diff options
| -rw-r--r-- | source3/Makefile.in | 8 | ||||
| -rw-r--r-- | source3/lib/replace.c | 64 | ||||
| -rw-r--r-- | source3/lib/system_smbd.c | 105 | ||||
| -rw-r--r-- | source3/lib/util_getent.c | 35 | ||||
| -rw-r--r-- | source3/lib/util_smbd.c | 65 |
5 files changed, 176 insertions, 101 deletions
diff --git a/source3/Makefile.in b/source3/Makefile.in index 696a80c412..2db6d55011 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -140,6 +140,8 @@ LIB_OBJ = lib/charcnv.o lib/debug.o lib/fault.o \ lib/pam_errors.o intl/lang_tdb.o lib/account_pol.o \ lib/adt_tree.o lib/popt_common.o $(TDB_OBJ) +LIB_SMBD_OBJ = lib/system_smbd.o lib/util_smbd.o + READLINE_OBJ = lib/readline.o UBIQX_OBJ = ubiqx/ubi_BinTree.o ubiqx/ubi_Cache.o ubiqx/ubi_SplayTree.o \ @@ -265,7 +267,8 @@ SMBD_OBJ = $(SMBD_OBJ1) $(MSDFS_OBJ) $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) \ $(LIB_OBJ) $(PRINTBACKEND_OBJ) $(QUOTAOBJS) $(OPLOCK_OBJ) \ $(NOTIFY_OBJ) $(GROUPDB_OBJ) $(AUTH_OBJ) \ $(LIBMSRPC_OBJ) $(LIBMSRPC_SERVER_OBJ) \ - $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) + $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) \ + $(LIB_SMBD_OBJ) NMBD_OBJ1 = nmbd/asyncdns.o nmbd/nmbd.o nmbd/nmbd_become_dmb.o \ @@ -442,7 +445,8 @@ PROTO_OBJ = $(SMBD_OBJ1) $(NMBD_OBJ1) $(SWAT_OBJ1) $(LIB_OBJ) $(LIBSMB_OBJ) \ $(AUTH_OBJ) $(PARAM_OBJ) $(LOCKING_OBJ) $(SECRETS_OBJ) \ $(PRINTING_OBJ) $(PRINTBACKEND_OBJ) $(OPLOCK_OBJ) $(NOTIFY_OBJ) \ $(QUOTAOBJS) $(PASSDB_OBJ) $(GROUPDB_OBJ) $(MSDFS_OBJ) \ - $(READLINE_OBJ) $(PROFILE_OBJ) $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) + $(READLINE_OBJ) $(PROFILE_OBJ) $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) \ + $(LIB_SMBD_OBJ) NSS_OBJ_0 = nsswitch/wins.o $(PARAM_OBJ) $(UBIQX_OBJ) $(LIBSMB_OBJ) \ $(LIB_OBJ) $(NSSWINS_OBJ) diff --git a/source3/lib/replace.c b/source3/lib/replace.c index e2664accfa..fd7b2cf7f0 100644 --- a/source3/lib/replace.c +++ b/source3/lib/replace.c @@ -430,67 +430,3 @@ char *rep_inet_ntoa(struct in_addr ip) #endif /* HAVE_VSYSLOG */ -#ifndef HAVE_GETGROUPLIST -/* - This is a *much* faster way of getting the list of groups for a user - without changing the current supplemenrary group list. The old - method used getgrent() which could take 20 minutes on a really big - network with hundeds of thousands of groups and users. The new method - takes a couple of seconds. - - NOTE!! this function only works if it is called as root! - */ - int getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grpcnt) -{ - gid_t *gids_saved; - int ret, ngrp_saved; - - /* work out how many groups we need to save */ - ngrp_saved = getgroups(0, NULL); - if (ngrp_saved == -1) { - /* this shouldn't happen */ - return -1; - } - - gids_saved = (gid_t *)malloc(sizeof(gid_t) * (ngrp_saved+1)); - if (!gids_saved) { - errno = ENOMEM; - return -1; - } - - ngrp_saved = getgroups(ngrp_saved, gids_saved); - if (ngrp_saved == -1) { - free(gids_saved); - /* very strange! */ - return -1; - } - - if (initgroups(user, gid) != 0) { - free(gids_saved); - return -1; - } - - /* this must be done to cope with systems that put the current egid in the - return from getgroups() */ - save_re_gid(); - set_effective_gid(gid); - setgid(gid); - - ret = getgroups(*grpcnt, groups); - if (ret >= 0) { - *grpcnt = ret; - } - - restore_re_gid(); - - if (setgroups(ngrp_saved, gids_saved) != 0) { - /* yikes! */ - DEBUG(0,("ERROR: getgrouplist: failed to reset group list!\n")); - free(gids_saved); - return -1; - } - - free(gids_saved); - return ret; -} -#endif diff --git a/source3/lib/system_smbd.c b/source3/lib/system_smbd.c new file mode 100644 index 0000000000..28ceaf3939 --- /dev/null +++ b/source3/lib/system_smbd.c @@ -0,0 +1,105 @@ +/* + Unix SMB/CIFS implementation. + system call wrapper interface. + Copyright (C) Andrew Tridgell 2002 + Copyright (C) Andrew Barteltt 2002 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +/* + This file may assume linkage with smbd - for things like become_root() + etc. +*/ + +#include "includes.h" + +#ifndef HAVE_GETGROUPLIST +/* + This is a *much* faster way of getting the list of groups for a user + without changing the current supplemenrary group list. The old + method used getgrent() which could take 20 minutes on a really big + network with hundeds of thousands of groups and users. The new method + takes a couple of seconds. + + NOTE!! this function only works if it is called as root! + */ +static int getgrouplist_internals(const char *user, gid_t gid, gid_t *groups, int *grpcnt) +{ + gid_t *gids_saved; + int ret, ngrp_saved; + + /* work out how many groups we need to save */ + ngrp_saved = getgroups(0, NULL); + if (ngrp_saved == -1) { + /* this shouldn't happen */ + return -1; + } + + gids_saved = (gid_t *)malloc(sizeof(gid_t) * (ngrp_saved+1)); + if (!gids_saved) { + errno = ENOMEM; + return -1; + } + + ngrp_saved = getgroups(ngrp_saved, gids_saved); + if (ngrp_saved == -1) { + free(gids_saved); + /* very strange! */ + return -1; + } + + if (initgroups(user, gid) != 0) { + free(gids_saved); + return -1; + } + + /* this must be done to cope with systems that put the current egid in the + return from getgroups() */ + save_re_gid(); + set_effective_gid(gid); + setgid(gid); + + ret = getgroups(*grpcnt, groups); + if (ret >= 0) { + *grpcnt = ret; + } + + restore_re_gid(); + + if (setgroups(ngrp_saved, gids_saved) != 0) { + /* yikes! */ + DEBUG(0,("ERROR: getgrouplist: failed to reset group list!\n")); + smb_panic("getgrouplist: failed to reset group list!\n"); + free(gids_saved); + return -1; + } + + free(gids_saved); + return ret; +} +#endif + +int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grpcnt) +{ +#ifdef HAVE_GETGROUPLIST + return getgrouplist(user, gid, groups, grpcnt); +#else + int retval; + become_root(); + retval = getgrouplist_internals(user, gid, groups, grpcnt); + unbecome_root(); +#endif +} diff --git a/source3/lib/util_getent.c b/source3/lib/util_getent.c index 5d2fcd7652..6699ce3e92 100644 --- a/source3/lib/util_getent.c +++ b/source3/lib/util_getent.c @@ -299,38 +299,3 @@ void free_userlist(struct sys_userlist *list_head) SAFE_FREE(old_head); } } - - -/* - return a full list of groups for a user - - returns the number of groups the user is a member of. The return will include the - users primary group. - - remember to free the resulting gid_t array - - NOTE! you must be root to call this function on some systems -*/ -int getgroups_user(const char *user, gid_t **groups) -{ - struct passwd *pwd; - int ngrp, max_grp; - - pwd = getpwnam(user); - if (!pwd) return -1; - - max_grp = groups_max(); - (*groups) = (gid_t *)malloc(sizeof(gid_t) * max_grp); - if (! *groups) { - errno = ENOMEM; - return -1; - } - - ngrp = getgrouplist(user, pwd->pw_gid, *groups, &max_grp); - if (ngrp <= 0) { - free(*groups); - return ngrp; - } - - return ngrp; -} diff --git a/source3/lib/util_smbd.c b/source3/lib/util_smbd.c new file mode 100644 index 0000000000..071f20b416 --- /dev/null +++ b/source3/lib/util_smbd.c @@ -0,0 +1,65 @@ +/* + Unix SMB/CIFS implementation. + Samba utility functions, used in smbd only + Copyright (C) Andrew Tridgell 2002 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +/* + This function requires sys_getgrouplist - which is only + available in smbd due to it's use of become_root() in a + legacy systems hack. +*/ + +/* + return a full list of groups for a user + + returns the number of groups the user is a member of. The return will include the + users primary group. + + remember to free the resulting gid_t array + + NOTE! uses become_root() to gain correct priviages on systems + that lack a native getgroups() call (uses initgroups and getgroups) +*/ +int getgroups_user(const char *user, gid_t **groups) +{ + struct passwd *pwd; + int ngrp, max_grp; + + pwd = getpwnam_alloc(user); + if (!pwd) return -1; + + max_grp = groups_max(); + (*groups) = (gid_t *)malloc(sizeof(gid_t) * max_grp); + if (! *groups) { + passwd_free(&pwd); + errno = ENOMEM; + return -1; + } + + ngrp = sys_getgrouplist(user, pwd->pw_gid, *groups, &max_grp); + if (ngrp <= 0) { + passwd_free(&pwd); + free(*groups); + return ngrp; + } + + passwd_free(&pwd); + return ngrp; +} |