[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Mon Mar 15 15:50:10 MDT 2010
The branch, master has been updated
via 33bd9b4... Remove reference to conn->admin_user in preparation for removal.
via b32ce07... Simplify processing of "admin user". If a user is an admin_user ensure their conn token is uid 0.
via 984eee7... Switch over to using get_currect_XXX() accessor functions.
via 6b2358e... Pass "connection_struct *conn" into functions that currently use "current_user.XXX"
via 5d6610a... Add accessor functions for current uid, gid, unix token, NT token and vuid.
via 1332ce5... We don't need to treat the token differently in the conn->admin_user case, it should already be pointing to a token with uid == 0.
via 4b85a0e... Rever e80ceb1d7355c8c46a2ed90d5721cf367640f4e8 "Remove more uses of "extern struct current_user current_user;"."
from 83b9e12... s4-smbtorture: add simple printer rename test to RPC-SPOOLSS-PRINTER.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 33bd9b4bb901d08c3c9479bef0a748bb7f5f5fa7
Author: Jeremy Allison <jra at samba.org>
Date: Mon Mar 15 12:24:06 2010 -0700
Remove reference to conn->admin_user in preparation for removal.
We use (uid_t)0 here not sec_initial_uid() as make test uses a single user context.
I will revisit this when all the uid check changes are complete.
Jeremy.
commit b32ce075f8b5a3a2ab0a72ffed16924cda90f423
Author: Jeremy Allison <jra at samba.org>
Date: Mon Mar 15 12:18:04 2010 -0700
Simplify processing of "admin user". If a user is an admin_user ensure their conn token is uid 0.
This simplifies change_to_user() and removes special processing of the assignments
we pass to set_sec_ctx().
Jeremy.
commit 984eee7e290cd0dd20baf8a531ed9afc142796ff
Author: Jeremy Allison <jra at samba.org>
Date: Mon Mar 15 12:13:30 2010 -0700
Switch over to using get_currect_XXX() accessor functions.
Jeremy.
commit 6b2358e15eadf2b137b62669a813eded21aebbc7
Author: Jeremy Allison <jra at samba.org>
Date: Mon Mar 15 11:04:51 2010 -0700
Pass "connection_struct *conn" into functions that currently use "current_user.XXX"
Will allow me to replace them with accessor functions.
Jeremy.
commit 5d6610a21580a1d588465ec9f144f5a6daad57cd
Author: Jeremy Allison <jra at samba.org>
Date: Mon Mar 15 10:45:15 2010 -0700
Add accessor functions for current uid, gid, unix token, NT token and vuid.
Jeremy.
commit 1332ce52b7b78b9e03e376f312120c0f1d7e302a
Author: Jeremy Allison <jra at samba.org>
Date: Mon Mar 15 11:03:29 2010 -0700
We don't need to treat the token differently in the conn->admin_user case, it should already be pointing to a token with uid == 0.
Jeremy.
commit 4b85a0ea7fe036347b9fe5c725e55b043f75ccb4
Author: Jeremy Allison <jra at samba.org>
Date: Mon Mar 15 10:33:09 2010 -0700
Rever e80ceb1d7355c8c46a2ed90d5721cf367640f4e8 "Remove more uses of "extern struct current_user current_user;"."
As requested by Volker, split this into smaller commits.
Jeremy.
-----------------------------------------------------------------------
Summary of changes:
source3/locking/locking.c | 1 -
source3/smbd/close.c | 2 +-
source3/smbd/dir.c | 21 +++++++++------------
source3/smbd/file_access.c | 6 +++---
source3/smbd/lanman.c | 6 +++---
source3/smbd/posix_acls.c | 2 +-
source3/smbd/uid.c | 2 +-
7 files changed, 18 insertions(+), 22 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/locking/locking.c b/source3/locking/locking.c
index e9826ba..1ada13e 100644
--- a/source3/locking/locking.c
+++ b/source3/locking/locking.c
@@ -1427,7 +1427,6 @@ void set_delete_on_close_lck(struct share_mode_lock *lck, bool delete_on_close,
bool set_delete_on_close(files_struct *fsp, bool delete_on_close, const UNIX_USER_TOKEN *tok)
{
- UNIX_USER_TOKEN *tok_copy = NULL;
struct share_mode_lock *lck;
DEBUG(10,("set_delete_on_close: %s delete on close flag for "
diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index 1530b96..27bc1ce 100644
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -335,7 +335,7 @@ static NTSTATUS close_remove_share_mode(files_struct *fsp,
became_user = True;
}
fsp->delete_on_close = true;
- set_delete_on_close_lck(lck, True, get_current_utok(fsp->conn));
+ set_delete_on_close_lck(lck, True, get_current_utok(conn));
if (became_user) {
unbecome_user();
}
diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
index 69ebc57..69c5d75 100644
--- a/source3/smbd/dir.c
+++ b/source3/smbd/dir.c
@@ -1127,10 +1127,9 @@ static bool user_can_read_file(connection_struct *conn,
struct smb_filename *smb_fname)
{
/*
- * If user is a member of the Admin group
- * we never hide files from them.
- * Use (uid_t)0 here not sec_initial_uid()
- * because of the RAW-SAMBA3HIDE test.
+ * Never hide files from the root user.
+ * We use (uid_t)0 here not sec_initial_uid()
+ * as make test uses a single user context.
*/
if (get_current_uid(conn) == (uid_t)0) {
@@ -1151,10 +1150,9 @@ static bool user_can_write_file(connection_struct *conn,
const struct smb_filename *smb_fname)
{
/*
- * If user is a member of the Admin group
- * we never hide files from them.
- * Use (uid_t)0 here not sec_initial_uid()
- * because of the RAW-SAMBA3HIDE test.
+ * Never hide files from the root user.
+ * We use (uid_t)0 here not sec_initial_uid()
+ * as make test uses a single user context.
*/
if (get_current_uid(conn) == (uid_t)0) {
@@ -1180,10 +1178,9 @@ static bool file_is_special(connection_struct *conn,
const struct smb_filename *smb_fname)
{
/*
- * If user is a member of the Admin group
- * we never hide files from them.
- * Use (uid_t)0 here not sec_initial_uid()
- * because of the RAW-SAMBA3HIDE test.
+ * Never hide files from the root user.
+ * We use (uid_t)0 here not sec_initial_uid()
+ * as make test uses a single user context.
*/
if (get_current_uid(conn) == (uid_t)0) {
diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c
index 5c3089e..065f2b6 100644
--- a/source3/smbd/file_access.c
+++ b/source3/smbd/file_access.c
@@ -51,7 +51,7 @@ bool can_access_file_acl(struct connection_struct *conn,
goto out;
}
- status = se_access_check(secdesc, conn->server_info->ptok,
+ status = se_access_check(secdesc, get_current_nttok(conn),
access_mask, &access_granted);
ret = NT_STATUS_IS_OK(status);
@@ -144,9 +144,9 @@ bool can_delete_file_in_directory(connection_struct *conn,
* or the owner of the directory as we have no possible
* chance of deleting. Otherwise, go on and check the ACL.
*/
- if ((conn->server_info->utok.uid !=
+ if ((get_current_uid(conn) !=
smb_fname_parent->st.st_ex_uid) &&
- (conn->server_info->utok.uid != smb_fname->st.st_ex_uid)) {
+ (get_current_uid(conn) != smb_fname->st.st_ex_uid)) {
DEBUG(10,("can_delete_file_in_directory: not "
"owner of file %s or directory %s",
smb_fname_str_dbg(smb_fname),
diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
index 4c15f13..c97228f 100644
--- a/source3/smbd/lanman.c
+++ b/source3/smbd/lanman.c
@@ -3768,7 +3768,7 @@ static bool api_RNetUserGetInfo(connection_struct *conn, uint16 vuid,
}
/* modelled after NTAS 3.51 reply */
SSVAL(p,usri11_priv,
- (get_current_uid(conn) == (uid_t)0)?
+ (get_current_uid(conn) == sec_initial_uid())?
USER_PRIV_ADMIN:USER_PRIV_USER);
SIVAL(p,usri11_auth_flags,AF_OP_PRINT); /* auth flags */
SIVALS(p,usri11_password_age,-1); /* password age */
@@ -3822,7 +3822,7 @@ static bool api_RNetUserGetInfo(connection_struct *conn, uint16 vuid,
memset(p+22,' ',16); /* password */
SIVALS(p,38,-1); /* password age */
SSVAL(p,42,
- (get_current_uid(conn) == (uid_t)0)?
+ (get_current_uid(conn) == sec_initial_uid())?
USER_PRIV_ADMIN:USER_PRIV_USER);
SIVAL(p,44,PTR_DIFF(p2,*rdata)); /* home dir */
strlcpy(p2, vuser ? pdb_get_homedir(
@@ -3975,7 +3975,7 @@ static bool api_WWkstaUserLogon(connection_struct *conn,uint16 vuid,
PACKS(&desc,"B21",name); /* eff. name */
PACKS(&desc,"B",""); /* pad */
PACKI(&desc,"W",
- (get_current_uid(conn) == (uid_t)0)?
+ (get_current_uid(conn) == sec_initial_uid())?
USER_PRIV_ADMIN:USER_PRIV_USER);
PACKI(&desc,"D",0); /* auth flags XXX */
PACKI(&desc,"W",0); /* num logons */
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index c00b7bd..c9fdc71 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -2259,7 +2259,7 @@ static void process_deny_list(connection_struct *conn, canon_ace **pp_ace_list )
/* OR in the group perms. */
- if (uid_entry_in_group(conn, curr_ace, allow_ace_p))
+ if (uid_entry_in_group(conn, curr_ace, allow_ace_p))
curr_ace->perms |= allow_ace_p->perms;
}
}
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index 3bf5a7e..9dc354b 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -284,7 +284,7 @@ bool change_to_user(connection_struct *conn, uint16 vuid)
/* security = share sets force_user. */
if (!conn->force_user && !vuser) {
DEBUG(2,("change_to_user: Invalid vuid used %d in accessing "
- "share %s.\n",vuid, lp_servicename(snum) ));
+ "share %s.\n",vuid, lp_servicename(snum) ));
return False;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list