Add "server_info" to connection_struct

This will replace all the user identity stuff in connection_struct, for now it
is just a source where the other fields in connection_struct are filled from.
(This used to be commit 0f53f9e7db9f99f239c4d0950452d0e2cde2ae8b)

diff --git a/source3/include/smb.h b/source3/include/smb.h
index 8c24e3045ed9d15898fc6accf338b11a5d441e55..c7a13fb3a09ba226210ac6e91d2f4e1c03edb4fe 100644 (file)
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -623,6 +623,8 @@ typedef struct connection_struct {
        struct vfs_ops vfs_opaque;                      /* OPAQUE Filesystem operations */
        struct vfs_handle_struct *vfs_handles;          /* for the new plugins */
 
+       struct auth_serversupplied_info *server_info;
+
        char *user; /* name of user who *opened* this connection */
        uid_t uid; /* uid of user who *opened* this connection */
        gid_t gid; /* gid of user who *opened* this connection */

diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index e2715fa6d841c46db3bfcdcc01e70f763616fae5..974af8393246a2e867174bfe38e8ff0206acd47c 100644 (file)
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -725,18 +725,14 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
                                               const char *pdev,
                                               NTSTATUS *pstatus)
 {
-       struct passwd *pass = NULL;
-       bool guest = False;
        connection_struct *conn;
        SMB_STRUCT_STAT st;
-       fstring user;
        fstring dev;
        int ret;
        char addr[INET6_ADDRSTRLEN];
        bool on_err_call_dis_hook = false;
        NTSTATUS status;
 
-       *user = 0;
        fstrcpy(dev, pdev);
        SET_STAT_INVALID(st);
 
@@ -754,102 +750,33 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
        conn->params->service = snum;
        conn->nt_user_token = NULL;
 
+       status = create_connection_server_info(
+               conn, snum, vuser ? vuser->server_info : NULL, password,
+               &conn->server_info);
+
+       if (!NT_STATUS_IS_OK(status)) {
+               DEBUG(0, ("create_connection_server_info failed: %s\n",
+                         nt_errstr(status)));
+               *pstatus = status;
+               conn_free(conn);
+               return NULL;
+       }
+
        if (lp_guest_only(snum)) {
-               const char *guestname = lp_guestaccount();
-               char *found_username = NULL;
-
-               guest = True;
-               pass = getpwnam_alloc(talloc_tos(), guestname);
-               if (!pass) {
-                       DEBUG(0,("make_connection_snum: Invalid guest "
-                                "account %s??\n",guestname));
-                       conn_free(conn);
-                       *pstatus = NT_STATUS_NO_SUCH_USER;
-                       return NULL;
-               }
-               status = create_token_from_username(conn, pass->pw_name, True,
-                                                   &conn->uid, &conn->gid,
-                                                   &found_username,
-                                                   &conn->nt_user_token);
-               if (!NT_STATUS_IS_OK(status)) {
-                       TALLOC_FREE(pass);
-                       conn_free(conn);
-                       *pstatus = status;
-                       return NULL;
-               }
-               fstrcpy(user, found_username);
-               string_set(&conn->user,user);
-               conn->force_user = True;
-               TALLOC_FREE(found_username);
-               TALLOC_FREE(pass);
-               DEBUG(3,("Guest only user %s\n",user));
+               string_set(&conn->user, conn->server_info->unix_name);
+               conn->force_user = true;
+               DEBUG(3,("Guest only user %s\n", conn->user));
        } else if (vuser) {
-               if (vuser->server_info->guest) {
-                       if (!lp_guest_ok(snum)) {
-                               DEBUG(2, ("guest user (from session setup) "
-                                         "not permitted to access this share "
-                                         "(%s)\n", lp_servicename(snum)));
-                                     conn_free(conn);
-                                     *pstatus = NT_STATUS_ACCESS_DENIED;
-                                     return NULL;
-                       }
-               } else {
-                       if (!user_ok_token(vuser->server_info->unix_name,
-                                          vuser->server_info->ptok, snum)) {
-                               DEBUG(2, ("user '%s' (from session setup) not "
-                                         "permitted to access this share "
-                                         "(%s)\n",
-                                         vuser->server_info->unix_name,
-                                         lp_servicename(snum)));
-                               conn_free(conn);
-                               *pstatus = NT_STATUS_ACCESS_DENIED;
-                               return NULL;
-                       }
-               }
                conn->vuid = vuser->vuid;
                conn->uid = vuser->server_info->uid;
                conn->gid = vuser->server_info->gid;
                string_set(&conn->user,vuser->server_info->unix_name);
-               fstrcpy(user,vuser->server_info->unix_name);
-               guest = vuser->server_info->guest;
        } else if (lp_security() == SEC_SHARE) {
-               NTSTATUS status2;
-               char *found_username = NULL;
-
-               /* add it as a possible user name if we 
-                  are in share mode security */
-               add_session_user(lp_servicename(snum));
-               /* shall we let them in? */
-               if (!authorise_login(snum,user,password,&guest)) {
-                       DEBUG( 2, ( "Invalid username/password for [%s]\n", 
-                                   lp_servicename(snum)) );
-                       conn_free(conn);
-                       *pstatus = NT_STATUS_WRONG_PASSWORD;
-                       return NULL;
-               }
-               pass = Get_Pwnam_alloc(talloc_tos(), user);
-               status2 = create_token_from_username(conn, pass->pw_name, True,
-                                                    &conn->uid, &conn->gid,
-                                                    &found_username,
-                                                    &conn->nt_user_token);
-               TALLOC_FREE(pass);
-               if (!NT_STATUS_IS_OK(status2)) {
-                       conn_free(conn);
-                       *pstatus = status2;
-                       return NULL;
-               }
-               fstrcpy(user, found_username);
-               string_set(&conn->user,user);
-               TALLOC_FREE(found_username);
+               string_set(&conn->user, conn->server_info->unix_name);
                conn->force_user = True;
-       } else {
-               DEBUG(0, ("invalid VUID (vuser) but not in security=share\n"));
-               conn_free(conn);
-               *pstatus = NT_STATUS_ACCESS_DENIED;
-               return NULL;
        }
 
-       add_session_user(user);
+       add_session_user(conn->user);
 
        safe_strcpy(conn->client_address,
                        client_addr(get_client_fd(),addr,sizeof(addr)), 
@@ -881,7 +808,6 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
        conn->veto_oplock_list = NULL;
        conn->aio_write_behind_list = NULL;
        string_set(&conn->dirpath,"");
-       string_set(&conn->user,user);
 
        conn->read_only = lp_readonly(SNUM(conn));
        conn->admin_user = False;
@@ -895,15 +821,14 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
        if (*lp_force_user(snum)) {
                status = find_forced_user(conn,
                                (vuser != NULL) && vuser->server_info->guest,
-                               user);
+                               conn->user);
                if (!NT_STATUS_IS_OK(status)) {
                        conn_free(conn);
                        *pstatus = status;
                        return NULL;
                }
-               string_set(&conn->user,user);
                conn->force_user = True;
-               DEBUG(3,("Forced user %s\n",user));       
+               DEBUG(3,("Forced user %s\n",conn->user));
        }
 
        /*
@@ -914,7 +839,8 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
        if (*lp_force_group(snum)) {
                DOM_SID group_sid;
 
-               status = find_forced_group(conn->force_user, snum, user,
+               status = find_forced_group(conn->force_user, snum,
+                                          conn->user,
                                           &group_sid, &conn->gid);
                if (!NT_STATUS_IS_OK(status)) {
                        conn_free(conn);
@@ -1189,7 +1115,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
           to allow any filesystems needing user credentials to initialize
           themselves. */
 
-       if (SMB_VFS_CONNECT(conn, lp_servicename(snum), user) < 0) {
+       if (SMB_VFS_CONNECT(conn, lp_servicename(snum), conn->user) < 0) {
                DEBUG(0,("make_connection: VFS make connection failed!\n"));
                *pstatus = NT_STATUS_UNSUCCESSFUL;
                goto err_root_exit;
@@ -1256,7 +1182,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
                         conn->client_address );
                dbgtext( "%s", srv_is_signing_active() ? "signed " : "");
                dbgtext( "connect to service %s ", lp_servicename(snum) );
-               dbgtext( "initially as user %s ", user );
+               dbgtext( "initially as user %s ", conn->user );
                dbgtext( "(uid=%d, gid=%d) ", (int)geteuid(), (int)getegid() );
                dbgtext( "(pid %d)\n", (int)sys_getpid() );
        }