diff options
author | Stefan Metzmacher <metze@samba.org> | 2011-10-17 14:20:45 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2011-10-18 10:39:54 +0200 |
commit | 9b407ee6d54601aca8ee157c9afc2a1d3e9b07ed (patch) | |
tree | 91ea7313c76e4c205073e3edee235ec577e36d09 /source4/auth | |
parent | 5954a37997a786a8808ee2544b594a0c90f1c893 (diff) | |
download | samba-9b407ee6d54601aca8ee157c9afc2a1d3e9b07ed.tar.gz samba-9b407ee6d54601aca8ee157c9afc2a1d3e9b07ed.tar.xz samba-9b407ee6d54601aca8ee157c9afc2a1d3e9b07ed.zip |
s4:auth/unix_token: match s3 behavior and add uid/gid to the groups array
If mappings use ID_TYPE_BOTH.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Oct 18 10:39:54 CEST 2011 on sn-devel-104
Diffstat (limited to 'source4/auth')
-rw-r--r-- | source4/auth/unix_token.c | 48 |
1 files changed, 31 insertions, 17 deletions
diff --git a/source4/auth/unix_token.c b/source4/auth/unix_token.c index b7657aad63..765bf06188 100644 --- a/source4/auth/unix_token.c +++ b/source4/auth/unix_token.c @@ -33,28 +33,27 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx, struct security_token *token, struct security_unix_token **sec) { - int i; + uint32_t s, g; NTSTATUS status; struct id_map *ids; struct composite_context *ctx; - *sec = talloc(mem_ctx, struct security_unix_token); /* we can't do unix security without a user and group */ if (token->num_sids < 2) { return NT_STATUS_ACCESS_DENIED; } - ids = talloc_array(mem_ctx, struct id_map, token->num_sids); - NT_STATUS_HAVE_NO_MEMORY(ids); + *sec = talloc_zero(mem_ctx, struct security_unix_token); + if (*sec == NULL) { + return NT_STATUS_NO_MEMORY; + } - (*sec)->ngroups = token->num_sids - 2; - (*sec)->groups = talloc_array(*sec, gid_t, (*sec)->ngroups); - NT_STATUS_HAVE_NO_MEMORY((*sec)->groups); + ids = talloc_zero_array(mem_ctx, struct id_map, token->num_sids); + NT_STATUS_HAVE_NO_MEMORY(ids); - for (i=0;i<token->num_sids;i++) { - ZERO_STRUCT(ids[i].xid); - ids[i].sid = &token->sids[i]; - ids[i].status = ID_UNKNOWN; + for (s=0; s < token->num_sids; s++) { + ids[s].sid = &token->sids[s]; + ids[s].status = ID_UNKNOWN; } ctx = wbc_sids_to_xids_send(wbc_ctx, ids, token->num_sids, ids); @@ -63,8 +62,20 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx, status = wbc_sids_to_xids_recv(ctx, &ids); NT_STATUS_NOT_OK_RETURN(status); - if (ids[0].xid.type == ID_TYPE_BOTH || - ids[0].xid.type == ID_TYPE_UID) { + g = token->num_sids; + if (ids[0].xid.type != ID_TYPE_BOTH) { + g--; + } + (*sec)->ngroups = g; + (*sec)->groups = talloc_array(*sec, gid_t, (*sec)->ngroups); + NT_STATUS_HAVE_NO_MEMORY((*sec)->groups); + + g=0; + if (ids[0].xid.type == ID_TYPE_BOTH) { + (*sec)->uid = ids[0].xid.id; + (*sec)->groups[g] = ids[0].xid.id; + g++; + } else if (ids[0].xid.type == ID_TYPE_UID) { (*sec)->uid = ids[0].xid.id; } else { return NT_STATUS_INVALID_SID; @@ -73,14 +84,17 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx, if (ids[1].xid.type == ID_TYPE_BOTH || ids[1].xid.type == ID_TYPE_GID) { (*sec)->gid = ids[1].xid.id; + (*sec)->groups[g] = ids[1].xid.id; + g++; } else { return NT_STATUS_INVALID_SID; } - for (i=0;i<(*sec)->ngroups;i++) { - if (ids[i+2].xid.type == ID_TYPE_BOTH || - ids[i+2].xid.type == ID_TYPE_GID) { - (*sec)->groups[i] = ids[i+2].xid.id; + for (s=2; s < token->num_sids; s++) { + if (ids[s].xid.type == ID_TYPE_BOTH || + ids[s].xid.type == ID_TYPE_GID) { + (*sec)->groups[g] = ids[s].xid.id; + g++; } else { return NT_STATUS_INVALID_SID; } |