summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2011-02-11 18:49:15 +1100
committerAndrew Bartlett <abartlet@samba.org>2011-03-01 06:29:04 +0100
commit04f5ef83b9c3f6fbe484ceda8376982904b35065 (patch)
treeb343f51fe1b1bfd34ce63db4c6c8baa7ffda9f37
parent2a5ac56742db2830a3c8e644d3f0e2681f58c4ac (diff)
downloadsamba-04f5ef83b9c3f6fbe484ceda8376982904b35065.tar.gz
samba-04f5ef83b9c3f6fbe484ceda8376982904b35065.tar.bz2
samba-04f5ef83b9c3f6fbe484ceda8376982904b35065.zip
s3-auth struct security_unix_token replaces UNIX_USER_TOKEN
-rw-r--r--source3/include/auth.h2
-rw-r--r--source3/include/proto.h12
-rw-r--r--source3/include/smb.h11
-rw-r--r--source3/locking/locking.c22
-rw-r--r--source3/rpc_server/samr/srv_samr_nt.c2
-rw-r--r--source3/smbd/close.c4
-rw-r--r--source3/smbd/globals.h2
-rw-r--r--source3/smbd/msg_idmap.c2
-rw-r--r--source3/smbd/posix_acls.c4
-rw-r--r--source3/smbd/sec_ctx.c2
-rw-r--r--source3/smbd/uid.c2
11 files changed, 29 insertions, 36 deletions
diff --git a/source3/include/auth.h b/source3/include/auth.h
index 93e42b8f27..3b3f6dc6d1 100644
--- a/source3/include/auth.h
+++ b/source3/include/auth.h
@@ -30,7 +30,7 @@ struct auth_serversupplied_info {
bool guest;
bool system;
- struct unix_user_token utok;
+ struct security_unix_token utok;
/* NT group information taken from the info3 structure */
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 0a78acda37..96317b9e7f 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -3040,12 +3040,12 @@ void del_deferred_open_entry(struct share_mode_lock *lck, uint64_t mid,
bool remove_share_oplock(struct share_mode_lock *lck, files_struct *fsp);
bool downgrade_share_oplock(struct share_mode_lock *lck, files_struct *fsp);
NTSTATUS can_set_delete_on_close(files_struct *fsp, uint32 dosmode);
-const UNIX_USER_TOKEN *get_delete_on_close_token(struct share_mode_lock *lck, uint32_t name_hash);
+const struct security_unix_token *get_delete_on_close_token(struct share_mode_lock *lck, uint32_t name_hash);
void set_delete_on_close_lck(files_struct *fsp,
struct share_mode_lock *lck,
bool delete_on_close,
- const UNIX_USER_TOKEN *tok);
-bool set_delete_on_close(files_struct *fsp, bool delete_on_close, const UNIX_USER_TOKEN *tok);
+ const struct security_unix_token *tok);
+bool set_delete_on_close(files_struct *fsp, bool delete_on_close, const struct security_unix_token *tok);
bool is_delete_on_close_set(struct share_mode_lock *lck, uint32_t name_hash);
bool set_sticky_write_time(struct file_id fileid, struct timespec write_time);
bool set_write_time(struct file_id fileid, struct timespec write_time);
@@ -5112,7 +5112,7 @@ void server_encryption_shutdown(void);
/* The following definitions come from smbd/sec_ctx.c */
-bool unix_token_equal(const UNIX_USER_TOKEN *t1, const UNIX_USER_TOKEN *t2);
+bool unix_token_equal(const struct security_unix_token *t1, const struct security_unix_token *t2);
bool push_sec_ctx(void);
void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, struct security_token *token);
void set_root_sec_ctx(void);
@@ -5282,7 +5282,7 @@ bool become_user(connection_struct *conn, uint16 vuid);
bool unbecome_user(void);
uid_t get_current_uid(connection_struct *conn);
gid_t get_current_gid(connection_struct *conn);
-const UNIX_USER_TOKEN *get_current_utok(connection_struct *conn);
+const struct security_unix_token *get_current_utok(connection_struct *conn);
const struct security_token *get_current_nttok(connection_struct *conn);
uint16_t get_current_vuid(connection_struct *conn);
@@ -5421,7 +5421,7 @@ NTSTATUS access_check_object( struct security_descriptor *psd, struct security_t
uint32 des_access, uint32 *acc_granted,
const char *debug );
void map_max_allowed_access(const struct security_token *nt_token,
- const struct unix_user_token *unix_token,
+ const struct security_unix_token *unix_token,
uint32_t *pacc_requested);
/* The following definitions come from ../libds/common/flag_mapping.c */
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 7c9f60d2fe..882b23471b 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -203,13 +203,6 @@ struct lsa_name_info {
#define PRIMARY_USER_SID_INDEX 0
#define PRIMARY_GROUP_SID_INDEX 1
-typedef struct unix_user_token {
- uid_t uid;
- gid_t gid;
- uint32_t ngroups;
- gid_t *groups;
-} UNIX_USER_TOKEN;
-
typedef struct write_cache {
SMB_OFF_T file_size;
SMB_OFF_T offset;
@@ -521,7 +514,7 @@ typedef struct connection_struct {
struct current_user {
connection_struct *conn;
uint16 vuid;
- UNIX_USER_TOKEN ut;
+ struct security_unix_token ut;
struct security_token *nt_user_token;
};
@@ -689,7 +682,7 @@ Offset Data length.
struct delete_token_list {
struct delete_token_list *next, *prev;
uint32_t name_hash;
- UNIX_USER_TOKEN *delete_token;
+ struct security_unix_token *delete_token;
};
struct share_mode_lock {
diff --git a/source3/locking/locking.c b/source3/locking/locking.c
index 1942f44019..00f384a13b 100644
--- a/source3/locking/locking.c
+++ b/source3/locking/locking.c
@@ -584,7 +584,7 @@ static int parse_delete_tokens_list(struct share_mode_lock *lck,
memcpy(&pdtl->name_hash, p, sizeof(pdtl->name_hash));
p += sizeof(pdtl->name_hash);
- pdtl->delete_token = TALLOC_ZERO_P(pdtl, UNIX_USER_TOKEN);
+ pdtl->delete_token = TALLOC_ZERO_P(pdtl, struct security_unix_token);
if (pdtl->delete_token == NULL) {
DEBUG(0,("parse_delete_tokens_list: talloc failed"));
return -1;
@@ -808,7 +808,7 @@ static TDB_DATA unparse_share_modes(const struct share_mode_lock *lck)
/* Store any delete on close tokens. */
for (pdtl = lck->delete_tokens; pdtl; pdtl = pdtl->next) {
- UNIX_USER_TOKEN *pdt = pdtl->delete_token;
+ struct security_unix_token *pdt = pdtl->delete_token;
uint32_t token_size = sizeof(uint32_t) +
sizeof(uint32_t) +
sizeof(uid_t) +
@@ -1461,15 +1461,15 @@ NTSTATUS can_set_delete_on_close(files_struct *fsp, uint32 dosmode)
}
/*************************************************************************
- Return a talloced copy of a UNIX_USER_TOKEN. NULL on fail.
+ Return a talloced copy of a struct security_unix_token. NULL on fail.
(Should this be in locking.c.... ?).
*************************************************************************/
-static UNIX_USER_TOKEN *copy_unix_token(TALLOC_CTX *ctx, const UNIX_USER_TOKEN *tok)
+static struct security_unix_token *copy_unix_token(TALLOC_CTX *ctx, const struct security_unix_token *tok)
{
- UNIX_USER_TOKEN *cpy;
+ struct security_unix_token *cpy;
- cpy = TALLOC_P(ctx, UNIX_USER_TOKEN);
+ cpy = TALLOC_P(ctx, struct security_unix_token);
if (!cpy) {
return NULL;
}
@@ -1494,7 +1494,7 @@ static UNIX_USER_TOKEN *copy_unix_token(TALLOC_CTX *ctx, const UNIX_USER_TOKEN *
static bool add_delete_on_close_token(struct share_mode_lock *lck,
uint32_t name_hash,
- const UNIX_USER_TOKEN *tok)
+ const struct security_unix_token *tok)
{
struct delete_token_list *dtl;
@@ -1521,14 +1521,14 @@ static bool add_delete_on_close_token(struct share_mode_lock *lck,
changed the delete on close flag. This will be noticed
in the close code, the last closer will delete the file
if flag is set.
- This makes a copy of any UNIX_USER_TOKEN into the
+ This makes a copy of any struct security_unix_token into the
lck entry. This function is used when the lock is already granted.
****************************************************************************/
void set_delete_on_close_lck(files_struct *fsp,
struct share_mode_lock *lck,
bool delete_on_close,
- const UNIX_USER_TOKEN *tok)
+ const struct security_unix_token *tok)
{
struct delete_token_list *dtl;
bool ret;
@@ -1565,7 +1565,7 @@ void set_delete_on_close_lck(files_struct *fsp,
SMB_ASSERT(ret);
}
-bool set_delete_on_close(files_struct *fsp, bool delete_on_close, const UNIX_USER_TOKEN *tok)
+bool set_delete_on_close(files_struct *fsp, bool delete_on_close, const struct security_unix_token *tok)
{
struct share_mode_lock *lck;
@@ -1596,7 +1596,7 @@ bool set_delete_on_close(files_struct *fsp, bool delete_on_close, const UNIX_USE
return True;
}
-const UNIX_USER_TOKEN *get_delete_on_close_token(struct share_mode_lock *lck, uint32_t name_hash)
+const struct security_unix_token *get_delete_on_close_token(struct share_mode_lock *lck, uint32_t name_hash)
{
struct delete_token_list *dtl;
diff --git a/source3/rpc_server/samr/srv_samr_nt.c b/source3/rpc_server/samr/srv_samr_nt.c
index d53d859f55..57965cda74 100644
--- a/source3/rpc_server/samr/srv_samr_nt.c
+++ b/source3/rpc_server/samr/srv_samr_nt.c
@@ -250,7 +250,7 @@ done:
********************************************************************/
void map_max_allowed_access(const struct security_token *nt_token,
- const struct unix_user_token *unix_token,
+ const struct security_unix_token *unix_token,
uint32_t *pacc_requested)
{
if (!((*pacc_requested) & MAXIMUM_ALLOWED_ACCESS)) {
diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index 4234f32b7f..547705bc57 100644
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -275,7 +275,7 @@ static NTSTATUS close_remove_share_mode(files_struct *fsp,
NTSTATUS status = NT_STATUS_OK;
NTSTATUS tmp_status;
struct file_id id;
- const UNIX_USER_TOKEN *del_token = NULL;
+ const struct security_unix_token *del_token = NULL;
/* Ensure any pending write time updates are done. */
if (fsp->update_write_time_event) {
@@ -958,7 +958,7 @@ static NTSTATUS close_directory(struct smb_request *req, files_struct *fsp,
bool delete_dir = False;
NTSTATUS status = NT_STATUS_OK;
NTSTATUS status1 = NT_STATUS_OK;
- const UNIX_USER_TOKEN *del_token = NULL;
+ const struct security_unix_token *del_token = NULL;
/*
* NT can set delete_on_close of the last open
diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h
index b10268e6d7..de012483a0 100644
--- a/source3/smbd/globals.h
+++ b/source3/smbd/globals.h
@@ -78,7 +78,7 @@ extern struct smb_srv_trans_enc_ctx *partial_srv_trans_enc_ctx;
extern struct smb_srv_trans_enc_ctx *srv_trans_enc_ctx;
struct sec_ctx {
- UNIX_USER_TOKEN ut;
+ struct security_unix_token ut;
struct security_token *token;
};
/* A stack of security contexts. We include the current context as being
diff --git a/source3/smbd/msg_idmap.c b/source3/smbd/msg_idmap.c
index 0987e87064..8e4d47586c 100644
--- a/source3/smbd/msg_idmap.c
+++ b/source3/smbd/msg_idmap.c
@@ -85,7 +85,7 @@ static bool gid_in_use(const struct user_struct* user, gid_t gid)
while (user) {
if (user->session_info != NULL) {
int i;
- struct unix_user_token utok = user->session_info->utok;
+ struct security_unix_token utok = user->session_info->utok;
if (utok.gid == gid) {
return true;
}
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 8707ff799c..5faf26f8b0 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1306,7 +1306,7 @@ static bool uid_entry_in_group(connection_struct *conn, canon_ace *uid_ace, cano
* and don't need to do the complex user_in_group_sid() call
*/
if (uid_ace->unix_ug.uid == get_current_uid(conn)) {
- const UNIX_USER_TOKEN *curr_utok = NULL;
+ const struct security_unix_token *curr_utok = NULL;
size_t i;
if (group_ace->unix_ug.gid == get_current_gid(conn)) {
@@ -2652,7 +2652,7 @@ static canon_ace *canonicalise_acl(struct connection_struct *conn,
static bool current_user_in_group(connection_struct *conn, gid_t gid)
{
int i;
- const UNIX_USER_TOKEN *utok = get_current_utok(conn);
+ const struct security_unix_token *utok = get_current_utok(conn);
for (i = 0; i < utok->ngroups; i++) {
if (utok->groups[i] == gid) {
diff --git a/source3/smbd/sec_ctx.c b/source3/smbd/sec_ctx.c
index a7479ed67c..9e409dee41 100644
--- a/source3/smbd/sec_ctx.c
+++ b/source3/smbd/sec_ctx.c
@@ -27,7 +27,7 @@ extern struct current_user current_user;
Are two UNIX tokens equal ?
****************************************************************************/
-bool unix_token_equal(const UNIX_USER_TOKEN *t1, const UNIX_USER_TOKEN *t2)
+bool unix_token_equal(const struct security_unix_token *t1, const struct security_unix_token *t2)
{
if (t1->uid != t2->uid || t1->gid != t2->gid ||
t1->ngroups != t2->ngroups) {
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index 0890ae698c..9a6b06dd0f 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -536,7 +536,7 @@ gid_t get_current_gid(connection_struct *conn)
doesn't alter this value.
****************************************************************************/
-const UNIX_USER_TOKEN *get_current_utok(connection_struct *conn)
+const struct security_unix_token *get_current_utok(connection_struct *conn)
{
return &current_user.ut;
}