diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2002-08-20 01:54:28 +0000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2002-08-20 01:54:28 +0000 |
| commit | 8674440d81f703cb59979426c92ed54de8e5f2ed (patch) | |
| tree | 033da6bfa721b02c1a087ee478d3593997f30e2a /source3/rpc_server | |
| parent | 03615599919f94c5ed56e9824343b02f4f3e0b71 (diff) | |
| download | samba-8674440d81f703cb59979426c92ed54de8e5f2ed.tar.gz samba-8674440d81f703cb59979426c92ed54de8e5f2ed.tar.bz2 samba-8674440d81f703cb59979426c92ed54de8e5f2ed.zip | |
Based orginally by work by Kai, this patch moves our NT_TOKEN generation into
our authenticaion code - removing some of the duplication from the current
code.
This also gets us *much* closer to supporting a real SAM backend, becouse the
SAM can give us the right info then.
This also changes our service.c code, so that we do a VUID (rather than uid)
cache on the connection struct, and do full NT ACL/NT_TOKEN checks (or cached
equivilant) on every packet, for the same r or rw mode the whole share was open
for.
Andrew Bartlett
(This used to be commit d8122cee059fc7098bfa7e42e638a9958b3ac902)
Diffstat (limited to 'source3/rpc_server')
| -rw-r--r-- | source3/rpc_server/srv_pipe.c | 35 | ||||
| -rw-r--r-- | source3/rpc_server/srv_srvsvc_nt.c | 6 |
2 files changed, 22 insertions, 19 deletions
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index b7be415abc..62e10c9965 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -427,27 +427,30 @@ failed authentication on named pipe %s.\n", domain, user_name, wks, p->name )); memcpy(p->session_key, server_info->session_key, sizeof(p->session_key)); - uid = pdb_get_uid(server_info->sam_account); - gid = pdb_get_gid(server_info->sam_account); - - p->pipe_user.uid = uid; - p->pipe_user.gid = gid; - - /* Set up pipe user group membership. */ - initialise_groups(p->pipe_user_name, p->pipe_user.uid, p->pipe_user.gid); - get_current_groups(p->pipe_user.gid, &p->pipe_user.ngroups, &p->pipe_user.groups); + p->pipe_user.uid = pdb_get_uid(server_info->sam_account); + p->pipe_user.gid = pdb_get_gid(server_info->sam_account); + + p->pipe_user.ngroups = server_info->n_groups; + if (p->pipe_user.ngroups) { + if (!(p->pipe_user.groups = memdup(server_info->groups, sizeof(gid_t) * p->pipe_user.ngroups))) { + DEBUG(0,("failed to memdup group list to p->pipe_user.groups\n")); + free_server_info(&server_info); + return False; + } + } if (server_info->ptok) - add_supplementary_nt_login_groups(&p->pipe_user.ngroups, &p->pipe_user.groups, &server_info->ptok); - - /* Create an NT_USER_TOKEN struct for this user. */ - p->pipe_user.nt_user_token = create_nt_token(p->pipe_user.uid,p->pipe_user.gid, - p->pipe_user.ngroups, p->pipe_user.groups, - server_info->guest, server_info->ptok); + p->pipe_user.nt_user_token = dup_nt_token(server_info->ptok); + else { + DEBUG(1,("Error: Authmodule failed to provide nt_user_token\n")); + p->pipe_user.nt_user_token = NULL; + free_server_info(&server_info); + return False; + } p->ntlmssp_auth_validated = True; - pdb_free_sam(&server_info->sam_account); + free_server_info(&server_info); return True; } diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c index 5c1038949b..69945b50b8 100644 --- a/source3/rpc_server/srv_srvsvc_nt.c +++ b/source3/rpc_server/srv_srvsvc_nt.c @@ -338,10 +338,10 @@ BOOL share_access_check(connection_struct *conn, int snum, user_struct *vuser, u if (!psd) goto out; - if (vuser) - token = vuser->nt_user_token; - else + if (conn->nt_user_token) token = conn->nt_user_token; + else + token = vuser->nt_user_token; ret = se_access_check(psd, token, desired_access, &granted, &status); |