diff options
author | Jeremy Allison <jra@samba.org> | 2000-08-09 18:40:48 +0000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2000-08-09 18:40:48 +0000 |
commit | e3048cfc0b324ec5ab825efe87eaa97cc9504c09 (patch) | |
tree | 3fb81ba3ab7fc70e83a8c6be499003627f4af6a4 /source3/smbd/uid.c | |
parent | fadb15da71d6143e622f7fb669080c5b882df48f (diff) | |
download | samba-e3048cfc0b324ec5ab825efe87eaa97cc9504c09.tar.gz samba-e3048cfc0b324ec5ab825efe87eaa97cc9504c09.tar.bz2 samba-e3048cfc0b324ec5ab825efe87eaa97cc9504c09.zip |
Fixed memory leak with NT tokens.
Added debug messages to se_access_check().
Added FULL_ACCESS acl to default acl on printers.
Jeremy.
(This used to be commit 7507f6f408cf8b0f8d7e2b3da54ce5fb5ef5343b)
Diffstat (limited to 'source3/smbd/uid.c')
-rw-r--r-- | source3/smbd/uid.c | 22 |
1 files changed, 20 insertions, 2 deletions
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c index fafcd71b1a..b28f056a30 100644 --- a/source3/smbd/uid.c +++ b/source3/smbd/uid.c @@ -89,6 +89,8 @@ BOOL become_user(connection_struct *conn, uint16 vuid) gid_t gid; uid_t uid; char group_c; + BOOL must_free_token = False; + NT_USER_TOKEN *token = NULL; if (!conn) { DEBUG(2,("Connection not open\n")); @@ -125,6 +127,7 @@ BOOL become_user(connection_struct *conn, uint16 vuid) gid = conn->gid; current_user.groups = conn->groups; current_user.ngroups = conn->ngroups; + token = conn->nt_user_token; } else { if (!vuser) { DEBUG(2,("Invalid vuid used %d\n",vuid)); @@ -134,6 +137,7 @@ BOOL become_user(connection_struct *conn, uint16 vuid) gid = vuser->gid; current_user.ngroups = vuser->n_groups; current_user.groups = vuser->groups; + token = vuser->nt_user_token; } /* @@ -162,13 +166,27 @@ BOOL become_user(connection_struct *conn, uint16 vuid) } else { gid = conn->gid; } + + /* + * We've changed the group list in the token - we must + * re-create it. + */ + + token = create_nt_token(uid, gid, current_user.ngroups, current_user.groups); + must_free_token = True; } - set_sec_ctx(uid, gid, current_user.ngroups, current_user.groups, current_user.nt_user_token); + set_sec_ctx(uid, gid, current_user.ngroups, current_user.groups, token); + + /* + * Free the new token (as set_sec_ctx copies it). + */ + + if (must_free_token) + delete_nt_token(&token); current_user.conn = conn; current_user.vuid = vuid; - current_user.nt_user_token = conn->nt_user_token; DEBUG(5,("become_user uid=(%d,%d) gid=(%d,%d)\n", (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid())); |