diff options
author | Andrew Bartlett <abartlet@samba.org> | 2011-07-15 14:59:14 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2011-07-20 09:17:10 +1000 |
commit | 6d741e918f145c6ec62c22358aabc8162db108fd (patch) | |
tree | 4d562524b2ff71892911331d707e23045984b0d3 | |
parent | f16d8f4eb86ecc4741c25e5ed87b2ea4c6717a31 (diff) | |
download | samba-6d741e918f145c6ec62c22358aabc8162db108fd.tar.gz samba-6d741e918f145c6ec62c22358aabc8162db108fd.tar.bz2 samba-6d741e918f145c6ec62c22358aabc8162db108fd.zip |
s3-auth Use *unix_token rather than utok in struct auth3_session_info
This brings this structure one step closer to the struct auth_session_info.
A few SMB_ASSERT calls are added in some key places to ensure that
this pointer is initialised, to make tracing any bugs here easier in
future.
NOTE: Many of the users of this structure should be reviewed, as unix
and NT access checks are mixed in a way that should just be done using
the NT ACL. This patch has not changed this behaviour however.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
26 files changed, 174 insertions, 142 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 70df256042..59a296774b 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -509,8 +509,8 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx, status = create_token_from_username(session_info, session_info->unix_name, session_info->guest, - &session_info->utok.uid, - &session_info->utok.gid, + &session_info->unix_token->uid, + &session_info->unix_token->gid, &session_info->unix_name, &session_info->security_token); @@ -528,8 +528,8 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx, /* Convert the SIDs to gids. */ - session_info->utok.ngroups = 0; - session_info->utok.groups = NULL; + session_info->unix_token->ngroups = 0; + session_info->unix_token->groups = NULL; t = session_info->security_token; @@ -555,8 +555,8 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx, continue; } if (!add_gid_to_array_unique(session_info, ids[i].id.gid, - &session_info->utok.groups, - &session_info->utok.ngroups)) { + &session_info->unix_token->groups, + &session_info->unix_token->ngroups)) { return NT_STATUS_NO_MEMORY; } } @@ -574,14 +574,14 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx, * the nt token. */ - uid_to_unix_users_sid(session_info->utok.uid, &tmp_sid); + uid_to_unix_users_sid(session_info->unix_token->uid, &tmp_sid); add_sid_to_array_unique(session_info->security_token, &tmp_sid, &session_info->security_token->sids, &session_info->security_token->num_sids); - for ( i=0; i<session_info->utok.ngroups; i++ ) { - gid_to_unix_groups_sid(session_info->utok.groups[i], &tmp_sid); + for ( i=0; i<session_info->unix_token->ngroups; i++ ) { + gid_to_unix_groups_sid(session_info->unix_token->groups[i], &tmp_sid); add_sid_to_array_unique(session_info->security_token, &tmp_sid, &session_info->security_token->sids, &session_info->security_token->num_sids); @@ -589,10 +589,10 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx, security_token_debug(DBGC_AUTH, 10, session_info->security_token); debug_unix_user_token(DBGC_AUTH, 10, - session_info->utok.uid, - session_info->utok.gid, - session_info->utok.ngroups, - session_info->utok.groups); + session_info->unix_token->uid, + session_info->unix_token->gid, + session_info->unix_token->ngroups, + session_info->unix_token->groups); status = log_nt_token(session_info->security_token); if (!NT_STATUS_IS_OK(status)) { @@ -980,12 +980,15 @@ static struct auth_serversupplied_info *copy_session_info_serverinfo(TALLOC_CTX dst->guest = src->guest; dst->system = src->system; - dst->utok.uid = src->utok.uid; - dst->utok.gid = src->utok.gid; - dst->utok.ngroups = src->utok.ngroups; - if (src->utok.ngroups != 0) { + + /* This element must be provided to convert back to an auth_serversupplied_info */ + SMB_ASSERT(src->unix_token); + dst->utok.uid = src->unix_token->uid; + dst->utok.gid = src->unix_token->gid; + dst->utok.ngroups = src->unix_token->ngroups; + if (src->unix_token->ngroups != 0) { dst->utok.groups = (gid_t *)talloc_memdup( - dst, src->utok.groups, + dst, src->unix_token->groups, sizeof(gid_t)*dst->utok.ngroups); } else { dst->utok.groups = NULL; @@ -1039,15 +1042,21 @@ static struct auth3_session_info *copy_serverinfo_session_info(TALLOC_CTX *mem_c dst->guest = src->guest; dst->system = src->system; - dst->utok.uid = src->utok.uid; - dst->utok.gid = src->utok.gid; - dst->utok.ngroups = src->utok.ngroups; + + dst->unix_token = talloc(dst, struct security_unix_token); + if (!dst->unix_token) { + return NULL; + } + + dst->unix_token->uid = src->utok.uid; + dst->unix_token->gid = src->utok.gid; + dst->unix_token->ngroups = src->utok.ngroups; if (src->utok.ngroups != 0) { - dst->utok.groups = (gid_t *)talloc_memdup( - dst, src->utok.groups, - sizeof(gid_t)*dst->utok.ngroups); + dst->unix_token->groups = (gid_t *)talloc_memdup( + dst->unix_token, src->utok.groups, + sizeof(gid_t)*dst->unix_token->ngroups); } else { - dst->utok.groups = NULL; + dst->unix_token->groups = NULL; } if (src->security_token) { @@ -1098,15 +1107,25 @@ struct auth3_session_info *copy_session_info(TALLOC_CTX *mem_ctx, dst->guest = src->guest; dst->system = src->system; - dst->utok.uid = src->utok.uid; - dst->utok.gid = src->utok.gid; - dst->utok.ngroups = src->utok.ngroups; - if (src->utok.ngroups != 0) { - dst->utok.groups = (gid_t *)talloc_memdup( - dst, src->utok.groups, - sizeof(gid_t)*dst->utok.ngroups); + + if (src->unix_token) { + dst->unix_token = talloc(dst, struct security_unix_token); + if (!dst->unix_token) { + return NULL; + } + + dst->unix_token->uid = src->unix_token->uid; + dst->unix_token->gid = src->unix_token->gid; + dst->unix_token->ngroups = src->unix_token->ngroups; + if (src->unix_token->ngroups != 0) { + dst->unix_token->groups = (gid_t *)talloc_memdup( + dst->unix_token, src->unix_token->groups, + sizeof(gid_t)*dst->unix_token->ngroups); + } else { + dst->unix_token->groups = NULL; + } } else { - dst->utok.groups = NULL; + dst->unix_token = NULL; } if (src->security_token) { diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c index 12026060bd..080bd0b058 100644 --- a/source3/auth/server_info.c +++ b/source3/auth/server_info.c @@ -87,12 +87,11 @@ struct auth3_session_info *make_auth3_session_info(TALLOC_CTX *mem_ctx) talloc_set_destructor(result, auth3_session_info_dtor); - /* Initialise the uid and gid values to something non-zero - which may save us from giving away root access if there - is a bug in allocating these fields. */ + /* Initialise the unix_token to NULL which may save us from + giving away root access if there is a bug in allocating + these fields. */ - result->utok.uid = -1; - result->utok.gid = -1; + result->unix_token = NULL; return result; } diff --git a/source3/include/auth.h b/source3/include/auth.h index b1e5c32c36..f3c6a04092 100644 --- a/source3/include/auth.h +++ b/source3/include/auth.h @@ -79,7 +79,7 @@ struct auth3_session_info { bool guest; bool system; - struct security_unix_token utok; + struct security_unix_token *unix_token; /* NT group information taken from the info3 structure */ diff --git a/source3/lib/afs.c b/source3/lib/afs.c index 61a588cfa3..11a930b8b9 100644 --- a/source3/lib/afs.c +++ b/source3/lib/afs.c @@ -232,7 +232,7 @@ bool afs_login(connection_struct *conn) afs_username = talloc_sub_advanced(ctx, SNUM(conn), conn->session_info->unix_name, - conn->connectpath, conn->session_info->utok.gid, + conn->connectpath, conn->session_info->unix_token->gid, conn->session_info->sanitized_username, pdb_get_domain(conn->session_info->sam_account), afs_username); diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c index df217bc03f..bf3cd5d51e 100644 --- a/source3/lib/substitute.c +++ b/source3/lib/substitute.c @@ -815,11 +815,13 @@ void standard_sub_advanced(const char *servicename, const char *user, char *standard_sub_conn(TALLOC_CTX *ctx, connection_struct *conn, const char *str) { + /* Make clear that we require the optional unix_token in the source3 code */ + SMB_ASSERT(conn->session_info->unix_token); return talloc_sub_advanced(ctx, lp_servicename(SNUM(conn)), conn->session_info->unix_name, conn->connectpath, - conn->session_info->utok.gid, + conn->session_info->unix_token->gid, get_smb_user_name(), "", str); diff --git a/source3/modules/vfs_expand_msdfs.c b/source3/modules/vfs_expand_msdfs.c index 76a918f754..8cb59b2cdd 100644 --- a/source3/modules/vfs_expand_msdfs.c +++ b/source3/modules/vfs_expand_msdfs.c @@ -159,7 +159,7 @@ static char *expand_msdfs_target(TALLOC_CTX *ctx, lp_servicename(SNUM(conn)), conn->session_info->unix_name, conn->connectpath, - conn->session_info->utok.gid, + conn->session_info->unix_token->gid, conn->session_info->sanitized_username, conn->session_info->info3->base.domain.string, targethost); diff --git a/source3/modules/vfs_fake_perms.c b/source3/modules/vfs_fake_perms.c index ade2407543..a7de8af6b1 100644 --- a/source3/modules/vfs_fake_perms.c +++ b/source3/modules/vfs_fake_perms.c @@ -41,8 +41,8 @@ static int fake_perms_stat(vfs_handle_struct *handle, } else { smb_fname->st.st_ex_mode = S_IRWXU; } - smb_fname->st.st_ex_uid = handle->conn->session_info->utok.uid; - smb_fname->st.st_ex_gid = handle->conn->session_info->utok.gid; + smb_fname->st.st_ex_uid = handle->conn->session_info->unix_token->uid; + smb_fname->st.st_ex_gid = handle->conn->session_info->unix_token->gid; } return ret; @@ -59,8 +59,8 @@ static int fake_perms_fstat(vfs_handle_struct *handle, files_struct *fsp, SMB_ST } else { sbuf->st_ex_mode = S_IRWXU; } - sbuf->st_ex_uid = handle->conn->session_info->utok.uid; - sbuf->st_ex_gid = handle->conn->session_info->utok.gid; + sbuf->st_ex_uid = handle->conn->session_info->unix_token->uid; + sbuf->st_ex_gid = handle->conn->session_info->unix_token->gid; } return ret; } diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c index 19092c4df0..9e7981b408 100644 --- a/source3/modules/vfs_full_audit.c +++ b/source3/modules/vfs_full_audit.c @@ -408,7 +408,7 @@ static char *audit_prefix(TALLOC_CTX *ctx, connection_struct *conn) lp_servicename(SNUM(conn)), conn->session_info->unix_name, conn->connectpath, - conn->session_info->utok.gid, + conn->session_info->unix_token->gid, conn->session_info->sanitized_username, conn->session_info->info3->base.domain.string, prefix); diff --git a/source3/modules/vfs_recycle.c b/source3/modules/vfs_recycle.c index 5c4f8706cb..72355cd55e 100644 --- a/source3/modules/vfs_recycle.c +++ b/source3/modules/vfs_recycle.c @@ -445,7 +445,7 @@ static int recycle_unlink(vfs_handle_struct *handle, repository = talloc_sub_advanced(NULL, lp_servicename(SNUM(conn)), conn->session_info->unix_name, conn->connectpath, - conn->session_info->utok.gid, + conn->session_info->unix_token->gid, conn->session_info->sanitized_username, conn->session_info->info3->base.domain.string, recycle_repository(handle)); diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index dc3654c63f..0023515bb1 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -1737,7 +1737,7 @@ bool print_access_check(const struct auth3_session_info *session_info, /* Always allow root or SE_PRINT_OPERATROR to do anything */ - if (session_info->utok.uid == sec_initial_uid() + if (session_info->unix_token->uid == sec_initial_uid() || security_token_has_privilege(session_info->security_token, SEC_PRIV_PRINT_OPERATOR)) { return True; } @@ -1802,7 +1802,7 @@ bool print_access_check(const struct auth3_session_info *session_info, /* see if we need to try the printer admin list */ if (!NT_STATUS_IS_OK(status) && - (token_contains_name_in_list(uidtoname(session_info->utok.uid), + (token_contains_name_in_list(uidtoname(session_info->unix_token->uid), session_info->info3->base.domain.string, NULL, session_info->security_token, lp_printer_admin(snum)))) { diff --git a/source3/printing/printing.c b/source3/printing/printing.c index 31d558c791..50ef75b8ef 100644 --- a/source3/printing/printing.c +++ b/source3/printing/printing.c @@ -2282,7 +2282,7 @@ WERROR print_job_delete(const struct auth3_session_info *server_info, sys_adminlog( LOG_ERR, "Permission denied-- user not allowed to delete, \ pause, or resume print job. User name: %s. Printer name: %s.", - uidtoname(server_info->utok.uid), + uidtoname(server_info->unix_token->uid), lp_printername(snum) ); /* END_ADMIN_LOG */ @@ -2359,7 +2359,7 @@ bool print_job_pause(const struct auth3_session_info *server_info, sys_adminlog( LOG_ERR, "Permission denied-- user not allowed to delete, \ pause, or resume print job. User name: %s. Printer name: %s.", - uidtoname(server_info->utok.uid), + uidtoname(server_info->unix_token->uid), lp_printername(snum) ); /* END_ADMIN_LOG */ @@ -2425,7 +2425,7 @@ bool print_job_resume(const struct auth3_session_info *server_info, sys_adminlog( LOG_ERR, "Permission denied-- user not allowed to delete, \ pause, or resume print job. User name: %s. Printer name: %s.", - uidtoname(server_info->utok.uid), + uidtoname(server_info->unix_token->uid), lp_printername(snum) ); /* END_ADMIN_LOG */ return False; @@ -2841,7 +2841,7 @@ WERROR print_job_start(const struct auth3_session_info *server_info, fstrcpy(pjob.user, lp_printjob_username(snum)); standard_sub_advanced(sharename, server_info->sanitized_username, - path, server_info->utok.gid, + path, server_info->unix_token->gid, server_info->sanitized_username, server_info->info3->base.domain.string, pjob.user, sizeof(pjob.user)-1); diff --git a/source3/rpc_server/dfs/srv_dfs_nt.c b/source3/rpc_server/dfs/srv_dfs_nt.c index 5b4e423393..d77989db2f 100644 --- a/source3/rpc_server/dfs/srv_dfs_nt.c +++ b/source3/rpc_server/dfs/srv_dfs_nt.c @@ -54,7 +54,7 @@ WERROR _dfs_Add(struct pipes_struct *p, struct dfs_Add *r) NTSTATUS status; TALLOC_CTX *ctx = talloc_tos(); - if (p->session_info->utok.uid != sec_initial_uid()) { + if (p->session_info->unix_token->uid != sec_initial_uid()) { DEBUG(10,("_dfs_add: uid != 0. Access denied.\n")); return WERR_ACCESS_DENIED; } @@ -119,7 +119,7 @@ WERROR _dfs_Remove(struct pipes_struct *p, struct dfs_Remove *r) TALLOC_CTX *ctx = talloc_tos(); char *altpath = NULL; - if (p->session_info->utok.uid != sec_initial_uid()) { + if (p->session_info->unix_token->uid != sec_initial_uid()) { DEBUG(10,("_dfs_remove: uid != 0. Access denied.\n")); return WERR_ACCESS_DENIED; } diff --git a/source3/rpc_server/epmapper/srv_epmapper.c b/source3/rpc_server/epmapper/srv_epmapper.c index 8e049fcb24..8ee7cb53f0 100644 --- a/source3/rpc_server/epmapper/srv_epmapper.c +++ b/source3/rpc_server/epmapper/srv_epmapper.c @@ -234,7 +234,7 @@ static uint32_t build_ep_list(TALLOC_CTX *mem_ctx, static bool is_priviledged_pipe(struct auth3_session_info *info) { /* If the user is not root, or has the system token, fail */ - if ((info->utok.uid != sec_initial_uid()) && + if ((info->unix_token->uid != sec_initial_uid()) && !security_token_is_system(info->security_token)) { return false; } diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c index 2342a0e8aa..fa018b424f 100644 --- a/source3/rpc_server/lsa/srv_lsa_nt.c +++ b/source3/rpc_server/lsa/srv_lsa_nt.c @@ -434,7 +434,7 @@ NTSTATUS _lsa_OpenPolicy2(struct pipes_struct *p, /* Work out max allowed. */ map_max_allowed_access(p->session_info->security_token, - &p->session_info->utok, + p->session_info->unix_token, &des_access); /* map the generic bits to the lsa policy ones */ @@ -1504,7 +1504,7 @@ static NTSTATUS _lsa_OpenTrustedDomain_base(struct pipes_struct *p, /* Work out max allowed. */ map_max_allowed_access(p->session_info->security_token, - &p->session_info->utok, + p->session_info->unix_token, &access_mask); /* map the generic bits to the lsa account ones */ @@ -1701,14 +1701,14 @@ NTSTATUS _lsa_CreateTrustedDomainEx2(struct pipes_struct *p, return NT_STATUS_ACCESS_DENIED; } - if (p->session_info->utok.uid != sec_initial_uid() && + if (p->session_info->unix_token->uid != sec_initial_uid() && !nt_token_check_domain_rid(p->session_info->security_token, DOMAIN_RID_ADMINS)) { return NT_STATUS_ACCESS_DENIED; } /* Work out max allowed. */ map_max_allowed_access(p->session_info->security_token, - &p->session_info->utok, + p->session_info->unix_token, &r->in.access_mask); /* map the generic bits to the lsa policy ones */ @@ -2466,7 +2466,7 @@ NTSTATUS _lsa_CreateAccount(struct pipes_struct *p, /* Work out max allowed. */ map_max_allowed_access(p->session_info->security_token, - &p->session_info->utok, + p->session_info->unix_token, &r->in.access_mask); /* map the generic bits to the lsa policy ones */ @@ -2530,7 +2530,7 @@ NTSTATUS _lsa_OpenAccount(struct pipes_struct *p, /* Work out max allowed. */ map_max_allowed_access(p->session_info->security_token, - &p->session_info->utok, + p->session_info->unix_token, &des_access); /* map the generic bits to the lsa account ones */ diff --git a/source3/rpc_server/samr/srv_samr_nt.c b/source3/rpc_server/samr/srv_samr_nt.c index 9b91ef3d2b..b9bf4b0790 100644 --- a/source3/rpc_server/samr/srv_samr_nt.c +++ b/source3/rpc_server/samr/srv_samr_nt.c @@ -454,7 +454,7 @@ NTSTATUS _samr_OpenDomain(struct pipes_struct *p, /*check if access can be granted as requested by client. */ map_max_allowed_access(p->session_info->security_token, - &p->session_info->utok, + p->session_info->unix_token, &des_access); make_samr_object_sd( p->mem_ctx, &psd, &sd_size, &dom_generic_mapping, NULL, 0 ); @@ -2210,7 +2210,7 @@ NTSTATUS _samr_OpenUser(struct pipes_struct *p, /* check if access can be granted as requested by client. */ map_max_allowed_access(p->session_info->security_token, - &p->session_info->utok, + p->session_info->unix_token, &des_access); make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &usr_generic_mapping, &sid, SAMR_USR_RIGHTS_WRITE_PW); @@ -3790,7 +3790,7 @@ NTSTATUS _samr_CreateUser2(struct pipes_struct *p, } DEBUG(5, ("_samr_CreateUser2: %s can add this account : %s\n", - uidtoname(p->session_info->utok.uid), + uidtoname(p->session_info->unix_token->uid), can_add_account ? "True":"False" )); if (!can_add_account) { @@ -3816,7 +3816,7 @@ NTSTATUS _samr_CreateUser2(struct pipes_struct *p, sid_compose(&sid, get_global_sam_sid(), *r->out.rid); map_max_allowed_access(p->session_info->security_token, - &p->session_info->utok, + p->session_info->unix_token, &des_access); make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &usr_generic_mapping, @@ -3899,7 +3899,7 @@ NTSTATUS _samr_Connect(struct pipes_struct *p, user level access control on shares) --jerry */ map_max_allowed_access(p->session_info->security_token, - &p->session_info->utok, + p->session_info->unix_token, &des_access); se_map_generic( &des_access, &sam_generic_mapping ); @@ -3961,7 +3961,7 @@ NTSTATUS _samr_Connect2(struct pipes_struct *p, } map_max_allowed_access(p->session_info->security_token, - &p->session_info->utok, + p->session_info->unix_token, &des_access); make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &sam_generic_mapping, NULL, 0); @@ -4176,7 +4176,7 @@ NTSTATUS _samr_OpenAlias(struct pipes_struct *p, /*check if access can be granted as requested by client. */ map_max_allowed_access(p->session_info->security_token, - &p->session_info->utok, + p->session_info->unix_token, &des_access); make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &ali_generic_mapping, NULL, 0); @@ -6257,7 +6257,7 @@ NTSTATUS _samr_OpenGroup(struct pipes_struct *p, /*check if access can be granted as requested by client. */ map_max_allowed_access(p->session_info->security_token, - &p->session_info->utok, + p->session_info->unix_token, &des_access); make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &grp_generic_mapping, NULL, 0); diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c index 6d62bcb526..12dcc27615 100644 --- a/source3/rpc_server/spoolss/srv_spoolss_nt.c +++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c @@ -1827,11 +1827,11 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p, /* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege, and not a printer admin, then fail */ - if ((p->session_info->utok.uid != sec_initial_uid()) && + if ((p->session_info->unix_token->uid != sec_initial_uid()) && !security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR) && !nt_token_check_sid(&global_sid_Builtin_Print_Operators, p->session_info->security_token) && !token_contains_name_in_list( - uidtoname(p->session_info->utok.uid), + uidtoname(p->session_info->unix_token->uid), p->session_info->info3->base.domain.string, NULL, p->session_info->security_token, @@ -1914,7 +1914,7 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p, return WERR_ACCESS_DENIED; } - if (!user_ok_token(uidtoname(p->session_info->utok.uid), NULL, + if (!user_ok_token(uidtoname(p->session_info->unix_token->uid), NULL, p->session_info->security_token, snum) || !print_access_check(p->session_info, p->msg_ctx, @@ -2091,10 +2091,10 @@ WERROR _spoolss_DeletePrinterDriver(struct pipes_struct *p, /* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege, and not a printer admin, then fail */ - if ( (p->session_info->utok.uid != sec_initial_uid()) + if ( (p->session_info->unix_token->uid != sec_initial_uid()) && !security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR) && !token_contains_name_in_list( - uidtoname(p->session_info->utok.uid), + uidtoname(p->session_info->unix_token->uid), p->session_info->info3->base.domain.string, NULL, p->session_info->security_token, @@ -2195,10 +2195,10 @@ WERROR _spoolss_DeletePrinterDriverEx(struct pipes_struct *p, /* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege, and not a printer admin, then fail */ - if ( (p->session_info->utok.uid != sec_initial_uid()) + if ( (p->session_info->unix_token->uid != sec_initial_uid()) && !security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR) && !token_contains_name_in_list( - uidtoname(p->session_info->utok.uid), + uidtoname(p->session_info->unix_token->uid), p->session_info->info3->base.domain.string, NULL, p->session_info->security_token, lp_printer_admin(-1)) ) @@ -8550,9 +8550,9 @@ WERROR _spoolss_AddForm(struct pipes_struct *p, /* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege, and not a printer admin, then fail */ - if ((p->session_info->utok.uid != sec_initial_uid()) && + if ((p->session_info->unix_token->uid != sec_initial_uid()) && !security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR) && - !token_contains_name_in_list(uidtoname(p->session_info->utok.uid), + !token_contains_name_in_list(uidtoname(p->session_info->unix_token->uid), p->session_info->info3->base.domain.string, NULL, p->session_info->security_token, @@ -8623,9 +8623,9 @@ WERROR _spoolss_DeleteForm(struct pipes_struct *p, return WERR_BADFID; } - if ((p->session_info->utok.uid != sec_initial_uid()) && + if ((p->session_info->unix_token->uid != sec_initial_uid()) && !security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR) && - !token_contains_name_in_list(uidtoname(p->session_info->utok.uid), + !token_contains_name_in_list(uidtoname(p->session_info->unix_token->uid), p->session_info->info3->base.domain.string, NULL, p->session_info->security_token, @@ -8692,9 +8692,9 @@ WERROR _spoolss_SetForm(struct pipes_struct *p, /* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege, and not a printer admin, then fail */ - if ((p->session_info->utok.uid != sec_initial_uid()) && + if ((p->session_info->unix_token->uid != sec_initial_uid()) && !security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR) && - !token_contains_name_in_list(uidtoname(p->session_info->utok.uid), + !token_contains_name_in_list(uidtoname(p->session_info->unix_token->uid), p->session_info->info3->base.domain.string, NULL, p->session_info->security_token, diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c index 7d52a761b6..4766573f62 100644 --- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c +++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c @@ -288,7 +288,7 @@ static void init_srv_share_info_1(struct pipes_struct *p, remark = talloc_sub_advanced( p->mem_ctx, lp_servicename(snum), get_current_username(), lp_pathname(snum), - p->session_info->utok.uid, get_current_username(), + p->session_info->unix_token->uid, get_current_username(), "", remark); } @@ -316,7 +316,7 @@ static void init_srv_share_info_2(struct pipes_struct *p, remark = talloc_sub_advanced( p->mem_ctx, lp_servicename(snum), get_current_username(), lp_pathname(snum), - p->session_info->utok.uid, get_current_username(), + p->session_info->unix_token->uid, get_current_username(), "", remark); } path = talloc_asprintf(p->mem_ctx, @@ -381,7 +381,7 @@ static void init_srv_share_info_501(struct pipes_struct *p, remark = talloc_sub_advanced( p->mem_ctx, lp_servicename(snum), get_current_username(), lp_pathname(snum), - p->session_info->utok.uid, get_current_username(), + p->session_info->unix_token->uid, get_current_username(), "", remark); } @@ -410,7 +410,7 @@ static void init_srv_share_info_502(struct pipes_struct *p, remark = talloc_sub_advanced( p->mem_ctx, lp_servicename(snum), get_current_username(), lp_pathname(snum), - p->session_info->utok.uid, get_current_username(), + p->session_info->unix_token->uid, get_current_username(), "", remark); } path = talloc_asprintf(ctx, "C:%s", lp_pathname(snum)); @@ -451,7 +451,7 @@ static void init_srv_share_info_1004(struct pipes_struct *p, remark = talloc_sub_advanced( p->mem_ctx, lp_servicename(snum), get_current_username(), lp_pathname(snum), - p->session_info->utok.uid, get_current_username(), + p->session_info->unix_token->uid, get_current_username(), "", remark); } @@ -1333,7 +1333,7 @@ WERROR _srvsvc_NetSessDel(struct pipes_struct *p, /* fail out now if you are not root or not a domain admin */ - if ((p->session_info->utok.uid != sec_initial_uid()) && + if ((p->session_info->unix_token->uid != sec_initial_uid()) && ( ! nt_token_check_domain_rid(p->session_info->security_token, DOMAIN_RID_ADMINS))) { @@ -1347,7 +1347,7 @@ WERROR _srvsvc_NetSessDel(struct pipes_struct *p, NTSTATUS ntstat; - if (p->session_info->utok.uid != sec_initial_uid()) { + if (p->session_info->unix_token->uid != sec_initial_uid()) { not_root = True; become_root(); } @@ -1572,11 +1572,11 @@ WERROR _srvsvc_NetShareSetInfo(struct pipes_struct *p, /* fail out now if you are not root and not a disk op */ - if ( p->session_info->utok.uid != sec_initial_uid() && !is_disk_op ) { + if ( p->session_info->unix_token->uid != sec_initial_uid() && !is_disk_op ) { DEBUG(2,("_srvsvc_NetShareSetInfo: uid %u doesn't have the " "SeDiskOperatorPrivilege privilege needed to modify " "share %s\n", - (unsigned int)p->session_info->utok.uid, + (unsigned int)p->session_info->unix_token->uid, share_name )); return WERR_ACCESS_DENIED; } @@ -1773,7 +1773,7 @@ WERROR _srvsvc_NetShareAdd(struct pipes_struct *p, is_disk_op = security_token_has_privilege(p->session_info->security_token, SEC_PRIV_DISK_OPERATOR); - if (p->session_info->utok.uid != sec_initial_uid() && !is_disk_op ) + if (p->session_info->unix_token->uid != sec_initial_uid() && !is_disk_op ) return WERR_ACCESS_DENIED; if (!lp_add_share_cmd() || !*lp_add_share_cmd()) { @@ -1979,7 +1979,7 @@ WERROR _srvsvc_NetShareDel(struct pipes_struct *p, is_disk_op = security_token_has_privilege(p->session_info->security_token, SEC_PRIV_DISK_OPERATOR); - if (p->session_info->utok.uid != sec_initial_uid() && !is_disk_op ) + if (p->session_info->unix_token->uid != sec_initial_uid() && !is_disk_op ) return WERR_ACCESS_DENIED; if (!lp_delete_share_cmd() || !*lp_delete_share_cmd()) { @@ -2549,7 +2549,7 @@ WERROR _srvsvc_NetFileClose(struct pipes_struct *p, is_disk_op = security_token_has_privilege(p->session_info->security_token, SEC_PRIV_DISK_OPERATOR); - if (p->session_info->utok.uid != sec_initial_uid() && !is_disk_op) { + if (p->session_info->unix_token->uid != sec_initial_uid() && !is_disk_op) { return WERR_ACCESS_DENIED; } diff --git a/source3/smbd/connection.c b/source3/smbd/connection.c index 048604c5c9..7e49664162 100644 --- a/source3/smbd/connection.c +++ b/source3/smbd/connection.c @@ -149,13 +149,16 @@ bool claim_connection(connection_struct *conn, const char *name) return False; } + /* Make clear that we require the optional unix_token in the source3 code */ + SMB_ASSERT(conn->session_info->unix_token); + /* fill in the crec */ ZERO_STRUCT(crec); crec.magic = 0x280267; crec.pid = sconn_server_id(conn->sconn); crec.cnum = conn->cnum; - crec.uid = conn->session_info->utok.uid; - crec.gid = conn->session_info->utok.gid; + crec.uid = conn->session_info->unix_token->uid; + crec.gid = conn->session_info->unix_token->gid; strlcpy(crec.servicename, lp_servicename(SNUM(conn)), sizeof(crec.servicename)); crec.start = time(NULL); diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c index 63fdd03f44..f84540fbec 100644 --- a/source3/smbd/lanman.c +++ b/source3/smbd/lanman.c @@ -119,7 +119,7 @@ static int CopyExpanded(connection_struct *conn, lp_servicename(SNUM(conn)), conn->session_info->unix_name, conn->connectpath, - conn->session_info->utok.gid, + conn->session_info->unix_token->gid, conn->session_info->sanitized_username, conn->session_info->info3->base.domain.string, buf); @@ -170,7 +170,7 @@ static int StrlenExpanded(connection_struct *conn, int snum, char *s) lp_servicename(SNUM(conn)), conn->session_info->unix_name, conn->connectpath, - conn->session_info->utok.gid, + conn->session_info->unix_token->gid, conn->session_info->sanitized_username, conn->session_info->info3->base.domain.string, buf); @@ -4635,7 +4635,7 @@ static bool api_WWkstaUserLogon(struct smbd_server_connection *sconn, if(vuser != NULL) { DEBUG(3,(" Username of UID %d is %s\n", - (int)vuser->session_info->utok.uid, + (int)vuser->session_info->unix_token->uid, vuser->session_info->unix_name)); } diff --git a/source3/smbd/msg_idmap.c b/source3/smbd/msg_idmap.c index 2a00f1bbb9..b534ac3846 100644 --- a/source3/smbd/msg_idmap.c +++ b/source3/smbd/msg_idmap.c @@ -73,7 +73,7 @@ static bool parse_id(const char* str, struct id* id) static bool uid_in_use(const struct user_struct* user, uid_t uid) { while (user) { - if (user->session_info && (user->session_info->utok.uid == uid)) { + if (user->session_info && (user->session_info->unix_token->uid == uid)) { return true; } user = user->next; @@ -86,12 +86,12 @@ static bool gid_in_use(const struct user_struct* user, gid_t gid) while (user) { if (user->session_info != NULL) { int i; - struct security_unix_token utok = user->session_info->utok; - if (utok.gid == gid) { + struct security_unix_token *utok = user->session_info->unix_token; + if (utok->gid == gid) { return true; } - for(i=0; i<utok.ngroups; i++) { - if (utok.groups[i] == gid) { + for(i=0; i<utok->ngroups; i++) { + if (utok->groups[i] == gid) { return true; } } diff --git a/source3/smbd/password.c b/source3/smbd/password.c index f32989da54..fb88fd3319 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -284,9 +284,12 @@ int register_existing_vuid(struct smbd_server_connection *sconn, vuser->session_info->sanitized_username = talloc_strdup( vuser->session_info, tmp); + /* Make clear that we require the optional unix_token in the source3 code */ + SMB_ASSERT(vuser->session_info->unix_token); + DEBUG(10,("register_existing_vuid: (%u,%u) %s %s %s guest=%d\n", - (unsigned int)vuser->session_info->utok.uid, - (unsigned int)vuser->session_info->utok.gid, + (unsigned int)vuser->session_info->unix_token->uid, + (unsigned int)vuser->session_info->unix_token->gid, vuser->session_info->unix_name, vuser->session_info->sanitized_username, vuser->session_info->info3->base.domain.string, @@ -302,8 +305,11 @@ int register_existing_vuid(struct smbd_server_connection *sconn, goto fail; } + /* Make clear that we require the optional unix_token in the source3 code */ + SMB_ASSERT(vuser->session_info->unix_token); + DEBUG(3,("register_existing_vuid: UNIX uid %d is UNIX user %s, " - "and will be vuid %u\n", (int)vuser->session_info->utok.uid, + "and will be vuid %u\n", (int)vuser->session_info->unix_token->uid, vuser->session_info->unix_name, vuser->vuid)); if (!session_claim(sconn, vuser)) { diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 25e1aafa0e..e740fb4c57 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -2563,7 +2563,7 @@ static NTSTATUS do_unlink(connection_struct *conn, } /* The set is across all open files on this dev/inode pair. */ - if (!set_delete_on_close(fsp, True, &conn->session_info->utok)) { + if (!set_delete_on_close(fsp, True, conn->session_info->unix_token)) { close_file(req, fsp, NORMAL_CLOSE); return NT_STATUS_ACCESS_DENIED; } @@ -5677,7 +5677,7 @@ void reply_rmdir(struct smb_request *req) goto out; } - if (!set_delete_on_close(fsp, true, &conn->session_info->utok)) { + if (!set_delete_on_close(fsp, true, conn->session_info->unix_token)) { close_file(req, fsp, ERROR_CLOSE); reply_nterror(req, NT_STATUS_ACCESS_DENIED); goto out; diff --git a/source3/smbd/service.c b/source3/smbd/service.c index c772b8a069..0c86ec09f9 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -498,7 +498,7 @@ NTSTATUS set_conn_force_user_group(connection_struct *conn, int snum) status = find_forced_group( conn->force_user, snum, conn->session_info->unix_name, &conn->session_info->security_token->sids[1], - &conn->session_info->utok.gid); + &conn->session_info->unix_token->gid); if (!NT_STATUS_IS_OK(status)) { return status; @@ -510,7 +510,7 @@ NTSTATUS set_conn_force_user_group(connection_struct *conn, int snum) * struct. We only use conn->session_info directly if * "force_user" was set. */ - conn->force_group_gid = conn->session_info->utok.gid; + conn->force_group_gid = conn->session_info->unix_token->gid; } return NT_STATUS_OK; @@ -615,7 +615,7 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn, lp_servicename(SNUM(conn)), conn->session_info->unix_name, conn->connectpath, - conn->session_info->utok.gid, + conn->session_info->unix_token->gid, conn->session_info->sanitized_username, conn->session_info->info3->base.domain.string, lp_pathname(snum)); @@ -737,7 +737,7 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn, lp_servicename(SNUM(conn)), conn->session_info->unix_name, conn->connectpath, - conn->session_info->utok.gid, + conn->session_info->unix_token->gid, conn->session_info->sanitized_username, conn->session_info->info3->base.domain.string, lp_rootpreexec(snum)); @@ -775,7 +775,7 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn, lp_servicename(SNUM(conn)), conn->session_info->unix_name, conn->connectpath, - conn->session_info->utok.gid, + conn->session_info->unix_token->gid, conn->session_info->sanitized_username, conn->session_info->info3->base.domain.string, lp_preexec(snum)); @@ -1095,7 +1095,7 @@ void close_cnum(connection_struct *conn, uint16 vuid) lp_servicename(SNUM(conn)), conn->session_info->unix_name, conn->connectpath, - conn->session_info->utok.gid, + conn->session_info->unix_token->gid, conn->session_info->sanitized_username, conn->session_info->info3->base.domain.string, lp_postexec(SNUM(conn))); @@ -1111,7 +1111,7 @@ void close_cnum(connection_struct *conn, uint16 vuid) lp_servicename(SNUM(conn)), conn->session_info->unix_name, conn->connectpath, - conn->session_info->utok.gid, + conn->session_info->unix_token->gid, conn->session_info->sanitized_username, conn->session_info->info3->base.domain.string, lp_rootpostexec(SNUM(conn))); diff --git a/source3/smbd/session.c b/source3/smbd/session.c index 379a66ce8f..184ce1b3a5 100644 --- a/source3/smbd/session.c +++ b/source3/smbd/session.c @@ -136,12 +136,15 @@ bool session_claim(struct smbd_server_connection *sconn, user_struct *vuser) return false; } + /* Make clear that we require the optional unix_token in the source3 code */ + SMB_ASSERT(vuser->session_info->unix_token); + fstrcpy(sessionid.username, vuser->session_info->unix_name); fstrcpy(sessionid.hostname, sconn->remote_hostname); sessionid.id_num = i; /* Only valid for utmp sessions */ sessionid.pid = pid; - sessionid.uid = vuser->session_info->utok.uid; - sessionid.gid = vuser->session_info->utok.gid; + sessionid.uid = vuser->session_info->unix_token->uid; + sessionid.gid = vuser->session_info->unix_token->gid; fstrcpy(sessionid.remote_machine, get_remote_machine_name()); fstrcpy(sessionid.ip_addr_str, raddr); sessionid.connect_start = time(NULL); diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index b853722eae..bfde938635 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -3386,7 +3386,7 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned + 4 /* num_sids */ + 4 /* SID bytes */ + 4 /* pad/reserved */ - + (conn->session_info->utok.ngroups * 8) + + (conn->session_info->unix_token->ngroups * 8) /* groups list */ + (conn->session_info->security_token->num_sids * SID_MAX_SIZE) @@ -3395,9 +3395,9 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned SIVAL(pdata, 0, flags); SIVAL(pdata, 4, SMB_WHOAMI_MASK); SBIG_UINT(pdata, 8, - (uint64_t)conn->session_info->utok.uid); + (uint64_t)conn->session_info->unix_token->uid); SBIG_UINT(pdata, 16, - (uint64_t)conn->session_info->utok.gid); + (uint64_t)conn->session_info->unix_token->gid); if (data_len >= max_data_bytes) { @@ -3412,7 +3412,7 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned break; } - SIVAL(pdata, 24, conn->session_info->utok.ngroups); + SIVAL(pdata, 24, conn->session_info->unix_token->ngroups); SIVAL(pdata, 28, conn->session_info->security_token->num_sids); /* We walk the SID list twice, but this call is fairly @@ -3434,9 +3434,9 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned data_len = 40; /* GID list */ - for (i = 0; i < conn->session_info->utok.ngroups; ++i) { + for (i = 0; i < conn->session_info->unix_token->ngroups; ++i) { SBIG_UINT(pdata, data_len, - (uint64_t)conn->session_info->utok.groups[i]); + (uint64_t)conn->session_info->unix_token->groups[i]); data_len += 8; } @@ -5817,7 +5817,7 @@ static NTSTATUS smb_set_file_disposition_info(connection_struct *conn, /* The set is across all open files on this dev/inode pair. */ if (!set_delete_on_close(fsp, delete_on_close, - &conn->session_info->utok)) { + conn->session_info->unix_token)) { return NT_STATUS_ACCESS_DENIED; } return NT_STATUS_OK; diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c index 5d703e3a18..b6ea7674b1 100644 --- a/source3/smbd/uid.c +++ b/source3/smbd/uid.c @@ -178,7 +178,7 @@ static bool check_user_ok(connection_struct *conn, "Setting uid as %d\n", conn->session_info->unix_name, sec_initial_uid() )); - conn->session_info->utok.uid = sec_initial_uid(); + conn->session_info->unix_token->uid = sec_initial_uid(); } return(True); @@ -213,10 +213,10 @@ static bool change_to_user_internal(connection_struct *conn, return false; } - uid = conn->session_info->utok.uid; - gid = conn->session_info->utok.gid; - num_groups = conn->session_info->utok.ngroups; - group_list = conn->session_info->utok.groups; + uid = conn->session_info->unix_token->uid; + gid = conn->session_info->unix_token->gid; + num_groups = conn->session_info->unix_token->ngroups; + group_list = conn->session_info->unix_token->groups; /* * See if we should force group for this service. If so this overrides @@ -237,7 +237,7 @@ static bool change_to_user_internal(connection_struct *conn, */ for (i = 0; i < num_groups; i++) { if (group_list[i] == conn->force_group_gid) { - conn->session_info->utok.gid = + conn->session_info->unix_token->gid = conn->force_group_gid; gid = conn->force_group_gid; gid_to_sid(&conn->session_info->security_token @@ -246,7 +246,7 @@ static bool change_to_user_internal(connection_struct *conn, } } } else { - conn->session_info->utok.gid = conn->force_group_gid; + conn->session_info->unix_token->gid = conn->force_group_gid; gid = conn->force_group_gid; gid_to_sid(&conn->session_info->security_token->sids[1], gid); @@ -296,13 +296,13 @@ bool change_to_user(connection_struct *conn, uint16_t vuid) */ if((lp_security() == SEC_SHARE) && (current_user.conn == conn) && - (current_user.ut.uid == conn->session_info->utok.uid)) { + (current_user.ut.uid == conn->session_info->unix_token->uid)) { DEBUG(4,("Skipping user change - already " "user\n")); return(True); } else if ((current_user.conn == conn) && (vuser != NULL) && (current_user.vuid == vuid) && - (current_user.ut.uid == vuser->session_info->utok.uid)) { + (current_user.ut.uid == vuser->session_info->unix_token->uid)) { DEBUG(4,("Skipping user change - already " "user\n")); return(True); @@ -334,7 +334,7 @@ bool change_to_user_by_session(connection_struct *conn, SMB_ASSERT(session_info != NULL); if ((current_user.conn == conn) && - (current_user.ut.uid == session_info->utok.uid)) { + (current_user.ut.uid == session_info->unix_token->uid)) { DEBUG(7, ("Skipping user change - already user\n")); return true; @@ -372,8 +372,8 @@ bool become_authenticated_pipe_user(struct auth3_session_info *session_info) if (!push_sec_ctx()) return False; - set_sec_ctx(session_info->utok.uid, session_info->utok.gid, - session_info->utok.ngroups, session_info->utok.groups, + set_sec_ctx(session_info->unix_token->uid, session_info->unix_token->gid, + session_info->unix_token->ngroups, session_info->unix_token->groups, session_info->security_token); return True; @@ -512,7 +512,7 @@ bool unbecome_user(void) /**************************************************************************** Return the current user we are running effectively as on this connection. - I'd like to make this return conn->session_info->utok.uid, but become_root() + I'd like to make this return conn->session_info->unix_token->uid, but become_root() doesn't alter this value. ****************************************************************************/ @@ -523,7 +523,7 @@ uid_t get_current_uid(connection_struct *conn) /**************************************************************************** Return the current group we are running effectively as on this connection. - I'd like to make this return conn->session_info->utok.gid, but become_root() + I'd like to make this return conn->session_info->unix_token->gid, but become_root() doesn't alter this value. ****************************************************************************/ @@ -534,7 +534,7 @@ gid_t get_current_gid(connection_struct *conn) /**************************************************************************** Return the UNIX token we are running effectively as on this connection. - I'd like to make this return &conn->session_info->utok, but become_root() + I'd like to make this return &conn->session_info->unix_token-> but become_root() doesn't alter this value. ****************************************************************************/ |