diff options
Diffstat (limited to 'source3/smbd')
| -rw-r--r-- | source3/smbd/sec_ctx.c | 17 | ||||
| -rw-r--r-- | source3/smbd/uid.c | 22 |
2 files changed, 32 insertions, 7 deletions
diff --git a/source3/smbd/sec_ctx.c b/source3/smbd/sec_ctx.c index 118c2f46b6..f185ffcdaa 100644 --- a/source3/smbd/sec_ctx.c +++ b/source3/smbd/sec_ctx.c @@ -221,15 +221,17 @@ BOOL push_sec_ctx(void) /* Check we don't overflow our stack */ - if (sec_ctx_stack_ndx == (MAX_SEC_CTX_DEPTH)) { + if (sec_ctx_stack_ndx == MAX_SEC_CTX_DEPTH) { DEBUG(0, ("Security context stack overflow!\n")); - return False; + smb_panic("Security context stack overflow!\n"); } /* Store previous user context */ sec_ctx_stack_ndx++; + DEBUG(3, ("push_sec_ctx() : sec_ctx_stack_ndx = %d\n", sec_ctx_stack_ndx )); + ctx_p = &sec_ctx_stack[sec_ctx_stack_ndx]; ctx_p->uid = geteuid(); @@ -264,7 +266,7 @@ void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN /* Set the security context */ - DEBUG(3, ("setting sec ctx (%d, %d)\n", uid, gid)); + DEBUG(3, ("setting sec ctx (%d, %d) - sec_ctx_stack_ndx = %d\n", uid, gid, sec_ctx_stack_ndx)); gain_root(); @@ -275,6 +277,11 @@ void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN ctx_p->ngroups = ngroups; safe_free(ctx_p->groups); +#if 1 /* JRATEST */ + if (token && (token == ctx_p->token)) + smb_panic("DUPLICATE_TOKEN"); +#endif + delete_nt_token(&ctx_p->token); ctx_p->groups = memdup(groups, sizeof(gid_t) * ngroups); @@ -318,7 +325,7 @@ BOOL pop_sec_ctx(void) if (sec_ctx_stack_ndx == 0) { DEBUG(0, ("Security context stack underflow!\n")); - return False; + smb_panic("Security context stack underflow!\n"); } ctx_p = &sec_ctx_stack[sec_ctx_stack_ndx]; @@ -355,7 +362,7 @@ BOOL pop_sec_ctx(void) current_user.groups = prev_ctx_p->groups; current_user.nt_user_token = prev_ctx_p->token; - DEBUG(3, ("popped off to sec ctx (%d, %d)\n", geteuid(), getegid())); + DEBUG(3, ("pop_sec_ctx (%d, %d) - sec_ctx_stack_ndx = %d\n", geteuid(), getegid(), sec_ctx_stack_ndx)); return True; } diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c index fafcd71b1a..b28f056a30 100644 --- a/source3/smbd/uid.c +++ b/source3/smbd/uid.c @@ -89,6 +89,8 @@ BOOL become_user(connection_struct *conn, uint16 vuid) gid_t gid; uid_t uid; char group_c; + BOOL must_free_token = False; + NT_USER_TOKEN *token = NULL; if (!conn) { DEBUG(2,("Connection not open\n")); @@ -125,6 +127,7 @@ BOOL become_user(connection_struct *conn, uint16 vuid) gid = conn->gid; current_user.groups = conn->groups; current_user.ngroups = conn->ngroups; + token = conn->nt_user_token; } else { if (!vuser) { DEBUG(2,("Invalid vuid used %d\n",vuid)); @@ -134,6 +137,7 @@ BOOL become_user(connection_struct *conn, uint16 vuid) gid = vuser->gid; current_user.ngroups = vuser->n_groups; current_user.groups = vuser->groups; + token = vuser->nt_user_token; } /* @@ -162,13 +166,27 @@ BOOL become_user(connection_struct *conn, uint16 vuid) } else { gid = conn->gid; } + + /* + * We've changed the group list in the token - we must + * re-create it. + */ + + token = create_nt_token(uid, gid, current_user.ngroups, current_user.groups); + must_free_token = True; } - set_sec_ctx(uid, gid, current_user.ngroups, current_user.groups, current_user.nt_user_token); + set_sec_ctx(uid, gid, current_user.ngroups, current_user.groups, token); + + /* + * Free the new token (as set_sec_ctx copies it). + */ + + if (must_free_token) + delete_nt_token(&token); current_user.conn = conn; current_user.vuid = vuid; - current_user.nt_user_token = conn->nt_user_token; DEBUG(5,("become_user uid=(%d,%d) gid=(%d,%d)\n", (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid())); |