[SCM] Samba Shared Repository - branch master updated

Jeremy Allison jra at samba.org
Mon Mar 15 15:50:10 MDT 2010 

The branch, master has been updated
       via  33bd9b4... Remove reference to conn->admin_user in preparation for removal.
       via  b32ce07... Simplify processing of "admin user". If a user is an admin_user ensure their conn token is uid 0.
       via  984eee7... Switch over to using get_currect_XXX() accessor functions.
       via  6b2358e... Pass "connection_struct *conn" into functions that currently use "current_user.XXX"
       via  5d6610a... Add accessor functions for current uid, gid, unix token, NT token and vuid.
       via  1332ce5... We don't need to treat the token differently in the conn->admin_user case, it should already be pointing to a token with uid == 0.
       via  4b85a0e... Rever e80ceb1d7355c8c46a2ed90d5721cf367640f4e8 "Remove more uses of "extern struct current_user current_user;"."
      from  83b9e12... s4-smbtorture: add simple printer rename test to RPC-SPOOLSS-PRINTER.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 33bd9b4bb901d08c3c9479bef0a748bb7f5f5fa7
Author: Jeremy Allison <jra at samba.org>
Date:   Mon Mar 15 12:24:06 2010 -0700

    Remove reference to conn->admin_user in preparation for removal.
    
    We use (uid_t)0 here not sec_initial_uid() as make test uses a single user context.
    I will revisit this when all the uid check changes are complete.
    
    Jeremy.

commit b32ce075f8b5a3a2ab0a72ffed16924cda90f423
Author: Jeremy Allison <jra at samba.org>
Date:   Mon Mar 15 12:18:04 2010 -0700

    Simplify processing of "admin user". If a user is an admin_user ensure their conn token is uid 0.
    
    This simplifies change_to_user() and removes special processing of the assignments
    we pass to set_sec_ctx().
    
    Jeremy.

commit 984eee7e290cd0dd20baf8a531ed9afc142796ff
Author: Jeremy Allison <jra at samba.org>
Date:   Mon Mar 15 12:13:30 2010 -0700

    Switch over to using get_currect_XXX() accessor functions.
    
    Jeremy.

commit 6b2358e15eadf2b137b62669a813eded21aebbc7
Author: Jeremy Allison <jra at samba.org>
Date:   Mon Mar 15 11:04:51 2010 -0700

    Pass "connection_struct *conn" into functions that currently use "current_user.XXX"
    
    Will allow me to replace them with accessor functions.
    
    Jeremy.

commit 5d6610a21580a1d588465ec9f144f5a6daad57cd
Author: Jeremy Allison <jra at samba.org>
Date:   Mon Mar 15 10:45:15 2010 -0700

    Add accessor functions for current uid, gid, unix token, NT token and vuid.
    
    Jeremy.

commit 1332ce52b7b78b9e03e376f312120c0f1d7e302a
Author: Jeremy Allison <jra at samba.org>
Date:   Mon Mar 15 11:03:29 2010 -0700

    We don't need to treat the token differently in the conn->admin_user case, it should already be pointing to a token with uid == 0.
    
    Jeremy.

commit 4b85a0ea7fe036347b9fe5c725e55b043f75ccb4
Author: Jeremy Allison <jra at samba.org>
Date:   Mon Mar 15 10:33:09 2010 -0700

    Rever e80ceb1d7355c8c46a2ed90d5721cf367640f4e8 "Remove more uses of "extern struct current_user current_user;"."
    
    As requested by Volker, split this into smaller commits.
    
    Jeremy.

-----------------------------------------------------------------------

Summary of changes:
 source3/locking/locking.c  |    1 -
 source3/smbd/close.c       |    2 +-
 source3/smbd/dir.c         |   21 +++++++++------------
 source3/smbd/file_access.c |    6 +++---
 source3/smbd/lanman.c      |    6 +++---
 source3/smbd/posix_acls.c  |    2 +-
 source3/smbd/uid.c         |    2 +-
 7 files changed, 18 insertions(+), 22 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/locking/locking.c b/source3/locking/locking.c
index e9826ba..1ada13e 100644
--- a/source3/locking/locking.c
+++ b/source3/locking/locking.c
@@ -1427,7 +1427,6 @@ void set_delete_on_close_lck(struct share_mode_lock *lck, bool delete_on_close,
 
 bool set_delete_on_close(files_struct *fsp, bool delete_on_close, const UNIX_USER_TOKEN *tok)
 {
-	UNIX_USER_TOKEN *tok_copy = NULL;
 	struct share_mode_lock *lck;
 	
 	DEBUG(10,("set_delete_on_close: %s delete on close flag for "
diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index 1530b96..27bc1ce 100644
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -335,7 +335,7 @@ static NTSTATUS close_remove_share_mode(files_struct *fsp,
 			became_user = True;
 		}
 		fsp->delete_on_close = true;
-		set_delete_on_close_lck(lck, True, get_current_utok(fsp->conn));
+		set_delete_on_close_lck(lck, True, get_current_utok(conn));
 		if (became_user) {
 			unbecome_user();
 		}
diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
index 69ebc57..69c5d75 100644
--- a/source3/smbd/dir.c
+++ b/source3/smbd/dir.c
@@ -1127,10 +1127,9 @@ static bool user_can_read_file(connection_struct *conn,
 			       struct smb_filename *smb_fname)
 {
 	/*
-	 * If user is a member of the Admin group
-	 * we never hide files from them.
-	 * Use (uid_t)0 here not sec_initial_uid()
-	 * because of the RAW-SAMBA3HIDE test.
+	 * Never hide files from the root user.
+	 * We use (uid_t)0 here not sec_initial_uid()
+	 * as make test uses a single user context.
 	 */
 
 	if (get_current_uid(conn) == (uid_t)0) {
@@ -1151,10 +1150,9 @@ static bool user_can_write_file(connection_struct *conn,
 				const struct smb_filename *smb_fname)
 {
 	/*
-	 * If user is a member of the Admin group
-	 * we never hide files from them.
-	 * Use (uid_t)0 here not sec_initial_uid()
-	 * because of the RAW-SAMBA3HIDE test.
+	 * Never hide files from the root user.
+	 * We use (uid_t)0 here not sec_initial_uid()
+	 * as make test uses a single user context.
 	 */
 
 	if (get_current_uid(conn) == (uid_t)0) {
@@ -1180,10 +1178,9 @@ static bool file_is_special(connection_struct *conn,
 			    const struct smb_filename *smb_fname)
 {
 	/*
-	 * If user is a member of the Admin group
-	 * we never hide files from them.
-	 * Use (uid_t)0 here not sec_initial_uid()
-	 * because of the RAW-SAMBA3HIDE test.
+	 * Never hide files from the root user.
+	 * We use (uid_t)0 here not sec_initial_uid()
+	 * as make test uses a single user context.
 	 */
 
 	if (get_current_uid(conn) == (uid_t)0) {
diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c
index 5c3089e..065f2b6 100644
--- a/source3/smbd/file_access.c
+++ b/source3/smbd/file_access.c
@@ -51,7 +51,7 @@ bool can_access_file_acl(struct connection_struct *conn,
 		goto out;
 	}
 
-	status = se_access_check(secdesc, conn->server_info->ptok,
+	status = se_access_check(secdesc, get_current_nttok(conn),
 				 access_mask, &access_granted);
 	ret = NT_STATUS_IS_OK(status);
 
@@ -144,9 +144,9 @@ bool can_delete_file_in_directory(connection_struct *conn,
 		 * or the owner of the directory as we have no possible
 		 * chance of deleting. Otherwise, go on and check the ACL.
 		 */
-		if ((conn->server_info->utok.uid !=
+		if ((get_current_uid(conn) !=
 			smb_fname_parent->st.st_ex_uid) &&
-		    (conn->server_info->utok.uid != smb_fname->st.st_ex_uid)) {
+		    (get_current_uid(conn) != smb_fname->st.st_ex_uid)) {
 			DEBUG(10,("can_delete_file_in_directory: not "
 				  "owner of file %s or directory %s",
 				  smb_fname_str_dbg(smb_fname),
diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
index 4c15f13..c97228f 100644
--- a/source3/smbd/lanman.c
+++ b/source3/smbd/lanman.c
@@ -3768,7 +3768,7 @@ static bool api_RNetUserGetInfo(connection_struct *conn, uint16 vuid,
 		}
 		/* modelled after NTAS 3.51 reply */
 		SSVAL(p,usri11_priv,
-			(get_current_uid(conn) == (uid_t)0)?
+			(get_current_uid(conn) == sec_initial_uid())?
 			USER_PRIV_ADMIN:USER_PRIV_USER);
 		SIVAL(p,usri11_auth_flags,AF_OP_PRINT);		/* auth flags */
 		SIVALS(p,usri11_password_age,-1);		/* password age */
@@ -3822,7 +3822,7 @@ static bool api_RNetUserGetInfo(connection_struct *conn, uint16 vuid,
 		memset(p+22,' ',16);	/* password */
 		SIVALS(p,38,-1);		/* password age */
 		SSVAL(p,42,
-			(get_current_uid(conn) == (uid_t)0)?
+			(get_current_uid(conn) == sec_initial_uid())?
 			USER_PRIV_ADMIN:USER_PRIV_USER);
 		SIVAL(p,44,PTR_DIFF(p2,*rdata)); /* home dir */
 		strlcpy(p2, vuser ? pdb_get_homedir(
@@ -3975,7 +3975,7 @@ static bool api_WWkstaUserLogon(connection_struct *conn,uint16 vuid,
 		PACKS(&desc,"B21",name);	/* eff. name */
 		PACKS(&desc,"B","");		/* pad */
 		PACKI(&desc,"W",
-			(get_current_uid(conn) == (uid_t)0)?
+			(get_current_uid(conn) == sec_initial_uid())?
 			USER_PRIV_ADMIN:USER_PRIV_USER);
 		PACKI(&desc,"D",0);		/* auth flags XXX */
 		PACKI(&desc,"W",0);		/* num logons */
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index c00b7bd..c9fdc71 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -2259,7 +2259,7 @@ static void process_deny_list(connection_struct *conn, canon_ace **pp_ace_list )
 
 			/* OR in the group perms. */
 
-			if (uid_entry_in_group(conn,  curr_ace, allow_ace_p))
+			if (uid_entry_in_group(conn, curr_ace, allow_ace_p))
 				curr_ace->perms |= allow_ace_p->perms;
 		}
 	}
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index 3bf5a7e..9dc354b 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -284,7 +284,7 @@ bool change_to_user(connection_struct *conn, uint16 vuid)
 	/* security = share sets force_user. */
 	if (!conn->force_user && !vuser) {
 		DEBUG(2,("change_to_user: Invalid vuid used %d in accessing "
-			 "share %s.\n",vuid, lp_servicename(snum) ));
+			"share %s.\n",vuid, lp_servicename(snum) ));
 		return False;
 	}
 


-- 
Samba Shared Repository

More information about the samba-cvs mailing list