diff options
| author | David O'Neill <dmo@samba.org> | 2001-01-04 19:27:08 +0000 |
|---|---|---|
| committer | David O'Neill <dmo@samba.org> | 2001-01-04 19:27:08 +0000 |
| commit | 23807f2b308e80a1e325c8fd2bddeec3e2e15bc5 (patch) | |
| tree | 744ac3d0a34255dcfdadd83060ae9687e1a9fa1e /source3/smbd | |
| parent | 92ebc81734a8a4165f88eeba9c05a05ea2917584 (diff) | |
| download | samba-23807f2b308e80a1e325c8fd2bddeec3e2e15bc5.tar.gz samba-23807f2b308e80a1e325c8fd2bddeec3e2e15bc5.tar.bz2 samba-23807f2b308e80a1e325c8fd2bddeec3e2e15bc5.zip | |
Changes from APPLIANCE_HEAD:
source/Makefile.in
- changes to ctags and etags rules that somehow got lost along the way.
source/include/proto.h
- make proto
source/smbd/sec_ctx.c
source/smbd/password.c
- merge debugs for debugging user groups and NT token stuff.
source/lib/util_str.c
- capitalise domain name returned from parse_domain_user()
source/nsswitch/wb_client.c
- fix broken conditional in debug statement.
source/include/rpc_secdes.h
source/include/rpc_spoolss.h
source/printing/nt_printing.c
source/lib/util_seaccess.c
- fix printer permission bugs related to ACE masks for printers.
This adds mapping of generic access rights to object specific
rights for NT printers. Still need to work out whether or not to
ignore ACEs with certain flags set, though. See comments in
util_seaccess.c:check_ace() for details.
source/printing/nt_printing.c
source/printing/printing.c
- use PRINTER_ACCESS_ADMINISTER instead of JOB_ACCESS_ADMINISTER
until we sort out printer/printjob permission stuff.
(This used to be commit 1dba9c5cd1e6389734c648f6903abcb7c8d5b2f0)
Diffstat (limited to 'source3/smbd')
| -rw-r--r-- | source3/smbd/password.c | 8 | ||||
| -rw-r--r-- | source3/smbd/sec_ctx.c | 14 | ||||
| -rw-r--r-- | source3/smbd/service.c | 2 |
3 files changed, 22 insertions, 2 deletions
diff --git a/source3/smbd/password.c b/source3/smbd/password.c index c2bcac339e..69ba042155 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -176,6 +176,7 @@ NT_USER_TOKEN *create_nt_token(uid_t uid, gid_t gid, int ngroups, gid_t *groups, DOM_SID *psids; int i, psid_ndx = 0; size_t num_sids = 0; + fstring sid_str; if ((token = (NT_USER_TOKEN *)malloc( sizeof(NT_USER_TOKEN) ) ) == NULL) return NULL; @@ -229,6 +230,13 @@ NT_USER_TOKEN *create_nt_token(uid_t uid, gid_t gid, int ngroups, gid_t *groups, token->num_sids = psid_ndx; + /* Dump list of sids in token */ + + for (i = 0; i < token->num_sids; i++) { + DEBUG(5, ("user token sid %s\n", + sid_to_string(sid_str, &token->user_sids[i]))); + } + return token; } diff --git a/source3/smbd/sec_ctx.c b/source3/smbd/sec_ctx.c index eaaae9ace7..f3cc9e04e0 100644 --- a/source3/smbd/sec_ctx.c +++ b/source3/smbd/sec_ctx.c @@ -305,11 +305,23 @@ BOOL push_sec_ctx(void) void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN *token) { struct sec_ctx *ctx_p = &sec_ctx_stack[sec_ctx_stack_ndx]; - + /* Set the security context */ DEBUG(3, ("setting sec ctx (%d, %d) - sec_ctx_stack_ndx = %d\n", uid, gid, sec_ctx_stack_ndx)); + if (ngroups) { + int i; + + DEBUG(3, ("%d user groups: \n", ngroups)); + for (i = 0; i < ngroups; i++) { + DEBUGADD(3, ("%d ", groups[i])); + } + + DEBUG(3, ("\n")); + } + + gain_root(); #ifdef HAVE_SETGROUPS diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 0713c0e49d..4670d601d7 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -468,7 +468,7 @@ connection_struct *make_connection(char *service,char *user,char *password, int return NULL; } - conn->nt_user_token = create_nt_token(conn->uid, conn->gid, + conn->nt_user_token = create_nt_token(conn->uid, conn->gid, conn->ngroups, conn->groups, guest); |