[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Fri Mar 12 15:00:09 MST 2010
The branch, master has been updated
via e80ceb1... Remove more uses of "extern struct current_user current_user;".
from 31b0417... s4:provision.py - small output improvement
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit e80ceb1d7355c8c46a2ed90d5721cf367640f4e8
Author: Jeremy Allison <jra at samba.org>
Date: Fri Mar 12 13:56:51 2010 -0800
Remove more uses of "extern struct current_user current_user;".
Use accessor functions to get to this value. Tidies up much of
the user context code. Volker, please look at the changes in smbd/uid.c
to familiarize yourself with these changes as I think they make the
logic in there cleaner.
Cause smbd/posix_acls.c code to look at current user context, not
stored context on the conn struct - allows correct use of these
function calls under a become_root()/unbecome_root() pair.
Jeremy.
-----------------------------------------------------------------------
Summary of changes:
source3/include/proto.h | 7 +++-
source3/locking/locking.c | 10 ------
source3/modules/nfs4_acls.c | 2 +-
source3/smbd/close.c | 12 +++----
source3/smbd/dir.c | 13 ++++++--
source3/smbd/file_access.c | 8 ++--
source3/smbd/lanman.c | 11 +++++--
source3/smbd/open.c | 6 ++--
source3/smbd/posix_acls.c | 66 ++++++++++++++++++++------------------
source3/smbd/uid.c | 74 +++++++++++++++++++++++++++++++++---------
10 files changed, 130 insertions(+), 79 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/proto.h b/source3/include/proto.h
index f6a4385..5b4304d 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -6752,7 +6752,7 @@ uint32_t map_canon_ace_perms(int snum,
enum security_ace_type *pacl_type,
mode_t perms,
bool directory_ace);
-NTSTATUS unpack_nt_owners(int snum, uid_t *puser, gid_t *pgrp, uint32 security_info_sent, const SEC_DESC *psd);
+NTSTATUS unpack_nt_owners(connection_struct *conn, uid_t *puser, gid_t *pgrp, uint32 security_info_sent, const SEC_DESC *psd);
SMB_ACL_T free_empty_sys_acl(connection_struct *conn, SMB_ACL_T the_acl);
NTSTATUS posix_fget_nt_acl(struct files_struct *fsp, uint32_t security_info,
SEC_DESC **ppdesc);
@@ -7116,6 +7116,11 @@ void become_root(void);
void unbecome_root(void);
bool become_user(connection_struct *conn, uint16 vuid);
bool unbecome_user(void);
+uid_t get_current_uid(connection_struct *conn);
+gid_t get_current_gid(connection_struct *conn);
+const UNIX_USER_TOKEN *get_current_utok(connection_struct *conn);
+const NT_USER_TOKEN *get_current_nttok(connection_struct *conn);
+uint16_t get_current_vuid(connection_struct *conn);
/* The following definitions come from smbd/utmp.c */
diff --git a/source3/locking/locking.c b/source3/locking/locking.c
index 6f1bc8c..e9826ba 100644
--- a/source3/locking/locking.c
+++ b/source3/locking/locking.c
@@ -1441,16 +1441,6 @@ bool set_delete_on_close(files_struct *fsp, bool delete_on_close, const UNIX_USE
return False;
}
- if (fsp->conn->admin_user) {
- tok_copy = copy_unix_token(lck, tok);
- if (tok_copy == NULL) {
- TALLOC_FREE(lck);
- return false;
- }
- tok_copy->uid = (uid_t)0;
- tok = tok_copy;
- }
-
set_delete_on_close_lck(lck, delete_on_close, tok);
if (fsp->is_directory) {
diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c
index 658f2b4..80bd65f 100644
--- a/source3/modules/nfs4_acls.c
+++ b/source3/modules/nfs4_acls.c
@@ -751,7 +751,7 @@ NTSTATUS smb_set_nt_acl_nfs4(files_struct *fsp,
if (params.do_chown) {
/* chown logic is a copy/paste from posix_acl.c:set_nt_acl */
- NTSTATUS status = unpack_nt_owners(SNUM(fsp->conn), &newUID, &newGID, security_info_sent, psd);
+ NTSTATUS status = unpack_nt_owners(fsp->conn, &newUID, &newGID, security_info_sent, psd);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(8, ("unpack_nt_owners failed"));
return status;
diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index ca1ac47..1530b96 100644
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -21,8 +21,6 @@
#include "includes.h"
-extern struct current_user current_user;
-
/****************************************************************************
Run a file if it is a magic script.
****************************************************************************/
@@ -332,12 +330,12 @@ static NTSTATUS close_remove_share_mode(files_struct *fsp,
/* Initial delete on close was set and no one else
* wrote a real delete on close. */
- if (current_user.vuid != fsp->vuid) {
+ if (get_current_vuid(conn) != fsp->vuid) {
become_user(conn, fsp->vuid);
became_user = True;
}
fsp->delete_on_close = true;
- set_delete_on_close_lck(lck, True, ¤t_user.ut);
+ set_delete_on_close_lck(lck, True, get_current_utok(fsp->conn));
if (became_user) {
unbecome_user();
}
@@ -389,7 +387,7 @@ static NTSTATUS close_remove_share_mode(files_struct *fsp,
*/
fsp->update_write_time_on_close = false;
- if (!unix_token_equal(lck->delete_token, ¤t_user.ut)) {
+ if (!unix_token_equal(lck->delete_token, get_current_utok(conn))) {
/* Become the user who requested the delete. */
DEBUG(5,("close_remove_share_mode: file %s. "
@@ -955,12 +953,12 @@ static NTSTATUS close_directory(struct smb_request *req, files_struct *fsp,
* directories we don't care if anyone else
* wrote a real delete on close. */
- if (current_user.vuid != fsp->vuid) {
+ if (get_current_vuid(fsp->conn) != fsp->vuid) {
become_user(fsp->conn, fsp->vuid);
became_user = True;
}
send_stat_cache_delete_message(fsp->fsp_name->base_name);
- set_delete_on_close_lck(lck, True, ¤t_user.ut);
+ set_delete_on_close_lck(lck, True, get_current_utok(fsp->conn));
fsp->delete_on_close = true;
if (became_user) {
unbecome_user();
diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
index b1e9734..69ebc57 100644
--- a/source3/smbd/dir.c
+++ b/source3/smbd/dir.c
@@ -1129,9 +1129,11 @@ static bool user_can_read_file(connection_struct *conn,
/*
* If user is a member of the Admin group
* we never hide files from them.
+ * Use (uid_t)0 here not sec_initial_uid()
+ * because of the RAW-SAMBA3HIDE test.
*/
- if (conn->admin_user) {
+ if (get_current_uid(conn) == (uid_t)0) {
return True;
}
@@ -1151,9 +1153,11 @@ static bool user_can_write_file(connection_struct *conn,
/*
* If user is a member of the Admin group
* we never hide files from them.
+ * Use (uid_t)0 here not sec_initial_uid()
+ * because of the RAW-SAMBA3HIDE test.
*/
- if (conn->admin_user) {
+ if (get_current_uid(conn) == (uid_t)0) {
return True;
}
@@ -1178,10 +1182,13 @@ static bool file_is_special(connection_struct *conn,
/*
* If user is a member of the Admin group
* we never hide files from them.
+ * Use (uid_t)0 here not sec_initial_uid()
+ * because of the RAW-SAMBA3HIDE test.
*/
- if (conn->admin_user)
+ if (get_current_uid(conn) == (uid_t)0) {
return False;
+ }
SMB_ASSERT(VALID_STAT(smb_fname->st));
diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c
index 631efce..5c3089e 100644
--- a/source3/smbd/file_access.c
+++ b/source3/smbd/file_access.c
@@ -35,7 +35,7 @@ bool can_access_file_acl(struct connection_struct *conn,
struct security_descriptor *secdesc = NULL;
bool ret;
- if (conn->server_info->utok.uid == 0 || conn->admin_user) {
+ if (get_current_uid(conn) == (uid_t)0) {
/* I'm sorry sir, I didn't know you were root... */
return true;
}
@@ -111,7 +111,7 @@ bool can_delete_file_in_directory(connection_struct *conn,
ret = false;
goto out;
}
- if (conn->server_info->utok.uid == 0 || conn->admin_user) {
+ if (get_current_uid(conn) == (uid_t)0) {
/* I'm sorry sir, I didn't know you were root... */
ret = true;
goto out;
@@ -195,7 +195,7 @@ bool can_access_file_data(connection_struct *conn,
DEBUG(10,("can_access_file_data: requesting 0x%x on file %s\n",
(unsigned int)access_mask, smb_fname_str_dbg(smb_fname)));
- if (conn->server_info->utok.uid == 0 || conn->admin_user) {
+ if (get_current_uid(conn) == (uid_t)0) {
/* I'm sorry sir, I didn't know you were root... */
return True;
}
@@ -203,7 +203,7 @@ bool can_access_file_data(connection_struct *conn,
SMB_ASSERT(VALID_STAT(smb_fname->st));
/* Check primary owner access. */
- if (conn->server_info->utok.uid == smb_fname->st.st_ex_uid) {
+ if (get_current_uid(conn) == smb_fname->st.st_ex_uid) {
switch (access_mask) {
case FILE_READ_DATA:
return (smb_fname->st.st_ex_mode & S_IRUSR) ?
diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
index 4c94774..4c15f13 100644
--- a/source3/smbd/lanman.c
+++ b/source3/smbd/lanman.c
@@ -3767,7 +3767,9 @@ static bool api_RNetUserGetInfo(connection_struct *conn, uint16 vuid,
vuser->server_info->sam_account);
}
/* modelled after NTAS 3.51 reply */
- SSVAL(p,usri11_priv,conn->admin_user?USER_PRIV_ADMIN:USER_PRIV_USER);
+ SSVAL(p,usri11_priv,
+ (get_current_uid(conn) == (uid_t)0)?
+ USER_PRIV_ADMIN:USER_PRIV_USER);
SIVAL(p,usri11_auth_flags,AF_OP_PRINT); /* auth flags */
SIVALS(p,usri11_password_age,-1); /* password age */
SIVAL(p,usri11_homedir,PTR_DIFF(p2,p)); /* home dir */
@@ -3820,7 +3822,8 @@ static bool api_RNetUserGetInfo(connection_struct *conn, uint16 vuid,
memset(p+22,' ',16); /* password */
SIVALS(p,38,-1); /* password age */
SSVAL(p,42,
- conn->admin_user?USER_PRIV_ADMIN:USER_PRIV_USER);
+ (get_current_uid(conn) == (uid_t)0)?
+ USER_PRIV_ADMIN:USER_PRIV_USER);
SIVAL(p,44,PTR_DIFF(p2,*rdata)); /* home dir */
strlcpy(p2, vuser ? pdb_get_homedir(
vuser->server_info->sam_account) : "",
@@ -3971,7 +3974,9 @@ static bool api_WWkstaUserLogon(connection_struct *conn,uint16 vuid,
PACKI(&desc,"W",0); /* code */
PACKS(&desc,"B21",name); /* eff. name */
PACKS(&desc,"B",""); /* pad */
- PACKI(&desc,"W", conn->admin_user?USER_PRIV_ADMIN:USER_PRIV_USER);
+ PACKI(&desc,"W",
+ (get_current_uid(conn) == (uid_t)0)?
+ USER_PRIV_ADMIN:USER_PRIV_USER);
PACKI(&desc,"D",0); /* auth flags XXX */
PACKI(&desc,"W",0); /* num logons */
PACKI(&desc,"W",0); /* bad pw count */
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index fd9796d..3eb727f 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -76,7 +76,7 @@ NTSTATUS smbd_check_open_rights(struct connection_struct *conn,
*access_granted = 0;
- if (conn->server_info->utok.uid == 0 || conn->admin_user) {
+ if (get_current_uid(conn) == (uid_t)0) {
/* I'm sorry sir, I didn't know you were root... */
*access_granted = access_mask;
if (access_mask & SEC_FLAG_MAXIMUM_ALLOWED) {
@@ -2173,7 +2173,7 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn,
new_file_created = True;
}
- set_share_mode(lck, fsp, conn->server_info->utok.uid, 0,
+ set_share_mode(lck, fsp, get_current_uid(conn), 0,
fsp->oplock_type);
/* Handle strange delete on close create semantics. */
@@ -2638,7 +2638,7 @@ static NTSTATUS open_directory(connection_struct *conn,
return status;
}
- set_share_mode(lck, fsp, conn->server_info->utok.uid, 0, NO_OPLOCK);
+ set_share_mode(lck, fsp, get_current_uid(conn), 0, NO_OPLOCK);
/* For directories the delete on close bit at open time seems
always to be honored on close... See test 19 in Samba4 BASE-DELETE. */
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 2fb7b77..c00b7bd 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -21,7 +21,6 @@
#include "includes.h"
-extern struct current_user current_user;
extern const struct generic_mapping file_generic_mapping;
#undef DBGC_CLASS
@@ -1168,7 +1167,9 @@ static mode_t map_nt_perms( uint32 *mask, int type)
Unpack a SEC_DESC into a UNIX owner and group.
****************************************************************************/
-NTSTATUS unpack_nt_owners(int snum, uid_t *puser, gid_t *pgrp, uint32 security_info_sent, const SEC_DESC *psd)
+NTSTATUS unpack_nt_owners(struct connection_struct *conn,
+ uid_t *puser, gid_t *pgrp,
+ uint32 security_info_sent, const SEC_DESC *psd)
{
DOM_SID owner_sid;
DOM_SID grp_sid;
@@ -1198,10 +1199,10 @@ NTSTATUS unpack_nt_owners(int snum, uid_t *puser, gid_t *pgrp, uint32 security_i
if (security_info_sent & OWNER_SECURITY_INFORMATION) {
sid_copy(&owner_sid, psd->owner_sid);
if (!sid_to_uid(&owner_sid, puser)) {
- if (lp_force_unknown_acl_user(snum)) {
+ if (lp_force_unknown_acl_user(SNUM(conn))) {
/* this allows take ownership to work
* reasonably */
- *puser = current_user.ut.uid;
+ *puser = get_current_uid(conn);
} else {
DEBUG(3,("unpack_nt_owners: unable to validate"
" owner sid for %s\n",
@@ -1221,10 +1222,10 @@ NTSTATUS unpack_nt_owners(int snum, uid_t *puser, gid_t *pgrp, uint32 security_i
if (security_info_sent & GROUP_SECURITY_INFORMATION) {
sid_copy(&grp_sid, psd->group_sid);
if (!sid_to_gid( &grp_sid, pgrp)) {
- if (lp_force_unknown_acl_user(snum)) {
+ if (lp_force_unknown_acl_user(SNUM(conn))) {
/* this allows take group ownership to work
* reasonably */
- *pgrp = current_user.ut.gid;
+ *pgrp = get_current_gid(conn);
} else {
DEBUG(3,("unpack_nt_owners: unable to validate"
" group sid.\n"));
@@ -1289,7 +1290,7 @@ static void apply_default_perms(const struct share_params *params,
expensive and will need optimisation. A *lot* of optimisation :-). JRA.
****************************************************************************/
-static bool uid_entry_in_group( canon_ace *uid_ace, canon_ace *group_ace )
+static bool uid_entry_in_group(connection_struct *conn, canon_ace *uid_ace, canon_ace *group_ace )
{
const char *u_name = NULL;
@@ -1302,15 +1303,17 @@ static bool uid_entry_in_group( canon_ace *uid_ace, canon_ace *group_ace )
* if it's the current user, we already have the unix token
* and don't need to do the complex user_in_group_sid() call
*/
- if (uid_ace->unix_ug.uid == current_user.ut.uid) {
+ if (uid_ace->unix_ug.uid == get_current_uid(conn)) {
+ const UNIX_USER_TOKEN *curr_utok = NULL;
size_t i;
- if (group_ace->unix_ug.gid == current_user.ut.gid) {
+ if (group_ace->unix_ug.gid == get_current_gid(conn)) {
return True;
}
- for (i=0; i < current_user.ut.ngroups; i++) {
- if (group_ace->unix_ug.gid == current_user.ut.groups[i]) {
+ curr_utok = get_current_utok(conn);
+ for (i=0; i < curr_utok->ngroups; i++) {
+ if (group_ace->unix_ug.gid == curr_utok->groups[i]) {
return True;
}
}
@@ -1341,7 +1344,7 @@ static bool uid_entry_in_group( canon_ace *uid_ace, canon_ace *group_ace )
type.
****************************************************************************/
-static bool ensure_canon_entry_valid(canon_ace **pp_ace,
+static bool ensure_canon_entry_valid(connection_struct *conn, canon_ace **pp_ace,
const struct share_params *params,
const bool is_directory,
const DOM_SID *pfile_owner_sid,
@@ -1407,7 +1410,7 @@ static bool ensure_canon_entry_valid(canon_ace **pp_ace,
for (pace_iter = *pp_ace; pace_iter; pace_iter = pace_iter->next) {
if (pace_iter->type == SMB_ACL_GROUP_OBJ || pace_iter->type == SMB_ACL_GROUP) {
- if (uid_entry_in_group(pace, pace_iter)) {
+ if (uid_entry_in_group(conn, pace, pace_iter)) {
pace->perms |= pace_iter->perms;
group_matched = True;
}
@@ -2057,7 +2060,7 @@ static bool create_canon_ace_lists(files_struct *fsp,
allow entries.
****************************************************************************/
-static void process_deny_list( canon_ace **pp_ace_list )
+static void process_deny_list(connection_struct *conn, canon_ace **pp_ace_list )
{
canon_ace *ace_list = *pp_ace_list;
canon_ace *curr_ace = NULL;
@@ -2162,7 +2165,7 @@ static void process_deny_list( canon_ace **pp_ace_list )
if (allow_ace_p->owner_type == UID_ACE)
continue;
- if (uid_entry_in_group( curr_ace, allow_ace_p))
+ if (uid_entry_in_group(conn, curr_ace, allow_ace_p))
new_perms |= allow_ace_p->perms;
}
@@ -2206,7 +2209,7 @@ static void process_deny_list( canon_ace **pp_ace_list )
/* Mask off the deny group perms. */
- if (uid_entry_in_group( allow_ace_p, curr_ace))
+ if (uid_entry_in_group(conn, allow_ace_p, curr_ace))
allow_ace_p->perms &= ~curr_ace->perms;
}
@@ -2256,7 +2259,7 @@ static void process_deny_list( canon_ace **pp_ace_list )
/* OR in the group perms. */
- if (uid_entry_in_group( curr_ace, allow_ace_p))
+ if (uid_entry_in_group(conn, curr_ace, allow_ace_p))
curr_ace->perms |= allow_ace_p->perms;
}
}
@@ -2368,10 +2371,10 @@ static bool unpack_canon_ace(files_struct *fsp,
*/
print_canon_ace_list( "file ace - before deny", file_ace);
- process_deny_list( &file_ace);
+ process_deny_list(fsp->conn, &file_ace);
print_canon_ace_list( "dir ace - before deny", dir_ace);
- process_deny_list( &dir_ace);
+ process_deny_list(fsp->conn, &dir_ace);
/*
* A well formed POSIX file or default ACL has at least 3 entries, a
@@ -2390,7 +2393,7 @@ static bool unpack_canon_ace(files_struct *fsp,
st.st_ex_mode = create_default_mode(fsp, False);
- if (!ensure_canon_entry_valid(&file_ace, fsp->conn->params,
+ if (!ensure_canon_entry_valid(fsp->conn, &file_ace, fsp->conn->params,
fsp->is_directory, pfile_owner_sid, pfile_grp_sid, &st, True)) {
free_canon_ace_list(file_ace);
free_canon_ace_list(dir_ace);
@@ -2407,7 +2410,7 @@ static bool unpack_canon_ace(files_struct *fsp,
st.st_ex_mode = create_default_mode(fsp, True);
- if (dir_ace && !ensure_canon_entry_valid(&dir_ace, fsp->conn->params,
+ if (dir_ace && !ensure_canon_entry_valid(fsp->conn, &dir_ace, fsp->conn->params,
fsp->is_directory, pfile_owner_sid, pfile_grp_sid, &st, True)) {
free_canon_ace_list(file_ace);
free_canon_ace_list(dir_ace);
@@ -2592,7 +2595,7 @@ static canon_ace *canonicalise_acl(struct connection_struct *conn,
* This next call will ensure we have at least a user/group/world set.
*/
- if (!ensure_canon_entry_valid(&l_head, conn->params,
+ if (!ensure_canon_entry_valid(conn, &l_head, conn->params,
S_ISDIR(psbuf->st_ex_mode), powner, pgroup,
psbuf, False))
goto fail;
@@ -2636,12 +2639,13 @@ static canon_ace *canonicalise_acl(struct connection_struct *conn,
Check if the current user group list contains a given group.
****************************************************************************/
-static bool current_user_in_group(gid_t gid)
+static bool current_user_in_group(connection_struct *conn, gid_t gid)
{
int i;
+ const UNIX_USER_TOKEN *utok = get_current_utok(conn);
- for (i = 0; i < current_user.ut.ngroups; i++) {
- if (current_user.ut.groups[i] == gid) {
+ for (i = 0; i < utok->ngroups; i++) {
+ if (utok->groups[i] == gid) {
return True;
}
}
@@ -2662,7 +2666,7 @@ static bool acl_group_override(connection_struct *conn,
/* file primary group == user primary or supplementary group */
if (lp_acl_group_control(SNUM(conn)) &&
- current_user_in_group(smb_fname->st.st_ex_gid)) {
+ current_user_in_group(conn, smb_fname->st.st_ex_gid)) {
return true;
}
@@ -3540,13 +3544,13 @@ int try_chown(connection_struct *conn, struct smb_filename *smb_fname,
/* Case (2) / (3) */
if (lp_enable_privileges()) {
- bool has_take_ownership_priv = user_has_privileges(current_user.nt_user_token,
+ bool has_take_ownership_priv = user_has_privileges(get_current_nttok(conn),
&se_take_ownership);
- bool has_restore_priv = user_has_privileges(current_user.nt_user_token,
+ bool has_restore_priv = user_has_privileges(get_current_nttok(conn),
&se_restore);
/* Case (2) */
- if ( ( has_take_ownership_priv && ( uid == current_user.ut.uid ) ) ||
+ if ( ( has_take_ownership_priv && ( uid == get_current_uid(conn) ) ) ||
/* Case (3) */
( has_restore_priv ) ) {
@@ -3574,7 +3578,7 @@ int try_chown(connection_struct *conn, struct smb_filename *smb_fname,
and also copes with the case where the SID in a take ownership ACL is
a local SID on the users workstation
*/
- if (uid != current_user.ut.uid) {
+ if (uid != get_current_uid(conn)) {
errno = EPERM;
return -1;
}
@@ -3860,7 +3864,7 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const SEC_DESC
* Unpack the user/group/world id's.
*/
- status = unpack_nt_owners( SNUM(conn), &user, &grp, security_info_sent, psd);
+ status = unpack_nt_owners( conn, &user, &grp, security_info_sent, psd);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index 2ec50cd..3bf5a7e 100644
--
Samba Shared Repository
More information about the samba-cvs
mailing list