From 6d741e918f145c6ec62c22358aabc8162db108fd Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 15 Jul 2011 14:59:14 +1000 Subject: s3-auth Use *unix_token rather than utok in struct auth3_session_info This brings this structure one step closer to the struct auth_session_info. A few SMB_ASSERT calls are added in some key places to ensure that this pointer is initialised, to make tracing any bugs here easier in future. NOTE: Many of the users of this structure should be reviewed, as unix and NT access checks are mixed in a way that should just be done using the NT ACL. This patch has not changed this behaviour however. Andrew Bartlett Signed-off-by: Andrew Tridgell --- source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) (limited to 'source3/rpc_server/srvsvc') diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c index 7d52a761b6..4766573f62 100644 --- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c +++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c @@ -288,7 +288,7 @@ static void init_srv_share_info_1(struct pipes_struct *p, remark = talloc_sub_advanced( p->mem_ctx, lp_servicename(snum), get_current_username(), lp_pathname(snum), - p->session_info->utok.uid, get_current_username(), + p->session_info->unix_token->uid, get_current_username(), "", remark); } @@ -316,7 +316,7 @@ static void init_srv_share_info_2(struct pipes_struct *p, remark = talloc_sub_advanced( p->mem_ctx, lp_servicename(snum), get_current_username(), lp_pathname(snum), - p->session_info->utok.uid, get_current_username(), + p->session_info->unix_token->uid, get_current_username(), "", remark); } path = talloc_asprintf(p->mem_ctx, @@ -381,7 +381,7 @@ static void init_srv_share_info_501(struct pipes_struct *p, remark = talloc_sub_advanced( p->mem_ctx, lp_servicename(snum), get_current_username(), lp_pathname(snum), - p->session_info->utok.uid, get_current_username(), + p->session_info->unix_token->uid, get_current_username(), "", remark); } @@ -410,7 +410,7 @@ static void init_srv_share_info_502(struct pipes_struct *p, remark = talloc_sub_advanced( p->mem_ctx, lp_servicename(snum), get_current_username(), lp_pathname(snum), - p->session_info->utok.uid, get_current_username(), + p->session_info->unix_token->uid, get_current_username(), "", remark); } path = talloc_asprintf(ctx, "C:%s", lp_pathname(snum)); @@ -451,7 +451,7 @@ static void init_srv_share_info_1004(struct pipes_struct *p, remark = talloc_sub_advanced( p->mem_ctx, lp_servicename(snum), get_current_username(), lp_pathname(snum), - p->session_info->utok.uid, get_current_username(), + p->session_info->unix_token->uid, get_current_username(), "", remark); } @@ -1333,7 +1333,7 @@ WERROR _srvsvc_NetSessDel(struct pipes_struct *p, /* fail out now if you are not root or not a domain admin */ - if ((p->session_info->utok.uid != sec_initial_uid()) && + if ((p->session_info->unix_token->uid != sec_initial_uid()) && ( ! nt_token_check_domain_rid(p->session_info->security_token, DOMAIN_RID_ADMINS))) { @@ -1347,7 +1347,7 @@ WERROR _srvsvc_NetSessDel(struct pipes_struct *p, NTSTATUS ntstat; - if (p->session_info->utok.uid != sec_initial_uid()) { + if (p->session_info->unix_token->uid != sec_initial_uid()) { not_root = True; become_root(); } @@ -1572,11 +1572,11 @@ WERROR _srvsvc_NetShareSetInfo(struct pipes_struct *p, /* fail out now if you are not root and not a disk op */ - if ( p->session_info->utok.uid != sec_initial_uid() && !is_disk_op ) { + if ( p->session_info->unix_token->uid != sec_initial_uid() && !is_disk_op ) { DEBUG(2,("_srvsvc_NetShareSetInfo: uid %u doesn't have the " "SeDiskOperatorPrivilege privilege needed to modify " "share %s\n", - (unsigned int)p->session_info->utok.uid, + (unsigned int)p->session_info->unix_token->uid, share_name )); return WERR_ACCESS_DENIED; } @@ -1773,7 +1773,7 @@ WERROR _srvsvc_NetShareAdd(struct pipes_struct *p, is_disk_op = security_token_has_privilege(p->session_info->security_token, SEC_PRIV_DISK_OPERATOR); - if (p->session_info->utok.uid != sec_initial_uid() && !is_disk_op ) + if (p->session_info->unix_token->uid != sec_initial_uid() && !is_disk_op ) return WERR_ACCESS_DENIED; if (!lp_add_share_cmd() || !*lp_add_share_cmd()) { @@ -1979,7 +1979,7 @@ WERROR _srvsvc_NetShareDel(struct pipes_struct *p, is_disk_op = security_token_has_privilege(p->session_info->security_token, SEC_PRIV_DISK_OPERATOR); - if (p->session_info->utok.uid != sec_initial_uid() && !is_disk_op ) + if (p->session_info->unix_token->uid != sec_initial_uid() && !is_disk_op ) return WERR_ACCESS_DENIED; if (!lp_delete_share_cmd() || !*lp_delete_share_cmd()) { @@ -2549,7 +2549,7 @@ WERROR _srvsvc_NetFileClose(struct pipes_struct *p, is_disk_op = security_token_has_privilege(p->session_info->security_token, SEC_PRIV_DISK_OPERATOR); - if (p->session_info->utok.uid != sec_initial_uid() && !is_disk_op) { + if (p->session_info->unix_token->uid != sec_initial_uid() && !is_disk_op) { return WERR_ACCESS_DENIED; } -- cgit