svn commit: samba r22978 - in branches: SAMBA_3_0/source/smbd SAMBA_3_0_25/source/smbd SAMBA_3_0_26/source/smbd

jerry at samba.org jerry at samba.org
Thu May 17 22:27:43 GMT 2007


Author: jerry
Date: 2007-05-17 22:27:42 +0000 (Thu, 17 May 2007)
New Revision: 22978

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=22978

Log:
Don't use current_user to prep the security ctx in change_to_user 
since any SID/uid/gid translation calls will reset the struct when 
popping the security ctx.  This should fix the standalone server
configuration issues reported by David Rankin (thanks for the logs).



Modified:
   branches/SAMBA_3_0/source/smbd/uid.c
   branches/SAMBA_3_0_25/source/smbd/uid.c
   branches/SAMBA_3_0_26/source/smbd/uid.c


Changeset:
Modified: branches/SAMBA_3_0/source/smbd/uid.c
===================================================================
--- branches/SAMBA_3_0/source/smbd/uid.c	2007-05-17 19:56:54 UTC (rev 22977)
+++ branches/SAMBA_3_0/source/smbd/uid.c	2007-05-17 22:27:42 UTC (rev 22978)
@@ -156,7 +156,9 @@
 	char group_c;
 	BOOL must_free_token = False;
 	NT_USER_TOKEN *token = NULL;
-
+	int num_groups = 0;
+	gid_t *group_list = NULL;
+	
 	if (!conn) {
 		DEBUG(2,("change_to_user: Connection not open\n"));
 		return(False);
@@ -195,14 +197,14 @@
 	if (conn->force_user) /* security = share sets this too */ {
 		uid = conn->uid;
 		gid = conn->gid;
-		current_user.ut.groups = conn->groups;
-		current_user.ut.ngroups = conn->ngroups;
+	        group_list = conn->groups;
+		num_groups = conn->ngroups;
 		token = conn->nt_user_token;
 	} else if (vuser) {
 		uid = conn->admin_user ? 0 : vuser->uid;
 		gid = vuser->gid;
-		current_user.ut.ngroups = vuser->n_groups;
-		current_user.ut.groups  = vuser->groups;
+		num_groups = vuser->n_groups;
+		group_list  = vuser->groups;
 		token = vuser->nt_user_token;
 	} else {
 		DEBUG(2,("change_to_user: Invalid vuid used %d in accessing "
@@ -235,8 +237,8 @@
 			 */
 
 			int i;
-			for (i = 0; i < current_user.ut.ngroups; i++) {
-				if (current_user.ut.groups[i] == conn->gid) {
+			for (i = 0; i < num_groups; i++) {
+				if (group_list[i] == conn->gid) {
 					gid = conn->gid;
 					gid_to_sid(&token->user_sids[1], gid);
 					break;
@@ -248,6 +250,12 @@
 		}
 	}
 	
+	/* Now set current_user since we will immediately also call
+	   set_sec_ctx() */
+
+	current_user.ut.ngroups = num_groups;
+	current_user.ut.groups  = group_list;	
+
 	set_sec_ctx(uid, gid, current_user.ut.ngroups, current_user.ut.groups,
 		    token);
 

Modified: branches/SAMBA_3_0_25/source/smbd/uid.c
===================================================================
--- branches/SAMBA_3_0_25/source/smbd/uid.c	2007-05-17 19:56:54 UTC (rev 22977)
+++ branches/SAMBA_3_0_25/source/smbd/uid.c	2007-05-17 22:27:42 UTC (rev 22978)
@@ -156,7 +156,9 @@
 	char group_c;
 	BOOL must_free_token = False;
 	NT_USER_TOKEN *token = NULL;
-
+	int num_groups = 0;
+	gid_t *group_list = NULL;
+	
 	if (!conn) {
 		DEBUG(2,("change_to_user: Connection not open\n"));
 		return(False);
@@ -195,14 +197,14 @@
 	if (conn->force_user) /* security = share sets this too */ {
 		uid = conn->uid;
 		gid = conn->gid;
-		current_user.ut.groups = conn->groups;
-		current_user.ut.ngroups = conn->ngroups;
+	        group_list = conn->groups;
+		num_groups = conn->ngroups;
 		token = conn->nt_user_token;
 	} else if (vuser) {
 		uid = conn->admin_user ? 0 : vuser->uid;
 		gid = vuser->gid;
-		current_user.ut.ngroups = vuser->n_groups;
-		current_user.ut.groups  = vuser->groups;
+		num_groups = vuser->n_groups;
+		group_list  = vuser->groups;
 		token = vuser->nt_user_token;
 	} else {
 		DEBUG(2,("change_to_user: Invalid vuid used %d in accessing "
@@ -235,8 +237,8 @@
 			 */
 
 			int i;
-			for (i = 0; i < current_user.ut.ngroups; i++) {
-				if (current_user.ut.groups[i] == conn->gid) {
+			for (i = 0; i < num_groups; i++) {
+				if (group_list[i] == conn->gid) {
 					gid = conn->gid;
 					gid_to_sid(&token->user_sids[1], gid);
 					break;
@@ -248,6 +250,12 @@
 		}
 	}
 	
+	/* Now set current_user since we will immediately also call
+	   set_sec_ctx() */
+
+	current_user.ut.ngroups = num_groups;
+	current_user.ut.groups  = group_list;	
+
 	set_sec_ctx(uid, gid, current_user.ut.ngroups, current_user.ut.groups,
 		    token);
 

Modified: branches/SAMBA_3_0_26/source/smbd/uid.c
===================================================================
--- branches/SAMBA_3_0_26/source/smbd/uid.c	2007-05-17 19:56:54 UTC (rev 22977)
+++ branches/SAMBA_3_0_26/source/smbd/uid.c	2007-05-17 22:27:42 UTC (rev 22978)
@@ -156,7 +156,9 @@
 	char group_c;
 	BOOL must_free_token = False;
 	NT_USER_TOKEN *token = NULL;
-
+	int num_groups = 0;
+	gid_t *group_list = NULL;
+	
 	if (!conn) {
 		DEBUG(2,("change_to_user: Connection not open\n"));
 		return(False);
@@ -195,14 +197,14 @@
 	if (conn->force_user) /* security = share sets this too */ {
 		uid = conn->uid;
 		gid = conn->gid;
-		current_user.ut.groups = conn->groups;
-		current_user.ut.ngroups = conn->ngroups;
+	        group_list = conn->groups;
+		num_groups = conn->ngroups;
 		token = conn->nt_user_token;
 	} else if (vuser) {
 		uid = conn->admin_user ? 0 : vuser->uid;
 		gid = vuser->gid;
-		current_user.ut.ngroups = vuser->n_groups;
-		current_user.ut.groups  = vuser->groups;
+		num_groups = vuser->n_groups;
+		group_list  = vuser->groups;
 		token = vuser->nt_user_token;
 	} else {
 		DEBUG(2,("change_to_user: Invalid vuid used %d in accessing "
@@ -235,8 +237,8 @@
 			 */
 
 			int i;
-			for (i = 0; i < current_user.ut.ngroups; i++) {
-				if (current_user.ut.groups[i] == conn->gid) {
+			for (i = 0; i < num_groups; i++) {
+				if (group_list[i] == conn->gid) {
 					gid = conn->gid;
 					gid_to_sid(&token->user_sids[1], gid);
 					break;
@@ -248,6 +250,12 @@
 		}
 	}
 	
+	/* Now set current_user since we will immediately also call
+	   set_sec_ctx() */
+
+	current_user.ut.ngroups = num_groups;
+	current_user.ut.groups  = group_list;	
+
 	set_sec_ctx(uid, gid, current_user.ut.ngroups, current_user.ut.groups,
 		    token);
 



More information about the samba-cvs mailing list