summaryrefslogtreecommitdiff
path: root/source3/include
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2000-08-03 22:38:43 +0000
committerJeremy Allison <jra@samba.org>2000-08-03 22:38:43 +0000
commitf87399915b009f88c41cb75a583c2972fe3daf30 (patch)
tree874d5861eba4e7ba655f2d94d6b7a8c1e37bfdfc /source3/include
parent468af1937d327cc579dbbdae6e4a9b030998f049 (diff)
downloadsamba-f87399915b009f88c41cb75a583c2972fe3daf30.tar.gz
samba-f87399915b009f88c41cb75a583c2972fe3daf30.tar.bz2
samba-f87399915b009f88c41cb75a583c2972fe3daf30.zip
Added an NT_USER_TOKEN structure that is copied/passed around associated
with the current user. This will allow se_access_check() to quickly do a SD check without having to translate uid/gid's to SIDs. Still needs work on pipe calls. Jeremy. (This used to be commit e28d01b744b3dbd33e0e54af4e7f426fa8c082b8)
Diffstat (limited to 'source3/include')
-rw-r--r--source3/include/proto.h4
-rw-r--r--source3/include/smb.h12
-rw-r--r--source3/include/vfs.h49
3 files changed, 62 insertions, 3 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 321f3098e9..e630d7019f 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -3546,7 +3546,6 @@ void invalidate_vuid(uint16 vuid);
char *validated_username(uint16 vuid);
char *validated_domain(uint16 vuid);
int initialize_groups(char *user, uid_t uid, gid_t gid);
-void setup_nt_token(NT_USER_TOKEN *token, uid_t uid, gid_t gid, int ngroups, gid_t *groups);
uint16 register_vuid(uid_t uid,gid_t gid, char *unix_name, char *requested_name,
char *domain,BOOL guest);
void add_session_user(char *user);
@@ -3673,8 +3672,9 @@ int reply_getattrE(connection_struct *conn, char *inbuf,char *outbuf, int size,
/*The following definitions come from smbd/sec_ctx.c */
int get_current_groups(int *p_ngroups, gid_t **p_groups);
+void delete_nt_token(NT_USER_TOKEN **pptoken);
BOOL push_sec_ctx(void);
-void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups);
+void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN *token);
void set_root_sec_ctx(void);
BOOL pop_sec_ctx(void);
void init_sec_ctx(void);
diff --git a/source3/include/smb.h b/source3/include/smb.h
index aaebe56f33..03d4b4c9b3 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -383,8 +383,11 @@ struct use_info
char *domain;
};
+#ifndef MAXSUBAUTHS
#define MAXSUBAUTHS 15 /* max sub authorities in a SID */
+#endif
+#ifndef _DOM_SID
/* DOM_SID - security id */
typedef struct sid_info
{
@@ -398,16 +401,21 @@ typedef struct sid_info
uint32 sub_auths[MAXSUBAUTHS]; /* pointer to sub-authorities. */
} DOM_SID;
+#define _DOM_SID
+#endif
/*
* The complete list of SIDS belonging to this user.
* Created when a vuid is registered.
*/
+#ifndef _NT_USER_TOKEN
typedef struct _nt_user_token {
size_t num_sids;
DOM_SID *user_sids;
} NT_USER_TOKEN;
+#define _NT_USER_TOKEN
+#endif
/*** query a local group, get a list of these: shows who is in that group ***/
@@ -580,6 +588,7 @@ typedef struct connection_struct
/* This groups info is valid for the user that *opened* the connection */
int ngroups;
gid_t *groups;
+ NT_USER_TOKEN *nt_user_token;
time_t lastused;
BOOL used;
@@ -598,6 +607,7 @@ struct current_user
gid_t gid;
int ngroups;
gid_t *groups;
+ NT_USER_TOKEN *nt_user_token;
};
/*
@@ -1672,7 +1682,7 @@ typedef struct
int n_groups;
gid_t *groups;
- NT_USER_TOKEN nt_user_token;
+ NT_USER_TOKEN *nt_user_token;
/* per-user authentication information on NT RPCs */
/* lkclXXXX - THIS SHOULD NOT BE HERE! */
diff --git a/source3/include/vfs.h b/source3/include/vfs.h
index 1b4e57f2ac..1312935e7f 100644
--- a/source3/include/vfs.h
+++ b/source3/include/vfs.h
@@ -64,6 +64,54 @@ typedef char fstring[FSTRING_LEN];
#define SMB_BIG_UINT unsigned long
#endif
+#ifndef MAXSUBAUTHS
+#define MAXSUBAUTHS 15 /* max sub authorities in a SID */
+#endif
+
+#ifndef uint8
+#define uint8 unsigned char
+#endif
+
+#if !defined(uint32) && !defined(HAVE_UINT32_FROM_RPC_RPC_H)
+#if (SIZEOF_INT == 4)
+#define uint32 unsigned int
+#elif (SIZEOF_LONG == 4)
+#define uint32 unsigned long
+#elif (SIZEOF_SHORT == 4)
+#define uint32 unsigned short
+#endif
+#endif
+
+#ifndef _DOM_SID
+/* DOM_SID - security id */
+typedef struct sid_info
+{
+ uint8 sid_rev_num; /* SID revision number */
+ uint8 num_auths; /* number of sub-authorities */
+ uint8 id_auth[6]; /* Identifier Authority */
+ /*
+ * Note that the values in these uint32's are in *native* byteorder,
+ * not neccessarily little-endian...... JRA.
+ */
+ uint32 sub_auths[MAXSUBAUTHS]; /* pointer to sub-authorities. */
+
+} DOM_SID;
+#define _DOM_SID
+#endif
+
+/*
+ * The complete list of SIDS belonging to this user.
+ * Created when a vuid is registered.
+ */
+
+#ifndef _NT_USER_TOKEN
+typedef struct _nt_user_token {
+ size_t num_sids;
+ DOM_SID *user_sids;
+} NT_USER_TOKEN;
+#define _NT_USER_TOKEN
+#endif
+
/* Information from the connection_struct passed to the vfs layer */
struct vfs_connection_struct {
@@ -93,6 +141,7 @@ struct vfs_connection_struct {
gid_t gid;
int ngroups;
gid_t *groups;
+ NT_USER_TOKEN *nt_user_token;
};
/* Avoid conflict with an AIX include file */