From e80ceb1d7355c8c46a2ed90d5721cf367640f4e8 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 12 Mar 2010 13:56:51 -0800 Subject: Remove more uses of "extern struct current_user current_user;". Use accessor functions to get to this value. Tidies up much of the user context code. Volker, please look at the changes in smbd/uid.c to familiarize yourself with these changes as I think they make the logic in there cleaner. Cause smbd/posix_acls.c code to look at current user context, not stored context on the conn struct - allows correct use of these function calls under a become_root()/unbecome_root() pair. Jeremy. --- source3/smbd/uid.c | 74 ++++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 58 insertions(+), 16 deletions(-) (limited to 'source3/smbd/uid.c') diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c index 2ec50cd4d8..3bf5a7ee49 100644 --- a/source3/smbd/uid.c +++ b/source3/smbd/uid.c @@ -167,6 +167,9 @@ static bool check_user_ok(connection_struct *conn, conn->read_only = readonly_share; conn->admin_user = admin_user; + if (conn->admin_user) { + conn->server_info->utok.uid = sec_initial_uid(); + } return(True); } @@ -278,26 +281,22 @@ bool change_to_user(connection_struct *conn, uint16 vuid) return false; } + /* security = share sets force_user. */ + if (!conn->force_user && !vuser) { + DEBUG(2,("change_to_user: Invalid vuid used %d in accessing " + "share %s.\n",vuid, lp_servicename(snum) )); + return False; + } + /* * conn->server_info is now correctly set up with a copy we can mess * with for force_group etc. */ - if (conn->force_user) /* security = share sets this too */ { - uid = conn->server_info->utok.uid; - gid = conn->server_info->utok.gid; - group_list = conn->server_info->utok.groups; - num_groups = conn->server_info->utok.ngroups; - } else if (vuser) { - uid = conn->admin_user ? 0 : vuser->server_info->utok.uid; - gid = conn->server_info->utok.gid; - num_groups = conn->server_info->utok.ngroups; - group_list = conn->server_info->utok.groups; - } else { - DEBUG(2,("change_to_user: Invalid vuid used %d in accessing " - "share %s.\n",vuid, lp_servicename(snum) )); - return False; - } + uid = conn->server_info->utok.uid; + gid = conn->server_info->utok.gid; + num_groups = conn->server_info->utok.ngroups; + group_list = conn->server_info->utok.groups; /* * See if we should force group for this service. @@ -342,7 +341,7 @@ bool change_to_user(connection_struct *conn, uint16 vuid) set_sec_ctx() */ current_user.ut.ngroups = num_groups; - current_user.ut.groups = group_list; + current_user.ut.groups = group_list; set_sec_ctx(uid, gid, current_user.ut.ngroups, current_user.ut.groups, conn->server_info->ptok); @@ -505,3 +504,46 @@ bool unbecome_user(void) pop_conn_ctx(); return True; } + +/**************************************************************************** + Return the current user we are running effectively as on this connection. + I'd like to make this return conn->server_info->utok.uid, but become_root() + doesn't alter this value. +****************************************************************************/ + +uid_t get_current_uid(connection_struct *conn) +{ + return current_user.ut.uid; +} + +/**************************************************************************** + Return the current group we are running effectively as on this connection. + I'd like to make this return conn->server_info->utok.gid, but become_root() + doesn't alter this value. +****************************************************************************/ + +gid_t get_current_gid(connection_struct *conn) +{ + return current_user.ut.gid; +} + +/**************************************************************************** + Return the UNIX token we are running effectively as on this connection. + I'd like to make this return &conn->server_info->utok, but become_root() + doesn't alter this value. +****************************************************************************/ + +const UNIX_USER_TOKEN *get_current_utok(connection_struct *conn) +{ + return ¤t_user.ut; +} + +const NT_USER_TOKEN *get_current_nttok(connection_struct *conn) +{ + return current_user.nt_user_token; +} + +uint16_t get_current_vuid(connection_struct *conn) +{ + return current_user.vuid; +} -- cgit