mirror of
https://github.com/samba-team/samba.git
synced 2025-03-27 22:50:26 +03:00
s3-auth struct security_unix_token replaces UNIX_USER_TOKEN
This commit is contained in:
Andrew Bartlett
parent
2a5ac56742
commit
04f5ef83b9
@ -30,7 +30,7 @@ struct auth_serversupplied_info {
|
||||
bool guest;
|
||||
bool system;
|
||||
|
||||
struct unix_user_token utok;
|
||||
struct security_unix_token utok;
|
||||
|
||||
/* NT group information taken from the info3 structure */
|
||||
|
||||
|
||||
@ -3040,12 +3040,12 @@ void del_deferred_open_entry(struct share_mode_lock *lck, uint64_t mid,
|
||||
bool remove_share_oplock(struct share_mode_lock *lck, files_struct *fsp);
|
||||
bool downgrade_share_oplock(struct share_mode_lock *lck, files_struct *fsp);
|
||||
NTSTATUS can_set_delete_on_close(files_struct *fsp, uint32 dosmode);
|
||||
const UNIX_USER_TOKEN *get_delete_on_close_token(struct share_mode_lock *lck, uint32_t name_hash);
|
||||
const struct security_unix_token *get_delete_on_close_token(struct share_mode_lock *lck, uint32_t name_hash);
|
||||
void set_delete_on_close_lck(files_struct *fsp,
|
||||
struct share_mode_lock *lck,
|
||||
bool delete_on_close,
|
||||
const UNIX_USER_TOKEN *tok);
|
||||
bool set_delete_on_close(files_struct *fsp, bool delete_on_close, const UNIX_USER_TOKEN *tok);
|
||||
const struct security_unix_token *tok);
|
||||
bool set_delete_on_close(files_struct *fsp, bool delete_on_close, const struct security_unix_token *tok);
|
||||
bool is_delete_on_close_set(struct share_mode_lock *lck, uint32_t name_hash);
|
||||
bool set_sticky_write_time(struct file_id fileid, struct timespec write_time);
|
||||
bool set_write_time(struct file_id fileid, struct timespec write_time);
|
||||
@ -5112,7 +5112,7 @@ void server_encryption_shutdown(void);
|
||||
|
||||
/* The following definitions come from smbd/sec_ctx.c */
|
||||
|
||||
bool unix_token_equal(const UNIX_USER_TOKEN *t1, const UNIX_USER_TOKEN *t2);
|
||||
bool unix_token_equal(const struct security_unix_token *t1, const struct security_unix_token *t2);
|
||||
bool push_sec_ctx(void);
|
||||
void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, struct security_token *token);
|
||||
void set_root_sec_ctx(void);
|
||||
@ -5282,7 +5282,7 @@ bool become_user(connection_struct *conn, uint16 vuid);
|
||||
bool unbecome_user(void);
|
||||
uid_t get_current_uid(connection_struct *conn);
|
||||
gid_t get_current_gid(connection_struct *conn);
|
||||
const UNIX_USER_TOKEN *get_current_utok(connection_struct *conn);
|
||||
const struct security_unix_token *get_current_utok(connection_struct *conn);
|
||||
const struct security_token *get_current_nttok(connection_struct *conn);
|
||||
uint16_t get_current_vuid(connection_struct *conn);
|
||||
|
||||
@ -5421,7 +5421,7 @@ NTSTATUS access_check_object( struct security_descriptor *psd, struct security_t
|
||||
uint32 des_access, uint32 *acc_granted,
|
||||
const char *debug );
|
||||
void map_max_allowed_access(const struct security_token *nt_token,
|
||||
const struct unix_user_token *unix_token,
|
||||
const struct security_unix_token *unix_token,
|
||||
uint32_t *pacc_requested);
|
||||
|
||||
/* The following definitions come from ../libds/common/flag_mapping.c */
|
||||
|
||||
@ -203,13 +203,6 @@ struct lsa_name_info {
|
||||
#define PRIMARY_USER_SID_INDEX 0
|
||||
#define PRIMARY_GROUP_SID_INDEX 1
|
||||
|
||||
typedef struct unix_user_token {
|
||||
uid_t uid;
|
||||
gid_t gid;
|
||||
uint32_t ngroups;
|
||||
gid_t *groups;
|
||||
} UNIX_USER_TOKEN;
|
||||
|
||||
typedef struct write_cache {
|
||||
SMB_OFF_T file_size;
|
||||
SMB_OFF_T offset;
|
||||
@ -521,7 +514,7 @@ typedef struct connection_struct {
|
||||
struct current_user {
|
||||
connection_struct *conn;
|
||||
uint16 vuid;
|
||||
UNIX_USER_TOKEN ut;
|
||||
struct security_unix_token ut;
|
||||
struct security_token *nt_user_token;
|
||||
};
|
||||
|
||||
@ -689,7 +682,7 @@ Offset Data length.
|
||||
struct delete_token_list {
|
||||
struct delete_token_list *next, *prev;
|
||||
uint32_t name_hash;
|
||||
UNIX_USER_TOKEN *delete_token;
|
||||
struct security_unix_token *delete_token;
|
||||
};
|
||||
|
||||
struct share_mode_lock {
|
||||
|
||||
@ -584,7 +584,7 @@ static int parse_delete_tokens_list(struct share_mode_lock *lck,
|
||||
memcpy(&pdtl->name_hash, p, sizeof(pdtl->name_hash));
|
||||
p += sizeof(pdtl->name_hash);
|
||||
|
||||
pdtl->delete_token = TALLOC_ZERO_P(pdtl, UNIX_USER_TOKEN);
|
||||
pdtl->delete_token = TALLOC_ZERO_P(pdtl, struct security_unix_token);
|
||||
if (pdtl->delete_token == NULL) {
|
||||
DEBUG(0,("parse_delete_tokens_list: talloc failed"));
|
||||
return -1;
|
||||
@ -808,7 +808,7 @@ static TDB_DATA unparse_share_modes(const struct share_mode_lock *lck)
|
||||
|
||||
/* Store any delete on close tokens. */
|
||||
for (pdtl = lck->delete_tokens; pdtl; pdtl = pdtl->next) {
|
||||
UNIX_USER_TOKEN *pdt = pdtl->delete_token;
|
||||
struct security_unix_token *pdt = pdtl->delete_token;
|
||||
uint32_t token_size = sizeof(uint32_t) +
|
||||
sizeof(uint32_t) +
|
||||
sizeof(uid_t) +
|
||||
@ -1461,15 +1461,15 @@ NTSTATUS can_set_delete_on_close(files_struct *fsp, uint32 dosmode)
|
||||
}
|
||||
|
||||
/*************************************************************************
|
||||
Return a talloced copy of a UNIX_USER_TOKEN. NULL on fail.
|
||||
Return a talloced copy of a struct security_unix_token. NULL on fail.
|
||||
(Should this be in locking.c.... ?).
|
||||
*************************************************************************/
|
||||
|
||||
static UNIX_USER_TOKEN *copy_unix_token(TALLOC_CTX *ctx, const UNIX_USER_TOKEN *tok)
|
||||
static struct security_unix_token *copy_unix_token(TALLOC_CTX *ctx, const struct security_unix_token *tok)
|
||||
{
|
||||
UNIX_USER_TOKEN *cpy;
|
||||
struct security_unix_token *cpy;
|
||||
|
||||
cpy = TALLOC_P(ctx, UNIX_USER_TOKEN);
|
||||
cpy = TALLOC_P(ctx, struct security_unix_token);
|
||||
if (!cpy) {
|
||||
return NULL;
|
||||
}
|
||||
@ -1494,7 +1494,7 @@ static UNIX_USER_TOKEN *copy_unix_token(TALLOC_CTX *ctx, const UNIX_USER_TOKEN *
|
||||
|
||||
static bool add_delete_on_close_token(struct share_mode_lock *lck,
|
||||
uint32_t name_hash,
|
||||
const UNIX_USER_TOKEN *tok)
|
||||
const struct security_unix_token *tok)
|
||||
{
|
||||
struct delete_token_list *dtl;
|
||||
|
||||
@ -1521,14 +1521,14 @@ static bool add_delete_on_close_token(struct share_mode_lock *lck,
|
||||
changed the delete on close flag. This will be noticed
|
||||
in the close code, the last closer will delete the file
|
||||
if flag is set.
|
||||
This makes a copy of any UNIX_USER_TOKEN into the
|
||||
This makes a copy of any struct security_unix_token into the
|
||||
lck entry. This function is used when the lock is already granted.
|
||||
****************************************************************************/
|
||||
|
||||
void set_delete_on_close_lck(files_struct *fsp,
|
||||
struct share_mode_lock *lck,
|
||||
bool delete_on_close,
|
||||
const UNIX_USER_TOKEN *tok)
|
||||
const struct security_unix_token *tok)
|
||||
{
|
||||
struct delete_token_list *dtl;
|
||||
bool ret;
|
||||
@ -1565,7 +1565,7 @@ void set_delete_on_close_lck(files_struct *fsp,
|
||||
SMB_ASSERT(ret);
|
||||
}
|
||||
|
||||
bool set_delete_on_close(files_struct *fsp, bool delete_on_close, const UNIX_USER_TOKEN *tok)
|
||||
bool set_delete_on_close(files_struct *fsp, bool delete_on_close, const struct security_unix_token *tok)
|
||||
{
|
||||
struct share_mode_lock *lck;
|
||||
|
||||
@ -1596,7 +1596,7 @@ bool set_delete_on_close(files_struct *fsp, bool delete_on_close, const UNIX_USE
|
||||
return True;
|
||||
}
|
||||
|
||||
const UNIX_USER_TOKEN *get_delete_on_close_token(struct share_mode_lock *lck, uint32_t name_hash)
|
||||
const struct security_unix_token *get_delete_on_close_token(struct share_mode_lock *lck, uint32_t name_hash)
|
||||
{
|
||||
struct delete_token_list *dtl;
|
||||
|
||||
|
||||
@ -250,7 +250,7 @@ done:
|
||||
********************************************************************/
|
||||
|
||||
void map_max_allowed_access(const struct security_token *nt_token,
|
||||
const struct unix_user_token *unix_token,
|
||||
const struct security_unix_token *unix_token,
|
||||
uint32_t *pacc_requested)
|
||||
{
|
||||
if (!((*pacc_requested) & MAXIMUM_ALLOWED_ACCESS)) {
|
||||
|
||||
@ -275,7 +275,7 @@ static NTSTATUS close_remove_share_mode(files_struct *fsp,
|
||||
NTSTATUS status = NT_STATUS_OK;
|
||||
NTSTATUS tmp_status;
|
||||
struct file_id id;
|
||||
const UNIX_USER_TOKEN *del_token = NULL;
|
||||
const struct security_unix_token *del_token = NULL;
|
||||
|
||||
/* Ensure any pending write time updates are done. */
|
||||
if (fsp->update_write_time_event) {
|
||||
@ -958,7 +958,7 @@ static NTSTATUS close_directory(struct smb_request *req, files_struct *fsp,
|
||||
bool delete_dir = False;
|
||||
NTSTATUS status = NT_STATUS_OK;
|
||||
NTSTATUS status1 = NT_STATUS_OK;
|
||||
const UNIX_USER_TOKEN *del_token = NULL;
|
||||
const struct security_unix_token *del_token = NULL;
|
||||
|
||||
/*
|
||||
* NT can set delete_on_close of the last open
|
||||
|
||||
@ -78,7 +78,7 @@ extern struct smb_srv_trans_enc_ctx *partial_srv_trans_enc_ctx;
|
||||
extern struct smb_srv_trans_enc_ctx *srv_trans_enc_ctx;
|
||||
|
||||
struct sec_ctx {
|
||||
UNIX_USER_TOKEN ut;
|
||||
struct security_unix_token ut;
|
||||
struct security_token *token;
|
||||
};
|
||||
/* A stack of security contexts. We include the current context as being
|
||||
|
||||
@ -85,7 +85,7 @@ static bool gid_in_use(const struct user_struct* user, gid_t gid)
|
||||
while (user) {
|
||||
if (user->session_info != NULL) {
|
||||
int i;
|
||||
struct unix_user_token utok = user->session_info->utok;
|
||||
struct security_unix_token utok = user->session_info->utok;
|
||||
if (utok.gid == gid) {
|
||||
return true;
|
||||
}
|
||||
|
||||
@ -1306,7 +1306,7 @@ static bool uid_entry_in_group(connection_struct *conn, canon_ace *uid_ace, cano
|
||||
* and don't need to do the complex user_in_group_sid() call
|
||||
*/
|
||||
if (uid_ace->unix_ug.uid == get_current_uid(conn)) {
|
||||
const UNIX_USER_TOKEN *curr_utok = NULL;
|
||||
const struct security_unix_token *curr_utok = NULL;
|
||||
size_t i;
|
||||
|
||||
if (group_ace->unix_ug.gid == get_current_gid(conn)) {
|
||||
@ -2652,7 +2652,7 @@ static canon_ace *canonicalise_acl(struct connection_struct *conn,
|
||||
static bool current_user_in_group(connection_struct *conn, gid_t gid)
|
||||
{
|
||||
int i;
|
||||
const UNIX_USER_TOKEN *utok = get_current_utok(conn);
|
||||
const struct security_unix_token *utok = get_current_utok(conn);
|
||||
|
||||
for (i = 0; i < utok->ngroups; i++) {
|
||||
if (utok->groups[i] == gid) {
|
||||
|
||||
@ -27,7 +27,7 @@ extern struct current_user current_user;
|
||||
Are two UNIX tokens equal ?
|
||||
****************************************************************************/
|
||||
|
||||
bool unix_token_equal(const UNIX_USER_TOKEN *t1, const UNIX_USER_TOKEN *t2)
|
||||
bool unix_token_equal(const struct security_unix_token *t1, const struct security_unix_token *t2)
|
||||
{
|
||||
if (t1->uid != t2->uid || t1->gid != t2->gid ||
|
||||
t1->ngroups != t2->ngroups) {
|
||||
|
||||
@ -536,7 +536,7 @@ gid_t get_current_gid(connection_struct *conn)
|
||||
doesn't alter this value.
|
||||
****************************************************************************/
|
||||
|
||||
const UNIX_USER_TOKEN *get_current_utok(connection_struct *conn)
|
||||
const struct security_unix_token *get_current_utok(connection_struct *conn)
|
||||
{
|
||||
return ¤t_user.ut;
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user