svn commit: samba r2934 - in branches/SAMBA_4_0/source:
ntvfs/unixuid script
tridge at samba.org
tridge at samba.org
Tue Oct 12 11:30:49 GMT 2004
Author: tridge
Date: 2004-10-12 11:30:48 +0000 (Tue, 12 Oct 2004)
New Revision: 2934
WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba&path=/branches/SAMBA_4_0/source&rev=2934&nolog=1
Log:
- changed the unixuid module to use the nt_user_token instead of the server supplied info structure.
- added SID_WORLD and SID_NETWORK to the foreign sids in the
provisioning, as these are auto-added to the nt_user_token (why is
that done? Andrew?)
Modified:
branches/SAMBA_4_0/source/ntvfs/unixuid/vfs_unixuid.c
branches/SAMBA_4_0/source/script/provision.pl
Changeset:
Modified: branches/SAMBA_4_0/source/ntvfs/unixuid/vfs_unixuid.c
===================================================================
--- branches/SAMBA_4_0/source/ntvfs/unixuid/vfs_unixuid.c 2004-10-12 10:32:54 UTC (rev 2933)
+++ branches/SAMBA_4_0/source/ntvfs/unixuid/vfs_unixuid.c 2004-10-12 11:30:48 UTC (rev 2934)
@@ -26,7 +26,7 @@
struct unixuid_private {
void *samctx;
struct unix_sec_ctx *last_sec_ctx;
- struct auth_session_info *last_session_info;
+ struct nt_user_token *last_token;
};
@@ -238,35 +238,40 @@
}
/*
- form a unix_sec_ctx from the current session info
+ form a unix_sec_ctx from the current nt_user_token
*/
-static NTSTATUS authinfo_to_unix_security(struct ntvfs_module_context *ntvfs,
+static NTSTATUS nt_token_to_unix_security(struct ntvfs_module_context *ntvfs,
struct smbsrv_request *req,
- struct auth_serversupplied_info *info,
+ struct nt_user_token *token,
struct unix_sec_ctx **sec)
{
int i;
NTSTATUS status;
*sec = talloc_p(req, struct unix_sec_ctx);
- status = sid_to_unixuid(ntvfs, req, info->user_sid, &(*sec)->uid);
+ /* we can't do unix security without a user and group */
+ if (token->num_sids < 2) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ status = sid_to_unixuid(ntvfs, req, token->user_sids[0], &(*sec)->uid);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- status = sid_to_unixgid(ntvfs, req, info->primary_group_sid, &(*sec)->gid);
+ status = sid_to_unixgid(ntvfs, req, token->user_sids[1], &(*sec)->gid);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- (*sec)->ngroups = info->n_domain_groups;
+ (*sec)->ngroups = token->num_sids - 2;
(*sec)->groups = talloc_array_p(*sec, gid_t, (*sec)->ngroups);
if ((*sec)->groups == NULL) {
return NT_STATUS_NO_MEMORY;
}
for (i=0;i<(*sec)->ngroups;i++) {
- status = sid_to_unixgid(ntvfs, req, info->domain_groups[i], &(*sec)->groups[i]);
+ status = sid_to_unixgid(ntvfs, req, token->user_sids[i+2], &(*sec)->groups[i]);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -282,7 +287,7 @@
struct smbsrv_request *req, struct unix_sec_ctx **sec)
{
struct unixuid_private *private = ntvfs->private_data;
- struct auth_serversupplied_info *info = req->session->session_info->server_info;
+ struct nt_user_token *token = req->session->session_info->nt_user_token;
void *ctx = talloc(req, 0);
struct unix_sec_ctx *newsec;
NTSTATUS status;
@@ -292,10 +297,10 @@
return NT_STATUS_NO_MEMORY;
}
- if (req->session->session_info == private->last_session_info) {
+ if (req->session->session_info->nt_user_token == private->last_token) {
newsec = private->last_sec_ctx;
} else {
- status = authinfo_to_unix_security(ntvfs, req, info, &newsec);
+ status = nt_token_to_unix_security(ntvfs, req, token, &newsec);
if (!NT_STATUS_IS_OK(status)) {
talloc_free(ctx);
return status;
@@ -304,7 +309,7 @@
talloc_free(private->last_sec_ctx);
}
private->last_sec_ctx = newsec;
- private->last_session_info = req->session->session_info;
+ private->last_token = req->session->session_info->nt_user_token;
talloc_steal(private, newsec);
}
@@ -354,7 +359,7 @@
ntvfs->private_data = private;
private->last_sec_ctx = NULL;
- private->last_session_info = NULL;
+ private->last_token = NULL;
PASS_THRU_REQ(ntvfs, req, connect, (ntvfs, req, sharename));
@@ -611,7 +616,7 @@
PASS_THRU_REQ(ntvfs, req, logoff, (ntvfs, req));
- private->last_session_info = NULL;
+ private->last_token = NULL;
return status;
}
Modified: branches/SAMBA_4_0/source/script/provision.pl
===================================================================
--- branches/SAMBA_4_0/source/script/provision.pl 2004-10-12 10:32:54 UTC (rev 2933)
+++ branches/SAMBA_4_0/source/script/provision.pl 2004-10-12 11:30:48 UTC (rev 2934)
@@ -322,6 +322,8 @@
my $data = FileLoad("provision.ldif") || die "Unable to load provision.ldif\n";
$data .= add_foreign("S-1-5-7", "Anonymous", "\${NOBODY}");
+$data .= add_foreign("S-1-1-0", "World", "\${NOGROUP}");
+$data .= add_foreign("S-1-5-2", "Network", "\${NOGROUP}");
$data .= add_foreign("S-1-5-18", "System", "root");
$data .= add_foreign("S-1-5-11", "Authenticated Users", "\${USERS}");
More information about the samba-cvs
mailing list