svn commit: samba r2934 - in branches/SAMBA_4_0/source: ntvfs/unixuid script

tridge at samba.org tridge at samba.org
Tue Oct 12 11:30:49 GMT 2004 

Author: tridge
Date: 2004-10-12 11:30:48 +0000 (Tue, 12 Oct 2004)
New Revision: 2934

WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba&path=/branches/SAMBA_4_0/source&rev=2934&nolog=1

Log:
- changed the unixuid module to use the nt_user_token instead of the server supplied info structure.

- added SID_WORLD and SID_NETWORK to the foreign sids in the
  provisioning, as these are auto-added to the nt_user_token (why is
  that done? Andrew?)

Modified:
   branches/SAMBA_4_0/source/ntvfs/unixuid/vfs_unixuid.c
   branches/SAMBA_4_0/source/script/provision.pl


Changeset:
Modified: branches/SAMBA_4_0/source/ntvfs/unixuid/vfs_unixuid.c
===================================================================
--- branches/SAMBA_4_0/source/ntvfs/unixuid/vfs_unixuid.c	2004-10-12 10:32:54 UTC (rev 2933)
+++ branches/SAMBA_4_0/source/ntvfs/unixuid/vfs_unixuid.c	2004-10-12 11:30:48 UTC (rev 2934)
@@ -26,7 +26,7 @@
 struct unixuid_private {
 	void *samctx;
 	struct unix_sec_ctx *last_sec_ctx;
-	struct auth_session_info *last_session_info;
+	struct nt_user_token *last_token;
 };
 
 
@@ -238,35 +238,40 @@
 }
 
 /*
-  form a unix_sec_ctx from the current session info
+  form a unix_sec_ctx from the current nt_user_token
 */
-static NTSTATUS authinfo_to_unix_security(struct ntvfs_module_context *ntvfs,
+static NTSTATUS nt_token_to_unix_security(struct ntvfs_module_context *ntvfs,
 					  struct smbsrv_request *req,
-					  struct auth_serversupplied_info *info,
+					  struct nt_user_token *token,
 					  struct unix_sec_ctx **sec)
 {
 	int i;
 	NTSTATUS status;
 	*sec = talloc_p(req, struct unix_sec_ctx);
 
-	status = sid_to_unixuid(ntvfs, req, info->user_sid, &(*sec)->uid);
+	/* we can't do unix security without a user and group */
+	if (token->num_sids < 2) {
+		return NT_STATUS_ACCESS_DENIED;
+	}
+
+	status = sid_to_unixuid(ntvfs, req, token->user_sids[0], &(*sec)->uid);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
 	}
 
-	status = sid_to_unixgid(ntvfs, req, info->primary_group_sid, &(*sec)->gid);
+	status = sid_to_unixgid(ntvfs, req, token->user_sids[1], &(*sec)->gid);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
 	}
 
-	(*sec)->ngroups = info->n_domain_groups;
+	(*sec)->ngroups = token->num_sids - 2;
 	(*sec)->groups = talloc_array_p(*sec, gid_t, (*sec)->ngroups);
 	if ((*sec)->groups == NULL) {
 		return NT_STATUS_NO_MEMORY;
 	}
 
 	for (i=0;i<(*sec)->ngroups;i++) {
-		status = sid_to_unixgid(ntvfs, req, info->domain_groups[i], &(*sec)->groups[i]);
+		status = sid_to_unixgid(ntvfs, req, token->user_sids[i+2], &(*sec)->groups[i]);
 		if (!NT_STATUS_IS_OK(status)) {
 			return status;
 		}
@@ -282,7 +287,7 @@
 				       struct smbsrv_request *req, struct unix_sec_ctx **sec)
 {
 	struct unixuid_private *private = ntvfs->private_data;
-	struct auth_serversupplied_info *info = req->session->session_info->server_info;
+	struct nt_user_token *token = req->session->session_info->nt_user_token;
 	void *ctx = talloc(req, 0);
 	struct unix_sec_ctx *newsec;
 	NTSTATUS status;
@@ -292,10 +297,10 @@
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	if (req->session->session_info == private->last_session_info) {
+	if (req->session->session_info->nt_user_token == private->last_token) {
 		newsec = private->last_sec_ctx;
 	} else {
-		status = authinfo_to_unix_security(ntvfs, req, info, &newsec);
+		status = nt_token_to_unix_security(ntvfs, req, token, &newsec);
 		if (!NT_STATUS_IS_OK(status)) {
 			talloc_free(ctx);
 			return status;
@@ -304,7 +309,7 @@
 			talloc_free(private->last_sec_ctx);
 		}
 		private->last_sec_ctx = newsec;
-		private->last_session_info = req->session->session_info;
+		private->last_token = req->session->session_info->nt_user_token;
 		talloc_steal(private, newsec);
 	}
 
@@ -354,7 +359,7 @@
 
 	ntvfs->private_data = private;
 	private->last_sec_ctx = NULL;
-	private->last_session_info = NULL;
+	private->last_token = NULL;
 
 	PASS_THRU_REQ(ntvfs, req, connect, (ntvfs, req, sharename));
 
@@ -611,7 +616,7 @@
 
 	PASS_THRU_REQ(ntvfs, req, logoff, (ntvfs, req));
 
-	private->last_session_info = NULL;
+	private->last_token = NULL;
 
 	return status;
 }

Modified: branches/SAMBA_4_0/source/script/provision.pl
===================================================================
--- branches/SAMBA_4_0/source/script/provision.pl	2004-10-12 10:32:54 UTC (rev 2933)
+++ branches/SAMBA_4_0/source/script/provision.pl	2004-10-12 11:30:48 UTC (rev 2934)
@@ -322,6 +322,8 @@
 my $data = FileLoad("provision.ldif") || die "Unable to load provision.ldif\n";
 
 $data .= add_foreign("S-1-5-7", "Anonymous", "\${NOBODY}");
+$data .= add_foreign("S-1-1-0", "World", "\${NOGROUP}");
+$data .= add_foreign("S-1-5-2", "Network", "\${NOGROUP}");
 $data .= add_foreign("S-1-5-18", "System", "root");
 $data .= add_foreign("S-1-5-11", "Authenticated Users", "\${USERS}");

More information about the samba-cvs mailing list