The branch, master has been updated
via 2663586 s4-auth Fill in the remainder of the unix info in
auth_session_info
via f5963aa s4-auth Move conversion of security_token to unix_token to
auth
via e84b8a7 gensec: Add a way to request a unix token from GENSEC
via d2a6ae2 ntvfs: Use security_unix_token from auth.idl
via 8f13c84 s3-selftest Add tests for 'map to guest = bad user'
via 2b47afa selftest: Avoid being run over by armies of the undead
via b782b5e nbt: Add comment explaining that these responses are
manually encoded
via 61cb215 selftest: explain how the message command test works
via ee20a27 s4-lsa Use the supplied handle in LsaLookupNames2
via 481f1e6 s4-debug: Start with DEBUG_DEFAULT_STDOUT, so we can log to
a file in deamons
from fcb90f4 s3-printing: Add forward declaration for
dcerpc_binding_handle.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 2663586c8bbda96822c9325de2966382a2341fca
Author: Andrew Bartlett <[email protected]>
Date: Thu Jul 21 18:21:19 2011 +1000
s4-auth Fill in the remainder of the unix info in auth_session_info
Signed-off-by: Andrew Tridgell <[email protected]>
Autobuild-User: Andrew Bartlett <[email protected]>
Autobuild-Date: Fri Jul 29 05:33:03 CEST 2011 on sn-devel-104
commit f5963aad18de80e837448cbc29feb52081897667
Author: Andrew Bartlett <[email protected]>
Date: Thu Jul 21 17:06:17 2011 +1000
s4-auth Move conversion of security_token to unix_token to auth
This allows us to honour the AUTH_SESSION_INFO_UNIX_TOKEN flag.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <[email protected]>
commit e84b8a72bd63d3f4af810536068ae65d33aabff8
Author: Andrew Bartlett <[email protected]>
Date: Thu Jul 21 15:39:27 2011 +1000
gensec: Add a way to request a unix token from GENSEC
Signed-off-by: Andrew Tridgell <[email protected]>
commit d2a6ae254a7c6afd2c58d1a9a2c9fd4c074b0afb
Author: Andrew Bartlett <[email protected]>
Date: Thu Jul 21 15:37:41 2011 +1000
ntvfs: Use security_unix_token from auth.idl
Signed-off-by: Andrew Tridgell <[email protected]>
commit 8f13c84dcecb769e4ba85fa120d9ac4ac772223e
Author: Andrew Bartlett <[email protected]>
Date: Fri Jul 22 13:00:21 2011 +1000
s3-selftest Add tests for 'map to guest = bad user'
Signed-off-by: Andrew Tridgell <[email protected]>
commit 2b47aface434000b29aa29f4ff6348cc147ae757
Author: Andrew Bartlett <[email protected]>
Date: Tue Jul 26 17:04:40 2011 +1000
selftest: Avoid being run over by armies of the undead
Ignore SIGCHILD to reap zombies
Andrew Bartlett
Signed-off-by: Andrew Tridgell <[email protected]>
commit b782b5ed7c7a59fc60845c776c81cfcc56fdfda6
Author: Andrew Bartlett <[email protected]>
Date: Wed Jul 27 12:06:22 2011 +1000
nbt: Add comment explaining that these responses are manually encoded
Signed-off-by: Andrew Tridgell <[email protected]>
commit 61cb2150cbd6922600964a70920ca90da9eb4368
Author: Andrew Bartlett <[email protected]>
Date: Wed Jul 27 15:42:45 2011 +1000
selftest: explain how the message command test works
commit ee20a27d411c4f3c1d97e9c9bdbb7226f144c2f1
Author: Andrew Bartlett <[email protected]>
Date: Thu Jul 28 07:55:09 2011 +1000
s4-lsa Use the supplied handle in LsaLookupNames2
In my rework of this function in 2006 with
459a2301a5d63f5a1a6b27996c8a0358b20f2ab2 I ignored the incoming
handle, instead feching the LSA state again (dispite the commit
message indicating otherwise).
This means that data->access_mask is uninitialised, which doesn't
matter right now, but will once we start checking that.
Andrew Bartlett
commit 481f1e601daafd186c504476f7efa1b557099105
Author: Andrew Bartlett <[email protected]>
Date: Fri Jul 29 12:10:39 2011 +1000
s4-debug: Start with DEBUG_DEFAULT_STDOUT, so we can log to a file in
deamons
In commit 3c9d01e3e58e2217915317406541ac8c6f6dcf92 I changed the priority
order
and added DEBUG_DEFAULT_STDOUT, but did not check all the callers.
Andrew Bartlett
-----------------------------------------------------------------------
Summary of changes:
librpc/idl/nbt.idl | 6 +-
selftest/selftest.pl | 2 +
selftest/target/Samba3.pm | 34 ++++++++
source3/script/tests/test_smbclient_s3.sh | 1 +
source3/selftest/tests.py | 5 +-
source4/auth/auth.h | 3 +
source4/auth/gensec/gensec.c | 17 +++-
source4/auth/gensec/gensec.h | 1 +
source4/auth/ntlm/auth.c | 31 ++++++-
source4/auth/ntlm/wscript_build | 2 +-
source4/auth/session.c | 2 +-
source4/auth/unix_token.c | 129 +++++++++++++++++++++++++++++
source4/auth/wscript_build | 6 ++
source4/lib/cmdline/popt_common.c | 2 +-
source4/ntvfs/unixuid/vfs_unixuid.c | 94 ++++-----------------
source4/ntvfs/unixuid/wscript_build | 2 +-
source4/rpc_server/lsa/lsa_lookup.c | 10 +-
17 files changed, 250 insertions(+), 97 deletions(-)
create mode 100644 source4/auth/unix_token.c
Changeset truncated at 500 lines:
diff --git a/librpc/idl/nbt.idl b/librpc/idl/nbt.idl
index ee9a64e..5d8dfd7 100644
--- a/librpc/idl/nbt.idl
+++ b/librpc/idl/nbt.idl
@@ -545,7 +545,11 @@ interface nbt
[case(NETLOGON_ANNOUNCE_UAS)] NETLOGON_DB_CHANGE uas;
} nbt_netlogon_request;
-#if 0
+#if 0
+ /* These responses are all handled manually, as they cannot be encoded
in IDL fully
+
+ See push_nbt_netlogon_response()
+ */
[case(NETLOGON_RESPONSE_FROM_PDC)]
nbt_netlogon_response_from_pdc response;
[case(NETLOGON_RESPONSE_FROM_PDC_USER)]
nbt_netlogon_response_from_pdc2 response2;
diff --git a/selftest/selftest.pl b/selftest/selftest.pl
index 78627c8..5cbb686 100755
--- a/selftest/selftest.pl
+++ b/selftest/selftest.pl
@@ -176,6 +176,8 @@ sub pipe_handler {
$SIG{PIPE} = \&pipe_handler;
+$SIG{CHILD} = 'IGNORE';
+
sub find_in_list($$)
{
my ($list, $fullname) = @_;
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index c78c1d6..93b999f 100644
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -95,6 +95,8 @@ sub setup_env($$$)
return $self->setup_s3dc("$path/s3dc");
} elsif ($envname eq "secshare") {
return $self->setup_secshare("$path/secshare");
+ } elsif ($envname eq "maptoguest") {
+ return $self->setup_maptoguest("$path/maptoguest");
} elsif ($envname eq "ktest") {
return $self->setup_ktest("$path/ktest");
} elsif ($envname eq "secserver") {
@@ -472,6 +474,36 @@ $ret->{USERNAME} = KTEST\\Administrator
return $ret;
}
+sub setup_maptoguest($$)
+{
+ my ($self, $path) = @_;
+
+ print "PROVISIONING maptoguest...";
+
+ my $options = "
+map to guest = bad user
+";
+
+ my $vars = $self->provision($path,
+ "maptoguest",
+ 7,
+ "maptoguestpass",
+ $options);
+
+ $vars or return undef;
+
+ $self->check_or_start($vars,
+ "yes", "no", "yes");
+
+ if (not $self->wait_for_start($vars)) {
+ return undef;
+ }
+
+ $self->{vars}->{s3maptoguest} = $vars;
+
+ return $vars;
+}
+
sub stop_sig_term($$) {
my ($self, $pid) = @_;
kill("USR1", $pid) or kill("ALRM", $pid) or warn("Unable to kill $pid:
$!");
@@ -872,6 +904,8 @@ sub provision($$$$$$$)
resolv:host file = $dns_host_file
+ # The samba3.blackbox.smbclient_s3 test uses this to test that
+ # sending messages works, and that the %m sub works.
message command = mv %s $shrdir/message.%m
# Begin extra options
diff --git a/source3/script/tests/test_smbclient_s3.sh
b/source3/script/tests/test_smbclient_s3.sh
index fa721cb..05bc8ef 100755
--- a/source3/script/tests/test_smbclient_s3.sh
+++ b/source3/script/tests/test_smbclient_s3.sh
@@ -260,6 +260,7 @@ EOF
return
fi
+ # The server writes this into a file message.msgtest, via message.%m to
test the % sub code
cmd='$SMBCLIENT "$@" -U$USERNAME%$PASSWORD //$SERVER/tmpguest -p 139
$ADDARGS -c "get message.msgtest $PREFIX/message_out.$$" 2>&1'
eval echo "$cmd"
out=`eval $cmd`
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 0b0da7f..b6fb166 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -108,9 +108,12 @@ for env in ["secserver"]:
for env in ["member"]:
plantestsuite("samba3.blackbox.smbclient_auth.plain (%s) member creds" %
env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_auth.sh"),
'$SERVER', '$SERVER_IP', '$SERVER\\\\$USERNAME', '$PASSWORD',
binpath('smbclient3'), configuration])
-for env in ["secshare", "secserver"]:
+for env in ["maptoguest", "secshare", "secserver"]:
plantestsuite("samba3.blackbox.smbclient_auth.plain (%s) local creds" %
env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_auth.sh"),
'$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', binpath('smbclient3'),
configuration + " --option=clientntlmv2auth=no --option=clientlanmanauth=yes"])
+env = "maptoguest"
+plantestsuite("samba3.blackbox.smbclient_auth.plain (%s) bad username" % env,
env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_auth.sh"),
'$SERVER', '$SERVER_IP', 'notmy$USERNAME', '$PASSWORD', binpath('smbclient3'),
configuration + " --option=clientntlmv2auth=no --option=clientlanmanauth=yes"])
+
# plain
for env in ["s3dc"]:
plantestsuite("samba3.blackbox.smbclient_s3.plain (%s)" % env, env,
[os.path.join(samba3srcdir, "script/tests/test_smbclient_s3.sh"), '$SERVER',
'$SERVER_IP', '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', '$USERID',
'$LOCAL_PATH', '$PREFIX', binpath('smbclient3'), configuration])
diff --git a/source4/auth/auth.h b/source4/auth/auth.h
index 04731af..ac2327d 100644
--- a/source4/auth/auth.h
+++ b/source4/auth/auth.h
@@ -48,6 +48,7 @@ struct loadparm_context;
#define AUTH_SESSION_INFO_DEFAULT_GROUPS 0x01 /* Add the user to the
default world and network groups */
#define AUTH_SESSION_INFO_AUTHENTICATED 0x02 /* Add the user to the
'authenticated users' group */
#define AUTH_SESSION_INFO_SIMPLE_PRIVILEGES 0x04 /* Use a trivial map between
users and privilages, rather than a DB */
+#define AUTH_SESSION_INFO_UNIX_TOKEN 0x08 /* The returned token must
have the unix_token and unix_info elements provided */
struct auth_method_context;
struct auth_check_password_request;
@@ -156,7 +157,9 @@ struct auth_critical_sizes {
const struct auth_usersupplied_info *user_info_in,
const struct auth_usersupplied_info
**user_info_encrypted);
+struct wbc_context;
#include "auth/session.h"
+#include "auth/unix_token_proto.h"
#include "auth/system_session_proto.h"
#include "libcli/security/security.h"
diff --git a/source4/auth/gensec/gensec.c b/source4/auth/gensec/gensec.c
index 7e6a83d..7dd3eac 100644
--- a/source4/auth/gensec/gensec.c
+++ b/source4/auth/gensec/gensec.c
@@ -1320,21 +1320,28 @@ NTSTATUS gensec_generate_session_info(TALLOC_CTX
*mem_ctx,
struct auth_session_info **session_info)
{
NTSTATUS nt_status;
- uint32_t flags = AUTH_SESSION_INFO_DEFAULT_GROUPS;
+ uint32_t session_info_flags = 0;
+
+ if (gensec_security->want_features & GENSEC_FEATURE_UNIX_TOKEN) {
+ session_info_flags |= AUTH_SESSION_INFO_UNIX_TOKEN;
+ }
+
+ session_info_flags |= AUTH_SESSION_INFO_DEFAULT_GROUPS;
if (user_info_dc->info->authenticated) {
- flags |= AUTH_SESSION_INFO_AUTHENTICATED;
+ session_info_flags |= AUTH_SESSION_INFO_AUTHENTICATED;
}
+
if (gensec_security->auth_context) {
nt_status =
gensec_security->auth_context->generate_session_info(mem_ctx,
gensec_security->auth_context,
user_info_dc,
-
flags,
+
session_info_flags,
session_info);
} else {
- flags |= AUTH_SESSION_INFO_SIMPLE_PRIVILEGES;
+ session_info_flags |= AUTH_SESSION_INFO_SIMPLE_PRIVILEGES;
nt_status = auth_generate_session_info(mem_ctx,
NULL,
NULL,
- user_info_dc, flags,
+ user_info_dc,
session_info_flags,
session_info);
}
return nt_status;
diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h
index e42b4aa..322adce 100644
--- a/source4/auth/gensec/gensec.h
+++ b/source4/auth/gensec/gensec.h
@@ -59,6 +59,7 @@ struct gensec_target {
#define GENSEC_FEATURE_DATAGRAM_MODE 0x00000020
#define GENSEC_FEATURE_SIGN_PKT_HEADER 0x00000040
#define GENSEC_FEATURE_NEW_SPNEGO 0x00000080
+#define GENSEC_FEATURE_UNIX_TOKEN 0x00000100
/* GENSEC mode */
enum gensec_role
diff --git a/source4/auth/ntlm/auth.c b/source4/auth/ntlm/auth.c
index d2464c3..74e97cf 100644
--- a/source4/auth/ntlm/auth.c
+++ b/source4/auth/ntlm/auth.c
@@ -26,7 +26,7 @@
#include "auth/ntlm/auth_proto.h"
#include "param/param.h"
#include "dsdb/samdb/samdb.h"
-
+#include "libcli/wbclient/wbclient.h"
/***************************************************************************
Set a fixed challenge
@@ -407,16 +407,37 @@ _PUBLIC_ NTSTATUS auth_check_password_recv(struct
tevent_req *req,
}
/* Wrapper because we don't want to expose all callers to needing to
- * know that session_info is generated from the main ldb */
+ * know that session_info is generated from the main ldb, and because
+ * we need to break a depenency loop between the DCE/RPC layer and the
+ * generation of unix tokens via IRPC */
static NTSTATUS auth_generate_session_info_wrapper(TALLOC_CTX *mem_ctx,
struct auth4_context
*auth_context,
struct auth_user_info_dc
*user_info_dc,
uint32_t session_info_flags,
struct auth_session_info
**session_info)
{
- return auth_generate_session_info(mem_ctx, auth_context->lp_ctx,
- auth_context->sam_ctx, user_info_dc,
- session_info_flags, session_info);
+ NTSTATUS status = auth_generate_session_info(mem_ctx,
auth_context->lp_ctx,
+ auth_context->sam_ctx,
user_info_dc,
+ session_info_flags,
session_info);
+
+ if ((session_info_flags & AUTH_SESSION_INFO_UNIX_TOKEN)
+ && NT_STATUS_IS_OK(status)) {
+ struct wbc_context *wbc_ctx = wbc_init(auth_context,
+ auth_context->msg_ctx,
+ auth_context->event_ctx);
+ if (!wbc_ctx) {
+ TALLOC_FREE(*session_info);
+ DEBUG(1, ("Cannot contact winbind to provide unix
token\n"));
+ return NT_STATUS_INVALID_SERVER_STATE;
+ }
+ status = auth_session_info_fill_unix(wbc_ctx,
auth_context->lp_ctx,
+ *session_info);
+ if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(*session_info);
+ }
+ TALLOC_FREE(wbc_ctx);
+ }
+ return status;
}
/***************************************************************************
diff --git a/source4/auth/ntlm/wscript_build b/source4/auth/ntlm/wscript_build
index d954ec0..29e54fd 100644
--- a/source4/auth/ntlm/wscript_build
+++ b/source4/auth/ntlm/wscript_build
@@ -51,7 +51,7 @@ bld.SAMBA_MODULE('auth4_unix',
bld.SAMBA_LIBRARY('auth4',
source='auth.c auth_util.c auth_simple.c',
autoproto='auth_proto.h',
- deps='samba-util security samdb credentials UTIL_TEVENT',
+ deps='samba-util security samdb credentials UTIL_TEVENT LIBWBCLIENT_OLD
auth_unix_token',
private_library=True
)
diff --git a/source4/auth/session.c b/source4/auth/session.c
index 7a4dc54..805659c 100644
--- a/source4/auth/session.c
+++ b/source4/auth/session.c
@@ -32,6 +32,7 @@
#include "auth/session_proto.h"
#include "system/kerberos.h"
#include <gssapi/gssapi.h>
+#include "libcli/wbclient/wbclient.h"
_PUBLIC_ struct auth_session_info *anonymous_session(TALLOC_CTX *mem_ctx,
struct loadparm_context *lp_ctx)
@@ -335,4 +336,3 @@ void auth_session_info_debug(int dbg_lev,
security_token_debug(0, dbg_lev, session_info->security_token);
}
-
diff --git a/source4/auth/unix_token.c b/source4/auth/unix_token.c
new file mode 100644
index 0000000..b7657aa
--- /dev/null
+++ b/source4/auth/unix_token.c
@@ -0,0 +1,129 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ Deal with unix elements in the security token
+
+ Copyright (C) Andrew Tridgell 2004
+ Copyright (C) Andrew Bartlett 2011
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "auth/auth.h"
+#include "libcli/wbclient/wbclient.h"
+#include "param/param.h"
+
+/*
+ form a security_unix_token from the current security_token
+*/
+NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx,
+ struct wbc_context *wbc_ctx,
+ struct security_token *token,
+ struct security_unix_token **sec)
+{
+ int i;
+ NTSTATUS status;
+ struct id_map *ids;
+ struct composite_context *ctx;
+ *sec = talloc(mem_ctx, struct security_unix_token);
+
+ /* we can't do unix security without a user and group */
+ if (token->num_sids < 2) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ ids = talloc_array(mem_ctx, struct id_map, token->num_sids);
+ NT_STATUS_HAVE_NO_MEMORY(ids);
+
+ (*sec)->ngroups = token->num_sids - 2;
+ (*sec)->groups = talloc_array(*sec, gid_t, (*sec)->ngroups);
+ NT_STATUS_HAVE_NO_MEMORY((*sec)->groups);
+
+ for (i=0;i<token->num_sids;i++) {
+ ZERO_STRUCT(ids[i].xid);
+ ids[i].sid = &token->sids[i];
+ ids[i].status = ID_UNKNOWN;
+ }
+
+ ctx = wbc_sids_to_xids_send(wbc_ctx, ids, token->num_sids, ids);
+ NT_STATUS_HAVE_NO_MEMORY(ctx);
+
+ status = wbc_sids_to_xids_recv(ctx, &ids);
+ NT_STATUS_NOT_OK_RETURN(status);
+
+ if (ids[0].xid.type == ID_TYPE_BOTH ||
+ ids[0].xid.type == ID_TYPE_UID) {
+ (*sec)->uid = ids[0].xid.id;
+ } else {
+ return NT_STATUS_INVALID_SID;
+ }
+
+ if (ids[1].xid.type == ID_TYPE_BOTH ||
+ ids[1].xid.type == ID_TYPE_GID) {
+ (*sec)->gid = ids[1].xid.id;
+ } else {
+ return NT_STATUS_INVALID_SID;
+ }
+
+ for (i=0;i<(*sec)->ngroups;i++) {
+ if (ids[i+2].xid.type == ID_TYPE_BOTH ||
+ ids[i+2].xid.type == ID_TYPE_GID) {
+ (*sec)->groups[i] = ids[i+2].xid.id;
+ } else {
+ return NT_STATUS_INVALID_SID;
+ }
+ }
+
+ TALLOC_FREE(ids);
+
+ return NT_STATUS_OK;
+}
+
+/*
+ Fill in the auth_user_info_unix and auth_unix_token elements in a struct
session_info
+*/
+NTSTATUS auth_session_info_fill_unix( struct wbc_context *wbc_ctx,
+ struct loadparm_context *lp_ctx,
+ struct auth_session_info *session_info)
+{
+ char *su;
+ size_t len;
+ NTSTATUS status = security_token_to_unix_token(session_info, wbc_ctx,
+
session_info->security_token,
+
&session_info->unix_token);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ session_info->unix_info = talloc_zero(session_info, struct
auth_user_info_unix);
+ NT_STATUS_HAVE_NO_MEMORY(session_info->unix_info);
+
+ session_info->unix_info->system =
security_token_is_system(session_info->security_token);
+
+ session_info->unix_info->unix_name =
talloc_asprintf(session_info->unix_info,
+ "%s%s%s",
session_info->info->domain_name,
+
lpcfg_winbind_separator(lp_ctx),
+
session_info->info->account_name);
+ NT_STATUS_HAVE_NO_MEMORY(session_info->unix_info->unix_name);
+
+ len = strlen(session_info->info->account_name) + 1;
+ session_info->unix_info->sanitized_username = su =
talloc_array(session_info->unix_info, char, len);
+ NT_STATUS_HAVE_NO_MEMORY(su);
+
+ alpha_strcpy(su, session_info->info->account_name,
+ ". _-$", len);
+
+ return NT_STATUS_OK;
+}
diff --git a/source4/auth/wscript_build b/source4/auth/wscript_build
index d72086e..f7535c4 100644
--- a/source4/auth/wscript_build
+++ b/source4/auth/wscript_build
@@ -15,6 +15,12 @@ bld.SAMBA_SUBSYSTEM('auth_session',
deps='samdb auth4_sam'
)
+bld.SAMBA_SUBSYSTEM('auth_unix_token',
+ source='unix_token.c',
+ autoproto='unix_token_proto.h',
+ public_deps='LIBWBCLIENT_OLD',
+ )
+
bld.SAMBA_SUBSYSTEM('samba_server_gensec',
source='samba_server_gensec.c',
diff --git a/source4/lib/cmdline/popt_common.c
b/source4/lib/cmdline/popt_common.c
index af1e900..25b02b4 100644
--- a/source4/lib/cmdline/popt_common.c
+++ b/source4/lib/cmdline/popt_common.c
@@ -88,7 +88,7 @@ static void popt_samba_callback(poptContext con,
fault_setup();
/* and logging */
- setup_logging(pname, DEBUG_STDOUT);
+ setup_logging(pname, DEBUG_DEFAULT_STDOUT);
talloc_set_log_fn(popt_s4_talloc_log_fn);
talloc_set_abort_fn(smb_panic);
diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c
b/source4/ntvfs/unixuid/vfs_unixuid.c
index a8a4a98..0221b43 100644
--- a/source4/ntvfs/unixuid/vfs_unixuid.c
+++ b/source4/ntvfs/unixuid/vfs_unixuid.c
@@ -43,25 +43,17 @@ NTSTATUS ntvfs_unixuid_init(void);
struct unixuid_private {
struct wbc_context *wbc_ctx;
- struct unix_sec_ctx *last_sec_ctx;
+ struct security_unix_token *last_sec_ctx;
struct security_token *last_token;
};
-
-struct unix_sec_ctx {
- uid_t uid;
- gid_t gid;
- unsigned int ngroups;
- gid_t *groups;
-};
-
/*
- pull the current security context into a unix_sec_ctx
+ pull the current security context into a security_unix_token
*/
-static struct unix_sec_ctx *save_unix_security(TALLOC_CTX *mem_ctx)
+static struct security_unix_token *save_unix_security(TALLOC_CTX *mem_ctx)
{
- struct unix_sec_ctx *sec = talloc(mem_ctx, struct unix_sec_ctx);
+ struct security_unix_token *sec = talloc(mem_ctx, struct
security_unix_token);
if (sec == NULL) {
return NULL;
}
@@ -87,9 +79,9 @@ static struct unix_sec_ctx *save_unix_security(TALLOC_CTX
*mem_ctx)
}
/*
- set the current security context from a unix_sec_ctx
+ set the current security context from a security_unix_token
*/
-static NTSTATUS set_unix_security(struct unix_sec_ctx *sec)
+static NTSTATUS set_unix_security(struct security_unix_token *sec)
{
seteuid(0);
@@ -118,7 +110,7 @@ static int unixuid_event_nesting_hook(struct tevent_context
*ev,
void *stack_ptr,
const char *location)
{
- struct unix_sec_ctx *sec_ctx;
+ struct security_unix_token *sec_ctx;
if (unixuid_nesting_level == 0) {
/* we don't need to do anything unless we are nested
@@ -132,7 +124,7 @@ static int unixuid_event_nesting_hook(struct tevent_context
*ev,
DEBUG(0,("%s: Failed to save security context\n",
location));
return -1;
}
--
Samba Shared Repository
