diff options
| -rw-r--r-- | source3/acconfig.h | 2 | ||||
| -rwxr-xr-x | source3/configure | 111 | ||||
| -rw-r--r-- | source3/configure.in | 5 | ||||
| -rw-r--r-- | source3/include/config.h.in | 1 | ||||
| -rw-r--r-- | source3/include/includes.h | 6 | ||||
| -rw-r--r-- | source3/include/proto.h | 5 | ||||
| -rw-r--r-- | source3/include/smb.h | 15 | ||||
| -rw-r--r-- | source3/lib/util.c | 14 | ||||
| -rw-r--r-- | source3/smbd/password.c | 108 | ||||
| -rw-r--r-- | source3/smbd/server.c | 12 | ||||
| -rw-r--r-- | source3/smbd/uid.c | 2 | ||||
| -rw-r--r-- | source3/tests/getgroups.c | 62 |
12 files changed, 196 insertions, 147 deletions
diff --git a/source3/acconfig.h b/source3/acconfig.h index 6ae9f1b73d..411ce38955 100644 --- a/source3/acconfig.h +++ b/source3/acconfig.h @@ -47,3 +47,5 @@ #undef WITH_NISPLUS #undef WITH_AUTOMOUNT #undef HAVE_PAM_AUTHENTICATE +#undef HAVE_BROKEN_GETGROUPS + diff --git a/source3/configure b/source3/configure index ef237b77a9..7d01e478c1 100755 --- a/source3/configure +++ b/source3/configure @@ -3692,17 +3692,42 @@ fi fi +echo $ac_n "checking for broken getgroups ... $ac_c" +if test "$cross_compiling" = yes; then + { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } +else + cat > conftest.$ac_ext <<EOF +#line 3701 "configure" +#include "confdefs.h" +#include "tests/getgroups.c" +EOF +if { (eval echo configure:3705: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +then + echo yes;cat >> confdefs.h <<\EOF +#define HAVE_BROKEN_GETGROUPS 1 +EOF + +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + echo no +fi +rm -fr conftest* +fi + + echo $ac_n "checking for root ... $ac_c" if test "$cross_compiling" = yes; then { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext <<EOF -#line 3702 "configure" +#line 3727 "configure" #include "confdefs.h" main() { exit(getuid() != 0); } EOF -if { (eval echo configure:3706: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:3731: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null then echo yes;cat >> confdefs.h <<\EOF #define HAVE_ROOT 1 @@ -3724,14 +3749,14 @@ if test "$cross_compiling" = yes; then { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext <<EOF -#line 3728 "configure" +#line 3753 "configure" #include "confdefs.h" #define HAVE_NETMASK_IFCONF 1 #define AUTOCONF 1 #include "netmask.c" EOF -if { (eval echo configure:3735: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:3760: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null then echo yes;netmask=yes;cat >> confdefs.h <<\EOF #define HAVE_NETMASK_IFCONF 1 @@ -3753,14 +3778,14 @@ if test "$cross_compiling" = yes; then { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext <<EOF -#line 3757 "configure" +#line 3782 "configure" #include "confdefs.h" #define HAVE_NETMASK_IFREQ 1 #define AUTOCONF 1 #include "netmask.c" EOF -if { (eval echo configure:3764: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:3789: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null then echo yes;netmask=yes;cat >> confdefs.h <<\EOF #define HAVE_NETMASK_IFREQ 1 @@ -3783,14 +3808,14 @@ if test "$cross_compiling" = yes; then { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext <<EOF -#line 3787 "configure" +#line 3812 "configure" #include "confdefs.h" #define HAVE_NETMASK_AIX 1 #define AUTOCONF 1 #include "netmask.c" EOF -if { (eval echo configure:3794: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:3819: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null then echo yes;netmask=yes;cat >> confdefs.h <<\EOF #define HAVE_NETMASK_AIX 1 @@ -3812,11 +3837,11 @@ if test "$cross_compiling" = yes; then { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext <<EOF -#line 3816 "configure" +#line 3841 "configure" #include "confdefs.h" #include "tests/trapdoor.c" EOF -if { (eval echo configure:3820: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:3845: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null then echo no else @@ -3837,11 +3862,11 @@ if test "$cross_compiling" = yes; then { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext <<EOF -#line 3841 "configure" +#line 3866 "configure" #include "confdefs.h" #include "tests/shared_mmap.c" EOF -if { (eval echo configure:3845: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:3870: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null then echo yes;cat >> confdefs.h <<\EOF #define HAVE_SHARED_MMAP 1 @@ -3862,11 +3887,11 @@ if test "$cross_compiling" = yes; then { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext <<EOF -#line 3866 "configure" +#line 3891 "configure" #include "confdefs.h" #include "tests/fcntl_lock.c" EOF -if { (eval echo configure:3870: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:3895: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null then echo yes;cat >> confdefs.h <<\EOF #define HAVE_FCNTL_LOCK 1 @@ -3887,11 +3912,11 @@ if test "$cross_compiling" = yes; then { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } else cat > conftest.$ac_ext <<EOF -#line 3891 "configure" +#line 3916 "configure" #include "confdefs.h" #include "tests/sysv_ipc.c" EOF -if { (eval echo configure:3895: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:3920: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null then echo yes;cat >> confdefs.h <<\EOF #define HAVE_SYSV_IPC 1 @@ -3910,7 +3935,7 @@ fi ################################################# # check for the AFS filesystem echo $ac_n "checking whether to use AFS""... $ac_c" 1>&6 -echo "configure:3914: checking whether to use AFS" >&5 +echo "configure:3939: checking whether to use AFS" >&5 # Check whether --with-afs or --without-afs was given. if test "${with_afs+set}" = set; then withval="$with_afs" @@ -3936,7 +3961,7 @@ fi ################################################# # check for the DFS auth system echo $ac_n "checking whether to use DFS auth""... $ac_c" 1>&6 -echo "configure:3940: checking whether to use DFS auth" >&5 +echo "configure:3965: checking whether to use DFS auth" >&5 # Check whether --with-dfs or --without-dfs was given. if test "${with_dfs+set}" = set; then withval="$with_dfs" @@ -3961,7 +3986,7 @@ fi ################################################# # check for automount support echo $ac_n "checking whether to use AUTOMOUNT""... $ac_c" 1>&6 -echo "configure:3965: checking whether to use AUTOMOUNT" >&5 +echo "configure:3990: checking whether to use AUTOMOUNT" >&5 # Check whether --with-automount or --without-automount was given. if test "${with_automount+set}" = set; then withval="$with_automount" @@ -3986,7 +4011,7 @@ fi ################################################# # check for a LDAP password database echo $ac_n "checking whether to use LDAP password database""... $ac_c" 1>&6 -echo "configure:3990: checking whether to use LDAP password database" >&5 +echo "configure:4015: checking whether to use LDAP password database" >&5 # Check whether --with-ldap or --without-ldap was given. if test "${with_ldap+set}" = set; then withval="$with_ldap" @@ -4011,7 +4036,7 @@ fi ################################################# # check for a NISPLUS password database echo $ac_n "checking whether to use NISPLUS password database""... $ac_c" 1>&6 -echo "configure:4015: checking whether to use NISPLUS password database" >&5 +echo "configure:4040: checking whether to use NISPLUS password database" >&5 # Check whether --with-nisplus or --without-nisplus was given. if test "${with_nisplus+set}" = set; then withval="$with_nisplus" @@ -4036,7 +4061,7 @@ fi ################################################# # check for the secure socket layer echo $ac_n "checking whether to use SSL""... $ac_c" 1>&6 -echo "configure:4040: checking whether to use SSL" >&5 +echo "configure:4065: checking whether to use SSL" >&5 # Check whether --with-ssl or --without-ssl was given. if test "${with_ssl+set}" = set; then withval="$with_ssl" @@ -4061,7 +4086,7 @@ fi ################################################# # check for experimental mmap support echo $ac_n "checking whether to use MMAP""... $ac_c" 1>&6 -echo "configure:4065: checking whether to use MMAP" >&5 +echo "configure:4090: checking whether to use MMAP" >&5 # Check whether --with-mmap or --without-mmap was given. if test "${with_mmap+set}" = set; then withval="$with_mmap" @@ -4086,7 +4111,7 @@ fi ################################################# # check for syslog logging echo $ac_n "checking whether to use syslog logging""... $ac_c" 1>&6 -echo "configure:4090: checking whether to use syslog logging" >&5 +echo "configure:4115: checking whether to use syslog logging" >&5 # Check whether --with-syslog or --without-syslog was given. if test "${with_syslog+set}" = set; then withval="$with_syslog" @@ -4112,7 +4137,7 @@ fi ################################################# # these tests are taken from the GNU fileutils package echo "checking how to get filesystem space usage" 1>&6 -echo "configure:4116: checking how to get filesystem space usage" >&5 +echo "configure:4141: checking how to get filesystem space usage" >&5 space=no # Perform only the link test since it seems there are no variants of the @@ -4124,12 +4149,12 @@ space=no if test $space = no; then # SVR4 echo $ac_n "checking statvfs function (SVR4)""... $ac_c" 1>&6 -echo "configure:4128: checking statvfs function (SVR4)" >&5 +echo "configure:4153: checking statvfs function (SVR4)" >&5 if eval "test \"`echo '$''{'fu_cv_sys_stat_statvfs'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 4133 "configure" +#line 4158 "configure" #include "confdefs.h" #include <sys/types.h> #include <sys/statvfs.h> @@ -4137,7 +4162,7 @@ int main() { struct statvfs fsd; statvfs (0, &fsd); ; return 0; } EOF -if { (eval echo configure:4141: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4166: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then rm -rf conftest* fu_cv_sys_stat_statvfs=yes else @@ -4162,7 +4187,7 @@ fi if test $space = no; then # DEC Alpha running OSF/1 echo $ac_n "checking for 3-argument statfs function (DEC OSF/1)""... $ac_c" 1>&6 -echo "configure:4166: checking for 3-argument statfs function (DEC OSF/1)" >&5 +echo "configure:4191: checking for 3-argument statfs function (DEC OSF/1)" >&5 if eval "test \"`echo '$''{'fu_cv_sys_stat_statfs3_osf1'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -4170,7 +4195,7 @@ else fu_cv_sys_stat_statfs3_osf1=no else cat > conftest.$ac_ext <<EOF -#line 4174 "configure" +#line 4199 "configure" #include "confdefs.h" #include <sys/param.h> @@ -4183,7 +4208,7 @@ else exit (statfs (".", &fsd, sizeof (struct statfs))); } EOF -if { (eval echo configure:4187: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:4212: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null then fu_cv_sys_stat_statfs3_osf1=yes else @@ -4210,7 +4235,7 @@ fi if test $space = no; then # AIX echo $ac_n "checking for two-argument statfs with statfs.bsize member (AIX, 4.3BSD)""... $ac_c" 1>&6 -echo "configure:4214: checking for two-argument statfs with statfs.bsize member (AIX, 4.3BSD)" >&5 +echo "configure:4239: checking for two-argument statfs with statfs.bsize member (AIX, 4.3BSD)" >&5 if eval "test \"`echo '$''{'fu_cv_sys_stat_statfs2_bsize'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -4218,7 +4243,7 @@ else fu_cv_sys_stat_statfs2_bsize=no else cat > conftest.$ac_ext <<EOF -#line 4222 "configure" +#line 4247 "configure" #include "confdefs.h" #ifdef HAVE_SYS_PARAM_H @@ -4237,7 +4262,7 @@ else exit (statfs (".", &fsd)); } EOF -if { (eval echo configure:4241: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:4266: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null then fu_cv_sys_stat_statfs2_bsize=yes else @@ -4264,7 +4289,7 @@ fi if test $space = no; then # SVR3 echo $ac_n "checking for four-argument statfs (AIX-3.2.5, SVR3)""... $ac_c" 1>&6 -echo "configure:4268: checking for four-argument statfs (AIX-3.2.5, SVR3)" >&5 +echo "configure:4293: checking for four-argument statfs (AIX-3.2.5, SVR3)" >&5 if eval "test \"`echo '$''{'fu_cv_sys_stat_statfs4'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -4272,7 +4297,7 @@ else fu_cv_sys_stat_statfs4=no else cat > conftest.$ac_ext <<EOF -#line 4276 "configure" +#line 4301 "configure" #include "confdefs.h" #include <sys/types.h> #include <sys/statfs.h> @@ -4282,7 +4307,7 @@ else exit (statfs (".", &fsd, sizeof fsd, 0)); } EOF -if { (eval echo configure:4286: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:4311: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null then fu_cv_sys_stat_statfs4=yes else @@ -4309,7 +4334,7 @@ fi if test $space = no; then # 4.4BSD and NetBSD echo $ac_n "checking for two-argument statfs with statfs.fsize member (4.4BSD and NetBSD)""... $ac_c" 1>&6 -echo "configure:4313: checking for two-argument statfs with statfs.fsize member (4.4BSD and NetBSD)" >&5 +echo "configure:4338: checking for two-argument statfs with statfs.fsize member (4.4BSD and NetBSD)" >&5 if eval "test \"`echo '$''{'fu_cv_sys_stat_statfs2_fsize'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -4317,7 +4342,7 @@ else fu_cv_sys_stat_statfs2_fsize=no else cat > conftest.$ac_ext <<EOF -#line 4321 "configure" +#line 4346 "configure" #include "confdefs.h" #include <sys/types.h> #ifdef HAVE_SYS_PARAM_H @@ -4333,7 +4358,7 @@ else exit (statfs (".", &fsd)); } EOF -if { (eval echo configure:4337: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:4362: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null then fu_cv_sys_stat_statfs2_fsize=yes else @@ -4360,7 +4385,7 @@ fi if test $space = no; then # Ultrix echo $ac_n "checking for two-argument statfs with struct fs_data (Ultrix)""... $ac_c" 1>&6 -echo "configure:4364: checking for two-argument statfs with struct fs_data (Ultrix)" >&5 +echo "configure:4389: checking for two-argument statfs with struct fs_data (Ultrix)" >&5 if eval "test \"`echo '$''{'fu_cv_sys_stat_fs_data'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -4368,7 +4393,7 @@ else fu_cv_sys_stat_fs_data=no else cat > conftest.$ac_ext <<EOF -#line 4372 "configure" +#line 4397 "configure" #include "confdefs.h" #include <sys/types.h> #ifdef HAVE_SYS_PARAM_H @@ -4388,7 +4413,7 @@ else exit (statfs (".", &fsd) != 1); } EOF -if { (eval echo configure:4392: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:4417: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null then fu_cv_sys_stat_fs_data=yes else diff --git a/source3/configure.in b/source3/configure.in index 883085b3e1..5cdc3425d6 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -211,6 +211,11 @@ if test "$ac_cv_lib_socket_connect" = "yes" || AC_DEFINE(HAVE_CONNECT) fi]) +echo $ac_n "checking for broken getgroups ... $ac_c" +AC_TRY_RUN([#include "tests/getgroups.c"], + echo yes;AC_DEFINE(HAVE_BROKEN_GETGROUPS), + echo no) + echo $ac_n "checking for root ... $ac_c" AC_TRY_RUN([main() { exit(getuid() != 0); }], diff --git a/source3/include/config.h.in b/source3/include/config.h.in index 3bc3e95e4f..dbbd5431a2 100644 --- a/source3/include/config.h.in +++ b/source3/include/config.h.in @@ -104,6 +104,7 @@ #undef WITH_NISPLUS #undef WITH_AUTOMOUNT #undef HAVE_PAM_AUTHENTICATE +#undef HAVE_BROKEN_GETGROUPS /* The number of bytes in a int. */ #undef SIZEOF_INT diff --git a/source3/include/includes.h b/source3/include/includes.h index b63787fd5e..2a420f76ed 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -287,6 +287,12 @@ extern char *sys_errlist[]; extern int errno; #endif +#ifdef HAVE_BROKEN_GETGROUPS +#define GID_T int +#else +#define GID_T gid_t +#endif + /* Lists, trees, caching, datbase... */ #include "ubi_sLinkList.h" diff --git a/source3/include/proto.h b/source3/include/proto.h index 523d7c9615..c8c0cc8145 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1661,8 +1661,7 @@ BOOL last_challenge(unsigned char *challenge); user_struct *get_valid_user_struct(uint16 vuid); void invalidate_vuid(uint16 vuid); char *validated_username(uint16 vuid); -int setup_groups(char *user, int uid, int gid, int *p_ngroups, - int **p_igroups, gid_t **p_groups); +int setup_groups(char *user, int uid, int gid, int *p_ngroups, GID_T **p_groups); uint16 register_vuid(int uid,int gid, char *unix_name, char *requested_name, BOOL guest); void add_session_user(char *user); BOOL update_smbpassword_file( char *user, fstring password); @@ -1984,7 +1983,7 @@ void *mem_dup( void *from, int size ); void array_promote(char *array,int elsize,int element); void set_socket_options(int fd, char *options); void close_sockets(void ); -BOOL in_group(gid_t group, int current_gid, int ngroups, int *groups); +BOOL in_group(gid_t group, int current_gid, int ngroups, GID_T *groups); char *StrCpy(char *dest,char *src); char *StrnCpy(char *dest,char *src,int n); void putip(void *dest,void *src); diff --git a/source3/include/smb.h b/source3/include/smb.h index 1c37aab7e2..8d846d4531 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -386,11 +386,10 @@ struct cli_state { struct current_user { - int cnum, vuid; - int uid, gid; - int ngroups; - gid_t *groups; - int *igroups; + int cnum, vuid; + int uid, gid; + int ngroups; + GID_T *groups; }; typedef struct @@ -500,8 +499,7 @@ typedef struct /* This groups info is valid for the user that *opened* the connection */ int ngroups; - gid_t *groups; - int *igroups; /* an integer version - some OSes are broken :-( */ + GID_T *groups; time_t lastused; BOOL used; @@ -537,8 +535,7 @@ typedef struct /* following groups stuff added by ih */ /* This groups info is needed for when we become_user() for this uid */ int n_groups; - gid_t *groups; - int *igroups; /* an integer version - some OSes are broken :-( */ + GID_T *groups; int n_sids; int *sids; diff --git a/source3/lib/util.c b/source3/lib/util.c index 8d1f619318..35fb80be09 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -635,17 +635,17 @@ void close_sockets(void ) /**************************************************************************** determine whether we are in the specified group ****************************************************************************/ -BOOL in_group(gid_t group, int current_gid, int ngroups, int *groups) +BOOL in_group(gid_t group, int current_gid, int ngroups, GID_T *groups) { - int i; + int i; - if (group == current_gid) return(True); + if (group == current_gid) return(True); - for (i=0;i<ngroups;i++) - if (group == groups[i]) - return(True); + for (i=0;i<ngroups;i++) + if (group == groups[i]) + return(True); - return(False); + return(False); } /**************************************************************************** diff --git a/source3/smbd/password.c b/source3/smbd/password.c index aae398dbda..0f8e33940f 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -137,14 +137,11 @@ void invalidate_vuid(uint16 vuid) /* same number of igroups as groups */ vuser->n_groups = 0; - if (vuser->groups && (vuser->groups != (gid_t *)vuser->igroups)) - free(vuser->groups); + if (vuser->groups) free(vuser->groups); - if (vuser->igroups) free(vuser->igroups); - if (vuser->sids ) free(vuser->sids); + if (vuser->sids) free(vuser->sids); vuser->sids = NULL; - vuser->igroups = NULL; vuser->groups = NULL; } @@ -164,78 +161,41 @@ char *validated_username(uint16 vuid) /**************************************************************************** Setup the groups a user belongs to. ****************************************************************************/ -int setup_groups(char *user, int uid, int gid, int *p_ngroups, - int **p_igroups, gid_t **p_groups) +int setup_groups(char *user, int uid, int gid, int *p_ngroups, GID_T **p_groups) { - if (-1 == initgroups(user,gid)) - { - if (getuid() == 0) - { - DEBUG(0,("Unable to initgroups!\n")); - if (gid < 0 || gid > 16000 || uid < 0 || uid > 16000) - DEBUG(0,("This is probably a problem with the account %s\n",user)); + int i,ngroups; + GID_T *groups; + GID_T grp = 0; + + if (-1 == initgroups(user,gid)) { + if (getuid() == 0) { + DEBUG(0,("Unable to initgroups!\n")); + if (gid < 0 || gid > 16000 || uid < 0 || uid > 16000) { + DEBUG(0,("This is probably a problem with the account %s\n", + user)); + } + } + return -1; } - } - else - { - int i,ngroups; - int *igroups; - gid_t grp = 0; - ngroups = getgroups(0,&grp); - if (ngroups <= 0) - ngroups = 32; - igroups = (int *)malloc(sizeof(int)*ngroups); - for (i=0;i<ngroups;i++) - igroups[i] = 0x42424242; - ngroups = getgroups(ngroups,(gid_t *)igroups); - - if (igroups[0] == 0x42424242) - ngroups = 0; - - *p_ngroups = ngroups; - - /* The following bit of code is very strange. It is due to the - fact that some OSes use int* and some use gid_t* for - getgroups, and some (like SunOS) use both, one in prototypes, - and one in man pages and the actual code. Thus we detect it - dynamically using some very ugly code */ - if (ngroups > 0) - { - /* does getgroups return ints or gid_t ?? */ - static BOOL groups_use_ints = True; - if (groups_use_ints && - ngroups == 1 && - SVAL(igroups,2) == 0x4242) - groups_use_ints = False; - - for (i=0;groups_use_ints && i<ngroups;i++) - if (igroups[i] == 0x42424242) - groups_use_ints = False; - - if (groups_use_ints) - { - *p_igroups = igroups; - *p_groups = (gid_t *)igroups; - } - else - { - gid_t *groups = (gid_t *)igroups; - igroups = (int *)malloc(sizeof(int)*ngroups); - for (i=0;i<ngroups;i++) - { - igroups[i] = groups[i]; - } - *p_igroups = igroups; - *p_groups = (gid_t *)groups; - } + ngroups = getgroups(0,&grp); + if (ngroups <= 0) ngroups = 32; + + groups = (GID_T *)malloc(sizeof(groups[0])*ngroups); + + ngroups = getgroups(ngroups,(gid_t *)groups); + + (*p_ngroups) = ngroups; + + (*p_groups) = groups; + + DEBUG(3,("%s is in %d groups\n",user,ngroups)); + for (i=0;i<ngroups;i++) { + DEBUG(3,("%d ",(int)groups[i])); } - DEBUG(3,("%s is in %d groups\n",user,ngroups)); - for (i=0;i<ngroups;i++) - DEBUG(3,("%d ",igroups[i])); - DEBUG(3,("\n")); - } - return 0; + DEBUG(3,("\n")); + + return 0; } @@ -299,13 +259,11 @@ uint16 register_vuid(int uid,int gid, char *unix_name, char *requested_name, BOO vuser->n_groups = 0; vuser->groups = NULL; - vuser->igroups = NULL; /* Find all the groups this uid is in and store them. Used by become_user() */ setup_groups(unix_name,uid,gid, &vuser->n_groups, - &vuser->igroups, &vuser->groups); DEBUG(3,("uid %d registered to name %s\n",uid,unix_name)); diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 3469e45732..8eee0209b6 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -206,7 +206,7 @@ int dos_mode(int cnum,char *path,struct stat *sbuf) ((sbuf->st_mode & S_IWUSR) && current_user.uid==sbuf->st_uid) || ((sbuf->st_mode & S_IWGRP) && in_group(sbuf->st_gid,current_user.gid, - current_user.ngroups,current_user.igroups)))) + current_user.ngroups,current_user.groups)))) result |= aRONLY; } else { if ((sbuf->st_mode & S_IWUSR) == 0) @@ -356,7 +356,7 @@ int file_utime(int cnum, char *fname, struct utimbuf *times) ((sb.st_mode & S_IWUSR) && current_user.uid==sb.st_uid) || ((sb.st_mode & S_IWGRP) && in_group(sb.st_gid,current_user.gid, - current_user.ngroups,current_user.igroups)))) { + current_user.ngroups,current_user.groups)))) { /* We are allowed to become root and change the filetime. */ become_root(False); ret = sys_utime(fname, times); @@ -3567,14 +3567,13 @@ int make_connection(char *service,char *user,char *password, int pwlen, char *de /* groups stuff added by ih */ pcon->ngroups = 0; - pcon->igroups = NULL; pcon->groups = NULL; if (!IS_IPC(cnum)) { /* Find all the groups this uid is in and store them. Used by become_user() */ setup_groups(pcon->user,pcon->uid,pcon->gid, - &pcon->ngroups,&pcon->igroups,&pcon->groups); + &pcon->ngroups,&pcon->groups); /* check number of connections */ if (!claim_connection(cnum, @@ -4267,11 +4266,8 @@ void close_cnum(int cnum, uint16 vuid) num_connections_open--; if (Connections[cnum].ngroups && Connections[cnum].groups) { - if (Connections[cnum].igroups != (int *)Connections[cnum].groups) - free(Connections[cnum].groups); - free(Connections[cnum].igroups); + free(Connections[cnum].groups); Connections[cnum].groups = NULL; - Connections[cnum].igroups = NULL; Connections[cnum].ngroups = 0; } diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c index a8e0bf0d03..173fdaca03 100644 --- a/source3/smbd/uid.c +++ b/source3/smbd/uid.c @@ -242,7 +242,6 @@ BOOL become_user(connection_struct *conn, int cnum, uint16 vuid) uid = conn->uid; gid = conn->gid; current_user.groups = conn->groups; - current_user.igroups = conn->igroups; current_user.ngroups = conn->ngroups; } else @@ -258,7 +257,6 @@ BOOL become_user(connection_struct *conn, int cnum, uint16 vuid) gid = conn->gid; current_user.ngroups = vuser->n_groups; current_user.groups = vuser->groups; - current_user.igroups = vuser->igroups; } if (initial_uid == 0) diff --git a/source3/tests/getgroups.c b/source3/tests/getgroups.c new file mode 100644 index 0000000000..37990e010b --- /dev/null +++ b/source3/tests/getgroups.c @@ -0,0 +1,62 @@ +/* this tests whether getgroups actually returns lists of integers + rather than gid_t. The test only works if the user running + the test is in at least 1 group + + The test is designed to check for those broken OSes that define + getgroups() as returning an array of gid_t but actually return a + array of ints! Ultrix is one culprit + */ + +#include <sys/types.h> +#include <stdio.h> +#include <unistd.h> +#include <grp.h> + +main() +{ + int i; + int *igroups; + char *cgroups; + int grp = 0; + int ngroups = getgroups(0,&grp); + + if (sizeof(gid_t) == sizeof(int)) { + fprintf(stderr,"gid_t and int are the same size\n"); + exit(1); + } + + if (ngroups <= 0) + ngroups = 32; + + igroups = (int *)malloc(sizeof(int)*ngroups); + + for (i=0;i<ngroups;i++) + igroups[i] = 0x42424242; + + ngroups = getgroups(ngroups,(gid_t *)igroups); + + if (igroups[0] == 0x42424242) + ngroups = 0; + + if (ngroups == 0) { + printf("WARNING: can't determine getgroups return type\n"); + exit(1); + } + + cgroups = (char *)igroups; + + if (ngroups == 1 && + cgroups[2] == 0x42 && cgroups[3] == 0x42) { + fprintf(stderr,"getgroups returns gid_t\n"); + exit(1); + } + + for (i=0;i<ngroups;i++) { + if (igroups[i] == 0x42424242) { + fprintf(stderr,"getgroups returns gid_t\n"); + exit(1); + } + } + + exit(0); +} |