Fixed memory leak with NT tokens.

Added debug messages to se_access_check().
Added FULL_ACCESS acl to default acl on printers.
Jeremy.
(This used to be commit 7507f6f408cf8b0f8d7e2b3da54ce5fb5ef5343b)

2 files changed, 32 insertions, 7 deletions

diff --git a/source3/smbd/sec_ctx.c b/source3/smbd/sec_ctx.c
index 118c2f46b6..f185ffcdaa 100644
--- a/source3/smbd/sec_ctx.c
+++ b/source3/smbd/sec_ctx.c
@@ -221,15 +221,17 @@ BOOL push_sec_ctx(void)
 
 	/* Check we don't overflow our stack */
 
-	if (sec_ctx_stack_ndx == (MAX_SEC_CTX_DEPTH)) {
+	if (sec_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) {
 		DEBUG(0, ("Security context stack overflow!\n"));
-		return False;
+		smb_panic("Security context stack overflow!\n");
 	}
 
 	/* Store previous user context */
 
 	sec_ctx_stack_ndx++;
 
+	DEBUG(3, ("push_sec_ctx() : sec_ctx_stack_ndx = %d\n", sec_ctx_stack_ndx ));
+
 	ctx_p = &sec_ctx_stack[sec_ctx_stack_ndx];
 
 	ctx_p->uid = geteuid();
@@ -264,7 +266,7 @@ void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN
 
 	/* Set the security context */
 
-	DEBUG(3, ("setting sec ctx (%d, %d)\n", uid, gid));
+	DEBUG(3, ("setting sec ctx (%d, %d) - sec_ctx_stack_ndx = %d\n", uid, gid, sec_ctx_stack_ndx));
 
 	gain_root();
 
@@ -275,6 +277,11 @@ void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN
 	ctx_p->ngroups = ngroups;
 
 	safe_free(ctx_p->groups);
+#if 1 /* JRATEST */
+	if (token && (token == ctx_p->token))
+		smb_panic("DUPLICATE_TOKEN");
+#endif
+
 	delete_nt_token(&ctx_p->token);
 	
 	ctx_p->groups = memdup(groups, sizeof(gid_t) * ngroups);
@@ -318,7 +325,7 @@ BOOL pop_sec_ctx(void)
 
 	if (sec_ctx_stack_ndx == 0) {
 		DEBUG(0, ("Security context stack underflow!\n"));
-		return False;
+		smb_panic("Security context stack underflow!\n");
 	}
 
 	ctx_p = &sec_ctx_stack[sec_ctx_stack_ndx];
@@ -355,7 +362,7 @@ BOOL pop_sec_ctx(void)
 	current_user.groups = prev_ctx_p->groups;
 	current_user.nt_user_token = prev_ctx_p->token;
 
-	DEBUG(3, ("popped off to sec ctx (%d, %d)\n", geteuid(), getegid()));
+	DEBUG(3, ("pop_sec_ctx (%d, %d) - sec_ctx_stack_ndx = %d\n", geteuid(), getegid(), sec_ctx_stack_ndx));
 
 	return True;
 }
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index fafcd71b1a..b28f056a30 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -89,6 +89,8 @@ BOOL become_user(connection_struct *conn, uint16 vuid)
 	gid_t gid;
 	uid_t uid;
 	char group_c;
+	BOOL must_free_token = False;
+	NT_USER_TOKEN *token = NULL;
 
 	if (!conn) {
 		DEBUG(2,("Connection not open\n"));
@@ -125,6 +127,7 @@ BOOL become_user(connection_struct *conn, uint16 vuid)
 		gid = conn->gid;
 		current_user.groups = conn->groups;
 		current_user.ngroups = conn->ngroups;
+		token = conn->nt_user_token;
 	} else {
 		if (!vuser) {
 			DEBUG(2,("Invalid vuid used %d\n",vuid));
@@ -134,6 +137,7 @@ BOOL become_user(connection_struct *conn, uint16 vuid)
 		gid = vuser->gid;
 		current_user.ngroups = vuser->n_groups;
 		current_user.groups  = vuser->groups;
+		token = vuser->nt_user_token;
 	}
 
 	/*
@@ -162,13 +166,27 @@ BOOL become_user(connection_struct *conn, uint16 vuid)
 		} else {
 			gid = conn->gid;
 		}
+
+		/*
+		 * We've changed the group list in the token - we must
+		 * re-create it.
+		 */
+
+		token = create_nt_token(uid, gid, current_user.ngroups, current_user.groups);
+		must_free_token = True;
 	}
 	
-	set_sec_ctx(uid, gid, current_user.ngroups, current_user.groups, current_user.nt_user_token);
+	set_sec_ctx(uid, gid, current_user.ngroups, current_user.groups, token);
+
+	/*
+	 * Free the new token (as set_sec_ctx copies it).
+	 */
+
+	if (must_free_token)
+		delete_nt_token(&token);
 
 	current_user.conn = conn;
 	current_user.vuid = vuid;
-	current_user.nt_user_token = conn->nt_user_token;
 
 	DEBUG(5,("become_user uid=(%d,%d) gid=(%d,%d)\n",
 		 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));