summaryrefslogtreecommitdiff
path: root/source4/auth
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2011-10-17 14:20:45 +0200
committerStefan Metzmacher <metze@samba.org>2011-10-18 10:39:54 +0200
commit9b407ee6d54601aca8ee157c9afc2a1d3e9b07ed (patch)
tree91ea7313c76e4c205073e3edee235ec577e36d09 /source4/auth
parent5954a37997a786a8808ee2544b594a0c90f1c893 (diff)
downloadsamba-9b407ee6d54601aca8ee157c9afc2a1d3e9b07ed.tar.gz
samba-9b407ee6d54601aca8ee157c9afc2a1d3e9b07ed.tar.bz2
samba-9b407ee6d54601aca8ee157c9afc2a1d3e9b07ed.zip
s4:auth/unix_token: match s3 behavior and add uid/gid to the groups array
If mappings use ID_TYPE_BOTH. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Oct 18 10:39:54 CEST 2011 on sn-devel-104
Diffstat (limited to 'source4/auth')
-rw-r--r--source4/auth/unix_token.c48
1 files changed, 31 insertions, 17 deletions
diff --git a/source4/auth/unix_token.c b/source4/auth/unix_token.c
index b7657aad63..765bf06188 100644
--- a/source4/auth/unix_token.c
+++ b/source4/auth/unix_token.c
@@ -33,28 +33,27 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx,
struct security_token *token,
struct security_unix_token **sec)
{
- int i;
+ uint32_t s, g;
NTSTATUS status;
struct id_map *ids;
struct composite_context *ctx;
- *sec = talloc(mem_ctx, struct security_unix_token);
/* we can't do unix security without a user and group */
if (token->num_sids < 2) {
return NT_STATUS_ACCESS_DENIED;
}
- ids = talloc_array(mem_ctx, struct id_map, token->num_sids);
- NT_STATUS_HAVE_NO_MEMORY(ids);
+ *sec = talloc_zero(mem_ctx, struct security_unix_token);
+ if (*sec == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
- (*sec)->ngroups = token->num_sids - 2;
- (*sec)->groups = talloc_array(*sec, gid_t, (*sec)->ngroups);
- NT_STATUS_HAVE_NO_MEMORY((*sec)->groups);
+ ids = talloc_zero_array(mem_ctx, struct id_map, token->num_sids);
+ NT_STATUS_HAVE_NO_MEMORY(ids);
- for (i=0;i<token->num_sids;i++) {
- ZERO_STRUCT(ids[i].xid);
- ids[i].sid = &token->sids[i];
- ids[i].status = ID_UNKNOWN;
+ for (s=0; s < token->num_sids; s++) {
+ ids[s].sid = &token->sids[s];
+ ids[s].status = ID_UNKNOWN;
}
ctx = wbc_sids_to_xids_send(wbc_ctx, ids, token->num_sids, ids);
@@ -63,8 +62,20 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx,
status = wbc_sids_to_xids_recv(ctx, &ids);
NT_STATUS_NOT_OK_RETURN(status);
- if (ids[0].xid.type == ID_TYPE_BOTH ||
- ids[0].xid.type == ID_TYPE_UID) {
+ g = token->num_sids;
+ if (ids[0].xid.type != ID_TYPE_BOTH) {
+ g--;
+ }
+ (*sec)->ngroups = g;
+ (*sec)->groups = talloc_array(*sec, gid_t, (*sec)->ngroups);
+ NT_STATUS_HAVE_NO_MEMORY((*sec)->groups);
+
+ g=0;
+ if (ids[0].xid.type == ID_TYPE_BOTH) {
+ (*sec)->uid = ids[0].xid.id;
+ (*sec)->groups[g] = ids[0].xid.id;
+ g++;
+ } else if (ids[0].xid.type == ID_TYPE_UID) {
(*sec)->uid = ids[0].xid.id;
} else {
return NT_STATUS_INVALID_SID;
@@ -73,14 +84,17 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx,
if (ids[1].xid.type == ID_TYPE_BOTH ||
ids[1].xid.type == ID_TYPE_GID) {
(*sec)->gid = ids[1].xid.id;
+ (*sec)->groups[g] = ids[1].xid.id;
+ g++;
} else {
return NT_STATUS_INVALID_SID;
}
- for (i=0;i<(*sec)->ngroups;i++) {
- if (ids[i+2].xid.type == ID_TYPE_BOTH ||
- ids[i+2].xid.type == ID_TYPE_GID) {
- (*sec)->groups[i] = ids[i+2].xid.id;
+ for (s=2; s < token->num_sids; s++) {
+ if (ids[s].xid.type == ID_TYPE_BOTH ||
+ ids[s].xid.type == ID_TYPE_GID) {
+ (*sec)->groups[g] = ids[s].xid.id;
+ g++;
} else {
return NT_STATUS_INVALID_SID;
}