summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2007-05-17 22:27:42 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:22:12 -0500
commit0e9210d0eaf0c9de231e48e671cfb0861d62a1da (patch)
tree013ba32433f70b34da0418159800092c5514c9b6
parent78c59b56b7fa56e47ba4339928ee61137413354a (diff)
downloadsamba-0e9210d0eaf0c9de231e48e671cfb0861d62a1da.tar.gz
samba-0e9210d0eaf0c9de231e48e671cfb0861d62a1da.tar.bz2
samba-0e9210d0eaf0c9de231e48e671cfb0861d62a1da.zip
r22978: Don't use current_user to prep the security ctx in change_to_user
since any SID/uid/gid translation calls will reset the struct when popping the security ctx. This should fix the standalone server configuration issues reported by David Rankin (thanks for the logs). (This used to be commit 63cb25bad19d9600399a6ee2221497d71e805320)
-rw-r--r--source3/smbd/uid.c22
1 files changed, 15 insertions, 7 deletions
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index 8588580322..c6d4e3329c 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -156,7 +156,9 @@ BOOL change_to_user(connection_struct *conn, uint16 vuid)
char group_c;
BOOL must_free_token = False;
NT_USER_TOKEN *token = NULL;
-
+ int num_groups = 0;
+ gid_t *group_list = NULL;
+
if (!conn) {
DEBUG(2,("change_to_user: Connection not open\n"));
return(False);
@@ -195,14 +197,14 @@ BOOL change_to_user(connection_struct *conn, uint16 vuid)
if (conn->force_user) /* security = share sets this too */ {
uid = conn->uid;
gid = conn->gid;
- current_user.ut.groups = conn->groups;
- current_user.ut.ngroups = conn->ngroups;
+ group_list = conn->groups;
+ num_groups = conn->ngroups;
token = conn->nt_user_token;
} else if (vuser) {
uid = conn->admin_user ? 0 : vuser->uid;
gid = vuser->gid;
- current_user.ut.ngroups = vuser->n_groups;
- current_user.ut.groups = vuser->groups;
+ num_groups = vuser->n_groups;
+ group_list = vuser->groups;
token = vuser->nt_user_token;
} else {
DEBUG(2,("change_to_user: Invalid vuid used %d in accessing "
@@ -235,8 +237,8 @@ BOOL change_to_user(connection_struct *conn, uint16 vuid)
*/
int i;
- for (i = 0; i < current_user.ut.ngroups; i++) {
- if (current_user.ut.groups[i] == conn->gid) {
+ for (i = 0; i < num_groups; i++) {
+ if (group_list[i] == conn->gid) {
gid = conn->gid;
gid_to_sid(&token->user_sids[1], gid);
break;
@@ -248,6 +250,12 @@ BOOL change_to_user(connection_struct *conn, uint16 vuid)
}
}
+ /* Now set current_user since we will immediately also call
+ set_sec_ctx() */
+
+ current_user.ut.ngroups = num_groups;
+ current_user.ut.groups = group_list;
+
set_sec_ctx(uid, gid, current_user.ut.ngroups, current_user.ut.groups,
token);