From 8c5c55fea5656df4fcc241c1f989674cf1b54f9e Mon Sep 17 00:00:00 2001
From: Samba Release Account <samba-bugs@samba.org>
Date: Fri, 25 Oct 1996 20:18:28 +0000
Subject: Core of the changes for returning smb_uid's. smb_uid's are now
 returned as an index plus offset into the valudated_users table. The offset
 (100) is added so that an smb_uid of zero becomes an invalid value. All
 access into the validated_users table are done by removing the offset and
 indexing into the table. Out of ranges return NULL. Causes accesses into the
 validated_users table to be more consistant and controlled.

This change made due to the fact that the uid field is only 16
bits in the smb header and we need for this not to be a unix
user id (which can ge 32 bits).

jra@cygnus.com
(This used to be commit ac265eff85a043e139b259e400fbbc444a94c97c)
---
 source3/smbd/password.c | 117 +++++++++++++++++++++++-------------------------
 1 file changed, 57 insertions(+), 60 deletions(-)

(limited to 'source3')

diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index d17bb86be4..4f9f91d76d 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -80,32 +80,18 @@ BOOL last_challenge(char *challenge)
 static user_struct *validated_users = NULL;
 static int num_validated_users = 0;
 
-/****************************************************************************
-check if a uid has been validated, and return an index if it has. -1 if not
-****************************************************************************/
-int valid_uid(int uid)
-{
-  int i;
-  if (uid == -1) return(-1);
-
-  for (i=0;i<num_validated_users;i++)
-    if (validated_users[i].uid == uid)
-      {
-	DEBUG(3,("valid uid %d mapped to vuid %d (user=%s)\n",
-		 uid,i,validated_users[i].name));
-	return(i);
-      }
-  return(-1);
-}
-
 /****************************************************************************
 check if a uid has been validated, and return an pointer to the user_struct
-if it has. NULL if not
+if it has. NULL if not. vuid is biased by an offset. This allows us to
+tell random client vuid's (normally zero) from valid vuids.
 ****************************************************************************/
-user_struct *get_valid_user_struct(int uid)
+user_struct *get_valid_user_struct(uint16 vuid)
 {
-  int vuid = valid_uid(uid);
-  if(vuid == -1 || validated_users[vuid].guest)
+  if(vuid == UID_FIELD_INVALID)
+    return NULL;
+  vuid -= VUID_OFFSET;
+  if((vuid >= (uint16)num_validated_users) || 
+     (validated_users[vuid].uid == -1) || (validated_users[vuid].gid == -1))
     return NULL;
   return &validated_users[vuid];
 }
@@ -113,56 +99,65 @@ user_struct *get_valid_user_struct(int uid)
 /****************************************************************************
 invalidate a uid
 ****************************************************************************/
-void invalidate_uid(int uid)
+void invalidate_vuid(uint16 vuid)
 {
-  int i;
-  for (i=0;i<num_validated_users;i++)
-    if (validated_users[i].uid == uid)
-      {
-	user_struct *vuser = &validated_users[i];
-	vuser->uid = -1;
-	vuser->gid = -1;
-	vuser->user_ngroups = 0;
-	if(vuser->user_groups && 
-	   (vuser->user_groups != (gid_t *)vuser->user_igroups))
-	  free(vuser->user_groups);
-	vuser->user_groups = NULL;
-	if(vuser->user_igroups)
-	  free(vuser->user_igroups);
-	vuser->user_igroups = NULL;
-      }
+  user_struct *vuser = get_valid_user_struct(vuid);
+  if(vuser == 0)
+    return;
+
+  vuser->uid = -1;
+  vuser->gid = -1;
+  vuser->user_ngroups = 0;
+  if(vuser->user_groups && 
+     (vuser->user_groups != (gid_t *)vuser->user_igroups))
+       free(vuser->user_groups);
+  vuser->user_groups = NULL;
+  if(vuser->user_igroups)
+    free(vuser->user_igroups);
+  vuser->user_igroups = NULL;
 }
 
 
 /****************************************************************************
 return a validated username
 ****************************************************************************/
-char *validated_username(int vuid)
+char *validated_username(uint16 vuid)
 {
-  return(validated_users[vuid].name);
+  user_struct *vuser = get_valid_user_struct(vuid);
+  if(vuser == 0)
+    return 0;
+  return(vuser->name);
 }
 
 /****************************************************************************
 register a uid/name pair as being valid and that a valid password
-has been given.
+has been given. vuid is biased by an offset. This allows us to
+tell random client vuid's (normally zero) from valid vuids.
 ****************************************************************************/
-void register_uid(int uid,int gid, char *name,BOOL guest)
+uint16 register_vuid(int uid,int gid, char *name,BOOL guest)
 {
   user_struct *vuser;
 
-  if (valid_uid(uid) >= 0)
-    return;
-  validated_users = (user_struct *)Realloc(validated_users,
-					   sizeof(user_struct)*
-					   (num_validated_users+1));
+  int i;
+  for(i = 0; i < num_validated_users; i++) {
+    vuser = &validated_users[i];
+    if( vuser->uid == uid )
+      return i; /* User already validated */
+  }
 
+  validated_users = (user_struct *)Realloc(validated_users,
+			   sizeof(user_struct)*
+			   (num_validated_users+1));
+  
   if (!validated_users)
     {
       DEBUG(0,("Failed to realloc users struct!\n"));
-      return;
+      return UID_FIELD_INVALID;
     }
 
   vuser = &validated_users[num_validated_users];
+  num_validated_users++;
+
   vuser->uid = uid;
   vuser->gid = gid;
   vuser->guest = guest;
@@ -180,8 +175,8 @@ void register_uid(int uid,int gid, char *name,BOOL guest)
 	       &vuser->user_groups);
 
   DEBUG(3,("uid %d registered to name %s\n",uid,name));
-  
-  num_validated_users++;
+
+  return (uint16)((num_validated_users - 1) + VUID_OFFSET);
 }
 
 
@@ -944,7 +939,7 @@ static char *validate_group(char *group,char *password,int pwlen,int snum)
 check for authority to login to a service with a given username/password
 ****************************************************************************/
 BOOL authorise_login(int snum,char *user,char *password, int pwlen, 
-		     BOOL *guest,BOOL *force,int vuid)
+		     BOOL *guest,BOOL *force,uint16 vuid)
 {
   BOOL ok = False;
   
@@ -971,6 +966,8 @@ BOOL authorise_login(int snum,char *user,char *password, int pwlen,
   if (!(GUEST_ONLY(snum) && GUEST_OK(snum)))
     {
 
+      user_struct *vuser = get_valid_user_struct(vuid);
+
       /* check the given username and password */
       if (!ok && (*user) && user_ok(user,snum)) {
 	ok = password_ok(user,password, pwlen, NULL);
@@ -978,11 +975,11 @@ BOOL authorise_login(int snum,char *user,char *password, int pwlen,
       }
 
       /* check for a previously registered guest username */
-      if (!ok && (vuid >= 0) && validated_users[vuid].guest) {	  
-	if (user_ok(validated_users[vuid].name,snum) &&
-	    password_ok(validated_users[vuid].name, password, pwlen, NULL)) {
-	  strcpy(user, validated_users[vuid].name);
-	  validated_users[vuid].guest = False;
+      if (!ok && (vuser != 0) && vuser->guest) {	  
+	if (user_ok(vuser->name,snum) &&
+	    password_ok(vuser->name, password, pwlen, NULL)) {
+	  strcpy(user, vuser->name);
+	  vuser->guest = False;
 	  DEBUG(3,("ACCEPTED: given password with registered user %s\n", user));
 	  ok = True;
 	}
@@ -1015,9 +1012,9 @@ BOOL authorise_login(int snum,char *user,char *password, int pwlen,
 
       /* check for a previously validated username/password pair */
       if (!ok && !lp_revalidate(snum) &&
-	  (vuid >= 0) && !validated_users[vuid].guest &&
-	  user_ok(validated_users[vuid].name,snum)) {
-	strcpy(user,validated_users[vuid].name);
+	  (vuser != 0) && !vuser->guest &&
+	  user_ok(vuser->name,snum)) {
+	strcpy(user,vuser->name);
 	*guest = False;
 	DEBUG(3,("ACCEPTED: validated uid ok as non-guest\n"));
 	ok = True;
-- 
cgit