summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
authorTim Potter <tpot@samba.org>2000-06-23 05:49:11 +0000
committerTim Potter <tpot@samba.org>2000-06-23 05:49:11 +0000
commit8005c837f5425397131b0a798d63521f61e25375 (patch)
tree9592ff9f06c1886c665615c5827ae78eda76900e /source3/rpc_server
parent3396a1d97850bb705ead64857c22b60a855ccd5a (diff)
downloadsamba-8005c837f5425397131b0a798d63521f61e25375.tar.gz
samba-8005c837f5425397131b0a798d63521f61e25375.tar.bz2
samba-8005c837f5425397131b0a798d63521f61e25375.zip
I've been working on refactoring some of the mess that is the become_user()
code. This code is now implemented as a stack of security contexts, where a security context is defined as a set of effective user, group and supplementary group ids. The following functions are implemented: BOOL push_sec_ctx(void); Create a new security context on the stack which is the same as the current security context. void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups); Set the current security context to a given set of user and group ids. void set_root_sec_ctx(void); Set to uid = gid = 0. No supplementary groups are set. BOOL pop_sec_ctx(void); Pop a security context from the stack and restore the user and group permissions of the previous context. void init_sec_ctx(void); Initialise the security context stack. This must be called before any of the other operations are used or weird things may happen. The idea is that there is a base security context which is either root or some authenticated unix user. Other security contexts can be pushed and popped as needed for things like changing passwords, or rpc pipe operations where the rpc pipe user is different from the smb user. (This used to be commit 87c78d6d5a6bf8d0907d6f8ef5ee0d642946cad3)
Diffstat (limited to 'source3/rpc_server')
0 files changed, 0 insertions, 0 deletions