Switch over to using get_currect_XXX() accessor functions.

Jeremy.
author: Jeremy Allison <jra@samba.org> 2010-03-15 12:13:30 -0700
committer: Jeremy Allison <jra@samba.org> 2010-03-15 14:49:15 -0700
commit: 984eee7e290cd0dd20baf8a531ed9afc142796ff (patch)
tree: 81a1d7c4ca3a5317b1427c20b72b1f8da66445f2 /source3/smbd
parent: 6b2358e15eadf2b137b62669a813eded21aebbc7 (diff)
download: samba-984eee7e290cd0dd20baf8a531ed9afc142796ff.tar.gz
samba-984eee7e290cd0dd20baf8a531ed9afc142796ff.tar.bz2
samba-984eee7e290cd0dd20baf8a531ed9afc142796ff.zip
5 files changed, 38 insertions, 33 deletions
diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index ca1ac47fa0..27bc1cef19 100644
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -21,8 +21,6 @@
 
 #include "includes.h"
 
-extern struct current_user current_user;
-
 /****************************************************************************
  Run a file if it is a magic script.
 ****************************************************************************/
@@ -332,12 +330,12 @@ static NTSTATUS close_remove_share_mode(files_struct *fsp,
 		/* Initial delete on close was set and no one else
 		 * wrote a real delete on close. */
 
-		if (current_user.vuid != fsp->vuid) {
+		if (get_current_vuid(conn) != fsp->vuid) {
 			become_user(conn, fsp->vuid);
 			became_user = True;
 		}
 		fsp->delete_on_close = true;
-		set_delete_on_close_lck(lck, True, &current_user.ut);
+		set_delete_on_close_lck(lck, True, get_current_utok(conn));
 		if (became_user) {
 			unbecome_user();
 		}
@@ -389,7 +387,7 @@ static NTSTATUS close_remove_share_mode(files_struct *fsp,
 	 */
 	fsp->update_write_time_on_close = false;
 
-	if (!unix_token_equal(lck->delete_token, &current_user.ut)) {
+	if (!unix_token_equal(lck->delete_token, get_current_utok(conn))) {
 		/* Become the user who requested the delete. */
 
 		DEBUG(5,("close_remove_share_mode: file %s. "
@@ -955,12 +953,12 @@ static NTSTATUS close_directory(struct smb_request *req, files_struct *fsp,
 		 * directories we don't care if anyone else
 		 * wrote a real delete on close. */
 
-		if (current_user.vuid != fsp->vuid) {
+		if (get_current_vuid(fsp->conn) != fsp->vuid) {
 			become_user(fsp->conn, fsp->vuid);
 			became_user = True;
 		}
 		send_stat_cache_delete_message(fsp->fsp_name->base_name);
-		set_delete_on_close_lck(lck, True, &current_user.ut);
+		set_delete_on_close_lck(lck, True, get_current_utok(fsp->conn));
 		fsp->delete_on_close = true;
 		if (became_user) {
 			unbecome_user();
diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c
index 631efce677..065f2b6c75 100644
--- a/source3/smbd/file_access.c
+++ b/source3/smbd/file_access.c
@@ -35,7 +35,7 @@ bool can_access_file_acl(struct connection_struct *conn,
 	struct security_descriptor *secdesc = NULL;
 	bool ret;
 
-	if (conn->server_info->utok.uid == 0 || conn->admin_user) {
+	if (get_current_uid(conn) == (uid_t)0) {
 		/* I'm sorry sir, I didn't know you were root... */
 		return true;
 	}
@@ -51,7 +51,7 @@ bool can_access_file_acl(struct connection_struct *conn,
 		goto out;
 	}
 
-	status = se_access_check(secdesc, conn->server_info->ptok,
+	status = se_access_check(secdesc, get_current_nttok(conn),
 				 access_mask, &access_granted);
 	ret = NT_STATUS_IS_OK(status);
 
@@ -111,7 +111,7 @@ bool can_delete_file_in_directory(connection_struct *conn,
 		ret = false;
 		goto out;
 	}
-	if (conn->server_info->utok.uid == 0 || conn->admin_user) {
+	if (get_current_uid(conn) == (uid_t)0) {
 		/* I'm sorry sir, I didn't know you were root... */
 		ret = true;
 		goto out;
@@ -144,9 +144,9 @@ bool can_delete_file_in_directory(connection_struct *conn,
 		 * or the owner of the directory as we have no possible
 		 * chance of deleting. Otherwise, go on and check the ACL.
 		 */
-		if ((conn->server_info->utok.uid !=
+		if ((get_current_uid(conn) !=
 			smb_fname_parent->st.st_ex_uid) &&
-		    (conn->server_info->utok.uid != smb_fname->st.st_ex_uid)) {
+		    (get_current_uid(conn) != smb_fname->st.st_ex_uid)) {
 			DEBUG(10,("can_delete_file_in_directory: not "
 				  "owner of file %s or directory %s",
 				  smb_fname_str_dbg(smb_fname),
@@ -195,7 +195,7 @@ bool can_access_file_data(connection_struct *conn,
 	DEBUG(10,("can_access_file_data: requesting 0x%x on file %s\n",
 		  (unsigned int)access_mask, smb_fname_str_dbg(smb_fname)));
 
-	if (conn->server_info->utok.uid == 0 || conn->admin_user) {
+	if (get_current_uid(conn) == (uid_t)0) {
 		/* I'm sorry sir, I didn't know you were root... */
 		return True;
 	}
@@ -203,7 +203,7 @@ bool can_access_file_data(connection_struct *conn,
 	SMB_ASSERT(VALID_STAT(smb_fname->st));
 
 	/* Check primary owner access. */
-	if (conn->server_info->utok.uid == smb_fname->st.st_ex_uid) {
+	if (get_current_uid(conn) == smb_fname->st.st_ex_uid) {
 		switch (access_mask) {
 			case FILE_READ_DATA:
 				return (smb_fname->st.st_ex_mode & S_IRUSR) ?
diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
index dab26d0abe..c97228fab7 100644
--- a/source3/smbd/lanman.c
+++ b/source3/smbd/lanman.c
@@ -3767,7 +3767,9 @@ static bool api_RNetUserGetInfo(connection_struct *conn, uint16 vuid,
 				vuser->server_info->sam_account);
 		}
 		/* modelled after NTAS 3.51 reply */
-		SSVAL(p,usri11_priv,conn->admin_user?USER_PRIV_ADMIN:USER_PRIV_USER);
+		SSVAL(p,usri11_priv,
+			(get_current_uid(conn) == sec_initial_uid())?
+			USER_PRIV_ADMIN:USER_PRIV_USER);
 		SIVAL(p,usri11_auth_flags,AF_OP_PRINT);		/* auth flags */
 		SIVALS(p,usri11_password_age,-1);		/* password age */
 		SIVAL(p,usri11_homedir,PTR_DIFF(p2,p)); /* home dir */
@@ -3820,7 +3822,8 @@ static bool api_RNetUserGetInfo(connection_struct *conn, uint16 vuid,
 		memset(p+22,' ',16);	/* password */
 		SIVALS(p,38,-1);		/* password age */
 		SSVAL(p,42,
-		conn->admin_user?USER_PRIV_ADMIN:USER_PRIV_USER);
+			(get_current_uid(conn) == sec_initial_uid())?
+			USER_PRIV_ADMIN:USER_PRIV_USER);
 		SIVAL(p,44,PTR_DIFF(p2,*rdata)); /* home dir */
 		strlcpy(p2, vuser ? pdb_get_homedir(
 				vuser->server_info->sam_account) : "",
@@ -3971,7 +3974,9 @@ static bool api_WWkstaUserLogon(connection_struct *conn,uint16 vuid,
 		PACKI(&desc,"W",0);		/* code */
 		PACKS(&desc,"B21",name);	/* eff. name */
 		PACKS(&desc,"B","");		/* pad */
-		PACKI(&desc,"W", conn->admin_user?USER_PRIV_ADMIN:USER_PRIV_USER);
+		PACKI(&desc,"W",
+			(get_current_uid(conn) == sec_initial_uid())?
+			USER_PRIV_ADMIN:USER_PRIV_USER);
 		PACKI(&desc,"D",0);		/* auth flags XXX */
 		PACKI(&desc,"W",0);		/* num logons */
 		PACKI(&desc,"W",0);		/* bad pw count */
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index e366c5fadf..0834e6d3d3 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -58,7 +58,7 @@ NTSTATUS smb1_file_se_access_check(struct connection_struct *conn,
 {
 	*access_granted = 0;
 
-	if (conn->server_info->utok.uid == 0 || conn->admin_user) {
+	if (get_current_uid(conn) == (uid_t)0) {
 		/* I'm sorry sir, I didn't know you were root... */
 		*access_granted = access_desired;
 		if (access_desired & SEC_FLAG_MAXIMUM_ALLOWED) {
@@ -2176,7 +2176,7 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn,
 		new_file_created = True;
 	}
 
-	set_share_mode(lck, fsp, conn->server_info->utok.uid, 0,
+	set_share_mode(lck, fsp, get_current_uid(conn), 0,
 		       fsp->oplock_type);
 
 	/* Handle strange delete on close create semantics. */
@@ -2641,7 +2641,7 @@ static NTSTATUS open_directory(connection_struct *conn,
 		return status;
 	}
 
-	set_share_mode(lck, fsp, conn->server_info->utok.uid, 0, NO_OPLOCK);
+	set_share_mode(lck, fsp, get_current_uid(conn), 0, NO_OPLOCK);
 
 	/* For directories the delete on close bit at open time seems
 	   always to be honored on close... See test 19 in Samba4 BASE-DELETE. */
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index f64d82d39e..c9fdc714c7 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -21,7 +21,6 @@
 
 #include "includes.h"
 
-extern struct current_user current_user;
 extern const struct generic_mapping file_generic_mapping;
 
 #undef  DBGC_CLASS
@@ -1203,7 +1202,7 @@ NTSTATUS unpack_nt_owners(struct connection_struct *conn,
 			if (lp_force_unknown_acl_user(SNUM(conn))) {
 				/* this allows take ownership to work
 				 * reasonably */
-				*puser = current_user.ut.uid;
+				*puser = get_current_uid(conn);
 			} else {
 				DEBUG(3,("unpack_nt_owners: unable to validate"
 					 " owner sid for %s\n",
@@ -1226,7 +1225,7 @@ NTSTATUS unpack_nt_owners(struct connection_struct *conn,
 			if (lp_force_unknown_acl_user(SNUM(conn))) {
 				/* this allows take group ownership to work
 				 * reasonably */
-				*pgrp = current_user.ut.gid;
+				*pgrp = get_current_gid(conn);
 			} else {
 				DEBUG(3,("unpack_nt_owners: unable to validate"
 					 " group sid.\n"));
@@ -1304,15 +1303,17 @@ static bool uid_entry_in_group(connection_struct *conn, canon_ace *uid_ace, cano
 	 * if it's the current user, we already have the unix token
 	 * and don't need to do the complex user_in_group_sid() call
 	 */
-	if (uid_ace->unix_ug.uid == current_user.ut.uid) {
+	if (uid_ace->unix_ug.uid == get_current_uid(conn)) {
+		const UNIX_USER_TOKEN *curr_utok = NULL;
 		size_t i;
 
-		if (group_ace->unix_ug.gid == current_user.ut.gid) {
+		if (group_ace->unix_ug.gid == get_current_gid(conn)) {
 			return True;
 		}
 
-		for (i=0; i < current_user.ut.ngroups; i++) {
-			if (group_ace->unix_ug.gid == current_user.ut.groups[i]) {
+		curr_utok = get_current_utok(conn);
+		for (i=0; i < curr_utok->ngroups; i++) {
+			if (group_ace->unix_ug.gid == curr_utok->groups[i]) {
 				return True;
 			}
 		}
@@ -2641,9 +2642,10 @@ static canon_ace *canonicalise_acl(struct connection_struct *conn,
 static bool current_user_in_group(connection_struct *conn, gid_t gid)
 {
 	int i;
+	const UNIX_USER_TOKEN *utok = get_current_utok(conn);
 
-	for (i = 0; i < current_user.ut.ngroups; i++) {
-		if (current_user.ut.groups[i] == gid) {
+	for (i = 0; i < utok->ngroups; i++) {
+		if (utok->groups[i] == gid) {
 			return True;
 		}
 	}
@@ -3542,13 +3544,13 @@ int try_chown(connection_struct *conn, struct smb_filename *smb_fname,
 	/* Case (2) / (3) */
 	if (lp_enable_privileges()) {
 
-		bool has_take_ownership_priv = user_has_privileges(current_user.nt_user_token,
+		bool has_take_ownership_priv = user_has_privileges(get_current_nttok(conn),
 							      &se_take_ownership);
-		bool has_restore_priv = user_has_privileges(current_user.nt_user_token,
+		bool has_restore_priv = user_has_privileges(get_current_nttok(conn),
 						       &se_restore);
 
 		/* Case (2) */
-		if ( ( has_take_ownership_priv && ( uid == current_user.ut.uid ) ) ||
+		if ( ( has_take_ownership_priv && ( uid == get_current_uid(conn) ) ) ||
 		/* Case (3) */
 		     ( has_restore_priv ) ) {
 
@@ -3576,7 +3578,7 @@ int try_chown(connection_struct *conn, struct smb_filename *smb_fname,
 	   and also copes with the case where the SID in a take ownership ACL is
 	   a local SID on the users workstation
 	*/
-	if (uid != current_user.ut.uid) {
+	if (uid != get_current_uid(conn)) {
 		errno = EPERM;
 		return -1;
 	}
author	Jeremy Allison <jra@samba.org>	2010-03-15 12:13:30 -0700
committer	Jeremy Allison <jra@samba.org>	2010-03-15 14:49:15 -0700
commit	984eee7e290cd0dd20baf8a531ed9afc142796ff (patch)
tree	81a1d7c4ca3a5317b1427c20b72b1f8da66445f2 /source3/smbd
parent	6b2358e15eadf2b137b62669a813eded21aebbc7 (diff)
download	samba-984eee7e290cd0dd20baf8a531ed9afc142796ff.tar.gz samba-984eee7e290cd0dd20baf8a531ed9afc142796ff.tar.bz2 samba-984eee7e290cd0dd20baf8a531ed9afc142796ff.zip