s3-auth Use struct auth_user_info_unix for unix_name and sanitized_username

This is closer to the layout of struct auth_session_info in auth.idl

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>

26 files changed, 109 insertions, 100 deletions

diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 59a296774b..f53f63df1f 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -507,11 +507,11 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
 	if (((lp_server_role() == ROLE_DOMAIN_MEMBER) && !winbind_ping()) ||
 	    (server_info->nss_token)) {
 		status = create_token_from_username(session_info,
-						    session_info->unix_name,
+						    session_info->unix_info->unix_name,
 						    session_info->guest,
 						    &session_info->unix_token->uid,
 						    &session_info->unix_token->gid,
-						    &session_info->unix_name,
+						    &session_info->unix_info->unix_name,
 						    &session_info->security_token);
 
 	} else {
@@ -824,7 +824,7 @@ static NTSTATUS make_new_session_info_guest(struct auth3_session_info **session_
 
 	alpha_strcpy(tmp, (*session_info)->info3->base.account_name.string,
 		     ". _-$", sizeof(tmp));
-	(*session_info)->sanitized_username = talloc_strdup(*session_info, tmp);
+	(*session_info)->unix_info->sanitized_username = talloc_strdup(*session_info, tmp);
 
 	status = NT_STATUS_OK;
 done:
@@ -1015,13 +1015,15 @@ static struct auth_serversupplied_info *copy_session_info_serverinfo(TALLOC_CTX
 	}
 	dst->extra = src->extra;
 
-	dst->unix_name = talloc_strdup(dst, src->unix_name);
+	/* This element must be provided to convert back to an auth_serversupplied_info */
+	SMB_ASSERT(src->unix_info);
+	dst->unix_name = talloc_strdup(dst, src->unix_info->unix_name);
 	if (!dst->unix_name) {
 		TALLOC_FREE(dst);
 		return NULL;
 	}
 
-	dst->sanitized_username = talloc_strdup(dst, src->sanitized_username);
+	dst->sanitized_username = talloc_strdup(dst, src->unix_info->sanitized_username);
 	if (!dst->sanitized_username) {
 		TALLOC_FREE(dst);
 		return NULL;
@@ -1080,14 +1082,20 @@ static struct auth3_session_info *copy_serverinfo_session_info(TALLOC_CTX *mem_c
 	}
 	dst->extra = src->extra;
 
-	dst->unix_name = talloc_strdup(dst, src->unix_name);
-	if (!dst->unix_name) {
+	dst->unix_info = talloc_zero(dst, struct auth_user_info_unix);
+	if (!dst->unix_info) {
 		TALLOC_FREE(dst);
 		return NULL;
 	}
 
-	dst->sanitized_username = talloc_strdup(dst, src->sanitized_username);
-	if (!dst->sanitized_username) {
+	dst->unix_info->unix_name = talloc_strdup(dst, src->unix_name);
+	if (!dst->unix_info->unix_name) {
+		TALLOC_FREE(dst);
+		return NULL;
+	}
+
+	dst->unix_info->sanitized_username = talloc_strdup(dst, src->sanitized_username);
+	if (!dst->unix_info->sanitized_username) {
 		TALLOC_FREE(dst);
 		return NULL;
 	}
@@ -1149,16 +1157,24 @@ struct auth3_session_info *copy_session_info(TALLOC_CTX *mem_ctx,
 	}
 	dst->extra = src->extra;
 
-	dst->unix_name = talloc_strdup(dst, src->unix_name);
-	if (!dst->unix_name) {
-		TALLOC_FREE(dst);
-		return NULL;
-	}
+	if (src->unix_info) {
+		dst->unix_info = talloc_zero(dst, struct auth_user_info_unix);
+		if (!dst->unix_info) {
+			TALLOC_FREE(dst);
+			return NULL;
+		}
 
-	dst->sanitized_username = talloc_strdup(dst, src->sanitized_username);
-	if (!dst->sanitized_username) {
-		TALLOC_FREE(dst);
-		return NULL;
+		dst->unix_info->unix_name = talloc_strdup(dst, src->unix_info->unix_name);
+		if (!dst->unix_info->unix_name) {
+			TALLOC_FREE(dst);
+			return NULL;
+		}
+
+		dst->unix_info->sanitized_username = talloc_strdup(dst, src->unix_info->sanitized_username);
+		if (!dst->unix_info->sanitized_username) {
+			TALLOC_FREE(dst);
+			return NULL;
+		}
 	}
 
 	return dst;
diff --git a/source3/include/auth.h b/source3/include/auth.h
index f3c6a04092..11d501f434 100644
--- a/source3/include/auth.h
+++ b/source3/include/auth.h
@@ -112,16 +112,7 @@ struct auth3_session_info {
 	 */
 	bool nss_token;
 
-	char *unix_name;
-
-	/*
-	 * For performance reasons we keep an alpha_strcpy-sanitized version
-	 * of the username around as long as the global variable current_user
-	 * still exists. If we did not do keep this, we'd have to call
-	 * alpha_strcpy whenever we do a become_user(), potentially on every
-	 * smb request. See set_current_user_info.
-	 */
-	char *sanitized_username;
+	struct auth_user_info_unix *unix_info;
 };
 
 struct auth_context {
diff --git a/source3/lib/afs.c b/source3/lib/afs.c
index 11a930b8b9..7a49c5772e 100644
--- a/source3/lib/afs.c
+++ b/source3/lib/afs.c
@@ -231,9 +231,9 @@ bool afs_login(connection_struct *conn)
 	}
 
 	afs_username = talloc_sub_advanced(ctx,
-				SNUM(conn), conn->session_info->unix_name,
+				SNUM(conn), conn->session_info->unix_info->unix_name,
 				conn->connectpath, conn->session_info->unix_token->gid,
-				conn->session_info->sanitized_username,
+				conn->session_info->unix_info->sanitized_username,
 				pdb_get_domain(conn->session_info->sam_account),
 				afs_username);
 	if (!afs_username) {
diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c
index bf3cd5d51e..eae6d15f7c 100644
--- a/source3/lib/substitute.c
+++ b/source3/lib/substitute.c
@@ -815,11 +815,12 @@ void standard_sub_advanced(const char *servicename, const char *user,
 
 char *standard_sub_conn(TALLOC_CTX *ctx, connection_struct *conn, const char *str)
 {
-	/* Make clear that we require the optional unix_token in the source3 code */
+	/* Make clear that we require the optional unix_token and unix_info in the source3 code */
 	SMB_ASSERT(conn->session_info->unix_token);
+	SMB_ASSERT(conn->session_info->unix_info);
 	return talloc_sub_advanced(ctx,
 				lp_servicename(SNUM(conn)),
-				conn->session_info->unix_name,
+				conn->session_info->unix_info->unix_name,
 				conn->connectpath,
 				conn->session_info->unix_token->gid,
 				get_smb_user_name(),
diff --git a/source3/modules/onefs_open.c b/source3/modules/onefs_open.c
index 101dc5bc6e..dd4eb90b13 100644
--- a/source3/modules/onefs_open.c
+++ b/source3/modules/onefs_open.c
@@ -327,7 +327,7 @@ static NTSTATUS onefs_open_file(files_struct *fsp,
 	fsp->wcp = NULL; /* Write cache pointer. */
 
 	DEBUG(2,("%s opened file %s read=%s write=%s (numopen=%d)\n",
-		 conn->session_info->unix_name,
+		 conn->session_info->unix_info->unix_name,
 		 smb_fname_str_dbg(smb_fname),
 		 BOOLSTR(fsp->can_read), BOOLSTR(fsp->can_write),
 		 conn->num_files_open));
diff --git a/source3/modules/vfs_expand_msdfs.c b/source3/modules/vfs_expand_msdfs.c
index 8cb59b2cdd..c857c1a424 100644
--- a/source3/modules/vfs_expand_msdfs.c
+++ b/source3/modules/vfs_expand_msdfs.c
@@ -157,10 +157,10 @@ static char *expand_msdfs_target(TALLOC_CTX *ctx,
 
 	targethost = talloc_sub_advanced(ctx,
 				lp_servicename(SNUM(conn)),
-				conn->session_info->unix_name,
+				conn->session_info->unix_info->unix_name,
 				conn->connectpath,
 				conn->session_info->unix_token->gid,
-				conn->session_info->sanitized_username,
+				conn->session_info->unix_info->sanitized_username,
 				conn->session_info->info3->base.domain.string,
 				targethost);
 
diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c
index 9e7981b408..da28551046 100644
--- a/source3/modules/vfs_full_audit.c
+++ b/source3/modules/vfs_full_audit.c
@@ -406,10 +406,10 @@ static char *audit_prefix(TALLOC_CTX *ctx, connection_struct *conn)
 	}
 	result = talloc_sub_advanced(ctx,
 			lp_servicename(SNUM(conn)),
-			conn->session_info->unix_name,
+			conn->session_info->unix_info->unix_name,
 			conn->connectpath,
 			conn->session_info->unix_token->gid,
-			conn->session_info->sanitized_username,
+			conn->session_info->unix_info->sanitized_username,
 			conn->session_info->info3->base.domain.string,
 			prefix);
 	TALLOC_FREE(prefix);
diff --git a/source3/modules/vfs_recycle.c b/source3/modules/vfs_recycle.c
index 72355cd55e..65de114b83 100644
--- a/source3/modules/vfs_recycle.c
+++ b/source3/modules/vfs_recycle.c
@@ -443,10 +443,10 @@ static int recycle_unlink(vfs_handle_struct *handle,
 	int rc = -1;
 
 	repository = talloc_sub_advanced(NULL, lp_servicename(SNUM(conn)),
-					conn->session_info->unix_name,
+					conn->session_info->unix_info->unix_name,
 					conn->connectpath,
 					conn->session_info->unix_token->gid,
-					conn->session_info->sanitized_username,
+					conn->session_info->unix_info->sanitized_username,
 					conn->session_info->info3->base.domain.string,
 					recycle_repository(handle));
 	ALLOC_CHECK(repository, done);
diff --git a/source3/modules/vfs_smb_traffic_analyzer.c b/source3/modules/vfs_smb_traffic_analyzer.c
index 2ce8beb04f..fb36c4c99e 100644
--- a/source3/modules/vfs_smb_traffic_analyzer.c
+++ b/source3/modules/vfs_smb_traffic_analyzer.c
@@ -459,7 +459,7 @@ static void smb_traffic_analyzer_send_data(vfs_handle_struct *handle,
 	 * function.
 	 */
 	username = smb_traffic_analyzer_anonymize( talloc_tos(),
-			handle->conn->session_info->sanitized_username,
+			handle->conn->session_info->unix_info->sanitized_username,
 			handle);
 
 	if (!username) {
diff --git a/source3/printing/printing.c b/source3/printing/printing.c
index 50ef75b8ef..a2d5c5373b 100644
--- a/source3/printing/printing.c
+++ b/source3/printing/printing.c
@@ -2252,7 +2252,7 @@ static bool is_owner(const struct auth3_session_info *server_info,
 	if (!pjob || !server_info)
 		return False;
 
-	return strequal(pjob->user, server_info->sanitized_username);
+	return strequal(pjob->user, server_info->unix_info->sanitized_username);
 }
 
 /****************************************************************************
@@ -2840,9 +2840,9 @@ WERROR print_job_start(const struct auth3_session_info *server_info,
 	fstrcpy(pjob.clientmachine, clientmachine);
 
 	fstrcpy(pjob.user, lp_printjob_username(snum));
-	standard_sub_advanced(sharename, server_info->sanitized_username,
+	standard_sub_advanced(sharename, server_info->unix_info->sanitized_username,
 			      path, server_info->unix_token->gid,
-			      server_info->sanitized_username,
+			      server_info->unix_info->sanitized_username,
 			      server_info->info3->base.domain.string,
 			      pjob.user, sizeof(pjob.user)-1);
 	/* ensure NULL termination */
diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c
index fa018b424f..eaf1a5b0ba 100644
--- a/source3/rpc_server/lsa/srv_lsa_nt.c
+++ b/source3/rpc_server/lsa/srv_lsa_nt.c
@@ -2411,7 +2411,7 @@ NTSTATUS _lsa_GetUserName(struct pipes_struct *p,
 			return NT_STATUS_NO_MEMORY;
 		}
 	} else {
-		username = p->session_info->sanitized_username;
+		username = p->session_info->unix_info->sanitized_username;
 		domname = p->session_info->info3->base.domain.string;
 	}
 
diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index 52cfc111fb..43861b3045 100644
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -686,7 +686,7 @@ static NTSTATUS close_normal_file(struct smb_request *req, files_struct *fsp,
 	status = ntstatus_keeperror(status, tmp);
 
 	DEBUG(2,("%s closed file %s (numopen=%d) %s\n",
-		conn->session_info->unix_name, fsp_str_dbg(fsp),
+		conn->session_info->unix_info->unix_name, fsp_str_dbg(fsp),
 		conn->num_files_open - 1,
 		nt_errstr(status) ));
 
diff --git a/source3/smbd/fake_file.c b/source3/smbd/fake_file.c
index 68967fb268..2b31ba5ae0 100644
--- a/source3/smbd/fake_file.c
+++ b/source3/smbd/fake_file.c
@@ -147,7 +147,7 @@ NTSTATUS open_fake_file(struct smb_request *req, connection_struct *conn,
 			  "service[%s] file[%s] user[%s]\n",
 			  lp_servicename(SNUM(conn)),
 			  smb_fname_str_dbg(smb_fname),
-			  conn->session_info->unix_name));
+			  conn->session_info->unix_info->unix_name));
 		return NT_STATUS_ACCESS_DENIED;
 
 	}
diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
index f84540fbec..b8fcc3022d 100644
--- a/source3/smbd/lanman.c
+++ b/source3/smbd/lanman.c
@@ -117,10 +117,10 @@ static int CopyExpanded(connection_struct *conn,
 	}
 	buf = talloc_sub_advanced(ctx,
 				lp_servicename(SNUM(conn)),
-				conn->session_info->unix_name,
+				conn->session_info->unix_info->unix_name,
 				conn->connectpath,
 				conn->session_info->unix_token->gid,
-				conn->session_info->sanitized_username,
+				conn->session_info->unix_info->sanitized_username,
 				conn->session_info->info3->base.domain.string,
 				buf);
 	if (!buf) {
@@ -168,10 +168,10 @@ static int StrlenExpanded(connection_struct *conn, int snum, char *s)
 	}
 	buf = talloc_sub_advanced(ctx,
 				lp_servicename(SNUM(conn)),
-				conn->session_info->unix_name,
+				conn->session_info->unix_info->unix_name,
 				conn->connectpath,
 				conn->session_info->unix_token->gid,
-				conn->session_info->sanitized_username,
+				conn->session_info->unix_info->sanitized_username,
 				conn->session_info->info3->base.domain.string,
 				buf);
 	if (!buf) {
@@ -4011,7 +4011,7 @@ static bool api_NetWkstaGetInfo(struct smbd_server_connection *sconn,
 	p += 4;
 
 	SIVAL(p,0,PTR_DIFF(p2,*rdata));
-	strlcpy(p2,conn->session_info->sanitized_username,PTR_DIFF(endp,p2));
+	strlcpy(p2,conn->session_info->unix_info->sanitized_username,PTR_DIFF(endp,p2));
 	p2 = skip_string(*rdata,*rdata_len,p2);
 	if (!p2) {
 		return False;
@@ -4636,7 +4636,7 @@ static bool api_WWkstaUserLogon(struct smbd_server_connection *sconn,
 	if(vuser != NULL) {
 		DEBUG(3,("  Username of UID %d is %s\n",
 			 (int)vuser->session_info->unix_token->uid,
-			 vuser->session_info->unix_name));
+			 vuser->session_info->unix_info->unix_name));
 	}
 
 	uLevel = get_safe_SVAL(param,tpscnt,p,0,-1);
diff --git a/source3/smbd/msdfs.c b/source3/smbd/msdfs.c
index 25a82cdbb0..c71f83dedd 100644
--- a/source3/smbd/msdfs.c
+++ b/source3/smbd/msdfs.c
@@ -272,7 +272,7 @@ NTSTATUS create_conn_struct(TALLOC_CTX *ctx,
 			TALLOC_FREE(conn);
 			return NT_STATUS_NO_MEMORY;
 		}
-		vfs_user = conn->session_info->unix_name;
+		vfs_user = conn->session_info->unix_info->unix_name;
 	} else {
 		/* use current authenticated user in absence of session_info */
 		vfs_user = get_current_username();
@@ -773,7 +773,7 @@ static NTSTATUS dfs_redirect(TALLOC_CTX *ctx,
 	if (!( strequal(pdp->servicename, lp_servicename(SNUM(conn)))
 			|| (strequal(pdp->servicename, HOMES_NAME)
 			&& strequal(lp_servicename(SNUM(conn)),
-				conn->session_info->sanitized_username) )) ) {
+				conn->session_info->unix_info->sanitized_username) )) ) {
 
 		/* The given sharename doesn't match this connection. */
 		TALLOC_FREE(pdp);
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 5fdb07d769..9f745f269e 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -2501,7 +2501,7 @@ static void call_nt_transact_get_user_quota(connection_struct *conn,
 	if (get_current_uid(conn) != 0) {
 		DEBUG(1,("get_user_quota: access_denied service [%s] user "
 			 "[%s]\n", lp_servicename(SNUM(conn)),
-			 conn->session_info->unix_name));
+			 conn->session_info->unix_info->unix_name));
 		reply_nterror(req, NT_STATUS_ACCESS_DENIED);
 		return;
 	}
@@ -2771,7 +2771,7 @@ static void call_nt_transact_set_user_quota(connection_struct *conn,
 	if (get_current_uid(conn) != 0) {
 		DEBUG(1,("set_user_quota: access_denied service [%s] user "
 			 "[%s]\n", lp_servicename(SNUM(conn)),
-			 conn->session_info->unix_name));
+			 conn->session_info->unix_info->unix_name));
 		reply_nterror(req, NT_STATUS_ACCESS_DENIED);
 		return;
 	}
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 5bbcf1e616..d81c278110 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -689,7 +689,7 @@ static NTSTATUS open_file(files_struct *fsp,
 	fsp->wcp = NULL; /* Write cache pointer. */
 
 	DEBUG(2,("%s opened file %s read=%s write=%s (numopen=%d)\n",
-		 conn->session_info->unix_name,
+		 conn->session_info->unix_info->unix_name,
 		 smb_fname_str_dbg(smb_fname),
 		 BOOLSTR(fsp->can_read), BOOLSTR(fsp->can_write),
 		 conn->num_files_open));
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index fb88fd3319..08b53a818e 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -281,22 +281,23 @@ int register_existing_vuid(struct smbd_server_connection *sconn,
 	/* This is a potentially untrusted username */
 	alpha_strcpy(tmp, smb_name, ". _-$", sizeof(tmp));
 
-	vuser->session_info->sanitized_username = talloc_strdup(
+	vuser->session_info->unix_info->sanitized_username = talloc_strdup(
 		vuser->session_info, tmp);
 
-	/* Make clear that we require the optional unix_token in the source3 code */
+	/* Make clear that we require the optional unix_token and unix_info in the source3 code */
 	SMB_ASSERT(vuser->session_info->unix_token);
+	SMB_ASSERT(vuser->session_info->unix_info);
 
 	DEBUG(10,("register_existing_vuid: (%u,%u) %s %s %s guest=%d\n",
 		  (unsigned int)vuser->session_info->unix_token->uid,
 		  (unsigned int)vuser->session_info->unix_token->gid,
-		  vuser->session_info->unix_name,
-		  vuser->session_info->sanitized_username,
+		  vuser->session_info->unix_info->unix_name,
+		  vuser->session_info->unix_info->sanitized_username,
 		  vuser->session_info->info3->base.domain.string,
 		  vuser->session_info->guest ));
 
 	DEBUG(3, ("register_existing_vuid: User name: %s\t"
-		  "Real name: %s\n", vuser->session_info->unix_name,
+		  "Real name: %s\n", vuser->session_info->unix_info->unix_name,
 		  vuser->session_info->info3->base.full_name.string));
 
 	if (!vuser->session_info->security_token) {
@@ -310,7 +311,7 @@ int register_existing_vuid(struct smbd_server_connection *sconn,
 
 	DEBUG(3,("register_existing_vuid: UNIX uid %d is UNIX user %s, "
 		"and will be vuid %u\n", (int)vuser->session_info->unix_token->uid,
-		 vuser->session_info->unix_name, vuser->vuid));
+		 vuser->session_info->unix_info->unix_name, vuser->vuid));
 
 	if (!session_claim(sconn, vuser)) {
 		DEBUG(1, ("register_existing_vuid: Failed to claim session "
@@ -329,7 +330,7 @@ int register_existing_vuid(struct smbd_server_connection *sconn,
 
 	if (!vuser->session_info->guest) {
 		vuser->homes_snum = register_homes_share(
-			vuser->session_info->unix_name);
+			vuser->session_info->unix_info->unix_name);
 	}
 
 	if (srv_is_signing_negotiated(sconn) &&
@@ -343,8 +344,8 @@ int register_existing_vuid(struct smbd_server_connection *sconn,
 
 	/* fill in the current_user_info struct */
 	set_current_user_info(
-		vuser->session_info->sanitized_username,
-		vuser->session_info->unix_name,
+		vuser->session_info->unix_info->sanitized_username,
+		vuser->session_info->unix_info->unix_name,
 		vuser->session_info->info3->base.domain.string);
 
 	return vuser->vuid;
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index 785486137c..66c7d08383 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -1412,8 +1412,8 @@ static connection_struct *switch_message(uint8 type, struct smb_request *req, in
 			vuser = get_valid_user_struct(sconn, session_tag);
 			if (vuser) {
 				set_current_user_info(
-					vuser->session_info->sanitized_username,
-					vuser->session_info->unix_name,
+					vuser->session_info->unix_info->sanitized_username,
+					vuser->session_info->unix_info->unix_name,
 					vuser->session_info->info3->base.domain.string);
 			}
 		}
diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index 0c86ec09f9..47114f1255 100644
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -402,13 +402,13 @@ static NTSTATUS create_connection_session_info(struct smbd_server_connection *sc
                                 return NT_STATUS_ACCESS_DENIED;
                         }
                 } else {
-                        if (!user_ok_token(vuid_serverinfo->unix_name,
+                        if (!user_ok_token(vuid_serverinfo->unix_info->unix_name,
 					   vuid_serverinfo->info3->base.domain.string,
                                            vuid_serverinfo->security_token, snum)) {
                                 DEBUG(2, ("user '%s' (from session setup) not "
                                           "permitted to access this share "
                                           "(%s)\n",
-                                          vuid_serverinfo->unix_name,
+                                          vuid_serverinfo->unix_info->unix_name,
                                           lp_servicename(snum)));
                                 return NT_STATUS_ACCESS_DENIED;
                         }
@@ -496,7 +496,7 @@ NTSTATUS set_conn_force_user_group(connection_struct *conn, int snum)
 	if (*lp_force_group(snum)) {
 
 		status = find_forced_group(
-			conn->force_user, snum, conn->session_info->unix_name,
+			conn->force_user, snum, conn->session_info->unix_info->unix_name,
 			&conn->session_info->security_token->sids[1],
 			&conn->session_info->unix_token->gid);
 
@@ -571,7 +571,7 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn,
 		conn->force_user = true;
 	}
 
-	add_session_user(sconn, conn->session_info->unix_name);
+	add_session_user(sconn, conn->session_info->unix_info->unix_name);
 
 	conn->num_files_open = 0;
 	conn->lastused = conn->lastused_count = time(NULL);
@@ -613,10 +613,10 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn,
 	{
 		char *s = talloc_sub_advanced(talloc_tos(),
 					lp_servicename(SNUM(conn)),
-					conn->session_info->unix_name,
+					conn->session_info->unix_info->unix_name,
 					conn->connectpath,
 					conn->session_info->unix_token->gid,
-					conn->session_info->sanitized_username,
+					conn->session_info->unix_info->sanitized_username,
 					conn->session_info->info3->base.domain.string,
 					lp_pathname(snum));
 		if (!s) {
@@ -700,7 +700,7 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn,
 	   filesystem operation that we do. */
 
 	if (SMB_VFS_CONNECT(conn, lp_servicename(snum),
-			    conn->session_info->unix_name) < 0) {
+			    conn->session_info->unix_info->unix_name) < 0) {
 		DEBUG(0,("make_connection: VFS make connection failed!\n"));
 		*pstatus = NT_STATUS_UNSUCCESSFUL;
 		goto err_root_exit;
@@ -735,10 +735,10 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn,
 	if (*lp_rootpreexec(snum)) {
 		char *cmd = talloc_sub_advanced(talloc_tos(),
 					lp_servicename(SNUM(conn)),
-					conn->session_info->unix_name,
+					conn->session_info->unix_info->unix_name,
 					conn->connectpath,
 					conn->session_info->unix_token->gid,
-					conn->session_info->sanitized_username,
+					conn->session_info->unix_info->sanitized_username,
 					conn->session_info->info3->base.domain.string,
 					lp_rootpreexec(snum));
 		DEBUG(5,("cmd=%s\n",cmd));
@@ -773,10 +773,10 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn,
 	if (*lp_preexec(snum)) {
 		char *cmd = talloc_sub_advanced(talloc_tos(),
 					lp_servicename(SNUM(conn)),
-					conn->session_info->unix_name,
+					conn->session_info->unix_info->unix_name,
 					conn->connectpath,
 					conn->session_info->unix_token->gid,
-					conn->session_info->sanitized_username,
+					conn->session_info->unix_info->sanitized_username,
 					conn->session_info->info3->base.domain.string,
 					lp_preexec(snum));
 		ret = smbrun(cmd,NULL);
@@ -881,7 +881,7 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn,
 		dbgtext( "%s", srv_is_signing_active(sconn) ? "signed " : "");
 		dbgtext( "connect to service %s ", lp_servicename(snum) );
 		dbgtext( "initially as user %s ",
-			 conn->session_info->unix_name );
+			 conn->session_info->unix_info->unix_name );
 		dbgtext( "(uid=%d, gid=%d) ", (int)effuid, (int)effgid );
 		dbgtext( "(pid %d)\n", (int)sys_getpid() );
 	}
@@ -1093,10 +1093,10 @@ void close_cnum(connection_struct *conn, uint16 vuid)
 	    change_to_user(conn, vuid))  {
 		char *cmd = talloc_sub_advanced(talloc_tos(),
 					lp_servicename(SNUM(conn)),
-					conn->session_info->unix_name,
+					conn->session_info->unix_info->unix_name,
 					conn->connectpath,
 					conn->session_info->unix_token->gid,
-					conn->session_info->sanitized_username,
+					conn->session_info->unix_info->sanitized_username,
 					conn->session_info->info3->base.domain.string,
 					lp_postexec(SNUM(conn)));
 		smbrun(cmd,NULL);
@@ -1109,10 +1109,10 @@ void close_cnum(connection_struct *conn, uint16 vuid)
 	if (*lp_rootpostexec(SNUM(conn)))  {
 		char *cmd = talloc_sub_advanced(talloc_tos(),
 					lp_servicename(SNUM(conn)),
-					conn->session_info->unix_name,
+					conn->session_info->unix_info->unix_name,
 					conn->connectpath,
 					conn->session_info->unix_token->gid,
-					conn->session_info->sanitized_username,
+					conn->session_info->unix_info->sanitized_username,
 					conn->session_info->info3->base.domain.string,
 					lp_rootpostexec(SNUM(conn)));
 		smbrun(cmd,NULL);
diff --git a/source3/smbd/session.c b/source3/smbd/session.c
index 184ce1b3a5..a6bc4924b5 100644
--- a/source3/smbd/session.c
+++ b/source3/smbd/session.c
@@ -139,7 +139,7 @@ bool session_claim(struct smbd_server_connection *sconn, user_struct *vuser)
 	/* Make clear that we require the optional unix_token in the source3 code */
 	SMB_ASSERT(vuser->session_info->unix_token);
 
-	fstrcpy(sessionid.username, vuser->session_info->unix_name);
+	fstrcpy(sessionid.username, vuser->session_info->unix_info->unix_name);
 	fstrcpy(sessionid.hostname, sconn->remote_hostname);
 	sessionid.id_num = i;  /* Only valid for utmp sessions */
 	sessionid.pid = pid;
diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index 65454aef18..7e181ef5dd 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -1188,8 +1188,8 @@ static NTSTATUS smbd_smb2_request_check_session(struct smbd_smb2_request *req)
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
-	set_current_user_info(session->session_info->sanitized_username,
-			      session->session_info->unix_name,
+	set_current_user_info(session->session_info->unix_info->sanitized_username,
+			      session->session_info->unix_info->unix_name,
 			      session->session_info->info3->base.domain.string);
 
 	req->session = session;
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 8a4704cb28..fb9fbde502 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -277,12 +277,12 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session,
 
 	/* This is a potentially untrusted username */
 	alpha_strcpy(tmp, user, ". _-$", sizeof(tmp));
-	session->session_info->sanitized_username =
+	session->session_info->unix_info->sanitized_username =
 				talloc_strdup(session->session_info, tmp);
 
 	if (!session->session_info->guest) {
 		session->compat_vuser->homes_snum =
-			register_homes_share(session->session_info->unix_name);
+			register_homes_share(session->session_info->unix_info->unix_name);
 	}
 
 	if (!session_claim(session->sconn, session->compat_vuser)) {
@@ -488,12 +488,12 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s
 		     auth_ntlmssp_get_username(session->auth_ntlmssp_state),
 		     ". _-$",
 		     sizeof(tmp));
-	session->session_info->sanitized_username = talloc_strdup(
+	session->session_info->unix_info->sanitized_username = talloc_strdup(
 		session->session_info, tmp);
 
 	if (!session->compat_vuser->session_info->guest) {
 		session->compat_vuser->homes_snum =
-			register_homes_share(session->session_info->unix_name);
+			register_homes_share(session->session_info->unix_info->unix_name);
 	}
 
 	if (!session_claim(session->sconn, session->compat_vuser)) {
diff --git a/source3/smbd/smb2_tcon.c b/source3/smbd/smb2_tcon.c
index 6b86e24dc2..a302b4ea58 100644
--- a/source3/smbd/smb2_tcon.c
+++ b/source3/smbd/smb2_tcon.c
@@ -186,7 +186,7 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req,
 				"user %s because it was not found "
 				"or created at session setup "
 				"time\n",
-				compat_vuser->session_info->unix_name));
+				compat_vuser->session_info->unix_info->unix_name));
 			return NT_STATUS_BAD_NETWORK_NAME;
 		}
 		snum = compat_vuser->homes_snum;
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index bfde938635..90eb40a62f 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -3209,7 +3209,7 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned
 				DEBUG(0,("set_user_quota: access_denied "
 					 "service [%s] user [%s]\n",
 					 lp_servicename(SNUM(conn)),
-					 conn->session_info->unix_name));
+					 conn->session_info->unix_info->unix_name));
 				return NT_STATUS_ACCESS_DENIED;
 			}
 
@@ -3703,7 +3703,7 @@ cap_low = 0x%x, cap_high = 0x%x\n",
 				if ((get_current_uid(conn) != 0) || !CAN_WRITE(conn)) {
 					DEBUG(0,("set_user_quota: access_denied service [%s] user [%s]\n",
 						 lp_servicename(SNUM(conn)),
-						 conn->session_info->unix_name));
+						 conn->session_info->unix_info->unix_name));
 					reply_nterror(req, NT_STATUS_ACCESS_DENIED);
 					return;
 				}
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index b6ea7674b1..47c9786116 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -109,13 +109,13 @@ static bool check_user_ok(connection_struct *conn,
 		}
 	}
 
-	if (!user_ok_token(session_info->unix_name,
+	if (!user_ok_token(session_info->unix_info->unix_name,
 			   session_info->info3->base.domain.string,
 			   session_info->security_token, snum))
 		return(False);
 
 	readonly_share = is_share_read_only_for_token(
-		session_info->unix_name,
+		session_info->unix_info->unix_name,
 		session_info->info3->base.domain.string,
 		session_info->security_token,
 		conn);
@@ -140,7 +140,7 @@ static bool check_user_ok(connection_struct *conn,
 	}
 
 	admin_user = token_contains_name_in_list(
-		session_info->unix_name,
+		session_info->unix_info->unix_name,
 		session_info->info3->base.domain.string,
 		NULL, session_info->security_token, lp_admin_users(snum));
 
@@ -176,7 +176,7 @@ static bool check_user_ok(connection_struct *conn,
 	if (admin_user) {
 		DEBUG(2,("check_user_ok: user %s is an admin user. "
 			"Setting uid as %d\n",
-			conn->session_info->unix_name,
+			conn->session_info->unix_info->unix_name,
 			sec_initial_uid() ));
 		conn->session_info->unix_token->uid = sec_initial_uid();
 	}
@@ -207,8 +207,8 @@ static bool change_to_user_internal(connection_struct *conn,
 	if (!ok) {
 		DEBUG(2,("SMB user %s (unix user %s) "
 			 "not permitted access to share %s.\n",
-			 session_info->sanitized_username,
-			 session_info->unix_name,
+			 session_info->unix_info->sanitized_username,
+			 session_info->unix_info->unix_name,
 			 lp_servicename(snum)));
 		return false;
 	}