Changeset 988 for vendor/current/source4/ntvfs/unixuid

Timestamp:

Nov 24, 2016, 1:14:11 PM (9 years ago)

Author:

Silvan Scherrer

Message:

Samba Server: update vendor to version 4.4.3

Location:

vendor/current/source4/ntvfs/unixuid

Files:

• vfs_unixuid.c (modified) (11 diffs)
• wscript_build (modified) (1 diff)

vendor/current/source4/ntvfs/unixuid/vfs_unixuid.c

@@ -29 +29 @@
 #define TEVENT_DEPRECATED
 #include <tevent.h>
-
-#if defined(UID_WRAPPER)
-#if !defined(UID_WRAPPER_REPLACE) && !defined(UID_WRAPPER_NOT_REPLACE)
-#define UID_WRAPPER_REPLACE
-#include "../uid_wrapper/uid_wrapper.h"
-#endif
-#else
-#define uwrap_enabled() 0
-#endif
-
+#include "../lib/util/setid.h"
+
+NTSTATUS ntvfs_unixuid_init(void);
 
 struct unixuid_private {
-        struct wbc_context *wbc_ctx;
-        struct unix_sec_ctx *last_sec_ctx;
+        struct security_unix_token *last_sec_ctx;
         struct security_token *last_token;
 };
 
 
-
-struct unix_sec_ctx {
-        uid_t uid;
-        gid_t gid;
-        unsigned int ngroups;
-        gid_t *groups;
-};
-
-/*
-  pull the current security context into a unix_sec_ctx
-*/
-static struct unix_sec_ctx *save_unix_security(TALLOC_CTX *mem_ctx)
-{
-        struct unix_sec_ctx *sec = talloc(mem_ctx, struct unix_sec_ctx);
+/*
+  pull the current security context into a security_unix_token
+*/
+static struct security_unix_token *save_unix_security(TALLOC_CTX *mem_ctx)
+{
+        struct security_unix_token *sec = talloc(mem_ctx, struct security_unix_token);
         if (sec == NULL) {
                 return NULL;
@@ -86 +70 @@
 
 /*
-  set the current security context from a unix_sec_ctx
-*/
-static NTSTATUS set_unix_security(struct unix_sec_ctx *sec)
-{
-        seteuid(0);
-
-        if (setgroups(sec->ngroups, sec->groups) != 0) {
+  set the current security context from a security_unix_token
+*/
+static NTSTATUS set_unix_security(struct security_unix_token *sec)
+{
+        samba_seteuid(0);
+
+        if (samba_setgroups(sec->ngroups, sec->groups) != 0) {
+                DBG_ERR("*** samba_setgroups failed\n");
                 return NT_STATUS_ACCESS_DENIED;
         }
-        if (setegid(sec->gid) != 0) {
+        if (samba_setegid(sec->gid) != 0) {
+                DBG_ERR("*** samba_setegid(%u) failed\n", sec->gid);
                 return NT_STATUS_ACCESS_DENIED;
         }
-        if (seteuid(sec->uid) != 0) {
+        if (samba_seteuid(sec->uid) != 0) {
+                DBG_ERR("*** samba_seteuid(%u) failed\n", sec->uid);
                 return NT_STATUS_ACCESS_DENIED;
         }
@@ -117 +104 @@
                                       const char *location)
 {
-        struct unix_sec_ctx *sec_ctx;
+        struct security_unix_token *sec_ctx;
 
         if (unixuid_nesting_level == 0) {
@@ -131 +118 @@
                         return -1;
                 }
-                *(struct unix_sec_ctx **)stack_ptr = sec_ctx;
-                if (seteuid(0) != 0 || setegid(0) != 0) {
+                *(struct security_unix_token **)stack_ptr = sec_ctx;
+                if (samba_seteuid(0) != 0 || samba_setegid(0) != 0) {
                         DEBUG(0,("%s: Failed to change to root\n", location));
                         return -1;                      
@@ -140 +127 @@
                 NTSTATUS status;
 
-                sec_ctx = *(struct unix_sec_ctx **)stack_ptr;
+                sec_ctx = *(struct security_unix_token **)stack_ptr;
                 if (sec_ctx == NULL) {
                         /* this happens the first time this function
@@ -148 +135 @@
                 }
 
-                sec_ctx = talloc_get_type_abort(sec_ctx, struct unix_sec_ctx);
+                sec_ctx = talloc_get_type_abort(sec_ctx, struct security_unix_token);
                 status = set_unix_security(sec_ctx);
                 talloc_free(sec_ctx);
@@ -163 +150 @@
 
 /*
-  form a unix_sec_ctx from the current security_token
+  form a security_unix_token from the current security_token
 */
 static NTSTATUS nt_token_to_unix_security(struct ntvfs_module_context *ntvfs,
                                           struct ntvfs_request *req,
                                           struct security_token *token,
-                                          struct unix_sec_ctx **sec)
-{
-        struct unixuid_private *priv = ntvfs->private_data;
-        int i;
-        NTSTATUS status;
-        struct id_map *ids;
-        struct composite_context *ctx;
-        *sec = talloc(req, struct unix_sec_ctx);
-
-        /* we can't do unix security without a user and group */
-        if (token->num_sids < 2) {
-                return NT_STATUS_ACCESS_DENIED;
-        }
-
-        ids = talloc_array(req, struct id_map, token->num_sids);
-        NT_STATUS_HAVE_NO_MEMORY(ids);
-
-        (*sec)->ngroups = token->num_sids - 2;
-        (*sec)->groups = talloc_array(*sec, gid_t, (*sec)->ngroups);
-        NT_STATUS_HAVE_NO_MEMORY((*sec)->groups);
-
-        for (i=0;i<token->num_sids;i++) {
-                ZERO_STRUCT(ids[i].xid);
-                ids[i].sid = &token->sids[i];
-                ids[i].status = ID_UNKNOWN;
-        }
-
-        ctx = wbc_sids_to_xids_send(priv->wbc_ctx, ids, token->num_sids, ids);
-        NT_STATUS_HAVE_NO_MEMORY(ctx);
-
-        status = wbc_sids_to_xids_recv(ctx, &ids);
-        NT_STATUS_NOT_OK_RETURN(status);
-
-        if (ids[0].xid.type == ID_TYPE_BOTH ||
-            ids[0].xid.type == ID_TYPE_UID) {
-                (*sec)->uid = ids[0].xid.id;
-        } else {
-                return NT_STATUS_INVALID_SID;
-        }
-
-        if (ids[1].xid.type == ID_TYPE_BOTH ||
-            ids[1].xid.type == ID_TYPE_GID) {
-                (*sec)->gid = ids[1].xid.id;
-        } else {
-                return NT_STATUS_INVALID_SID;
-        }
-
-        for (i=0;i<(*sec)->ngroups;i++) {
-                if (ids[i+2].xid.type == ID_TYPE_BOTH ||
-                    ids[i+2].xid.type == ID_TYPE_GID) {
-                        (*sec)->groups[i] = ids[i+2].xid.id;
-                } else {
-                        return NT_STATUS_INVALID_SID;
-                }
-        }
-
-        return NT_STATUS_OK;
+                                          struct security_unix_token **sec)
+{
+        return security_token_to_unix_token(req,
+                                            ntvfs->ctx->event_ctx,
+                                            token, sec);
 }
 
@@ -231 +166 @@
 */
 static NTSTATUS unixuid_setup_security(struct ntvfs_module_context *ntvfs,
-                                       struct ntvfs_request *req, struct unix_sec_ctx **sec)
+                                       struct ntvfs_request *req, struct security_unix_token **sec)
 {
         struct unixuid_private *priv = ntvfs->private_data;
         struct security_token *token;
-        struct unix_sec_ctx *newsec;
+        struct security_unix_token *newsec;
         NTSTATUS status;
 
@@ -282 +217 @@
 #define PASS_THRU_REQ(ntvfs, req, op, args) do { \
         NTSTATUS status2; \
-        struct unix_sec_ctx *sec; \
+        struct security_unix_token *sec; \
         status = unixuid_setup_security(ntvfs, req, &sec); \
         NT_STATUS_NOT_OK_RETURN(status); \
@@ -309 +244 @@
         }
 
-        priv->wbc_ctx = wbc_init(priv, ntvfs->ctx->msg_ctx,
-                                    ntvfs->ctx->event_ctx);
-        if (priv->wbc_ctx == NULL) {
-                talloc_free(priv);
-                return NT_STATUS_INTERNAL_ERROR;
-        }
-
         priv->last_sec_ctx = NULL;
         priv->last_token = NULL;
@@ -747 +675 @@
 
         /* fill in all the operations */
-        ops.connect = unixuid_connect;
-        ops.disconnect = unixuid_disconnect;
-        ops.unlink = unixuid_unlink;
-        ops.chkpath = unixuid_chkpath;
-        ops.qpathinfo = unixuid_qpathinfo;
-        ops.setpathinfo = unixuid_setpathinfo;
-        ops.open = unixuid_open;
-        ops.mkdir = unixuid_mkdir;
-        ops.rmdir = unixuid_rmdir;
-        ops.rename = unixuid_rename;
-        ops.copy = unixuid_copy;
-        ops.ioctl = unixuid_ioctl;
-        ops.read = unixuid_read;
-        ops.write = unixuid_write;
-        ops.seek = unixuid_seek;
-        ops.flush = unixuid_flush;      
-        ops.close = unixuid_close;
-        ops.exit = unixuid_exit;
-        ops.lock = unixuid_lock;
-        ops.setfileinfo = unixuid_setfileinfo;
-        ops.qfileinfo = unixuid_qfileinfo;
-        ops.fsinfo = unixuid_fsinfo;
-        ops.lpq = unixuid_lpq;
-        ops.search_first = unixuid_search_first;
-        ops.search_next = unixuid_search_next;
-        ops.search_close = unixuid_search_close;
-        ops.trans = unixuid_trans;
-        ops.logoff = unixuid_logoff;
-        ops.async_setup = unixuid_async_setup;
-        ops.cancel = unixuid_cancel;
-        ops.notify = unixuid_notify;
+        ops.connect_fn = unixuid_connect;
+        ops.disconnect_fn = unixuid_disconnect;
+        ops.unlink_fn = unixuid_unlink;
+        ops.chkpath_fn = unixuid_chkpath;
+        ops.qpathinfo_fn = unixuid_qpathinfo;
+        ops.setpathinfo_fn = unixuid_setpathinfo;
+        ops.open_fn = unixuid_open;
+        ops.mkdir_fn = unixuid_mkdir;
+        ops.rmdir_fn = unixuid_rmdir;
+        ops.rename_fn = unixuid_rename;
+        ops.copy_fn = unixuid_copy;
+        ops.ioctl_fn = unixuid_ioctl;
+        ops.read_fn = unixuid_read;
+        ops.write_fn = unixuid_write;
+        ops.seek_fn = unixuid_seek;
+        ops.flush_fn = unixuid_flush;
+        ops.close_fn = unixuid_close;
+        ops.exit_fn = unixuid_exit;
+        ops.lock_fn = unixuid_lock;
+        ops.setfileinfo_fn = unixuid_setfileinfo;
+        ops.qfileinfo_fn = unixuid_qfileinfo;
+        ops.fsinfo_fn = unixuid_fsinfo;
+        ops.lpq_fn = unixuid_lpq;
+        ops.search_first_fn = unixuid_search_first;
+        ops.search_next_fn = unixuid_search_next;
+        ops.search_close_fn = unixuid_search_close;
+        ops.trans_fn = unixuid_trans;
+        ops.logoff_fn = unixuid_logoff;
+        ops.async_setup_fn = unixuid_async_setup;
+        ops.cancel_fn = unixuid_cancel;
+        ops.notify_fn = unixuid_notify;
 
         ops.name = "unixuid";

vendor/current/source4/ntvfs/unixuid/wscript_build

@@ -5 +5 @@
         subsystem='ntvfs',
         init_function='ntvfs_unixuid_init',
-        deps='samdb'
+        deps='auth_unix_token talloc'
         )