sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-07 09:49:30 +03:00
Code Activity

Remove "userdom_struct user" from "struct user_struct"

Browse Source 
(This used to be commit 420de03523)
This commit is contained in:
Volker Lendecke
2008-04-30 17:42:39 +02:00
parent a683625d7f
commit bec1dfab27
12 changed files with 89 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
source3/auth/auth_util.c
View File

@ -1107,6 +1107,7 @@ static NTSTATUS make_new_server_info_guest(auth_serversupplied_info **server_inf
DOM_SID guest_sid; DOM_SID guest_sid;
bool ret; bool ret;
char zeros[16]; char zeros[16];
fstring tmp;
if ( !(sampass = samu_new( NULL )) ) { if ( !(sampass = samu_new( NULL )) ) {
return NT_STATUS_NO_MEMORY; return NT_STATUS_NO_MEMORY;
@ -1145,6 +1146,9 @@ static NTSTATUS make_new_server_info_guest(auth_serversupplied_info **server_inf
(*server_info)->user_session_key = data_blob(zeros, sizeof(zeros)); (*server_info)->user_session_key = data_blob(zeros, sizeof(zeros));
(*server_info)->lm_session_key = data_blob(zeros, sizeof(zeros)); (*server_info)->lm_session_key = data_blob(zeros, sizeof(zeros));
alpha_strcpy(tmp, pdb_get_username(sampass), ". _-$", sizeof(tmp));
(*server_info)->sanitized_username = talloc_strdup(*server_info, tmp);
return NT_STATUS_OK; return NT_STATUS_OK;
} }
@ -1200,6 +1204,12 @@ static auth_serversupplied_info *copy_serverinfo(auth_serversupplied_info *src)
return NULL; return NULL;
} }
dst->sanitized_username = talloc_strdup(dst, src->sanitized_username);
if (!dst->sanitized_username) {
TALLOC_FREE(dst);
return NULL;
}
return dst; return dst;
} }

10
source3/include/auth.h
View File

@ -69,7 +69,15 @@ typedef struct auth_serversupplied_info {
bool was_mapped; /* Did the username map match? */ bool was_mapped; /* Did the username map match? */
char *unix_name; char *unix_name;
/*
* For performance reasons we keep an alpha_strcpy-sanitized version
* of the username around as long as the global variable current_user
* still exists. If we did not do keep this, we'd have to call
* alpha_strcpy whenever we do a become_user(), potentially on every
* smb request. See set_current_user_info.
*/
char *sanitized_username;
} auth_serversupplied_info; } auth_serversupplied_info;
struct auth_context { struct auth_context {

2
source3/include/smb.h
View File

@ -1778,8 +1778,6 @@ typedef struct user_struct {
struct user_struct *next, *prev; struct user_struct *next, *prev;
uint16 vuid; /* Tag for this entry. */ uint16 vuid; /* Tag for this entry. */
userdom_struct user;
char *session_keystr; /* used by utmp and pam session code. char *session_keystr; /* used by utmp and pam session code.
TDB key string */ TDB key string */
int homes_snum; int homes_snum;

11
source3/lib/substitute.c
View File

@ -213,11 +213,18 @@ static const char *get_smb_user_name(void)
/******************************************************************* /*******************************************************************
Setup the strings used by substitutions. Called per packet. Ensure Setup the strings used by substitutions. Called per packet. Ensure
%U name is set correctly also. %U name is set correctly also.
smb_name must be sanitized by alpha_strcpy
********************************************************************/ ********************************************************************/
void set_current_user_info(const userdom_struct *pcui) void set_current_user_info(const char *smb_name, const char *unix_name,
const char *full_name, const char *domain)
{ {
current_user_info = *pcui; fstrcpy(current_user_info.smb_name, smb_name);
fstrcpy(current_user_info.unix_name, unix_name);
fstrcpy(current_user_info.full_name, full_name);
fstrcpy(current_user_info.domain, domain);
/* The following is safe as current_user_info.smb_name /* The following is safe as current_user_info.smb_name
* has already been sanitised in register_existing_vuid. */ * has already been sanitised in register_existing_vuid. */

9
source3/printing/printing.c
View File

@ -1989,7 +1989,8 @@ static bool is_owner(struct current_user *user, const char *servicename,
return False; return False;
if ((vuser = get_valid_user_struct(user->vuid)) != NULL) { if ((vuser = get_valid_user_struct(user->vuid)) != NULL) {
return strequal(pjob->user, vuser->user.smb_name); return strequal(pjob->user,
vuser->server_info->sanitized_username);
} else { } else {
return strequal(pjob->user, uidtoname(user->ut.uid)); return strequal(pjob->user, uidtoname(user->ut.uid));
} }
@ -2438,8 +2439,10 @@ uint32 print_job_start(struct current_user *user, int snum, char *jobname, NT_DE
if ((vuser = get_valid_user_struct(user->vuid)) != NULL) { if ((vuser = get_valid_user_struct(user->vuid)) != NULL) {
fstrcpy(pjob.user, lp_printjob_username(snum)); fstrcpy(pjob.user, lp_printjob_username(snum));
standard_sub_basic(vuser->user.smb_name, vuser->user.domain, standard_sub_basic(
pjob.user, sizeof(pjob.user)-1); vuser->server_info->sanitized_username,
pdb_get_domain(vuser->server_info->sam_account),
pjob.user, sizeof(pjob.user)-1);
/* ensure NULL termination */ /* ensure NULL termination */
pjob.user[sizeof(pjob.user)-1] = '\0'; pjob.user[sizeof(pjob.user)-1] = '\0';
} else { } else {

4
source3/rpc_server/srv_lsa_nt.c
View File

@ -1479,8 +1479,8 @@ NTSTATUS _lsa_GetUserName(pipes_struct *p,
return NT_STATUS_NO_MEMORY; return NT_STATUS_NO_MEMORY;
} }
} else { } else {
username = vuser->user.smb_name; username = vuser->server_info->sanitized_username;
domname = vuser->user.domain; domname = pdb_get_domain(vuser->server_info->sam_account);
} }
account_name = TALLOC_ZERO_P(p->mem_ctx, struct lsa_String); account_name = TALLOC_ZERO_P(p->mem_ctx, struct lsa_String);

12
source3/smbd/lanman.c
View File

@ -3340,7 +3340,7 @@ static bool api_RNetUserGetInfo(connection_struct *conn, uint16 vuid,
if(vuser != NULL) { if(vuser != NULL) {
DEBUG(3,(" Username of UID %d is %s\n", DEBUG(3,(" Username of UID %d is %s\n",
(int)vuser->server_info->uid, (int)vuser->server_info->uid,
vuser->user.unix_name)); vuser->server_info->unix_name));
} }
if (!str1 || !str2 || !UserName || !p) { if (!str1 || !str2 || !UserName || !p) {
@ -3413,7 +3413,9 @@ static bool api_RNetUserGetInfo(connection_struct *conn, uint16 vuid,
/* EEK! the cifsrap.txt doesn't have this in!!!! */ /* EEK! the cifsrap.txt doesn't have this in!!!! */
SIVAL(p,usri11_full_name,PTR_DIFF(p2,p)); /* full name */ SIVAL(p,usri11_full_name,PTR_DIFF(p2,p)); /* full name */
strlcpy(p2,((vuser != NULL) ? vuser->user.full_name : UserName),PTR_DIFF(endp,p2)); strlcpy(p2,((vuser != NULL)
? pdb_get_fullname(vuser->server_info->sam_account)
: UserName),PTR_DIFF(endp,p2));
p2 = skip_string(*rdata,*rdata_len,p2); p2 = skip_string(*rdata,*rdata_len,p2);
if (!p2) { if (!p2) {
return False; return False;
@ -3503,7 +3505,9 @@ static bool api_RNetUserGetInfo(connection_struct *conn, uint16 vuid,
if (uLevel == 2) { if (uLevel == 2) {
SIVAL(p,60,0); /* auth_flags */ SIVAL(p,60,0); /* auth_flags */
SIVAL(p,64,PTR_DIFF(p2,*rdata)); /* full_name */ SIVAL(p,64,PTR_DIFF(p2,*rdata)); /* full_name */
strlcpy(p2,((vuser != NULL) ? vuser->user.full_name : UserName),PTR_DIFF(endp,p2)); strlcpy(p2,((vuser != NULL)
? pdb_get_fullname(vuser->server_info->sam_account)
: UserName),PTR_DIFF(endp,p2));
p2 = skip_string(*rdata,*rdata_len,p2); p2 = skip_string(*rdata,*rdata_len,p2);
if (!p2) { if (!p2) {
return False; return False;
@ -3592,7 +3596,7 @@ static bool api_WWkstaUserLogon(connection_struct *conn,uint16 vuid,
if(vuser != NULL) { if(vuser != NULL) {
DEBUG(3,(" Username of UID %d is %s\n", DEBUG(3,(" Username of UID %d is %s\n",
(int)vuser->server_info->uid, (int)vuser->server_info->uid,
vuser->user.unix_name)); vuser->server_info->unix_name));
} }
uLevel = get_safe_SVAL(param,tpscnt,p,0,-1); uLevel = get_safe_SVAL(param,tpscnt,p,0,-1);

49
source3/smbd/password.c
View File

@ -253,40 +253,36 @@ int register_existing_vuid(uint16 vuid,
DATA_BLOB response_blob, DATA_BLOB response_blob,
const char *smb_name) const char *smb_name)
{ {
user_struct *vuser = get_partial_auth_user_struct(vuid); fstring tmp;
user_struct *vuser;
vuser = get_partial_auth_user_struct(vuid);
if (!vuser) { if (!vuser) {
goto fail; goto fail;
} }
/* Use this to keep tabs on all our info from the authentication */ /* Use this to keep tabs on all our info from the authentication */
vuser->server_info = server_info; vuser->server_info = talloc_move(vuser, &server_info);
/* Ensure that the server_info will disappear with
* the vuser it is now attached to */
talloc_steal(vuser, vuser->server_info);
fstrcpy(vuser->user.unix_name, server_info->unix_name);
/* This is a potentially untrusted username */ /* This is a potentially untrusted username */
alpha_strcpy(vuser->user.smb_name, smb_name, ". _-$", alpha_strcpy(tmp, smb_name, ". _-$", sizeof(tmp));
sizeof(vuser->user.smb_name));
fstrcpy(vuser->user.domain, pdb_get_domain(server_info->sam_account)); vuser->server_info->sanitized_username = talloc_strdup(
fstrcpy(vuser->user.full_name, server_info, tmp);
pdb_get_fullname(server_info->sam_account));
DEBUG(10,("register_existing_vuid: (%u,%u) %s %s %s guest=%d\n", DEBUG(10,("register_existing_vuid: (%u,%u) %s %s %s guest=%d\n",
(unsigned int)vuser->server_info->uid, (unsigned int)vuser->server_info->uid,
(unsigned int)vuser->server_info->gid, (unsigned int)vuser->server_info->gid,
vuser->user.unix_name, vuser->user.smb_name, vuser->server_info->unix_name,
vuser->user.domain, vuser->server_info->guest )); vuser->server_info->sanitized_username,
pdb_get_domain(vuser->server_info->sam_account),
vuser->server_info->guest ));
DEBUG(3, ("register_existing_vuid: User name: %s\t" DEBUG(3, ("register_existing_vuid: User name: %s\t"
"Real name: %s\n", vuser->user.unix_name, "Real name: %s\n", vuser->server_info->unix_name,
vuser->user.full_name)); pdb_get_fullname(vuser->server_info->sam_account)));
if (!server_info->ptok) { if (!vuser->server_info->ptok) {
DEBUG(1, ("register_existing_vuid: server_info does not " DEBUG(1, ("register_existing_vuid: server_info does not "
"contain a user_token - cannot continue\n")); "contain a user_token - cannot continue\n"));
goto fail; goto fail;
@ -294,7 +290,7 @@ int register_existing_vuid(uint16 vuid,
DEBUG(3,("register_existing_vuid: UNIX uid %d is UNIX user %s, " DEBUG(3,("register_existing_vuid: UNIX uid %d is UNIX user %s, "
"and will be vuid %u\n", (int)vuser->server_info->uid, "and will be vuid %u\n", (int)vuser->server_info->uid,
vuser->user.unix_name, vuser->vuid)); vuser->server_info->unix_name, vuser->vuid));
next_vuid++; next_vuid++;
num_validated_vuids++; num_validated_vuids++;
@ -316,7 +312,7 @@ int register_existing_vuid(uint16 vuid,
if (!vuser->server_info->guest) { if (!vuser->server_info->guest) {
vuser->homes_snum = register_homes_share( vuser->homes_snum = register_homes_share(
vuser->user.unix_name); vuser->server_info->unix_name);
} }
if (srv_is_signing_negotiated() && !vuser->server_info->guest && if (srv_is_signing_negotiated() && !vuser->server_info->guest &&
@ -327,7 +323,12 @@ int register_existing_vuid(uint16 vuid,
} }
/* fill in the current_user_info struct */ /* fill in the current_user_info struct */
set_current_user_info( &vuser->user ); set_current_user_info(
vuser->server_info->sanitized_username,
vuser->server_info->unix_name,
pdb_get_fullname(vuser->server_info->sam_account),
pdb_get_domain(vuser->server_info->sam_account));
return vuser->vuid; return vuser->vuid;
fail: fail:

8
source3/smbd/process.c
View File

@ -1387,7 +1387,13 @@ static connection_struct *switch_message(uint8 type, struct smb_request *req, in
if(session_tag != UID_FIELD_INVALID) { if(session_tag != UID_FIELD_INVALID) {
vuser = get_valid_user_struct(session_tag); vuser = get_valid_user_struct(session_tag);
if (vuser) { if (vuser) {
set_current_user_info(&vuser->user); set_current_user_info(
vuser->server_info->sanitized_username,
vuser->server_info->unix_name,
pdb_get_fullname(vuser->server_info
->sam_account),
pdb_get_domain(vuser->server_info
->sam_account));
} }
} }
} }

9
source3/smbd/service.c
View File

@ -724,11 +724,12 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
return NULL; return NULL;
} }
} else { } else {
if (!user_ok_token(vuser->user.unix_name, if (!user_ok_token(vuser->server_info->unix_name,
vuser->server_info->ptok, snum)) { vuser->server_info->ptok, snum)) {
DEBUG(2, ("user '%s' (from session setup) not " DEBUG(2, ("user '%s' (from session setup) not "
"permitted to access this share " "permitted to access this share "
"(%s)\n", vuser->user.unix_name, "(%s)\n",
vuser->server_info->unix_name,
lp_servicename(snum))); lp_servicename(snum)));
conn_free(conn); conn_free(conn);
*status = NT_STATUS_ACCESS_DENIED; *status = NT_STATUS_ACCESS_DENIED;
@ -738,8 +739,8 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
conn->vuid = vuser->vuid; conn->vuid = vuser->vuid;
conn->uid = vuser->server_info->uid; conn->uid = vuser->server_info->uid;
conn->gid = vuser->server_info->gid; conn->gid = vuser->server_info->gid;
string_set(&conn->user,vuser->user.unix_name); string_set(&conn->user,vuser->server_info->unix_name);
fstrcpy(user,vuser->user.unix_name); fstrcpy(user,vuser->server_info->unix_name);
guest = vuser->server_info->guest; guest = vuser->server_info->guest;
} else if (lp_security() == SEC_SHARE) { } else if (lp_security() == SEC_SHARE) {
NTSTATUS status2; NTSTATUS status2;

2
source3/smbd/session.c
View File

@ -164,7 +164,7 @@ bool session_claim(user_struct *vuser)
hostname = client_addr(get_client_fd(),addr,sizeof(addr)); hostname = client_addr(get_client_fd(),addr,sizeof(addr));
} }
fstrcpy(sessionid.username, vuser->user.unix_name); fstrcpy(sessionid.username, vuser->server_info->unix_name);
fstrcpy(sessionid.hostname, hostname); fstrcpy(sessionid.hostname, hostname);
sessionid.id_num = i; /* Only valid for utmp sessions */ sessionid.id_num = i; /* Only valid for utmp sessions */
sessionid.pid = pid; sessionid.pid = pid;

11
source3/smbd/uid.c
View File

@ -97,12 +97,14 @@ static bool check_user_ok(connection_struct *conn, user_struct *vuser,int snum)
} }
} }
if (!user_ok_token(vuser->user.unix_name, vuser->server_info->ptok, if (!user_ok_token(vuser->server_info->unix_name,
vuser->server_info->ptok,
snum)) snum))
return(False); return(False);
readonly_share = is_share_read_only_for_token( readonly_share = is_share_read_only_for_token(
vuser->user.unix_name, vuser->server_info->ptok, SNUM(conn)); vuser->server_info->unix_name, vuser->server_info->ptok,
SNUM(conn));
token = conn->nt_user_token ? token = conn->nt_user_token ?
conn->nt_user_token : vuser->server_info->ptok; conn->nt_user_token : vuser->server_info->ptok;
@ -132,7 +134,7 @@ static bool check_user_ok(connection_struct *conn, user_struct *vuser,int snum)
ent->read_only = readonly_share; ent->read_only = readonly_share;
ent->admin_user = token_contains_name_in_list( ent->admin_user = token_contains_name_in_list(
vuser->user.unix_name, NULL, vuser->server_info->ptok, vuser->server_info->unix_name, NULL, vuser->server_info->ptok,
lp_admin_users(SNUM(conn))); lp_admin_users(SNUM(conn)));
conn->read_only = ent->read_only; conn->read_only = ent->read_only;
@ -188,7 +190,8 @@ bool change_to_user(connection_struct *conn, uint16 vuid)
if ((vuser) && !check_user_ok(conn, vuser, snum)) { if ((vuser) && !check_user_ok(conn, vuser, snum)) {
DEBUG(2,("change_to_user: SMB user %s (unix user %s, vuid %d) " DEBUG(2,("change_to_user: SMB user %s (unix user %s, vuid %d) "
"not permitted access to share %s.\n", "not permitted access to share %s.\n",
vuser->user.smb_name, vuser->user.unix_name, vuid, vuser->server_info->sanitized_username,
vuser->server_info->unix_name, vuid,
lp_servicename(snum))); lp_servicename(snum)));
return False; return False;
} }