From f87399915b009f88c41cb75a583c2972fe3daf30 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Thu, 3 Aug 2000 22:38:43 +0000
Subject: Added an NT_USER_TOKEN structure that is copied/passed around
 associated with the current user. This will allow se_access_check() to
 quickly do a SD check without having to translate uid/gid's to SIDs. Still
 needs work on pipe calls. Jeremy. (This used to be commit
 e28d01b744b3dbd33e0e54af4e7f426fa8c082b8)

---
 source3/include/proto.h |  4 ++--
 source3/include/smb.h   | 12 +++++++++++-
 source3/include/vfs.h   | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 62 insertions(+), 3 deletions(-)

(limited to 'source3/include')

diff --git a/source3/include/proto.h b/source3/include/proto.h
index 321f3098e9..e630d7019f 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -3546,7 +3546,6 @@ void invalidate_vuid(uint16 vuid);
 char *validated_username(uint16 vuid);
 char *validated_domain(uint16 vuid);
 int initialize_groups(char *user, uid_t uid, gid_t gid);
-void setup_nt_token(NT_USER_TOKEN *token, uid_t uid, gid_t gid, int ngroups, gid_t *groups);
 uint16 register_vuid(uid_t uid,gid_t gid, char *unix_name, char *requested_name, 
 		     char *domain,BOOL guest);
 void add_session_user(char *user);
@@ -3673,8 +3672,9 @@ int reply_getattrE(connection_struct *conn, char *inbuf,char *outbuf, int size,
 /*The following definitions come from  smbd/sec_ctx.c  */
 
 int get_current_groups(int *p_ngroups, gid_t **p_groups);
+void delete_nt_token(NT_USER_TOKEN **pptoken);
 BOOL push_sec_ctx(void);
-void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups);
+void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN *token);
 void set_root_sec_ctx(void);
 BOOL pop_sec_ctx(void);
 void init_sec_ctx(void);
diff --git a/source3/include/smb.h b/source3/include/smb.h
index aaebe56f33..03d4b4c9b3 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -383,8 +383,11 @@ struct use_info
 	char *domain;
 };
 
+#ifndef MAXSUBAUTHS
 #define MAXSUBAUTHS 15 /* max sub authorities in a SID */
+#endif
 
+#ifndef _DOM_SID
 /* DOM_SID - security id */
 typedef struct sid_info
 {
@@ -398,16 +401,21 @@ typedef struct sid_info
   uint32 sub_auths[MAXSUBAUTHS];  /* pointer to sub-authorities. */
 
 } DOM_SID;
+#define _DOM_SID
+#endif
 
 /*
  * The complete list of SIDS belonging to this user.
  * Created when a vuid is registered.
  */
 
+#ifndef _NT_USER_TOKEN
 typedef struct _nt_user_token {
 	size_t num_sids;
 	DOM_SID *user_sids;
 } NT_USER_TOKEN;
+#define _NT_USER_TOKEN
+#endif
 
 /*** query a local group, get a list of these: shows who is in that group ***/
 
@@ -580,6 +588,7 @@ typedef struct connection_struct
 	/* This groups info is valid for the user that *opened* the connection */
 	int ngroups;
 	gid_t *groups;
+	NT_USER_TOKEN *nt_user_token;
 	
 	time_t lastused;
 	BOOL used;
@@ -598,6 +607,7 @@ struct current_user
 	gid_t gid;
 	int ngroups;
 	gid_t *groups;
+	NT_USER_TOKEN *nt_user_token;
 };
 
 /*
@@ -1672,7 +1682,7 @@ typedef struct
 	int n_groups;
 	gid_t *groups;
 
-	NT_USER_TOKEN nt_user_token;
+	NT_USER_TOKEN *nt_user_token;
 
 	/* per-user authentication information on NT RPCs */
 	/* lkclXXXX - THIS SHOULD NOT BE HERE! */
diff --git a/source3/include/vfs.h b/source3/include/vfs.h
index 1b4e57f2ac..1312935e7f 100644
--- a/source3/include/vfs.h
+++ b/source3/include/vfs.h
@@ -64,6 +64,54 @@ typedef char fstring[FSTRING_LEN];
 #define SMB_BIG_UINT unsigned long
 #endif
 
+#ifndef MAXSUBAUTHS
+#define MAXSUBAUTHS 15 /* max sub authorities in a SID */
+#endif
+
+#ifndef uint8
+#define uint8 unsigned char
+#endif 
+
+#if !defined(uint32) && !defined(HAVE_UINT32_FROM_RPC_RPC_H)
+#if (SIZEOF_INT == 4)
+#define uint32 unsigned int
+#elif (SIZEOF_LONG == 4)
+#define uint32 unsigned long
+#elif (SIZEOF_SHORT == 4)
+#define uint32 unsigned short
+#endif
+#endif
+
+#ifndef _DOM_SID
+/* DOM_SID - security id */
+typedef struct sid_info
+{
+  uint8  sid_rev_num;             /* SID revision number */
+  uint8  num_auths;               /* number of sub-authorities */
+  uint8  id_auth[6];              /* Identifier Authority */
+  /*
+   * Note that the values in these uint32's are in *native* byteorder,
+   * not neccessarily little-endian...... JRA.
+   */
+  uint32 sub_auths[MAXSUBAUTHS];  /* pointer to sub-authorities. */
+
+} DOM_SID;
+#define _DOM_SID
+#endif
+
+/*
+ * The complete list of SIDS belonging to this user.
+ * Created when a vuid is registered.
+ */
+
+#ifndef _NT_USER_TOKEN
+typedef struct _nt_user_token {
+    size_t num_sids;
+    DOM_SID *user_sids;
+} NT_USER_TOKEN;
+#define _NT_USER_TOKEN
+#endif
+
 /* Information from the connection_struct passed to the vfs layer */
 
 struct vfs_connection_struct {
@@ -93,6 +141,7 @@ struct vfs_connection_struct {
     gid_t gid;
     int ngroups;
     gid_t *groups;
+	NT_USER_TOKEN *nt_user_token;
 };
 
 /* Avoid conflict with an AIX include file */
-- 
cgit