The branch, master has been updated
via 86aa05e libcli/security Add unix_token and unix_info to
auth_session_info too
via 04f5ef8 s3-auth struct security_unix_token replaces UNIX_USER_TOKEN
via 2a5ac56 librpc/idl Add helper structures for use by samba3 in
auth_session_info
via 646aefd pidl Add support for uid_t and gid_t types
via 9900aa4 s3-rpc_server Handle session key as a constant buffer
via 4736937 s4:dsdb/common/util.c - remove "samdb_find_or_add_value"
via c807911 s4:dsdb/common/util.c - fully remove "samdb_msg_add_string"
via cbef9c3 s4:libnet/libnet_samsync_ldb.c - add a
"samdb_msg_add_string" wrapper
via c667803 s4:remove many invocations of "samdb_msg_add_string"
from dbf6b48 autobuild: enabled samba3-waf build
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 86aa05e8607fa5f86a128a7a93823dc6f1b4dcc8
Author: Andrew Bartlett <[email protected]>
Date: Sat Feb 12 11:21:03 2011 +1100
libcli/security Add unix_token and unix_info to auth_session_info too
Autobuild-User: Andrew Bartlett <[email protected]>
Autobuild-Date: Tue Mar 1 07:13:43 CET 2011 on sn-devel-104
commit 04f5ef83b9c3f6fbe484ceda8376982904b35065
Author: Andrew Bartlett <[email protected]>
Date: Fri Feb 11 18:49:15 2011 +1100
s3-auth struct security_unix_token replaces UNIX_USER_TOKEN
commit 2a5ac56742db2830a3c8e644d3f0e2681f58c4ac
Author: Andrew Bartlett <[email protected]>
Date: Fri Feb 11 18:47:21 2011 +1100
librpc/idl Add helper structures for use by samba3 in auth_session_info
The unix info and in particular unix token needs to be preserved into
the struct auth_session_info.
Andrew Bartlett
commit 646aefd998c1af366dcaee6cbc2bad9359a71f45
Author: Andrew Bartlett <[email protected]>
Date: Fri Feb 11 18:45:32 2011 +1100
pidl Add support for uid_t and gid_t types
These are mapped to uint64_t, which should be big enough. This is
proposed to be used for internal Samba representations, where it would
be more painful to convert all the callers to an uint64_t calling
convention.
Andrew Bartlett
commit 9900aa4fb40321de3d78d499ac5694541db39af0
Author: Andrew Bartlett <[email protected]>
Date: Thu Feb 10 21:37:51 2011 +1100
s3-rpc_server Handle session key as a constant buffer
This way, we don't have to check for memory allocation failures.
Andrew Bartlett
commit 47369370a1525e8a02db6e9e8deb2ac6364679d9
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Wed Feb 23 10:18:03 2011 +0100
s4:dsdb/common/util.c - remove "samdb_find_or_add_value"
This isn't used anymore.
Signed-off-by: Andrew Bartlett <[email protected]>
commit c807911bf7f6906b3f89633cc7359ecff3fecb23
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Wed Feb 23 10:13:56 2011 +0100
s4:dsdb/common/util.c - fully remove "samdb_msg_add_string"
This isn't needed anymore and will be substituted by
"ldb_msg_add_string".
Signed-off-by: Andrew Bartlett <[email protected]>
commit cbef9c352a43f1ae31326f970b2b3f3334b6593d
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Wed Feb 23 10:24:34 2011 +0100
s4:libnet/libnet_samsync_ldb.c - add a "samdb_msg_add_string" wrapper
Add this in order to allow the "ADD_OR_DEL" macros to work.
Signed-off-by: Andrew Bartlett <[email protected]>
commit c66780332bba2270ada4391fbb88728d06b94119
Author: Matthias Dieter Wallnöfer <[email protected]>
Date: Thu Oct 14 22:26:44 2010 +0200
s4:remove many invocations of "samdb_msg_add_string"
This call can be substituted by "ldb_msg_add_string". We only need to be
careful on local objects or talloc'ed ones which live shorter than the
message.
Signed-off-by: Andrew Bartlett <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
libcli/security/session.h | 2 +
librpc/idl/auth.idl | 15 ++++++
librpc/idl/security.idl | 8 +++
librpc/ndr/libndr.h | 2 +
librpc/ndr/ndr_basic.c | 60 +++++++++++++++++++++++
pidl/lib/Parse/Pidl/NDR.pm | 2 +
pidl/lib/Parse/Pidl/Samba4/Python.pm | 4 +-
pidl/lib/Parse/Pidl/Typelist.pm | 2 +
source3/include/auth.h | 2 +-
source3/include/proto.h | 12 ++--
source3/include/smb.h | 11 +---
source3/locking/locking.c | 22 ++++----
source3/rpc_server/samr/srv_samr_nt.c | 2 +-
source3/rpc_server/srv_pipe.c | 32 ++-----------
source3/smbd/close.c | 4 +-
source3/smbd/globals.h | 2 +-
source3/smbd/msg_idmap.c | 2 +-
source3/smbd/posix_acls.c | 4 +-
source3/smbd/sec_ctx.c | 2 +-
source3/smbd/uid.c | 2 +-
source4/dsdb/common/util.c | 31 ++----------
source4/dsdb/common/util_samr.c | 14 ++---
source4/dsdb/samdb/ldb_modules/samldb.c | 4 +-
source4/libnet/libnet_samsync_ldb.c | 30 ++++++-----
source4/ntptr/simple_ldb/ntptr_simple_ldb.c | 2 +-
source4/rpc_server/backupkey/dcesrv_backupkey.c | 4 +-
source4/rpc_server/drsuapi/writespn.c | 7 +--
source4/rpc_server/lsa/dcesrv_lsa.c | 11 ++--
28 files changed, 165 insertions(+), 130 deletions(-)
Changeset truncated at 500 lines:
diff --git a/libcli/security/session.h b/libcli/security/session.h
index 36da09b..1f0d486 100644
--- a/libcli/security/session.h
+++ b/libcli/security/session.h
@@ -38,7 +38,9 @@ struct auth_user_info_torture;
struct auth_session_info {
struct security_token *security_token;
+ struct security_unix_token *unix_token;
struct auth_user_info *info;
+ struct auth_user_info_unix *unix_info;
struct auth_user_info_torture *torture;
DATA_BLOB session_key;
struct cli_credentials *credentials;
diff --git a/librpc/idl/auth.idl b/librpc/idl/auth.idl
index 6b2cb56..7b4556a 100644
--- a/librpc/idl/auth.idl
+++ b/librpc/idl/auth.idl
@@ -51,6 +51,19 @@ interface auth
PAC_SIGNATURE_DATA *pac_kdc_sig;
} auth_user_info_torture;
+ typedef [public] struct {
+ utf8string unix_name;
+
+ /*
+ * For performance reasons we keep an alpha_strcpy-sanitized
version
+ * of the username around as long as the global variable
current_user
+ * still exists. If we did not do keep this, we'd have to call
+ * alpha_strcpy whenever we do a become_user(), potentially on
every
+ * smb request. See set_current_user_info in source3.
+ */
+ utf8string sanitized_username;
+ } auth_user_info_unix;
+
/* This is the interim product of the auth subsystem, before
* privileges and local groups are handled */
typedef [public] struct {
@@ -63,7 +76,9 @@ interface auth
typedef [public] struct {
security_token *security_token;
+ security_unix_token *unix_token;
auth_user_info *info;
+ auth_user_info_unix *unix_info;
DATA_BLOB session_key;
DATA_BLOB exported_gssapi_credentials;
} auth_session_info_transport;
diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl
index 266af49..2f633ab 100644
--- a/librpc/idl/security.idl
+++ b/librpc/idl/security.idl
@@ -577,6 +577,14 @@ interface security
lsa_SystemAccessModeFlags rights_mask;
} security_token;
+ /* This is not yet sent over the network, but is simply defined in IDL
*/
+ typedef [public] struct {
+ uid_t uid;
+ uid_t gid;
+ uint32 ngroups;
+ [size_is(ngroups)] gid_t groups[*];
+ } security_unix_token;
+
/* bits that determine which parts of a security descriptor
are being queried/set */
typedef [public,bitmap32bit] bitmap {
diff --git a/librpc/ndr/libndr.h b/librpc/ndr/libndr.h
index 21e4bda..c9e8a62 100644
--- a/librpc/ndr/libndr.h
+++ b/librpc/ndr/libndr.h
@@ -490,6 +490,8 @@ NDR_SCALAR_PROTO(dlong, int64_t)
NDR_SCALAR_PROTO(hyper, uint64_t)
NDR_SCALAR_PROTO(pointer, void *)
NDR_SCALAR_PROTO(time_t, time_t)
+NDR_SCALAR_PROTO(uid_t, uid_t)
+NDR_SCALAR_PROTO(gid_t, gid_t)
NDR_SCALAR_PROTO(NTSTATUS, NTSTATUS)
NDR_SCALAR_PROTO(WERROR, WERROR)
NDR_SCALAR_PROTO(NTTIME, NTTIME)
diff --git a/librpc/ndr/ndr_basic.c b/librpc/ndr/ndr_basic.c
index d8e1cf0..7323f6d 100644
--- a/librpc/ndr/ndr_basic.c
+++ b/librpc/ndr/ndr_basic.c
@@ -810,6 +810,56 @@ _PUBLIC_ enum ndr_err_code ndr_pull_time_t(struct ndr_pull
*ndr, int ndr_flags,
/*
+ push a uid_t
+*/
+_PUBLIC_ enum ndr_err_code ndr_push_uid_t(struct ndr_push *ndr, int ndr_flags,
uid_t u)
+{
+ return ndr_push_udlong(ndr, NDR_SCALARS, (uint64_t)u);
+}
+
+/*
+ pull a uid_t
+*/
+_PUBLIC_ enum ndr_err_code ndr_pull_uid_t(struct ndr_pull *ndr, int ndr_flags,
uid_t *u)
+{
+ uint64_t uu;
+ NDR_CHECK(ndr_pull_udlong(ndr, ndr_flags, &uu));
+ *u = (uid_t)uu;
+ if (unlikely(uu != *u)) {
+ DEBUG(0,(__location__ ": uid_t pull doesn't fit 0x%016llx\n",
+ (unsigned long long)uu));
+ return NDR_ERR_NDR64;
+ }
+ return NDR_ERR_SUCCESS;
+}
+
+
+/*
+ push a gid_t
+*/
+_PUBLIC_ enum ndr_err_code ndr_push_gid_t(struct ndr_push *ndr, int ndr_flags,
gid_t g)
+{
+ return ndr_push_udlong(ndr, NDR_SCALARS, (uint64_t)g);
+}
+
+/*
+ pull a gid_t
+*/
+_PUBLIC_ enum ndr_err_code ndr_pull_gid_t(struct ndr_pull *ndr, int ndr_flags,
gid_t *g)
+{
+ uint64_t gg;
+ NDR_CHECK(ndr_pull_udlong(ndr, ndr_flags, &gg));
+ *g = (gid_t)gg;
+ if (unlikely(gg != *g)) {
+ DEBUG(0,(__location__ ": gid_t pull doesn't fit 0x%016llx\n",
+ (unsigned long long)gg));
+ return NDR_ERR_NDR64;
+ }
+ return NDR_ERR_SUCCESS;
+}
+
+
+/*
pull a ipv4address
*/
_PUBLIC_ enum ndr_err_code ndr_pull_ipv4address(struct ndr_pull *ndr, int
ndr_flags, const char **address)
@@ -1050,6 +1100,16 @@ _PUBLIC_ void ndr_print_time_t(struct ndr_print *ndr,
const char *name, time_t t
}
}
+_PUBLIC_ void ndr_print_uid_t(struct ndr_print *ndr, const char *name, uid_t u)
+{
+ ndr_print_dlong(ndr, name, u);
+}
+
+_PUBLIC_ void ndr_print_gid_t(struct ndr_print *ndr, const char *name, gid_t g)
+{
+ ndr_print_dlong(ndr, name, g);
+}
+
_PUBLIC_ void ndr_print_union(struct ndr_print *ndr, const char *name, int
level, const char *type)
{
if (ndr->flags & LIBNDR_PRINT_ARRAY_HEX) {
diff --git a/pidl/lib/Parse/Pidl/NDR.pm b/pidl/lib/Parse/Pidl/NDR.pm
index 3edb9b7..5ade5c1 100644
--- a/pidl/lib/Parse/Pidl/NDR.pm
+++ b/pidl/lib/Parse/Pidl/NDR.pm
@@ -66,6 +66,8 @@ my $scalar_alignment = {
'string' => 4,
'string_array' => 4, #???
'time_t' => 4,
+ 'uid_t' => 8,
+ 'gid_t' => 8,
'NTTIME' => 4,
'NTTIME_1sec' => 4,
'NTTIME_hyper' => 8,
diff --git a/pidl/lib/Parse/Pidl/Samba4/Python.pm
b/pidl/lib/Parse/Pidl/Samba4/Python.pm
index 7f6f94e..dfacfb3 100644
--- a/pidl/lib/Parse/Pidl/Samba4/Python.pm
+++ b/pidl/lib/Parse/Pidl/Samba4/Python.pm
@@ -895,7 +895,7 @@ sub ConvertObjectFromPythonData($$$$$$;$)
$self->pidl("}");
return;
}
- if (expandAlias($actual_ctype->{NAME}) =~
/^(char|u?int[0-9]*|time_t)$/) {
+ if (expandAlias($actual_ctype->{NAME}) =~
/^(char|u?int[0-9]*|time_t|uid_t|gid_t)$/) {
$self->pidl("PY_CHECK_TYPE(&PyInt_Type, $cvar,
$fail);");
$self->pidl("$target = PyInt_AsLong($cvar);");
return;
@@ -1103,7 +1103,7 @@ sub ConvertScalarToPython($$$)
return "PyLong_FromLongLong($cvar)";
}
- if ($ctypename =~ /^(char|u?int[0-9]*|time_t)$/) {
+ if ($ctypename =~ /^(char|u?int[0-9]*|time_t|uid_t|gid_t)$/) {
return "PyInt_FromLong($cvar)";
}
diff --git a/pidl/lib/Parse/Pidl/Typelist.pm b/pidl/lib/Parse/Pidl/Typelist.pm
index a89b1a7..307187b 100644
--- a/pidl/lib/Parse/Pidl/Typelist.pm
+++ b/pidl/lib/Parse/Pidl/Typelist.pm
@@ -48,6 +48,8 @@ my %scalars = (
"string" => "const char *",
"string_array" => "const char **",
"time_t" => "time_t",
+ "uid_t" => "uid_t",
+ "gid_t" => "gid_t",
"NTTIME" => "NTTIME",
"NTTIME_1sec" => "NTTIME",
"NTTIME_hyper" => "NTTIME",
diff --git a/source3/include/auth.h b/source3/include/auth.h
index 93e42b8..3b3f6dc 100644
--- a/source3/include/auth.h
+++ b/source3/include/auth.h
@@ -30,7 +30,7 @@ struct auth_serversupplied_info {
bool guest;
bool system;
- struct unix_user_token utok;
+ struct security_unix_token utok;
/* NT group information taken from the info3 structure */
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 0a78acd..96317b9 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -3040,12 +3040,12 @@ void del_deferred_open_entry(struct share_mode_lock
*lck, uint64_t mid,
bool remove_share_oplock(struct share_mode_lock *lck, files_struct *fsp);
bool downgrade_share_oplock(struct share_mode_lock *lck, files_struct *fsp);
NTSTATUS can_set_delete_on_close(files_struct *fsp, uint32 dosmode);
-const UNIX_USER_TOKEN *get_delete_on_close_token(struct share_mode_lock *lck,
uint32_t name_hash);
+const struct security_unix_token *get_delete_on_close_token(struct
share_mode_lock *lck, uint32_t name_hash);
void set_delete_on_close_lck(files_struct *fsp,
struct share_mode_lock *lck,
bool delete_on_close,
- const UNIX_USER_TOKEN *tok);
-bool set_delete_on_close(files_struct *fsp, bool delete_on_close, const
UNIX_USER_TOKEN *tok);
+ const struct security_unix_token *tok);
+bool set_delete_on_close(files_struct *fsp, bool delete_on_close, const struct
security_unix_token *tok);
bool is_delete_on_close_set(struct share_mode_lock *lck, uint32_t name_hash);
bool set_sticky_write_time(struct file_id fileid, struct timespec write_time);
bool set_write_time(struct file_id fileid, struct timespec write_time);
@@ -5112,7 +5112,7 @@ void server_encryption_shutdown(void);
/* The following definitions come from smbd/sec_ctx.c */
-bool unix_token_equal(const UNIX_USER_TOKEN *t1, const UNIX_USER_TOKEN *t2);
+bool unix_token_equal(const struct security_unix_token *t1, const struct
security_unix_token *t2);
bool push_sec_ctx(void);
void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, struct
security_token *token);
void set_root_sec_ctx(void);
@@ -5282,7 +5282,7 @@ bool become_user(connection_struct *conn, uint16 vuid);
bool unbecome_user(void);
uid_t get_current_uid(connection_struct *conn);
gid_t get_current_gid(connection_struct *conn);
-const UNIX_USER_TOKEN *get_current_utok(connection_struct *conn);
+const struct security_unix_token *get_current_utok(connection_struct *conn);
const struct security_token *get_current_nttok(connection_struct *conn);
uint16_t get_current_vuid(connection_struct *conn);
@@ -5421,7 +5421,7 @@ NTSTATUS access_check_object( struct security_descriptor
*psd, struct security_t
uint32 des_access, uint32 *acc_granted,
const char *debug );
void map_max_allowed_access(const struct security_token *nt_token,
- const struct unix_user_token *unix_token,
+ const struct security_unix_token *unix_token,
uint32_t *pacc_requested);
/* The following definitions come from ../libds/common/flag_mapping.c */
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 7c9f60d..882b234 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -203,13 +203,6 @@ struct lsa_name_info {
#define PRIMARY_USER_SID_INDEX 0
#define PRIMARY_GROUP_SID_INDEX 1
-typedef struct unix_user_token {
- uid_t uid;
- gid_t gid;
- uint32_t ngroups;
- gid_t *groups;
-} UNIX_USER_TOKEN;
-
typedef struct write_cache {
SMB_OFF_T file_size;
SMB_OFF_T offset;
@@ -521,7 +514,7 @@ typedef struct connection_struct {
struct current_user {
connection_struct *conn;
uint16 vuid;
- UNIX_USER_TOKEN ut;
+ struct security_unix_token ut;
struct security_token *nt_user_token;
};
@@ -689,7 +682,7 @@ Offset Data length.
struct delete_token_list {
struct delete_token_list *next, *prev;
uint32_t name_hash;
- UNIX_USER_TOKEN *delete_token;
+ struct security_unix_token *delete_token;
};
struct share_mode_lock {
diff --git a/source3/locking/locking.c b/source3/locking/locking.c
index 1942f44..00f384a 100644
--- a/source3/locking/locking.c
+++ b/source3/locking/locking.c
@@ -584,7 +584,7 @@ static int parse_delete_tokens_list(struct share_mode_lock
*lck,
memcpy(&pdtl->name_hash, p, sizeof(pdtl->name_hash));
p += sizeof(pdtl->name_hash);
- pdtl->delete_token = TALLOC_ZERO_P(pdtl, UNIX_USER_TOKEN);
+ pdtl->delete_token = TALLOC_ZERO_P(pdtl, struct
security_unix_token);
if (pdtl->delete_token == NULL) {
DEBUG(0,("parse_delete_tokens_list: talloc failed"));
return -1;
@@ -808,7 +808,7 @@ static TDB_DATA unparse_share_modes(const struct
share_mode_lock *lck)
/* Store any delete on close tokens. */
for (pdtl = lck->delete_tokens; pdtl; pdtl = pdtl->next) {
- UNIX_USER_TOKEN *pdt = pdtl->delete_token;
+ struct security_unix_token *pdt = pdtl->delete_token;
uint32_t token_size = sizeof(uint32_t) +
sizeof(uint32_t) +
sizeof(uid_t) +
@@ -1461,15 +1461,15 @@ NTSTATUS can_set_delete_on_close(files_struct *fsp,
uint32 dosmode)
}
/*************************************************************************
- Return a talloced copy of a UNIX_USER_TOKEN. NULL on fail.
+ Return a talloced copy of a struct security_unix_token. NULL on fail.
(Should this be in locking.c.... ?).
*************************************************************************/
-static UNIX_USER_TOKEN *copy_unix_token(TALLOC_CTX *ctx, const UNIX_USER_TOKEN
*tok)
+static struct security_unix_token *copy_unix_token(TALLOC_CTX *ctx, const
struct security_unix_token *tok)
{
- UNIX_USER_TOKEN *cpy;
+ struct security_unix_token *cpy;
- cpy = TALLOC_P(ctx, UNIX_USER_TOKEN);
+ cpy = TALLOC_P(ctx, struct security_unix_token);
if (!cpy) {
return NULL;
}
@@ -1494,7 +1494,7 @@ static UNIX_USER_TOKEN *copy_unix_token(TALLOC_CTX *ctx,
const UNIX_USER_TOKEN *
static bool add_delete_on_close_token(struct share_mode_lock *lck,
uint32_t name_hash,
- const UNIX_USER_TOKEN *tok)
+ const struct security_unix_token *tok)
{
struct delete_token_list *dtl;
@@ -1521,14 +1521,14 @@ static bool add_delete_on_close_token(struct
share_mode_lock *lck,
changed the delete on close flag. This will be noticed
in the close code, the last closer will delete the file
if flag is set.
- This makes a copy of any UNIX_USER_TOKEN into the
+ This makes a copy of any struct security_unix_token into the
lck entry. This function is used when the lock is already granted.
****************************************************************************/
void set_delete_on_close_lck(files_struct *fsp,
struct share_mode_lock *lck,
bool delete_on_close,
- const UNIX_USER_TOKEN *tok)
+ const struct security_unix_token *tok)
{
struct delete_token_list *dtl;
bool ret;
@@ -1565,7 +1565,7 @@ void set_delete_on_close_lck(files_struct *fsp,
SMB_ASSERT(ret);
}
-bool set_delete_on_close(files_struct *fsp, bool delete_on_close, const
UNIX_USER_TOKEN *tok)
+bool set_delete_on_close(files_struct *fsp, bool delete_on_close, const struct
security_unix_token *tok)
{
struct share_mode_lock *lck;
@@ -1596,7 +1596,7 @@ bool set_delete_on_close(files_struct *fsp, bool
delete_on_close, const UNIX_USE
return True;
}
-const UNIX_USER_TOKEN *get_delete_on_close_token(struct share_mode_lock *lck,
uint32_t name_hash)
+const struct security_unix_token *get_delete_on_close_token(struct
share_mode_lock *lck, uint32_t name_hash)
{
struct delete_token_list *dtl;
diff --git a/source3/rpc_server/samr/srv_samr_nt.c
b/source3/rpc_server/samr/srv_samr_nt.c
index d53d859..57965cd 100644
--- a/source3/rpc_server/samr/srv_samr_nt.c
+++ b/source3/rpc_server/samr/srv_samr_nt.c
@@ -250,7 +250,7 @@ done:
********************************************************************/
void map_max_allowed_access(const struct security_token *nt_token,
- const struct unix_user_token *unix_token,
+ const struct security_unix_token *unix_token,
uint32_t *pacc_requested)
{
if (!((*pacc_requested) & MAXIMUM_ALLOWED_ACCESS)) {
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index bb10902..e062e63 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -88,7 +88,7 @@ static void dump_pdu_region(const char *name, int v,
static DATA_BLOB generic_session_key(void)
{
- return data_blob("SystemLibraryDTC", 16);
+ return data_blob_const("SystemLibraryDTC", 16);
}
/*******************************************************************
@@ -460,7 +460,6 @@ static bool pipe_schannel_auth_bind(struct pipes_struct *p,
bool ret;
NTSTATUS status;
struct netlogon_creds_CredentialState *creds;
- DATA_BLOB session_key;
enum ndr_err_code ndr_err;
struct schannel_state *schannel_auth;
@@ -519,16 +518,7 @@ static bool pipe_schannel_auth_bind(struct pipes_struct *p,
* anymore.
*/
- session_key = generic_session_key();
- if (session_key.data == NULL) {
- DEBUG(0, ("pipe_schannel_auth_bind: Could not alloc session"
- " key\n"));
- return false;
- }
-
- ret = session_info_set_session_key(p->session_info, session_key);
-
- data_blob_free(&session_key);
+ ret = session_info_set_session_key(p->session_info,
generic_session_key());
if (!ret) {
DEBUG(0, ("session_info_set_session_key failed\n"));
@@ -624,7 +614,6 @@ static bool pipe_ntlmssp_verify_final(TALLOC_CTX *mem_ctx,
struct ndr_syntax_id *syntax,
struct auth_serversupplied_info **session_info)
{
- DATA_BLOB session_key;
NTSTATUS status;
bool ret;
@@ -668,13 +657,7 @@ static bool pipe_ntlmssp_verify_final(TALLOC_CTX *mem_ctx,
* does. See the RPC-SAMBA3SESSIONKEY.
*/
- session_key = generic_session_key();
- if (session_key.data == NULL) {
- return false;
- }
-
- ret = session_info_set_session_key((*session_info), session_key);
- data_blob_free(&session_key);
+ ret = session_info_set_session_key((*session_info),
generic_session_key());
if (!ret) {
DEBUG(0, ("Failed to set session key!\n"));
return false;
@@ -730,7 +713,6 @@ static NTSTATUS pipe_gssapi_verify_final(TALLOC_CTX
*mem_ctx,
struct client_address *client_id,
struct auth_serversupplied_info
**session_info)
{
- DATA_BLOB session_key;
NTSTATUS status;
bool bret;
@@ -770,13 +752,7 @@ static NTSTATUS pipe_gssapi_verify_final(TALLOC_CTX
*mem_ctx,
* does. See the RPC-SAMBA3SESSIONKEY.
*/
- session_key = generic_session_key();
- if (session_key.data == NULL) {
- return NT_STATUS_ACCESS_DENIED;
- }
-
- bret = session_info_set_session_key((*session_info), session_key);
- data_blob_free(&session_key);
+ bret = session_info_set_session_key((*session_info),
generic_session_key());
if (!bret) {
return NT_STATUS_ACCESS_DENIED;
}
diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index 4234f32..547705b 100644
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -275,7 +275,7 @@ static NTSTATUS close_remove_share_mode(files_struct *fsp,
NTSTATUS status = NT_STATUS_OK;
NTSTATUS tmp_status;
struct file_id id;
- const UNIX_USER_TOKEN *del_token = NULL;
+ const struct security_unix_token *del_token = NULL;
/* Ensure any pending write time updates are done. */
if (fsp->update_write_time_event) {
@@ -958,7 +958,7 @@ static NTSTATUS close_directory(struct smb_request *req,
files_struct *fsp,
--
Samba Shared Repository
