From 5a872512b0d6ed09c515f7f85c29add5934361d3 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 3 Oct 2004 06:46:29 +0000 Subject: r2794: a very simple version of the unixuid NTVFS pass-thru module. In conjunction with the posix backend this gives us a way to correctly setup the unix security context in Samba4. I chose the following method to determine the unix uid's and gid's to use given the list of SIDs from the login process - look for a "UnixID" field in the sam record. If present, then use it (check if the record is of the right type as well) - if UnixID is not present, then look for the "UnixName" sam field. If it is present then use getpwnam() or getgrnam() to find the unix id. - if UnixID and UnixName are not present, then look for a unix account of the right type called by the same name as the sAMAccountName field. - if none of the above work then fail the operation with NT_STATUS_ACCESS_DENIED obviously these steps only work well with a local SAM. It will need to be more sophisticated in future. I did not put any cache in place at all. That will need to be added for decent performance. (This used to be commit 78b67d19b9766131f0270e451089ee5bb1aa8bd9) --- source4/ntvfs/unixuid/vfs_unixuid.c | 753 ++++++++++++++++++++++++++++++++++++ 1 file changed, 753 insertions(+) create mode 100644 source4/ntvfs/unixuid/vfs_unixuid.c (limited to 'source4/ntvfs/unixuid/vfs_unixuid.c') diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c new file mode 100644 index 0000000000..6eef6dbc37 --- /dev/null +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -0,0 +1,753 @@ +/* + Unix SMB/CIFS implementation. + + a pass-thru NTVFS module to setup a security context using unix + uid/gid + + Copyright (C) Andrew Tridgell 2004 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +struct unixuid_private { + void *samctx; +}; + + +/* + map a sid to a unix uid +*/ +static NTSTATUS sid_to_unixuid(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, struct dom_sid *sid, uid_t *uid) +{ + struct unixuid_private *private = ntvfs->private_data; + const char *attrs[] = { "sAMAccountName", "UnixID", "UnixName", "sAMAccountType", NULL }; + int ret; + const char *s; + void *ctx; + struct ldb_message **res; + const char *sidstr; + + ctx = talloc(req, 0); + sidstr = dom_sid_string(ctx, sid); + + ret = samdb_search(private->samctx, ctx, NULL, &res, attrs, "objectSid=%s", sidstr); + if (ret != 1) { + DEBUG(2,("Unable to map sid %s to unix uid\n", sidstr)); + talloc_free(ctx); + return NT_STATUS_ACCESS_DENIED; + } + + /* make sure its a user, not a group */ + if (samdb_result_uint(res[0], "sAMAccountType", 0) != ATYPE_NORMAL_ACCOUNT) { + DEBUG(0,("sid_to_unixuid: sid %s is not ATYPE_NORMAL_ACCOUNT\n", sidstr)); + talloc_free(ctx); + return NT_STATUS_ACCESS_DENIED; + } + + /* first try to get the uid directly */ + s = samdb_result_string(res[0], "UnixID", NULL); + if (s != NULL) { + *uid = strtoul(s, NULL, 0); + talloc_free(ctx); + return NT_STATUS_OK; + } + + /* next try via the UnixName attribute */ + s = samdb_result_string(res[0], "UnixName", NULL); + if (s != NULL) { + struct passwd *pwd = getpwnam(s); + if (!pwd) { + DEBUG(0,("UnixName %s for sid %s does not exist as a local user\n", s, sidstr)); + talloc_free(ctx); + return NT_STATUS_ACCESS_DENIED; + } + *uid = pwd->pw_uid; + talloc_free(ctx); + return NT_STATUS_OK; + } + + /* finally try via the sAMAccountName attribute */ + s = samdb_result_string(res[0], "sAMAccountName", NULL); + if (s != NULL) { + struct passwd *pwd = getpwnam(s); + if (!pwd) { + DEBUG(0,("sAMAccountName '%s' for sid %s does not exist as a local user\n", s, sidstr)); + talloc_free(ctx); + return NT_STATUS_ACCESS_DENIED; + } + *uid = pwd->pw_uid; + talloc_free(ctx); + return NT_STATUS_OK; + } + + DEBUG(0,("No sAMAccountName for sid %s!?\n", sidstr)); + + talloc_free(ctx); + return NT_STATUS_ACCESS_DENIED; +} + + +/* + map a sid to a unix gid +*/ +static NTSTATUS sid_to_unixgid(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, struct dom_sid *sid, gid_t *gid) +{ + struct unixuid_private *private = ntvfs->private_data; + const char *attrs[] = { "sAMAccountName", "UnixID", "UnixName", "sAMAccountType", NULL }; + int ret; + const char *s; + void *ctx; + struct ldb_message **res; + const char *sidstr; + + ctx = talloc(req, 0); + sidstr = dom_sid_string(ctx, sid); + + ret = samdb_search(private->samctx, ctx, NULL, &res, attrs, "objectSid=%s", sidstr); + if (ret != 1) { + DEBUG(2,("Unable to map sid %s to unix gid\n", sidstr)); + talloc_free(ctx); + return NT_STATUS_ACCESS_DENIED; + } + + /* make sure its not a user */ + if (samdb_result_uint(res[0], "sAMAccountType", 0) == ATYPE_NORMAL_ACCOUNT) { + DEBUG(0,("sid_to_unixgid: sid %s is a ATYPE_NORMAL_ACCOUNT\n", sidstr)); + talloc_free(ctx); + return NT_STATUS_ACCESS_DENIED; + } + + /* first try to get the gid directly */ + s = samdb_result_string(res[0], "UnixID", NULL); + if (s != NULL) { + *gid = strtoul(s, NULL, 0); + talloc_free(ctx); + return NT_STATUS_OK; + } + + /* next try via the UnixName attribute */ + s = samdb_result_string(res[0], "UnixName", NULL); + if (s != NULL) { + struct group *grp = getgrnam(s); + if (!grp) { + DEBUG(0,("UnixName '%s' for sid %s does not exist as a local group\n", s, sidstr)); + talloc_free(ctx); + return NT_STATUS_ACCESS_DENIED; + } + *gid = grp->gr_gid; + talloc_free(ctx); + return NT_STATUS_OK; + } + + /* finally try via the sAMAccountName attribute */ + s = samdb_result_string(res[0], "sAMAccountName", NULL); + if (s != NULL) { + struct group *grp = getgrnam(s); + if (!grp) { + DEBUG(0,("sAMAccountName '%s' for sid %s does not exist as a local group\n", s, sidstr)); + talloc_free(ctx); + return NT_STATUS_ACCESS_DENIED; + } + *gid = grp->gr_gid; + talloc_free(ctx); + return NT_STATUS_OK; + } + + DEBUG(0,("No sAMAccountName for sid %s!?\n", sidstr)); + + talloc_free(ctx); + return NT_STATUS_ACCESS_DENIED; +} + +struct unix_sec_ctx { + uid_t uid; + gid_t gid; + uint_t ngroups; + gid_t *groups; +}; + +/* + pull the current security context into a unix_sec_ctx +*/ +static struct unix_sec_ctx *save_unix_security(TALLOC_CTX *mem_ctx) +{ + struct unix_sec_ctx *sec = talloc_p(mem_ctx, struct unix_sec_ctx); + if (sec == NULL) { + return NULL; + } + sec->uid = geteuid(); + sec->gid = getegid(); + sec->ngroups = getgroups(0, NULL); + if (sec->ngroups == -1) { + talloc_free(sec); + return NULL; + } + sec->groups = talloc_array_p(sec, gid_t, sec->ngroups); + if (sec->groups == NULL) { + talloc_free(sec); + return NULL; + } + + if (getgroups(sec->ngroups, sec->groups) != sec->ngroups) { + talloc_free(sec); + return NULL; + } + + return sec; +} + +/* + set the current security context from a unix_sec_ctx +*/ +static NTSTATUS set_unix_security(struct unix_sec_ctx *sec) +{ + seteuid(0); + + if (setgroups(sec->ngroups, sec->groups) != 0) { + return NT_STATUS_ACCESS_DENIED; + } + if (setegid(sec->gid) != 0) { + return NT_STATUS_ACCESS_DENIED; + } + if (seteuid(sec->uid) != 0) { + return NT_STATUS_ACCESS_DENIED; + } + return NT_STATUS_OK; +} + +/* + form a unix_sec_ctx from the current session info +*/ +static NTSTATUS authinfo_to_unix_security(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, + struct auth_serversupplied_info *info, + struct unix_sec_ctx **sec) +{ + int i; + NTSTATUS status; + *sec = talloc_p(req, struct unix_sec_ctx); + + status = sid_to_unixuid(ntvfs, req, info->user_sid, &(*sec)->uid); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + status = sid_to_unixgid(ntvfs, req, info->primary_group_sid, &(*sec)->gid); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + (*sec)->ngroups = info->n_domain_groups; + (*sec)->groups = talloc_array_p(*sec, gid_t, (*sec)->ngroups); + if ((*sec)->groups == NULL) { + return NT_STATUS_NO_MEMORY; + } + + for (i=0;i<(*sec)->ngroups;i++) { + status = sid_to_unixgid(ntvfs, req, info->domain_groups[i], &(*sec)->groups[i]); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + } + + return NT_STATUS_OK; +} + +/* + setup our unix security context according to the session authentication info +*/ +static NTSTATUS unixuid_setup_security(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, struct unix_sec_ctx **sec) +{ + struct auth_serversupplied_info *info = req->session->session_info->server_info; + void *ctx = talloc(req, 0); + struct unix_sec_ctx *newsec; + NTSTATUS status; + + *sec = save_unix_security(req); + if (*sec == NULL) { + return NT_STATUS_NO_MEMORY; + } + + status = authinfo_to_unix_security(ntvfs, req, info, &newsec); + if (!NT_STATUS_IS_OK(status)) { + talloc_free(ctx); + return status; + } + + status = set_unix_security(newsec); + if (!NT_STATUS_IS_OK(status)) { + talloc_free(ctx); + return status; + } + + talloc_free(ctx); + + return NT_STATUS_OK; +} + +/* + this pass through macro operates on request contexts +*/ +#define PASS_THRU_REQ(ntvfs, req, op, args) do { \ + NTSTATUS status2; \ + struct unix_sec_ctx *sec; \ + status = unixuid_setup_security(ntvfs, req, &sec); \ + if (NT_STATUS_IS_OK(status)) status = ntvfs_next_##op args; \ + status2 = set_unix_security(sec); \ + if (!NT_STATUS_IS_OK(status2)) smb_panic("Unable to reset security context"); \ +} while (0) + + + +/* + connect to a share - used when a tree_connect operation comes in. +*/ +static NTSTATUS unixuid_connect(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, const char *sharename) +{ + struct unixuid_private *private; + NTSTATUS status; + + private = talloc_p(req->tcon, struct unixuid_private); + if (!private) { + return NT_STATUS_NO_MEMORY; + } + + private->samctx = samdb_connect(private); + if (private->samctx == NULL) { + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + + ntvfs->private_data = private; + + PASS_THRU_REQ(ntvfs, req, connect, (ntvfs, req, sharename)); + + return status; +} + +/* + disconnect from a share +*/ +static NTSTATUS unixuid_disconnect(struct ntvfs_module_context *ntvfs, + struct smbsrv_tcon *tcon) +{ + struct unixuid_private *private = ntvfs->private_data; + NTSTATUS status; + + talloc_free(private); + + status = ntvfs_next_disconnect(ntvfs, tcon); + + return status; +} + + +/* + delete a file +*/ +static NTSTATUS unixuid_unlink(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, struct smb_unlink *unl) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, unlink, (ntvfs, req, unl)); + + return status; +} + +/* + ioctl interface +*/ +static NTSTATUS unixuid_ioctl(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, union smb_ioctl *io) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, ioctl, (ntvfs, req, io)); + + return status; +} + +/* + check if a directory exists +*/ +static NTSTATUS unixuid_chkpath(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, struct smb_chkpath *cp) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, chkpath, (ntvfs, req, cp)); + + return status; +} + +/* + return info on a pathname +*/ +static NTSTATUS unixuid_qpathinfo(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, union smb_fileinfo *info) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, qpathinfo, (ntvfs, req, info)); + + return status; +} + +/* + query info on a open file +*/ +static NTSTATUS unixuid_qfileinfo(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, union smb_fileinfo *info) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, qfileinfo, (ntvfs, req, info)); + + return status; +} + + +/* + set info on a pathname +*/ +static NTSTATUS unixuid_setpathinfo(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, union smb_setfileinfo *st) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, setpathinfo, (ntvfs, req, st)); + + return status; +} + +/* + open a file +*/ +static NTSTATUS unixuid_open(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, union smb_open *io) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, open, (ntvfs, req, io)); + + return status; +} + +/* + create a directory +*/ +static NTSTATUS unixuid_mkdir(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, union smb_mkdir *md) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, mkdir, (ntvfs, req, md)); + + return status; +} + +/* + remove a directory +*/ +static NTSTATUS unixuid_rmdir(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, struct smb_rmdir *rd) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, rmdir, (ntvfs, req, rd)); + + return status; +} + +/* + rename a set of files +*/ +static NTSTATUS unixuid_rename(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, union smb_rename *ren) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, rename, (ntvfs, req, ren)); + + return status; +} + +/* + copy a set of files +*/ +static NTSTATUS unixuid_copy(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, struct smb_copy *cp) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, copy, (ntvfs, req, cp)); + + return status; +} + +/* + read from a file +*/ +static NTSTATUS unixuid_read(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, union smb_read *rd) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, read, (ntvfs, req, rd)); + + return status; +} + +/* + write to a file +*/ +static NTSTATUS unixuid_write(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, union smb_write *wr) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, write, (ntvfs, req, wr)); + + return status; +} + +/* + seek in a file +*/ +static NTSTATUS unixuid_seek(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, struct smb_seek *io) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, seek, (ntvfs, req, io)); + + return status; +} + +/* + flush a file +*/ +static NTSTATUS unixuid_flush(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, struct smb_flush *io) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, flush, (ntvfs, req, io)); + + return status; +} + +/* + close a file +*/ +static NTSTATUS unixuid_close(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, union smb_close *io) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, close, (ntvfs, req, io)); + + return status; +} + +/* + exit - closing files +*/ +static NTSTATUS unixuid_exit(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, exit, (ntvfs, req)); + + return status; +} + +/* + logoff - closing files +*/ +static NTSTATUS unixuid_logoff(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, logoff, (ntvfs, req)); + + return status; +} + +/* + lock a byte range +*/ +static NTSTATUS unixuid_lock(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, union smb_lock *lck) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, lock, (ntvfs, req, lck)); + + return status; +} + +/* + set info on a open file +*/ +static NTSTATUS unixuid_setfileinfo(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, + union smb_setfileinfo *info) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, setfileinfo, (ntvfs, req, info)); + + return status; +} + + +/* + return filesystem space info +*/ +static NTSTATUS unixuid_fsinfo(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, union smb_fsinfo *fs) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, fsinfo, (ntvfs, req, fs)); + + return status; +} + +/* + return print queue info +*/ +static NTSTATUS unixuid_lpq(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, union smb_lpq *lpq) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, lpq, (ntvfs, req, lpq)); + + return status; +} + +/* + list files in a directory matching a wildcard pattern +*/ +static NTSTATUS unixuid_search_first(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, union smb_search_first *io, + void *search_private, + BOOL (*callback)(void *, union smb_search_data *)) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, search_first, (ntvfs, req, io, search_private, callback)); + + return status; +} + +/* continue a search */ +static NTSTATUS unixuid_search_next(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, union smb_search_next *io, + void *search_private, + BOOL (*callback)(void *, union smb_search_data *)) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, search_next, (ntvfs, req, io, search_private, callback)); + + return status; +} + +/* close a search */ +static NTSTATUS unixuid_search_close(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, union smb_search_close *io) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, search_close, (ntvfs, req, io)); + + return status; +} + +/* SMBtrans - not used on file shares */ +static NTSTATUS unixuid_trans(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, struct smb_trans2 *trans2) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, trans, (ntvfs, req, trans2)); + + return status; +} + +/* + initialise the unixuid backend, registering ourselves with the ntvfs subsystem + */ +NTSTATUS ntvfs_unixuid_init(void) +{ + NTSTATUS ret; + struct ntvfs_ops ops; + + ZERO_STRUCT(ops); + + /* fill in the name and type */ + ops.name = "unixuid"; + ops.type = NTVFS_DISK; + + /* fill in all the operations */ + ops.connect = unixuid_connect; + ops.disconnect = unixuid_disconnect; + ops.unlink = unixuid_unlink; + ops.chkpath = unixuid_chkpath; + ops.qpathinfo = unixuid_qpathinfo; + ops.setpathinfo = unixuid_setpathinfo; + ops.open = unixuid_open; + ops.mkdir = unixuid_mkdir; + ops.rmdir = unixuid_rmdir; + ops.rename = unixuid_rename; + ops.copy = unixuid_copy; + ops.ioctl = unixuid_ioctl; + ops.read = unixuid_read; + ops.write = unixuid_write; + ops.seek = unixuid_seek; + ops.flush = unixuid_flush; + ops.close = unixuid_close; + ops.exit = unixuid_exit; + ops.lock = unixuid_lock; + ops.setfileinfo = unixuid_setfileinfo; + ops.qfileinfo = unixuid_qfileinfo; + ops.fsinfo = unixuid_fsinfo; + ops.lpq = unixuid_lpq; + ops.search_first = unixuid_search_first; + ops.search_next = unixuid_search_next; + ops.search_close = unixuid_search_close; + ops.trans = unixuid_trans; + ops.logoff = unixuid_logoff; + + /* register ourselves with the NTVFS subsystem. */ + ret = register_backend("ntvfs", &ops); + + if (!NT_STATUS_IS_OK(ret)) { + DEBUG(0,("Failed to register unixuid backend!\n")); + } + + return ret; +} -- cgit From c5722fb81b14bf067c4c97eda2ee01f1640084f7 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 3 Oct 2004 07:31:32 +0000 Subject: r2796: - changed ldap attributes "UnixID" to "unixID" and "UnixName" to "unixName" to be more ldap traditional - register the unixuid module as all 3 ntvfs backend types, as it doesn't care what type of backend it filters (This used to be commit cd43def6ce280442306f14ca61508b4f7eb92cb6) --- source4/ntvfs/unixuid/vfs_unixuid.c | 41 +++++++++++++++++++++---------------- 1 file changed, 23 insertions(+), 18 deletions(-) (limited to 'source4/ntvfs/unixuid/vfs_unixuid.c') diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c index 6eef6dbc37..de759f6e5f 100644 --- a/source4/ntvfs/unixuid/vfs_unixuid.c +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -35,7 +35,7 @@ static NTSTATUS sid_to_unixuid(struct ntvfs_module_context *ntvfs, struct smbsrv_request *req, struct dom_sid *sid, uid_t *uid) { struct unixuid_private *private = ntvfs->private_data; - const char *attrs[] = { "sAMAccountName", "UnixID", "UnixName", "sAMAccountType", NULL }; + const char *attrs[] = { "sAMAccountName", "unixID", "unixName", "sAMAccountType", NULL }; int ret; const char *s; void *ctx; @@ -47,7 +47,7 @@ static NTSTATUS sid_to_unixuid(struct ntvfs_module_context *ntvfs, ret = samdb_search(private->samctx, ctx, NULL, &res, attrs, "objectSid=%s", sidstr); if (ret != 1) { - DEBUG(2,("Unable to map sid %s to unix uid\n", sidstr)); + DEBUG(0,("sid_to_unixuid: unable to find sam record for sid %s\n", sidstr)); talloc_free(ctx); return NT_STATUS_ACCESS_DENIED; } @@ -60,7 +60,7 @@ static NTSTATUS sid_to_unixuid(struct ntvfs_module_context *ntvfs, } /* first try to get the uid directly */ - s = samdb_result_string(res[0], "UnixID", NULL); + s = samdb_result_string(res[0], "unixID", NULL); if (s != NULL) { *uid = strtoul(s, NULL, 0); talloc_free(ctx); @@ -68,11 +68,11 @@ static NTSTATUS sid_to_unixuid(struct ntvfs_module_context *ntvfs, } /* next try via the UnixName attribute */ - s = samdb_result_string(res[0], "UnixName", NULL); + s = samdb_result_string(res[0], "unixName", NULL); if (s != NULL) { struct passwd *pwd = getpwnam(s); if (!pwd) { - DEBUG(0,("UnixName %s for sid %s does not exist as a local user\n", s, sidstr)); + DEBUG(0,("unixName %s for sid %s does not exist as a local user\n", s, sidstr)); talloc_free(ctx); return NT_STATUS_ACCESS_DENIED; } @@ -109,7 +109,7 @@ static NTSTATUS sid_to_unixgid(struct ntvfs_module_context *ntvfs, struct smbsrv_request *req, struct dom_sid *sid, gid_t *gid) { struct unixuid_private *private = ntvfs->private_data; - const char *attrs[] = { "sAMAccountName", "UnixID", "UnixName", "sAMAccountType", NULL }; + const char *attrs[] = { "sAMAccountName", "unixID", "unixName", "sAMAccountType", NULL }; int ret; const char *s; void *ctx; @@ -121,7 +121,7 @@ static NTSTATUS sid_to_unixgid(struct ntvfs_module_context *ntvfs, ret = samdb_search(private->samctx, ctx, NULL, &res, attrs, "objectSid=%s", sidstr); if (ret != 1) { - DEBUG(2,("Unable to map sid %s to unix gid\n", sidstr)); + DEBUG(0,("sid_to_unixgid: unable to find sam record for sid %s\n", sidstr)); talloc_free(ctx); return NT_STATUS_ACCESS_DENIED; } @@ -134,7 +134,7 @@ static NTSTATUS sid_to_unixgid(struct ntvfs_module_context *ntvfs, } /* first try to get the gid directly */ - s = samdb_result_string(res[0], "UnixID", NULL); + s = samdb_result_string(res[0], "unixID", NULL); if (s != NULL) { *gid = strtoul(s, NULL, 0); talloc_free(ctx); @@ -142,11 +142,11 @@ static NTSTATUS sid_to_unixgid(struct ntvfs_module_context *ntvfs, } /* next try via the UnixName attribute */ - s = samdb_result_string(res[0], "UnixName", NULL); + s = samdb_result_string(res[0], "unixName", NULL); if (s != NULL) { struct group *grp = getgrnam(s); if (!grp) { - DEBUG(0,("UnixName '%s' for sid %s does not exist as a local group\n", s, sidstr)); + DEBUG(0,("unixName '%s' for sid %s does not exist as a local group\n", s, sidstr)); talloc_free(ctx); return NT_STATUS_ACCESS_DENIED; } @@ -708,10 +708,6 @@ NTSTATUS ntvfs_unixuid_init(void) ZERO_STRUCT(ops); - /* fill in the name and type */ - ops.name = "unixuid"; - ops.type = NTVFS_DISK; - /* fill in all the operations */ ops.connect = unixuid_connect; ops.disconnect = unixuid_disconnect; @@ -742,12 +738,21 @@ NTSTATUS ntvfs_unixuid_init(void) ops.trans = unixuid_trans; ops.logoff = unixuid_logoff; - /* register ourselves with the NTVFS subsystem. */ + ops.name = "unixuid"; + + /* we register under all 3 backend types, as we are not type specific */ + ops.type = NTVFS_DISK; ret = register_backend("ntvfs", &ops); + if (!NT_STATUS_IS_OK(ret)) goto failed; - if (!NT_STATUS_IS_OK(ret)) { - DEBUG(0,("Failed to register unixuid backend!\n")); - } + ops.type = NTVFS_PRINT; + ret = register_backend("ntvfs", &ops); + if (!NT_STATUS_IS_OK(ret)) goto failed; + + ops.type = NTVFS_IPC; + ret = register_backend("ntvfs", &ops); + if (!NT_STATUS_IS_OK(ret)) goto failed; +failed: return ret; } -- cgit From fe3294f7f02c7ed57aab8ea17f0072f721284a8c Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 3 Oct 2004 10:25:06 +0000 Subject: r2803: allow unixuid module to work with foreign security principles (This used to be commit f522728728fa523ce7d9e73c93b27e71f3757d50) --- source4/ntvfs/unixuid/vfs_unixuid.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'source4/ntvfs/unixuid/vfs_unixuid.c') diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c index de759f6e5f..ae29fd7bea 100644 --- a/source4/ntvfs/unixuid/vfs_unixuid.c +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -41,6 +41,7 @@ static NTSTATUS sid_to_unixuid(struct ntvfs_module_context *ntvfs, void *ctx; struct ldb_message **res; const char *sidstr; + uint_t atype; ctx = talloc(req, 0); sidstr = dom_sid_string(ctx, sid); @@ -53,7 +54,8 @@ static NTSTATUS sid_to_unixuid(struct ntvfs_module_context *ntvfs, } /* make sure its a user, not a group */ - if (samdb_result_uint(res[0], "sAMAccountType", 0) != ATYPE_NORMAL_ACCOUNT) { + atype = samdb_result_uint(res[0], "sAMAccountType", 0); + if (atype && atype != ATYPE_NORMAL_ACCOUNT) { DEBUG(0,("sid_to_unixuid: sid %s is not ATYPE_NORMAL_ACCOUNT\n", sidstr)); talloc_free(ctx); return NT_STATUS_ACCESS_DENIED; @@ -95,7 +97,7 @@ static NTSTATUS sid_to_unixuid(struct ntvfs_module_context *ntvfs, return NT_STATUS_OK; } - DEBUG(0,("No sAMAccountName for sid %s!?\n", sidstr)); + DEBUG(0,("sid_to_unixuid: no unixID, unixName or sAMAccountName for sid %s\n", sidstr)); talloc_free(ctx); return NT_STATUS_ACCESS_DENIED; @@ -115,6 +117,7 @@ static NTSTATUS sid_to_unixgid(struct ntvfs_module_context *ntvfs, void *ctx; struct ldb_message **res; const char *sidstr; + uint_t atype; ctx = talloc(req, 0); sidstr = dom_sid_string(ctx, sid); @@ -127,7 +130,8 @@ static NTSTATUS sid_to_unixgid(struct ntvfs_module_context *ntvfs, } /* make sure its not a user */ - if (samdb_result_uint(res[0], "sAMAccountType", 0) == ATYPE_NORMAL_ACCOUNT) { + atype = samdb_result_uint(res[0], "sAMAccountType", 0); + if (atype && atype == ATYPE_NORMAL_ACCOUNT) { DEBUG(0,("sid_to_unixgid: sid %s is a ATYPE_NORMAL_ACCOUNT\n", sidstr)); talloc_free(ctx); return NT_STATUS_ACCESS_DENIED; @@ -169,7 +173,7 @@ static NTSTATUS sid_to_unixgid(struct ntvfs_module_context *ntvfs, return NT_STATUS_OK; } - DEBUG(0,("No sAMAccountName for sid %s!?\n", sidstr)); + DEBUG(0,("sid_to_unixgid: no unixID, unixName or sAMAccountName for sid %s\n", sidstr)); talloc_free(ctx); return NT_STATUS_ACCESS_DENIED; -- cgit From ca23572f700a059970e0d0e08ee4feef972f326f Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 12 Oct 2004 05:59:56 +0000 Subject: r2930: added a security context cache to the unixuid module. The module doesn't actually leave us in the requested sec context between requests yet, but it does prevent us from doing the samdb lookup on every packet. This change speeds up the BASE-MANGLE test against Samba4 with 5000 operations from 61 seconds to 16 seconds. For reference, Samba3 takes 27 seconds for the same test (the string and filename handling in Samba4 is much more efficient than Samba3) (This used to be commit da0481ac75a01270897da5aa24dbb2b431928b30) --- source4/ntvfs/unixuid/vfs_unixuid.c | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) (limited to 'source4/ntvfs/unixuid/vfs_unixuid.c') diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c index ae29fd7bea..846bd66179 100644 --- a/source4/ntvfs/unixuid/vfs_unixuid.c +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -25,6 +25,8 @@ struct unixuid_private { void *samctx; + struct unix_sec_ctx *last_sec_ctx; + struct auth_session_info *last_session_info; }; @@ -279,6 +281,7 @@ static NTSTATUS authinfo_to_unix_security(struct ntvfs_module_context *ntvfs, static NTSTATUS unixuid_setup_security(struct ntvfs_module_context *ntvfs, struct smbsrv_request *req, struct unix_sec_ctx **sec) { + struct unixuid_private *private = ntvfs->private_data; struct auth_serversupplied_info *info = req->session->session_info->server_info; void *ctx = talloc(req, 0); struct unix_sec_ctx *newsec; @@ -289,10 +292,20 @@ static NTSTATUS unixuid_setup_security(struct ntvfs_module_context *ntvfs, return NT_STATUS_NO_MEMORY; } - status = authinfo_to_unix_security(ntvfs, req, info, &newsec); - if (!NT_STATUS_IS_OK(status)) { - talloc_free(ctx); - return status; + if (req->session->session_info == private->last_session_info) { + newsec = private->last_sec_ctx; + } else { + status = authinfo_to_unix_security(ntvfs, req, info, &newsec); + if (!NT_STATUS_IS_OK(status)) { + talloc_free(ctx); + return status; + } + if (private->last_sec_ctx) { + talloc_free(private->last_sec_ctx); + } + private->last_sec_ctx = newsec; + private->last_session_info = req->session->session_info; + talloc_steal(private, newsec); } status = set_unix_security(newsec); @@ -340,6 +353,8 @@ static NTSTATUS unixuid_connect(struct ntvfs_module_context *ntvfs, } ntvfs->private_data = private; + private->last_sec_ctx = NULL; + private->last_session_info = NULL; PASS_THRU_REQ(ntvfs, req, connect, (ntvfs, req, sharename)); @@ -591,10 +606,13 @@ static NTSTATUS unixuid_exit(struct ntvfs_module_context *ntvfs, static NTSTATUS unixuid_logoff(struct ntvfs_module_context *ntvfs, struct smbsrv_request *req) { + struct unixuid_private *private = ntvfs->private_data; NTSTATUS status; PASS_THRU_REQ(ntvfs, req, logoff, (ntvfs, req)); + private->last_session_info = NULL; + return status; } -- cgit From 59d3259171c04f86ea94909493e173fec147d9ae Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 12 Oct 2004 11:30:48 +0000 Subject: r2934: - changed the unixuid module to use the nt_user_token instead of the server supplied info structure. - added SID_WORLD and SID_NETWORK to the foreign sids in the provisioning, as these are auto-added to the nt_user_token (why is that done? Andrew?) (This used to be commit 1dff12fba88827660a2647457867bf4ff6bc8d3d) --- source4/ntvfs/unixuid/vfs_unixuid.c | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-) (limited to 'source4/ntvfs/unixuid/vfs_unixuid.c') diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c index 846bd66179..a5934a07fa 100644 --- a/source4/ntvfs/unixuid/vfs_unixuid.c +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -26,7 +26,7 @@ struct unixuid_private { void *samctx; struct unix_sec_ctx *last_sec_ctx; - struct auth_session_info *last_session_info; + struct nt_user_token *last_token; }; @@ -238,35 +238,40 @@ static NTSTATUS set_unix_security(struct unix_sec_ctx *sec) } /* - form a unix_sec_ctx from the current session info + form a unix_sec_ctx from the current nt_user_token */ -static NTSTATUS authinfo_to_unix_security(struct ntvfs_module_context *ntvfs, +static NTSTATUS nt_token_to_unix_security(struct ntvfs_module_context *ntvfs, struct smbsrv_request *req, - struct auth_serversupplied_info *info, + struct nt_user_token *token, struct unix_sec_ctx **sec) { int i; NTSTATUS status; *sec = talloc_p(req, struct unix_sec_ctx); - status = sid_to_unixuid(ntvfs, req, info->user_sid, &(*sec)->uid); + /* we can't do unix security without a user and group */ + if (token->num_sids < 2) { + return NT_STATUS_ACCESS_DENIED; + } + + status = sid_to_unixuid(ntvfs, req, token->user_sids[0], &(*sec)->uid); if (!NT_STATUS_IS_OK(status)) { return status; } - status = sid_to_unixgid(ntvfs, req, info->primary_group_sid, &(*sec)->gid); + status = sid_to_unixgid(ntvfs, req, token->user_sids[1], &(*sec)->gid); if (!NT_STATUS_IS_OK(status)) { return status; } - (*sec)->ngroups = info->n_domain_groups; + (*sec)->ngroups = token->num_sids - 2; (*sec)->groups = talloc_array_p(*sec, gid_t, (*sec)->ngroups); if ((*sec)->groups == NULL) { return NT_STATUS_NO_MEMORY; } for (i=0;i<(*sec)->ngroups;i++) { - status = sid_to_unixgid(ntvfs, req, info->domain_groups[i], &(*sec)->groups[i]); + status = sid_to_unixgid(ntvfs, req, token->user_sids[i+2], &(*sec)->groups[i]); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -282,7 +287,7 @@ static NTSTATUS unixuid_setup_security(struct ntvfs_module_context *ntvfs, struct smbsrv_request *req, struct unix_sec_ctx **sec) { struct unixuid_private *private = ntvfs->private_data; - struct auth_serversupplied_info *info = req->session->session_info->server_info; + struct nt_user_token *token = req->session->session_info->nt_user_token; void *ctx = talloc(req, 0); struct unix_sec_ctx *newsec; NTSTATUS status; @@ -292,10 +297,10 @@ static NTSTATUS unixuid_setup_security(struct ntvfs_module_context *ntvfs, return NT_STATUS_NO_MEMORY; } - if (req->session->session_info == private->last_session_info) { + if (req->session->session_info->nt_user_token == private->last_token) { newsec = private->last_sec_ctx; } else { - status = authinfo_to_unix_security(ntvfs, req, info, &newsec); + status = nt_token_to_unix_security(ntvfs, req, token, &newsec); if (!NT_STATUS_IS_OK(status)) { talloc_free(ctx); return status; @@ -304,7 +309,7 @@ static NTSTATUS unixuid_setup_security(struct ntvfs_module_context *ntvfs, talloc_free(private->last_sec_ctx); } private->last_sec_ctx = newsec; - private->last_session_info = req->session->session_info; + private->last_token = req->session->session_info->nt_user_token; talloc_steal(private, newsec); } @@ -354,7 +359,7 @@ static NTSTATUS unixuid_connect(struct ntvfs_module_context *ntvfs, ntvfs->private_data = private; private->last_sec_ctx = NULL; - private->last_session_info = NULL; + private->last_token = NULL; PASS_THRU_REQ(ntvfs, req, connect, (ntvfs, req, sharename)); @@ -611,7 +616,7 @@ static NTSTATUS unixuid_logoff(struct ntvfs_module_context *ntvfs, PASS_THRU_REQ(ntvfs, req, logoff, (ntvfs, req)); - private->last_session_info = NULL; + private->last_token = NULL; return status; } -- cgit From e81230df4b99c4cdcb80648809e62aead3e0ec28 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 17 Oct 2004 22:03:33 +0000 Subject: r3024: run the *_connect() NTVFS initialisation operation as root, to allow backends to open databases and perform any other privileged operations that might be needed. (This used to be commit 54fd395025656d9b264ba1c1fab6e3ce8ca3d357) --- source4/ntvfs/unixuid/vfs_unixuid.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'source4/ntvfs/unixuid/vfs_unixuid.c') diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c index a5934a07fa..542b011c67 100644 --- a/source4/ntvfs/unixuid/vfs_unixuid.c +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -361,7 +361,10 @@ static NTSTATUS unixuid_connect(struct ntvfs_module_context *ntvfs, private->last_sec_ctx = NULL; private->last_token = NULL; - PASS_THRU_REQ(ntvfs, req, connect, (ntvfs, req, sharename)); + /* we don't use PASS_THRU_REQ here, as the connect operation runs with + root privileges. This allows the backends to setup any database + links they might need during the connect. */ + status = ntvfs_next_connect(ntvfs, req, sharename); return status; } -- cgit From 142d295aa8e70477c85d1835f2907f81c4c3c519 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 18 Oct 2004 13:27:22 +0000 Subject: r3039: This solves the problem of async handlers in ntvfs backends not being in the right state when called. For example, when we use the unixuid handler in the chain of handlers, and a backend decides to continue a call asynchronously then we need to ensure that the continuation happens with the right security context. The solution is to add a new ntvfs operation ntvfs_async_setup(), which calls all the way down through the layers, setting up anything that is required, and takes a private pointer. The backend wanting to make a async calls can use ntvfs_async_setup() to ensure that the modules above it are called when doing async processing. (This used to be commit a256e71029727fa1659ade6257085df537308c7d) --- source4/ntvfs/unixuid/vfs_unixuid.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'source4/ntvfs/unixuid/vfs_unixuid.c') diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c index 542b011c67..d0060bf11d 100644 --- a/source4/ntvfs/unixuid/vfs_unixuid.c +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -624,6 +624,20 @@ static NTSTATUS unixuid_logoff(struct ntvfs_module_context *ntvfs, return status; } +/* + async setup +*/ +static NTSTATUS unixuid_async_setup(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, + void *private) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, async_setup, (ntvfs, req, private)); + + return status; +} + /* lock a byte range */ @@ -767,6 +781,7 @@ NTSTATUS ntvfs_unixuid_init(void) ops.search_close = unixuid_search_close; ops.trans = unixuid_trans; ops.logoff = unixuid_logoff; + ops.async_setup = unixuid_async_setup; ops.name = "unixuid"; -- cgit From f7c6a9438dba17032aea102d18b44c6d96ae470b Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 25 Oct 2004 04:16:57 +0000 Subject: r3185: Machines can login with krb5, so we need to allow them to map to a unix account. Andrew Bartlett (This used to be commit fbe932ddd4282c3d8af8a28fdd0cee83d0c8f4f3) --- source4/ntvfs/unixuid/vfs_unixuid.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/ntvfs/unixuid/vfs_unixuid.c') diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c index d0060bf11d..440ebd21c8 100644 --- a/source4/ntvfs/unixuid/vfs_unixuid.c +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -57,8 +57,8 @@ static NTSTATUS sid_to_unixuid(struct ntvfs_module_context *ntvfs, /* make sure its a user, not a group */ atype = samdb_result_uint(res[0], "sAMAccountType", 0); - if (atype && atype != ATYPE_NORMAL_ACCOUNT) { - DEBUG(0,("sid_to_unixuid: sid %s is not ATYPE_NORMAL_ACCOUNT\n", sidstr)); + if (!atype || (!(atype & ATYPE_ACCOUNT))) { + DEBUG(0,("sid_to_unixuid: sid %s is not an account!\n", sidstr)); talloc_free(ctx); return NT_STATUS_ACCESS_DENIED; } -- cgit From fbb44e96169cb0b18cb0a242fd412a88c16faadb Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 27 Oct 2004 13:38:30 +0000 Subject: r3290: allow SID_ANONYMOUS ( "S-1-5-7" ) to be the users sid metze (This used to be commit 177afd4855c66f46c82899b46f030803be63d52a) --- source4/ntvfs/unixuid/vfs_unixuid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/ntvfs/unixuid/vfs_unixuid.c') diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c index 440ebd21c8..062f6b1b85 100644 --- a/source4/ntvfs/unixuid/vfs_unixuid.c +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -57,7 +57,7 @@ static NTSTATUS sid_to_unixuid(struct ntvfs_module_context *ntvfs, /* make sure its a user, not a group */ atype = samdb_result_uint(res[0], "sAMAccountType", 0); - if (!atype || (!(atype & ATYPE_ACCOUNT))) { + if (atype && (!(atype & ATYPE_ACCOUNT))) { DEBUG(0,("sid_to_unixuid: sid %s is not an account!\n", sidstr)); talloc_free(ctx); return NT_STATUS_ACCESS_DENIED; -- cgit From edbfc0f6e70150e321822365bf0eead2821551bd Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 2 Nov 2004 02:57:18 +0000 Subject: r3453: - split out the auth and popt includes - tidied up some of the system includes - moved a few more structures back from misc.idl to netlogon.idl and samr.idl now that pidl knows about inter-IDL dependencies (This used to be commit 7b7477ac42d96faac1b0ff361525d2c63cedfc64) --- source4/ntvfs/unixuid/vfs_unixuid.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/ntvfs/unixuid/vfs_unixuid.c') diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c index 062f6b1b85..296dadcfe4 100644 --- a/source4/ntvfs/unixuid/vfs_unixuid.c +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -22,6 +22,7 @@ */ #include "includes.h" +#include "auth/auth.h" struct unixuid_private { void *samctx; -- cgit From 2df2d1b67f9bf2907f452688b2c54b73052cfb49 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 2 Nov 2004 04:51:57 +0000 Subject: r3461: another place where "open" was used as a structure element (This used to be commit 1087ea830e7aead86d54a1836512e88554afc919) --- source4/ntvfs/unixuid/vfs_unixuid.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source4/ntvfs/unixuid/vfs_unixuid.c') diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c index 296dadcfe4..9c74c12f91 100644 --- a/source4/ntvfs/unixuid/vfs_unixuid.c +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -469,12 +469,12 @@ static NTSTATUS unixuid_setpathinfo(struct ntvfs_module_context *ntvfs, /* open a file */ -static NTSTATUS unixuid_open(struct ntvfs_module_context *ntvfs, - struct smbsrv_request *req, union smb_open *io) +static NTSTATUS unixuid_openfile(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req, union smb_open *io) { NTSTATUS status; - PASS_THRU_REQ(ntvfs, req, open, (ntvfs, req, io)); + PASS_THRU_REQ(ntvfs, req, openfile, (ntvfs, req, io)); return status; } @@ -760,7 +760,7 @@ NTSTATUS ntvfs_unixuid_init(void) ops.chkpath = unixuid_chkpath; ops.qpathinfo = unixuid_qpathinfo; ops.setpathinfo = unixuid_setpathinfo; - ops.open = unixuid_open; + ops.openfile = unixuid_openfile; ops.mkdir = unixuid_mkdir; ops.rmdir = unixuid_rmdir; ops.rename = unixuid_rename; -- cgit From aa34fcebf8aa0660574a7c6976b33b3f37985e27 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 2 Nov 2004 07:18:24 +0000 Subject: r3466: split out request.h, signing.h, and smb_server.h (This used to be commit 7c4e6ebf05790dd6e29896dd316db0fff613aa4e) --- source4/ntvfs/unixuid/vfs_unixuid.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/ntvfs/unixuid/vfs_unixuid.c') diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c index 9c74c12f91..9b62c38e13 100644 --- a/source4/ntvfs/unixuid/vfs_unixuid.c +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -23,6 +23,7 @@ #include "includes.h" #include "auth/auth.h" +#include "smb_server/smb_server.h" struct unixuid_private { void *samctx; -- cgit From c870ae8b898d3bcc81ed9fd1afd505d78dea52cc Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 4 Nov 2004 11:28:38 +0000 Subject: r3528: added support for the SMBntcancel() operation, which cancels any outstanding async operation (triggering an immediate timeout). pvfs now passes the RAW-MUX test (This used to be commit 3423e2f41461d054067ef168b9b986f62cc8f77c) --- source4/ntvfs/unixuid/vfs_unixuid.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'source4/ntvfs/unixuid/vfs_unixuid.c') diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c index 9b62c38e13..7f8f8acf99 100644 --- a/source4/ntvfs/unixuid/vfs_unixuid.c +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -640,6 +640,19 @@ static NTSTATUS unixuid_async_setup(struct ntvfs_module_context *ntvfs, return status; } +/* + cancel an async request +*/ +static NTSTATUS unixuid_cancel(struct ntvfs_module_context *ntvfs, + struct smbsrv_request *req) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, cancel, (ntvfs, req)); + + return status; +} + /* lock a byte range */ @@ -784,6 +797,7 @@ NTSTATUS ntvfs_unixuid_init(void) ops.trans = unixuid_trans; ops.logoff = unixuid_logoff; ops.async_setup = unixuid_async_setup; + ops.cancel = unixuid_cancel; ops.name = "unixuid"; -- cgit From 31ded4901b4529ad2e49871502cab5ecba71483a Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 14 Nov 2004 22:23:23 +0000 Subject: r3737: - Get rid of the register_subsystem() and register_backend() functions. - Re-disable tdbtool (it was building fine on my Debian box but other machines were having problems) (This used to be commit 0d7bb2c40b7a9ed59df3f8944133ea562697e814) --- source4/ntvfs/unixuid/vfs_unixuid.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source4/ntvfs/unixuid/vfs_unixuid.c') diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c index 7f8f8acf99..4520df59fc 100644 --- a/source4/ntvfs/unixuid/vfs_unixuid.c +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -803,15 +803,15 @@ NTSTATUS ntvfs_unixuid_init(void) /* we register under all 3 backend types, as we are not type specific */ ops.type = NTVFS_DISK; - ret = register_backend("ntvfs", &ops); + ret = ntvfs_register(&ops); if (!NT_STATUS_IS_OK(ret)) goto failed; ops.type = NTVFS_PRINT; - ret = register_backend("ntvfs", &ops); + ret = ntvfs_register(&ops); if (!NT_STATUS_IS_OK(ret)) goto failed; ops.type = NTVFS_IPC; - ret = register_backend("ntvfs", &ops); + ret = ntvfs_register(&ops); if (!NT_STATUS_IS_OK(ret)) goto failed; failed: -- cgit From bc7b4abc3a85e78a73d401345265b2c022f0f04d Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 18 Nov 2004 03:31:35 +0000 Subject: r3832: added NT ACL query/set to the posix NTVFS backend. The default ACL is based on the current nttoken, which is completely wrong, but works as a start. The ACL is stored in the xattr system.DosAcl, using a NDR encoded IDL union with a version number to allow for future expansion. pvfs does not yet check the ACL for file access. At the moment the ACL is just query/set. We also need to do some RPC work to allow the windows ACL editor to be used. At the moment is queries the ACL fine, but displays an error when it fails to map the SIDs via rpc. (This used to be commit 3a1f20d874ab2d8b2a2f2485b7a705847abf1263) --- source4/ntvfs/unixuid/vfs_unixuid.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source4/ntvfs/unixuid/vfs_unixuid.c') diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c index 4520df59fc..674ce3e5cf 100644 --- a/source4/ntvfs/unixuid/vfs_unixuid.c +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -294,6 +294,10 @@ static NTSTATUS unixuid_setup_security(struct ntvfs_module_context *ntvfs, struct unix_sec_ctx *newsec; NTSTATUS status; + if (req->session == NULL) { + return NT_STATUS_ACCESS_DENIED; + } + *sec = save_unix_security(req); if (*sec == NULL) { return NT_STATUS_NO_MEMORY; -- cgit From 6895228b5c911a0859274dc7e3d427dd9cadeeca Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 27 Nov 2004 00:24:36 +0000 Subject: r3982: split out the sid -> uid/gid mapping routines into a ntvfs_sidmap subsystem. This is in preparation for adding better default ACL generation in pvfs, which will require uid/gid -> sid mapping. (This used to be commit b31108e49247495d98cf7c12ee303b12a9e44e92) --- source4/ntvfs/unixuid/vfs_unixuid.c | 166 +++--------------------------------- 1 file changed, 10 insertions(+), 156 deletions(-) (limited to 'source4/ntvfs/unixuid/vfs_unixuid.c') diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c index 674ce3e5cf..0535475dd3 100644 --- a/source4/ntvfs/unixuid/vfs_unixuid.c +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -26,162 +26,12 @@ #include "smb_server/smb_server.h" struct unixuid_private { - void *samctx; + struct sidmap_context *sidmap; struct unix_sec_ctx *last_sec_ctx; struct nt_user_token *last_token; }; -/* - map a sid to a unix uid -*/ -static NTSTATUS sid_to_unixuid(struct ntvfs_module_context *ntvfs, - struct smbsrv_request *req, struct dom_sid *sid, uid_t *uid) -{ - struct unixuid_private *private = ntvfs->private_data; - const char *attrs[] = { "sAMAccountName", "unixID", "unixName", "sAMAccountType", NULL }; - int ret; - const char *s; - void *ctx; - struct ldb_message **res; - const char *sidstr; - uint_t atype; - - ctx = talloc(req, 0); - sidstr = dom_sid_string(ctx, sid); - - ret = samdb_search(private->samctx, ctx, NULL, &res, attrs, "objectSid=%s", sidstr); - if (ret != 1) { - DEBUG(0,("sid_to_unixuid: unable to find sam record for sid %s\n", sidstr)); - talloc_free(ctx); - return NT_STATUS_ACCESS_DENIED; - } - - /* make sure its a user, not a group */ - atype = samdb_result_uint(res[0], "sAMAccountType", 0); - if (atype && (!(atype & ATYPE_ACCOUNT))) { - DEBUG(0,("sid_to_unixuid: sid %s is not an account!\n", sidstr)); - talloc_free(ctx); - return NT_STATUS_ACCESS_DENIED; - } - - /* first try to get the uid directly */ - s = samdb_result_string(res[0], "unixID", NULL); - if (s != NULL) { - *uid = strtoul(s, NULL, 0); - talloc_free(ctx); - return NT_STATUS_OK; - } - - /* next try via the UnixName attribute */ - s = samdb_result_string(res[0], "unixName", NULL); - if (s != NULL) { - struct passwd *pwd = getpwnam(s); - if (!pwd) { - DEBUG(0,("unixName %s for sid %s does not exist as a local user\n", s, sidstr)); - talloc_free(ctx); - return NT_STATUS_ACCESS_DENIED; - } - *uid = pwd->pw_uid; - talloc_free(ctx); - return NT_STATUS_OK; - } - - /* finally try via the sAMAccountName attribute */ - s = samdb_result_string(res[0], "sAMAccountName", NULL); - if (s != NULL) { - struct passwd *pwd = getpwnam(s); - if (!pwd) { - DEBUG(0,("sAMAccountName '%s' for sid %s does not exist as a local user\n", s, sidstr)); - talloc_free(ctx); - return NT_STATUS_ACCESS_DENIED; - } - *uid = pwd->pw_uid; - talloc_free(ctx); - return NT_STATUS_OK; - } - - DEBUG(0,("sid_to_unixuid: no unixID, unixName or sAMAccountName for sid %s\n", sidstr)); - - talloc_free(ctx); - return NT_STATUS_ACCESS_DENIED; -} - - -/* - map a sid to a unix gid -*/ -static NTSTATUS sid_to_unixgid(struct ntvfs_module_context *ntvfs, - struct smbsrv_request *req, struct dom_sid *sid, gid_t *gid) -{ - struct unixuid_private *private = ntvfs->private_data; - const char *attrs[] = { "sAMAccountName", "unixID", "unixName", "sAMAccountType", NULL }; - int ret; - const char *s; - void *ctx; - struct ldb_message **res; - const char *sidstr; - uint_t atype; - - ctx = talloc(req, 0); - sidstr = dom_sid_string(ctx, sid); - - ret = samdb_search(private->samctx, ctx, NULL, &res, attrs, "objectSid=%s", sidstr); - if (ret != 1) { - DEBUG(0,("sid_to_unixgid: unable to find sam record for sid %s\n", sidstr)); - talloc_free(ctx); - return NT_STATUS_ACCESS_DENIED; - } - - /* make sure its not a user */ - atype = samdb_result_uint(res[0], "sAMAccountType", 0); - if (atype && atype == ATYPE_NORMAL_ACCOUNT) { - DEBUG(0,("sid_to_unixgid: sid %s is a ATYPE_NORMAL_ACCOUNT\n", sidstr)); - talloc_free(ctx); - return NT_STATUS_ACCESS_DENIED; - } - - /* first try to get the gid directly */ - s = samdb_result_string(res[0], "unixID", NULL); - if (s != NULL) { - *gid = strtoul(s, NULL, 0); - talloc_free(ctx); - return NT_STATUS_OK; - } - - /* next try via the UnixName attribute */ - s = samdb_result_string(res[0], "unixName", NULL); - if (s != NULL) { - struct group *grp = getgrnam(s); - if (!grp) { - DEBUG(0,("unixName '%s' for sid %s does not exist as a local group\n", s, sidstr)); - talloc_free(ctx); - return NT_STATUS_ACCESS_DENIED; - } - *gid = grp->gr_gid; - talloc_free(ctx); - return NT_STATUS_OK; - } - - /* finally try via the sAMAccountName attribute */ - s = samdb_result_string(res[0], "sAMAccountName", NULL); - if (s != NULL) { - struct group *grp = getgrnam(s); - if (!grp) { - DEBUG(0,("sAMAccountName '%s' for sid %s does not exist as a local group\n", s, sidstr)); - talloc_free(ctx); - return NT_STATUS_ACCESS_DENIED; - } - *gid = grp->gr_gid; - talloc_free(ctx); - return NT_STATUS_OK; - } - - DEBUG(0,("sid_to_unixgid: no unixID, unixName or sAMAccountName for sid %s\n", sidstr)); - - talloc_free(ctx); - return NT_STATUS_ACCESS_DENIED; -} struct unix_sec_ctx { uid_t uid; @@ -247,6 +97,7 @@ static NTSTATUS nt_token_to_unix_security(struct ntvfs_module_context *ntvfs, struct nt_user_token *token, struct unix_sec_ctx **sec) { + struct unixuid_private *private = ntvfs->private_data; int i; NTSTATUS status; *sec = talloc_p(req, struct unix_sec_ctx); @@ -256,12 +107,14 @@ static NTSTATUS nt_token_to_unix_security(struct ntvfs_module_context *ntvfs, return NT_STATUS_ACCESS_DENIED; } - status = sid_to_unixuid(ntvfs, req, token->user_sids[0], &(*sec)->uid); + status = sidmap_sid_to_unixuid(private->sidmap, + token->user_sids[0], &(*sec)->uid); if (!NT_STATUS_IS_OK(status)) { return status; } - status = sid_to_unixgid(ntvfs, req, token->user_sids[1], &(*sec)->gid); + status = sidmap_sid_to_unixgid(private->sidmap, + token->user_sids[1], &(*sec)->gid); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -273,7 +126,8 @@ static NTSTATUS nt_token_to_unix_security(struct ntvfs_module_context *ntvfs, } for (i=0;i<(*sec)->ngroups;i++) { - status = sid_to_unixgid(ntvfs, req, token->user_sids[i+2], &(*sec)->groups[i]); + status = sidmap_sid_to_unixgid(private->sidmap, + token->user_sids[i+2], &(*sec)->groups[i]); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -358,8 +212,8 @@ static NTSTATUS unixuid_connect(struct ntvfs_module_context *ntvfs, return NT_STATUS_NO_MEMORY; } - private->samctx = samdb_connect(private); - if (private->samctx == NULL) { + private->sidmap = sidmap_open(private); + if (private->sidmap == NULL) { return NT_STATUS_INTERNAL_DB_CORRUPTION; } -- cgit From 6ca874f71ad77c82d6e161a3e4772100de2ad6c5 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 11 Dec 2004 05:41:19 +0000 Subject: r4147: converted from NT_USER_TOKEN to struct security_token this is mostly just a tidyup, but also adds the privilege_mask, which I will be using shortly in ACL checking. note that I had to move the definition of struct security_token out of security.idl as pidl doesn't yet handle arrays of pointers, and the usual workaround (to use a intermediate structure) would make things too cumbersome for this structure, especially given we never encode it to NDR. (This used to be commit 7b446af09b8050746bfc2c50e9d56aa94397cc1a) --- source4/ntvfs/unixuid/vfs_unixuid.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'source4/ntvfs/unixuid/vfs_unixuid.c') diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c index 0535475dd3..1c4572969f 100644 --- a/source4/ntvfs/unixuid/vfs_unixuid.c +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -28,7 +28,7 @@ struct unixuid_private { struct sidmap_context *sidmap; struct unix_sec_ctx *last_sec_ctx; - struct nt_user_token *last_token; + struct security_token *last_token; }; @@ -90,11 +90,11 @@ static NTSTATUS set_unix_security(struct unix_sec_ctx *sec) } /* - form a unix_sec_ctx from the current nt_user_token + form a unix_sec_ctx from the current security_token */ static NTSTATUS nt_token_to_unix_security(struct ntvfs_module_context *ntvfs, struct smbsrv_request *req, - struct nt_user_token *token, + struct security_token *token, struct unix_sec_ctx **sec) { struct unixuid_private *private = ntvfs->private_data; @@ -108,13 +108,13 @@ static NTSTATUS nt_token_to_unix_security(struct ntvfs_module_context *ntvfs, } status = sidmap_sid_to_unixuid(private->sidmap, - token->user_sids[0], &(*sec)->uid); + token->user_sid, &(*sec)->uid); if (!NT_STATUS_IS_OK(status)) { return status; } status = sidmap_sid_to_unixgid(private->sidmap, - token->user_sids[1], &(*sec)->gid); + token->group_sid, &(*sec)->gid); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -127,7 +127,7 @@ static NTSTATUS nt_token_to_unix_security(struct ntvfs_module_context *ntvfs, for (i=0;i<(*sec)->ngroups;i++) { status = sidmap_sid_to_unixgid(private->sidmap, - token->user_sids[i+2], &(*sec)->groups[i]); + token->sids[i+2], &(*sec)->groups[i]); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -143,7 +143,7 @@ static NTSTATUS unixuid_setup_security(struct ntvfs_module_context *ntvfs, struct smbsrv_request *req, struct unix_sec_ctx **sec) { struct unixuid_private *private = ntvfs->private_data; - struct nt_user_token *token = req->session->session_info->nt_user_token; + struct security_token *token = req->session->session_info->security_token; void *ctx = talloc(req, 0); struct unix_sec_ctx *newsec; NTSTATUS status; @@ -157,7 +157,7 @@ static NTSTATUS unixuid_setup_security(struct ntvfs_module_context *ntvfs, return NT_STATUS_NO_MEMORY; } - if (req->session->session_info->nt_user_token == private->last_token) { + if (req->session->session_info->security_token == private->last_token) { newsec = private->last_sec_ctx; } else { status = nt_token_to_unix_security(ntvfs, req, token, &newsec); @@ -169,7 +169,7 @@ static NTSTATUS unixuid_setup_security(struct ntvfs_module_context *ntvfs, talloc_free(private->last_sec_ctx); } private->last_sec_ctx = newsec; - private->last_token = req->session->session_info->nt_user_token; + private->last_token = req->session->session_info->security_token; talloc_steal(private, newsec); } -- cgit From b5b1c52a9850de18e756cdd073cf5f44f26882fe Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 30 Dec 2004 20:34:20 +0000 Subject: r4419: move security_token stuff to the libcli/security/ and debug privileges metze (This used to be commit c981808ed4cfa63c7ba7c4f9190b6b14f74bab40) --- source4/ntvfs/unixuid/vfs_unixuid.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/ntvfs/unixuid/vfs_unixuid.c') diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c index 1c4572969f..f29ed51a49 100644 --- a/source4/ntvfs/unixuid/vfs_unixuid.c +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -23,6 +23,7 @@ #include "includes.h" #include "auth/auth.h" +#include "libcli/security/security.h" #include "smb_server/smb_server.h" struct unixuid_private { -- cgit From cc55aef7c116d03ba2817625b0ba9edb378525e3 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 6 Jan 2005 02:32:43 +0000 Subject: r4547: - added talloc_new(ctx) macro that is a neater form of the common talloc(ctx, 0) call. - cleaned up some talloc usage in various files I'd like to get to the point that we have no calls to talloc(), at which point we will rename talloc_p() to talloc(), to encourage everyone to use the typesafe functions. (This used to be commit e6c81d7c9f8a6938947d3c1c8a971a0d6d50b67a) --- source4/ntvfs/unixuid/vfs_unixuid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/ntvfs/unixuid/vfs_unixuid.c') diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c index f29ed51a49..a1a5244453 100644 --- a/source4/ntvfs/unixuid/vfs_unixuid.c +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -145,7 +145,7 @@ static NTSTATUS unixuid_setup_security(struct ntvfs_module_context *ntvfs, { struct unixuid_private *private = ntvfs->private_data; struct security_token *token = req->session->session_info->security_token; - void *ctx = talloc(req, 0); + void *ctx = talloc_new(req); struct unix_sec_ctx *newsec; NTSTATUS status; -- cgit From 759da3b915e2006d4c87b5ace47f399accd9ce91 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 27 Jan 2005 07:08:20 +0000 Subject: r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0) --- source4/ntvfs/unixuid/vfs_unixuid.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source4/ntvfs/unixuid/vfs_unixuid.c') diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c index a1a5244453..9915660d9b 100644 --- a/source4/ntvfs/unixuid/vfs_unixuid.c +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -46,7 +46,7 @@ struct unix_sec_ctx { */ static struct unix_sec_ctx *save_unix_security(TALLOC_CTX *mem_ctx) { - struct unix_sec_ctx *sec = talloc_p(mem_ctx, struct unix_sec_ctx); + struct unix_sec_ctx *sec = talloc(mem_ctx, struct unix_sec_ctx); if (sec == NULL) { return NULL; } @@ -57,7 +57,7 @@ static struct unix_sec_ctx *save_unix_security(TALLOC_CTX *mem_ctx) talloc_free(sec); return NULL; } - sec->groups = talloc_array_p(sec, gid_t, sec->ngroups); + sec->groups = talloc_array(sec, gid_t, sec->ngroups); if (sec->groups == NULL) { talloc_free(sec); return NULL; @@ -101,7 +101,7 @@ static NTSTATUS nt_token_to_unix_security(struct ntvfs_module_context *ntvfs, struct unixuid_private *private = ntvfs->private_data; int i; NTSTATUS status; - *sec = talloc_p(req, struct unix_sec_ctx); + *sec = talloc(req, struct unix_sec_ctx); /* we can't do unix security without a user and group */ if (token->num_sids < 2) { @@ -121,7 +121,7 @@ static NTSTATUS nt_token_to_unix_security(struct ntvfs_module_context *ntvfs, } (*sec)->ngroups = token->num_sids - 2; - (*sec)->groups = talloc_array_p(*sec, gid_t, (*sec)->ngroups); + (*sec)->groups = talloc_array(*sec, gid_t, (*sec)->ngroups); if ((*sec)->groups == NULL) { return NT_STATUS_NO_MEMORY; } @@ -208,7 +208,7 @@ static NTSTATUS unixuid_connect(struct ntvfs_module_context *ntvfs, struct unixuid_private *private; NTSTATUS status; - private = talloc_p(req->tcon, struct unixuid_private); + private = talloc(req->tcon, struct unixuid_private); if (!private) { return NT_STATUS_NO_MEMORY; } -- cgit From e82aad1ce39a6b7a2e51b9e2cb494d74ec70e158 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 10 Feb 2005 05:09:35 +0000 Subject: r5298: - got rid of pstring.h from includes.h. This at least makes it a bit less likely that anyone will use pstring for new code - got rid of winbind_client.h from includes.h. This one triggered a huge change, as winbind_client.h was including system/filesys.h and defining the old uint32 and uint16 types, as well as its own pstring and fstring. (This used to be commit 9db6c79e902ec538108d6b7d3324039aabe1704f) --- source4/ntvfs/unixuid/vfs_unixuid.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source4/ntvfs/unixuid/vfs_unixuid.c') diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c index 9915660d9b..d724e7ceb2 100644 --- a/source4/ntvfs/unixuid/vfs_unixuid.c +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -22,6 +22,8 @@ */ #include "includes.h" +#include "system/filesys.h" +#include "system/passwd.h" #include "auth/auth.h" #include "libcli/security/security.h" #include "smb_server/smb_server.h" -- cgit From 3be75a4c6d4b9d86f1b85c75fb2f41c6c0eeec94 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 11 Aug 2005 13:12:45 +0000 Subject: r9240: - move struct security_token to the idl file, with this we can the ndr_pull/push/print functions for it in the ntacl-lsm module - fix compiler warnings in the ldap_encode_ndr_* code metze (This used to be commit 83d65d0d7ed9c240ad44aa2c881c1f07212bfda4) --- source4/ntvfs/unixuid/vfs_unixuid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/ntvfs/unixuid/vfs_unixuid.c') diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c index d724e7ceb2..41b1d7965d 100644 --- a/source4/ntvfs/unixuid/vfs_unixuid.c +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -25,7 +25,7 @@ #include "system/filesys.h" #include "system/passwd.h" #include "auth/auth.h" -#include "libcli/security/security.h" +#include "librpc/gen_ndr/ndr_security.h" #include "smb_server/smb_server.h" struct unixuid_private { -- cgit From ad9022e304ec07e56d2af1aaeb99a6f1faea62aa Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Tue, 16 Aug 2005 10:57:21 +0000 Subject: r9320: Fix premature dereference bug found by Coverty and also get rid of non-used memory context (This used to be commit 127e06492a545940443c93e9aec66eebefa26dc2) --- source4/ntvfs/unixuid/vfs_unixuid.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) (limited to 'source4/ntvfs/unixuid/vfs_unixuid.c') diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c index 41b1d7965d..928ff8241b 100644 --- a/source4/ntvfs/unixuid/vfs_unixuid.c +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -146,8 +146,7 @@ static NTSTATUS unixuid_setup_security(struct ntvfs_module_context *ntvfs, struct smbsrv_request *req, struct unix_sec_ctx **sec) { struct unixuid_private *private = ntvfs->private_data; - struct security_token *token = req->session->session_info->security_token; - void *ctx = talloc_new(req); + struct security_token *token; struct unix_sec_ctx *newsec; NTSTATUS status; @@ -155,6 +154,8 @@ static NTSTATUS unixuid_setup_security(struct ntvfs_module_context *ntvfs, return NT_STATUS_ACCESS_DENIED; } + token = req->session->session_info->security_token; + *sec = save_unix_security(req); if (*sec == NULL) { return NT_STATUS_NO_MEMORY; @@ -165,7 +166,6 @@ static NTSTATUS unixuid_setup_security(struct ntvfs_module_context *ntvfs, } else { status = nt_token_to_unix_security(ntvfs, req, token, &newsec); if (!NT_STATUS_IS_OK(status)) { - talloc_free(ctx); return status; } if (private->last_sec_ctx) { @@ -178,12 +178,9 @@ static NTSTATUS unixuid_setup_security(struct ntvfs_module_context *ntvfs, status = set_unix_security(newsec); if (!NT_STATUS_IS_OK(status)) { - talloc_free(ctx); return status; } - talloc_free(ctx); - return NT_STATUS_OK; } -- cgit From 0a3c167f6bcf08b2204ca49831ca49eef73dcbf4 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 27 Dec 2005 22:51:30 +0000 Subject: r12528: Add seperate proto headers for ntvfs, tdr, smb_server and nbt_server. (This used to be commit 87f665a1d5ba74289974bf9d8f9441c162e6f1b1) --- source4/ntvfs/unixuid/vfs_unixuid.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/ntvfs/unixuid/vfs_unixuid.c') diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c index 928ff8241b..8bdf732735 100644 --- a/source4/ntvfs/unixuid/vfs_unixuid.c +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -27,6 +27,7 @@ #include "auth/auth.h" #include "librpc/gen_ndr/ndr_security.h" #include "smb_server/smb_server.h" +#include "ntvfs/ntvfs.h" struct unixuid_private { struct sidmap_context *sidmap; -- cgit From d4de4c2d210d2e8c9b5aedf70695594809ad6a0b Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 30 Dec 2005 13:16:54 +0000 Subject: r12608: Remove some unused #include lines. (This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981) --- source4/ntvfs/unixuid/vfs_unixuid.c | 1 - 1 file changed, 1 deletion(-) (limited to 'source4/ntvfs/unixuid/vfs_unixuid.c') diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c index 8bdf732735..886ace819e 100644 --- a/source4/ntvfs/unixuid/vfs_unixuid.c +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -25,7 +25,6 @@ #include "system/filesys.h" #include "system/passwd.h" #include "auth/auth.h" -#include "librpc/gen_ndr/ndr_security.h" #include "smb_server/smb_server.h" #include "ntvfs/ntvfs.h" -- cgit From 5497dfe64ad810a2a3fb22da6869d311894bfed0 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 25 Jan 2006 12:19:49 +0000 Subject: r13129: fix the memory hierachie metze (This used to be commit 19205b8d89d3d7e99a65938f59412e0c4e8ac5fe) --- source4/ntvfs/unixuid/vfs_unixuid.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source4/ntvfs/unixuid/vfs_unixuid.c') diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c index 886ace819e..df627bd2d1 100644 --- a/source4/ntvfs/unixuid/vfs_unixuid.c +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -207,7 +207,7 @@ static NTSTATUS unixuid_connect(struct ntvfs_module_context *ntvfs, struct unixuid_private *private; NTSTATUS status; - private = talloc(req->tcon, struct unixuid_private); + private = talloc(ntvfs, struct unixuid_private); if (!private) { return NT_STATUS_NO_MEMORY; } @@ -239,6 +239,7 @@ static NTSTATUS unixuid_disconnect(struct ntvfs_module_context *ntvfs, NTSTATUS status; talloc_free(private); + ntvfs->private_data = NULL; status = ntvfs_next_disconnect(ntvfs, tcon); -- cgit From 86497db6113c4ec3210d671c3fcf957d1026098c Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 10 Mar 2006 14:31:17 +0000 Subject: r14157: - pass a struct ntvfs_request to the ntvfs layer (for now we just do #define ntvfs_request smbsrv_request, but it's the first step...) - rename ntvfs_openfile() -> ntvfs_open() - fix the talloc hierachie in some places in the ntvfs_map_*() code metze (This used to be commit ed9ed1f48f602354810937c0b0de850b44322191) --- source4/ntvfs/unixuid/vfs_unixuid.c | 73 ++++++++++++++++++------------------- 1 file changed, 36 insertions(+), 37 deletions(-) (limited to 'source4/ntvfs/unixuid/vfs_unixuid.c') diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c index df627bd2d1..3b36a6a891 100644 --- a/source4/ntvfs/unixuid/vfs_unixuid.c +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -96,7 +96,7 @@ static NTSTATUS set_unix_security(struct unix_sec_ctx *sec) form a unix_sec_ctx from the current security_token */ static NTSTATUS nt_token_to_unix_security(struct ntvfs_module_context *ntvfs, - struct smbsrv_request *req, + struct ntvfs_request *req, struct security_token *token, struct unix_sec_ctx **sec) { @@ -143,7 +143,7 @@ static NTSTATUS nt_token_to_unix_security(struct ntvfs_module_context *ntvfs, setup our unix security context according to the session authentication info */ static NTSTATUS unixuid_setup_security(struct ntvfs_module_context *ntvfs, - struct smbsrv_request *req, struct unix_sec_ctx **sec) + struct ntvfs_request *req, struct unix_sec_ctx **sec) { struct unixuid_private *private = ntvfs->private_data; struct security_token *token; @@ -202,7 +202,7 @@ static NTSTATUS unixuid_setup_security(struct ntvfs_module_context *ntvfs, connect to a share - used when a tree_connect operation comes in. */ static NTSTATUS unixuid_connect(struct ntvfs_module_context *ntvfs, - struct smbsrv_request *req, const char *sharename) + struct ntvfs_request *req, const char *sharename) { struct unixuid_private *private; NTSTATUS status; @@ -232,8 +232,7 @@ static NTSTATUS unixuid_connect(struct ntvfs_module_context *ntvfs, /* disconnect from a share */ -static NTSTATUS unixuid_disconnect(struct ntvfs_module_context *ntvfs, - struct smbsrv_tcon *tcon) +static NTSTATUS unixuid_disconnect(struct ntvfs_module_context *ntvfs) { struct unixuid_private *private = ntvfs->private_data; NTSTATUS status; @@ -241,7 +240,7 @@ static NTSTATUS unixuid_disconnect(struct ntvfs_module_context *ntvfs, talloc_free(private); ntvfs->private_data = NULL; - status = ntvfs_next_disconnect(ntvfs, tcon); + status = ntvfs_next_disconnect(ntvfs); return status; } @@ -251,7 +250,7 @@ static NTSTATUS unixuid_disconnect(struct ntvfs_module_context *ntvfs, delete a file */ static NTSTATUS unixuid_unlink(struct ntvfs_module_context *ntvfs, - struct smbsrv_request *req, struct smb_unlink *unl) + struct ntvfs_request *req, struct smb_unlink *unl) { NTSTATUS status; @@ -264,7 +263,7 @@ static NTSTATUS unixuid_unlink(struct ntvfs_module_context *ntvfs, ioctl interface */ static NTSTATUS unixuid_ioctl(struct ntvfs_module_context *ntvfs, - struct smbsrv_request *req, union smb_ioctl *io) + struct ntvfs_request *req, union smb_ioctl *io) { NTSTATUS status; @@ -277,7 +276,7 @@ static NTSTATUS unixuid_ioctl(struct ntvfs_module_context *ntvfs, check if a directory exists */ static NTSTATUS unixuid_chkpath(struct ntvfs_module_context *ntvfs, - struct smbsrv_request *req, struct smb_chkpath *cp) + struct ntvfs_request *req, struct smb_chkpath *cp) { NTSTATUS status; @@ -290,7 +289,7 @@ static NTSTATUS unixuid_chkpath(struct ntvfs_module_context *ntvfs, return info on a pathname */ static NTSTATUS unixuid_qpathinfo(struct ntvfs_module_context *ntvfs, - struct smbsrv_request *req, union smb_fileinfo *info) + struct ntvfs_request *req, union smb_fileinfo *info) { NTSTATUS status; @@ -303,7 +302,7 @@ static NTSTATUS unixuid_qpathinfo(struct ntvfs_module_context *ntvfs, query info on a open file */ static NTSTATUS unixuid_qfileinfo(struct ntvfs_module_context *ntvfs, - struct smbsrv_request *req, union smb_fileinfo *info) + struct ntvfs_request *req, union smb_fileinfo *info) { NTSTATUS status; @@ -317,7 +316,7 @@ static NTSTATUS unixuid_qfileinfo(struct ntvfs_module_context *ntvfs, set info on a pathname */ static NTSTATUS unixuid_setpathinfo(struct ntvfs_module_context *ntvfs, - struct smbsrv_request *req, union smb_setfileinfo *st) + struct ntvfs_request *req, union smb_setfileinfo *st) { NTSTATUS status; @@ -329,12 +328,12 @@ static NTSTATUS unixuid_setpathinfo(struct ntvfs_module_context *ntvfs, /* open a file */ -static NTSTATUS unixuid_openfile(struct ntvfs_module_context *ntvfs, - struct smbsrv_request *req, union smb_open *io) +static NTSTATUS unixuid_open(struct ntvfs_module_context *ntvfs, + struct ntvfs_request *req, union smb_open *io) { NTSTATUS status; - PASS_THRU_REQ(ntvfs, req, openfile, (ntvfs, req, io)); + PASS_THRU_REQ(ntvfs, req, open, (ntvfs, req, io)); return status; } @@ -343,7 +342,7 @@ static NTSTATUS unixuid_openfile(struct ntvfs_module_context *ntvfs, create a directory */ static NTSTATUS unixuid_mkdir(struct ntvfs_module_context *ntvfs, - struct smbsrv_request *req, union smb_mkdir *md) + struct ntvfs_request *req, union smb_mkdir *md) { NTSTATUS status; @@ -356,7 +355,7 @@ static NTSTATUS unixuid_mkdir(struct ntvfs_module_context *ntvfs, remove a directory */ static NTSTATUS unixuid_rmdir(struct ntvfs_module_context *ntvfs, - struct smbsrv_request *req, struct smb_rmdir *rd) + struct ntvfs_request *req, struct smb_rmdir *rd) { NTSTATUS status; @@ -369,7 +368,7 @@ static NTSTATUS unixuid_rmdir(struct ntvfs_module_context *ntvfs, rename a set of files */ static NTSTATUS unixuid_rename(struct ntvfs_module_context *ntvfs, - struct smbsrv_request *req, union smb_rename *ren) + struct ntvfs_request *req, union smb_rename *ren) { NTSTATUS status; @@ -382,7 +381,7 @@ static NTSTATUS unixuid_rename(struct ntvfs_module_context *ntvfs, copy a set of files */ static NTSTATUS unixuid_copy(struct ntvfs_module_context *ntvfs, - struct smbsrv_request *req, struct smb_copy *cp) + struct ntvfs_request *req, struct smb_copy *cp) { NTSTATUS status; @@ -395,7 +394,7 @@ static NTSTATUS unixuid_copy(struct ntvfs_module_context *ntvfs, read from a file */ static NTSTATUS unixuid_read(struct ntvfs_module_context *ntvfs, - struct smbsrv_request *req, union smb_read *rd) + struct ntvfs_request *req, union smb_read *rd) { NTSTATUS status; @@ -408,7 +407,7 @@ static NTSTATUS unixuid_read(struct ntvfs_module_context *ntvfs, write to a file */ static NTSTATUS unixuid_write(struct ntvfs_module_context *ntvfs, - struct smbsrv_request *req, union smb_write *wr) + struct ntvfs_request *req, union smb_write *wr) { NTSTATUS status; @@ -421,7 +420,7 @@ static NTSTATUS unixuid_write(struct ntvfs_module_context *ntvfs, seek in a file */ static NTSTATUS unixuid_seek(struct ntvfs_module_context *ntvfs, - struct smbsrv_request *req, struct smb_seek *io) + struct ntvfs_request *req, struct smb_seek *io) { NTSTATUS status; @@ -434,7 +433,7 @@ static NTSTATUS unixuid_seek(struct ntvfs_module_context *ntvfs, flush a file */ static NTSTATUS unixuid_flush(struct ntvfs_module_context *ntvfs, - struct smbsrv_request *req, struct smb_flush *io) + struct ntvfs_request *req, struct smb_flush *io) { NTSTATUS status; @@ -447,7 +446,7 @@ static NTSTATUS unixuid_flush(struct ntvfs_module_context *ntvfs, close a file */ static NTSTATUS unixuid_close(struct ntvfs_module_context *ntvfs, - struct smbsrv_request *req, union smb_close *io) + struct ntvfs_request *req, union smb_close *io) { NTSTATUS status; @@ -460,7 +459,7 @@ static NTSTATUS unixuid_close(struct ntvfs_module_context *ntvfs, exit - closing files */ static NTSTATUS unixuid_exit(struct ntvfs_module_context *ntvfs, - struct smbsrv_request *req) + struct ntvfs_request *req) { NTSTATUS status; @@ -473,7 +472,7 @@ static NTSTATUS unixuid_exit(struct ntvfs_module_context *ntvfs, logoff - closing files */ static NTSTATUS unixuid_logoff(struct ntvfs_module_context *ntvfs, - struct smbsrv_request *req) + struct ntvfs_request *req) { struct unixuid_private *private = ntvfs->private_data; NTSTATUS status; @@ -489,7 +488,7 @@ static NTSTATUS unixuid_logoff(struct ntvfs_module_context *ntvfs, async setup */ static NTSTATUS unixuid_async_setup(struct ntvfs_module_context *ntvfs, - struct smbsrv_request *req, + struct ntvfs_request *req, void *private) { NTSTATUS status; @@ -503,7 +502,7 @@ static NTSTATUS unixuid_async_setup(struct ntvfs_module_context *ntvfs, cancel an async request */ static NTSTATUS unixuid_cancel(struct ntvfs_module_context *ntvfs, - struct smbsrv_request *req) + struct ntvfs_request *req) { NTSTATUS status; @@ -516,7 +515,7 @@ static NTSTATUS unixuid_cancel(struct ntvfs_module_context *ntvfs, lock a byte range */ static NTSTATUS unixuid_lock(struct ntvfs_module_context *ntvfs, - struct smbsrv_request *req, union smb_lock *lck) + struct ntvfs_request *req, union smb_lock *lck) { NTSTATUS status; @@ -529,7 +528,7 @@ static NTSTATUS unixuid_lock(struct ntvfs_module_context *ntvfs, set info on a open file */ static NTSTATUS unixuid_setfileinfo(struct ntvfs_module_context *ntvfs, - struct smbsrv_request *req, + struct ntvfs_request *req, union smb_setfileinfo *info) { NTSTATUS status; @@ -544,7 +543,7 @@ static NTSTATUS unixuid_setfileinfo(struct ntvfs_module_context *ntvfs, return filesystem space info */ static NTSTATUS unixuid_fsinfo(struct ntvfs_module_context *ntvfs, - struct smbsrv_request *req, union smb_fsinfo *fs) + struct ntvfs_request *req, union smb_fsinfo *fs) { NTSTATUS status; @@ -557,7 +556,7 @@ static NTSTATUS unixuid_fsinfo(struct ntvfs_module_context *ntvfs, return print queue info */ static NTSTATUS unixuid_lpq(struct ntvfs_module_context *ntvfs, - struct smbsrv_request *req, union smb_lpq *lpq) + struct ntvfs_request *req, union smb_lpq *lpq) { NTSTATUS status; @@ -570,7 +569,7 @@ static NTSTATUS unixuid_lpq(struct ntvfs_module_context *ntvfs, list files in a directory matching a wildcard pattern */ static NTSTATUS unixuid_search_first(struct ntvfs_module_context *ntvfs, - struct smbsrv_request *req, union smb_search_first *io, + struct ntvfs_request *req, union smb_search_first *io, void *search_private, BOOL (*callback)(void *, union smb_search_data *)) { @@ -583,7 +582,7 @@ static NTSTATUS unixuid_search_first(struct ntvfs_module_context *ntvfs, /* continue a search */ static NTSTATUS unixuid_search_next(struct ntvfs_module_context *ntvfs, - struct smbsrv_request *req, union smb_search_next *io, + struct ntvfs_request *req, union smb_search_next *io, void *search_private, BOOL (*callback)(void *, union smb_search_data *)) { @@ -596,7 +595,7 @@ static NTSTATUS unixuid_search_next(struct ntvfs_module_context *ntvfs, /* close a search */ static NTSTATUS unixuid_search_close(struct ntvfs_module_context *ntvfs, - struct smbsrv_request *req, union smb_search_close *io) + struct ntvfs_request *req, union smb_search_close *io) { NTSTATUS status; @@ -607,7 +606,7 @@ static NTSTATUS unixuid_search_close(struct ntvfs_module_context *ntvfs, /* SMBtrans - not used on file shares */ static NTSTATUS unixuid_trans(struct ntvfs_module_context *ntvfs, - struct smbsrv_request *req, struct smb_trans2 *trans2) + struct ntvfs_request *req, struct smb_trans2 *trans2) { NTSTATUS status; @@ -633,7 +632,7 @@ NTSTATUS ntvfs_unixuid_init(void) ops.chkpath = unixuid_chkpath; ops.qpathinfo = unixuid_qpathinfo; ops.setpathinfo = unixuid_setpathinfo; - ops.openfile = unixuid_openfile; + ops.open = unixuid_open; ops.mkdir = unixuid_mkdir; ops.rmdir = unixuid_rmdir; ops.rename = unixuid_rename; -- cgit From 307e43bb5628e8b53a930c2928279af994281ba5 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 10 Mar 2006 20:49:20 +0000 Subject: r14173: change smb interface structures to always use a union smb_file, to abtract - const char *path fot qpathinfo and setpathinfo - uint16_t fnum for SMB - smb2_handle handle for SMB2 the idea is to later add a struct ntvfs_handle *ntvfs so that the ntvfs subsystem don't need to know the difference between SMB and SMB2 metze (This used to be commit 2ef3f5970901b5accdb50f0d0115b5d46b0c788f) --- source4/ntvfs/unixuid/vfs_unixuid.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'source4/ntvfs/unixuid/vfs_unixuid.c') diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c index 3b36a6a891..cc7e13fde0 100644 --- a/source4/ntvfs/unixuid/vfs_unixuid.c +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -250,7 +250,8 @@ static NTSTATUS unixuid_disconnect(struct ntvfs_module_context *ntvfs) delete a file */ static NTSTATUS unixuid_unlink(struct ntvfs_module_context *ntvfs, - struct ntvfs_request *req, struct smb_unlink *unl) + struct ntvfs_request *req, + union smb_unlink *unl) { NTSTATUS status; @@ -276,7 +277,8 @@ static NTSTATUS unixuid_ioctl(struct ntvfs_module_context *ntvfs, check if a directory exists */ static NTSTATUS unixuid_chkpath(struct ntvfs_module_context *ntvfs, - struct ntvfs_request *req, struct smb_chkpath *cp) + struct ntvfs_request *req, + union smb_chkpath *cp) { NTSTATUS status; @@ -420,7 +422,8 @@ static NTSTATUS unixuid_write(struct ntvfs_module_context *ntvfs, seek in a file */ static NTSTATUS unixuid_seek(struct ntvfs_module_context *ntvfs, - struct ntvfs_request *req, struct smb_seek *io) + struct ntvfs_request *req, + union smb_seek *io) { NTSTATUS status; @@ -433,7 +436,8 @@ static NTSTATUS unixuid_seek(struct ntvfs_module_context *ntvfs, flush a file */ static NTSTATUS unixuid_flush(struct ntvfs_module_context *ntvfs, - struct ntvfs_request *req, struct smb_flush *io) + struct ntvfs_request *req, + union smb_flush *io) { NTSTATUS status; -- cgit From d3087451c4ec25171ba956fe2cd4e1d0f64f7edc Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 16 Mar 2006 18:54:19 +0000 Subject: r14487: split smbsrv_request into two parts, one will be moved to ntvfs_request but I don't to get the commit to large, to I'll do this tomorrow... metze (This used to be commit 10e627032d7d04f1ebf6efed248c426614f5aa6f) --- source4/ntvfs/unixuid/vfs_unixuid.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source4/ntvfs/unixuid/vfs_unixuid.c') diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c index cc7e13fde0..9f6a4f9cb7 100644 --- a/source4/ntvfs/unixuid/vfs_unixuid.c +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -150,18 +150,18 @@ static NTSTATUS unixuid_setup_security(struct ntvfs_module_context *ntvfs, struct unix_sec_ctx *newsec; NTSTATUS status; - if (req->session == NULL) { + if (req->session_info == NULL) { return NT_STATUS_ACCESS_DENIED; } - token = req->session->session_info->security_token; + token = req->session_info->security_token; *sec = save_unix_security(req); if (*sec == NULL) { return NT_STATUS_NO_MEMORY; } - if (req->session->session_info->security_token == private->last_token) { + if (token == private->last_token) { newsec = private->last_sec_ctx; } else { status = nt_token_to_unix_security(ntvfs, req, token, &newsec); @@ -172,7 +172,7 @@ static NTSTATUS unixuid_setup_security(struct ntvfs_module_context *ntvfs, talloc_free(private->last_sec_ctx); } private->last_sec_ctx = newsec; - private->last_token = req->session->session_info->security_token; + private->last_token = token; talloc_steal(private, newsec); } -- cgit From 830b7447107f5fe71d9947cc0f099dce4de5d53e Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 21 Mar 2006 11:40:38 +0000 Subject: r14615: add notify to unixuid ntvfs module (This used to be commit 79af976d189798bb92f5909237202ca18db1789f) --- source4/ntvfs/unixuid/vfs_unixuid.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'source4/ntvfs/unixuid/vfs_unixuid.c') diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c index 9f6a4f9cb7..545fe67827 100644 --- a/source4/ntvfs/unixuid/vfs_unixuid.c +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -515,6 +515,19 @@ static NTSTATUS unixuid_cancel(struct ntvfs_module_context *ntvfs, return status; } +/* + change notify +*/ +static NTSTATUS unixuid_notify(struct ntvfs_module_context *ntvfs, + struct ntvfs_request *req, struct smb_notify *info) +{ + NTSTATUS status; + + PASS_THRU_REQ(ntvfs, req, notify, (ntvfs, req, info)); + + return status; +} + /* lock a byte range */ @@ -660,6 +673,7 @@ NTSTATUS ntvfs_unixuid_init(void) ops.logoff = unixuid_logoff; ops.async_setup = unixuid_async_setup; ops.cancel = unixuid_cancel; + ops.notify = unixuid_notify; ops.name = "unixuid"; -- cgit From ad06a8bd651e3a8b598c92a356ac1ce4117ae72e Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sun, 26 Mar 2006 01:23:40 +0000 Subject: r14736: - the ntvfs subsystem should not know about smb_server.h - the process module subsystem should not know about smb_server.h - the smb_server module should not know about process models metze (This used to be commit bac95bb8f4ad35a31ee666f5916ff9b2f292d964) --- source4/ntvfs/unixuid/vfs_unixuid.c | 1 - 1 file changed, 1 deletion(-) (limited to 'source4/ntvfs/unixuid/vfs_unixuid.c') diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c index 545fe67827..9d8b058b7a 100644 --- a/source4/ntvfs/unixuid/vfs_unixuid.c +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -25,7 +25,6 @@ #include "system/filesys.h" #include "system/passwd.h" #include "auth/auth.h" -#include "smb_server/smb_server.h" #include "ntvfs/ntvfs.h" struct unixuid_private { -- cgit From 05c53f70f0e4b94cf26a433cb61b1706f7715757 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 31 Mar 2006 09:47:57 +0000 Subject: r14838: fix the build. Looks like I still haven't quite got the hang of the new dependency/proto system :-) (This used to be commit 63ae3f21e3471895ba83df1c2fdc4147090f7fdb) --- source4/ntvfs/unixuid/vfs_unixuid.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/ntvfs/unixuid/vfs_unixuid.c') diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c index 9d8b058b7a..1bfaf85e70 100644 --- a/source4/ntvfs/unixuid/vfs_unixuid.c +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -26,6 +26,7 @@ #include "system/passwd.h" #include "auth/auth.h" #include "ntvfs/ntvfs.h" +#include "ntvfs/common/proto.h" struct unixuid_private { struct sidmap_context *sidmap; -- cgit From 2e894625e7c951b5ee66670124b4bef82a8129d9 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 7 Apr 2006 13:15:46 +0000 Subject: r14964: - move sidmap code from ntvfs_common to SAMDB - make ntvfs_common a library - create sys_notify library metze (This used to be commit a3e1d56cf7b688c515f5d6d4d43e0b24c2261d15) --- source4/ntvfs/unixuid/vfs_unixuid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/ntvfs/unixuid/vfs_unixuid.c') diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c index 1bfaf85e70..061b8fbe55 100644 --- a/source4/ntvfs/unixuid/vfs_unixuid.c +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -26,7 +26,7 @@ #include "system/passwd.h" #include "auth/auth.h" #include "ntvfs/ntvfs.h" -#include "ntvfs/common/proto.h" +#include "dsdb/samdb/samdb.h" struct unixuid_private { struct sidmap_context *sidmap; -- cgit From f380d365eaad89db2c46331a3fa2d5d8600aeba1 Mon Sep 17 00:00:00 2001 From: James Peach Date: Sun, 23 Apr 2006 23:44:14 +0000 Subject: r15185: Force all NTVFS modules to provide a critical sizes structure so the version information can be checked when modules are registered. (This used to be commit 95eb55806339fc5409c0adf137ebd5bffd7098ac) --- source4/ntvfs/unixuid/vfs_unixuid.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'source4/ntvfs/unixuid/vfs_unixuid.c') diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c index 061b8fbe55..9afb2b1380 100644 --- a/source4/ntvfs/unixuid/vfs_unixuid.c +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -639,6 +639,7 @@ NTSTATUS ntvfs_unixuid_init(void) { NTSTATUS ret; struct ntvfs_ops ops; + NTVFS_CURRENT_CRITICAL_SIZES(vers); ZERO_STRUCT(ops); @@ -679,15 +680,15 @@ NTSTATUS ntvfs_unixuid_init(void) /* we register under all 3 backend types, as we are not type specific */ ops.type = NTVFS_DISK; - ret = ntvfs_register(&ops); + ret = ntvfs_register(&ops, &vers); if (!NT_STATUS_IS_OK(ret)) goto failed; ops.type = NTVFS_PRINT; - ret = ntvfs_register(&ops); + ret = ntvfs_register(&ops, &vers); if (!NT_STATUS_IS_OK(ret)) goto failed; ops.type = NTVFS_IPC; - ret = ntvfs_register(&ops); + ret = ntvfs_register(&ops, &vers); if (!NT_STATUS_IS_OK(ret)) goto failed; failed: -- cgit From 6ab33938d5239e8688440f65e802f627622d301b Mon Sep 17 00:00:00 2001 From: James Peach Date: Mon, 24 Apr 2006 00:16:51 +0000 Subject: r15186: Introduce ISDOT and ISDOTDOT macros for testing whether a filename is "." for "..". These express the intention better that strcmp or strequal and improve searchability via cscope/ctags. (This used to be commit 7e4ad7e8e5ec266b969e3075c4ad7f021571f24e) --- source4/ntvfs/unixuid/vfs_unixuid.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'source4/ntvfs/unixuid/vfs_unixuid.c') diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c index 9afb2b1380..061b8fbe55 100644 --- a/source4/ntvfs/unixuid/vfs_unixuid.c +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -639,7 +639,6 @@ NTSTATUS ntvfs_unixuid_init(void) { NTSTATUS ret; struct ntvfs_ops ops; - NTVFS_CURRENT_CRITICAL_SIZES(vers); ZERO_STRUCT(ops); @@ -680,15 +679,15 @@ NTSTATUS ntvfs_unixuid_init(void) /* we register under all 3 backend types, as we are not type specific */ ops.type = NTVFS_DISK; - ret = ntvfs_register(&ops, &vers); + ret = ntvfs_register(&ops); if (!NT_STATUS_IS_OK(ret)) goto failed; ops.type = NTVFS_PRINT; - ret = ntvfs_register(&ops, &vers); + ret = ntvfs_register(&ops); if (!NT_STATUS_IS_OK(ret)) goto failed; ops.type = NTVFS_IPC; - ret = ntvfs_register(&ops, &vers); + ret = ntvfs_register(&ops); if (!NT_STATUS_IS_OK(ret)) goto failed; failed: -- cgit From 7baa8a13aa751e2a1de287d43de0884ea638f04e Mon Sep 17 00:00:00 2001 From: James Peach Date: Mon, 24 Apr 2006 01:26:31 +0000 Subject: r15188: Restore svn rev. 15183, 15184 and 15185, which I inadvertantly clobbered in r15186. I don't think I should be allowed to use quilt and svn at the same time any more :( (This used to be commit e0ca5ead27743c84f5d9310a05d6d718862ead1d) --- source4/ntvfs/unixuid/vfs_unixuid.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'source4/ntvfs/unixuid/vfs_unixuid.c') diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c index 061b8fbe55..9afb2b1380 100644 --- a/source4/ntvfs/unixuid/vfs_unixuid.c +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -639,6 +639,7 @@ NTSTATUS ntvfs_unixuid_init(void) { NTSTATUS ret; struct ntvfs_ops ops; + NTVFS_CURRENT_CRITICAL_SIZES(vers); ZERO_STRUCT(ops); @@ -679,15 +680,15 @@ NTSTATUS ntvfs_unixuid_init(void) /* we register under all 3 backend types, as we are not type specific */ ops.type = NTVFS_DISK; - ret = ntvfs_register(&ops); + ret = ntvfs_register(&ops, &vers); if (!NT_STATUS_IS_OK(ret)) goto failed; ops.type = NTVFS_PRINT; - ret = ntvfs_register(&ops); + ret = ntvfs_register(&ops, &vers); if (!NT_STATUS_IS_OK(ret)) goto failed; ops.type = NTVFS_IPC; - ret = ntvfs_register(&ops); + ret = ntvfs_register(&ops, &vers); if (!NT_STATUS_IS_OK(ret)) goto failed; failed: -- cgit From 507e502c352ff53952fa704f1bde5accc0bd8f1a Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 23 May 2006 03:53:23 +0000 Subject: r15826: ensure we don't dereference sec when NULL (This used to be commit b6bf6b17cd92a3869c49209bc8ea8ef8c6c25cdd) --- source4/ntvfs/unixuid/vfs_unixuid.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source4/ntvfs/unixuid/vfs_unixuid.c') diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c index 9afb2b1380..b12339b2c8 100644 --- a/source4/ntvfs/unixuid/vfs_unixuid.c +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -191,7 +191,8 @@ static NTSTATUS unixuid_setup_security(struct ntvfs_module_context *ntvfs, NTSTATUS status2; \ struct unix_sec_ctx *sec; \ status = unixuid_setup_security(ntvfs, req, &sec); \ - if (NT_STATUS_IS_OK(status)) status = ntvfs_next_##op args; \ + NT_STATUS_NOT_OK_RETURN(status); \ + status = ntvfs_next_##op args; \ status2 = set_unix_security(sec); \ if (!NT_STATUS_IS_OK(status2)) smb_panic("Unable to reset security context"); \ } while (0) -- cgit From a8958391e8fd9ddd996d2d3aff7ddeed3243fc1f Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 12 Jul 2006 14:25:50 +0000 Subject: r16980: - make struct smb_notify a union and add levels RAW_NOTIFY_NTTRANS,RAW_NOTIFY_SMB2 - parse SMB2 Notify reponse metze (This used to be commit de50e0ccddfad16ad7b254770f4c52c1abe707b9) --- source4/ntvfs/unixuid/vfs_unixuid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/ntvfs/unixuid/vfs_unixuid.c') diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c index b12339b2c8..17fdb42de0 100644 --- a/source4/ntvfs/unixuid/vfs_unixuid.c +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -520,7 +520,7 @@ static NTSTATUS unixuid_cancel(struct ntvfs_module_context *ntvfs, change notify */ static NTSTATUS unixuid_notify(struct ntvfs_module_context *ntvfs, - struct ntvfs_request *req, struct smb_notify *info) + struct ntvfs_request *req, union smb_notify *info) { NTSTATUS status; -- cgit From 667cff3699a37510a69f682407bdda6316ba4402 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 7 Feb 2007 07:06:28 +0000 Subject: r21214: fixed a valgrind error that can be caused by a semi-async call inside a nested ntvfs call. The req structure can go away while processing a ntvfs request (This used to be commit f62b3c505f71f37a86a76d152d643926e19eb148) --- source4/ntvfs/unixuid/vfs_unixuid.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'source4/ntvfs/unixuid/vfs_unixuid.c') diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c index 17fdb42de0..b430d3048b 100644 --- a/source4/ntvfs/unixuid/vfs_unixuid.c +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -156,7 +156,7 @@ static NTSTATUS unixuid_setup_security(struct ntvfs_module_context *ntvfs, token = req->session_info->security_token; - *sec = save_unix_security(req); + *sec = save_unix_security(ntvfs); if (*sec == NULL) { return NT_STATUS_NO_MEMORY; } @@ -166,6 +166,7 @@ static NTSTATUS unixuid_setup_security(struct ntvfs_module_context *ntvfs, } else { status = nt_token_to_unix_security(ntvfs, req, token, &newsec); if (!NT_STATUS_IS_OK(status)) { + talloc_free(*sec); return status; } if (private->last_sec_ctx) { @@ -178,6 +179,7 @@ static NTSTATUS unixuid_setup_security(struct ntvfs_module_context *ntvfs, status = set_unix_security(newsec); if (!NT_STATUS_IS_OK(status)) { + talloc_free(*sec); return status; } @@ -194,6 +196,7 @@ static NTSTATUS unixuid_setup_security(struct ntvfs_module_context *ntvfs, NT_STATUS_NOT_OK_RETURN(status); \ status = ntvfs_next_##op args; \ status2 = set_unix_security(sec); \ + talloc_free(sec); \ if (!NT_STATUS_IS_OK(status2)) smb_panic("Unable to reset security context"); \ } while (0) -- cgit From 42c1ef4025186066660b1bb187d063e07bb493ff Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 22 May 2007 09:25:58 +0000 Subject: r23067: use 'const union smb_search_data *file' also in the server code to get rid of compiler warnings in the cifs backend metze (This used to be commit 34ef07b1f5acdad27edd80de8de4c6de7f879f9b) --- source4/ntvfs/unixuid/vfs_unixuid.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/ntvfs/unixuid/vfs_unixuid.c') diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c index b430d3048b..56df008c2a 100644 --- a/source4/ntvfs/unixuid/vfs_unixuid.c +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -592,7 +592,7 @@ static NTSTATUS unixuid_lpq(struct ntvfs_module_context *ntvfs, static NTSTATUS unixuid_search_first(struct ntvfs_module_context *ntvfs, struct ntvfs_request *req, union smb_search_first *io, void *search_private, - BOOL (*callback)(void *, union smb_search_data *)) + BOOL (*callback)(void *, const union smb_search_data *)) { NTSTATUS status; @@ -605,7 +605,7 @@ static NTSTATUS unixuid_search_first(struct ntvfs_module_context *ntvfs, static NTSTATUS unixuid_search_next(struct ntvfs_module_context *ntvfs, struct ntvfs_request *req, union smb_search_next *io, void *search_private, - BOOL (*callback)(void *, union smb_search_data *)) + BOOL (*callback)(void *, const union smb_search_data *)) { NTSTATUS status; -- cgit From 0479a2f1cbae51fcd8dbdc3c148c808421fb4d25 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 02:07:03 +0000 Subject: r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa) --- source4/ntvfs/unixuid/vfs_unixuid.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'source4/ntvfs/unixuid/vfs_unixuid.c') diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c index 56df008c2a..74bc6309c1 100644 --- a/source4/ntvfs/unixuid/vfs_unixuid.c +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -8,7 +8,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, @@ -17,8 +17,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ #include "includes.h" -- cgit From 2151cde58014ea2e822c13d2f8a369b45dc19ca8 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 6 Oct 2007 22:28:14 +0000 Subject: r25554: Convert last instances of BOOL, True and False to the standard types. (This used to be commit 566aa14139510788548a874e9213d91317f83ca9) --- source4/ntvfs/unixuid/vfs_unixuid.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/ntvfs/unixuid/vfs_unixuid.c') diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c index 74bc6309c1..0ad8a8501b 100644 --- a/source4/ntvfs/unixuid/vfs_unixuid.c +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -591,7 +591,7 @@ static NTSTATUS unixuid_lpq(struct ntvfs_module_context *ntvfs, static NTSTATUS unixuid_search_first(struct ntvfs_module_context *ntvfs, struct ntvfs_request *req, union smb_search_first *io, void *search_private, - BOOL (*callback)(void *, const union smb_search_data *)) + bool (*callback)(void *, const union smb_search_data *)) { NTSTATUS status; @@ -604,7 +604,7 @@ static NTSTATUS unixuid_search_first(struct ntvfs_module_context *ntvfs, static NTSTATUS unixuid_search_next(struct ntvfs_module_context *ntvfs, struct ntvfs_request *req, union smb_search_next *io, void *search_private, - BOOL (*callback)(void *, const union smb_search_data *)) + bool (*callback)(void *, const union smb_search_data *)) { NTSTATUS status; -- cgit From 51db4c3f3d81d1ed03beae6426786c843ac59807 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 2 Dec 2007 17:56:09 +0100 Subject: r26228: Store loadparm context in auth context, move more loadparm_contexts up the call stack. (This used to be commit ba75f1613a9aac69dd5df94dd8a2b37820acd166) --- source4/ntvfs/unixuid/vfs_unixuid.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source4/ntvfs/unixuid/vfs_unixuid.c') diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c index 0ad8a8501b..d7b64b01f2 100644 --- a/source4/ntvfs/unixuid/vfs_unixuid.c +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -26,6 +26,7 @@ #include "auth/auth.h" #include "ntvfs/ntvfs.h" #include "dsdb/samdb/samdb.h" +#include "param/param.h" struct unixuid_private { struct sidmap_context *sidmap; @@ -215,7 +216,7 @@ static NTSTATUS unixuid_connect(struct ntvfs_module_context *ntvfs, return NT_STATUS_NO_MEMORY; } - private->sidmap = sidmap_open(private); + private->sidmap = sidmap_open(private, global_loadparm); if (private->sidmap == NULL) { return NT_STATUS_INTERNAL_DB_CORRUPTION; } -- cgit From a72c5053c587f0ed6113ef514fe3739cb81e7abf Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 8 Dec 2007 23:32:43 +0100 Subject: r26353: Remove use of global_loadparm. (This used to be commit 17637e4490e42db6cdef619286c4d5a0982e9d1a) --- source4/ntvfs/unixuid/vfs_unixuid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/ntvfs/unixuid/vfs_unixuid.c') diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c index d7b64b01f2..63889c6677 100644 --- a/source4/ntvfs/unixuid/vfs_unixuid.c +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -216,7 +216,7 @@ static NTSTATUS unixuid_connect(struct ntvfs_module_context *ntvfs, return NT_STATUS_NO_MEMORY; } - private->sidmap = sidmap_open(private, global_loadparm); + private->sidmap = sidmap_open(private, ntvfs->ctx->lp_ctx); if (private->sidmap == NULL) { return NT_STATUS_INTERNAL_DB_CORRUPTION; } -- cgit From a71f36e2b8f58cb2929b1e031e85083737c93145 Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Fri, 28 Mar 2008 11:00:52 +0100 Subject: ntvfs: Use wbclient in vsf_unixuid, not sidmap (This used to be commit 2908a77fa5c32e92665775a5785345f704202f0a) --- source4/ntvfs/unixuid/vfs_unixuid.c | 72 +++++++++++++++++++++++++------------ 1 file changed, 50 insertions(+), 22 deletions(-) (limited to 'source4/ntvfs/unixuid/vfs_unixuid.c') diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c index 63889c6677..66c2cfaf4c 100644 --- a/source4/ntvfs/unixuid/vfs_unixuid.c +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -25,11 +25,11 @@ #include "system/passwd.h" #include "auth/auth.h" #include "ntvfs/ntvfs.h" -#include "dsdb/samdb/samdb.h" +#include "libcli/wbclient/wbclient.h" #include "param/param.h" struct unixuid_private { - struct sidmap_context *sidmap; + struct wbc_context *wbc_ctx; struct unix_sec_ctx *last_sec_ctx; struct security_token *last_token; }; @@ -100,9 +100,11 @@ static NTSTATUS nt_token_to_unix_security(struct ntvfs_module_context *ntvfs, struct security_token *token, struct unix_sec_ctx **sec) { - struct unixuid_private *private = ntvfs->private_data; + struct unixuid_private *priv = ntvfs->private_data; int i; NTSTATUS status; + struct id_mapping *ids; + struct composite_context *ctx; *sec = talloc(req, struct unix_sec_ctx); /* we can't do unix security without a user and group */ @@ -110,29 +112,53 @@ static NTSTATUS nt_token_to_unix_security(struct ntvfs_module_context *ntvfs, return NT_STATUS_ACCESS_DENIED; } - status = sidmap_sid_to_unixuid(private->sidmap, - token->user_sid, &(*sec)->uid); - if (!NT_STATUS_IS_OK(status)) { - return status; - } + ids = talloc_array(req, struct id_mapping, token->num_sids); + NT_STATUS_HAVE_NO_MEMORY(ids); - status = sidmap_sid_to_unixgid(private->sidmap, - token->group_sid, &(*sec)->gid); - if (!NT_STATUS_IS_OK(status)) { - return status; - } + ids[0].unixid = NULL; + ids[0].sid = token->user_sid; + ids[0].status = NT_STATUS_NONE_MAPPED; + + ids[1].unixid = NULL; + ids[1].sid = token->group_sid; + ids[1].status = NT_STATUS_NONE_MAPPED; (*sec)->ngroups = token->num_sids - 2; (*sec)->groups = talloc_array(*sec, gid_t, (*sec)->ngroups); - if ((*sec)->groups == NULL) { - return NT_STATUS_NO_MEMORY; + NT_STATUS_HAVE_NO_MEMORY((*sec)->groups); + + for (i=0;i<(*sec)->ngroups;i++) { + ids[i+2].unixid = NULL; + ids[i+2].sid = token->sids[i+2]; + ids[i+2].status = NT_STATUS_NONE_MAPPED; + } + + ctx = wbc_sids_to_xids_send(priv->wbc_ctx, ids, token->num_sids, ids); + NT_STATUS_HAVE_NO_MEMORY(ctx); + + status = wbc_sids_to_xids_recv(ctx, &ids); + NT_STATUS_NOT_OK_RETURN(status); + + if (ids[0].unixid->type == ID_TYPE_BOTH || + ids[0].unixid->type == ID_TYPE_UID) { + (*sec)->uid = ids[0].unixid->id; + } else { + return NT_STATUS_INVALID_SID; + } + + if (ids[1].unixid->type == ID_TYPE_BOTH || + ids[1].unixid->type == ID_TYPE_GID) { + (*sec)->gid = ids[1].unixid->id; + } else { + return NT_STATUS_INVALID_SID; } for (i=0;i<(*sec)->ngroups;i++) { - status = sidmap_sid_to_unixgid(private->sidmap, - token->sids[i+2], &(*sec)->groups[i]); - if (!NT_STATUS_IS_OK(status)) { - return status; + if (ids[i+2].unixid->type == ID_TYPE_BOTH || + ids[i+2].unixid->type == ID_TYPE_GID) { + (*sec)->groups[i] = ids[i+2].unixid->id; + } else { + return NT_STATUS_INVALID_SID; } } @@ -216,9 +242,11 @@ static NTSTATUS unixuid_connect(struct ntvfs_module_context *ntvfs, return NT_STATUS_NO_MEMORY; } - private->sidmap = sidmap_open(private, ntvfs->ctx->lp_ctx); - if (private->sidmap == NULL) { - return NT_STATUS_INTERNAL_DB_CORRUPTION; + private->wbc_ctx = wbc_init(private, ntvfs->ctx->msg_ctx, + ntvfs->ctx->event_ctx); + if (private->wbc_ctx == NULL) { + talloc_free(private); + return NT_STATUS_INTERNAL_ERROR; } ntvfs->private_data = private; -- cgit