summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2000-08-09 18:40:48 +0000
committerJeremy Allison <jra@samba.org>2000-08-09 18:40:48 +0000
commite3048cfc0b324ec5ab825efe87eaa97cc9504c09 (patch)
tree3fb81ba3ab7fc70e83a8c6be499003627f4af6a4 /source3/smbd
parentfadb15da71d6143e622f7fb669080c5b882df48f (diff)
downloadsamba-e3048cfc0b324ec5ab825efe87eaa97cc9504c09.tar.gz
samba-e3048cfc0b324ec5ab825efe87eaa97cc9504c09.tar.bz2
samba-e3048cfc0b324ec5ab825efe87eaa97cc9504c09.zip
Fixed memory leak with NT tokens.
Added debug messages to se_access_check(). Added FULL_ACCESS acl to default acl on printers. Jeremy. (This used to be commit 7507f6f408cf8b0f8d7e2b3da54ce5fb5ef5343b)
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/sec_ctx.c17
-rw-r--r--source3/smbd/uid.c22
2 files changed, 32 insertions, 7 deletions
diff --git a/source3/smbd/sec_ctx.c b/source3/smbd/sec_ctx.c
index 118c2f46b6..f185ffcdaa 100644
--- a/source3/smbd/sec_ctx.c
+++ b/source3/smbd/sec_ctx.c
@@ -221,15 +221,17 @@ BOOL push_sec_ctx(void)
/* Check we don't overflow our stack */
- if (sec_ctx_stack_ndx == (MAX_SEC_CTX_DEPTH)) {
+ if (sec_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) {
DEBUG(0, ("Security context stack overflow!\n"));
- return False;
+ smb_panic("Security context stack overflow!\n");
}
/* Store previous user context */
sec_ctx_stack_ndx++;
+ DEBUG(3, ("push_sec_ctx() : sec_ctx_stack_ndx = %d\n", sec_ctx_stack_ndx ));
+
ctx_p = &sec_ctx_stack[sec_ctx_stack_ndx];
ctx_p->uid = geteuid();
@@ -264,7 +266,7 @@ void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN
/* Set the security context */
- DEBUG(3, ("setting sec ctx (%d, %d)\n", uid, gid));
+ DEBUG(3, ("setting sec ctx (%d, %d) - sec_ctx_stack_ndx = %d\n", uid, gid, sec_ctx_stack_ndx));
gain_root();
@@ -275,6 +277,11 @@ void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN
ctx_p->ngroups = ngroups;
safe_free(ctx_p->groups);
+#if 1 /* JRATEST */
+ if (token && (token == ctx_p->token))
+ smb_panic("DUPLICATE_TOKEN");
+#endif
+
delete_nt_token(&ctx_p->token);
ctx_p->groups = memdup(groups, sizeof(gid_t) * ngroups);
@@ -318,7 +325,7 @@ BOOL pop_sec_ctx(void)
if (sec_ctx_stack_ndx == 0) {
DEBUG(0, ("Security context stack underflow!\n"));
- return False;
+ smb_panic("Security context stack underflow!\n");
}
ctx_p = &sec_ctx_stack[sec_ctx_stack_ndx];
@@ -355,7 +362,7 @@ BOOL pop_sec_ctx(void)
current_user.groups = prev_ctx_p->groups;
current_user.nt_user_token = prev_ctx_p->token;
- DEBUG(3, ("popped off to sec ctx (%d, %d)\n", geteuid(), getegid()));
+ DEBUG(3, ("pop_sec_ctx (%d, %d) - sec_ctx_stack_ndx = %d\n", geteuid(), getegid(), sec_ctx_stack_ndx));
return True;
}
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index fafcd71b1a..b28f056a30 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -89,6 +89,8 @@ BOOL become_user(connection_struct *conn, uint16 vuid)
gid_t gid;
uid_t uid;
char group_c;
+ BOOL must_free_token = False;
+ NT_USER_TOKEN *token = NULL;
if (!conn) {
DEBUG(2,("Connection not open\n"));
@@ -125,6 +127,7 @@ BOOL become_user(connection_struct *conn, uint16 vuid)
gid = conn->gid;
current_user.groups = conn->groups;
current_user.ngroups = conn->ngroups;
+ token = conn->nt_user_token;
} else {
if (!vuser) {
DEBUG(2,("Invalid vuid used %d\n",vuid));
@@ -134,6 +137,7 @@ BOOL become_user(connection_struct *conn, uint16 vuid)
gid = vuser->gid;
current_user.ngroups = vuser->n_groups;
current_user.groups = vuser->groups;
+ token = vuser->nt_user_token;
}
/*
@@ -162,13 +166,27 @@ BOOL become_user(connection_struct *conn, uint16 vuid)
} else {
gid = conn->gid;
}
+
+ /*
+ * We've changed the group list in the token - we must
+ * re-create it.
+ */
+
+ token = create_nt_token(uid, gid, current_user.ngroups, current_user.groups);
+ must_free_token = True;
}
- set_sec_ctx(uid, gid, current_user.ngroups, current_user.groups, current_user.nt_user_token);
+ set_sec_ctx(uid, gid, current_user.ngroups, current_user.groups, token);
+
+ /*
+ * Free the new token (as set_sec_ctx copies it).
+ */
+
+ if (must_free_token)
+ delete_nt_token(&token);
current_user.conn = conn;
current_user.vuid = vuid;
- current_user.nt_user_token = conn->nt_user_token;
DEBUG(5,("become_user uid=(%d,%d) gid=(%d,%d)\n",
(int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid()));