diff options
author | Jeremy Allison <jra@samba.org> | 2000-08-02 02:11:55 +0000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2000-08-02 02:11:55 +0000 |
commit | 17dcd9a834fc915fb1ff2d8042a23000eeb7acfa (patch) | |
tree | 18a9a8cfa2883baf163da29265fd08b8a3b81c9f /source3/lib | |
parent | 7f36df301e28dc8ca0e5bfadc109d6e907d9ba2b (diff) | |
download | samba-17dcd9a834fc915fb1ff2d8042a23000eeb7acfa.tar.gz samba-17dcd9a834fc915fb1ff2d8042a23000eeb7acfa.tar.bz2 samba-17dcd9a834fc915fb1ff2d8042a23000eeb7acfa.zip |
Started to canonicalize our handling of uid -> sid code in order to
get ready and fix se_access_check().
Added cannonical lookup_name(), lookup_sid(), uid_to_sid(), gid_to_sid()
functions that look via winbind first the fall back on local lookup.
All Samba should use these rather than trying to call winbindd code
directly.
Added NT_USER_TOKEN struct in user_struct, contains list of NT sids
associated with this user.
se_access_check() should use this (cached) value rather than attempting
to do the same thing itself when given a uid/gid pair.
More work needs to be done to preserve these things accross security
context changes (especially with the tricky pipe problem) but I'm
beginning to see how this will be done..... probably by registering
a new vuid for an authenticated RPC pipe and not treating the
pipe calls specially.
More thoughts needed - but we're almost there...
Jeremy.
(This used to be commit 5e5cc6efe2e4687be59085f562caea1e2e05d0a8)
Diffstat (limited to 'source3/lib')
-rw-r--r-- | source3/lib/util_seaccess.c | 46 |
1 files changed, 27 insertions, 19 deletions
diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 05a7a30635..52696d2d30 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -99,12 +99,12 @@ static BOOL check_ace(SEC_ACE *ace, BOOL is_owner, DOM_SID *sid, sid_to_string(sid_str, sid); sid_to_string(ace_sid_str, &ace->sid); - if (!winbind_lookup_sid(sid, name_dom, name, &name_type)) { + if (!lookup_sid(sid, name_dom, name, &name_type)) { fstrcpy(name_dom, "UNKNOWN"); fstrcpy(name, "UNKNOWN"); } - if (!winbind_lookup_sid(&ace->sid, ace_name_dom, ace_name, + if (!lookup_sid(&ace->sid, ace_name_dom, ace_name, &name_type)) { fstrcpy(ace_name_dom, "UNKNOWN"); fstrcpy(ace_name, "UNKNOWN"); @@ -208,6 +208,7 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, uint32 acc_desired, uint32 *acc_granted, uint32 *status) { DOM_SID user_sid, group_sid; + DOM_SID owner_sid; DOM_SID **group_sids = NULL; int i, j; uint ngroup_sids = 0; @@ -215,25 +216,30 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, uint8 check_ace_type; fstring sid_str; - if (!status || !acc_granted) return False; + if (!status || !acc_granted) + return False; *status = NT_STATUS_ACCESS_DENIED; *acc_granted = 0; - /* No security descriptor allows all access */ + /* + * No security descriptor or security descriptor with no DACL + * present allows all access. + */ - if (!sd) { + if (!sd || (sd && (!(sd->type & SEC_DESC_DACL_PRESENT) || sd->dacl == NULL))) { *status = NT_STATUS_NOPROBLEMO; *acc_granted = acc_desired; acc_desired = 0; - DEBUG(3, ("no sd, access allowed\n")); - - goto done; + DEBUG(3, ("se_access_check: no sd or blank DACL, access allowed\n")); + goto done; } /* If desired access mask is empty then no access is allowed */ if (acc_desired == 0) { + *status = NT_STATUS_ACCESS_DENIED; + *acc_granted = 0; goto done; } @@ -246,12 +252,12 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, /* Create user sid */ - if (!winbind_uid_to_sid(user->uid, &user_sid)) { + if (!uid_to_sid(&user_sid, user->uid)) { DEBUG(3, ("could not lookup sid for uid %d\n", user->uid)); + goto done; } - sid_to_string(sid_str, &user_sid); - DEBUG(3, ("user sid is %s\n", sid_str)); + DEBUG(3, ("se_access_check: user sid is %s\n", sid_to_string(sid_str, &user_sid) )); /* If we're the owner, then we can do anything */ @@ -266,8 +272,9 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, /* Create group sid */ - if (!winbind_gid_to_sid(user->gid, &group_sid)) { + if (!gid_to_sid(&group_sid, user->gid)) { DEBUG(3, ("could not lookup sid for gid %d\n", user->gid)); + goto done; } sid_to_string(sid_str, &group_sid); @@ -279,7 +286,7 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, for (i = 0; i < user->ngroups; i++) { if (user->groups[i] != user->gid) { - if (winbind_gid_to_sid(user->groups[i], &group_sid)) { + if (gid_to_sid(&group_sid, user->groups[i])) { /* If we're a group member then we can also do anything */ @@ -310,18 +317,18 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, acl = sd->dacl; - if (acl == NULL || acl->ace == NULL || acl->num_aces == 0) { + if (acl == NULL || acl->ace == NULL || acl->num_aces == 0) { /* Checks against a NULL ACL succeed and return access - granted = access requested. */ + granted = access requested. */ *status = NT_STATUS_NOPROBLEMO; *acc_granted = acc_desired; acc_desired = 0; DEBUG(3, ("null ace, access allowed\n")); - goto done; - } + goto done; + } /* Check each ACE in ACL. We break out of the loop if an ACE is either explicitly denied or explicitly allowed by the @@ -370,7 +377,8 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, } done: - free_sid_array(ngroup_sids, group_sids); + + free_sid_array(ngroup_sids, group_sids); /* If any access desired bits are still on, return access denied and turn off any bits already granted. */ @@ -380,5 +388,5 @@ BOOL se_access_check(SEC_DESC *sd, struct current_user *user, *status = NT_STATUS_ACCESS_DENIED; } - return *status == NT_STATUS_NOPROBLEMO; + return *status == NT_STATUS_NOPROBLEMO; } |