | 6 +- source3/smbd/globals.h | 24 +++-- source3/smbd/lanman.c | 37 +++++--- source3/smbd/password.c | 67 +------------- source3/smbd/process.c | 145 +++++++++++++++++------------ source3/smbd/proto.h | 3 - source3/smbd/reply.c | 14 ++- source3/smbd/service.c | 40 ++++---- source3/smbd/sesssetup.c | 46 ++-------- source3/smbd/smb2_glue.c | 3 +- source3/smbd/smb2_server.c | 5 +- source3/smbd/smb2_sesssetup.c | 27 ++---- source3/smbd/smb2_setinfo.c | 5 +- source3/smbd/smb2_tcon.c | 19 ++-- source3/smbd/smbXsrv_session.c | 192 ++++++++++++++++++++++++++++++++++++--- source3/smbd/smbXsrv_tcon.c | 8 +- source3/smbd/uid.c | 23 +++-- 20 files changed, 391 insertions(+), 285 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/vfs.h b/source3/include/vfs.h index a836903a832..656fad8b5ee 100644 --- a/source3/include/vfs.h +++ b/source3/include/vfs.h @@ -580,6 +580,13 @@ struct smb_request { connection_struct *conn; struct smbd_server_connection *sconn; struct smbXsrv_connection *xconn; + + /* + * Pointer to session, can be NULL, + * eg during negprot and session setup. + */ + struct smbXsrv_session *session; + struct smb_perfcount_data pcd; /* diff --git a/source3/lib/dbwrap/dbwrap_ctdb.c b/source3/lib/dbwrap/dbwrap_ctdb.c index ef667261359..3cbed6322b3 100644 --- a/source3/lib/dbwrap/dbwrap_ctdb.c +++ b/source3/lib/dbwrap/dbwrap_ctdb.c @@ -534,6 +534,7 @@ static struct db_record *db_ctdb_fetch_locked_transaction(struct db_ctdb_ctx *ct } if (pull_newest_from_marshall_buffer(ctx->transaction->m_write, key, NULL, result, &result->value)) { + result->value_valid = true; return result; } @@ -553,6 +554,7 @@ static struct db_record *db_ctdb_fetch_locked_transaction(struct db_ctdb_ctx *ct result->value.dsize))) { DEBUG(0, ("talloc failed\n")); TALLOC_FREE(result); + return NULL; } result->value_valid = true; @@ -1245,6 +1247,7 @@ again: if (result->value.dptr == NULL) { DBG_ERR("talloc failed\n"); TALLOC_FREE(result); + return NULL; } } result->value_valid = true; diff --git a/source3/librpc/idl/smbXsrv.idl b/source3/librpc/idl/smbXsrv.idl index b8f3dc679ea..c6ce9c48789 100644 --- a/source3/librpc/idl/smbXsrv.idl +++ b/source3/librpc/idl/smbXsrv.idl @@ -290,8 +290,8 @@ interface smbXsrv hyper nonce_high_max; hyper nonce_high; hyper nonce_low; - [ignore] user_struct *compat; [ignore] smbXsrv_tcon_table *tcon_table; + [ignore] uint32 homes_snum; smbXsrv_session_auth0 *pending_auth; } smbXsrv_session; diff --git a/source3/smbd/files.c b/source3/smbd/files.c index 97947753170..99b2f343685 100644 --- a/source3/smbd/files.c +++ b/source3/smbd/files.c @@ -661,11 +661,7 @@ struct files_struct *file_fsp_get(struct smbd_smb2_request *smb2req, return NULL; } - if (smb2req->session->compat == NULL) { - return NULL; - } - - if (smb2req->session->compat->vuid != fsp->vuid) { + if (smb2req->session->global->session_wire_id != fsp->vuid) { return NULL; } diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h index ee4116c76ba..7b26d04ed0f 100644 --- a/source3/smbd/globals.h +++ b/source3/smbd/globals.h @@ -573,6 +573,9 @@ NTSTATUS smb1srv_session_table_init(struct smbXsrv_connection *conn); NTSTATUS smb1srv_session_lookup(struct smbXsrv_connection *conn, uint16_t vuid, NTTIME now, struct smbXsrv_session **session); +NTSTATUS smbXsrv_session_info_lookup(struct smbXsrv_client *client, + uint64_t session_wire_id, + struct auth_session_info **si); NTSTATUS smb2srv_session_table_init(struct smbXsrv_connection *conn); NTSTATUS smb2srv_session_lookup_conn(struct smbXsrv_connection *conn, uint64_t session_id, NTTIME now, @@ -580,6 +583,14 @@ NTSTATUS smb2srv_session_lookup_conn(struct smbXsrv_connection *conn, NTSTATUS smb2srv_session_lookup_client(struct smbXsrv_client *client, uint64_t session_id, NTTIME now, struct smbXsrv_session **session); +NTSTATUS get_valid_smbXsrv_session(struct smbXsrv_client *client, + uint64_t session_wire_id, + struct smbXsrv_session **session); +NTSTATUS smbXsrv_session_local_traverse( + struct smbXsrv_client *client, + int (*caller_cb)(struct smbXsrv_session *session, + void *caller_data), + void *caller_data); struct smbXsrv_session_global0; NTSTATUS smbXsrv_session_global_traverse( int (*fn)(struct smbXsrv_session_global0 *, void *), @@ -829,22 +840,10 @@ struct smbd_smb2_request { }; struct smbd_server_connection; -struct user_struct; struct pending_message_list; struct pending_auth_data; -struct user_struct { - struct user_struct *next, *prev; - uint64_t vuid; /* Tag for this entry. */ - - int homes_snum; - - struct auth_session_info *session_info; - - struct smbXsrv_session *session; -}; - struct pthreadpool_tevent; struct smbd_server_connection { @@ -858,7 +857,6 @@ struct smbd_server_connection { int trans_num; size_t num_users; - struct user_struct *users; size_t num_connections; struct connection_struct *connections; diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c index 9babb65f33f..abbec164217 100644 --- a/source3/smbd/lanman.c +++ b/source3/smbd/lanman.c @@ -4415,19 +4415,23 @@ static bool api_WWkstaUserLogon(struct smbd_server_connection *sconn, int uLevel; struct pack_desc desc; char* name; - /* With share level security vuid will always be zero. - Don't depend on vuser being non-null !!. JRA */ - struct user_struct *vuser = get_valid_user_struct(sconn, vuid); + struct auth_session_info *si = NULL; + NTSTATUS status; + + status = smbXsrv_session_info_lookup(conn->sconn->client, + vuid, + &si); + if (!NT_STATUS_IS_OK(status)) { + return false; + } if (!str1 || !str2 || !p) { return False; } - if(vuser != NULL) { - DEBUG(3,(" Username of UID %d is %s\n", - (int)vuser->session_info->unix_token->uid, - vuser->session_info->unix_info->unix_name)); - } + DBG_INFO("Username of UID %ju is %s\n", + (uintmax_t)si->unix_token->uid, + si->unix_info->unix_name); uLevel = get_safe_SVAL(param,tpscnt,p,0,-1); name = get_safe_str_ptr(param,tpscnt,p,2); @@ -4487,9 +4491,7 @@ static bool api_WWkstaUserLogon(struct smbd_server_connection *sconn, } PACKS(&desc,"z",lp_workgroup());/* domain */ - PACKS(&desc,"z", vuser ? - vuser->session_info->info->logon_script - : ""); /* script path */ + PACKS(&desc,"z", si->info->logon_script); /* script path */ PACKI(&desc,"D",0x00000000); /* reserved */ } @@ -5790,9 +5792,18 @@ void api_reply(connection_struct *conn, uint64_t vuid, /* Check whether this api call can be done anonymously */ if (api_commands[i].auth_user && lp_restrict_anonymous()) { - struct user_struct *user = get_valid_user_struct(req->sconn, vuid); + struct auth_session_info *si = NULL; + NTSTATUS status; + + status = smbXsrv_session_info_lookup(conn->sconn->client, + vuid, + &si); + if (!NT_STATUS_IS_OK(status)) { + reply_nterror(req, NT_STATUS_ACCESS_DENIED); + return; + } - if (!user || security_session_user_level(user->session_info, NULL) < SECURITY_USER) { + if (security_session_user_level(si, NULL) < SECURITY_USER) { reply_nterror(req, NT_STATUS_ACCESS_DENIED); return; } diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 284a4aba778..9709a51a109 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -26,85 +26,28 @@ #include "auth.h" #include "../libcli/security/security.h" -enum server_allocated_state { SERVER_ALLOCATED_REQUIRED_YES, - SERVER_ALLOCATED_REQUIRED_NO, - SERVER_ALLOCATED_REQUIRED_ANY}; - -static struct user_struct *get_valid_user_struct_internal( - struct smbd_server_connection *sconn, - uint64_t vuid, - enum server_allocated_state server_allocated) -{ - struct user_struct *usp; - int count=0; - - if (vuid == UID_FIELD_INVALID) - return NULL; - - usp=sconn->users; - for (;usp;usp=usp->next,count++) { - if (vuid == usp->vuid) { - switch (server_allocated) { - case SERVER_ALLOCATED_REQUIRED_YES: - if (usp->session_info == NULL) { - continue; - } - break; - case SERVER_ALLOCATED_REQUIRED_NO: - if (usp->session_info != NULL) { - continue; - } - case SERVER_ALLOCATED_REQUIRED_ANY: - break; - } - if (count > 10) { - DLIST_PROMOTE(sconn->users, usp); - } - return usp; - } - } - - return NULL; -} - -/**************************************************************************** - Check if a uid has been validated, and return an pointer to the user_struct - if it has. NULL if not. vuid is biased by an offset. This allows us to - tell random client vuid's (normally zero) from valid vuids. -****************************************************************************/ - -struct user_struct *get_valid_user_struct(struct smbd_server_connection *sconn, - uint64_t vuid) -{ - return get_valid_user_struct_internal(sconn, vuid, - SERVER_ALLOCATED_REQUIRED_YES); -} - /**************************************************************************** Invalidate a uid. ****************************************************************************/ void invalidate_vuid(struct smbd_server_connection *sconn, uint64_t vuid) { - struct user_struct *vuser = NULL; + struct smbXsrv_session *session = NULL; + NTSTATUS status; - vuser = get_valid_user_struct_internal(sconn, vuid, - SERVER_ALLOCATED_REQUIRED_ANY); - if (vuser == NULL) { + status = get_valid_smbXsrv_session(sconn->client, vuid, &session); + if (!NT_STATUS_IS_OK(status)) { return; } - session_yield(vuser->session); + session_yield(session); - DLIST_REMOVE(sconn->users, vuser); SMB_ASSERT(sconn->num_users > 0); sconn->num_users--; /* clear the vuid from the 'cache' on each connection, and from the vuid 'owner' of connections */ conn_clear_vuid_caches(sconn, vuid); - - TALLOC_FREE(vuser); } int register_homes_share(const char *username) diff --git a/source3/smbd/process.c b/source3/smbd/process.c index e1211ad16a4..f6eeafc88cf 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -1587,9 +1587,10 @@ static connection_struct *switch_message(uint8_t type, struct smb_request *req) } } - if (session != NULL && !(flags & AS_USER)) { - struct user_struct *vuser = session->compat; - + if (session != NULL && + session->global->auth_session_info != NULL && + !(flags & AS_USER)) + { /* * change_to_user() implies set_current_user_info() * and chdir_connect_service(). @@ -1597,12 +1598,10 @@ static connection_struct *switch_message(uint8_t type, struct smb_request *req) * So we only call set_current_user_info if * we don't have AS_USER specified. */ - if (vuser) { - set_current_user_info( - vuser->session_info->unix_info->sanitized_username, - vuser->session_info->unix_info->unix_name, - vuser->session_info->info->domain_name); - } + set_current_user_info( + session->global->auth_session_info->unix_info->sanitized_username, + session->global->auth_session_info->unix_info->unix_name, + session->global->auth_session_info->info->domain_name); } /* Does this call need to be run as the connected user? */ @@ -1701,6 +1700,8 @@ static connection_struct *switch_message(uint8_t type, struct smb_request *req) bool update_session_global = false; bool update_tcon_global = false; + req->session = session; + smb1srv_update_crypto_flags(session, req, type, &update_session_global, &update_tcon_global); @@ -3471,80 +3472,106 @@ fail: return false; } -static bool uid_in_use(const struct user_struct *user, uid_t uid) +static bool uid_in_use(struct auth_session_info *session_info, + uid_t uid) { - while (user) { - if (user->session_info && - (user->session_info->unix_token->uid == uid)) { - return true; - } - user = user->next; + if (session_info->unix_token->uid == uid) { + return true; } return false; } -static bool gid_in_use(const struct user_struct *user, gid_t gid) +static bool gid_in_use(struct auth_session_info *session_info, + gid_t gid) { - while (user) { - if (user->session_info != NULL) { - int i; - struct security_unix_token *utok; - - utok = user->session_info->unix_token; - if (utok->gid == gid) { - return true; - } - for(i=0; i<utok->ngroups; i++) { - if (utok->groups[i] == gid) { - return true; - } - } + int i; + struct security_unix_token *utok = NULL; + + utok = session_info->unix_token; + if (utok->gid == gid) { + return true; + } + + for(i = 0; i < utok->ngroups; i++) { + if (utok->groups[i] == gid) { + return true; } - user = user->next; } return false; } -static bool sid_in_use(const struct user_struct *user, +static bool sid_in_use(struct auth_session_info *session_info, const struct dom_sid *psid) { - while (user) { - struct security_token *tok; + struct security_token *tok = NULL; - if (user->session_info == NULL) { - continue; - } - tok = user->session_info->security_token; - if (tok == NULL) { - /* - * Not sure session_info->security_token can - * ever be NULL. This check might be not - * necessary. - */ - continue; - } - if (security_token_has_sid(tok, psid)) { - return true; - } - user = user->next; + tok = session_info->security_token; + if (tok == NULL) { + /* + * Not sure session_info->security_token can + * ever be NULL. This check might be not + * necessary. + */ + return false; + } + if (security_token_has_sid(tok, psid)) { + return true; } return false; } -static bool id_in_use(const struct user_struct *user, - const struct id_cache_ref *id) +struct id_in_use_state { + const struct id_cache_ref *id; + bool match; +}; + +static int id_in_use_cb(struct smbXsrv_session *session, + void *private_data) { - switch(id->type) { + struct id_in_use_state *state = (struct id_in_use_state *) + private_data; + struct auth_session_info *session_info = + session->global->auth_session_info; + + switch(state->id->type) { case UID: - return uid_in_use(user, id->id.uid); + state->match = uid_in_use(session_info, state->id->id.uid); + break; case GID: - return gid_in_use(user, id->id.gid); + state->match = gid_in_use(session_info, state->id->id.gid); + break; case SID: - return sid_in_use(user, &id->id.sid); + state->match = sid_in_use(session_info, &state->id->id.sid); + break; default: + state->match = false; break; } - return false; + if (state->match) { + return -1; + } + return 0; +} + +static bool id_in_use(struct smbd_server_connection *sconn, + const struct id_cache_ref *id) +{ + struct id_in_use_state state; + NTSTATUS status; + + state = (struct id_in_use_state) { + .id = id, + .match = false, + }; + + status = smbXsrv_session_local_traverse(sconn->client, + id_in_use_cb, + &state); + if (!NT_STATUS_IS_OK(status)) { + return false; + } + + return state.match; } static void smbd_id_cache_kill(struct messaging_context *msg_ctx, -- Samba Shared Repository