summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVolker Lendecke <vl@samba.org>2008-05-07 12:20:18 +0200
committerVolker Lendecke <vl@samba.org>2008-05-10 11:17:00 +0200
commit90995202c0f64d2c379be26760d3bf8c122199b5 (patch)
tree73d9a6abad05fff5fac9de107a0100230de13514
parentf93e232535eb14d8f3862fff965adc544e70819f (diff)
downloadsamba-90995202c0f64d2c379be26760d3bf8c122199b5.tar.gz
samba-90995202c0f64d2c379be26760d3bf8c122199b5.tar.bz2
samba-90995202c0f64d2c379be26760d3bf8c122199b5.zip
Add "server_info" to connection_struct
This will replace all the user identity stuff in connection_struct, for now it is just a source where the other fields in connection_struct are filled from. (This used to be commit 0f53f9e7db9f99f239c4d0950452d0e2cde2ae8b)
-rw-r--r--source3/include/smb.h2
-rw-r--r--source3/smbd/service.c120
2 files changed, 25 insertions, 97 deletions
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 8c24e3045e..c7a13fb3a0 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -623,6 +623,8 @@ typedef struct connection_struct {
struct vfs_ops vfs_opaque; /* OPAQUE Filesystem operations */
struct vfs_handle_struct *vfs_handles; /* for the new plugins */
+ struct auth_serversupplied_info *server_info;
+
char *user; /* name of user who *opened* this connection */
uid_t uid; /* uid of user who *opened* this connection */
gid_t gid; /* gid of user who *opened* this connection */
diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index e2715fa6d8..974af83932 100644
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -725,18 +725,14 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
const char *pdev,
NTSTATUS *pstatus)
{
- struct passwd *pass = NULL;
- bool guest = False;
connection_struct *conn;
SMB_STRUCT_STAT st;
- fstring user;
fstring dev;
int ret;
char addr[INET6_ADDRSTRLEN];
bool on_err_call_dis_hook = false;
NTSTATUS status;
- *user = 0;
fstrcpy(dev, pdev);
SET_STAT_INVALID(st);
@@ -754,102 +750,33 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
conn->params->service = snum;
conn->nt_user_token = NULL;
+ status = create_connection_server_info(
+ conn, snum, vuser ? vuser->server_info : NULL, password,
+ &conn->server_info);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("create_connection_server_info failed: %s\n",
+ nt_errstr(status)));
+ *pstatus = status;
+ conn_free(conn);
+ return NULL;
+ }
+
if (lp_guest_only(snum)) {
- const char *guestname = lp_guestaccount();
- char *found_username = NULL;
-
- guest = True;
- pass = getpwnam_alloc(talloc_tos(), guestname);
- if (!pass) {
- DEBUG(0,("make_connection_snum: Invalid guest "
- "account %s??\n",guestname));
- conn_free(conn);
- *pstatus = NT_STATUS_NO_SUCH_USER;
- return NULL;
- }
- status = create_token_from_username(conn, pass->pw_name, True,
- &conn->uid, &conn->gid,
- &found_username,
- &conn->nt_user_token);
- if (!NT_STATUS_IS_OK(status)) {
- TALLOC_FREE(pass);
- conn_free(conn);
- *pstatus = status;
- return NULL;
- }
- fstrcpy(user, found_username);
- string_set(&conn->user,user);
- conn->force_user = True;
- TALLOC_FREE(found_username);
- TALLOC_FREE(pass);
- DEBUG(3,("Guest only user %s\n",user));
+ string_set(&conn->user, conn->server_info->unix_name);
+ conn->force_user = true;
+ DEBUG(3,("Guest only user %s\n", conn->user));
} else if (vuser) {
- if (vuser->server_info->guest) {
- if (!lp_guest_ok(snum)) {
- DEBUG(2, ("guest user (from session setup) "
- "not permitted to access this share "
- "(%s)\n", lp_servicename(snum)));
- conn_free(conn);
- *pstatus = NT_STATUS_ACCESS_DENIED;
- return NULL;
- }
- } else {
- if (!user_ok_token(vuser->server_info->unix_name,
- vuser->server_info->ptok, snum)) {
- DEBUG(2, ("user '%s' (from session setup) not "
- "permitted to access this share "
- "(%s)\n",
- vuser->server_info->unix_name,
- lp_servicename(snum)));
- conn_free(conn);
- *pstatus = NT_STATUS_ACCESS_DENIED;
- return NULL;
- }
- }
conn->vuid = vuser->vuid;
conn->uid = vuser->server_info->uid;
conn->gid = vuser->server_info->gid;
string_set(&conn->user,vuser->server_info->unix_name);
- fstrcpy(user,vuser->server_info->unix_name);
- guest = vuser->server_info->guest;
} else if (lp_security() == SEC_SHARE) {
- NTSTATUS status2;
- char *found_username = NULL;
-
- /* add it as a possible user name if we
- are in share mode security */
- add_session_user(lp_servicename(snum));
- /* shall we let them in? */
- if (!authorise_login(snum,user,password,&guest)) {
- DEBUG( 2, ( "Invalid username/password for [%s]\n",
- lp_servicename(snum)) );
- conn_free(conn);
- *pstatus = NT_STATUS_WRONG_PASSWORD;
- return NULL;
- }
- pass = Get_Pwnam_alloc(talloc_tos(), user);
- status2 = create_token_from_username(conn, pass->pw_name, True,
- &conn->uid, &conn->gid,
- &found_username,
- &conn->nt_user_token);
- TALLOC_FREE(pass);
- if (!NT_STATUS_IS_OK(status2)) {
- conn_free(conn);
- *pstatus = status2;
- return NULL;
- }
- fstrcpy(user, found_username);
- string_set(&conn->user,user);
- TALLOC_FREE(found_username);
+ string_set(&conn->user, conn->server_info->unix_name);
conn->force_user = True;
- } else {
- DEBUG(0, ("invalid VUID (vuser) but not in security=share\n"));
- conn_free(conn);
- *pstatus = NT_STATUS_ACCESS_DENIED;
- return NULL;
}
- add_session_user(user);
+ add_session_user(conn->user);
safe_strcpy(conn->client_address,
client_addr(get_client_fd(),addr,sizeof(addr)),
@@ -881,7 +808,6 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
conn->veto_oplock_list = NULL;
conn->aio_write_behind_list = NULL;
string_set(&conn->dirpath,"");
- string_set(&conn->user,user);
conn->read_only = lp_readonly(SNUM(conn));
conn->admin_user = False;
@@ -895,15 +821,14 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
if (*lp_force_user(snum)) {
status = find_forced_user(conn,
(vuser != NULL) && vuser->server_info->guest,
- user);
+ conn->user);
if (!NT_STATUS_IS_OK(status)) {
conn_free(conn);
*pstatus = status;
return NULL;
}
- string_set(&conn->user,user);
conn->force_user = True;
- DEBUG(3,("Forced user %s\n",user));
+ DEBUG(3,("Forced user %s\n",conn->user));
}
/*
@@ -914,7 +839,8 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
if (*lp_force_group(snum)) {
DOM_SID group_sid;
- status = find_forced_group(conn->force_user, snum, user,
+ status = find_forced_group(conn->force_user, snum,
+ conn->user,
&group_sid, &conn->gid);
if (!NT_STATUS_IS_OK(status)) {
conn_free(conn);
@@ -1189,7 +1115,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
to allow any filesystems needing user credentials to initialize
themselves. */
- if (SMB_VFS_CONNECT(conn, lp_servicename(snum), user) < 0) {
+ if (SMB_VFS_CONNECT(conn, lp_servicename(snum), conn->user) < 0) {
DEBUG(0,("make_connection: VFS make connection failed!\n"));
*pstatus = NT_STATUS_UNSUCCESSFUL;
goto err_root_exit;
@@ -1256,7 +1182,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
conn->client_address );
dbgtext( "%s", srv_is_signing_active() ? "signed " : "");
dbgtext( "connect to service %s ", lp_servicename(snum) );
- dbgtext( "initially as user %s ", user );
+ dbgtext( "initially as user %s ", conn->user );
dbgtext( "(uid=%d, gid=%d) ", (int)geteuid(), (int)getegid() );
dbgtext( "(pid %d)\n", (int)sys_getpid() );
}