summaryrefslogtreecommitdiff
path: root/source3/auth
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2011-07-15 14:59:14 +1000
committerAndrew Bartlett <abartlet@samba.org>2011-07-20 09:17:10 +1000
commit6d741e918f145c6ec62c22358aabc8162db108fd (patch)
tree4d562524b2ff71892911331d707e23045984b0d3 /source3/auth
parentf16d8f4eb86ecc4741c25e5ed87b2ea4c6717a31 (diff)
downloadsamba-6d741e918f145c6ec62c22358aabc8162db108fd.tar.gz
samba-6d741e918f145c6ec62c22358aabc8162db108fd.tar.bz2
samba-6d741e918f145c6ec62c22358aabc8162db108fd.zip
s3-auth Use *unix_token rather than utok in struct auth3_session_info
This brings this structure one step closer to the struct auth_session_info. A few SMB_ASSERT calls are added in some key places to ensure that this pointer is initialised, to make tracing any bugs here easier in future. NOTE: Many of the users of this structure should be reviewed, as unix and NT access checks are mixed in a way that should just be done using the NT ACL. This patch has not changed this behaviour however. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
Diffstat (limited to 'source3/auth')
-rw-r--r--source3/auth/auth_util.c85
-rw-r--r--source3/auth/server_info.c9
2 files changed, 56 insertions, 38 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 70df256042..59a296774b 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -509,8 +509,8 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
status = create_token_from_username(session_info,
session_info->unix_name,
session_info->guest,
- &session_info->utok.uid,
- &session_info->utok.gid,
+ &session_info->unix_token->uid,
+ &session_info->unix_token->gid,
&session_info->unix_name,
&session_info->security_token);
@@ -528,8 +528,8 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
/* Convert the SIDs to gids. */
- session_info->utok.ngroups = 0;
- session_info->utok.groups = NULL;
+ session_info->unix_token->ngroups = 0;
+ session_info->unix_token->groups = NULL;
t = session_info->security_token;
@@ -555,8 +555,8 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
continue;
}
if (!add_gid_to_array_unique(session_info, ids[i].id.gid,
- &session_info->utok.groups,
- &session_info->utok.ngroups)) {
+ &session_info->unix_token->groups,
+ &session_info->unix_token->ngroups)) {
return NT_STATUS_NO_MEMORY;
}
}
@@ -574,14 +574,14 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
* the nt token.
*/
- uid_to_unix_users_sid(session_info->utok.uid, &tmp_sid);
+ uid_to_unix_users_sid(session_info->unix_token->uid, &tmp_sid);
add_sid_to_array_unique(session_info->security_token, &tmp_sid,
&session_info->security_token->sids,
&session_info->security_token->num_sids);
- for ( i=0; i<session_info->utok.ngroups; i++ ) {
- gid_to_unix_groups_sid(session_info->utok.groups[i], &tmp_sid);
+ for ( i=0; i<session_info->unix_token->ngroups; i++ ) {
+ gid_to_unix_groups_sid(session_info->unix_token->groups[i], &tmp_sid);
add_sid_to_array_unique(session_info->security_token, &tmp_sid,
&session_info->security_token->sids,
&session_info->security_token->num_sids);
@@ -589,10 +589,10 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
security_token_debug(DBGC_AUTH, 10, session_info->security_token);
debug_unix_user_token(DBGC_AUTH, 10,
- session_info->utok.uid,
- session_info->utok.gid,
- session_info->utok.ngroups,
- session_info->utok.groups);
+ session_info->unix_token->uid,
+ session_info->unix_token->gid,
+ session_info->unix_token->ngroups,
+ session_info->unix_token->groups);
status = log_nt_token(session_info->security_token);
if (!NT_STATUS_IS_OK(status)) {
@@ -980,12 +980,15 @@ static struct auth_serversupplied_info *copy_session_info_serverinfo(TALLOC_CTX
dst->guest = src->guest;
dst->system = src->system;
- dst->utok.uid = src->utok.uid;
- dst->utok.gid = src->utok.gid;
- dst->utok.ngroups = src->utok.ngroups;
- if (src->utok.ngroups != 0) {
+
+ /* This element must be provided to convert back to an auth_serversupplied_info */
+ SMB_ASSERT(src->unix_token);
+ dst->utok.uid = src->unix_token->uid;
+ dst->utok.gid = src->unix_token->gid;
+ dst->utok.ngroups = src->unix_token->ngroups;
+ if (src->unix_token->ngroups != 0) {
dst->utok.groups = (gid_t *)talloc_memdup(
- dst, src->utok.groups,
+ dst, src->unix_token->groups,
sizeof(gid_t)*dst->utok.ngroups);
} else {
dst->utok.groups = NULL;
@@ -1039,15 +1042,21 @@ static struct auth3_session_info *copy_serverinfo_session_info(TALLOC_CTX *mem_c
dst->guest = src->guest;
dst->system = src->system;
- dst->utok.uid = src->utok.uid;
- dst->utok.gid = src->utok.gid;
- dst->utok.ngroups = src->utok.ngroups;
+
+ dst->unix_token = talloc(dst, struct security_unix_token);
+ if (!dst->unix_token) {
+ return NULL;
+ }
+
+ dst->unix_token->uid = src->utok.uid;
+ dst->unix_token->gid = src->utok.gid;
+ dst->unix_token->ngroups = src->utok.ngroups;
if (src->utok.ngroups != 0) {
- dst->utok.groups = (gid_t *)talloc_memdup(
- dst, src->utok.groups,
- sizeof(gid_t)*dst->utok.ngroups);
+ dst->unix_token->groups = (gid_t *)talloc_memdup(
+ dst->unix_token, src->utok.groups,
+ sizeof(gid_t)*dst->unix_token->ngroups);
} else {
- dst->utok.groups = NULL;
+ dst->unix_token->groups = NULL;
}
if (src->security_token) {
@@ -1098,15 +1107,25 @@ struct auth3_session_info *copy_session_info(TALLOC_CTX *mem_ctx,
dst->guest = src->guest;
dst->system = src->system;
- dst->utok.uid = src->utok.uid;
- dst->utok.gid = src->utok.gid;
- dst->utok.ngroups = src->utok.ngroups;
- if (src->utok.ngroups != 0) {
- dst->utok.groups = (gid_t *)talloc_memdup(
- dst, src->utok.groups,
- sizeof(gid_t)*dst->utok.ngroups);
+
+ if (src->unix_token) {
+ dst->unix_token = talloc(dst, struct security_unix_token);
+ if (!dst->unix_token) {
+ return NULL;
+ }
+
+ dst->unix_token->uid = src->unix_token->uid;
+ dst->unix_token->gid = src->unix_token->gid;
+ dst->unix_token->ngroups = src->unix_token->ngroups;
+ if (src->unix_token->ngroups != 0) {
+ dst->unix_token->groups = (gid_t *)talloc_memdup(
+ dst->unix_token, src->unix_token->groups,
+ sizeof(gid_t)*dst->unix_token->ngroups);
+ } else {
+ dst->unix_token->groups = NULL;
+ }
} else {
- dst->utok.groups = NULL;
+ dst->unix_token = NULL;
}
if (src->security_token) {
diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c
index 12026060bd..080bd0b058 100644
--- a/source3/auth/server_info.c
+++ b/source3/auth/server_info.c
@@ -87,12 +87,11 @@ struct auth3_session_info *make_auth3_session_info(TALLOC_CTX *mem_ctx)
talloc_set_destructor(result, auth3_session_info_dtor);
- /* Initialise the uid and gid values to something non-zero
- which may save us from giving away root access if there
- is a bug in allocating these fields. */
+ /* Initialise the unix_token to NULL which may save us from
+ giving away root access if there is a bug in allocating
+ these fields. */
- result->utok.uid = -1;
- result->utok.gid = -1;
+ result->unix_token = NULL;
return result;
}