sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-06 13:18:07 +03:00
Code
38b5c8c663
samba-mirror/source4/auth/unix_token.c

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

229 lines
6.5 KiB
C
Raw Normal View History

s4-auth Move conversion of security_token to unix_token to auth This allows us to honour the AUTH_SESSION_INFO_UNIX_TOKEN flag. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-21 11:06:17 +04:00
/*
Unix SMB/CIFS implementation.
Deal with unix elements in the security token
Copyright (C) Andrew Tridgell 2004
Copyright (C) Andrew Bartlett 2011
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
#include "auth/auth.h"
#include "libcli/wbclient/wbclient.h"
s4-auth Fill in the remainder of the unix info in auth_session_info Signed-off-by: Andrew Tridgell <tridge@samba.org> Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Fri Jul 29 05:33:03 CEST 2011 on sn-devel-104
2011-07-21 12:21:19 +04:00
#include "param/param.h"
s4-auth Move conversion of security_token to unix_token to auth This allows us to honour the AUTH_SESSION_INFO_UNIX_TOKEN flag. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-21 11:06:17 +04:00
auth: Use DBGC_AUTH as DBGC_CLASS for AD DC auth session code. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue May 22 02:42:32 CEST 2018 on sn-devel-144
2018-05-21 04:58:12 +03:00
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
s4-auth Move conversion of security_token to unix_token to auth This allows us to honour the AUTH_SESSION_INFO_UNIX_TOKEN flag. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-21 11:06:17 +04:00
/*
form a security_unix_token from the current security_token
*/
NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx,
struct security_token *token,
struct security_unix_token **sec)
{
s4:auth/unix_token: match s3 behavior and add uid/gid to the groups array If mappings use ID_TYPE_BOTH. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Oct 18 10:39:54 CEST 2011 on sn-devel-104
2011-10-17 16:20:45 +04:00
uint32_t s, g;
s4-auth Move conversion of security_token to unix_token to auth This allows us to honour the AUTH_SESSION_INFO_UNIX_TOKEN flag. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-21 11:06:17 +04:00
NTSTATUS status;
struct id_map *ids;
s4-auth: allow to create unix token from system session info Without this patch security_token_to_unix_token() fails with NT_STATUS_ACCESS_DENIED, because the system session does only have one SID. For a typical token are at least two or more SIDs expected. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Volker Lendecke <vl@samba.org>
2018-09-25 14:11:09 +03:00
bool match;
match = security_token_is_system(token);
if (match) {
/*
* SYSTEM user uid and gid is 0
*/
*sec = talloc_zero(mem_ctx, struct security_unix_token);
if (*sec == NULL) {
return NT_STATUS_NO_MEMORY;
}
return NT_STATUS_OK;
}
s4-auth Move conversion of security_token to unix_token to auth This allows us to honour the AUTH_SESSION_INFO_UNIX_TOKEN flag. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-21 11:06:17 +04:00
/* we can't do unix security without a user and group */
auth: Make more liberal use of SID index constants Arrays of SIDs are handled not fully consistently throughout the codebase. Sometimes SIDs in the first and second positions represent a user and a primary group respectively; other times they don't mean anything in particular. Using these index constants in situations of the former sort can help to clarify our intent. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-12-16 02:08:41 +03:00
if (token->num_sids < PRIMARY_SIDS_COUNT) {
s4-auth Move conversion of security_token to unix_token to auth This allows us to honour the AUTH_SESSION_INFO_UNIX_TOKEN flag. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-21 11:06:17 +04:00
return NT_STATUS_ACCESS_DENIED;
}
s4:auth/unix_token: match s3 behavior and add uid/gid to the groups array If mappings use ID_TYPE_BOTH. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Oct 18 10:39:54 CEST 2011 on sn-devel-104
2011-10-17 16:20:45 +04:00
*sec = talloc_zero(mem_ctx, struct security_unix_token);
if (*sec == NULL) {
return NT_STATUS_NO_MEMORY;
}
s4-auth Move conversion of security_token to unix_token to auth This allows us to honour the AUTH_SESSION_INFO_UNIX_TOKEN flag. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-21 11:06:17 +04:00
s4:auth/unix_token: match s3 behavior and add uid/gid to the groups array If mappings use ID_TYPE_BOTH. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Oct 18 10:39:54 CEST 2011 on sn-devel-104
2011-10-17 16:20:45 +04:00
ids = talloc_zero_array(mem_ctx, struct id_map, token->num_sids);
NT_STATUS_HAVE_NO_MEMORY(ids);
s4-auth Move conversion of security_token to unix_token to auth This allows us to honour the AUTH_SESSION_INFO_UNIX_TOKEN flag. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-21 11:06:17 +04:00
s4:auth/unix_token: match s3 behavior and add uid/gid to the groups array If mappings use ID_TYPE_BOTH. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Oct 18 10:39:54 CEST 2011 on sn-devel-104
2011-10-17 16:20:45 +04:00
for (s=0; s < token->num_sids; s++) {
ids[s].sid = &token->sids[s];
ids[s].status = ID_UNKNOWN;
s4-auth Move conversion of security_token to unix_token to auth This allows us to honour the AUTH_SESSION_INFO_UNIX_TOKEN flag. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-21 11:06:17 +04:00
}
wbclient: "ev" is no longer used in wbc_sids_to_xids Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2016-09-18 15:03:33 +03:00
status = wbc_sids_to_xids(ids, token->num_sids);
s4-auth Move conversion of security_token to unix_token to auth This allows us to honour the AUTH_SESSION_INFO_UNIX_TOKEN flag. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-21 11:06:17 +04:00
NT_STATUS_NOT_OK_RETURN(status);
s4:auth/unix_token: match s3 behavior and add uid/gid to the groups array If mappings use ID_TYPE_BOTH. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Oct 18 10:39:54 CEST 2011 on sn-devel-104
2011-10-17 16:20:45 +04:00
g = token->num_sids;
auth: Make more liberal use of SID index constants Arrays of SIDs are handled not fully consistently throughout the codebase. Sometimes SIDs in the first and second positions represent a user and a primary group respectively; other times they don't mean anything in particular. Using these index constants in situations of the former sort can help to clarify our intent. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-12-16 02:08:41 +03:00
if (ids[PRIMARY_USER_SID_INDEX].xid.type != ID_TYPE_BOTH) {
s4:auth/unix_token: match s3 behavior and add uid/gid to the groups array If mappings use ID_TYPE_BOTH. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Oct 18 10:39:54 CEST 2011 on sn-devel-104
2011-10-17 16:20:45 +04:00
g--;
}
(*sec)->ngroups = g;
(*sec)->groups = talloc_array(*sec, gid_t, (*sec)->ngroups);
NT_STATUS_HAVE_NO_MEMORY((*sec)->groups);
g=0;
auth: Make more liberal use of SID index constants Arrays of SIDs are handled not fully consistently throughout the codebase. Sometimes SIDs in the first and second positions represent a user and a primary group respectively; other times they don't mean anything in particular. Using these index constants in situations of the former sort can help to clarify our intent. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-12-16 02:08:41 +03:00
if (ids[PRIMARY_USER_SID_INDEX].xid.type == ID_TYPE_BOTH) {
s4:auth/unix_token: match s3 behavior and add uid/gid to the groups array If mappings use ID_TYPE_BOTH. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Oct 18 10:39:54 CEST 2011 on sn-devel-104
2011-10-17 16:20:45 +04:00
(*sec)->uid = ids[0].xid.id;
(*sec)->groups[g] = ids[0].xid.id;
g++;
auth: Make more liberal use of SID index constants Arrays of SIDs are handled not fully consistently throughout the codebase. Sometimes SIDs in the first and second positions represent a user and a primary group respectively; other times they don't mean anything in particular. Using these index constants in situations of the former sort can help to clarify our intent. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-12-16 02:08:41 +03:00
} else if (ids[PRIMARY_USER_SID_INDEX].xid.type == ID_TYPE_UID) {
s4-auth Move conversion of security_token to unix_token to auth This allows us to honour the AUTH_SESSION_INFO_UNIX_TOKEN flag. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-21 11:06:17 +04:00
(*sec)->uid = ids[0].xid.id;
} else {
auth4: Use dom_sid_str_buf Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-16 19:11:55 +03:00
struct dom_sid_buf buf;
s4-auth log details about any token we fail to convert to a unix token Now that entries are being added into the idmap DB from Samba3, and may be UID or GID but not BOTH, failures are more likely. Andrew Bartlett
2011-11-17 11:24:24 +04:00
DEBUG(0, ("Unable to convert first SID (%s) in user token to a UID. Conversion was returned as type %d, full token:\n",
auth: Make more liberal use of SID index constants Arrays of SIDs are handled not fully consistently throughout the codebase. Sometimes SIDs in the first and second positions represent a user and a primary group respectively; other times they don't mean anything in particular. Using these index constants in situations of the former sort can help to clarify our intent. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-12-16 02:08:41 +03:00
dom_sid_str_buf(ids[PRIMARY_USER_SID_INDEX].sid, &buf),
(int)ids[PRIMARY_USER_SID_INDEX].xid.type));
auth: Use DBGC_AUTH as DBGC_CLASS for AD DC auth session code. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue May 22 02:42:32 CEST 2018 on sn-devel-144
2018-05-21 04:58:12 +03:00
security_token_debug(DBGC_AUTH, 0, token);
s4-auth Move conversion of security_token to unix_token to auth This allows us to honour the AUTH_SESSION_INFO_UNIX_TOKEN flag. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-21 11:06:17 +04:00
return NT_STATUS_INVALID_SID;
}
auth: Make more liberal use of SID index constants Arrays of SIDs are handled not fully consistently throughout the codebase. Sometimes SIDs in the first and second positions represent a user and a primary group respectively; other times they don't mean anything in particular. Using these index constants in situations of the former sort can help to clarify our intent. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-12-16 02:08:41 +03:00
if (ids[PRIMARY_GROUP_SID_INDEX].xid.type == ID_TYPE_BOTH ||
ids[PRIMARY_GROUP_SID_INDEX].xid.type == ID_TYPE_GID) {
(*sec)->gid = ids[PRIMARY_GROUP_SID_INDEX].xid.id;
(*sec)->groups[g] = ids[PRIMARY_GROUP_SID_INDEX].xid.id;
s4:auth/unix_token: match s3 behavior and add uid/gid to the groups array If mappings use ID_TYPE_BOTH. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Oct 18 10:39:54 CEST 2011 on sn-devel-104
2011-10-17 16:20:45 +04:00
g++;
s4-auth Move conversion of security_token to unix_token to auth This allows us to honour the AUTH_SESSION_INFO_UNIX_TOKEN flag. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-21 11:06:17 +04:00
} else {
auth4: Use dom_sid_str_buf Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-16 19:11:55 +03:00
struct dom_sid_buf buf;
s4-auth log details about any token we fail to convert to a unix token Now that entries are being added into the idmap DB from Samba3, and may be UID or GID but not BOTH, failures are more likely. Andrew Bartlett
2011-11-17 11:24:24 +04:00
DEBUG(0, ("Unable to convert second SID (%s) in user token to a GID. Conversion was returned as type %d, full token:\n",
auth: Make more liberal use of SID index constants Arrays of SIDs are handled not fully consistently throughout the codebase. Sometimes SIDs in the first and second positions represent a user and a primary group respectively; other times they don't mean anything in particular. Using these index constants in situations of the former sort can help to clarify our intent. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-12-16 02:08:41 +03:00
dom_sid_str_buf(ids[PRIMARY_GROUP_SID_INDEX].sid, &buf),
(int)ids[PRIMARY_GROUP_SID_INDEX].xid.type));
auth: Use DBGC_AUTH as DBGC_CLASS for AD DC auth session code. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue May 22 02:42:32 CEST 2018 on sn-devel-144
2018-05-21 04:58:12 +03:00
security_token_debug(DBGC_AUTH, 0, token);
s4-auth Move conversion of security_token to unix_token to auth This allows us to honour the AUTH_SESSION_INFO_UNIX_TOKEN flag. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-21 11:06:17 +04:00
return NT_STATUS_INVALID_SID;
}
auth: Make more liberal use of SID index constants Arrays of SIDs are handled not fully consistently throughout the codebase. Sometimes SIDs in the first and second positions represent a user and a primary group respectively; other times they don't mean anything in particular. Using these index constants in situations of the former sort can help to clarify our intent. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-12-16 02:08:41 +03:00
for (s=REMAINING_SIDS_INDEX; s < token->num_sids; s++) {
s4:auth/unix_token: match s3 behavior and add uid/gid to the groups array If mappings use ID_TYPE_BOTH. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Oct 18 10:39:54 CEST 2011 on sn-devel-104
2011-10-17 16:20:45 +04:00
if (ids[s].xid.type == ID_TYPE_BOTH ||
ids[s].xid.type == ID_TYPE_GID) {
(*sec)->groups[g] = ids[s].xid.id;
g++;
s4-auth Move conversion of security_token to unix_token to auth This allows us to honour the AUTH_SESSION_INFO_UNIX_TOKEN flag. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-21 11:06:17 +04:00
} else {
auth4: Use dom_sid_str_buf Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-16 19:11:55 +03:00
struct dom_sid_buf buf;
s4-auth log details about any token we fail to convert to a unix token Now that entries are being added into the idmap DB from Samba3, and may be UID or GID but not BOTH, failures are more likely. Andrew Bartlett
2011-11-17 11:24:24 +04:00
DEBUG(0, ("Unable to convert SID (%s) at index %u in user token to a GID. Conversion was returned as type %d, full token:\n",
auth4: Use dom_sid_str_buf Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2018-12-16 19:11:55 +03:00
dom_sid_str_buf(ids[s].sid, &buf),
(unsigned int)s, (int)ids[s].xid.type));
auth: Use DBGC_AUTH as DBGC_CLASS for AD DC auth session code. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue May 22 02:42:32 CEST 2018 on sn-devel-144
2018-05-21 04:58:12 +03:00
security_token_debug(DBGC_AUTH, 0, token);
s4-auth Move conversion of security_token to unix_token to auth This allows us to honour the AUTH_SESSION_INFO_UNIX_TOKEN flag. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-21 11:06:17 +04:00
return NT_STATUS_INVALID_SID;
}
}
s4-auth log details about any token we fail to convert to a unix token Now that entries are being added into the idmap DB from Samba3, and may be UID or GID but not BOTH, failures are more likely. Andrew Bartlett
2011-11-17 11:24:24 +04:00
DEBUG(5, ("Successfully converted security token to a unix token:"));
security_token_debug(0, 5, token);
s4-auth Move conversion of security_token to unix_token to auth This allows us to honour the AUTH_SESSION_INFO_UNIX_TOKEN flag. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-21 11:06:17 +04:00
TALLOC_FREE(ids);
return NT_STATUS_OK;
}
s4-auth Fill in the remainder of the unix info in auth_session_info Signed-off-by: Andrew Tridgell <tridge@samba.org> Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Fri Jul 29 05:33:03 CEST 2011 on sn-devel-104
2011-07-21 12:21:19 +04:00
/*
s4-auth/unix_token: separate out filling the unix_info elements in a struct session_info Bug: https://bugzilla.samba.org/show_bug.cgi?id=14400 Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Ralph Boehme <slow@samba.org>
2020-06-04 16:39:02 +03:00
* Fill in the unix_info elements in a struct session_info
*/
NTSTATUS fill_unix_info(struct loadparm_context *lp_ctx,
const char *original_user_name,
struct auth_session_info *session_info)
s4-auth Fill in the remainder of the unix info in auth_session_info Signed-off-by: Andrew Tridgell <tridge@samba.org> Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Fri Jul 29 05:33:03 CEST 2011 on sn-devel-104
2011-07-21 12:21:19 +04:00
{
s4-auth/unix_token: separate out filling the unix_info elements in a struct session_info Bug: https://bugzilla.samba.org/show_bug.cgi?id=14400 Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Ralph Boehme <slow@samba.org>
2020-06-04 16:39:02 +03:00
session_info->unix_info = talloc_zero(session_info,
struct auth_user_info_unix);
s4-auth Fill in the remainder of the unix info in auth_session_info Signed-off-by: Andrew Tridgell <tridge@samba.org> Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Fri Jul 29 05:33:03 CEST 2011 on sn-devel-104
2011-07-21 12:21:19 +04:00
NT_STATUS_HAVE_NO_MEMORY(session_info->unix_info);
s4-auth/unix_token: separate out filling the unix_info elements in a struct session_info Bug: https://bugzilla.samba.org/show_bug.cgi?id=14400 Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Ralph Boehme <slow@samba.org>
2020-06-04 16:39:02 +03:00
session_info->unix_info->unix_name =
talloc_asprintf(session_info->unix_info,
"%s%s%s", session_info->info->domain_name,
lpcfg_winbind_separator(lp_ctx),
session_info->info->account_name);
s4-auth Fill in the remainder of the unix info in auth_session_info Signed-off-by: Andrew Tridgell <tridge@samba.org> Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Fri Jul 29 05:33:03 CEST 2011 on sn-devel-104
2011-07-21 12:21:19 +04:00
NT_STATUS_HAVE_NO_MEMORY(session_info->unix_info->unix_name);
s4-auth: allow to pass original_user_name=NULL to auth_session_info_fill_unix() With this patch the auth_session_info_fill_unix() uses the "unix_name" from the session_info->unix_info if no original_user_name was specified. This is used to process a system session info where no original_user_name is given. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Volker Lendecke <vl@samba.org>
2018-09-25 14:16:15 +03:00
if (original_user_name == NULL) {
original_user_name = session_info->unix_info->unix_name;
}
s4/auth: use talloc_alpha_strcpy() in auth_session_info_fill_unix() Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2020-01-17 21:31:06 +03:00
session_info->unix_info->sanitized_username =
talloc_alpha_strcpy(session_info->unix_info,
original_user_name,
". _-$");
NT_STATUS_HAVE_NO_MEMORY(session_info->unix_info->sanitized_username);
s4-auth Fill in the remainder of the unix info in auth_session_info Signed-off-by: Andrew Tridgell <tridge@samba.org> Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Fri Jul 29 05:33:03 CEST 2011 on sn-devel-104
2011-07-21 12:21:19 +04:00
return NT_STATUS_OK;
}
s4-auth/unix_token: separate out filling the unix_info elements in a struct session_info Bug: https://bugzilla.samba.org/show_bug.cgi?id=14400 Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Ralph Boehme <slow@samba.org>
2020-06-04 16:39:02 +03:00
/*
Fill in the auth_user_info_unix and auth_unix_token elements in a struct session_info
*/
NTSTATUS auth_session_info_fill_unix(struct loadparm_context *lp_ctx,
const char *original_user_name,
struct auth_session_info *session_info)
{
NTSTATUS status = NT_STATUS_OK;
status = security_token_to_unix_token(session_info,
session_info->security_token,
&session_info->unix_token);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
status = fill_unix_info(lp_ctx,
original_user_name,
session_info);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
return NT_STATUS_OK;
}
s4-auth/unix_token: add new function auth_session_info_set_unix() Used to fill the unix info in a struct auth_session_info similar to auth_session_info_fill_unix(). The new auth_session_info_set_unix() receives the uid and gid for the unix token as an parameter. It does not query the unix token from winbind (via security_token_to_unix_token()). This is useful to fill a user session info manually if winbind is not available. Bug: https://bugzilla.samba.org/show_bug.cgi?id=14400 Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Ralph Boehme <slow@samba.org>
2020-06-04 16:41:34 +03:00
/*
* Set the given auth_user_info_unix and auth_unix_token elements in a
* struct session_info, similar auth_session_info_fill_unix().
* Receives the uid and gid for the unix token as parameters and does
* not query the unix token from winbind (via security_token_to_unix_token()).
* This is useful to fill a user session info manually if winbind is not
* available.
*/
NTSTATUS auth_session_info_set_unix(struct loadparm_context *lp_ctx,
const char *original_user_name,
int uid,
int gid,
struct auth_session_info *session_info)
{
NTSTATUS status;
session_info->unix_token = talloc_zero(session_info,
struct security_unix_token);
if (session_info->unix_token == NULL) {
return NT_STATUS_NO_MEMORY;
}
session_info->unix_token->uid = uid;
session_info->unix_token->gid = gid;
status = fill_unix_info(lp_ctx,
original_user_name,
session_info);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
return NT_STATUS_OK;
}
Copy Permalink