diff options
| author | Jeremy Allison <jra@samba.org> | 2000-08-03 22:38:43 +0000 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2000-08-03 22:38:43 +0000 |
| commit | f87399915b009f88c41cb75a583c2972fe3daf30 (patch) | |
| tree | 874d5861eba4e7ba655f2d94d6b7a8c1e37bfdfc /source3/include | |
| parent | 468af1937d327cc579dbbdae6e4a9b030998f049 (diff) | |
| download | samba-f87399915b009f88c41cb75a583c2972fe3daf30.tar.gz samba-f87399915b009f88c41cb75a583c2972fe3daf30.tar.bz2 samba-f87399915b009f88c41cb75a583c2972fe3daf30.zip | |
Added an NT_USER_TOKEN structure that is copied/passed around associated
with the current user. This will allow se_access_check() to quickly do
a SD check without having to translate uid/gid's to SIDs.
Still needs work on pipe calls.
Jeremy.
(This used to be commit e28d01b744b3dbd33e0e54af4e7f426fa8c082b8)
Diffstat (limited to 'source3/include')
| -rw-r--r-- | source3/include/proto.h | 4 | ||||
| -rw-r--r-- | source3/include/smb.h | 12 | ||||
| -rw-r--r-- | source3/include/vfs.h | 49 |
3 files changed, 62 insertions, 3 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h index 321f3098e9..e630d7019f 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -3546,7 +3546,6 @@ void invalidate_vuid(uint16 vuid); char *validated_username(uint16 vuid); char *validated_domain(uint16 vuid); int initialize_groups(char *user, uid_t uid, gid_t gid); -void setup_nt_token(NT_USER_TOKEN *token, uid_t uid, gid_t gid, int ngroups, gid_t *groups); uint16 register_vuid(uid_t uid,gid_t gid, char *unix_name, char *requested_name, char *domain,BOOL guest); void add_session_user(char *user); @@ -3673,8 +3672,9 @@ int reply_getattrE(connection_struct *conn, char *inbuf,char *outbuf, int size, /*The following definitions come from smbd/sec_ctx.c */ int get_current_groups(int *p_ngroups, gid_t **p_groups); +void delete_nt_token(NT_USER_TOKEN **pptoken); BOOL push_sec_ctx(void); -void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups); +void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN *token); void set_root_sec_ctx(void); BOOL pop_sec_ctx(void); void init_sec_ctx(void); diff --git a/source3/include/smb.h b/source3/include/smb.h index aaebe56f33..03d4b4c9b3 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -383,8 +383,11 @@ struct use_info char *domain; }; +#ifndef MAXSUBAUTHS #define MAXSUBAUTHS 15 /* max sub authorities in a SID */ +#endif +#ifndef _DOM_SID /* DOM_SID - security id */ typedef struct sid_info { @@ -398,16 +401,21 @@ typedef struct sid_info uint32 sub_auths[MAXSUBAUTHS]; /* pointer to sub-authorities. */ } DOM_SID; +#define _DOM_SID +#endif /* * The complete list of SIDS belonging to this user. * Created when a vuid is registered. */ +#ifndef _NT_USER_TOKEN typedef struct _nt_user_token { size_t num_sids; DOM_SID *user_sids; } NT_USER_TOKEN; +#define _NT_USER_TOKEN +#endif /*** query a local group, get a list of these: shows who is in that group ***/ @@ -580,6 +588,7 @@ typedef struct connection_struct /* This groups info is valid for the user that *opened* the connection */ int ngroups; gid_t *groups; + NT_USER_TOKEN *nt_user_token; time_t lastused; BOOL used; @@ -598,6 +607,7 @@ struct current_user gid_t gid; int ngroups; gid_t *groups; + NT_USER_TOKEN *nt_user_token; }; /* @@ -1672,7 +1682,7 @@ typedef struct int n_groups; gid_t *groups; - NT_USER_TOKEN nt_user_token; + NT_USER_TOKEN *nt_user_token; /* per-user authentication information on NT RPCs */ /* lkclXXXX - THIS SHOULD NOT BE HERE! */ diff --git a/source3/include/vfs.h b/source3/include/vfs.h index 1b4e57f2ac..1312935e7f 100644 --- a/source3/include/vfs.h +++ b/source3/include/vfs.h @@ -64,6 +64,54 @@ typedef char fstring[FSTRING_LEN]; #define SMB_BIG_UINT unsigned long #endif +#ifndef MAXSUBAUTHS +#define MAXSUBAUTHS 15 /* max sub authorities in a SID */ +#endif + +#ifndef uint8 +#define uint8 unsigned char +#endif + +#if !defined(uint32) && !defined(HAVE_UINT32_FROM_RPC_RPC_H) +#if (SIZEOF_INT == 4) +#define uint32 unsigned int +#elif (SIZEOF_LONG == 4) +#define uint32 unsigned long +#elif (SIZEOF_SHORT == 4) +#define uint32 unsigned short +#endif +#endif + +#ifndef _DOM_SID +/* DOM_SID - security id */ +typedef struct sid_info +{ + uint8 sid_rev_num; /* SID revision number */ + uint8 num_auths; /* number of sub-authorities */ + uint8 id_auth[6]; /* Identifier Authority */ + /* + * Note that the values in these uint32's are in *native* byteorder, + * not neccessarily little-endian...... JRA. + */ + uint32 sub_auths[MAXSUBAUTHS]; /* pointer to sub-authorities. */ + +} DOM_SID; +#define _DOM_SID +#endif + +/* + * The complete list of SIDS belonging to this user. + * Created when a vuid is registered. + */ + +#ifndef _NT_USER_TOKEN +typedef struct _nt_user_token { + size_t num_sids; + DOM_SID *user_sids; +} NT_USER_TOKEN; +#define _NT_USER_TOKEN +#endif + /* Information from the connection_struct passed to the vfs layer */ struct vfs_connection_struct { @@ -93,6 +141,7 @@ struct vfs_connection_struct { gid_t gid; int ngroups; gid_t *groups; + NT_USER_TOKEN *nt_user_token; }; /* Avoid conflict with an AIX include file */ |