diff options
author | Andrew Bartlett <abartlet@samba.org> | 2011-07-15 14:59:14 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2011-07-20 09:17:10 +1000 |
commit | 6d741e918f145c6ec62c22358aabc8162db108fd (patch) | |
tree | 4d562524b2ff71892911331d707e23045984b0d3 /source3/auth | |
parent | f16d8f4eb86ecc4741c25e5ed87b2ea4c6717a31 (diff) | |
download | samba-6d741e918f145c6ec62c22358aabc8162db108fd.tar.gz samba-6d741e918f145c6ec62c22358aabc8162db108fd.tar.bz2 samba-6d741e918f145c6ec62c22358aabc8162db108fd.zip |
s3-auth Use *unix_token rather than utok in struct auth3_session_info
This brings this structure one step closer to the struct auth_session_info.
A few SMB_ASSERT calls are added in some key places to ensure that
this pointer is initialised, to make tracing any bugs here easier in
future.
NOTE: Many of the users of this structure should be reviewed, as unix
and NT access checks are mixed in a way that should just be done using
the NT ACL. This patch has not changed this behaviour however.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Diffstat (limited to 'source3/auth')
-rw-r--r-- | source3/auth/auth_util.c | 85 | ||||
-rw-r--r-- | source3/auth/server_info.c | 9 |
2 files changed, 56 insertions, 38 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 70df256042..59a296774b 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -509,8 +509,8 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx, status = create_token_from_username(session_info, session_info->unix_name, session_info->guest, - &session_info->utok.uid, - &session_info->utok.gid, + &session_info->unix_token->uid, + &session_info->unix_token->gid, &session_info->unix_name, &session_info->security_token); @@ -528,8 +528,8 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx, /* Convert the SIDs to gids. */ - session_info->utok.ngroups = 0; - session_info->utok.groups = NULL; + session_info->unix_token->ngroups = 0; + session_info->unix_token->groups = NULL; t = session_info->security_token; @@ -555,8 +555,8 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx, continue; } if (!add_gid_to_array_unique(session_info, ids[i].id.gid, - &session_info->utok.groups, - &session_info->utok.ngroups)) { + &session_info->unix_token->groups, + &session_info->unix_token->ngroups)) { return NT_STATUS_NO_MEMORY; } } @@ -574,14 +574,14 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx, * the nt token. */ - uid_to_unix_users_sid(session_info->utok.uid, &tmp_sid); + uid_to_unix_users_sid(session_info->unix_token->uid, &tmp_sid); add_sid_to_array_unique(session_info->security_token, &tmp_sid, &session_info->security_token->sids, &session_info->security_token->num_sids); - for ( i=0; i<session_info->utok.ngroups; i++ ) { - gid_to_unix_groups_sid(session_info->utok.groups[i], &tmp_sid); + for ( i=0; i<session_info->unix_token->ngroups; i++ ) { + gid_to_unix_groups_sid(session_info->unix_token->groups[i], &tmp_sid); add_sid_to_array_unique(session_info->security_token, &tmp_sid, &session_info->security_token->sids, &session_info->security_token->num_sids); @@ -589,10 +589,10 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx, security_token_debug(DBGC_AUTH, 10, session_info->security_token); debug_unix_user_token(DBGC_AUTH, 10, - session_info->utok.uid, - session_info->utok.gid, - session_info->utok.ngroups, - session_info->utok.groups); + session_info->unix_token->uid, + session_info->unix_token->gid, + session_info->unix_token->ngroups, + session_info->unix_token->groups); status = log_nt_token(session_info->security_token); if (!NT_STATUS_IS_OK(status)) { @@ -980,12 +980,15 @@ static struct auth_serversupplied_info *copy_session_info_serverinfo(TALLOC_CTX dst->guest = src->guest; dst->system = src->system; - dst->utok.uid = src->utok.uid; - dst->utok.gid = src->utok.gid; - dst->utok.ngroups = src->utok.ngroups; - if (src->utok.ngroups != 0) { + + /* This element must be provided to convert back to an auth_serversupplied_info */ + SMB_ASSERT(src->unix_token); + dst->utok.uid = src->unix_token->uid; + dst->utok.gid = src->unix_token->gid; + dst->utok.ngroups = src->unix_token->ngroups; + if (src->unix_token->ngroups != 0) { dst->utok.groups = (gid_t *)talloc_memdup( - dst, src->utok.groups, + dst, src->unix_token->groups, sizeof(gid_t)*dst->utok.ngroups); } else { dst->utok.groups = NULL; @@ -1039,15 +1042,21 @@ static struct auth3_session_info *copy_serverinfo_session_info(TALLOC_CTX *mem_c dst->guest = src->guest; dst->system = src->system; - dst->utok.uid = src->utok.uid; - dst->utok.gid = src->utok.gid; - dst->utok.ngroups = src->utok.ngroups; + + dst->unix_token = talloc(dst, struct security_unix_token); + if (!dst->unix_token) { + return NULL; + } + + dst->unix_token->uid = src->utok.uid; + dst->unix_token->gid = src->utok.gid; + dst->unix_token->ngroups = src->utok.ngroups; if (src->utok.ngroups != 0) { - dst->utok.groups = (gid_t *)talloc_memdup( - dst, src->utok.groups, - sizeof(gid_t)*dst->utok.ngroups); + dst->unix_token->groups = (gid_t *)talloc_memdup( + dst->unix_token, src->utok.groups, + sizeof(gid_t)*dst->unix_token->ngroups); } else { - dst->utok.groups = NULL; + dst->unix_token->groups = NULL; } if (src->security_token) { @@ -1098,15 +1107,25 @@ struct auth3_session_info *copy_session_info(TALLOC_CTX *mem_ctx, dst->guest = src->guest; dst->system = src->system; - dst->utok.uid = src->utok.uid; - dst->utok.gid = src->utok.gid; - dst->utok.ngroups = src->utok.ngroups; - if (src->utok.ngroups != 0) { - dst->utok.groups = (gid_t *)talloc_memdup( - dst, src->utok.groups, - sizeof(gid_t)*dst->utok.ngroups); + + if (src->unix_token) { + dst->unix_token = talloc(dst, struct security_unix_token); + if (!dst->unix_token) { + return NULL; + } + + dst->unix_token->uid = src->unix_token->uid; + dst->unix_token->gid = src->unix_token->gid; + dst->unix_token->ngroups = src->unix_token->ngroups; + if (src->unix_token->ngroups != 0) { + dst->unix_token->groups = (gid_t *)talloc_memdup( + dst->unix_token, src->unix_token->groups, + sizeof(gid_t)*dst->unix_token->ngroups); + } else { + dst->unix_token->groups = NULL; + } } else { - dst->utok.groups = NULL; + dst->unix_token = NULL; } if (src->security_token) { diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c index 12026060bd..080bd0b058 100644 --- a/source3/auth/server_info.c +++ b/source3/auth/server_info.c @@ -87,12 +87,11 @@ struct auth3_session_info *make_auth3_session_info(TALLOC_CTX *mem_ctx) talloc_set_destructor(result, auth3_session_info_dtor); - /* Initialise the uid and gid values to something non-zero - which may save us from giving away root access if there - is a bug in allocating these fields. */ + /* Initialise the unix_token to NULL which may save us from + giving away root access if there is a bug in allocating + these fields. */ - result->utok.uid = -1; - result->utok.gid = -1; + result->unix_token = NULL; return result; } |