Some more sec_ctx changes. Modified some fields in the pipe_struct

structure so authenticated pipe users can have their unix groups set when
become_authenticated_pipe_user() is called.
(This used to be commit 55c9bf124dc661df43bfe582ef14b1297aeaf0fa)

5 files changed, 49 insertions, 39 deletions

diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h
index 424a99c700..7b652cad05 100644
--- a/source3/include/ntdomain.h
+++ b/source3/include/ntdomain.h
@@ -164,23 +164,23 @@ typedef struct pipes_struct
 	/*
 	 * Unix user name and credentials.
 	 */
-	fstring unix_user_name;
-	uid_t uid;
-	gid_t gid;
 
-    /*
-     * Set to true when an RPC bind has been done on this pipe.
-     */
-
-    BOOL pipe_bound;
-
-    /*
-     * Set to true when we should return fault PDU's for everything.
-     */
-
-    BOOL fault_state;
+	fstring pipe_user_name;
+	user_struct pipe_user;
 
 	/*
+	 * Set to true when an RPC bind has been done on this pipe.
+	 */
+	
+	BOOL pipe_bound;
+	
+	/*
+	 * Set to true when we should return fault PDU's for everything.
+	 */
+	
+	BOOL fault_state;
+	
+	/*
 	 * Struct to deal with multiple pdu inputs.
 	 */
 
diff --git a/source3/include/smb.h b/source3/include/smb.h
index cb53e7b59e..fdd987457b 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -1687,10 +1687,6 @@ struct ncacn_np
 #include "rpc_creds.h"
 #include "rpc_secdes.h"
 #include "nt_printing.h"
-#include "ntdomain.h"
-
-#include "client.h"
-#include "rpcclient.h"
 
 typedef struct
 {
@@ -1717,6 +1713,11 @@ typedef struct
 	struct dcinfo dc;
 } user_struct;
 
+#include "ntdomain.h"
+
+#include "client.h"
+#include "rpcclient.h"
+
 /*
  * Size of new password account encoding string. DO NOT CHANGE.
  */
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index a5d69efd7e..f6746367bb 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -260,7 +260,7 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlm
 	uchar lm_owf[24];
 	uchar nt_owf[24];
 	fstring user_name;
-	fstring unix_user_name;
+	fstring pipe_user_name;
 	fstring domain;
 	fstring wks;
 	BOOL guest_user = False;
@@ -272,7 +272,7 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlm
 	DEBUG(5,("api_pipe_ntlmssp_verify: checking user details\n"));
 
 	memset(p->user_name, '\0', sizeof(p->user_name));
-	memset(p->unix_user_name, '\0', sizeof(p->unix_user_name));
+	memset(p->pipe_user_name, '\0', sizeof(p->pipe_user_name));
 	memset(p->domain, '\0', sizeof(p->domain));
 	memset(p->wks, '\0', sizeof(p->wks));
 
@@ -317,8 +317,8 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlm
 	  {
 		guest_user = True;
 
-        fstrcpy(unix_user_name, lp_guestaccount(-1));
-		DEBUG(100,("Null user in NTLMSSP verification. Using guest = %s\n", unix_user_name));
+        fstrcpy(pipe_user_name, lp_guestaccount(-1));
+		DEBUG(100,("Null user in NTLMSSP verification. Using guest = %s\n", pipe_user_name));
 
 		smb_passwd_ptr = null_smb_passwd;
 
@@ -329,8 +329,8 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlm
 		 * function.
 		 */
 
-		fstrcpy(unix_user_name, user_name);
-		(void)map_username(unix_user_name);
+		fstrcpy(pipe_user_name, user_name);
+		(void)map_username(pipe_user_name);
 
 	 	/* 
 		 * Do the length checking only if user is not NULL.
@@ -353,8 +353,8 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlm
 	 * Find the user in the unix password db.
 	 */
 
-	if(!(pass = Get_Pwnam(unix_user_name,True))) {
-		DEBUG(1,("Couldn't find user '%s' in UNIX password database.\n",unix_user_name));
+	if(!(pass = Get_Pwnam(pipe_user_name,True))) {
+		DEBUG(1,("Couldn't find user '%s' in UNIX password database.\n",pipe_user_name));
 		return(False);
 	}
 
@@ -362,17 +362,17 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlm
 
 		become_root();
 
-		if(!(p->ntlmssp_auth_validated = pass_check_smb(unix_user_name, domain,
+		if(!(p->ntlmssp_auth_validated = pass_check_smb(pipe_user_name, domain,
 		                      (uchar*)p->challenge, lm_owf, nt_owf, NULL))) {
 			DEBUG(1,("api_pipe_ntlmssp_verify: User %s\\%s from machine %s \
-failed authentication on named pipe %s.\n", domain, unix_user_name, wks, p->name ));
+failed authentication on named pipe %s.\n", domain, pipe_user_name, wks, p->name ));
 			unbecome_root();
 			return False;
 		}
 
-		if(!(smb_pass = getsmbpwnam(unix_user_name))) {
+		if(!(smb_pass = getsmbpwnam(pipe_user_name))) {
 			DEBUG(1,("api_pipe_ntlmssp_verify: Cannot find user %s in smb passwd database.\n",
-				unix_user_name));
+				pipe_user_name));
 			unbecome_root();
 			return False;
 		}
@@ -381,18 +381,18 @@ failed authentication on named pipe %s.\n", domain, unix_user_name, wks, p->name
 
 		if (smb_pass == NULL) {
 			DEBUG(1,("api_pipe_ntlmssp_verify: Couldn't find user '%s' in smb_passwd file.\n", 
-				unix_user_name));
+				pipe_user_name));
 			return(False);
 		}
 
 		/* Quit if the account was disabled. */
 		if((smb_pass->acct_ctrl & ACB_DISABLED) || !smb_pass->smb_passwd) {
-			DEBUG(1,("Account for user '%s' was disabled.\n", unix_user_name));
+			DEBUG(1,("Account for user '%s' was disabled.\n", pipe_user_name));
 			return(False);
 		}
 
 		if(!smb_pass->smb_nt_passwd) {
-			DEBUG(1,("Account for user '%s' has no NT password hash.\n", unix_user_name));
+			DEBUG(1,("Account for user '%s' has no NT password hash.\n", pipe_user_name));
 			return(False);
 		}
 
@@ -439,7 +439,7 @@ failed authentication on named pipe %s.\n", domain, unix_user_name, wks, p->name
 	}
 
 	fstrcpy(p->user_name, user_name);
-	fstrcpy(p->unix_user_name, unix_user_name);
+	fstrcpy(p->pipe_user_name, pipe_user_name);
 	fstrcpy(p->domain, domain);
 	fstrcpy(p->wks, wks);
 
@@ -447,8 +447,10 @@ failed authentication on named pipe %s.\n", domain, unix_user_name, wks, p->name
 	 * Store the UNIX credential data (uid/gid pair) in the pipe structure.
 	 */
 
-	p->uid = pass->pw_uid;
-	p->gid = pass->pw_gid;
+	p->pipe_user.uid = pass->pw_uid;
+	p->pipe_user.gid = pass->pw_gid;
+
+	/* XXX also set up pipe user group membership */
 
 	p->ntlmssp_auth_validated = True;
 	return True;
diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c
index b11c76b75d..faba41b925 100644
--- a/source3/rpc_server/srv_pipe_hnd.c
+++ b/source3/rpc_server/srv_pipe_hnd.c
@@ -106,6 +106,8 @@ static BOOL pipe_init_outgoing_data(output_data *o_data)
  Attempt to find a remote process to communicate RPC's with.
 ****************************************************************************/
 
+#if 0
+
 static void attempt_remote_rpc_connect(pipes_struct *p)
 {
 	struct user_creds usr;
@@ -152,6 +154,8 @@ static void attempt_remote_rpc_connect(pipes_struct *p)
 		DEBUG(10,("attempt_remote_rpc_connect: msrpc redirect failed - using local implementation.\n"));
 }
 
+#endif
+
 /****************************************************************************
  Find first available pipe slot.
 ****************************************************************************/
@@ -248,8 +252,10 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name,
 	 */	
 	prs_init(&p->out_data.rdata, 0, 4, MARSHALL);
 	
-	p->uid = (uid_t)-1;
-	p->gid = (gid_t)-1;
+	ZERO_STRUCT(p->pipe_user);
+
+	p->pipe_user.uid = (uid_t)-1;
+	p->pipe_user.gid = (gid_t)-1;
 	
 	fstrcpy(p->name, pipe_name);
 	
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index e66abd1e98..2078bb5a7d 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -203,7 +203,8 @@ BOOL become_authenticated_pipe_user(pipes_struct *p)
 		return False;
 	}
 
-	set_sec_ctx(p->uid, p->gid, 0, NULL);  /* fix group stuff */
+	set_sec_ctx(p->pipe_user.uid, p->pipe_user.gid, 
+		    p->pipe_user.n_groups, p->pipe_user.groups);
 
 	return True;
 }