From 984eee7e290cd0dd20baf8a531ed9afc142796ff Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 15 Mar 2010 12:13:30 -0700 Subject: Switch over to using get_currect_XXX() accessor functions. Jeremy. --- source3/smbd/close.c | 12 +++++------- source3/smbd/file_access.c | 14 +++++++------- source3/smbd/lanman.c | 11 ++++++++--- source3/smbd/open.c | 6 +++--- source3/smbd/posix_acls.c | 28 +++++++++++++++------------- 5 files changed, 38 insertions(+), 33 deletions(-) (limited to 'source3') diff --git a/source3/smbd/close.c b/source3/smbd/close.c index ca1ac47fa0..27bc1cef19 100644 --- a/source3/smbd/close.c +++ b/source3/smbd/close.c @@ -21,8 +21,6 @@ #include "includes.h" -extern struct current_user current_user; - /**************************************************************************** Run a file if it is a magic script. ****************************************************************************/ @@ -332,12 +330,12 @@ static NTSTATUS close_remove_share_mode(files_struct *fsp, /* Initial delete on close was set and no one else * wrote a real delete on close. */ - if (current_user.vuid != fsp->vuid) { + if (get_current_vuid(conn) != fsp->vuid) { become_user(conn, fsp->vuid); became_user = True; } fsp->delete_on_close = true; - set_delete_on_close_lck(lck, True, ¤t_user.ut); + set_delete_on_close_lck(lck, True, get_current_utok(conn)); if (became_user) { unbecome_user(); } @@ -389,7 +387,7 @@ static NTSTATUS close_remove_share_mode(files_struct *fsp, */ fsp->update_write_time_on_close = false; - if (!unix_token_equal(lck->delete_token, ¤t_user.ut)) { + if (!unix_token_equal(lck->delete_token, get_current_utok(conn))) { /* Become the user who requested the delete. */ DEBUG(5,("close_remove_share_mode: file %s. " @@ -955,12 +953,12 @@ static NTSTATUS close_directory(struct smb_request *req, files_struct *fsp, * directories we don't care if anyone else * wrote a real delete on close. */ - if (current_user.vuid != fsp->vuid) { + if (get_current_vuid(fsp->conn) != fsp->vuid) { become_user(fsp->conn, fsp->vuid); became_user = True; } send_stat_cache_delete_message(fsp->fsp_name->base_name); - set_delete_on_close_lck(lck, True, ¤t_user.ut); + set_delete_on_close_lck(lck, True, get_current_utok(fsp->conn)); fsp->delete_on_close = true; if (became_user) { unbecome_user(); diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c index 631efce677..065f2b6c75 100644 --- a/source3/smbd/file_access.c +++ b/source3/smbd/file_access.c @@ -35,7 +35,7 @@ bool can_access_file_acl(struct connection_struct *conn, struct security_descriptor *secdesc = NULL; bool ret; - if (conn->server_info->utok.uid == 0 || conn->admin_user) { + if (get_current_uid(conn) == (uid_t)0) { /* I'm sorry sir, I didn't know you were root... */ return true; } @@ -51,7 +51,7 @@ bool can_access_file_acl(struct connection_struct *conn, goto out; } - status = se_access_check(secdesc, conn->server_info->ptok, + status = se_access_check(secdesc, get_current_nttok(conn), access_mask, &access_granted); ret = NT_STATUS_IS_OK(status); @@ -111,7 +111,7 @@ bool can_delete_file_in_directory(connection_struct *conn, ret = false; goto out; } - if (conn->server_info->utok.uid == 0 || conn->admin_user) { + if (get_current_uid(conn) == (uid_t)0) { /* I'm sorry sir, I didn't know you were root... */ ret = true; goto out; @@ -144,9 +144,9 @@ bool can_delete_file_in_directory(connection_struct *conn, * or the owner of the directory as we have no possible * chance of deleting. Otherwise, go on and check the ACL. */ - if ((conn->server_info->utok.uid != + if ((get_current_uid(conn) != smb_fname_parent->st.st_ex_uid) && - (conn->server_info->utok.uid != smb_fname->st.st_ex_uid)) { + (get_current_uid(conn) != smb_fname->st.st_ex_uid)) { DEBUG(10,("can_delete_file_in_directory: not " "owner of file %s or directory %s", smb_fname_str_dbg(smb_fname), @@ -195,7 +195,7 @@ bool can_access_file_data(connection_struct *conn, DEBUG(10,("can_access_file_data: requesting 0x%x on file %s\n", (unsigned int)access_mask, smb_fname_str_dbg(smb_fname))); - if (conn->server_info->utok.uid == 0 || conn->admin_user) { + if (get_current_uid(conn) == (uid_t)0) { /* I'm sorry sir, I didn't know you were root... */ return True; } @@ -203,7 +203,7 @@ bool can_access_file_data(connection_struct *conn, SMB_ASSERT(VALID_STAT(smb_fname->st)); /* Check primary owner access. */ - if (conn->server_info->utok.uid == smb_fname->st.st_ex_uid) { + if (get_current_uid(conn) == smb_fname->st.st_ex_uid) { switch (access_mask) { case FILE_READ_DATA: return (smb_fname->st.st_ex_mode & S_IRUSR) ? diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c index dab26d0abe..c97228fab7 100644 --- a/source3/smbd/lanman.c +++ b/source3/smbd/lanman.c @@ -3767,7 +3767,9 @@ static bool api_RNetUserGetInfo(connection_struct *conn, uint16 vuid, vuser->server_info->sam_account); } /* modelled after NTAS 3.51 reply */ - SSVAL(p,usri11_priv,conn->admin_user?USER_PRIV_ADMIN:USER_PRIV_USER); + SSVAL(p,usri11_priv, + (get_current_uid(conn) == sec_initial_uid())? + USER_PRIV_ADMIN:USER_PRIV_USER); SIVAL(p,usri11_auth_flags,AF_OP_PRINT); /* auth flags */ SIVALS(p,usri11_password_age,-1); /* password age */ SIVAL(p,usri11_homedir,PTR_DIFF(p2,p)); /* home dir */ @@ -3820,7 +3822,8 @@ static bool api_RNetUserGetInfo(connection_struct *conn, uint16 vuid, memset(p+22,' ',16); /* password */ SIVALS(p,38,-1); /* password age */ SSVAL(p,42, - conn->admin_user?USER_PRIV_ADMIN:USER_PRIV_USER); + (get_current_uid(conn) == sec_initial_uid())? + USER_PRIV_ADMIN:USER_PRIV_USER); SIVAL(p,44,PTR_DIFF(p2,*rdata)); /* home dir */ strlcpy(p2, vuser ? pdb_get_homedir( vuser->server_info->sam_account) : "", @@ -3971,7 +3974,9 @@ static bool api_WWkstaUserLogon(connection_struct *conn,uint16 vuid, PACKI(&desc,"W",0); /* code */ PACKS(&desc,"B21",name); /* eff. name */ PACKS(&desc,"B",""); /* pad */ - PACKI(&desc,"W", conn->admin_user?USER_PRIV_ADMIN:USER_PRIV_USER); + PACKI(&desc,"W", + (get_current_uid(conn) == sec_initial_uid())? + USER_PRIV_ADMIN:USER_PRIV_USER); PACKI(&desc,"D",0); /* auth flags XXX */ PACKI(&desc,"W",0); /* num logons */ PACKI(&desc,"W",0); /* bad pw count */ diff --git a/source3/smbd/open.c b/source3/smbd/open.c index e366c5fadf..0834e6d3d3 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -58,7 +58,7 @@ NTSTATUS smb1_file_se_access_check(struct connection_struct *conn, { *access_granted = 0; - if (conn->server_info->utok.uid == 0 || conn->admin_user) { + if (get_current_uid(conn) == (uid_t)0) { /* I'm sorry sir, I didn't know you were root... */ *access_granted = access_desired; if (access_desired & SEC_FLAG_MAXIMUM_ALLOWED) { @@ -2176,7 +2176,7 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn, new_file_created = True; } - set_share_mode(lck, fsp, conn->server_info->utok.uid, 0, + set_share_mode(lck, fsp, get_current_uid(conn), 0, fsp->oplock_type); /* Handle strange delete on close create semantics. */ @@ -2641,7 +2641,7 @@ static NTSTATUS open_directory(connection_struct *conn, return status; } - set_share_mode(lck, fsp, conn->server_info->utok.uid, 0, NO_OPLOCK); + set_share_mode(lck, fsp, get_current_uid(conn), 0, NO_OPLOCK); /* For directories the delete on close bit at open time seems always to be honored on close... See test 19 in Samba4 BASE-DELETE. */ diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index f64d82d39e..c9fdc714c7 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -21,7 +21,6 @@ #include "includes.h" -extern struct current_user current_user; extern const struct generic_mapping file_generic_mapping; #undef DBGC_CLASS @@ -1203,7 +1202,7 @@ NTSTATUS unpack_nt_owners(struct connection_struct *conn, if (lp_force_unknown_acl_user(SNUM(conn))) { /* this allows take ownership to work * reasonably */ - *puser = current_user.ut.uid; + *puser = get_current_uid(conn); } else { DEBUG(3,("unpack_nt_owners: unable to validate" " owner sid for %s\n", @@ -1226,7 +1225,7 @@ NTSTATUS unpack_nt_owners(struct connection_struct *conn, if (lp_force_unknown_acl_user(SNUM(conn))) { /* this allows take group ownership to work * reasonably */ - *pgrp = current_user.ut.gid; + *pgrp = get_current_gid(conn); } else { DEBUG(3,("unpack_nt_owners: unable to validate" " group sid.\n")); @@ -1304,15 +1303,17 @@ static bool uid_entry_in_group(connection_struct *conn, canon_ace *uid_ace, cano * if it's the current user, we already have the unix token * and don't need to do the complex user_in_group_sid() call */ - if (uid_ace->unix_ug.uid == current_user.ut.uid) { + if (uid_ace->unix_ug.uid == get_current_uid(conn)) { + const UNIX_USER_TOKEN *curr_utok = NULL; size_t i; - if (group_ace->unix_ug.gid == current_user.ut.gid) { + if (group_ace->unix_ug.gid == get_current_gid(conn)) { return True; } - for (i=0; i < current_user.ut.ngroups; i++) { - if (group_ace->unix_ug.gid == current_user.ut.groups[i]) { + curr_utok = get_current_utok(conn); + for (i=0; i < curr_utok->ngroups; i++) { + if (group_ace->unix_ug.gid == curr_utok->groups[i]) { return True; } } @@ -2641,9 +2642,10 @@ static canon_ace *canonicalise_acl(struct connection_struct *conn, static bool current_user_in_group(connection_struct *conn, gid_t gid) { int i; + const UNIX_USER_TOKEN *utok = get_current_utok(conn); - for (i = 0; i < current_user.ut.ngroups; i++) { - if (current_user.ut.groups[i] == gid) { + for (i = 0; i < utok->ngroups; i++) { + if (utok->groups[i] == gid) { return True; } } @@ -3542,13 +3544,13 @@ int try_chown(connection_struct *conn, struct smb_filename *smb_fname, /* Case (2) / (3) */ if (lp_enable_privileges()) { - bool has_take_ownership_priv = user_has_privileges(current_user.nt_user_token, + bool has_take_ownership_priv = user_has_privileges(get_current_nttok(conn), &se_take_ownership); - bool has_restore_priv = user_has_privileges(current_user.nt_user_token, + bool has_restore_priv = user_has_privileges(get_current_nttok(conn), &se_restore); /* Case (2) */ - if ( ( has_take_ownership_priv && ( uid == current_user.ut.uid ) ) || + if ( ( has_take_ownership_priv && ( uid == get_current_uid(conn) ) ) || /* Case (3) */ ( has_restore_priv ) ) { @@ -3576,7 +3578,7 @@ int try_chown(connection_struct *conn, struct smb_filename *smb_fname, and also copes with the case where the SID in a take ownership ACL is a local SID on the users workstation */ - if (uid != current_user.ut.uid) { + if (uid != get_current_uid(conn)) { errno = EPERM; return -1; } -- cgit