The branch, master has been updated
via a18ffe26b3b smbd: RIP user_struct
via 5f85090d78c smbd: use smbXsrv_session_info_lookup() in
become_user_without_service()
via cdab99ba1e7 smbd: remove using vuser from smbd_smb2_tree_connect()
via 1d797a839d4 smbd: don't use vuser in make_connection()
via 758c42ec5dd smbd: remove unused vuser arg from
make_connection_smb2()
via 893aba4d65b smbd: remove unused vuser arg from
make_connection_smb1()
via 9ef30c75b06 smbd: use req->session instead of vuser->session in
make_connection_smb1()
via 8be0ca8e19b smbd: remove use of user_struct from reply_ulogoffX()
via 4b89100dc8d smbd: use smbXsrv_session_local_traverse() in
id_in_use()
via 18b43aeb574 smbd: add smbXsrv_session_local_traverse()
via d2b5f85d221 smbd: remove enum server_allocated_state magic from
get_valid_user_struct()
via c3d22018679 smbd: use get_valid_smbXsrv_session() in
invalidate_vuid()
via dd9735b1da7 smbd: add get_valid_smbXsrv_session()
via a22b503819c smbd: use session->global->auth_session_info in
switch_message()
via 54d626cc77e smbd: remove dependency on session->compat in
smbXsrv_session_logoff()
via 25524c8e78b smbd: use smbXsrv_session_info_lookup() in api_reply()
via c3f890fb1e9 smbd: use smbXsrv_session_info_lookup() in
api_WWkstaUserLogon()
via 46f51912aea smbd: share level security is long gone...
via 57d4689273f smbd: use smbXsrv_session_info_lookup() in
change_to_user_and_service()
via e80aca04278 smbd: introduce smbXsrv_session_info_lookup()
via 96fd0ddd02e smbd: remove vuser arg from make_connection_snum()
via c1d0a70d19e smbd: use session->global->auth_session_info in
make_connection_snum()
via 61fa0f99768 smbd: remove vuid from struct user_struct
via bcadd7d798e smbd: use session->global->session_wire_id instead of
session->compat->vuid
via 5992f8fa93a smbd: pass smbXsrv_session to make_connection_snum()
via 8aae1ef5c0b smbd: move homes_snum from struct user_struct to struct
smbXsrv_session
via aa27bceff19 smbd: add session to struct smb_request
via 15ee379ef11 s3: lib: dbwrap. Cleanup. Add a couple of missing
'return NULL' statements on talloc fail.
via 36ea1e188d5 s3: lib: dbwrap_ctdb: Ensure value_valid is set true if
we find the record in the marshall buffer.
from c6d880a1150 s3-rpcserver: fix security level check for
DsRGetForestTrustInformation
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit a18ffe26b3be13e45622172c4ade258cfc8fa783
Author: Ralph Boehme <s...@samba.org>
Date: Mon Jan 6 10:14:11 2020 +0100
smbd: RIP user_struct
At last, the nail in the coffin. :)
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
Autobuild-User(master): Jeremy Allison <j...@samba.org>
Autobuild-Date(master): Mon Jan 13 21:09:01 UTC 2020 on sn-devel-184
commit 5f85090d78c11c9c4ef58954b947a8bc71481e18
Author: Ralph Boehme <s...@samba.org>
Date: Thu Jan 2 17:24:47 2020 +0100
smbd: use smbXsrv_session_info_lookup() in become_user_without_service()
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit cdab99ba1e7ef48faeacf7ec45651ce5b48dc5d4
Author: Ralph Boehme <s...@samba.org>
Date: Thu Jan 2 17:21:06 2020 +0100
smbd: remove using vuser from smbd_smb2_tree_connect()
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit 1d797a839d4f96da649ff13bf8c6c7ea4b52ae44
Author: Ralph Boehme <s...@samba.org>
Date: Thu Jan 2 17:16:38 2020 +0100
smbd: don't use vuser in make_connection()
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit 758c42ec5dd3dd8bba7b4f74741dc9b02cfb0d73
Author: Ralph Boehme <s...@samba.org>
Date: Thu Jan 2 17:09:26 2020 +0100
smbd: remove unused vuser arg from make_connection_smb2()
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit 893aba4d65b6f2bdcd49ba3618f882fad0d5df49
Author: Ralph Boehme <s...@samba.org>
Date: Thu Jan 2 17:07:23 2020 +0100
smbd: remove unused vuser arg from make_connection_smb1()
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit 9ef30c75b065876fee05103a4ad1b0d70d2d86c6
Author: Ralph Boehme <s...@samba.org>
Date: Thu Jan 2 17:06:23 2020 +0100
smbd: use req->session instead of vuser->session in make_connection_smb1()
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit 8be0ca8e19b861d13038769289325537c101072b
Author: Ralph Boehme <s...@samba.org>
Date: Thu Jan 2 16:26:03 2020 +0100
smbd: remove use of user_struct from reply_ulogoffX()
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit 4b89100dc8d7620657fa1e6335d47df97188c102
Author: Ralph Boehme <s...@samba.org>
Date: Thu Jan 2 14:47:51 2020 +0100
smbd: use smbXsrv_session_local_traverse() in id_in_use()
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit 18b43aeb5747f0982e4296960f23986a5f536960
Author: Ralph Boehme <s...@samba.org>
Date: Thu Jan 2 11:42:05 2020 +0100
smbd: add smbXsrv_session_local_traverse()
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit d2b5f85d221626ce505143c7c129c41603dcb24a
Author: Ralph Boehme <s...@samba.org>
Date: Mon Jan 6 10:12:32 2020 +0100
smbd: remove enum server_allocated_state magic from get_valid_user_struct()
This has been obsoleted a long time ago by
a129e271b5385853fb39a8e54b56b508b00a3e41.
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit c3d22018679c6aa83c4a5ae3e480532a3f5eccca
Author: Ralph Boehme <s...@samba.org>
Date: Mon Jan 6 08:20:14 2020 +0100
smbd: use get_valid_smbXsrv_session() in invalidate_vuid()
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit dd9735b1da73b6c27feda32230e3fc843746fd2b
Author: Ralph Boehme <s...@samba.org>
Date: Mon Jan 6 08:19:18 2020 +0100
smbd: add get_valid_smbXsrv_session()
In memory of get_valid_user_struct() and functionally equivalent it only
returns
the session if session setup was successfully completed and
session->global->auth_session_info is valid.
This function is similar to smbXsrv_session_local_lookup() and it's
wrappers,
but it doesn't implement the state checks of those.
get_valid_smbXsrv_session()
is NOT meant to be called to validate the session wire-id of incoming SMB
requests, it MUST only be used in later internal processing where the
session
wire-id has already been validated.
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit a22b503819ce19f8857484bb6c2ee21ce6b75a7f
Author: Ralph Boehme <s...@samba.org>
Date: Thu Jan 2 08:07:31 2020 +0100
smbd: use session->global->auth_session_info in switch_message()
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit 54d626cc77e33c47912489d234df667d3d394f75
Author: Ralph Boehme <s...@samba.org>
Date: Wed Jan 1 18:38:59 2020 +0100
smbd: remove dependency on session->compat in smbXsrv_session_logoff()
This is not needed anymore because a previous commit changes this to use
session->global->session_wire_id insteaf of session->compat->vuid, so we're
not
depending on session->compat anymore.
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit 25524c8e78b0a927bcea5851d7282af0f0a0654e
Author: Ralph Boehme <s...@samba.org>
Date: Wed Jan 1 15:20:05 2020 +0100
smbd: use smbXsrv_session_info_lookup() in api_reply()
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit c3f890fb1e982603c7f24033fc1e5d73535fbbb8
Author: Ralph Boehme <s...@samba.org>
Date: Wed Jan 1 12:15:29 2020 +0100
smbd: use smbXsrv_session_info_lookup() in api_WWkstaUserLogon()
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit 46f51912aea157433537af27097a0127c7626085
Author: Ralph Boehme <s...@samba.org>
Date: Wed Jan 1 09:47:38 2020 +0100
smbd: share level security is long gone...
vuid will always be valid as will be vuser.
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit 57d4689273f01bb458c33ff6577e1ac3f179ece9
Author: Ralph Boehme <s...@samba.org>
Date: Wed Jan 1 01:06:45 2020 +0100
smbd: use smbXsrv_session_info_lookup() in change_to_user_and_service()
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit e80aca04278e6bfd35744ca852549669cee8a8e2
Author: Ralph Boehme <s...@samba.org>
Date: Wed Jan 1 01:06:24 2020 +0100
smbd: introduce smbXsrv_session_info_lookup()
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit 96fd0ddd02eae05024102b5ed8dc7fb158ed1785
Author: Ralph Boehme <s...@samba.org>
Date: Mon Dec 30 10:28:25 2019 +0100
smbd: remove vuser arg from make_connection_snum()
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit c1d0a70d19ec03f8a1fd770e53db7a921af1282d
Author: Ralph Boehme <s...@samba.org>
Date: Mon Dec 30 10:26:26 2019 +0100
smbd: use session->global->auth_session_info in make_connection_snum()
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit 61fa0f99768bf3519cafd2c49d0b774bc4c22841
Author: Ralph Boehme <s...@samba.org>
Date: Sun Dec 29 14:33:00 2019 +0100
smbd: remove vuid from struct user_struct
The previous commit removed all users of struct user_struct.vuid.
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit bcadd7d798e0cc9bb58835ecac1799dfea8a4cb8
Author: Ralph Boehme <s...@samba.org>
Date: Sun Dec 29 14:33:00 2019 +0100
smbd: use session->global->session_wire_id instead of session->compat->vuid
session->compat->vuid is set to session->global->session_wire_id after a
successful session setup, so both variables will always carry the same
value. Cf
the next commit which removes vuid from user_struct.
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit 5992f8fa93adfcd6fc9e5c0632fc36f02ce271ca
Author: Ralph Boehme <s...@samba.org>
Date: Sun Dec 29 14:34:42 2019 +0100
smbd: pass smbXsrv_session to make_connection_snum()
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit 8aae1ef5c0b9c50f892e01316fdac5dc6504ecbb
Author: Ralph Boehme <s...@samba.org>
Date: Sun Dec 29 08:31:45 2019 +0100
smbd: move homes_snum from struct user_struct to struct smbXsrv_session
No change in behaviour. A first step in removing user_struct.
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit aa27bceff194bf1d6665bcb66dd3ba750a59b598
Author: Ralph Boehme <s...@samba.org>
Date: Sun Dec 29 08:30:22 2019 +0100
smbd: add session to struct smb_request
Signed-off-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit 15ee379ef11d86670aeea7fa4b8bf740dd259593
Author: Jeremy Allison <j...@samba.org>
Date: Fri Jan 10 15:55:29 2020 -0800
s3: lib: dbwrap. Cleanup. Add a couple of missing 'return NULL' statements
on talloc fail.
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Volker Lendecke <v...@samba.org>
commit 36ea1e188d5ea8d40c47ffc466a494c1160e471c
Author: Jeremy Allison <j...@samba.org>
Date: Fri Jan 10 15:52:31 2020 -0800
s3: lib: dbwrap_ctdb: Ensure value_valid is set true if we find the record
in the marshall buffer.
Found by "Christopher O Cowan - christopher.o.co...@ibm.com"
<christopher.o.co...@ibm.com>
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Volker Lendecke <v...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/include/vfs.h | 7 ++
source3/lib/dbwrap/dbwrap_ctdb.c | 3 +
source3/librpc/idl/smbXsrv.idl | 2 +-
source3/smbd/files.c | 6 +-
source3/smbd/globals.h | 24 +++--
source3/smbd/lanman.c | 37 +++++---
source3/smbd/password.c | 67 +-------------
source3/smbd/process.c | 145 +++++++++++++++++------------
source3/smbd/proto.h | 3 -
source3/smbd/reply.c | 14 ++-
source3/smbd/service.c | 40 ++++----
source3/smbd/sesssetup.c | 46 ++--------
source3/smbd/smb2_glue.c | 3 +-
source3/smbd/smb2_server.c | 5 +-
source3/smbd/smb2_sesssetup.c | 27 ++----
source3/smbd/smb2_setinfo.c | 5 +-
source3/smbd/smb2_tcon.c | 19 ++--
source3/smbd/smbXsrv_session.c | 192 ++++++++++++++++++++++++++++++++++++---
source3/smbd/smbXsrv_tcon.c | 8 +-
source3/smbd/uid.c | 23 +++--
20 files changed, 391 insertions(+), 285 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/vfs.h b/source3/include/vfs.h
index a836903a832..656fad8b5ee 100644
--- a/source3/include/vfs.h
+++ b/source3/include/vfs.h
@@ -580,6 +580,13 @@ struct smb_request {
connection_struct *conn;
struct smbd_server_connection *sconn;
struct smbXsrv_connection *xconn;
+
+ /*
+ * Pointer to session, can be NULL,
+ * eg during negprot and session setup.
+ */
+ struct smbXsrv_session *session;
+
struct smb_perfcount_data pcd;
/*
diff --git a/source3/lib/dbwrap/dbwrap_ctdb.c b/source3/lib/dbwrap/dbwrap_ctdb.c
index ef667261359..3cbed6322b3 100644
--- a/source3/lib/dbwrap/dbwrap_ctdb.c
+++ b/source3/lib/dbwrap/dbwrap_ctdb.c
@@ -534,6 +534,7 @@ static struct db_record
*db_ctdb_fetch_locked_transaction(struct db_ctdb_ctx *ct
}
if (pull_newest_from_marshall_buffer(ctx->transaction->m_write, key,
NULL, result, &result->value)) {
+ result->value_valid = true;
return result;
}
@@ -553,6 +554,7 @@ static struct db_record
*db_ctdb_fetch_locked_transaction(struct db_ctdb_ctx *ct
result->value.dsize))) {
DEBUG(0, ("talloc failed\n"));
TALLOC_FREE(result);
+ return NULL;
}
result->value_valid = true;
@@ -1245,6 +1247,7 @@ again:
if (result->value.dptr == NULL) {
DBG_ERR("talloc failed\n");
TALLOC_FREE(result);
+ return NULL;
}
}
result->value_valid = true;
diff --git a/source3/librpc/idl/smbXsrv.idl b/source3/librpc/idl/smbXsrv.idl
index b8f3dc679ea..c6ce9c48789 100644
--- a/source3/librpc/idl/smbXsrv.idl
+++ b/source3/librpc/idl/smbXsrv.idl
@@ -290,8 +290,8 @@ interface smbXsrv
hyper nonce_high_max;
hyper nonce_high;
hyper nonce_low;
- [ignore] user_struct *compat;
[ignore] smbXsrv_tcon_table *tcon_table;
+ [ignore] uint32 homes_snum;
smbXsrv_session_auth0 *pending_auth;
} smbXsrv_session;
diff --git a/source3/smbd/files.c b/source3/smbd/files.c
index 97947753170..99b2f343685 100644
--- a/source3/smbd/files.c
+++ b/source3/smbd/files.c
@@ -661,11 +661,7 @@ struct files_struct *file_fsp_get(struct smbd_smb2_request
*smb2req,
return NULL;
}
- if (smb2req->session->compat == NULL) {
- return NULL;
- }
-
- if (smb2req->session->compat->vuid != fsp->vuid) {
+ if (smb2req->session->global->session_wire_id != fsp->vuid) {
return NULL;
}
diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h
index ee4116c76ba..7b26d04ed0f 100644
--- a/source3/smbd/globals.h
+++ b/source3/smbd/globals.h
@@ -573,6 +573,9 @@ NTSTATUS smb1srv_session_table_init(struct
smbXsrv_connection *conn);
NTSTATUS smb1srv_session_lookup(struct smbXsrv_connection *conn,
uint16_t vuid, NTTIME now,
struct smbXsrv_session **session);
+NTSTATUS smbXsrv_session_info_lookup(struct smbXsrv_client *client,
+ uint64_t session_wire_id,
+ struct auth_session_info **si);
NTSTATUS smb2srv_session_table_init(struct smbXsrv_connection *conn);
NTSTATUS smb2srv_session_lookup_conn(struct smbXsrv_connection *conn,
uint64_t session_id, NTTIME now,
@@ -580,6 +583,14 @@ NTSTATUS smb2srv_session_lookup_conn(struct
smbXsrv_connection *conn,
NTSTATUS smb2srv_session_lookup_client(struct smbXsrv_client *client,
uint64_t session_id, NTTIME now,
struct smbXsrv_session **session);
+NTSTATUS get_valid_smbXsrv_session(struct smbXsrv_client *client,
+ uint64_t session_wire_id,
+ struct smbXsrv_session **session);
+NTSTATUS smbXsrv_session_local_traverse(
+ struct smbXsrv_client *client,
+ int (*caller_cb)(struct smbXsrv_session *session,
+ void *caller_data),
+ void *caller_data);
struct smbXsrv_session_global0;
NTSTATUS smbXsrv_session_global_traverse(
int (*fn)(struct smbXsrv_session_global0 *, void *),
@@ -829,22 +840,10 @@ struct smbd_smb2_request {
};
struct smbd_server_connection;
-struct user_struct;
struct pending_message_list;
struct pending_auth_data;
-struct user_struct {
- struct user_struct *next, *prev;
- uint64_t vuid; /* Tag for this entry. */
-
- int homes_snum;
-
- struct auth_session_info *session_info;
-
- struct smbXsrv_session *session;
-};
-
struct pthreadpool_tevent;
struct smbd_server_connection {
@@ -858,7 +857,6 @@ struct smbd_server_connection {
int trans_num;
size_t num_users;
- struct user_struct *users;
size_t num_connections;
struct connection_struct *connections;
diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
index 9babb65f33f..abbec164217 100644
--- a/source3/smbd/lanman.c
+++ b/source3/smbd/lanman.c
@@ -4415,19 +4415,23 @@ static bool api_WWkstaUserLogon(struct
smbd_server_connection *sconn,
int uLevel;
struct pack_desc desc;
char* name;
- /* With share level security vuid will always be zero.
- Don't depend on vuser being non-null !!. JRA */
- struct user_struct *vuser = get_valid_user_struct(sconn, vuid);
+ struct auth_session_info *si = NULL;
+ NTSTATUS status;
+
+ status = smbXsrv_session_info_lookup(conn->sconn->client,
+ vuid,
+ &si);
+ if (!NT_STATUS_IS_OK(status)) {
+ return false;
+ }
if (!str1 || !str2 || !p) {
return False;
}
- if(vuser != NULL) {
- DEBUG(3,(" Username of UID %d is %s\n",
- (int)vuser->session_info->unix_token->uid,
- vuser->session_info->unix_info->unix_name));
- }
+ DBG_INFO("Username of UID %ju is %s\n",
+ (uintmax_t)si->unix_token->uid,
+ si->unix_info->unix_name);
uLevel = get_safe_SVAL(param,tpscnt,p,0,-1);
name = get_safe_str_ptr(param,tpscnt,p,2);
@@ -4487,9 +4491,7 @@ static bool api_WWkstaUserLogon(struct
smbd_server_connection *sconn,
}
PACKS(&desc,"z",lp_workgroup());/* domain */
- PACKS(&desc,"z", vuser ?
- vuser->session_info->info->logon_script
- : ""); /* script path */
+ PACKS(&desc,"z", si->info->logon_script); /* script path */
PACKI(&desc,"D",0x00000000); /* reserved */
}
@@ -5790,9 +5792,18 @@ void api_reply(connection_struct *conn, uint64_t vuid,
/* Check whether this api call can be done anonymously */
if (api_commands[i].auth_user && lp_restrict_anonymous()) {
- struct user_struct *user = get_valid_user_struct(req->sconn,
vuid);
+ struct auth_session_info *si = NULL;
+ NTSTATUS status;
+
+ status = smbXsrv_session_info_lookup(conn->sconn->client,
+ vuid,
+ &si);
+ if (!NT_STATUS_IS_OK(status)) {
+ reply_nterror(req, NT_STATUS_ACCESS_DENIED);
+ return;
+ }
- if (!user || security_session_user_level(user->session_info,
NULL) < SECURITY_USER) {
+ if (security_session_user_level(si, NULL) < SECURITY_USER) {
reply_nterror(req, NT_STATUS_ACCESS_DENIED);
return;
}
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 284a4aba778..9709a51a109 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -26,85 +26,28 @@
#include "auth.h"
#include "../libcli/security/security.h"
-enum server_allocated_state { SERVER_ALLOCATED_REQUIRED_YES,
- SERVER_ALLOCATED_REQUIRED_NO,
- SERVER_ALLOCATED_REQUIRED_ANY};
-
-static struct user_struct *get_valid_user_struct_internal(
- struct smbd_server_connection *sconn,
- uint64_t vuid,
- enum server_allocated_state server_allocated)
-{
- struct user_struct *usp;
- int count=0;
-
- if (vuid == UID_FIELD_INVALID)
- return NULL;
-
- usp=sconn->users;
- for (;usp;usp=usp->next,count++) {
- if (vuid == usp->vuid) {
- switch (server_allocated) {
- case SERVER_ALLOCATED_REQUIRED_YES:
- if (usp->session_info == NULL) {
- continue;
- }
- break;
- case SERVER_ALLOCATED_REQUIRED_NO:
- if (usp->session_info != NULL) {
- continue;
- }
- case SERVER_ALLOCATED_REQUIRED_ANY:
- break;
- }
- if (count > 10) {
- DLIST_PROMOTE(sconn->users, usp);
- }
- return usp;
- }
- }
-
- return NULL;
-}
-
-/****************************************************************************
- Check if a uid has been validated, and return an pointer to the user_struct
- if it has. NULL if not. vuid is biased by an offset. This allows us to
- tell random client vuid's (normally zero) from valid vuids.
-****************************************************************************/
-
-struct user_struct *get_valid_user_struct(struct smbd_server_connection *sconn,
- uint64_t vuid)
-{
- return get_valid_user_struct_internal(sconn, vuid,
- SERVER_ALLOCATED_REQUIRED_YES);
-}
-
/****************************************************************************
Invalidate a uid.
****************************************************************************/
void invalidate_vuid(struct smbd_server_connection *sconn, uint64_t vuid)
{
- struct user_struct *vuser = NULL;
+ struct smbXsrv_session *session = NULL;
+ NTSTATUS status;
- vuser = get_valid_user_struct_internal(sconn, vuid,
- SERVER_ALLOCATED_REQUIRED_ANY);
- if (vuser == NULL) {
+ status = get_valid_smbXsrv_session(sconn->client, vuid, &session);
+ if (!NT_STATUS_IS_OK(status)) {
return;
}
- session_yield(vuser->session);
+ session_yield(session);
- DLIST_REMOVE(sconn->users, vuser);
SMB_ASSERT(sconn->num_users > 0);
sconn->num_users--;
/* clear the vuid from the 'cache' on each connection, and
from the vuid 'owner' of connections */
conn_clear_vuid_caches(sconn, vuid);
-
- TALLOC_FREE(vuser);
}
int register_homes_share(const char *username)
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index e1211ad16a4..f6eeafc88cf 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -1587,9 +1587,10 @@ static connection_struct *switch_message(uint8_t type,
struct smb_request *req)
}
}
- if (session != NULL && !(flags & AS_USER)) {
- struct user_struct *vuser = session->compat;
-
+ if (session != NULL &&
+ session->global->auth_session_info != NULL &&
+ !(flags & AS_USER))
+ {
/*
* change_to_user() implies set_current_user_info()
* and chdir_connect_service().
@@ -1597,12 +1598,10 @@ static connection_struct *switch_message(uint8_t type,
struct smb_request *req)
* So we only call set_current_user_info if
* we don't have AS_USER specified.
*/
- if (vuser) {
- set_current_user_info(
-
vuser->session_info->unix_info->sanitized_username,
- vuser->session_info->unix_info->unix_name,
- vuser->session_info->info->domain_name);
- }
+ set_current_user_info(
+
session->global->auth_session_info->unix_info->sanitized_username,
+
session->global->auth_session_info->unix_info->unix_name,
+ session->global->auth_session_info->info->domain_name);
}
/* Does this call need to be run as the connected user? */
@@ -1701,6 +1700,8 @@ static connection_struct *switch_message(uint8_t type,
struct smb_request *req)
bool update_session_global = false;
bool update_tcon_global = false;
+ req->session = session;
+
smb1srv_update_crypto_flags(session, req, type,
&update_session_global,
&update_tcon_global);
@@ -3471,80 +3472,106 @@ fail:
return false;
}
-static bool uid_in_use(const struct user_struct *user, uid_t uid)
+static bool uid_in_use(struct auth_session_info *session_info,
+ uid_t uid)
{
- while (user) {
- if (user->session_info &&
- (user->session_info->unix_token->uid == uid)) {
- return true;
- }
- user = user->next;
+ if (session_info->unix_token->uid == uid) {
+ return true;
}
return false;
}
-static bool gid_in_use(const struct user_struct *user, gid_t gid)
+static bool gid_in_use(struct auth_session_info *session_info,
+ gid_t gid)
{
- while (user) {
- if (user->session_info != NULL) {
- int i;
- struct security_unix_token *utok;
-
- utok = user->session_info->unix_token;
- if (utok->gid == gid) {
- return true;
- }
- for(i=0; i<utok->ngroups; i++) {
- if (utok->groups[i] == gid) {
- return true;
- }
- }
+ int i;
+ struct security_unix_token *utok = NULL;
+
+ utok = session_info->unix_token;
+ if (utok->gid == gid) {
+ return true;
+ }
+
+ for(i = 0; i < utok->ngroups; i++) {
+ if (utok->groups[i] == gid) {
+ return true;
}
- user = user->next;
}
return false;
}
-static bool sid_in_use(const struct user_struct *user,
+static bool sid_in_use(struct auth_session_info *session_info,
const struct dom_sid *psid)
{
- while (user) {
- struct security_token *tok;
+ struct security_token *tok = NULL;
- if (user->session_info == NULL) {
- continue;
- }
- tok = user->session_info->security_token;
- if (tok == NULL) {
- /*
- * Not sure session_info->security_token can
- * ever be NULL. This check might be not
- * necessary.
- */
- continue;
- }
- if (security_token_has_sid(tok, psid)) {
- return true;
- }
- user = user->next;
+ tok = session_info->security_token;
+ if (tok == NULL) {
+ /*
+ * Not sure session_info->security_token can
+ * ever be NULL. This check might be not
+ * necessary.
+ */
+ return false;
+ }
+ if (security_token_has_sid(tok, psid)) {
+ return true;
}
return false;
}
-static bool id_in_use(const struct user_struct *user,
- const struct id_cache_ref *id)
+struct id_in_use_state {
+ const struct id_cache_ref *id;
+ bool match;
+};
+
+static int id_in_use_cb(struct smbXsrv_session *session,
+ void *private_data)
{
- switch(id->type) {
+ struct id_in_use_state *state = (struct id_in_use_state *)
+ private_data;
+ struct auth_session_info *session_info =
+ session->global->auth_session_info;
+
+ switch(state->id->type) {
case UID:
- return uid_in_use(user, id->id.uid);
+ state->match = uid_in_use(session_info, state->id->id.uid);
+ break;
case GID:
- return gid_in_use(user, id->id.gid);
+ state->match = gid_in_use(session_info, state->id->id.gid);
+ break;
case SID:
- return sid_in_use(user, &id->id.sid);
+ state->match = sid_in_use(session_info, &state->id->id.sid);
+ break;
default:
+ state->match = false;
break;
}
- return false;
+ if (state->match) {
+ return -1;
+ }
+ return 0;
+}
+
+static bool id_in_use(struct smbd_server_connection *sconn,
+ const struct id_cache_ref *id)
+{
+ struct id_in_use_state state;
+ NTSTATUS status;
+
+ state = (struct id_in_use_state) {
+ .id = id,
+ .match = false,
+ };
+
+ status = smbXsrv_session_local_traverse(sconn->client,
+ id_in_use_cb,
+ &state);
+ if (!NT_STATUS_IS_OK(status)) {
+ return false;
+ }
+
+ return state.match;
}
static void smbd_id_cache_kill(struct messaging_context *msg_ctx,
--
Samba Shared Repository
