summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2000-12-12 20:41:02 +0000
committerJeremy Allison <jra@samba.org>2000-12-12 20:41:02 +0000
commitcade42c05b4d050f0b222594e1d1ccc13097c339 (patch)
treee4973cd7c5ebdc2c09bd4876dd33a4f9ef659763 /source3
parent40890119643b6a44ff381d50db4f446c334ce75e (diff)
downloadsamba-cade42c05b4d050f0b222594e1d1ccc13097c339.tar.gz
samba-cade42c05b4d050f0b222594e1d1ccc13097c339.tar.bz2
samba-cade42c05b4d050f0b222594e1d1ccc13097c339.zip
Fixed bug noticed by JF. se_access_check needs user SID as first in token.
Jeremy. (This used to be commit f0d7867801e3f78bfc55fdb36ca965e35457f51b)
Diffstat (limited to 'source3')
-rw-r--r--source3/smbd/password.c33
1 files changed, 23 insertions, 10 deletions
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 193653a867..1924bf3217 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -192,28 +192,41 @@ NT_USER_TOKEN *create_nt_token(uid_t uid, gid_t gid, int ngroups, gid_t *groups,
psids = token->user_sids;
- sid_copy( &psids[psid_ndx++], &global_sid_World);
- sid_copy( &psids[psid_ndx++], &global_sid_Network);
-
/*
- * The only difference between guest and "anonymous" (which we
- * don't really support) is the addition of Authenticated_Users.
+ * Note - user SID *MUST* be first in token !
+ * se_access_check depends on this.
*/
- if (is_guest)
- sid_copy( &psids[psid_ndx++], &global_sid_Builtin_Guests);
- else
- sid_copy( &psids[psid_ndx++], &global_sid_Authenticated_Users);
-
uid_to_sid( &psids[psid_ndx++], uid);
+
+ /*
+ * Primary group SID is second in token. Convention.
+ */
+
gid_to_sid( &psids[psid_ndx++], gid);
+ /* Now add the group SIDs. */
+
for (i = 0; i < ngroups; i++) {
if (groups[i] != gid) {
gid_to_sid( &psids[psid_ndx++], groups[i]);
}
}
+ /*
+ * Finally add the "standard" SIDs.
+ * The only difference between guest and "anonymous" (which we
+ * don't really support) is the addition of Authenticated_Users.
+ */
+
+ sid_copy( &psids[psid_ndx++], &global_sid_World);
+ sid_copy( &psids[psid_ndx++], &global_sid_Network);
+
+ if (is_guest)
+ sid_copy( &psids[psid_ndx++], &global_sid_Builtin_Guests);
+ else
+ sid_copy( &psids[psid_ndx++], &global_sid_Authenticated_Users);
+
token->num_sids = psid_ndx;
return token;