summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2002-08-20 01:54:28 +0000
committerAndrew Bartlett <abartlet@samba.org>2002-08-20 01:54:28 +0000
commit8674440d81f703cb59979426c92ed54de8e5f2ed (patch)
tree033da6bfa721b02c1a087ee478d3593997f30e2a /source3/rpc_server
parent03615599919f94c5ed56e9824343b02f4f3e0b71 (diff)
downloadsamba-8674440d81f703cb59979426c92ed54de8e5f2ed.tar.gz
samba-8674440d81f703cb59979426c92ed54de8e5f2ed.tar.bz2
samba-8674440d81f703cb59979426c92ed54de8e5f2ed.zip
Based orginally by work by Kai, this patch moves our NT_TOKEN generation into
our authenticaion code - removing some of the duplication from the current code. This also gets us *much* closer to supporting a real SAM backend, becouse the SAM can give us the right info then. This also changes our service.c code, so that we do a VUID (rather than uid) cache on the connection struct, and do full NT ACL/NT_TOKEN checks (or cached equivilant) on every packet, for the same r or rw mode the whole share was open for. Andrew Bartlett (This used to be commit d8122cee059fc7098bfa7e42e638a9958b3ac902)
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/srv_pipe.c35
-rw-r--r--source3/rpc_server/srv_srvsvc_nt.c6
2 files changed, 22 insertions, 19 deletions
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index b7be415abc..62e10c9965 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -427,27 +427,30 @@ failed authentication on named pipe %s.\n", domain, user_name, wks, p->name ));
memcpy(p->session_key, server_info->session_key, sizeof(p->session_key));
- uid = pdb_get_uid(server_info->sam_account);
- gid = pdb_get_gid(server_info->sam_account);
-
- p->pipe_user.uid = uid;
- p->pipe_user.gid = gid;
-
- /* Set up pipe user group membership. */
- initialise_groups(p->pipe_user_name, p->pipe_user.uid, p->pipe_user.gid);
- get_current_groups(p->pipe_user.gid, &p->pipe_user.ngroups, &p->pipe_user.groups);
+ p->pipe_user.uid = pdb_get_uid(server_info->sam_account);
+ p->pipe_user.gid = pdb_get_gid(server_info->sam_account);
+
+ p->pipe_user.ngroups = server_info->n_groups;
+ if (p->pipe_user.ngroups) {
+ if (!(p->pipe_user.groups = memdup(server_info->groups, sizeof(gid_t) * p->pipe_user.ngroups))) {
+ DEBUG(0,("failed to memdup group list to p->pipe_user.groups\n"));
+ free_server_info(&server_info);
+ return False;
+ }
+ }
if (server_info->ptok)
- add_supplementary_nt_login_groups(&p->pipe_user.ngroups, &p->pipe_user.groups, &server_info->ptok);
-
- /* Create an NT_USER_TOKEN struct for this user. */
- p->pipe_user.nt_user_token = create_nt_token(p->pipe_user.uid,p->pipe_user.gid,
- p->pipe_user.ngroups, p->pipe_user.groups,
- server_info->guest, server_info->ptok);
+ p->pipe_user.nt_user_token = dup_nt_token(server_info->ptok);
+ else {
+ DEBUG(1,("Error: Authmodule failed to provide nt_user_token\n"));
+ p->pipe_user.nt_user_token = NULL;
+ free_server_info(&server_info);
+ return False;
+ }
p->ntlmssp_auth_validated = True;
- pdb_free_sam(&server_info->sam_account);
+ free_server_info(&server_info);
return True;
}
diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c
index 5c1038949b..69945b50b8 100644
--- a/source3/rpc_server/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srv_srvsvc_nt.c
@@ -338,10 +338,10 @@ BOOL share_access_check(connection_struct *conn, int snum, user_struct *vuser, u
if (!psd)
goto out;
- if (vuser)
- token = vuser->nt_user_token;
- else
+ if (conn->nt_user_token)
token = conn->nt_user_token;
+ else
+ token = vuser->nt_user_token;
ret = se_access_check(psd, token, desired_access, &granted, &status);