diff options
| author | Jeremy Allison <jra@samba.org> | 2000-08-02 02:11:55 +0000 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2000-08-02 02:11:55 +0000 |
| commit | 17dcd9a834fc915fb1ff2d8042a23000eeb7acfa (patch) | |
| tree | 18a9a8cfa2883baf163da29265fd08b8a3b81c9f /source3/smbd/sec_ctx.c | |
| parent | 7f36df301e28dc8ca0e5bfadc109d6e907d9ba2b (diff) | |
| download | samba-17dcd9a834fc915fb1ff2d8042a23000eeb7acfa.tar.gz samba-17dcd9a834fc915fb1ff2d8042a23000eeb7acfa.tar.bz2 samba-17dcd9a834fc915fb1ff2d8042a23000eeb7acfa.zip | |
Started to canonicalize our handling of uid -> sid code in order to
get ready and fix se_access_check().
Added cannonical lookup_name(), lookup_sid(), uid_to_sid(), gid_to_sid()
functions that look via winbind first the fall back on local lookup.
All Samba should use these rather than trying to call winbindd code
directly.
Added NT_USER_TOKEN struct in user_struct, contains list of NT sids
associated with this user.
se_access_check() should use this (cached) value rather than attempting
to do the same thing itself when given a uid/gid pair.
More work needs to be done to preserve these things accross security
context changes (especially with the tricky pipe problem) but I'm
beginning to see how this will be done..... probably by registering
a new vuid for an authenticated RPC pipe and not treating the
pipe calls specially.
More thoughts needed - but we're almost there...
Jeremy.
(This used to be commit 5e5cc6efe2e4687be59085f562caea1e2e05d0a8)
Diffstat (limited to 'source3/smbd/sec_ctx.c')
| -rw-r--r-- | source3/smbd/sec_ctx.c | 34 |
1 files changed, 27 insertions, 7 deletions
diff --git a/source3/smbd/sec_ctx.c b/source3/smbd/sec_ctx.c index f7ea1e2d86..432cb223e2 100644 --- a/source3/smbd/sec_ctx.c +++ b/source3/smbd/sec_ctx.c @@ -125,17 +125,37 @@ static void gain_root(void) /* Get the list of current groups */ -static void get_current_groups(int *ngroups, gid_t **groups) +int get_current_groups(int *p_ngroups, gid_t **p_groups) { - *ngroups = getgroups(0, NULL); - *groups = (gid_t *)malloc(*ngroups * sizeof(gid_t)); + int i; + gid_t grp; + int ngroups = sys_getgroups(0,&grp); + gid_t *groups; + + (*p_ngroups) = 0; + (*p_groups) = NULL; + + if (ngroups <= 0) + return -1; + + if((groups = (gid_t *)malloc(sizeof(gid_t)*ngroups)) == NULL) { + DEBUG(0,("setup_groups malloc fail !\n")); + return -1; + } + + if ((ngroups = sys_getgroups(ngroups,groups)) == -1) + return -1; + + (*p_ngroups) = ngroups; + (*p_groups) = groups; - if (!groups) { - DEBUG(0, ("Out of memory in get_current_groups\n")); - return; + DEBUG( 3, ( "get_current_groups: uid %u is in %u groups: ", (unsigned int)getuid() , ngroups ) ); + for (i = 0; i < ngroups; i++ ) { + DEBUG( 3, ( "%s%d", (i ? ", " : ""), (int)groups[i] ) ); } + DEBUG( 3, ( "\n" ) ); - getgroups(*ngroups, *groups); + return ngroups; } /* Create a new security context on the stack. It is the same as the old |