1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
|
/*
* Samba Unix/Linux SMB client library
*
* Copyright (C) Gregor Beck 2011
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
#include "smbd/globals.h"
#include "smbd/smbd.h"
#include "../libcli/security/dom_sid.h"
#include "../libcli/security/security_token.h"
#include "idmap_cache.h"
#include "passdb/lookup_sid.h"
#include "auth.h"
#include "messages.h"
#include "lib/id_cache.h"
static bool uid_in_use(const struct user_struct *user, uid_t uid)
{
while (user) {
if (user->session_info &&
(user->session_info->unix_token->uid == uid)) {
return true;
}
user = user->next;
}
return false;
}
static bool gid_in_use(const struct user_struct *user, gid_t gid)
{
while (user) {
if (user->session_info != NULL) {
int i;
struct security_unix_token *utok;
utok = user->session_info->unix_token;
if (utok->gid == gid) {
return true;
}
for(i=0; i<utok->ngroups; i++) {
if (utok->groups[i] == gid) {
return true;
}
}
}
user = user->next;
}
return false;
}
static bool sid_in_use(const struct user_struct *user,
const struct dom_sid *psid)
{
while (user) {
struct security_token *tok;
if (user->session_info == NULL) {
continue;
}
tok = user->session_info->security_token;
if (tok == NULL) {
/*
* Not sure session_info->security_token can
* ever be NULL. This check might be not
* necessary.
*/
continue;
}
if (security_token_has_sid(tok, psid)) {
return true;
}
user = user->next;
}
return false;
}
static bool id_in_use(const struct user_struct *user,
const struct id_cache_ref *id)
{
switch(id->type) {
case UID:
return uid_in_use(user, id->id.uid);
case GID:
return gid_in_use(user, id->id.gid);
case SID:
return sid_in_use(user, &id->id.sid);
default:
break;
}
return false;
}
static void id_cache_kill(struct messaging_context *msg_ctx,
void *private_data,
uint32_t msg_type,
struct server_id server_id,
DATA_BLOB* data)
{
const char *msg = (data && data->data)
? (const char *)data->data : "<NULL>";
struct user_struct *validated_users =
smbd_server_conn->smb1.sessions.validated_users;
struct id_cache_ref id;
if (!id_cache_ref_parse(msg, &id)) {
DEBUG(0, ("Invalid ?ID: %s\n", msg));
return;
}
if (id_in_use(validated_users, &id)) {
exit_server_cleanly(msg);
}
}
void id_cache_register_kill_msg(struct messaging_context *ctx)
{
messaging_register(ctx, NULL, ID_CACHE_KILL, id_cache_kill);
}
|