diff options
| author | Jeremy Allison <jra@samba.org> | 2006-12-10 05:23:47 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:16:24 -0500 |
| commit | 25d6eaae8d0d885add7e64b96df7a489328c6b0f (patch) | |
| tree | 431680de76ddff114e445d656f599f8b0fb3a667 /source3/smbd/service.c | |
| parent | af0f14e3a72756dfaff36e0106ae0f7eaac06633 (diff) | |
| download | samba-25d6eaae8d0d885add7e64b96df7a489328c6b0f.tar.gz samba-25d6eaae8d0d885add7e64b96df7a489328c6b0f.tar.bz2 samba-25d6eaae8d0d885add7e64b96df7a489328c6b0f.zip | |
r20098: Properly fix issues with create_token_from_username()
reported by James. Ensure that this function allocates
everything on the temporary context except the return
memory. Never call this with a null mem context, and
now use conn->mem_ctx instead in smbd/service.c.
Remove separate free functions for conn->ngroups
and conn->nt_user_token as they are now always
talloc'ed off the conn->mem_ctx. Future optimization
will be to remove conn->mem_ctx and make all objects
pointed to in the conn struct talloc'ed off conn itself.
Easy to free then :-).
Jeremy.
(This used to be commit f83b6de44f1058811ff94ac72a8a71bd8e49e4e8)
Diffstat (limited to 'source3/smbd/service.c')
| -rw-r--r-- | source3/smbd/service.c | 50 |
1 files changed, 17 insertions, 33 deletions
diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 08370b1c80..9b6743f76b 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -468,43 +468,28 @@ static NTSTATUS share_sanity_checks(int snum, fstring dev) return NT_STATUS_OK; } -static NTSTATUS find_forced_user(int snum, BOOL vuser_is_guest, - uid_t *uid, gid_t *gid, fstring username, - struct nt_user_token **token) +static NTSTATUS find_forced_user(connection_struct *conn, BOOL vuser_is_guest, fstring username) { - TALLOC_CTX *mem_ctx; + int snum = conn->params->service; char *fuser, *found_username; - struct nt_user_token *tmp_token; NTSTATUS result; - if (!(mem_ctx = talloc_new(NULL))) { - DEBUG(0, ("talloc_new failed\n")); - return NT_STATUS_NO_MEMORY; - } - - if (!(fuser = talloc_string_sub(mem_ctx, lp_force_user(snum), "%S", + if (!(fuser = talloc_string_sub(conn->mem_ctx, lp_force_user(snum), "%S", lp_servicename(snum)))) { - TALLOC_FREE(mem_ctx); return NT_STATUS_NO_MEMORY; - } - result = create_token_from_username(mem_ctx, fuser, vuser_is_guest, - uid, gid, &found_username, - &tmp_token); + result = create_token_from_username(conn->mem_ctx, fuser, vuser_is_guest, + &conn->uid, &conn->gid, &found_username, + &conn->nt_user_token); if (!NT_STATUS_IS_OK(result)) { - TALLOC_FREE(mem_ctx); return result; } - if (!(*token = dup_nt_token(NULL, tmp_token))) { - TALLOC_FREE(mem_ctx); - return NT_STATUS_NO_MEMORY; - } - fstrcpy(username, found_username); - TALLOC_FREE(mem_ctx); + TALLOC_FREE(fuser); + TALLOC_FREE(found_username); return NT_STATUS_OK; } @@ -638,6 +623,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, return NULL; } + conn->params->service = snum; conn->nt_user_token = NULL; if (lp_guest_only(snum)) { @@ -654,12 +640,12 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, *status = NT_STATUS_NO_SUCH_USER; return NULL; } - status2 = create_token_from_username(NULL, pass->pw_name, True, + status2 = create_token_from_username(conn->mem_ctx, pass->pw_name, True, &conn->uid, &conn->gid, &found_username, &conn->nt_user_token); if (!NT_STATUS_IS_OK(status2)) { - TALLOC_FREE(found_username); + TALLOC_FREE(pass); conn_free(conn); *status = status2; return NULL; @@ -701,6 +687,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, } else if (lp_security() == SEC_SHARE) { NTSTATUS status2; char *found_username = NULL; + /* add it as a possible user name if we are in share mode security */ add_session_user(lp_servicename(snum)); @@ -713,12 +700,11 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, return NULL; } pass = Get_Pwnam(user); - status2 = create_token_from_username(NULL, pass->pw_name, True, + status2 = create_token_from_username(conn->mem_ctx, pass->pw_name, True, &conn->uid, &conn->gid, &found_username, &conn->nt_user_token); if (!NT_STATUS_IS_OK(status2)) { - TALLOC_FREE(found_username); conn_free(conn); *status = status2; return NULL; @@ -740,7 +726,6 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, sizeof(conn->client_address)-1); conn->num_files_open = 0; conn->lastused = conn->lastused_count = time(NULL); - conn->params->service = snum; conn->used = True; conn->printer = (strncmp(dev,"LPT",3) == 0); conn->ipc = ( (strncmp(dev,"IPC",3) == 0) || @@ -778,10 +763,9 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, if (*lp_force_user(snum)) { NTSTATUS status2; - status2 = find_forced_user(snum, - (vuser != NULL) && vuser->guest, - &conn->uid, &conn->gid, user, - &conn->nt_user_token); + status2 = find_forced_user(conn, + (vuser != NULL) && vuser->guest, + user); if (!NT_STATUS_IS_OK(status2)) { conn_free(conn); *status = status2; @@ -858,7 +842,7 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, sid_string_static(sid))); continue; } - if (!add_gid_to_array_unique(NULL, gid, &conn->groups, + if (!add_gid_to_array_unique(conn->mem_ctx, gid, &conn->groups, &conn->ngroups)) { DEBUG(0, ("add_gid_to_array_unique failed\n")); conn_free(conn); |