[SCM] Samba Shared Repository - branch v3-3-test updated -
release-3-2-0pre2-2845-g1025f68
Volker Lendecke
vlendec at samba.org
Sat Jun 14 18:26:02 GMT 2008
The branch, v3-3-test has been updated
via 1025f687910ce40283c7344ed67ebd5bf31217b7 (commit)
via 68944ea1ea7a0a63b08cbfc703f5ee29d2627696 (commit)
via 45662b5e8b3c7bc39cb33c5d7deb7e9a91f30a8b (commit)
via b14e59bfdbfb62494002e22d0665c4d420484245 (commit)
via 5c916549f002d5e4e06f24d396a2bdca73d384c7 (commit)
from a42d7e1146e7469062ead2c8f22f549a48154e03 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test
- Log -----------------------------------------------------------------
commit 1025f687910ce40283c7344ed67ebd5bf31217b7
Author: Volker Lendecke <vl at samba.org>
Date: Sat Jun 14 16:59:07 2008 +0200
Move connection-specific vuid cache clear to uid.c
commit 68944ea1ea7a0a63b08cbfc703f5ee29d2627696
Author: Volker Lendecke <vl at samba.org>
Date: Sat Jun 14 16:55:02 2008 +0200
Slight refactoring for check_user_ok: It only needs vuid and server_info
commit 45662b5e8b3c7bc39cb33c5d7deb7e9a91f30a8b
Author: Volker Lendecke <vl at samba.org>
Date: Sat Jun 14 16:46:25 2008 +0200
Group the access checks together in check_user_ok()
commit b14e59bfdbfb62494002e22d0665c4d420484245
Author: Volker Lendecke <vl at samba.org>
Date: Sat Jun 14 16:43:03 2008 +0200
Consistently use snum in check_user_ok
Most already used it, these two still used SNUM(conn), where the only caller of
this routine (change_to_user) had set snum = SNUM(conn).
commit 5c916549f002d5e4e06f24d396a2bdca73d384c7
Author: Volker Lendecke <vl at samba.org>
Date: Sat Jun 14 16:35:22 2008 +0200
Compare the pointer "vuser" to NULL, not 0
-----------------------------------------------------------------------
Summary of changes:
source/smbd/conn.c | 17 +----------
source/smbd/password.c | 2 +-
source/smbd/uid.c | 68 +++++++++++++++++++++++++++++++----------------
3 files changed, 48 insertions(+), 39 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/smbd/conn.c b/source/smbd/conn.c
index 5c75ed7..1a67ac9 100644
--- a/source/smbd/conn.c
+++ b/source/smbd/conn.c
@@ -225,28 +225,15 @@ bool conn_idle_all(time_t t)
Clear a vuid out of the validity cache, and as the 'owner' of a connection.
****************************************************************************/
-void conn_clear_vuid_cache(uint16 vuid)
+void conn_clear_vuid_caches(uint16_t vuid)
{
connection_struct *conn;
- unsigned int i;
for (conn=Connections;conn;conn=conn->next) {
if (conn->vuid == vuid) {
conn->vuid = UID_FIELD_INVALID;
}
-
- for (i=0; i<VUID_CACHE_SIZE; i++) {
- struct vuid_cache_entry *ent;
-
- ent = &conn->vuid_cache.array[i];
-
- if (ent->vuid == vuid) {
- ent->vuid = UID_FIELD_INVALID;
- TALLOC_FREE(ent->server_info);
- ent->read_only = False;
- ent->admin_user = False;
- }
- }
+ conn_clear_vuid_cache(conn, vuid);
}
}
diff --git a/source/smbd/password.c b/source/smbd/password.c
index 673a1a0..ebc7235 100644
--- a/source/smbd/password.c
+++ b/source/smbd/password.c
@@ -127,7 +127,7 @@ void invalidate_vuid(uint16 vuid)
/* clear the vuid from the 'cache' on each connection, and
from the vuid 'owner' of connections */
- conn_clear_vuid_cache(vuid);
+ conn_clear_vuid_caches(vuid);
TALLOC_FREE(vuser);
num_validated_vuids--;
diff --git a/source/smbd/uid.c b/source/smbd/uid.c
index b0f8cb2..2bc5595 100644
--- a/source/smbd/uid.c
+++ b/source/smbd/uid.c
@@ -61,15 +61,18 @@ bool change_to_guest(void)
later code can then mess with.
********************************************************************/
-static bool check_user_ok(connection_struct *conn, user_struct *vuser,int snum)
+static bool check_user_ok(connection_struct *conn, uint16_t vuid,
+ struct auth_serversupplied_info *server_info,
+ int snum)
{
unsigned int i;
struct vuid_cache_entry *ent = NULL;
bool readonly_share;
+ bool admin_user;
for (i=0; i<VUID_CACHE_SIZE; i++) {
ent = &conn->vuid_cache.array[i];
- if (ent->vuid == vuser->vuid) {
+ if (ent->vuid == vuid) {
conn->server_info = ent->server_info;
conn->read_only = ent->read_only;
conn->admin_user = ent->admin_user;
@@ -77,20 +80,18 @@ static bool check_user_ok(connection_struct *conn, user_struct *vuser,int snum)
}
}
- if (!user_ok_token(vuser->server_info->unix_name,
- pdb_get_domain(vuser->server_info->sam_account),
- vuser->server_info->ptok,
- snum))
+ if (!user_ok_token(server_info->unix_name,
+ pdb_get_domain(server_info->sam_account),
+ server_info->ptok, snum))
return(False);
readonly_share = is_share_read_only_for_token(
- vuser->server_info->unix_name,
- pdb_get_domain(vuser->server_info->sam_account),
- vuser->server_info->ptok,
- SNUM(conn));
+ server_info->unix_name,
+ pdb_get_domain(server_info->sam_account),
+ server_info->ptok, snum);
if (!readonly_share &&
- !share_access_check(vuser->server_info->ptok, lp_servicename(snum),
+ !share_access_check(server_info->ptok, lp_servicename(snum),
FILE_WRITE_DATA)) {
/* smb.conf allows r/w, but the security descriptor denies
* write. Fall back to looking at readonly. */
@@ -99,12 +100,17 @@ static bool check_user_ok(connection_struct *conn, user_struct *vuser,int snum)
"security descriptor\n"));
}
- if (!share_access_check(vuser->server_info->ptok, lp_servicename(snum),
+ if (!share_access_check(server_info->ptok, lp_servicename(snum),
readonly_share ?
FILE_READ_DATA : FILE_WRITE_DATA)) {
return False;
}
+ admin_user = token_contains_name_in_list(
+ server_info->unix_name,
+ pdb_get_domain(server_info->sam_account),
+ NULL, server_info->ptok, lp_admin_users(snum));
+
ent = &conn->vuid_cache.array[conn->vuid_cache.next_entry];
conn->vuid_cache.next_entry =
@@ -118,22 +124,16 @@ static bool check_user_ok(connection_struct *conn, user_struct *vuser,int snum)
*/
ent->server_info = copy_serverinfo(
- conn,
- conn->force_user ? conn->server_info : vuser->server_info);
+ conn, conn->force_user ? conn->server_info : server_info);
if (ent->server_info == NULL) {
ent->vuid = UID_FIELD_INVALID;
return false;
}
- ent->vuid = vuser->vuid;
+ ent->vuid = vuid;
ent->read_only = readonly_share;
-
- ent->admin_user = token_contains_name_in_list(
- vuser->server_info->unix_name,
- pdb_get_domain(vuser->server_info->sam_account),
- NULL, vuser->server_info->ptok,
- lp_admin_users(SNUM(conn)));
+ ent->admin_user = admin_user;
conn->read_only = ent->read_only;
conn->admin_user = ent->admin_user;
@@ -143,6 +143,28 @@ static bool check_user_ok(connection_struct *conn, user_struct *vuser,int snum)
}
/****************************************************************************
+ Clear a vuid out of the connection's vuid cache
+****************************************************************************/
+
+void conn_clear_vuid_cache(connection_struct *conn, uint16_t vuid)
+{
+ int i;
+
+ for (i=0; i<VUID_CACHE_SIZE; i++) {
+ struct vuid_cache_entry *ent;
+
+ ent = &conn->vuid_cache.array[i];
+
+ if (ent->vuid == vuid) {
+ ent->vuid = UID_FIELD_INVALID;
+ TALLOC_FREE(ent->server_info);
+ ent->read_only = False;
+ ent->admin_user = False;
+ }
+ }
+}
+
+/****************************************************************************
Become the user of a connection number without changing the security context
stack, but modify the current_user entries.
****************************************************************************/
@@ -175,7 +197,7 @@ bool change_to_user(connection_struct *conn, uint16 vuid)
"user\n"));
return(True);
} else if ((current_user.conn == conn) &&
- (vuser != 0) && (current_user.vuid == vuid) &&
+ (vuser != NULL) && (current_user.vuid == vuid) &&
(current_user.ut.uid == vuser->server_info->uid)) {
DEBUG(4,("change_to_user: Skipping user change - already "
"user\n"));
@@ -184,7 +206,7 @@ bool change_to_user(connection_struct *conn, uint16 vuid)
snum = SNUM(conn);
- if ((vuser) && !check_user_ok(conn, vuser, snum)) {
+ if ((vuser) && !check_user_ok(conn, vuid, vuser->server_info, snum)) {
DEBUG(2,("change_to_user: SMB user %s (unix user %s, vuid %d) "
"not permitted access to share %s.\n",
vuser->server_info->sanitized_username,
--
Samba Shared Repository
More information about the samba-cvs
mailing list