diff options
| author | Jeremy Allison <jra@samba.org> | 2010-03-12 13:56:51 -0800 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2010-03-12 13:56:51 -0800 |
| commit | e80ceb1d7355c8c46a2ed90d5721cf367640f4e8 (patch) | |
| tree | a1172af1868d93449ac25d68576193a872e0bb50 /source3/smbd | |
| parent | 31b0417f7def5af5392088eec8fe6e77074d3da9 (diff) | |
| download | samba-e80ceb1d7355c8c46a2ed90d5721cf367640f4e8.tar.gz samba-e80ceb1d7355c8c46a2ed90d5721cf367640f4e8.tar.bz2 samba-e80ceb1d7355c8c46a2ed90d5721cf367640f4e8.zip | |
Remove more uses of "extern struct current_user current_user;".
Use accessor functions to get to this value. Tidies up much of
the user context code. Volker, please look at the changes in smbd/uid.c
to familiarize yourself with these changes as I think they make the
logic in there cleaner.
Cause smbd/posix_acls.c code to look at current user context, not
stored context on the conn struct - allows correct use of these
function calls under a become_root()/unbecome_root() pair.
Jeremy.
Diffstat (limited to 'source3/smbd')
| -rw-r--r-- | source3/smbd/close.c | 12 | ||||
| -rw-r--r-- | source3/smbd/dir.c | 13 | ||||
| -rw-r--r-- | source3/smbd/file_access.c | 8 | ||||
| -rw-r--r-- | source3/smbd/lanman.c | 11 | ||||
| -rw-r--r-- | source3/smbd/open.c | 6 | ||||
| -rw-r--r-- | source3/smbd/posix_acls.c | 66 | ||||
| -rw-r--r-- | source3/smbd/uid.c | 74 |
7 files changed, 123 insertions, 67 deletions
diff --git a/source3/smbd/close.c b/source3/smbd/close.c index ca1ac47fa0..1530b96797 100644 --- a/source3/smbd/close.c +++ b/source3/smbd/close.c @@ -21,8 +21,6 @@ #include "includes.h" -extern struct current_user current_user; - /**************************************************************************** Run a file if it is a magic script. ****************************************************************************/ @@ -332,12 +330,12 @@ static NTSTATUS close_remove_share_mode(files_struct *fsp, /* Initial delete on close was set and no one else * wrote a real delete on close. */ - if (current_user.vuid != fsp->vuid) { + if (get_current_vuid(conn) != fsp->vuid) { become_user(conn, fsp->vuid); became_user = True; } fsp->delete_on_close = true; - set_delete_on_close_lck(lck, True, ¤t_user.ut); + set_delete_on_close_lck(lck, True, get_current_utok(fsp->conn)); if (became_user) { unbecome_user(); } @@ -389,7 +387,7 @@ static NTSTATUS close_remove_share_mode(files_struct *fsp, */ fsp->update_write_time_on_close = false; - if (!unix_token_equal(lck->delete_token, ¤t_user.ut)) { + if (!unix_token_equal(lck->delete_token, get_current_utok(conn))) { /* Become the user who requested the delete. */ DEBUG(5,("close_remove_share_mode: file %s. " @@ -955,12 +953,12 @@ static NTSTATUS close_directory(struct smb_request *req, files_struct *fsp, * directories we don't care if anyone else * wrote a real delete on close. */ - if (current_user.vuid != fsp->vuid) { + if (get_current_vuid(fsp->conn) != fsp->vuid) { become_user(fsp->conn, fsp->vuid); became_user = True; } send_stat_cache_delete_message(fsp->fsp_name->base_name); - set_delete_on_close_lck(lck, True, ¤t_user.ut); + set_delete_on_close_lck(lck, True, get_current_utok(fsp->conn)); fsp->delete_on_close = true; if (became_user) { unbecome_user(); diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c index b1e9734681..69ebc57473 100644 --- a/source3/smbd/dir.c +++ b/source3/smbd/dir.c @@ -1129,9 +1129,11 @@ static bool user_can_read_file(connection_struct *conn, /* * If user is a member of the Admin group * we never hide files from them. + * Use (uid_t)0 here not sec_initial_uid() + * because of the RAW-SAMBA3HIDE test. */ - if (conn->admin_user) { + if (get_current_uid(conn) == (uid_t)0) { return True; } @@ -1151,9 +1153,11 @@ static bool user_can_write_file(connection_struct *conn, /* * If user is a member of the Admin group * we never hide files from them. + * Use (uid_t)0 here not sec_initial_uid() + * because of the RAW-SAMBA3HIDE test. */ - if (conn->admin_user) { + if (get_current_uid(conn) == (uid_t)0) { return True; } @@ -1178,10 +1182,13 @@ static bool file_is_special(connection_struct *conn, /* * If user is a member of the Admin group * we never hide files from them. + * Use (uid_t)0 here not sec_initial_uid() + * because of the RAW-SAMBA3HIDE test. */ - if (conn->admin_user) + if (get_current_uid(conn) == (uid_t)0) { return False; + } SMB_ASSERT(VALID_STAT(smb_fname->st)); diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c index 631efce677..5c3089ede6 100644 --- a/source3/smbd/file_access.c +++ b/source3/smbd/file_access.c @@ -35,7 +35,7 @@ bool can_access_file_acl(struct connection_struct *conn, struct security_descriptor *secdesc = NULL; bool ret; - if (conn->server_info->utok.uid == 0 || conn->admin_user) { + if (get_current_uid(conn) == (uid_t)0) { /* I'm sorry sir, I didn't know you were root... */ return true; } @@ -111,7 +111,7 @@ bool can_delete_file_in_directory(connection_struct *conn, ret = false; goto out; } - if (conn->server_info->utok.uid == 0 || conn->admin_user) { + if (get_current_uid(conn) == (uid_t)0) { /* I'm sorry sir, I didn't know you were root... */ ret = true; goto out; @@ -195,7 +195,7 @@ bool can_access_file_data(connection_struct *conn, DEBUG(10,("can_access_file_data: requesting 0x%x on file %s\n", (unsigned int)access_mask, smb_fname_str_dbg(smb_fname))); - if (conn->server_info->utok.uid == 0 || conn->admin_user) { + if (get_current_uid(conn) == (uid_t)0) { /* I'm sorry sir, I didn't know you were root... */ return True; } @@ -203,7 +203,7 @@ bool can_access_file_data(connection_struct *conn, SMB_ASSERT(VALID_STAT(smb_fname->st)); /* Check primary owner access. */ - if (conn->server_info->utok.uid == smb_fname->st.st_ex_uid) { + if (get_current_uid(conn) == smb_fname->st.st_ex_uid) { switch (access_mask) { case FILE_READ_DATA: return (smb_fname->st.st_ex_mode & S_IRUSR) ? diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c index 4c947749ba..4c15f133ae 100644 --- a/source3/smbd/lanman.c +++ b/source3/smbd/lanman.c @@ -3767,7 +3767,9 @@ static bool api_RNetUserGetInfo(connection_struct *conn, uint16 vuid, vuser->server_info->sam_account); } /* modelled after NTAS 3.51 reply */ - SSVAL(p,usri11_priv,conn->admin_user?USER_PRIV_ADMIN:USER_PRIV_USER); + SSVAL(p,usri11_priv, + (get_current_uid(conn) == (uid_t)0)? + USER_PRIV_ADMIN:USER_PRIV_USER); SIVAL(p,usri11_auth_flags,AF_OP_PRINT); /* auth flags */ SIVALS(p,usri11_password_age,-1); /* password age */ SIVAL(p,usri11_homedir,PTR_DIFF(p2,p)); /* home dir */ @@ -3820,7 +3822,8 @@ static bool api_RNetUserGetInfo(connection_struct *conn, uint16 vuid, memset(p+22,' ',16); /* password */ SIVALS(p,38,-1); /* password age */ SSVAL(p,42, - conn->admin_user?USER_PRIV_ADMIN:USER_PRIV_USER); + (get_current_uid(conn) == (uid_t)0)? + USER_PRIV_ADMIN:USER_PRIV_USER); SIVAL(p,44,PTR_DIFF(p2,*rdata)); /* home dir */ strlcpy(p2, vuser ? pdb_get_homedir( vuser->server_info->sam_account) : "", @@ -3971,7 +3974,9 @@ static bool api_WWkstaUserLogon(connection_struct *conn,uint16 vuid, PACKI(&desc,"W",0); /* code */ PACKS(&desc,"B21",name); /* eff. name */ PACKS(&desc,"B",""); /* pad */ - PACKI(&desc,"W", conn->admin_user?USER_PRIV_ADMIN:USER_PRIV_USER); + PACKI(&desc,"W", + (get_current_uid(conn) == (uid_t)0)? + USER_PRIV_ADMIN:USER_PRIV_USER); PACKI(&desc,"D",0); /* auth flags XXX */ PACKI(&desc,"W",0); /* num logons */ PACKI(&desc,"W",0); /* bad pw count */ diff --git a/source3/smbd/open.c b/source3/smbd/open.c index fd9796dbf4..3eb727f96b 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -76,7 +76,7 @@ NTSTATUS smbd_check_open_rights(struct connection_struct *conn, *access_granted = 0; - if (conn->server_info->utok.uid == 0 || conn->admin_user) { + if (get_current_uid(conn) == (uid_t)0) { /* I'm sorry sir, I didn't know you were root... */ *access_granted = access_mask; if (access_mask & SEC_FLAG_MAXIMUM_ALLOWED) { @@ -2173,7 +2173,7 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn, new_file_created = True; } - set_share_mode(lck, fsp, conn->server_info->utok.uid, 0, + set_share_mode(lck, fsp, get_current_uid(conn), 0, fsp->oplock_type); /* Handle strange delete on close create semantics. */ @@ -2638,7 +2638,7 @@ static NTSTATUS open_directory(connection_struct *conn, return status; } - set_share_mode(lck, fsp, conn->server_info->utok.uid, 0, NO_OPLOCK); + set_share_mode(lck, fsp, get_current_uid(conn), 0, NO_OPLOCK); /* For directories the delete on close bit at open time seems always to be honored on close... See test 19 in Samba4 BASE-DELETE. */ diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 2fb7b77c86..c00b7bd757 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -21,7 +21,6 @@ #include "includes.h" -extern struct current_user current_user; extern const struct generic_mapping file_generic_mapping; #undef DBGC_CLASS @@ -1168,7 +1167,9 @@ static mode_t map_nt_perms( uint32 *mask, int type) Unpack a SEC_DESC into a UNIX owner and group. ****************************************************************************/ -NTSTATUS unpack_nt_owners(int snum, uid_t *puser, gid_t *pgrp, uint32 security_info_sent, const SEC_DESC *psd) +NTSTATUS unpack_nt_owners(struct connection_struct *conn, + uid_t *puser, gid_t *pgrp, + uint32 security_info_sent, const SEC_DESC *psd) { DOM_SID owner_sid; DOM_SID grp_sid; @@ -1198,10 +1199,10 @@ NTSTATUS unpack_nt_owners(int snum, uid_t *puser, gid_t *pgrp, uint32 security_i if (security_info_sent & OWNER_SECURITY_INFORMATION) { sid_copy(&owner_sid, psd->owner_sid); if (!sid_to_uid(&owner_sid, puser)) { - if (lp_force_unknown_acl_user(snum)) { + if (lp_force_unknown_acl_user(SNUM(conn))) { /* this allows take ownership to work * reasonably */ - *puser = current_user.ut.uid; + *puser = get_current_uid(conn); } else { DEBUG(3,("unpack_nt_owners: unable to validate" " owner sid for %s\n", @@ -1221,10 +1222,10 @@ NTSTATUS unpack_nt_owners(int snum, uid_t *puser, gid_t *pgrp, uint32 security_i if (security_info_sent & GROUP_SECURITY_INFORMATION) { sid_copy(&grp_sid, psd->group_sid); if (!sid_to_gid( &grp_sid, pgrp)) { - if (lp_force_unknown_acl_user(snum)) { + if (lp_force_unknown_acl_user(SNUM(conn))) { /* this allows take group ownership to work * reasonably */ - *pgrp = current_user.ut.gid; + *pgrp = get_current_gid(conn); } else { DEBUG(3,("unpack_nt_owners: unable to validate" " group sid.\n")); @@ -1289,7 +1290,7 @@ static void apply_default_perms(const struct share_params *params, expensive and will need optimisation. A *lot* of optimisation :-). JRA. ****************************************************************************/ -static bool uid_entry_in_group( canon_ace *uid_ace, canon_ace *group_ace ) +static bool uid_entry_in_group(connection_struct *conn, canon_ace *uid_ace, canon_ace *group_ace ) { const char *u_name = NULL; @@ -1302,15 +1303,17 @@ static bool uid_entry_in_group( canon_ace *uid_ace, canon_ace *group_ace ) * if it's the current user, we already have the unix token * and don't need to do the complex user_in_group_sid() call */ - if (uid_ace->unix_ug.uid == current_user.ut.uid) { + if (uid_ace->unix_ug.uid == get_current_uid(conn)) { + const UNIX_USER_TOKEN *curr_utok = NULL; size_t i; - if (group_ace->unix_ug.gid == current_user.ut.gid) { + if (group_ace->unix_ug.gid == get_current_gid(conn)) { return True; } - for (i=0; i < current_user.ut.ngroups; i++) { - if (group_ace->unix_ug.gid == current_user.ut.groups[i]) { + curr_utok = get_current_utok(conn); + for (i=0; i < curr_utok->ngroups; i++) { + if (group_ace->unix_ug.gid == curr_utok->groups[i]) { return True; } } @@ -1341,7 +1344,7 @@ static bool uid_entry_in_group( canon_ace *uid_ace, canon_ace *group_ace ) type. ****************************************************************************/ -static bool ensure_canon_entry_valid(canon_ace **pp_ace, +static bool ensure_canon_entry_valid(connection_struct *conn, canon_ace **pp_ace, const struct share_params *params, const bool is_directory, const DOM_SID *pfile_owner_sid, @@ -1407,7 +1410,7 @@ static bool ensure_canon_entry_valid(canon_ace **pp_ace, for (pace_iter = *pp_ace; pace_iter; pace_iter = pace_iter->next) { if (pace_iter->type == SMB_ACL_GROUP_OBJ || pace_iter->type == SMB_ACL_GROUP) { - if (uid_entry_in_group(pace, pace_iter)) { + if (uid_entry_in_group(conn, pace, pace_iter)) { pace->perms |= pace_iter->perms; group_matched = True; } @@ -2057,7 +2060,7 @@ static bool create_canon_ace_lists(files_struct *fsp, allow entries. ****************************************************************************/ -static void process_deny_list( canon_ace **pp_ace_list ) +static void process_deny_list(connection_struct *conn, canon_ace **pp_ace_list ) { canon_ace *ace_list = *pp_ace_list; canon_ace *curr_ace = NULL; @@ -2162,7 +2165,7 @@ static void process_deny_list( canon_ace **pp_ace_list ) if (allow_ace_p->owner_type == UID_ACE) continue; - if (uid_entry_in_group( curr_ace, allow_ace_p)) + if (uid_entry_in_group(conn, curr_ace, allow_ace_p)) new_perms |= allow_ace_p->perms; } @@ -2206,7 +2209,7 @@ static void process_deny_list( canon_ace **pp_ace_list ) /* Mask off the deny group perms. */ - if (uid_entry_in_group( allow_ace_p, curr_ace)) + if (uid_entry_in_group(conn, allow_ace_p, curr_ace)) allow_ace_p->perms &= ~curr_ace->perms; } @@ -2256,7 +2259,7 @@ static void process_deny_list( canon_ace **pp_ace_list ) /* OR in the group perms. */ - if (uid_entry_in_group( curr_ace, allow_ace_p)) + if (uid_entry_in_group(conn, curr_ace, allow_ace_p)) curr_ace->perms |= allow_ace_p->perms; } } @@ -2368,10 +2371,10 @@ static bool unpack_canon_ace(files_struct *fsp, */ print_canon_ace_list( "file ace - before deny", file_ace); - process_deny_list( &file_ace); + process_deny_list(fsp->conn, &file_ace); print_canon_ace_list( "dir ace - before deny", dir_ace); - process_deny_list( &dir_ace); + process_deny_list(fsp->conn, &dir_ace); /* * A well formed POSIX file or default ACL has at least 3 entries, a @@ -2390,7 +2393,7 @@ static bool unpack_canon_ace(files_struct *fsp, st.st_ex_mode = create_default_mode(fsp, False); - if (!ensure_canon_entry_valid(&file_ace, fsp->conn->params, + if (!ensure_canon_entry_valid(fsp->conn, &file_ace, fsp->conn->params, fsp->is_directory, pfile_owner_sid, pfile_grp_sid, &st, True)) { free_canon_ace_list(file_ace); free_canon_ace_list(dir_ace); @@ -2407,7 +2410,7 @@ static bool unpack_canon_ace(files_struct *fsp, st.st_ex_mode = create_default_mode(fsp, True); - if (dir_ace && !ensure_canon_entry_valid(&dir_ace, fsp->conn->params, + if (dir_ace && !ensure_canon_entry_valid(fsp->conn, &dir_ace, fsp->conn->params, fsp->is_directory, pfile_owner_sid, pfile_grp_sid, &st, True)) { free_canon_ace_list(file_ace); free_canon_ace_list(dir_ace); @@ -2592,7 +2595,7 @@ static canon_ace *canonicalise_acl(struct connection_struct *conn, * This next call will ensure we have at least a user/group/world set. */ - if (!ensure_canon_entry_valid(&l_head, conn->params, + if (!ensure_canon_entry_valid(conn, &l_head, conn->params, S_ISDIR(psbuf->st_ex_mode), powner, pgroup, psbuf, False)) goto fail; @@ -2636,12 +2639,13 @@ static canon_ace *canonicalise_acl(struct connection_struct *conn, Check if the current user group list contains a given group. ****************************************************************************/ -static bool current_user_in_group(gid_t gid) +static bool current_user_in_group(connection_struct *conn, gid_t gid) { int i; + const UNIX_USER_TOKEN *utok = get_current_utok(conn); - for (i = 0; i < current_user.ut.ngroups; i++) { - if (current_user.ut.groups[i] == gid) { + for (i = 0; i < utok->ngroups; i++) { + if (utok->groups[i] == gid) { return True; } } @@ -2662,7 +2666,7 @@ static bool acl_group_override(connection_struct *conn, /* file primary group == user primary or supplementary group */ if (lp_acl_group_control(SNUM(conn)) && - current_user_in_group(smb_fname->st.st_ex_gid)) { + current_user_in_group(conn, smb_fname->st.st_ex_gid)) { return true; } @@ -3540,13 +3544,13 @@ int try_chown(connection_struct *conn, struct smb_filename *smb_fname, /* Case (2) / (3) */ if (lp_enable_privileges()) { - bool has_take_ownership_priv = user_has_privileges(current_user.nt_user_token, + bool has_take_ownership_priv = user_has_privileges(get_current_nttok(conn), &se_take_ownership); - bool has_restore_priv = user_has_privileges(current_user.nt_user_token, + bool has_restore_priv = user_has_privileges(get_current_nttok(conn), &se_restore); /* Case (2) */ - if ( ( has_take_ownership_priv && ( uid == current_user.ut.uid ) ) || + if ( ( has_take_ownership_priv && ( uid == get_current_uid(conn) ) ) || /* Case (3) */ ( has_restore_priv ) ) { @@ -3574,7 +3578,7 @@ int try_chown(connection_struct *conn, struct smb_filename *smb_fname, and also copes with the case where the SID in a take ownership ACL is a local SID on the users workstation */ - if (uid != current_user.ut.uid) { + if (uid != get_current_uid(conn)) { errno = EPERM; return -1; } @@ -3860,7 +3864,7 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const SEC_DESC * Unpack the user/group/world id's. */ - status = unpack_nt_owners( SNUM(conn), &user, &grp, security_info_sent, psd); + status = unpack_nt_owners( conn, &user, &grp, security_info_sent, psd); if (!NT_STATUS_IS_OK(status)) { return status; } diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c index 2ec50cd4d8..3bf5a7ee49 100644 --- a/source3/smbd/uid.c +++ b/source3/smbd/uid.c @@ -167,6 +167,9 @@ static bool check_user_ok(connection_struct *conn, conn->read_only = readonly_share; conn->admin_user = admin_user; + if (conn->admin_user) { + conn->server_info->utok.uid = sec_initial_uid(); + } return(True); } @@ -278,26 +281,22 @@ bool change_to_user(connection_struct *conn, uint16 vuid) return false; } + /* security = share sets force_user. */ + if (!conn->force_user && !vuser) { + DEBUG(2,("change_to_user: Invalid vuid used %d in accessing " + "share %s.\n",vuid, lp_servicename(snum) )); + return False; + } + /* * conn->server_info is now correctly set up with a copy we can mess * with for force_group etc. */ - if (conn->force_user) /* security = share sets this too */ { - uid = conn->server_info->utok.uid; - gid = conn->server_info->utok.gid; - group_list = conn->server_info->utok.groups; - num_groups = conn->server_info->utok.ngroups; - } else if (vuser) { - uid = conn->admin_user ? 0 : vuser->server_info->utok.uid; - gid = conn->server_info->utok.gid; - num_groups = conn->server_info->utok.ngroups; - group_list = conn->server_info->utok.groups; - } else { - DEBUG(2,("change_to_user: Invalid vuid used %d in accessing " - "share %s.\n",vuid, lp_servicename(snum) )); - return False; - } + uid = conn->server_info->utok.uid; + gid = conn->server_info->utok.gid; + num_groups = conn->server_info->utok.ngroups; + group_list = conn->server_info->utok.groups; /* * See if we should force group for this service. @@ -342,7 +341,7 @@ bool change_to_user(connection_struct *conn, uint16 vuid) set_sec_ctx() */ current_user.ut.ngroups = num_groups; - current_user.ut.groups = group_list; + current_user.ut.groups = group_list; set_sec_ctx(uid, gid, current_user.ut.ngroups, current_user.ut.groups, conn->server_info->ptok); @@ -505,3 +504,46 @@ bool unbecome_user(void) pop_conn_ctx(); return True; } + +/**************************************************************************** + Return the current user we are running effectively as on this connection. + I'd like to make this return conn->server_info->utok.uid, but become_root() + doesn't alter this value. +****************************************************************************/ + +uid_t get_current_uid(connection_struct *conn) +{ + return current_user.ut.uid; +} + +/**************************************************************************** + Return the current group we are running effectively as on this connection. + I'd like to make this return conn->server_info->utok.gid, but become_root() + doesn't alter this value. +****************************************************************************/ + +gid_t get_current_gid(connection_struct *conn) +{ + return current_user.ut.gid; +} + +/**************************************************************************** + Return the UNIX token we are running effectively as on this connection. + I'd like to make this return &conn->server_info->utok, but become_root() + doesn't alter this value. +****************************************************************************/ + +const UNIX_USER_TOKEN *get_current_utok(connection_struct *conn) +{ + return ¤t_user.ut; +} + +const NT_USER_TOKEN *get_current_nttok(connection_struct *conn) +{ + return current_user.nt_user_token; +} + +uint16_t get_current_vuid(connection_struct *conn) +{ + return current_user.vuid; +} |