summaryrefslogtreecommitdiffstats
path: root/source3/smbd/uid.c
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2001-11-03 23:34:24 +0000
committerJeremy Allison <jra@samba.org>2001-11-03 23:34:24 +0000
commitf8e2baf39eb864481dd48f61404136b325cd73c2 (patch)
tree01e73e826f6f817e7ef9dd044cd1cc919eb152d1 /source3/smbd/uid.c
parent69a59c5bbceb4ea5a766cf8e9a42392369142e91 (diff)
downloadsamba-f8e2baf39eb864481dd48f61404136b325cd73c2.tar.gz
samba-f8e2baf39eb864481dd48f61404136b325cd73c2.tar.xz
samba-f8e2baf39eb864481dd48f61404136b325cd73c2.zip
Added NT_USER_TOKEN into server_info to fix extra groups problem.
Got "medieval on our ass" about const warnings (as many as I could :-). Jeremy. (This used to be commit ee5e7ca547eff016818ba5c43b8ea0c9fa69b808)
Diffstat (limited to 'source3/smbd/uid.c')
-rw-r--r--source3/smbd/uid.c71
1 files changed, 70 insertions, 1 deletions
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index ae287cca76b..b33c9ede17f 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -181,7 +181,7 @@ BOOL change_to_user(connection_struct *conn, uint16 vuid)
if (vuser && vuser->guest)
is_guest = True;
- token = create_nt_token(uid, gid, current_user.ngroups, current_user.groups, is_guest);
+ token = create_nt_token(uid, gid, current_user.ngroups, current_user.groups, is_guest, NULL);
must_free_token = True;
}
@@ -368,6 +368,75 @@ BOOL unbecome_user(void)
}
/*****************************************************************
+ Convert the suplimentary SIDs returned in a netlogon into UNIX
+ group gid_t's. Add to the total group array.
+*****************************************************************/
+
+void add_supplementary_nt_login_groups(int *n_groups, gid_t **pp_groups, NT_USER_TOKEN **pptok)
+{
+ int total_groups;
+ int current_n_groups = *n_groups;
+ gid_t *final_groups = NULL;
+ size_t i;
+ NT_USER_TOKEN *ptok = *pptok;
+ NT_USER_TOKEN *new_tok = NULL;
+
+ if (!ptok || (ptok->num_sids == 0))
+ return;
+
+ new_tok = dup_nt_token(ptok);
+ if (!new_tok) {
+ DEBUG(0,("add_supplementary_nt_login_groups: Failed to malloc new token\n"));
+ return;
+ }
+ /* Leave the allocated space but empty the number of SIDs. */
+ new_tok->num_sids = 0;
+
+ total_groups = current_n_groups + ptok->num_sids;
+
+ final_groups = (gid_t *)malloc(total_groups * sizeof(gid_t));
+ if (!final_groups) {
+ DEBUG(0,("add_supplementary_nt_login_groups: Failed to malloc new groups.\n"));
+ delete_nt_token(&new_tok);
+ return;
+ }
+
+ memcpy(final_groups, *pp_groups, current_n_groups * sizeof(gid_t));
+ for (i = 0; i < ptok->num_sids; i++) {
+ enum SID_NAME_USE sid_type;
+ gid_t new_grp;
+
+ if (sid_to_gid(&ptok->user_sids[i], &new_grp, &sid_type)) {
+ /*
+ * Don't add the gid_t if it is already in the current group
+ * list. Some UNIXen don't like the same group more than once.
+ */
+ int j;
+
+ for (j = 0; j < current_n_groups; j++)
+ if (final_groups[j] == new_grp)
+ break;
+
+ if ( j == current_n_groups) {
+ /* Group not already present. */
+ final_groups[current_n_groups++] = new_grp;
+ }
+ } else {
+ /* SID didn't map. Copy to the new token to be saved. */
+ sid_copy(&new_tok->user_sids[new_tok->num_sids++], &ptok->user_sids[i]);
+ }
+ }
+
+ SAFE_FREE(*pp_groups);
+ *pp_groups = final_groups;
+ *n_groups = current_n_groups;
+
+ /* Replace the old token with the truncated one. */
+ delete_nt_token(&ptok);
+ *pptok = new_tok;
+}
+
+/*****************************************************************
*THE CANONICAL* convert name to SID function.
Tries winbind first - then uses local lookup.
*****************************************************************/