summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2011-07-15 14:59:14 +1000
committerAndrew Bartlett <abartlet@samba.org>2011-07-20 09:17:10 +1000
commit6d741e918f145c6ec62c22358aabc8162db108fd (patch)
tree4d562524b2ff71892911331d707e23045984b0d3
parentf16d8f4eb86ecc4741c25e5ed87b2ea4c6717a31 (diff)
downloadsamba-6d741e918f145c6ec62c22358aabc8162db108fd.tar.gz
samba-6d741e918f145c6ec62c22358aabc8162db108fd.tar.bz2
samba-6d741e918f145c6ec62c22358aabc8162db108fd.zip
s3-auth Use *unix_token rather than utok in struct auth3_session_info
This brings this structure one step closer to the struct auth_session_info. A few SMB_ASSERT calls are added in some key places to ensure that this pointer is initialised, to make tracing any bugs here easier in future. NOTE: Many of the users of this structure should be reviewed, as unix and NT access checks are mixed in a way that should just be done using the NT ACL. This patch has not changed this behaviour however. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
-rw-r--r--source3/auth/auth_util.c85
-rw-r--r--source3/auth/server_info.c9
-rw-r--r--source3/include/auth.h2
-rw-r--r--source3/lib/afs.c2
-rw-r--r--source3/lib/substitute.c4
-rw-r--r--source3/modules/vfs_expand_msdfs.c2
-rw-r--r--source3/modules/vfs_fake_perms.c8
-rw-r--r--source3/modules/vfs_full_audit.c2
-rw-r--r--source3/modules/vfs_recycle.c2
-rw-r--r--source3/printing/nt_printing.c4
-rw-r--r--source3/printing/printing.c8
-rw-r--r--source3/rpc_server/dfs/srv_dfs_nt.c4
-rw-r--r--source3/rpc_server/epmapper/srv_epmapper.c2
-rw-r--r--source3/rpc_server/lsa/srv_lsa_nt.c12
-rw-r--r--source3/rpc_server/samr/srv_samr_nt.c16
-rw-r--r--source3/rpc_server/spoolss/srv_spoolss_nt.c26
-rw-r--r--source3/rpc_server/srvsvc/srv_srvsvc_nt.c24
-rw-r--r--source3/smbd/connection.c7
-rw-r--r--source3/smbd/lanman.c6
-rw-r--r--source3/smbd/msg_idmap.c10
-rw-r--r--source3/smbd/password.c12
-rw-r--r--source3/smbd/reply.c4
-rw-r--r--source3/smbd/service.c14
-rw-r--r--source3/smbd/session.c7
-rw-r--r--source3/smbd/trans2.c14
-rw-r--r--source3/smbd/uid.c30
26 files changed, 174 insertions, 142 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 70df256042..59a296774b 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -509,8 +509,8 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
status = create_token_from_username(session_info,
session_info->unix_name,
session_info->guest,
- &session_info->utok.uid,
- &session_info->utok.gid,
+ &session_info->unix_token->uid,
+ &session_info->unix_token->gid,
&session_info->unix_name,
&session_info->security_token);
@@ -528,8 +528,8 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
/* Convert the SIDs to gids. */
- session_info->utok.ngroups = 0;
- session_info->utok.groups = NULL;
+ session_info->unix_token->ngroups = 0;
+ session_info->unix_token->groups = NULL;
t = session_info->security_token;
@@ -555,8 +555,8 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
continue;
}
if (!add_gid_to_array_unique(session_info, ids[i].id.gid,
- &session_info->utok.groups,
- &session_info->utok.ngroups)) {
+ &session_info->unix_token->groups,
+ &session_info->unix_token->ngroups)) {
return NT_STATUS_NO_MEMORY;
}
}
@@ -574,14 +574,14 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
* the nt token.
*/
- uid_to_unix_users_sid(session_info->utok.uid, &tmp_sid);
+ uid_to_unix_users_sid(session_info->unix_token->uid, &tmp_sid);
add_sid_to_array_unique(session_info->security_token, &tmp_sid,
&session_info->security_token->sids,
&session_info->security_token->num_sids);
- for ( i=0; i<session_info->utok.ngroups; i++ ) {
- gid_to_unix_groups_sid(session_info->utok.groups[i], &tmp_sid);
+ for ( i=0; i<session_info->unix_token->ngroups; i++ ) {
+ gid_to_unix_groups_sid(session_info->unix_token->groups[i], &tmp_sid);
add_sid_to_array_unique(session_info->security_token, &tmp_sid,
&session_info->security_token->sids,
&session_info->security_token->num_sids);
@@ -589,10 +589,10 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
security_token_debug(DBGC_AUTH, 10, session_info->security_token);
debug_unix_user_token(DBGC_AUTH, 10,
- session_info->utok.uid,
- session_info->utok.gid,
- session_info->utok.ngroups,
- session_info->utok.groups);
+ session_info->unix_token->uid,
+ session_info->unix_token->gid,
+ session_info->unix_token->ngroups,
+ session_info->unix_token->groups);
status = log_nt_token(session_info->security_token);
if (!NT_STATUS_IS_OK(status)) {
@@ -980,12 +980,15 @@ static struct auth_serversupplied_info *copy_session_info_serverinfo(TALLOC_CTX
dst->guest = src->guest;
dst->system = src->system;
- dst->utok.uid = src->utok.uid;
- dst->utok.gid = src->utok.gid;
- dst->utok.ngroups = src->utok.ngroups;
- if (src->utok.ngroups != 0) {
+
+ /* This element must be provided to convert back to an auth_serversupplied_info */
+ SMB_ASSERT(src->unix_token);
+ dst->utok.uid = src->unix_token->uid;
+ dst->utok.gid = src->unix_token->gid;
+ dst->utok.ngroups = src->unix_token->ngroups;
+ if (src->unix_token->ngroups != 0) {
dst->utok.groups = (gid_t *)talloc_memdup(
- dst, src->utok.groups,
+ dst, src->unix_token->groups,
sizeof(gid_t)*dst->utok.ngroups);
} else {
dst->utok.groups = NULL;
@@ -1039,15 +1042,21 @@ static struct auth3_session_info *copy_serverinfo_session_info(TALLOC_CTX *mem_c
dst->guest = src->guest;
dst->system = src->system;
- dst->utok.uid = src->utok.uid;
- dst->utok.gid = src->utok.gid;
- dst->utok.ngroups = src->utok.ngroups;
+
+ dst->unix_token = talloc(dst, struct security_unix_token);
+ if (!dst->unix_token) {
+ return NULL;
+ }
+
+ dst->unix_token->uid = src->utok.uid;
+ dst->unix_token->gid = src->utok.gid;
+ dst->unix_token->ngroups = src->utok.ngroups;
if (src->utok.ngroups != 0) {
- dst->utok.groups = (gid_t *)talloc_memdup(
- dst, src->utok.groups,
- sizeof(gid_t)*dst->utok.ngroups);
+ dst->unix_token->groups = (gid_t *)talloc_memdup(
+ dst->unix_token, src->utok.groups,
+ sizeof(gid_t)*dst->unix_token->ngroups);
} else {
- dst->utok.groups = NULL;
+ dst->unix_token->groups = NULL;
}
if (src->security_token) {
@@ -1098,15 +1107,25 @@ struct auth3_session_info *copy_session_info(TALLOC_CTX *mem_ctx,
dst->guest = src->guest;
dst->system = src->system;
- dst->utok.uid = src->utok.uid;
- dst->utok.gid = src->utok.gid;
- dst->utok.ngroups = src->utok.ngroups;
- if (src->utok.ngroups != 0) {
- dst->utok.groups = (gid_t *)talloc_memdup(
- dst, src->utok.groups,
- sizeof(gid_t)*dst->utok.ngroups);
+
+ if (src->unix_token) {
+ dst->unix_token = talloc(dst, struct security_unix_token);
+ if (!dst->unix_token) {
+ return NULL;
+ }
+
+ dst->unix_token->uid = src->unix_token->uid;
+ dst->unix_token->gid = src->unix_token->gid;
+ dst->unix_token->ngroups = src->unix_token->ngroups;
+ if (src->unix_token->ngroups != 0) {
+ dst->unix_token->groups = (gid_t *)talloc_memdup(
+ dst->unix_token, src->unix_token->groups,
+ sizeof(gid_t)*dst->unix_token->ngroups);
+ } else {
+ dst->unix_token->groups = NULL;
+ }
} else {
- dst->utok.groups = NULL;
+ dst->unix_token = NULL;
}
if (src->security_token) {
diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c
index 12026060bd..080bd0b058 100644
--- a/source3/auth/server_info.c
+++ b/source3/auth/server_info.c
@@ -87,12 +87,11 @@ struct auth3_session_info *make_auth3_session_info(TALLOC_CTX *mem_ctx)
talloc_set_destructor(result, auth3_session_info_dtor);
- /* Initialise the uid and gid values to something non-zero
- which may save us from giving away root access if there
- is a bug in allocating these fields. */
+ /* Initialise the unix_token to NULL which may save us from
+ giving away root access if there is a bug in allocating
+ these fields. */
- result->utok.uid = -1;
- result->utok.gid = -1;
+ result->unix_token = NULL;
return result;
}
diff --git a/source3/include/auth.h b/source3/include/auth.h
index b1e5c32c36..f3c6a04092 100644
--- a/source3/include/auth.h
+++ b/source3/include/auth.h
@@ -79,7 +79,7 @@ struct auth3_session_info {
bool guest;
bool system;
- struct security_unix_token utok;
+ struct security_unix_token *unix_token;
/* NT group information taken from the info3 structure */
diff --git a/source3/lib/afs.c b/source3/lib/afs.c
index 61a588cfa3..11a930b8b9 100644
--- a/source3/lib/afs.c
+++ b/source3/lib/afs.c
@@ -232,7 +232,7 @@ bool afs_login(connection_struct *conn)
afs_username = talloc_sub_advanced(ctx,
SNUM(conn), conn->session_info->unix_name,
- conn->connectpath, conn->session_info->utok.gid,
+ conn->connectpath, conn->session_info->unix_token->gid,
conn->session_info->sanitized_username,
pdb_get_domain(conn->session_info->sam_account),
afs_username);
diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c
index df217bc03f..bf3cd5d51e 100644
--- a/source3/lib/substitute.c
+++ b/source3/lib/substitute.c
@@ -815,11 +815,13 @@ void standard_sub_advanced(const char *servicename, const char *user,
char *standard_sub_conn(TALLOC_CTX *ctx, connection_struct *conn, const char *str)
{
+ /* Make clear that we require the optional unix_token in the source3 code */
+ SMB_ASSERT(conn->session_info->unix_token);
return talloc_sub_advanced(ctx,
lp_servicename(SNUM(conn)),
conn->session_info->unix_name,
conn->connectpath,
- conn->session_info->utok.gid,
+ conn->session_info->unix_token->gid,
get_smb_user_name(),
"",
str);
diff --git a/source3/modules/vfs_expand_msdfs.c b/source3/modules/vfs_expand_msdfs.c
index 76a918f754..8cb59b2cdd 100644
--- a/source3/modules/vfs_expand_msdfs.c
+++ b/source3/modules/vfs_expand_msdfs.c
@@ -159,7 +159,7 @@ static char *expand_msdfs_target(TALLOC_CTX *ctx,
lp_servicename(SNUM(conn)),
conn->session_info->unix_name,
conn->connectpath,
- conn->session_info->utok.gid,
+ conn->session_info->unix_token->gid,
conn->session_info->sanitized_username,
conn->session_info->info3->base.domain.string,
targethost);
diff --git a/source3/modules/vfs_fake_perms.c b/source3/modules/vfs_fake_perms.c
index ade2407543..a7de8af6b1 100644
--- a/source3/modules/vfs_fake_perms.c
+++ b/source3/modules/vfs_fake_perms.c
@@ -41,8 +41,8 @@ static int fake_perms_stat(vfs_handle_struct *handle,
} else {
smb_fname->st.st_ex_mode = S_IRWXU;
}
- smb_fname->st.st_ex_uid = handle->conn->session_info->utok.uid;
- smb_fname->st.st_ex_gid = handle->conn->session_info->utok.gid;
+ smb_fname->st.st_ex_uid = handle->conn->session_info->unix_token->uid;
+ smb_fname->st.st_ex_gid = handle->conn->session_info->unix_token->gid;
}
return ret;
@@ -59,8 +59,8 @@ static int fake_perms_fstat(vfs_handle_struct *handle, files_struct *fsp, SMB_ST
} else {
sbuf->st_ex_mode = S_IRWXU;
}
- sbuf->st_ex_uid = handle->conn->session_info->utok.uid;
- sbuf->st_ex_gid = handle->conn->session_info->utok.gid;
+ sbuf->st_ex_uid = handle->conn->session_info->unix_token->uid;
+ sbuf->st_ex_gid = handle->conn->session_info->unix_token->gid;
}
return ret;
}
diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c
index 19092c4df0..9e7981b408 100644
--- a/source3/modules/vfs_full_audit.c
+++ b/source3/modules/vfs_full_audit.c
@@ -408,7 +408,7 @@ static char *audit_prefix(TALLOC_CTX *ctx, connection_struct *conn)
lp_servicename(SNUM(conn)),
conn->session_info->unix_name,
conn->connectpath,
- conn->session_info->utok.gid,
+ conn->session_info->unix_token->gid,
conn->session_info->sanitized_username,
conn->session_info->info3->base.domain.string,
prefix);
diff --git a/source3/modules/vfs_recycle.c b/source3/modules/vfs_recycle.c
index 5c4f8706cb..72355cd55e 100644
--- a/source3/modules/vfs_recycle.c
+++ b/source3/modules/vfs_recycle.c
@@ -445,7 +445,7 @@ static int recycle_unlink(vfs_handle_struct *handle,
repository = talloc_sub_advanced(NULL, lp_servicename(SNUM(conn)),
conn->session_info->unix_name,
conn->connectpath,
- conn->session_info->utok.gid,
+ conn->session_info->unix_token->gid,
conn->session_info->sanitized_username,
conn->session_info->info3->base.domain.string,
recycle_repository(handle));
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index dc3654c63f..0023515bb1 100644
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -1737,7 +1737,7 @@ bool print_access_check(const struct auth3_session_info *session_info,
/* Always allow root or SE_PRINT_OPERATROR to do anything */
- if (session_info->utok.uid == sec_initial_uid()
+ if (session_info->unix_token->uid == sec_initial_uid()
|| security_token_has_privilege(session_info->security_token, SEC_PRIV_PRINT_OPERATOR)) {
return True;
}
@@ -1802,7 +1802,7 @@ bool print_access_check(const struct auth3_session_info *session_info,
/* see if we need to try the printer admin list */
if (!NT_STATUS_IS_OK(status) &&
- (token_contains_name_in_list(uidtoname(session_info->utok.uid),
+ (token_contains_name_in_list(uidtoname(session_info->unix_token->uid),
session_info->info3->base.domain.string,
NULL, session_info->security_token,
lp_printer_admin(snum)))) {
diff --git a/source3/printing/printing.c b/source3/printing/printing.c
index 31d558c791..50ef75b8ef 100644
--- a/source3/printing/printing.c
+++ b/source3/printing/printing.c
@@ -2282,7 +2282,7 @@ WERROR print_job_delete(const struct auth3_session_info *server_info,
sys_adminlog( LOG_ERR,
"Permission denied-- user not allowed to delete, \
pause, or resume print job. User name: %s. Printer name: %s.",
- uidtoname(server_info->utok.uid),
+ uidtoname(server_info->unix_token->uid),
lp_printername(snum) );
/* END_ADMIN_LOG */
@@ -2359,7 +2359,7 @@ bool print_job_pause(const struct auth3_session_info *server_info,
sys_adminlog( LOG_ERR,
"Permission denied-- user not allowed to delete, \
pause, or resume print job. User name: %s. Printer name: %s.",
- uidtoname(server_info->utok.uid),
+ uidtoname(server_info->unix_token->uid),
lp_printername(snum) );
/* END_ADMIN_LOG */
@@ -2425,7 +2425,7 @@ bool print_job_resume(const struct auth3_session_info *server_info,
sys_adminlog( LOG_ERR,
"Permission denied-- user not allowed to delete, \
pause, or resume print job. User name: %s. Printer name: %s.",
- uidtoname(server_info->utok.uid),
+ uidtoname(server_info->unix_token->uid),
lp_printername(snum) );
/* END_ADMIN_LOG */
return False;
@@ -2841,7 +2841,7 @@ WERROR print_job_start(const struct auth3_session_info *server_info,
fstrcpy(pjob.user, lp_printjob_username(snum));
standard_sub_advanced(sharename, server_info->sanitized_username,
- path, server_info->utok.gid,
+ path, server_info->unix_token->gid,
server_info->sanitized_username,
server_info->info3->base.domain.string,
pjob.user, sizeof(pjob.user)-1);
diff --git a/source3/rpc_server/dfs/srv_dfs_nt.c b/source3/rpc_server/dfs/srv_dfs_nt.c
index 5b4e423393..d77989db2f 100644
--- a/source3/rpc_server/dfs/srv_dfs_nt.c
+++ b/source3/rpc_server/dfs/srv_dfs_nt.c
@@ -54,7 +54,7 @@ WERROR _dfs_Add(struct pipes_struct *p, struct dfs_Add *r)
NTSTATUS status;
TALLOC_CTX *ctx = talloc_tos();
- if (p->session_info->utok.uid != sec_initial_uid()) {
+ if (p->session_info->unix_token->uid != sec_initial_uid()) {
DEBUG(10,("_dfs_add: uid != 0. Access denied.\n"));
return WERR_ACCESS_DENIED;
}
@@ -119,7 +119,7 @@ WERROR _dfs_Remove(struct pipes_struct *p, struct dfs_Remove *r)
TALLOC_CTX *ctx = talloc_tos();
char *altpath = NULL;
- if (p->session_info->utok.uid != sec_initial_uid()) {
+ if (p->session_info->unix_token->uid != sec_initial_uid()) {
DEBUG(10,("_dfs_remove: uid != 0. Access denied.\n"));
return WERR_ACCESS_DENIED;
}
diff --git a/source3/rpc_server/epmapper/srv_epmapper.c b/source3/rpc_server/epmapper/srv_epmapper.c
index 8e049fcb24..8ee7cb53f0 100644
--- a/source3/rpc_server/epmapper/srv_epmapper.c
+++ b/source3/rpc_server/epmapper/srv_epmapper.c
@@ -234,7 +234,7 @@ static uint32_t build_ep_list(TALLOC_CTX *mem_ctx,
static bool is_priviledged_pipe(struct auth3_session_info *info) {
/* If the user is not root, or has the system token, fail */
- if ((info->utok.uid != sec_initial_uid()) &&
+ if ((info->unix_token->uid != sec_initial_uid()) &&
!security_token_is_system(info->security_token)) {
return false;
}
diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c
index 2342a0e8aa..fa018b424f 100644
--- a/source3/rpc_server/lsa/srv_lsa_nt.c
+++ b/source3/rpc_server/lsa/srv_lsa_nt.c
@@ -434,7 +434,7 @@ NTSTATUS _lsa_OpenPolicy2(struct pipes_struct *p,
/* Work out max allowed. */
map_max_allowed_access(p->session_info->security_token,
- &p->session_info->utok,
+ p->session_info->unix_token,
&des_access);
/* map the generic bits to the lsa policy ones */
@@ -1504,7 +1504,7 @@ static NTSTATUS _lsa_OpenTrustedDomain_base(struct pipes_struct *p,
/* Work out max allowed. */
map_max_allowed_access(p->session_info->security_token,
- &p->session_info->utok,
+ p->session_info->unix_token,
&access_mask);
/* map the generic bits to the lsa account ones */
@@ -1701,14 +1701,14 @@ NTSTATUS _lsa_CreateTrustedDomainEx2(struct pipes_struct *p,
return NT_STATUS_ACCESS_DENIED;
}
- if (p->session_info->utok.uid != sec_initial_uid() &&
+ if (p->session_info->unix_token->uid != sec_initial_uid() &&
!nt_token_check_domain_rid(p->session_info->security_token, DOMAIN_RID_ADMINS)) {
return NT_STATUS_ACCESS_DENIED;
}
/* Work out max allowed. */
map_max_allowed_access(p->session_info->security_token,
- &p->session_info->utok,
+ p->session_info->unix_token,
&r->in.access_mask);
/* map the generic bits to the lsa policy ones */
@@ -2466,7 +2466,7 @@ NTSTATUS _lsa_CreateAccount(struct pipes_struct *p,
/* Work out max allowed. */
map_max_allowed_access(p->session_info->security_token,
- &p->session_info->utok,
+ p->session_info->unix_token,
&r->in.access_mask);
/* map the generic bits to the lsa policy ones */
@@ -2530,7 +2530,7 @@ NTSTATUS _lsa_OpenAccount(struct pipes_struct *p,
/* Work out max allowed. */
map_max_allowed_access(p->session_info->security_token,
- &p->session_info->utok,
+ p->session_info->unix_token,
&des_access);
/* map the generic bits to the lsa account ones */
diff --git a/source3/rpc_server/samr/srv_samr_nt.c b/source3/rpc_server/samr/srv_samr_nt.c
index 9b91ef3d2b..b9bf4b0790 100644
--- a/source3/rpc_server/samr/srv_samr_nt.c
+++ b/source3/rpc_server/samr/srv_samr_nt.c
@@ -454,7 +454,7 @@ NTSTATUS _samr_OpenDomain(struct pipes_struct *p,
/*check if access can be granted as requested by client. */
map_max_allowed_access(p->session_info->security_token,
- &p->session_info->utok,
+ p->session_info->unix_token,
&des_access);
make_samr_object_sd( p->mem_ctx, &psd, &sd_size, &dom_generic_mapping, NULL, 0 );
@@ -2210,7 +2210,7 @@ NTSTATUS _samr_OpenUser(struct pipes_struct *p,
/* check if access can be granted as requested by client. */
map_max_allowed_access(p->session_info->security_token,
- &p->session_info->utok,
+ p->session_info->unix_token,
&des_access);
make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &usr_generic_mapping, &sid, SAMR_USR_RIGHTS_WRITE_PW);
@@ -3790,7 +3790,7 @@ NTSTATUS _samr_CreateUser2(struct pipes_struct *p,
}
DEBUG(5, ("_samr_CreateUser2: %s can add this account : %s\n",
- uidtoname(p->session_info->utok.uid),
+ uidtoname(p->session_info->unix_token->uid),
can_add_account ? "True":"False" ));
if (!can_add_account) {
@@ -3816,7 +3816,7 @@ NTSTATUS _samr_CreateUser2(struct pipes_struct *p,
sid_compose(&sid, get_global_sam_sid(), *r->out.rid);
map_max_allowed_access(p->session_info->security_token,
- &p->session_info->utok,
+ p->session_info->unix_token,
&des_access);
make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &usr_generic_mapping,
@@ -3899,7 +3899,7 @@ NTSTATUS _samr_Connect(struct pipes_struct *p,
user level access control on shares) --jerry */
map_max_allowed_access(p->session_info->security_token,
- &p->session_info->utok,
+ p->session_info->unix_token,
&des_access);
se_map_generic( &des_access, &sam_generic_mapping );
@@ -3961,7 +3961,7 @@ NTSTATUS _samr_Connect2(struct pipes_struct *p,
}
map_max_allowed_access(p->session_info->security_token,
- &p->session_info->utok,
+ p->session_info->unix_token,
&des_access);
make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &sam_generic_mapping, NULL, 0);
@@ -4176,7 +4176,7 @@ NTSTATUS _samr_OpenAlias(struct pipes_struct *p,
/*check if access can be granted as requested by client. */
map_max_allowed_access(p->session_info->security_token,
- &p->session_info->utok,
+ p->session_info->unix_token,
&des_access);
make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &ali_generic_mapping, NULL, 0);
@@ -6257,7 +6257,7 @@ NTSTATUS _samr_OpenGroup(struct pipes_struct *p,
/*check if access can be granted as requested by client. */
map_max_allowed_access(p->session_info->security_token,
- &p->session_info->utok,
+ p->session_info->unix_token,
&des_access);
make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &grp_generic_mapping, NULL, 0);
diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c
index 6d62bcb526..12dcc27615 100644
--- a/source3/rpc_server/spoolss/srv_spoolss_nt.c
+++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c
@@ -1827,11 +1827,11 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p,
/* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege,
and not a printer admin, then fail */
- if ((p->session_info->utok.uid != sec_initial_uid()) &&
+ if ((p->session_info->unix_token->uid != sec_initial_uid()) &&
!security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR) &&
!nt_token_check_sid(&global_sid_Builtin_Print_Operators, p->session_info->security_token) &&
!token_contains_name_in_list(
- uidtoname(p->session_info->utok.uid),
+ uidtoname(p->session_info->unix_token->uid),
p->session_info->info3->base.domain.string,
NULL,
p->session_info->security_token,
@@ -1914,7 +1914,7 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p,
return WERR_ACCESS_DENIED;
}
- if (!user_ok_token(uidtoname(p->session_info->utok.uid), NULL,
+ if (!user_ok_token(uidtoname(p->session_info->unix_token->uid), NULL,
p->session_info->security_token, snum) ||
!print_access_check(p->session_info,
p->msg_ctx,
@@ -2091,10 +2091,10 @@ WERROR _spoolss_DeletePrinterDriver(struct pipes_struct *p,
/* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege,
and not a printer admin, then fail */
- if ( (p->session_info->utok.uid != sec_initial_uid())
+ if ( (p->session_info->unix_token->uid != sec_initial_uid())
&& !security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR)
&& !token_contains_name_in_list(
- uidtoname(p->session_info->utok.uid),
+ uidtoname(p->session_info->unix_token->uid),
p->session_info->info3->base.domain.string,
NULL,
p->session_info->security_token,
@@ -2195,10 +2195,10 @@ WERROR _spoolss_DeletePrinterDriverEx(struct pipes_struct *p,
/* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege,
and not a printer admin, then fail */
- if ( (p->session_info->utok.uid != sec_initial_uid())
+ if ( (p->session_info->unix_token->uid != sec_initial_uid())
&& !security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR)
&& !token_contains_name_in_list(
- uidtoname(p->session_info->utok.uid),
+ uidtoname(p->session_info->unix_token->uid),
p->session_info->info3->base.domain.string,
NULL,
p->session_info->security_token, lp_printer_admin(-1)) )
@@ -8550,9 +8550,9 @@ WERROR _spoolss_AddForm(struct pipes_struct *p,
/* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege,
and not a printer admin, then fail */
- if ((p->session_info->utok.uid != sec_initial_uid()) &&
+ if ((p->session_info->unix_token->uid != sec_initial_uid()) &&
!security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR) &&
- !token_contains_name_in_list(uidtoname(p->session_info->utok.uid),
+ !token_contains_name_in_list(uidtoname(p->session_info->unix_token->uid),
p->session_info->info3->base.domain.string,
NULL,
p->session_info->security_token,
@@ -8623,9 +8623,9 @@ WERROR _spoolss_DeleteForm(struct pipes_struct *p,
return WERR_BADFID;
}
- if ((p->session_info->utok.uid != sec_initial_uid()) &&
+ if ((p->session_info->unix_token->uid != sec_initial_uid()) &&
!security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR) &&
- !token_contains_name_in_list(uidtoname(p->session_info->utok.uid),
+ !token_contains_name_in_list(uidtoname(p->session_info->unix_token->uid),
p->session_info->info3->base.domain.string,
NULL,
p->session_info->security_token,
@@ -8692,9 +8692,9 @@ WERROR _spoolss_SetForm(struct pipes_struct *p,
/* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege,
and not a printer admin, then fail */
- if ((p->session_info->utok.uid != sec_initial_uid()) &&
+ if ((p->session_info->unix_token->uid != sec_initial_uid()) &&
!security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR) &&
- !token_contains_name_in_list(uidtoname(p->session_info->utok.uid),
+ !token_contains_name_in_list(uidtoname(p->session_info->unix_token->uid),
p->session_info->info3->base.domain.string,
NULL,
p->session_info->security_token,
diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
index 7d52a761b6..4766573f62 100644
--- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
@@ -288,7 +288,7 @@ static void init_srv_share_info_1(struct pipes_struct *p,
remark = talloc_sub_advanced(
p->mem_ctx, lp_servicename(snum),
get_current_username(), lp_pathname(snum),
- p->session_info->utok.uid, get_current_username(),
+ p->session_info->unix_token->uid, get_current_username(),
"", remark);
}
@@ -316,7 +316,7 @@ static void init_srv_share_info_2(struct pipes_struct *p,
remark = talloc_sub_advanced(
p->mem_ctx, lp_servicename(snum),
get_current_username(), lp_pathname(snum),
- p->session_info->utok.uid, get_current_username(),
+ p->session_info->unix_token->uid, get_current_username(),
"", remark);
}
path = talloc_asprintf(p->mem_ctx,
@@ -381,7 +381,7 @@ static void init_srv_share_info_501(struct pipes_struct *p,
remark = talloc_sub_advanced(
p->mem_ctx, lp_servicename(snum),
get_current_username(), lp_pathname(snum),
- p->session_info->utok.uid, get_current_username(),
+ p->session_info->unix_token->uid, get_current_username(),
"", remark);
}
@@ -410,7 +410,7 @@ static void init_srv_share_info_502(struct pipes_struct *p,
remark = talloc_sub_advanced(
p->mem_ctx, lp_servicename(snum),
get_current_username(), lp_pathname(snum),
- p->session_info->utok.uid, get_current_username(),
+ p->session_info->unix_token->uid, get_current_username(),
"", remark);
}
path = talloc_asprintf(ctx, "C:%s", lp_pathname(snum));
@@ -451,7 +451,7 @@ static void init_srv_share_info_1004(struct pipes_struct *p,
remark = talloc_sub_advanced(
p->mem_ctx, lp_servicename(snum),
get_current_username(), lp_pathname(snum),
- p->session_info->utok.uid, get_current_username(),
+ p->session_info->unix_token->uid, get_current_username(),
"", remark);
}
@@ -1333,7 +1333,7 @@ WERROR _srvsvc_NetSessDel(struct pipes_struct *p,
/* fail out now if you are not root or not a domain admin */
- if ((p->session_info->utok.uid != sec_initial_uid()) &&
+ if ((p->session_info->unix_token->uid != sec_initial_uid()) &&
( ! nt_token_check_domain_rid(p->session_info->security_token,
DOMAIN_RID_ADMINS))) {
@@ -1347,7 +1347,7 @@ WERROR _srvsvc_NetSessDel(struct pipes_struct *p,
NTSTATUS ntstat;
- if (p->session_info->utok.uid != sec_initial_uid()) {
+ if (p->session_info->unix_token->uid != sec_initial_uid()) {
not_root = True;
become_root();
}
@@ -1572,11 +1572,11 @@ WERROR _srvsvc_NetShareSetInfo(struct pipes_struct *p,
/* fail out now if you are not root and not a disk op */
- if ( p->session_info->utok.uid != sec_initial_uid() && !is_disk_op ) {
+ if ( p->session_info->unix_token->uid != sec_initial_uid() && !is_disk_op ) {
DEBUG(2,("_srvsvc_NetShareSetInfo: uid %u doesn't have the "
"SeDiskOperatorPrivilege privilege needed to modify "
"share %s\n",
- (unsigned int)p->session_info->utok.uid,
+ (unsigned int)p->session_info->unix_token->uid,
share_name ));
return WERR_ACCESS_DENIED;
}
@@ -1773,7 +1773,7 @@ WERROR _srvsvc_NetShareAdd(struct pipes_struct *p,
is_disk_op = security_token_has_privilege(p->session_info->security_token, SEC_PRIV_DISK_OPERATOR);
- if (p->session_info->utok.uid != sec_initial_uid() && !is_disk_op )
+ if (p->session_info->unix_token->uid != sec_initial_uid() && !is_disk_op )
return WERR_ACCESS_DENIED;
if (!lp_add_share_cmd() || !*lp_add_share_cmd()) {
@@ -1979,7 +1979,7 @@ WERROR _srvsvc_NetShareDel(struct pipes_struct *p,
is_disk_op = security_token_has_privilege(p->session_info->security_token, SEC_PRIV_DISK_OPERATOR);
- if (p->session_info->utok.uid != sec_initial_uid() && !is_disk_op )
+ if (p->session_info->unix_token->uid != sec_initial_uid() && !is_disk_op )
return WERR_ACCESS_DENIED;
if (!lp_delete_share_cmd() || !*lp_delete_share_cmd()) {
@@ -2549,7 +2549,7 @@ WERROR _srvsvc_NetFileClose(struct pipes_struct *p,
is_disk_op = security_token_has_privilege(p->session_info->security_token, SEC_PRIV_DISK_OPERATOR);
- if (p->session_info->utok.uid != sec_initial_uid() && !is_disk_op) {
+ if (p->session_info->unix_token->uid != sec_initial_uid() && !is_disk_op) {
return WERR_ACCESS_DENIED;
}
diff --git a/source3/smbd/connection.c b/source3/smbd/connection.c
index 048604c5c9..7e49664162 100644
--- a/source3/smbd/connection.c
+++ b/source3/smbd/connection.c
@@ -149,13 +149,16 @@ bool claim_connection(connection_struct *conn, const char *name)
return False;
}
+ /* Make clear that we require the optional unix_token in the source3 code */
+ SMB_ASSERT(conn->session_info->unix_token);
+
/* fill in the crec */
ZERO_STRUCT(crec);
crec.magic = 0x280267;
crec.pid = sconn_server_id(conn->sconn);
crec.cnum = conn->cnum;
- crec.uid = conn->session_info->utok.uid;
- crec.gid = conn->session_info->utok.gid;
+ crec.uid = conn->session_info->unix_token->uid;
+ crec.gid = conn->session_info->unix_token->gid;
strlcpy(crec.servicename, lp_servicename(SNUM(conn)),
sizeof(crec.servicename));
crec.start = time(NULL);
diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
index 63fdd03f44..f84540fbec 100644
--- a/source3/smbd/lanman.c
+++ b/source3/smbd/lanman.c
@@ -119,7 +119,7 @@ static int CopyExpanded(connection_struct *conn,
lp_servicename(SNUM(conn)),
conn->session_info->unix_name,
conn->connectpath,
- conn->session_info->utok.gid,
+ conn->session_info->unix_token->gid,
conn->session_info->sanitized_username,
conn->session_info->info3->base.domain.string,
buf);
@@ -170,7 +170,7 @@ static int StrlenExpanded(connection_struct *conn, int snum, char *s)
lp_servicename(SNUM(conn)),
conn->session_info->unix_name,
conn->connectpath,
- conn->session_info->utok.gid,
+ conn->session_info->unix_token->gid,
conn->session_info->sanitized_username,
conn->session_info->info3->base.domain.string,
buf);
@@ -4635,7 +4635,7 @@ static bool api_WWkstaUserLogon(struct smbd_server_connection *sconn,
if(vuser != NULL) {
DEBUG(3,(" Username of UID %d is %s\n",
- (int)vuser->session_info->utok.uid,
+ (int)vuser->session_info->unix_token->uid,
vuser->session_info->unix_name));
}
diff --git a/source3/smbd/msg_idmap.c b/source3/smbd/msg_idmap.c
index 2a00f1bbb9..b534ac3846 100644
--- a/source3/smbd/msg_idmap.c
+++ b/source3/smbd/msg_idmap.c
@@ -73,7 +73,7 @@ static bool parse_id(const char* str, struct id* id)
static bool uid_in_use(const struct user_struct* user, uid_t uid)
{
while (user) {
- if (user->session_info && (user->session_info->utok.uid == uid)) {
+ if (user->session_info && (user->session_info->unix_token->uid == uid)) {
return true;
}
user = user->next;
@@ -86,12 +86,12 @@ static bool gid_in_use(const struct user_struct* user, gid_t gid)
while (user) {
if (user->session_info != NULL) {
int i;
- struct security_unix_token utok = user->session_info->utok;
- if (utok.gid == gid) {
+ struct security_unix_token *utok = user->session_info->unix_token;
+ if (utok->gid == gid) {
return true;
}
- for(i=0; i<utok.ngroups; i++) {
- if (utok.groups[i] == gid) {
+ for(i=0; i<utok->ngroups; i++) {
+ if (utok->groups[i] == gid) {
return true;
}
}
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index f32989da54..fb88fd3319 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -284,9 +284,12 @@ int register_existing_vuid(struct smbd_server_connection *sconn,
vuser->session_info->sanitized_username = talloc_strdup(
vuser->session_info, tmp);
+ /* Make clear that we require the optional unix_token in the source3 code */
+ SMB_ASSERT(vuser->session_info->unix_token);
+
DEBUG(10,("register_existing_vuid: (%u,%u) %s %s %s guest=%d\n",
- (unsigned int)vuser->session_info->utok.uid,
- (unsigned int)vuser->session_info->utok.gid,
+ (unsigned int)vuser->session_info->unix_token->uid,
+ (unsigned int)vuser->session_info->unix_token->gid,
vuser->session_info->unix_name,
vuser->session_info->sanitized_username,
vuser->session_info->info3->base.domain.string,
@@ -302,8 +305,11 @@ int register_existing_vuid(struct smbd_server_connection *sconn,
goto fail;
}
+ /* Make clear that we require the optional unix_token in the source3 code */
+ SMB_ASSERT(vuser->session_info->unix_token);
+
DEBUG(3,("register_existing_vuid: UNIX uid %d is UNIX user %s, "
- "and will be vuid %u\n", (int)vuser->session_info->utok.uid,
+ "and will be vuid %u\n", (int)vuser->session_info->unix_token->uid,
vuser->session_info->unix_name, vuser->vuid));
if (!session_claim(sconn, vuser)) {
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 25e1aafa0e..e740fb4c57 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -2563,7 +2563,7 @@ static NTSTATUS do_unlink(connection_struct *conn,
}
/* The set is across all open files on this dev/inode pair. */
- if (!set_delete_on_close(fsp, True, &conn->session_info->utok)) {
+ if (!set_delete_on_close(fsp, True, conn->session_info->unix_token)) {
close_file(req, fsp, NORMAL_CLOSE);
return NT_STATUS_ACCESS_DENIED;
}
@@ -5677,7 +5677,7 @@ void reply_rmdir(struct smb_request *req)
goto out;
}
- if (!set_delete_on_close(fsp, true, &conn->session_info->utok)) {
+ if (!set_delete_on_close(fsp, true, conn->session_info->unix_token)) {
close_file(req, fsp, ERROR_CLOSE);
reply_nterror(req, NT_STATUS_ACCESS_DENIED);
goto out;
diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index c772b8a069..0c86ec09f9 100644
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -498,7 +498,7 @@ NTSTATUS set_conn_force_user_group(connection_struct *conn, int snum)
status = find_forced_group(
conn->force_user, snum, conn->session_info->unix_name,
&conn->session_info->security_token->sids[1],
- &conn->session_info->utok.gid);
+ &conn->session_info->unix_token->gid);
if (!NT_STATUS_IS_OK(status)) {
return status;
@@ -510,7 +510,7 @@ NTSTATUS set_conn_force_user_group(connection_struct *conn, int snum)
* struct. We only use conn->session_info directly if
* "force_user" was set.
*/
- conn->force_group_gid = conn->session_info->utok.gid;
+ conn->force_group_gid = conn->session_info->unix_token->gid;
}
return NT_STATUS_OK;
@@ -615,7 +615,7 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn,
lp_servicename(SNUM(conn)),
conn->session_info->unix_name,
conn->connectpath,
- conn->session_info->utok.gid,
+ conn->session_info->unix_token->gid,
conn->session_info->sanitized_username,
conn->session_info->info3->base.domain.string,
lp_pathname(snum));
@@ -737,7 +737,7 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn,
lp_servicename(SNUM(conn)),
conn->session_info->unix_name,
conn->connectpath,
- conn->session_info->utok.gid,
+ conn->session_info->unix_token->gid,
conn->session_info->sanitized_username,
conn->session_info->info3->base.domain.string,
lp_rootpreexec(snum));
@@ -775,7 +775,7 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn,
lp_servicename(SNUM(conn)),
conn->session_info->unix_name,
conn->connectpath,
- conn->session_info->utok.gid,
+ conn->session_info->unix_token->gid,
conn->session_info->sanitized_username,
conn->session_info->info3->base.domain.string,
lp_preexec(snum));
@@ -1095,7 +1095,7 @@ void close_cnum(connection_struct *conn, uint16 vuid)
lp_servicename(SNUM(conn)),
conn->session_info->unix_name,
conn->connectpath,
- conn->session_info->utok.gid,
+ conn->session_info->unix_token->gid,
conn->session_info->sanitized_username,
conn->session_info->info3->base.domain.string,
lp_postexec(SNUM(conn)));
@@ -1111,7 +1111,7 @@ void close_cnum(connection_struct *conn, uint16 vuid)
lp_servicename(SNUM(conn)),
conn->session_info->unix_name,
conn->connectpath,
- conn->session_info->utok.gid,
+ conn->session_info->unix_token->gid,
conn->session_info->sanitized_username,
conn->session_info->info3->base.domain.string,
lp_rootpostexec(SNUM(conn)));
diff --git a/source3/smbd/session.c b/source3/smbd/session.c
index 379a66ce8f..184ce1b3a5 100644
--- a/source3/smbd/session.c
+++ b/source3/smbd/session.c
@@ -136,12 +136,15 @@ bool session_claim(struct smbd_server_connection *sconn, user_struct *vuser)
return false;
}
+ /* Make clear that we require the optional unix_token in the source3 code */
+ SMB_ASSERT(vuser->session_info->unix_token);
+
fstrcpy(sessionid.username, vuser->session_info->unix_name);
fstrcpy(sessionid.hostname, sconn->remote_hostname);
sessionid.id_num = i; /* Only valid for utmp sessions */
sessionid.pid = pid;
- sessionid.uid = vuser->session_info->utok.uid;
- sessionid.gid = vuser->session_info->utok.gid;
+ sessionid.uid = vuser->session_info->unix_token->uid;
+ sessionid.gid = vuser->session_info->unix_token->gid;
fstrcpy(sessionid.remote_machine, get_remote_machine_name());
fstrcpy(sessionid.ip_addr_str, raddr);
sessionid.connect_start = time(NULL);
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index b853722eae..bfde938635 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -3386,7 +3386,7 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned
+ 4 /* num_sids */
+ 4 /* SID bytes */
+ 4 /* pad/reserved */
- + (conn->session_info->utok.ngroups * 8)
+ + (conn->session_info->unix_token->ngroups * 8)
/* groups list */
+ (conn->session_info->security_token->num_sids *
SID_MAX_SIZE)
@@ -3395,9 +3395,9 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned
SIVAL(pdata, 0, flags);
SIVAL(pdata, 4, SMB_WHOAMI_MASK);
SBIG_UINT(pdata, 8,
- (uint64_t)conn->session_info->utok.uid);
+ (uint64_t)conn->session_info->unix_token->uid);
SBIG_UINT(pdata, 16,
- (uint64_t)conn->session_info->utok.gid);
+ (uint64_t)conn->session_info->unix_token->gid);
if (data_len >= max_data_bytes) {
@@ -3412,7 +3412,7 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned
break;
}
- SIVAL(pdata, 24, conn->session_info->utok.ngroups);
+ SIVAL(pdata, 24, conn->session_info->unix_token->ngroups);
SIVAL(pdata, 28, conn->session_info->security_token->num_sids);
/* We walk the SID list twice, but this call is fairly
@@ -3434,9 +3434,9 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned
data_len = 40;
/* GID list */
- for (i = 0; i < conn->session_info->utok.ngroups; ++i) {
+ for (i = 0; i < conn->session_info->unix_token->ngroups; ++i) {
SBIG_UINT(pdata, data_len,
- (uint64_t)conn->session_info->utok.groups[i]);
+ (uint64_t)conn->session_info->unix_token->groups[i]);
data_len += 8;
}
@@ -5817,7 +5817,7 @@ static NTSTATUS smb_set_file_disposition_info(connection_struct *conn,
/* The set is across all open files on this dev/inode pair. */
if (!set_delete_on_close(fsp, delete_on_close,
- &conn->session_info->utok)) {
+ conn->session_info->unix_token)) {
return NT_STATUS_ACCESS_DENIED;
}
return NT_STATUS_OK;
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index 5d703e3a18..b6ea7674b1 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -178,7 +178,7 @@ static bool check_user_ok(connection_struct *conn,
"Setting uid as %d\n",
conn->session_info->unix_name,
sec_initial_uid() ));
- conn->session_info->utok.uid = sec_initial_uid();
+ conn->session_info->unix_token->uid = sec_initial_uid();
}
return(True);
@@ -213,10 +213,10 @@ static bool change_to_user_internal(connection_struct *conn,
return false;
}
- uid = conn->session_info->utok.uid;
- gid = conn->session_info->utok.gid;
- num_groups = conn->session_info->utok.ngroups;
- group_list = conn->session_info->utok.groups;
+ uid = conn->session_info->unix_token->uid;
+ gid = conn->session_info->unix_token->gid;
+ num_groups = conn->session_info->unix_token->ngroups;
+ group_list = conn->session_info->unix_token->groups;
/*
* See if we should force group for this service. If so this overrides
@@ -237,7 +237,7 @@ static bool change_to_user_internal(connection_struct *conn,
*/
for (i = 0; i < num_groups; i++) {
if (group_list[i] == conn->force_group_gid) {
- conn->session_info->utok.gid =
+ conn->session_info->unix_token->gid =
conn->force_group_gid;
gid = conn->force_group_gid;
gid_to_sid(&conn->session_info->security_token
@@ -246,7 +246,7 @@ static bool change_to_user_internal(connection_struct *conn,
}
}
} else {
- conn->session_info->utok.gid = conn->force_group_gid;
+ conn->session_info->unix_token->gid = conn->force_group_gid;
gid = conn->force_group_gid;
gid_to_sid(&conn->session_info->security_token->sids[1],
gid);
@@ -296,13 +296,13 @@ bool change_to_user(connection_struct *conn, uint16_t vuid)
*/
if((lp_security() == SEC_SHARE) && (current_user.conn == conn) &&
- (current_user.ut.uid == conn->session_info->utok.uid)) {
+ (current_user.ut.uid == conn->session_info->unix_token->uid)) {
DEBUG(4,("Skipping user change - already "
"user\n"));
return(True);
} else if ((current_user.conn == conn) &&
(vuser != NULL) && (current_user.vuid == vuid) &&
- (current_user.ut.uid == vuser->session_info->utok.uid)) {
+ (current_user.ut.uid == vuser->session_info->unix_token->uid)) {
DEBUG(4,("Skipping user change - already "
"user\n"));
return(True);
@@ -334,7 +334,7 @@ bool change_to_user_by_session(connection_struct *conn,
SMB_ASSERT(session_info != NULL);
if ((current_user.conn == conn) &&
- (current_user.ut.uid == session_info->utok.uid)) {
+ (current_user.ut.uid == session_info->unix_token->uid)) {
DEBUG(7, ("Skipping user change - already user\n"));
return true;
@@ -372,8 +372,8 @@ bool become_authenticated_pipe_user(struct auth3_session_info *session_info)
if (!push_sec_ctx())
return False;
- set_sec_ctx(session_info->utok.uid, session_info->utok.gid,
- session_info->utok.ngroups, session_info->utok.groups,
+ set_sec_ctx(session_info->unix_token->uid, session_info->unix_token->gid,
+ session_info->unix_token->ngroups, session_info->unix_token->groups,
session_info->security_token);
return True;
@@ -512,7 +512,7 @@ bool unbecome_user(void)
/****************************************************************************
Return the current user we are running effectively as on this connection.
- I'd like to make this return conn->session_info->utok.uid, but become_root()
+ I'd like to make this return conn->session_info->unix_token->uid, but become_root()
doesn't alter this value.
****************************************************************************/
@@ -523,7 +523,7 @@ uid_t get_current_uid(connection_struct *conn)
/****************************************************************************
Return the current group we are running effectively as on this connection.
- I'd like to make this return conn->session_info->utok.gid, but become_root()
+ I'd like to make this return conn->session_info->unix_token->gid, but become_root()
doesn't alter this value.
****************************************************************************/
@@ -534,7 +534,7 @@ gid_t get_current_gid(connection_struct *conn)
/****************************************************************************
Return the UNIX token we are running effectively as on this connection.
- I'd like to make this return &conn->session_info->utok, but become_root()
+ I'd like to make this return &conn->session_info->unix_token-> but become_root()
doesn't alter this value.
****************************************************************************/