From 8690b271a6a4feb112e0a6c03fe99ee25f86430b Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 17 Aug 2002 07:09:22 +0000 Subject: Move tridge's getgrouplist() replacement function from replace.c to a new 'system_smbd.c' file, where it can link with become_root() and unbecome_root(), and therefore avoiding some nasty 'it workes on linux' bugs. (The replacement function is implemented in terms of initgroups(), which is naturally only avaliable to root). Andrew Bartlett (This used to be commit a91018dd026be3db473bb1cf1f4981295f9758e4) --- source3/lib/system_smbd.c | 105 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 105 insertions(+) create mode 100644 source3/lib/system_smbd.c (limited to 'source3/lib/system_smbd.c') diff --git a/source3/lib/system_smbd.c b/source3/lib/system_smbd.c new file mode 100644 index 0000000000..28ceaf3939 --- /dev/null +++ b/source3/lib/system_smbd.c @@ -0,0 +1,105 @@ +/* + Unix SMB/CIFS implementation. + system call wrapper interface. + Copyright (C) Andrew Tridgell 2002 + Copyright (C) Andrew Barteltt 2002 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +/* + This file may assume linkage with smbd - for things like become_root() + etc. +*/ + +#include "includes.h" + +#ifndef HAVE_GETGROUPLIST +/* + This is a *much* faster way of getting the list of groups for a user + without changing the current supplemenrary group list. The old + method used getgrent() which could take 20 minutes on a really big + network with hundeds of thousands of groups and users. The new method + takes a couple of seconds. + + NOTE!! this function only works if it is called as root! + */ +static int getgrouplist_internals(const char *user, gid_t gid, gid_t *groups, int *grpcnt) +{ + gid_t *gids_saved; + int ret, ngrp_saved; + + /* work out how many groups we need to save */ + ngrp_saved = getgroups(0, NULL); + if (ngrp_saved == -1) { + /* this shouldn't happen */ + return -1; + } + + gids_saved = (gid_t *)malloc(sizeof(gid_t) * (ngrp_saved+1)); + if (!gids_saved) { + errno = ENOMEM; + return -1; + } + + ngrp_saved = getgroups(ngrp_saved, gids_saved); + if (ngrp_saved == -1) { + free(gids_saved); + /* very strange! */ + return -1; + } + + if (initgroups(user, gid) != 0) { + free(gids_saved); + return -1; + } + + /* this must be done to cope with systems that put the current egid in the + return from getgroups() */ + save_re_gid(); + set_effective_gid(gid); + setgid(gid); + + ret = getgroups(*grpcnt, groups); + if (ret >= 0) { + *grpcnt = ret; + } + + restore_re_gid(); + + if (setgroups(ngrp_saved, gids_saved) != 0) { + /* yikes! */ + DEBUG(0,("ERROR: getgrouplist: failed to reset group list!\n")); + smb_panic("getgrouplist: failed to reset group list!\n"); + free(gids_saved); + return -1; + } + + free(gids_saved); + return ret; +} +#endif + +int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grpcnt) +{ +#ifdef HAVE_GETGROUPLIST + return getgrouplist(user, gid, groups, grpcnt); +#else + int retval; + become_root(); + retval = getgrouplist_internals(user, gid, groups, grpcnt); + unbecome_root(); +#endif +} -- cgit From a834a73e341059be154426390304a42e4a011f72 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 25 Sep 2002 15:19:00 +0000 Subject: sync'ing up for 3.0alpha20 release (This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139) --- source3/lib/system_smbd.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'source3/lib/system_smbd.c') diff --git a/source3/lib/system_smbd.c b/source3/lib/system_smbd.c index 28ceaf3939..0cd3086945 100644 --- a/source3/lib/system_smbd.c +++ b/source3/lib/system_smbd.c @@ -41,6 +41,11 @@ static int getgrouplist_internals(const char *user, gid_t gid, gid_t *groups, in gid_t *gids_saved; int ret, ngrp_saved; + if (non_root_mode()) { + *grpcnt = 0; + return 0; + } + /* work out how many groups we need to save */ ngrp_saved = getgroups(0, NULL); if (ngrp_saved == -1) { @@ -56,13 +61,14 @@ static int getgrouplist_internals(const char *user, gid_t gid, gid_t *groups, in ngrp_saved = getgroups(ngrp_saved, gids_saved); if (ngrp_saved == -1) { - free(gids_saved); + SAFE_FREE(gids_saved); /* very strange! */ return -1; } if (initgroups(user, gid) != 0) { - free(gids_saved); + DEBUG(0, ("getgrouplist_internals: initgroups() failed!\n")); + SAFE_FREE(gids_saved); return -1; } @@ -101,5 +107,6 @@ int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grpcnt) become_root(); retval = getgrouplist_internals(user, gid, groups, grpcnt); unbecome_root(); + return retval; #endif } -- cgit From 251ea1e6776401005e302addd56a689c01924426 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 19 Feb 2003 12:31:16 +0000 Subject: Merge minor library fixes from HEAD to 3.0. - setenv() replacement - mimir's ASN1/SPNEGO typo fixes - (size_t)-1 fixes for push_* returns - function argument signed/unsigned correction - ASN1 error handling (ensure we don't use initiailsed data) - extra net ads join error checking - allow 'set security discriptor' to fail - escape ldap strings in libads. - getgrouplist() correctness fixes (include primary gid) Andrew Bartlett (This used to be commit e9d6e2ea9a3dc01d3849b925c50702cda6ddf225) --- source3/lib/system_smbd.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) (limited to 'source3/lib/system_smbd.c') diff --git a/source3/lib/system_smbd.c b/source3/lib/system_smbd.c index 0cd3086945..3ae0a6395e 100644 --- a/source3/lib/system_smbd.c +++ b/source3/lib/system_smbd.c @@ -39,7 +39,7 @@ static int getgrouplist_internals(const char *user, gid_t gid, gid_t *groups, int *grpcnt) { gid_t *gids_saved; - int ret, ngrp_saved; + int ret, ngrp_saved, num_gids; if (non_root_mode()) { *grpcnt = 0; @@ -78,9 +78,16 @@ static int getgrouplist_internals(const char *user, gid_t gid, gid_t *groups, in set_effective_gid(gid); setgid(gid); - ret = getgroups(*grpcnt, groups); - if (ret >= 0) { - *grpcnt = ret; + num_gids = getgroups(0, NULL); + if (num_gids + 1 > *grpcnt) { + *grpcnt = num_gids + 1; + ret = -1; + } else { + ret = getgroups(*grpcnt - 1, &groups[1]); + if (ret >= 0) { + groups[0] = gid; + *grpcnt = ret + 1; + } } restore_re_gid(); -- cgit From b8723aaa65a2bd760d6d2d9c9409f7c39867484c Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Sun, 29 Jun 2003 03:39:50 +0000 Subject: Here's the code to make winbindd work on a Samba DC to handle domain trusts. Jeremy and I talked about this and it's going in as working code. It keeps winbind clean and solves the trust problem with minimal changes. To summarize, there are 2 basic cases where the deadlock would occur. (1) lookuping up secondary groups for a user, and (2) get[gr|pw]nam() calls that fall through the NSS layer because they don't exist anywhere. o To handle case #1, we bypass winbindd in sys_getgrouplist() unless the username includes the 'winbind separator'. o Case #2 is handled by adding checks in winbindd to return failure if we are a DC and the domain matches our own. This code has been tested using basic share connections, domain logons, and with pam_winbind (both with and without 'winbind use default domain'). The 'trustdomain' auth module should work as well if an admin wants to manually create UNIX users for acounts in the trusted domains. Other misc fixes: * we need to fix check_ntlm_password() to be able to determine if an auth module is authoritative over a user (NT_STATUS_WRONG_PASSWORD, etc...). I worked around my specific situation, but this needs to be fixed. the winbindd auth module was causing delays. * fix named server mutex deadlock between trust domain auth module and winbindd looking up a uid * make sure SAM_ACCOUNT gets stored in the server_info struct for the _net_sam_logon() reply. Configuration details: The recommended method for supporting trusts is to use winbind. The gets us around some of the server mutex issues as well. * set 'files winbind' for passwd: and group: in /etc/nsswitch.conf * create domain trusts like normal * join winbind on the pdc to the Samba domain using 'net rpc join' * add normal parameters to smb.conf for winbind * set 'auth method = guest sam winbind' * start smbd, nmbd, & winbindd Problems that remain: * join a Windows 2k/XP box to a Samba domain. * create a 2-way trust between the Samba domain and an NT domain * logon to the windows client as a user from theh trusted domain * try to browse server in the trusted domain (or other workstations). an NT client seems to work ok, but 2k and XP either prompt for passwords or fail with errors. apparanently this never got tested since no one has ever been able to logon as a trusted user to a Samba domain from a Windows client. (This used to be commit f804b590f9dbf1f0147c06a0a2f12e221ae6fc3b) --- source3/lib/system_smbd.c | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) (limited to 'source3/lib/system_smbd.c') diff --git a/source3/lib/system_smbd.c b/source3/lib/system_smbd.c index 3ae0a6395e..ca78031660 100644 --- a/source3/lib/system_smbd.c +++ b/source3/lib/system_smbd.c @@ -107,13 +107,31 @@ static int getgrouplist_internals(const char *user, gid_t gid, gid_t *groups, in int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grpcnt) { + char *p; + int retval; + + DEBUG(10,("sys_getgrouplist: user [%s]\n", user)); + + /* see if we should disable winbindd lookups for local users */ + if ( (p = strchr(user, *lp_winbind_separator())) == NULL ) { + if ( setenv(WINBINDD_DONT_ENV, "1", True) == -1 ) + DEBUG(0,("sys_getgroup_list: Insufficient environment space for %s\n", + WINBINDD_DONT_ENV)); + else + DEBUG(10,("sys_getgrouplist(): disabled winbindd for group lookup [user == %s]\n", + user)); + } + #ifdef HAVE_GETGROUPLIST - return getgrouplist(user, gid, groups, grpcnt); + retval = getgrouplist(user, gid, groups, grpcnt); #else - int retval; become_root(); retval = getgrouplist_internals(user, gid, groups, grpcnt); unbecome_root(); - return retval; #endif + + /* allow winbindd lookups */ + unsetenv( WINBINDD_DONT_ENV ); + + return retval; } -- cgit From 1d8cd8faf620cb068d740d8fad7968525d45e83a Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Mon, 30 Jun 2003 16:18:29 +0000 Subject: fix for platforms that don't have unsetenv(). we now have to check the value for _NO_WINBINDD. "1" enables, and != "1" disables (use "0" by convention). (This used to be commit 11eccaef1dc61d80a7db8d0fb4bc5a47d71a4390) --- source3/lib/system_smbd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/lib/system_smbd.c') diff --git a/source3/lib/system_smbd.c b/source3/lib/system_smbd.c index ca78031660..3498307acb 100644 --- a/source3/lib/system_smbd.c +++ b/source3/lib/system_smbd.c @@ -114,7 +114,7 @@ int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grpcnt) /* see if we should disable winbindd lookups for local users */ if ( (p = strchr(user, *lp_winbind_separator())) == NULL ) { - if ( setenv(WINBINDD_DONT_ENV, "1", True) == -1 ) + if ( setenv(WINBINDD_DONT_ENV, "1", 1) == -1 ) DEBUG(0,("sys_getgroup_list: Insufficient environment space for %s\n", WINBINDD_DONT_ENV)); else @@ -131,7 +131,7 @@ int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grpcnt) #endif /* allow winbindd lookups */ - unsetenv( WINBINDD_DONT_ENV ); + setenv( WINBINDD_DONT_ENV, "0", 1); return retval; } -- cgit From 0b18acb841f6a372b3aa285d4734875e5e35fe3b Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Mon, 7 Jul 2003 05:11:10 +0000 Subject: and so it begins.... * remove idmap_XX_to_XX calls from smbd. Move back to the the winbind_XXX and local_XXX calls used in 2.2 * all uid/gid allocation must involve winbindd now * move flags field around in winbindd_request struct * add WBFLAG_QUERY_ONLY option to winbindd_sid_to_[ug]id() to prevent automatic allocation for unknown SIDs * add 'winbind trusted domains only' parameter to force a domain member server to use matching users names from /etc/passwd for its domain (needed for domain member of a Samba domain) * rename 'idmap only' to 'enable rid algorithm' for better clarity (defaults to "yes") code has been tested on * domain member of native mode 2k domain * ads domain member of native mode 2k domain * domain member of NT4 domain * domain member of Samba domain * Samba PDC running winbindd with trusts Logons tested using 2k clients and smbclient as domain users and trusted users. Tested both 'winbind trusted domains only = [yes|no]' This will be a long week of changes. The next item on the list is winbindd_passdb.c & machine trust accounts not in /etc/passwd (done via winbindd_passdb) (This used to be commit 8266dffab4aedba12a33289ff32880037ce950a8) --- source3/lib/system_smbd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/lib/system_smbd.c') diff --git a/source3/lib/system_smbd.c b/source3/lib/system_smbd.c index 3498307acb..bcbc8c61e6 100644 --- a/source3/lib/system_smbd.c +++ b/source3/lib/system_smbd.c @@ -114,7 +114,7 @@ int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grpcnt) /* see if we should disable winbindd lookups for local users */ if ( (p = strchr(user, *lp_winbind_separator())) == NULL ) { - if ( setenv(WINBINDD_DONT_ENV, "1", 1) == -1 ) + if ( !winbind_off() ) DEBUG(0,("sys_getgroup_list: Insufficient environment space for %s\n", WINBINDD_DONT_ENV)); else @@ -131,7 +131,7 @@ int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grpcnt) #endif /* allow winbindd lookups */ - setenv( WINBINDD_DONT_ENV, "0", 1); + winbind_on(); return retval; } -- cgit From b526d07d54b40741a8f1967c90cef6511ebaeece Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 1 Oct 2003 17:01:21 +0000 Subject: wrap internals of sys_setgroups() so the sys_XX() call can be done unconditionally; bug 550 (This used to be commit 9df3f53e6ae751d522c7ac21deb785f1fa05f225) --- source3/lib/system_smbd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/system_smbd.c') diff --git a/source3/lib/system_smbd.c b/source3/lib/system_smbd.c index bcbc8c61e6..73c910e631 100644 --- a/source3/lib/system_smbd.c +++ b/source3/lib/system_smbd.c @@ -92,7 +92,7 @@ static int getgrouplist_internals(const char *user, gid_t gid, gid_t *groups, in restore_re_gid(); - if (setgroups(ngrp_saved, gids_saved) != 0) { + if (sys_setgroups(ngrp_saved, gids_saved) != 0) { /* yikes! */ DEBUG(0,("ERROR: getgrouplist: failed to reset group list!\n")); smb_panic("getgrouplist: failed to reset group list!\n"); -- cgit From ae2e6490743c0fd89e11c85cd72d549f39be7674 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 20 Apr 2004 01:24:47 +0000 Subject: r288: combination of BUG 1081 and patch from J. Klinger -- added remove_duplicate_gids() to smbd and winbindd (This used to be commit 95c68103ea9dbd02651e26fcaa15dd054b157529) --- source3/lib/system_smbd.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source3/lib/system_smbd.c') diff --git a/source3/lib/system_smbd.c b/source3/lib/system_smbd.c index 73c910e631..7edc7ca98f 100644 --- a/source3/lib/system_smbd.c +++ b/source3/lib/system_smbd.c @@ -99,6 +99,11 @@ static int getgrouplist_internals(const char *user, gid_t gid, gid_t *groups, in free(gids_saved); return -1; } + + /* this will remove any duplicates gids in the list and + update the group counter */ + + remove_duplicate_gids( grpcnt, groups ); free(gids_saved); return ret; -- cgit From 1b69619e6d39198f6b8f65672bddd6eca3f53875 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 4 May 2004 14:28:05 +0000 Subject: r470: BUG 1302: fix seg fault by not trying to optimize a list of invalid gids using the wrong array size (This used to be commit 3003769164ed1265f57504f240e56f4a4ba34550) --- source3/lib/system_smbd.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) (limited to 'source3/lib/system_smbd.c') diff --git a/source3/lib/system_smbd.c b/source3/lib/system_smbd.c index 7edc7ca98f..55c2338ebd 100644 --- a/source3/lib/system_smbd.c +++ b/source3/lib/system_smbd.c @@ -88,6 +88,10 @@ static int getgrouplist_internals(const char *user, gid_t gid, gid_t *groups, in groups[0] = gid; *grpcnt = ret + 1; } + + /* remove any duplicates gids in the list */ + + remove_duplicate_gids( grpcnt, groups ); } restore_re_gid(); @@ -100,11 +104,6 @@ static int getgrouplist_internals(const char *user, gid_t gid, gid_t *groups, in return -1; } - /* this will remove any duplicates gids in the list and - update the group counter */ - - remove_duplicate_gids( grpcnt, groups ); - free(gids_saved); return ret; } -- cgit From f9e87b9ba65f37bafa45eacb1a6c9b8c5483d46b Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 12 Nov 2004 15:49:47 +0000 Subject: r3705: Nobody has commented, so I'll take this as an ack... abartlet, I'd like to ask you to take a severe look at this! We have solved the problem to find the global groups a user is in twice: Once in auth_util.c and another time for the corresponding samr call. The attached patch unifies these and sends them through the passdb backend (new function pdb_enum_group_memberships). Thus it gives pdb_ldap.c the chance to further optimize the corresponding call if the samba and posix accounts are unified by issuing a specialized ldap query. The parameter to activate this ldapsam behaviour is ldapsam:trusted = yes Volker (This used to be commit b94838aff1a009f8d8c2c3efd48756a5b8f3f989) --- source3/lib/system_smbd.c | 90 ++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 89 insertions(+), 1 deletion(-) (limited to 'source3/lib/system_smbd.c') diff --git a/source3/lib/system_smbd.c b/source3/lib/system_smbd.c index 55c2338ebd..fd2ed24a17 100644 --- a/source3/lib/system_smbd.c +++ b/source3/lib/system_smbd.c @@ -109,7 +109,7 @@ static int getgrouplist_internals(const char *user, gid_t gid, gid_t *groups, in } #endif -int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grpcnt) +static int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grpcnt) { char *p; int retval; @@ -139,3 +139,91 @@ int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grpcnt) return retval; } + +BOOL getgroups_user(const char *user, gid_t primary_gid, + gid_t **ret_groups, int *ngroups) +{ + int ngrp, max_grp; + gid_t *temp_groups; + gid_t *groups; + int i; + + max_grp = groups_max(); + temp_groups = (gid_t *)malloc(sizeof(gid_t) * max_grp); + if (! temp_groups) { + return False; + } + + if (sys_getgrouplist(user, primary_gid, temp_groups, &max_grp) == -1) { + + gid_t *groups_tmp; + + groups_tmp = Realloc(temp_groups, sizeof(gid_t) * max_grp); + + if (!groups_tmp) { + SAFE_FREE(temp_groups); + return False; + } + temp_groups = groups_tmp; + + if (sys_getgrouplist(user, primary_gid, + temp_groups, &max_grp) == -1) { + DEBUG(0, ("get_user_groups: failed to get the unix " + "group list\n")); + SAFE_FREE(temp_groups); + return False; + } + } + + ngrp = 0; + groups = NULL; + + /* Add in primary group first */ + add_gid_to_array_unique(primary_gid, &groups, &ngrp); + + for (i=0; i Date: Tue, 7 Dec 2004 18:25:53 +0000 Subject: r4088: Get medieval on our ass about malloc.... :-). Take control of all our allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a) --- source3/lib/system_smbd.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/lib/system_smbd.c') diff --git a/source3/lib/system_smbd.c b/source3/lib/system_smbd.c index fd2ed24a17..eed607ee8f 100644 --- a/source3/lib/system_smbd.c +++ b/source3/lib/system_smbd.c @@ -53,7 +53,7 @@ static int getgrouplist_internals(const char *user, gid_t gid, gid_t *groups, in return -1; } - gids_saved = (gid_t *)malloc(sizeof(gid_t) * (ngrp_saved+1)); + gids_saved = SMB_MALLOC_ARRAY(gid_t, ngrp_saved+1); if (!gids_saved) { errno = ENOMEM; return -1; @@ -149,7 +149,7 @@ BOOL getgroups_user(const char *user, gid_t primary_gid, int i; max_grp = groups_max(); - temp_groups = (gid_t *)malloc(sizeof(gid_t) * max_grp); + temp_groups = SMB_MALLOC_ARRAY(gid_t, max_grp); if (! temp_groups) { return False; } @@ -158,7 +158,7 @@ BOOL getgroups_user(const char *user, gid_t primary_gid, gid_t *groups_tmp; - groups_tmp = Realloc(temp_groups, sizeof(gid_t) * max_grp); + groups_tmp = SMB_REALLOC_ARRAY(temp_groups, gid_t, max_grp); if (!groups_tmp) { SAFE_FREE(temp_groups); @@ -207,7 +207,7 @@ NTSTATUS pdb_default_enum_group_memberships(struct pdb_methods *methods, smb_panic("primary group missing"); } - *sids = malloc(sizeof(**sids) * *num_groups); + *sids = SMB_MALLOC_ARRAY(DOM_SID, *num_groups); if (*sids == NULL) { SAFE_FREE(gids); -- cgit From 3924332071abde0c173a8e6e443a7d57fdee4548 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 31 Jan 2005 09:27:12 +0000 Subject: r5127: Fix Bug 2289 -- thanks to jason@ncac.gwu.edu (This used to be commit 8c35c3bf2ed65d2b93feb0f419e1c7785fba7764) --- source3/lib/system_smbd.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/lib/system_smbd.c') diff --git a/source3/lib/system_smbd.c b/source3/lib/system_smbd.c index eed607ee8f..c83eecf173 100644 --- a/source3/lib/system_smbd.c +++ b/source3/lib/system_smbd.c @@ -111,13 +111,12 @@ static int getgrouplist_internals(const char *user, gid_t gid, gid_t *groups, in static int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grpcnt) { - char *p; int retval; DEBUG(10,("sys_getgrouplist: user [%s]\n", user)); /* see if we should disable winbindd lookups for local users */ - if ( (p = strchr(user, *lp_winbind_separator())) == NULL ) { + if (strchr(user, *lp_winbind_separator()) == NULL) { if ( !winbind_off() ) DEBUG(0,("sys_getgroup_list: Insufficient environment space for %s\n", WINBINDD_DONT_ENV)); -- cgit From e84ead0cfdc5e45a577387cc54dceb4c3f32948a Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 27 Mar 2005 16:33:04 +0000 Subject: r6080: Port some of the non-critical changes from HEAD to 3_0. The main one is the change in pdb_enum_alias_memberships to match samr.idl a bit closer. Volker (This used to be commit 3a6786516957d9f67af6d53a3167c88aa272972f) --- source3/lib/system_smbd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/lib/system_smbd.c') diff --git a/source3/lib/system_smbd.c b/source3/lib/system_smbd.c index c83eecf173..f124983006 100644 --- a/source3/lib/system_smbd.c +++ b/source3/lib/system_smbd.c @@ -178,10 +178,10 @@ BOOL getgroups_user(const char *user, gid_t primary_gid, groups = NULL; /* Add in primary group first */ - add_gid_to_array_unique(primary_gid, &groups, &ngrp); + add_gid_to_array_unique(NULL, primary_gid, &groups, &ngrp); for (i=0; i Date: Tue, 18 Oct 2005 03:24:00 +0000 Subject: r11137: Compile with only 2 warnings (I'm still working on that code) on a gcc4 x86_64 box. Jeremy. (This used to be commit d720867a788c735e56d53d63265255830ec21208) --- source3/lib/system_smbd.c | 105 ++++++++++++++++++++++++++++++++++------------ 1 file changed, 78 insertions(+), 27 deletions(-) (limited to 'source3/lib/system_smbd.c') diff --git a/source3/lib/system_smbd.c b/source3/lib/system_smbd.c index f124983006..1afd44b709 100644 --- a/source3/lib/system_smbd.c +++ b/source3/lib/system_smbd.c @@ -27,15 +27,58 @@ #include "includes.h" #ifndef HAVE_GETGROUPLIST + +static int int_compare( int *a, int *b ) +{ + if ( *a == *b ) + return 0; + else if ( *a < *b ) + return -1; + else + return 1; +} + +void remove_duplicate_gids( int *num_groups, gid_t *groups ) +{ + int i; + int count = *num_groups; + + if ( *num_groups <= 0 || !groups ) + return; + + DEBUG(8,("remove_duplicate_gids: Enter %d gids\n", *num_groups)); + + qsort( groups, *num_groups, sizeof(gid_t), QSORT_CAST int_compare ); + + for ( i=1; i *grpcnt) { *grpcnt = num_gids + 1; ret = -1; } else { ret = getgroups(*grpcnt - 1, &groups[1]); - if (ret >= 0) { - groups[0] = gid; - *grpcnt = ret + 1; + if (ret < 0) { + SAFE_FREE(gids_saved); + /* very strange! */ + return -1; } - - /* remove any duplicates gids in the list */ + groups[0] = gid; + *grpcnt = ret + 1; + /* remove any duplicates gids in the list */ remove_duplicate_gids( grpcnt, groups ); } @@ -103,7 +154,7 @@ static int getgrouplist_internals(const char *user, gid_t gid, gid_t *groups, in free(gids_saved); return -1; } - + free(gids_saved); return ret; } @@ -140,9 +191,10 @@ static int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grp } BOOL getgroups_user(const char *user, gid_t primary_gid, - gid_t **ret_groups, int *ngroups) + gid_t **ret_groups, size_t *p_ngroups) { - int ngrp, max_grp; + size_t ngrp; + int max_grp; gid_t *temp_groups; gid_t *groups; int i; @@ -154,9 +206,8 @@ BOOL getgroups_user(const char *user, gid_t primary_gid, } if (sys_getgrouplist(user, primary_gid, temp_groups, &max_grp) == -1) { - gid_t *groups_tmp; - + groups_tmp = SMB_REALLOC_ARRAY(temp_groups, gid_t, max_grp); if (!groups_tmp) { @@ -183,7 +234,7 @@ BOOL getgroups_user(const char *user, gid_t primary_gid, for (i=0; i Date: Fri, 16 Dec 2005 16:16:52 +0000 Subject: r12291: Make getgroups_user static. Jeremy, there's a #ifdef'ed 0 call to this in your usershare code. We need to talk about what exactly what you intend to do here and in what scenarios. Volker (This used to be commit 95094ef758089cfc62700509d45b53bc0980654d) --- source3/lib/system_smbd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/lib/system_smbd.c') diff --git a/source3/lib/system_smbd.c b/source3/lib/system_smbd.c index 1afd44b709..6c65f61ad7 100644 --- a/source3/lib/system_smbd.c +++ b/source3/lib/system_smbd.c @@ -190,8 +190,8 @@ static int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grp return retval; } -BOOL getgroups_user(const char *user, gid_t primary_gid, - gid_t **ret_groups, size_t *p_ngroups) +static BOOL getgroups_user(const char *user, gid_t primary_gid, + gid_t **ret_groups, size_t *p_ngroups) { size_t ngrp; int max_grp; -- cgit From 0af1500fc0bafe61019f1b2ab1d9e1d369221240 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 3 Feb 2006 22:19:41 +0000 Subject: r13316: Let the carnage begin.... Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f) --- source3/lib/system_smbd.c | 91 +++++++++++++---------------------------------- 1 file changed, 25 insertions(+), 66 deletions(-) (limited to 'source3/lib/system_smbd.c') diff --git a/source3/lib/system_smbd.c b/source3/lib/system_smbd.c index 6c65f61ad7..1d4f88fbb9 100644 --- a/source3/lib/system_smbd.c +++ b/source3/lib/system_smbd.c @@ -28,47 +28,6 @@ #ifndef HAVE_GETGROUPLIST -static int int_compare( int *a, int *b ) -{ - if ( *a == *b ) - return 0; - else if ( *a < *b ) - return -1; - else - return 1; -} - -void remove_duplicate_gids( int *num_groups, gid_t *groups ) -{ - int i; - int count = *num_groups; - - if ( *num_groups <= 0 || !groups ) - return; - - DEBUG(8,("remove_duplicate_gids: Enter %d gids\n", *num_groups)); - - qsort( groups, *num_groups, sizeof(gid_t), QSORT_CAST int_compare ); - - for ( i=1; i Date: Sat, 11 Feb 2006 21:27:08 +0000 Subject: r13460: by popular demand.... * remove pdb_context data structure * set default group for DOMAIN_RID_GUEST user as RID 513 (just like Windows) * Allow RID 513 to resolve to always resolve to a name * Remove auto mapping of guest account primary group given the previous 2 changes (This used to be commit 7a2da5f0cc05c1920c664c9a690a23bdf854e285) --- source3/lib/system_smbd.c | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) (limited to 'source3/lib/system_smbd.c') diff --git a/source3/lib/system_smbd.c b/source3/lib/system_smbd.c index 1d4f88fbb9..3fc2d69a03 100644 --- a/source3/lib/system_smbd.c +++ b/source3/lib/system_smbd.c @@ -209,9 +209,30 @@ NTSTATUS pdb_default_enum_group_memberships(struct pdb_methods *methods, size_t i; gid_t gid; - if (!sid_to_gid(pdb_get_group_sid(user), &gid)) { - DEBUG(10, ("sid_to_gid failed\n")); - return NT_STATUS_NO_SUCH_USER; + if ( !sid_to_gid(pdb_get_group_sid(user), &gid) ) + { + uint32 rid; + struct passwd *pwd; + + /* second try, allow the DOMAIN_USERS group to pass */ + + if ( !sid_peek_check_rid( get_global_sam_sid(), pdb_get_group_sid(user), &rid ) ) + return NT_STATUS_NO_SUCH_USER; + + if ( rid != DOMAIN_GROUP_RID_USERS ) { + DEBUG(10, ("sid_to_gid failed\n")); + return NT_STATUS_NO_SUCH_USER; + } + + DEBUG(5,("pdb_default_enum_group_memberships: sid_to_gid() failed but giving " + "free pass to 'Domain Users' as primary group\n")); + + if ( !(pwd = getpwnam_alloc( NULL, pdb_get_username(user) ) ) ) + return NT_STATUS_NO_SUCH_USER; + + gid = pwd->pw_gid; + + TALLOC_FREE( pwd ); } if (!getgroups_unix_user(mem_ctx, pdb_get_username(user), gid, -- cgit From 301d51e13a1aa4e633e2da161b0dd260a8a499cd Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 13 Feb 2006 17:08:25 +0000 Subject: r13494: Merge the stuff I've done in head the last days. Volker (This used to be commit bb40e544de68f01a6e774753f508e69373b39899) --- source3/lib/system_smbd.c | 77 ++++++----------------------------------------- 1 file changed, 10 insertions(+), 67 deletions(-) (limited to 'source3/lib/system_smbd.c') diff --git a/source3/lib/system_smbd.c b/source3/lib/system_smbd.c index 3fc2d69a03..081a07c019 100644 --- a/source3/lib/system_smbd.c +++ b/source3/lib/system_smbd.c @@ -123,14 +123,16 @@ static int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grp DEBUG(10,("sys_getgrouplist: user [%s]\n", user)); - /* see if we should disable winbindd lookups for local users */ - if (strchr(user, *lp_winbind_separator()) == NULL) { - if ( !winbind_off() ) - DEBUG(0,("sys_getgroup_list: Insufficient environment space " - "for %s\n", WINBINDD_DONT_ENV)); - else - DEBUG(10,("sys_getgrouplist(): disabled winbindd for group " - "lookup [user == %s]\n", user)); + /* This is only ever called for Unix users, remote memberships are + * always determined by the info3 coming back from auth3 or the + * PAC. */ + + if ( !winbind_off() ) { + DEBUG(0,("sys_getgroup_list: Insufficient environment space " + "for %s\n", WINBINDD_DONT_ENV)); + } else { + DEBUG(10,("sys_getgrouplist(): disabled winbindd for group " + "lookup [user == %s]\n", user)); } #ifdef HAVE_GETGROUPLIST @@ -198,62 +200,3 @@ BOOL getgroups_unix_user(TALLOC_CTX *mem_ctx, const char *user, SAFE_FREE(temp_groups); return True; } - -NTSTATUS pdb_default_enum_group_memberships(struct pdb_methods *methods, - TALLOC_CTX *mem_ctx, - SAM_ACCOUNT *user, - DOM_SID **pp_sids, - gid_t **pp_gids, - size_t *p_num_groups) -{ - size_t i; - gid_t gid; - - if ( !sid_to_gid(pdb_get_group_sid(user), &gid) ) - { - uint32 rid; - struct passwd *pwd; - - /* second try, allow the DOMAIN_USERS group to pass */ - - if ( !sid_peek_check_rid( get_global_sam_sid(), pdb_get_group_sid(user), &rid ) ) - return NT_STATUS_NO_SUCH_USER; - - if ( rid != DOMAIN_GROUP_RID_USERS ) { - DEBUG(10, ("sid_to_gid failed\n")); - return NT_STATUS_NO_SUCH_USER; - } - - DEBUG(5,("pdb_default_enum_group_memberships: sid_to_gid() failed but giving " - "free pass to 'Domain Users' as primary group\n")); - - if ( !(pwd = getpwnam_alloc( NULL, pdb_get_username(user) ) ) ) - return NT_STATUS_NO_SUCH_USER; - - gid = pwd->pw_gid; - - TALLOC_FREE( pwd ); - } - - if (!getgroups_unix_user(mem_ctx, pdb_get_username(user), gid, - pp_gids, p_num_groups)) { - return NT_STATUS_NO_SUCH_USER; - } - - if (*p_num_groups == 0) { - smb_panic("primary group missing"); - } - - *pp_sids = TALLOC_ARRAY(mem_ctx, DOM_SID, *p_num_groups); - - if (*pp_sids == NULL) { - talloc_free(*pp_gids); - return NT_STATUS_NO_MEMORY; - } - - for (i=0; i<*p_num_groups; i++) { - gid_to_sid(&(*pp_sids)[i], (*pp_gids)[i]); - } - - return NT_STATUS_OK; -} -- cgit From 894358a8f3e338b339b6c37233edef794b312087 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 7 Mar 2006 06:31:04 +0000 Subject: r13915: Fixed a very interesting class of realloc() bugs found by Coverity. realloc can return NULL in one of two cases - (1) the realloc failed, (2) realloc succeeded but the new size requested was zero, in which case this is identical to a free() call. The error paths dealing with these two cases should be different, but mostly weren't. Secondly the standard idiom for dealing with realloc when you know the new size is non-zero is the following : tmp = realloc(p, size); if (!tmp) { SAFE_FREE(p); return error; } else { p = tmp; } However, there were *many* *many* places in Samba where we were using the old (broken) idiom of : p = realloc(p, size) if (!p) { return error; } which will leak the memory pointed to by p on realloc fail. This commit (hopefully) fixes all these cases by moving to a standard idiom of : p = SMB_REALLOC(p, size) if (!p) { return error; } Where if the realloc returns null due to the realloc failing or size == 0 we *guarentee* that the storage pointed to by p has been freed. This allows me to remove a lot of code that was dealing with the standard (more verbose) method that required a tmp pointer. This is almost always what you want. When a realloc fails you never usually want the old memory, you want to free it and get into your error processing asap. For the 11 remaining cases where we really do need to keep the old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR, which can be used as follows : tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size); if (!tmp) { SAFE_FREE(p); return error; } else { p = tmp; } SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the pointer p, even on size == 0 or realloc fail. All this is done by a hidden extra argument to Realloc(), BOOL free_old_on_error which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR macros (and their array counterparts). It remains to be seen what this will do to our Coverity bug count :-). Jeremy. (This used to be commit 1d710d06a214f3f1740e80e0bffd6aab44aac2b0) --- source3/lib/system_smbd.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) (limited to 'source3/lib/system_smbd.c') diff --git a/source3/lib/system_smbd.c b/source3/lib/system_smbd.c index 081a07c019..c627ae6270 100644 --- a/source3/lib/system_smbd.c +++ b/source3/lib/system_smbd.c @@ -166,15 +166,10 @@ BOOL getgroups_unix_user(TALLOC_CTX *mem_ctx, const char *user, } if (sys_getgrouplist(user, primary_gid, temp_groups, &max_grp) == -1) { - gid_t *groups_tmp; - - groups_tmp = SMB_REALLOC_ARRAY(temp_groups, gid_t, max_grp); - - if (!groups_tmp) { - SAFE_FREE(temp_groups); + temp_groups = SMB_REALLOC_ARRAY(temp_groups, gid_t, max_grp); + if (!temp_groups) { return False; } - temp_groups = groups_tmp; if (sys_getgrouplist(user, primary_gid, temp_groups, &max_grp) == -1) { -- cgit From 6c9eaa6880897aabbc56ad3d7bd73dfc69f926f9 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Sun, 2 Apr 2006 06:25:11 +0000 Subject: r14855: Various fixes: * depreacte 'acl group control' after discussion with Jeremy and implement functionality as part of 'dos filemode' * fix winbindd on a non-member server to expand local groups * prevent code previously only used by smbd from blindly turning _NO_WINBINDD back on (This used to be commit 4ab372f4cab22225716b5c9a9a08f0c1dbc9928d) --- source3/lib/system_smbd.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'source3/lib/system_smbd.c') diff --git a/source3/lib/system_smbd.c b/source3/lib/system_smbd.c index c627ae6270..ac7a096295 100644 --- a/source3/lib/system_smbd.c +++ b/source3/lib/system_smbd.c @@ -120,14 +120,19 @@ static int getgrouplist_internals(const char *user, gid_t gid, gid_t *groups, static int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grpcnt) { int retval; + char *winbindd_env; DEBUG(10,("sys_getgrouplist: user [%s]\n", user)); + + /* Save the winbindd state and not just blindly turn it back on */ + + winbindd_env = getenv(WINBINDD_DONT_ENV); /* This is only ever called for Unix users, remote memberships are * always determined by the info3 coming back from auth3 or the * PAC. */ - if ( !winbind_off() ) { + if ( !winbind_putenv("0") ) { DEBUG(0,("sys_getgroup_list: Insufficient environment space " "for %s\n", WINBINDD_DONT_ENV)); } else { @@ -144,7 +149,8 @@ static int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grp #endif /* allow winbindd lookups */ - winbind_on(); + + winbind_putenv( winbindd_env ? winbindd_env : "1" ); return retval; } -- cgit From e4998337e75c5e9debe914ff4eb2c0b0fa97c156 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Sun, 2 Apr 2006 19:45:42 +0000 Subject: r14868: I will not write code when changing to Daylight Savings Time. I will not write code when changing to Daylight Savings Time. I will not write code when changing to Daylight Savings Time. I will not write code when changing to Daylight Savings Time. I will not write code when changing to Daylight Savings Time. I will not write code when changing to Daylight Savings Time. I will not write code when changing to Daylight Savings Time. I will not write code when changing to Daylight Savings Time. I will not write code when changing to Daylight Savings Time. ... Fix my brain dead inverted logic for turning winbindd on and off when run on a DC or when calling pdb functions from within winbindd. (This used to be commit 021b3dc2db9fb422ede4657a1f27ef7ef2d22cee) --- source3/lib/system_smbd.c | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) (limited to 'source3/lib/system_smbd.c') diff --git a/source3/lib/system_smbd.c b/source3/lib/system_smbd.c index ac7a096295..afa64489cf 100644 --- a/source3/lib/system_smbd.c +++ b/source3/lib/system_smbd.c @@ -132,13 +132,7 @@ static int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grp * always determined by the info3 coming back from auth3 or the * PAC. */ - if ( !winbind_putenv("0") ) { - DEBUG(0,("sys_getgroup_list: Insufficient environment space " - "for %s\n", WINBINDD_DONT_ENV)); - } else { - DEBUG(10,("sys_getgrouplist(): disabled winbindd for group " - "lookup [user == %s]\n", user)); - } + winbind_off() ; #ifdef HAVE_GETGROUPLIST retval = getgrouplist(user, gid, groups, grpcnt); @@ -148,10 +142,12 @@ static int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grp unbecome_root(); #endif - /* allow winbindd lookups */ + /* allow winbindd lookups , but only if they were not already disabled */ + + if ( !(winbindd_env && strequal(winbindd_env, "1")) ) { + winbind_on(); + } - winbind_putenv( winbindd_env ? winbindd_env : "1" ); - return retval; } -- cgit From 2145eff91d5b7e16ee486b410181f4b849a3fb9e Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 19 Oct 2006 22:34:58 +0000 Subject: r19419: BUG 4109: Patch from Timur Bakeyev. Fix bug causing smbd to turn off winbindd and fail to disable the _NO_WINBIND environment. (This used to be commit a6366b40b3967853c20ca5399021108f09ffd505) --- source3/lib/system_smbd.c | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) (limited to 'source3/lib/system_smbd.c') diff --git a/source3/lib/system_smbd.c b/source3/lib/system_smbd.c index afa64489cf..fc506c901d 100644 --- a/source3/lib/system_smbd.c +++ b/source3/lib/system_smbd.c @@ -120,19 +120,15 @@ static int getgrouplist_internals(const char *user, gid_t gid, gid_t *groups, static int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grpcnt) { int retval; - char *winbindd_env; + BOOL winbind_env; DEBUG(10,("sys_getgrouplist: user [%s]\n", user)); - /* Save the winbindd state and not just blindly turn it back on */ - - winbindd_env = getenv(WINBINDD_DONT_ENV); - /* This is only ever called for Unix users, remote memberships are * always determined by the info3 coming back from auth3 or the * PAC. */ - - winbind_off() ; + winbind_env = winbind_env_set(); + winbind_off(); #ifdef HAVE_GETGROUPLIST retval = getgrouplist(user, gid, groups, grpcnt); @@ -142,9 +138,8 @@ static int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grp unbecome_root(); #endif - /* allow winbindd lookups , but only if they were not already disabled */ - - if ( !(winbindd_env && strequal(winbindd_env, "1")) ) { + /* allow winbindd lookups, but only if they were not already disabled */ + if (!winbind_env) { winbind_on(); } -- cgit From 63609fbb04d2ce620338b4b79e7c1abf39f08ef8 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 9 Dec 2006 02:58:18 +0000 Subject: r20090: Fix a class of bugs found by James Peach. Ensure we never mix malloc and talloc'ed contexts in the add_XX_to_array() and add_XX_to_array_unique() calls. Ensure that these calls always return False on out of memory, True otherwise and always check them. Ensure that the relevent parts of the conn struct and the nt_user_tokens are TALLOC_DESTROYED not SAFE_FREE'd. James - this should fix your crash bug in both branches. Jeremy. (This used to be commit 0ffca7559e07500bd09a64b775e230d448ce5c24) --- source3/lib/system_smbd.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) (limited to 'source3/lib/system_smbd.c') diff --git a/source3/lib/system_smbd.c b/source3/lib/system_smbd.c index fc506c901d..509b2bbcb1 100644 --- a/source3/lib/system_smbd.c +++ b/source3/lib/system_smbd.c @@ -181,11 +181,18 @@ BOOL getgroups_unix_user(TALLOC_CTX *mem_ctx, const char *user, groups = NULL; /* Add in primary group first */ - add_gid_to_array_unique(mem_ctx, primary_gid, &groups, &ngrp); + if (!add_gid_to_array_unique(mem_ctx, primary_gid, &groups, &ngrp)) { + SAFE_FREE(temp_groups); + return False; + } - for (i=0; i Date: Fri, 8 Jun 2007 22:25:55 +0000 Subject: r23393: Support BSD group semantics by making sure that the effective GID is always passed as the first GID when calling setgroups(2). (This used to be commit 6ebaf856c1d27f2fbfa0444a5c6c17c4331d2780) --- source3/lib/system_smbd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/system_smbd.c') diff --git a/source3/lib/system_smbd.c b/source3/lib/system_smbd.c index 509b2bbcb1..0d62360ca6 100644 --- a/source3/lib/system_smbd.c +++ b/source3/lib/system_smbd.c @@ -104,7 +104,7 @@ static int getgrouplist_internals(const char *user, gid_t gid, gid_t *groups, restore_re_gid(); - if (sys_setgroups(ngrp_saved, gids_saved) != 0) { + if (sys_setgroups(gid, ngrp_saved, gids_saved) != 0) { /* yikes! */ DEBUG(0,("ERROR: getgrouplist: failed to reset group list!\n")); smb_panic("getgrouplist: failed to reset group list!\n"); -- cgit From b1ce226af8b61ad7e3c37860a59c6715012e738b Mon Sep 17 00:00:00 2001 From: James Peach Date: Fri, 15 Jun 2007 21:58:49 +0000 Subject: r23510: Tidy calls to smb_panic by removing trailing newlines. Print the failed expression in SMB_ASSERT. (This used to be commit 171dc060e2a576d724eed1ca65636bdafffd7713) --- source3/lib/system_smbd.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'source3/lib/system_smbd.c') diff --git a/source3/lib/system_smbd.c b/source3/lib/system_smbd.c index 0d62360ca6..8159f3a3b5 100644 --- a/source3/lib/system_smbd.c +++ b/source3/lib/system_smbd.c @@ -107,9 +107,7 @@ static int getgrouplist_internals(const char *user, gid_t gid, gid_t *groups, if (sys_setgroups(gid, ngrp_saved, gids_saved) != 0) { /* yikes! */ DEBUG(0,("ERROR: getgrouplist: failed to reset group list!\n")); - smb_panic("getgrouplist: failed to reset group list!\n"); - free(gids_saved); - return -1; + smb_panic("getgrouplist: failed to reset group list!"); } free(gids_saved); -- cgit From 5e8a4c12f9617d7e7b2c392eddc1ced613a561fe Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 17 Jun 2007 05:19:30 +0000 Subject: r23528: Two changes to make the valgrind massif (heap profiler) output readable: Remove the allocated inbuf/output. In async I/O we copy the buffers explicitly now, so NewInBuffer is called exactly once. This does not reduce memory footprint, but removes one of the larger chunks that clobber the rest of the massif output In getgroups_unix_user on Linux 2.6 we allocated 64k groups x 4 bytes per group x 2 (once in the routine itself and once in libc) = 512k just to throw it away directly again. This reduces it do a more typical limit of 32 groups per user. We certainly cope with overflow fine if 32 is not enough. Not 100% sure about this one, a DEVELOPER only thing? (This used to be commit 009af0909944e0f303c5d496b56fb65ca40a41d5) --- source3/lib/system_smbd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/system_smbd.c') diff --git a/source3/lib/system_smbd.c b/source3/lib/system_smbd.c index 8159f3a3b5..ffdd8eeed0 100644 --- a/source3/lib/system_smbd.c +++ b/source3/lib/system_smbd.c @@ -154,7 +154,7 @@ BOOL getgroups_unix_user(TALLOC_CTX *mem_ctx, const char *user, gid_t *groups; int i; - max_grp = groups_max(); + max_grp = MIN(32, groups_max()); temp_groups = SMB_MALLOC_ARRAY(gid_t, max_grp); if (! temp_groups) { return False; -- cgit From d824b98f80ba186030cbb70b3a1e5daf80469ecd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 9 Jul 2007 19:25:36 +0000 Subject: r23779: Change from v2 or later to v3 or later. Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3) --- source3/lib/system_smbd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/system_smbd.c') diff --git a/source3/lib/system_smbd.c b/source3/lib/system_smbd.c index ffdd8eeed0..42178057c3 100644 --- a/source3/lib/system_smbd.c +++ b/source3/lib/system_smbd.c @@ -6,7 +6,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, -- cgit From 5e54558c6dea67b56bbfaba5698f3a434d3dffb6 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 00:52:41 +0000 Subject: r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text (This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07) --- source3/lib/system_smbd.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/lib/system_smbd.c') diff --git a/source3/lib/system_smbd.c b/source3/lib/system_smbd.c index 42178057c3..c6b006a07e 100644 --- a/source3/lib/system_smbd.c +++ b/source3/lib/system_smbd.c @@ -15,8 +15,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ /* -- cgit From 30191d1a5704ad2b158386b511558972d539ce47 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 18 Oct 2007 17:40:25 -0700 Subject: RIP BOOL. Convert BOOL -> bool. I found a few interesting bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f) --- source3/lib/system_smbd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/lib/system_smbd.c') diff --git a/source3/lib/system_smbd.c b/source3/lib/system_smbd.c index c6b006a07e..9d3eb95664 100644 --- a/source3/lib/system_smbd.c +++ b/source3/lib/system_smbd.c @@ -117,7 +117,7 @@ static int getgrouplist_internals(const char *user, gid_t gid, gid_t *groups, static int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grpcnt) { int retval; - BOOL winbind_env; + bool winbind_env; DEBUG(10,("sys_getgrouplist: user [%s]\n", user)); @@ -143,7 +143,7 @@ static int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grp return retval; } -BOOL getgroups_unix_user(TALLOC_CTX *mem_ctx, const char *user, +bool getgroups_unix_user(TALLOC_CTX *mem_ctx, const char *user, gid_t primary_gid, gid_t **ret_groups, size_t *p_ngroups) { -- cgit From cedfcaec0c36b58a88eaaa60283a807e0a8a71fc Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 11 Feb 2008 18:35:58 +0100 Subject: nsswitch: convert winbind_env_set(), winbind_on() and winbind_off() into macros metze (This used to be commit 5f623f54a919cc687d0ff16c16038c05a501008d) --- source3/lib/system_smbd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/lib/system_smbd.c') diff --git a/source3/lib/system_smbd.c b/source3/lib/system_smbd.c index 9d3eb95664..1f5dd3172f 100644 --- a/source3/lib/system_smbd.c +++ b/source3/lib/system_smbd.c @@ -125,7 +125,7 @@ static int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grp * always determined by the info3 coming back from auth3 or the * PAC. */ winbind_env = winbind_env_set(); - winbind_off(); + (void)winbind_off(); #ifdef HAVE_GETGROUPLIST retval = getgrouplist(user, gid, groups, grpcnt); @@ -137,7 +137,7 @@ static int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grp /* allow winbindd lookups, but only if they were not already disabled */ if (!winbind_env) { - winbind_on(); + (void)winbind_on(); } return retval; -- cgit