From 92895379934b660affa70cd406e40719d429ae2a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 15 Jul 2011 15:55:31 +1000 Subject: s3-auth Use struct auth_user_info_unix for unix_name and sanitized_username This is closer to the layout of struct auth_session_info in auth.idl Andrew Bartlett Signed-off-by: Andrew Tridgell --- source3/auth/auth_util.c | 52 +++++++++++++++++++----------- source3/include/auth.h | 11 +------ source3/lib/afs.c | 4 +-- source3/lib/substitute.c | 5 +-- source3/modules/onefs_open.c | 2 +- source3/modules/vfs_expand_msdfs.c | 4 +-- source3/modules/vfs_full_audit.c | 4 +-- source3/modules/vfs_recycle.c | 4 +-- source3/modules/vfs_smb_traffic_analyzer.c | 2 +- source3/printing/printing.c | 6 ++-- source3/rpc_server/lsa/srv_lsa_nt.c | 2 +- source3/smbd/close.c | 2 +- source3/smbd/fake_file.c | 2 +- source3/smbd/lanman.c | 12 +++---- source3/smbd/msdfs.c | 4 +-- source3/smbd/nttrans.c | 4 +-- source3/smbd/open.c | 2 +- source3/smbd/password.c | 19 +++++------ source3/smbd/process.c | 4 +-- source3/smbd/service.c | 32 +++++++++--------- source3/smbd/session.c | 2 +- source3/smbd/smb2_server.c | 4 +-- source3/smbd/smb2_sesssetup.c | 8 ++--- source3/smbd/smb2_tcon.c | 2 +- source3/smbd/trans2.c | 4 +-- source3/smbd/uid.c | 12 +++---- 26 files changed, 109 insertions(+), 100 deletions(-) diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 59a296774b..f53f63df1f 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -507,11 +507,11 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx, if (((lp_server_role() == ROLE_DOMAIN_MEMBER) && !winbind_ping()) || (server_info->nss_token)) { status = create_token_from_username(session_info, - session_info->unix_name, + session_info->unix_info->unix_name, session_info->guest, &session_info->unix_token->uid, &session_info->unix_token->gid, - &session_info->unix_name, + &session_info->unix_info->unix_name, &session_info->security_token); } else { @@ -824,7 +824,7 @@ static NTSTATUS make_new_session_info_guest(struct auth3_session_info **session_ alpha_strcpy(tmp, (*session_info)->info3->base.account_name.string, ". _-$", sizeof(tmp)); - (*session_info)->sanitized_username = talloc_strdup(*session_info, tmp); + (*session_info)->unix_info->sanitized_username = talloc_strdup(*session_info, tmp); status = NT_STATUS_OK; done: @@ -1015,13 +1015,15 @@ static struct auth_serversupplied_info *copy_session_info_serverinfo(TALLOC_CTX } dst->extra = src->extra; - dst->unix_name = talloc_strdup(dst, src->unix_name); + /* This element must be provided to convert back to an auth_serversupplied_info */ + SMB_ASSERT(src->unix_info); + dst->unix_name = talloc_strdup(dst, src->unix_info->unix_name); if (!dst->unix_name) { TALLOC_FREE(dst); return NULL; } - dst->sanitized_username = talloc_strdup(dst, src->sanitized_username); + dst->sanitized_username = talloc_strdup(dst, src->unix_info->sanitized_username); if (!dst->sanitized_username) { TALLOC_FREE(dst); return NULL; @@ -1080,14 +1082,20 @@ static struct auth3_session_info *copy_serverinfo_session_info(TALLOC_CTX *mem_c } dst->extra = src->extra; - dst->unix_name = talloc_strdup(dst, src->unix_name); - if (!dst->unix_name) { + dst->unix_info = talloc_zero(dst, struct auth_user_info_unix); + if (!dst->unix_info) { TALLOC_FREE(dst); return NULL; } - dst->sanitized_username = talloc_strdup(dst, src->sanitized_username); - if (!dst->sanitized_username) { + dst->unix_info->unix_name = talloc_strdup(dst, src->unix_name); + if (!dst->unix_info->unix_name) { + TALLOC_FREE(dst); + return NULL; + } + + dst->unix_info->sanitized_username = talloc_strdup(dst, src->sanitized_username); + if (!dst->unix_info->sanitized_username) { TALLOC_FREE(dst); return NULL; } @@ -1149,16 +1157,24 @@ struct auth3_session_info *copy_session_info(TALLOC_CTX *mem_ctx, } dst->extra = src->extra; - dst->unix_name = talloc_strdup(dst, src->unix_name); - if (!dst->unix_name) { - TALLOC_FREE(dst); - return NULL; - } + if (src->unix_info) { + dst->unix_info = talloc_zero(dst, struct auth_user_info_unix); + if (!dst->unix_info) { + TALLOC_FREE(dst); + return NULL; + } - dst->sanitized_username = talloc_strdup(dst, src->sanitized_username); - if (!dst->sanitized_username) { - TALLOC_FREE(dst); - return NULL; + dst->unix_info->unix_name = talloc_strdup(dst, src->unix_info->unix_name); + if (!dst->unix_info->unix_name) { + TALLOC_FREE(dst); + return NULL; + } + + dst->unix_info->sanitized_username = talloc_strdup(dst, src->unix_info->sanitized_username); + if (!dst->unix_info->sanitized_username) { + TALLOC_FREE(dst); + return NULL; + } } return dst; diff --git a/source3/include/auth.h b/source3/include/auth.h index f3c6a04092..11d501f434 100644 --- a/source3/include/auth.h +++ b/source3/include/auth.h @@ -112,16 +112,7 @@ struct auth3_session_info { */ bool nss_token; - char *unix_name; - - /* - * For performance reasons we keep an alpha_strcpy-sanitized version - * of the username around as long as the global variable current_user - * still exists. If we did not do keep this, we'd have to call - * alpha_strcpy whenever we do a become_user(), potentially on every - * smb request. See set_current_user_info. - */ - char *sanitized_username; + struct auth_user_info_unix *unix_info; }; struct auth_context { diff --git a/source3/lib/afs.c b/source3/lib/afs.c index 11a930b8b9..7a49c5772e 100644 --- a/source3/lib/afs.c +++ b/source3/lib/afs.c @@ -231,9 +231,9 @@ bool afs_login(connection_struct *conn) } afs_username = talloc_sub_advanced(ctx, - SNUM(conn), conn->session_info->unix_name, + SNUM(conn), conn->session_info->unix_info->unix_name, conn->connectpath, conn->session_info->unix_token->gid, - conn->session_info->sanitized_username, + conn->session_info->unix_info->sanitized_username, pdb_get_domain(conn->session_info->sam_account), afs_username); if (!afs_username) { diff --git a/source3/lib/substitute.c b/source3/lib/substitute.c index bf3cd5d51e..eae6d15f7c 100644 --- a/source3/lib/substitute.c +++ b/source3/lib/substitute.c @@ -815,11 +815,12 @@ void standard_sub_advanced(const char *servicename, const char *user, char *standard_sub_conn(TALLOC_CTX *ctx, connection_struct *conn, const char *str) { - /* Make clear that we require the optional unix_token in the source3 code */ + /* Make clear that we require the optional unix_token and unix_info in the source3 code */ SMB_ASSERT(conn->session_info->unix_token); + SMB_ASSERT(conn->session_info->unix_info); return talloc_sub_advanced(ctx, lp_servicename(SNUM(conn)), - conn->session_info->unix_name, + conn->session_info->unix_info->unix_name, conn->connectpath, conn->session_info->unix_token->gid, get_smb_user_name(), diff --git a/source3/modules/onefs_open.c b/source3/modules/onefs_open.c index 101dc5bc6e..dd4eb90b13 100644 --- a/source3/modules/onefs_open.c +++ b/source3/modules/onefs_open.c @@ -327,7 +327,7 @@ static NTSTATUS onefs_open_file(files_struct *fsp, fsp->wcp = NULL; /* Write cache pointer. */ DEBUG(2,("%s opened file %s read=%s write=%s (numopen=%d)\n", - conn->session_info->unix_name, + conn->session_info->unix_info->unix_name, smb_fname_str_dbg(smb_fname), BOOLSTR(fsp->can_read), BOOLSTR(fsp->can_write), conn->num_files_open)); diff --git a/source3/modules/vfs_expand_msdfs.c b/source3/modules/vfs_expand_msdfs.c index 8cb59b2cdd..c857c1a424 100644 --- a/source3/modules/vfs_expand_msdfs.c +++ b/source3/modules/vfs_expand_msdfs.c @@ -157,10 +157,10 @@ static char *expand_msdfs_target(TALLOC_CTX *ctx, targethost = talloc_sub_advanced(ctx, lp_servicename(SNUM(conn)), - conn->session_info->unix_name, + conn->session_info->unix_info->unix_name, conn->connectpath, conn->session_info->unix_token->gid, - conn->session_info->sanitized_username, + conn->session_info->unix_info->sanitized_username, conn->session_info->info3->base.domain.string, targethost); diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c index 9e7981b408..da28551046 100644 --- a/source3/modules/vfs_full_audit.c +++ b/source3/modules/vfs_full_audit.c @@ -406,10 +406,10 @@ static char *audit_prefix(TALLOC_CTX *ctx, connection_struct *conn) } result = talloc_sub_advanced(ctx, lp_servicename(SNUM(conn)), - conn->session_info->unix_name, + conn->session_info->unix_info->unix_name, conn->connectpath, conn->session_info->unix_token->gid, - conn->session_info->sanitized_username, + conn->session_info->unix_info->sanitized_username, conn->session_info->info3->base.domain.string, prefix); TALLOC_FREE(prefix); diff --git a/source3/modules/vfs_recycle.c b/source3/modules/vfs_recycle.c index 72355cd55e..65de114b83 100644 --- a/source3/modules/vfs_recycle.c +++ b/source3/modules/vfs_recycle.c @@ -443,10 +443,10 @@ static int recycle_unlink(vfs_handle_struct *handle, int rc = -1; repository = talloc_sub_advanced(NULL, lp_servicename(SNUM(conn)), - conn->session_info->unix_name, + conn->session_info->unix_info->unix_name, conn->connectpath, conn->session_info->unix_token->gid, - conn->session_info->sanitized_username, + conn->session_info->unix_info->sanitized_username, conn->session_info->info3->base.domain.string, recycle_repository(handle)); ALLOC_CHECK(repository, done); diff --git a/source3/modules/vfs_smb_traffic_analyzer.c b/source3/modules/vfs_smb_traffic_analyzer.c index 2ce8beb04f..fb36c4c99e 100644 --- a/source3/modules/vfs_smb_traffic_analyzer.c +++ b/source3/modules/vfs_smb_traffic_analyzer.c @@ -459,7 +459,7 @@ static void smb_traffic_analyzer_send_data(vfs_handle_struct *handle, * function. */ username = smb_traffic_analyzer_anonymize( talloc_tos(), - handle->conn->session_info->sanitized_username, + handle->conn->session_info->unix_info->sanitized_username, handle); if (!username) { diff --git a/source3/printing/printing.c b/source3/printing/printing.c index 50ef75b8ef..a2d5c5373b 100644 --- a/source3/printing/printing.c +++ b/source3/printing/printing.c @@ -2252,7 +2252,7 @@ static bool is_owner(const struct auth3_session_info *server_info, if (!pjob || !server_info) return False; - return strequal(pjob->user, server_info->sanitized_username); + return strequal(pjob->user, server_info->unix_info->sanitized_username); } /**************************************************************************** @@ -2840,9 +2840,9 @@ WERROR print_job_start(const struct auth3_session_info *server_info, fstrcpy(pjob.clientmachine, clientmachine); fstrcpy(pjob.user, lp_printjob_username(snum)); - standard_sub_advanced(sharename, server_info->sanitized_username, + standard_sub_advanced(sharename, server_info->unix_info->sanitized_username, path, server_info->unix_token->gid, - server_info->sanitized_username, + server_info->unix_info->sanitized_username, server_info->info3->base.domain.string, pjob.user, sizeof(pjob.user)-1); /* ensure NULL termination */ diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c index fa018b424f..eaf1a5b0ba 100644 --- a/source3/rpc_server/lsa/srv_lsa_nt.c +++ b/source3/rpc_server/lsa/srv_lsa_nt.c @@ -2411,7 +2411,7 @@ NTSTATUS _lsa_GetUserName(struct pipes_struct *p, return NT_STATUS_NO_MEMORY; } } else { - username = p->session_info->sanitized_username; + username = p->session_info->unix_info->sanitized_username; domname = p->session_info->info3->base.domain.string; } diff --git a/source3/smbd/close.c b/source3/smbd/close.c index 52cfc111fb..43861b3045 100644 --- a/source3/smbd/close.c +++ b/source3/smbd/close.c @@ -686,7 +686,7 @@ static NTSTATUS close_normal_file(struct smb_request *req, files_struct *fsp, status = ntstatus_keeperror(status, tmp); DEBUG(2,("%s closed file %s (numopen=%d) %s\n", - conn->session_info->unix_name, fsp_str_dbg(fsp), + conn->session_info->unix_info->unix_name, fsp_str_dbg(fsp), conn->num_files_open - 1, nt_errstr(status) )); diff --git a/source3/smbd/fake_file.c b/source3/smbd/fake_file.c index 68967fb268..2b31ba5ae0 100644 --- a/source3/smbd/fake_file.c +++ b/source3/smbd/fake_file.c @@ -147,7 +147,7 @@ NTSTATUS open_fake_file(struct smb_request *req, connection_struct *conn, "service[%s] file[%s] user[%s]\n", lp_servicename(SNUM(conn)), smb_fname_str_dbg(smb_fname), - conn->session_info->unix_name)); + conn->session_info->unix_info->unix_name)); return NT_STATUS_ACCESS_DENIED; } diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c index f84540fbec..b8fcc3022d 100644 --- a/source3/smbd/lanman.c +++ b/source3/smbd/lanman.c @@ -117,10 +117,10 @@ static int CopyExpanded(connection_struct *conn, } buf = talloc_sub_advanced(ctx, lp_servicename(SNUM(conn)), - conn->session_info->unix_name, + conn->session_info->unix_info->unix_name, conn->connectpath, conn->session_info->unix_token->gid, - conn->session_info->sanitized_username, + conn->session_info->unix_info->sanitized_username, conn->session_info->info3->base.domain.string, buf); if (!buf) { @@ -168,10 +168,10 @@ static int StrlenExpanded(connection_struct *conn, int snum, char *s) } buf = talloc_sub_advanced(ctx, lp_servicename(SNUM(conn)), - conn->session_info->unix_name, + conn->session_info->unix_info->unix_name, conn->connectpath, conn->session_info->unix_token->gid, - conn->session_info->sanitized_username, + conn->session_info->unix_info->sanitized_username, conn->session_info->info3->base.domain.string, buf); if (!buf) { @@ -4011,7 +4011,7 @@ static bool api_NetWkstaGetInfo(struct smbd_server_connection *sconn, p += 4; SIVAL(p,0,PTR_DIFF(p2,*rdata)); - strlcpy(p2,conn->session_info->sanitized_username,PTR_DIFF(endp,p2)); + strlcpy(p2,conn->session_info->unix_info->sanitized_username,PTR_DIFF(endp,p2)); p2 = skip_string(*rdata,*rdata_len,p2); if (!p2) { return False; @@ -4636,7 +4636,7 @@ static bool api_WWkstaUserLogon(struct smbd_server_connection *sconn, if(vuser != NULL) { DEBUG(3,(" Username of UID %d is %s\n", (int)vuser->session_info->unix_token->uid, - vuser->session_info->unix_name)); + vuser->session_info->unix_info->unix_name)); } uLevel = get_safe_SVAL(param,tpscnt,p,0,-1); diff --git a/source3/smbd/msdfs.c b/source3/smbd/msdfs.c index 25a82cdbb0..c71f83dedd 100644 --- a/source3/smbd/msdfs.c +++ b/source3/smbd/msdfs.c @@ -272,7 +272,7 @@ NTSTATUS create_conn_struct(TALLOC_CTX *ctx, TALLOC_FREE(conn); return NT_STATUS_NO_MEMORY; } - vfs_user = conn->session_info->unix_name; + vfs_user = conn->session_info->unix_info->unix_name; } else { /* use current authenticated user in absence of session_info */ vfs_user = get_current_username(); @@ -773,7 +773,7 @@ static NTSTATUS dfs_redirect(TALLOC_CTX *ctx, if (!( strequal(pdp->servicename, lp_servicename(SNUM(conn))) || (strequal(pdp->servicename, HOMES_NAME) && strequal(lp_servicename(SNUM(conn)), - conn->session_info->sanitized_username) )) ) { + conn->session_info->unix_info->sanitized_username) )) ) { /* The given sharename doesn't match this connection. */ TALLOC_FREE(pdp); diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 5fdb07d769..9f745f269e 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -2501,7 +2501,7 @@ static void call_nt_transact_get_user_quota(connection_struct *conn, if (get_current_uid(conn) != 0) { DEBUG(1,("get_user_quota: access_denied service [%s] user " "[%s]\n", lp_servicename(SNUM(conn)), - conn->session_info->unix_name)); + conn->session_info->unix_info->unix_name)); reply_nterror(req, NT_STATUS_ACCESS_DENIED); return; } @@ -2771,7 +2771,7 @@ static void call_nt_transact_set_user_quota(connection_struct *conn, if (get_current_uid(conn) != 0) { DEBUG(1,("set_user_quota: access_denied service [%s] user " "[%s]\n", lp_servicename(SNUM(conn)), - conn->session_info->unix_name)); + conn->session_info->unix_info->unix_name)); reply_nterror(req, NT_STATUS_ACCESS_DENIED); return; } diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 5bbcf1e616..d81c278110 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -689,7 +689,7 @@ static NTSTATUS open_file(files_struct *fsp, fsp->wcp = NULL; /* Write cache pointer. */ DEBUG(2,("%s opened file %s read=%s write=%s (numopen=%d)\n", - conn->session_info->unix_name, + conn->session_info->unix_info->unix_name, smb_fname_str_dbg(smb_fname), BOOLSTR(fsp->can_read), BOOLSTR(fsp->can_write), conn->num_files_open)); diff --git a/source3/smbd/password.c b/source3/smbd/password.c index fb88fd3319..08b53a818e 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -281,22 +281,23 @@ int register_existing_vuid(struct smbd_server_connection *sconn, /* This is a potentially untrusted username */ alpha_strcpy(tmp, smb_name, ". _-$", sizeof(tmp)); - vuser->session_info->sanitized_username = talloc_strdup( + vuser->session_info->unix_info->sanitized_username = talloc_strdup( vuser->session_info, tmp); - /* Make clear that we require the optional unix_token in the source3 code */ + /* Make clear that we require the optional unix_token and unix_info in the source3 code */ SMB_ASSERT(vuser->session_info->unix_token); + SMB_ASSERT(vuser->session_info->unix_info); DEBUG(10,("register_existing_vuid: (%u,%u) %s %s %s guest=%d\n", (unsigned int)vuser->session_info->unix_token->uid, (unsigned int)vuser->session_info->unix_token->gid, - vuser->session_info->unix_name, - vuser->session_info->sanitized_username, + vuser->session_info->unix_info->unix_name, + vuser->session_info->unix_info->sanitized_username, vuser->session_info->info3->base.domain.string, vuser->session_info->guest )); DEBUG(3, ("register_existing_vuid: User name: %s\t" - "Real name: %s\n", vuser->session_info->unix_name, + "Real name: %s\n", vuser->session_info->unix_info->unix_name, vuser->session_info->info3->base.full_name.string)); if (!vuser->session_info->security_token) { @@ -310,7 +311,7 @@ int register_existing_vuid(struct smbd_server_connection *sconn, DEBUG(3,("register_existing_vuid: UNIX uid %d is UNIX user %s, " "and will be vuid %u\n", (int)vuser->session_info->unix_token->uid, - vuser->session_info->unix_name, vuser->vuid)); + vuser->session_info->unix_info->unix_name, vuser->vuid)); if (!session_claim(sconn, vuser)) { DEBUG(1, ("register_existing_vuid: Failed to claim session " @@ -329,7 +330,7 @@ int register_existing_vuid(struct smbd_server_connection *sconn, if (!vuser->session_info->guest) { vuser->homes_snum = register_homes_share( - vuser->session_info->unix_name); + vuser->session_info->unix_info->unix_name); } if (srv_is_signing_negotiated(sconn) && @@ -343,8 +344,8 @@ int register_existing_vuid(struct smbd_server_connection *sconn, /* fill in the current_user_info struct */ set_current_user_info( - vuser->session_info->sanitized_username, - vuser->session_info->unix_name, + vuser->session_info->unix_info->sanitized_username, + vuser->session_info->unix_info->unix_name, vuser->session_info->info3->base.domain.string); return vuser->vuid; diff --git a/source3/smbd/process.c b/source3/smbd/process.c index 785486137c..66c7d08383 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -1412,8 +1412,8 @@ static connection_struct *switch_message(uint8 type, struct smb_request *req, in vuser = get_valid_user_struct(sconn, session_tag); if (vuser) { set_current_user_info( - vuser->session_info->sanitized_username, - vuser->session_info->unix_name, + vuser->session_info->unix_info->sanitized_username, + vuser->session_info->unix_info->unix_name, vuser->session_info->info3->base.domain.string); } } diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 0c86ec09f9..47114f1255 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -402,13 +402,13 @@ static NTSTATUS create_connection_session_info(struct smbd_server_connection *sc return NT_STATUS_ACCESS_DENIED; } } else { - if (!user_ok_token(vuid_serverinfo->unix_name, + if (!user_ok_token(vuid_serverinfo->unix_info->unix_name, vuid_serverinfo->info3->base.domain.string, vuid_serverinfo->security_token, snum)) { DEBUG(2, ("user '%s' (from session setup) not " "permitted to access this share " "(%s)\n", - vuid_serverinfo->unix_name, + vuid_serverinfo->unix_info->unix_name, lp_servicename(snum))); return NT_STATUS_ACCESS_DENIED; } @@ -496,7 +496,7 @@ NTSTATUS set_conn_force_user_group(connection_struct *conn, int snum) if (*lp_force_group(snum)) { status = find_forced_group( - conn->force_user, snum, conn->session_info->unix_name, + conn->force_user, snum, conn->session_info->unix_info->unix_name, &conn->session_info->security_token->sids[1], &conn->session_info->unix_token->gid); @@ -571,7 +571,7 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn, conn->force_user = true; } - add_session_user(sconn, conn->session_info->unix_name); + add_session_user(sconn, conn->session_info->unix_info->unix_name); conn->num_files_open = 0; conn->lastused = conn->lastused_count = time(NULL); @@ -613,10 +613,10 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn, { char *s = talloc_sub_advanced(talloc_tos(), lp_servicename(SNUM(conn)), - conn->session_info->unix_name, + conn->session_info->unix_info->unix_name, conn->connectpath, conn->session_info->unix_token->gid, - conn->session_info->sanitized_username, + conn->session_info->unix_info->sanitized_username, conn->session_info->info3->base.domain.string, lp_pathname(snum)); if (!s) { @@ -700,7 +700,7 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn, filesystem operation that we do. */ if (SMB_VFS_CONNECT(conn, lp_servicename(snum), - conn->session_info->unix_name) < 0) { + conn->session_info->unix_info->unix_name) < 0) { DEBUG(0,("make_connection: VFS make connection failed!\n")); *pstatus = NT_STATUS_UNSUCCESSFUL; goto err_root_exit; @@ -735,10 +735,10 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn, if (*lp_rootpreexec(snum)) { char *cmd = talloc_sub_advanced(talloc_tos(), lp_servicename(SNUM(conn)), - conn->session_info->unix_name, + conn->session_info->unix_info->unix_name, conn->connectpath, conn->session_info->unix_token->gid, - conn->session_info->sanitized_username, + conn->session_info->unix_info->sanitized_username, conn->session_info->info3->base.domain.string, lp_rootpreexec(snum)); DEBUG(5,("cmd=%s\n",cmd)); @@ -773,10 +773,10 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn, if (*lp_preexec(snum)) { char *cmd = talloc_sub_advanced(talloc_tos(), lp_servicename(SNUM(conn)), - conn->session_info->unix_name, + conn->session_info->unix_info->unix_name, conn->connectpath, conn->session_info->unix_token->gid, - conn->session_info->sanitized_username, + conn->session_info->unix_info->sanitized_username, conn->session_info->info3->base.domain.string, lp_preexec(snum)); ret = smbrun(cmd,NULL); @@ -881,7 +881,7 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn, dbgtext( "%s", srv_is_signing_active(sconn) ? "signed " : ""); dbgtext( "connect to service %s ", lp_servicename(snum) ); dbgtext( "initially as user %s ", - conn->session_info->unix_name ); + conn->session_info->unix_info->unix_name ); dbgtext( "(uid=%d, gid=%d) ", (int)effuid, (int)effgid ); dbgtext( "(pid %d)\n", (int)sys_getpid() ); } @@ -1093,10 +1093,10 @@ void close_cnum(connection_struct *conn, uint16 vuid) change_to_user(conn, vuid)) { char *cmd = talloc_sub_advanced(talloc_tos(), lp_servicename(SNUM(conn)), - conn->session_info->unix_name, + conn->session_info->unix_info->unix_name, conn->connectpath, conn->session_info->unix_token->gid, - conn->session_info->sanitized_username, + conn->session_info->unix_info->sanitized_username, conn->session_info->info3->base.domain.string, lp_postexec(SNUM(conn))); smbrun(cmd,NULL); @@ -1109,10 +1109,10 @@ void close_cnum(connection_struct *conn, uint16 vuid) if (*lp_rootpostexec(SNUM(conn))) { char *cmd = talloc_sub_advanced(talloc_tos(), lp_servicename(SNUM(conn)), - conn->session_info->unix_name, + conn->session_info->unix_info->unix_name, conn->connectpath, conn->session_info->unix_token->gid, - conn->session_info->sanitized_username, + conn->session_info->unix_info->sanitized_username, conn->session_info->info3->base.domain.string, lp_rootpostexec(SNUM(conn))); smbrun(cmd,NULL); diff --git a/source3/smbd/session.c b/source3/smbd/session.c index 184ce1b3a5..a6bc4924b5 100644 --- a/source3/smbd/session.c +++ b/source3/smbd/session.c @@ -139,7 +139,7 @@ bool session_claim(struct smbd_server_connection *sconn, user_struct *vuser) /* Make clear that we require the optional unix_token in the source3 code */ SMB_ASSERT(vuser->session_info->unix_token); - fstrcpy(sessionid.username, vuser->session_info->unix_name); + fstrcpy(sessionid.username, vuser->session_info->unix_info->unix_name); fstrcpy(sessionid.hostname, sconn->remote_hostname); sessionid.id_num = i; /* Only valid for utmp sessions */ sessionid.pid = pid; diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c index 65454aef18..7e181ef5dd 100644 --- a/source3/smbd/smb2_server.c +++ b/source3/smbd/smb2_server.c @@ -1188,8 +1188,8 @@ static NTSTATUS smbd_smb2_request_check_session(struct smbd_smb2_request *req) return NT_STATUS_ACCESS_DENIED; } - set_current_user_info(session->session_info->sanitized_username, - session->session_info->unix_name, + set_current_user_info(session->session_info->unix_info->sanitized_username, + session->session_info->unix_info->unix_name, session->session_info->info3->base.domain.string); req->session = session; diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c index 8a4704cb28..fb9fbde502 100644 --- a/source3/smbd/smb2_sesssetup.c +++ b/source3/smbd/smb2_sesssetup.c @@ -277,12 +277,12 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session, /* This is a potentially untrusted username */ alpha_strcpy(tmp, user, ". _-$", sizeof(tmp)); - session->session_info->sanitized_username = + session->session_info->unix_info->sanitized_username = talloc_strdup(session->session_info, tmp); if (!session->session_info->guest) { session->compat_vuser->homes_snum = - register_homes_share(session->session_info->unix_name); + register_homes_share(session->session_info->unix_info->unix_name); } if (!session_claim(session->sconn, session->compat_vuser)) { @@ -488,12 +488,12 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s auth_ntlmssp_get_username(session->auth_ntlmssp_state), ". _-$", sizeof(tmp)); - session->session_info->sanitized_username = talloc_strdup( + session->session_info->unix_info->sanitized_username = talloc_strdup( session->session_info, tmp); if (!session->compat_vuser->session_info->guest) { session->compat_vuser->homes_snum = - register_homes_share(session->session_info->unix_name); + register_homes_share(session->session_info->unix_info->unix_name); } if (!session_claim(session->sconn, session->compat_vuser)) { diff --git a/source3/smbd/smb2_tcon.c b/source3/smbd/smb2_tcon.c index 6b86e24dc2..a302b4ea58 100644 --- a/source3/smbd/smb2_tcon.c +++ b/source3/smbd/smb2_tcon.c @@ -186,7 +186,7 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req, "user %s because it was not found " "or created at session setup " "time\n", - compat_vuser->session_info->unix_name)); + compat_vuser->session_info->unix_info->unix_name)); return NT_STATUS_BAD_NETWORK_NAME; } snum = compat_vuser->homes_snum; diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index bfde938635..90eb40a62f 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -3209,7 +3209,7 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned DEBUG(0,("set_user_quota: access_denied " "service [%s] user [%s]\n", lp_servicename(SNUM(conn)), - conn->session_info->unix_name)); + conn->session_info->unix_info->unix_name)); return NT_STATUS_ACCESS_DENIED; } @@ -3703,7 +3703,7 @@ cap_low = 0x%x, cap_high = 0x%x\n", if ((get_current_uid(conn) != 0) || !CAN_WRITE(conn)) { DEBUG(0,("set_user_quota: access_denied service [%s] user [%s]\n", lp_servicename(SNUM(conn)), - conn->session_info->unix_name)); + conn->session_info->unix_info->unix_name)); reply_nterror(req, NT_STATUS_ACCESS_DENIED); return; } diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c index b6ea7674b1..47c9786116 100644 --- a/source3/smbd/uid.c +++ b/source3/smbd/uid.c @@ -109,13 +109,13 @@ static bool check_user_ok(connection_struct *conn, } } - if (!user_ok_token(session_info->unix_name, + if (!user_ok_token(session_info->unix_info->unix_name, session_info->info3->base.domain.string, session_info->security_token, snum)) return(False); readonly_share = is_share_read_only_for_token( - session_info->unix_name, + session_info->unix_info->unix_name, session_info->info3->base.domain.string, session_info->security_token, conn); @@ -140,7 +140,7 @@ static bool check_user_ok(connection_struct *conn, } admin_user = token_contains_name_in_list( - session_info->unix_name, + session_info->unix_info->unix_name, session_info->info3->base.domain.string, NULL, session_info->security_token, lp_admin_users(snum)); @@ -176,7 +176,7 @@ static bool check_user_ok(connection_struct *conn, if (admin_user) { DEBUG(2,("check_user_ok: user %s is an admin user. " "Setting uid as %d\n", - conn->session_info->unix_name, + conn->session_info->unix_info->unix_name, sec_initial_uid() )); conn->session_info->unix_token->uid = sec_initial_uid(); } @@ -207,8 +207,8 @@ static bool change_to_user_internal(connection_struct *conn, if (!ok) { DEBUG(2,("SMB user %s (unix user %s) " "not permitted access to share %s.\n", - session_info->sanitized_username, - session_info->unix_name, + session_info->unix_info->sanitized_username, + session_info->unix_info->unix_name, lp_servicename(snum))); return false; } -- cgit