[SCM] Samba Shared Repository - branch master updated
Stefan Metzmacher
metze at samba.org
Tue Oct 18 02:40:03 MDT 2011
The branch, master has been updated
via 9b407ee s4:auth/unix_token: match s3 behavior and add uid/gid to the groups array
from 5954a37 lib/param: Remove parameters for wins and spoolss databases
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 9b407ee6d54601aca8ee157c9afc2a1d3e9b07ed
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Oct 17 14:20:45 2011 +0200
s4:auth/unix_token: match s3 behavior and add uid/gid to the groups array
If mappings use ID_TYPE_BOTH.
metze
Autobuild-User: Stefan Metzmacher <metze at samba.org>
Autobuild-Date: Tue Oct 18 10:39:54 CEST 2011 on sn-devel-104
-----------------------------------------------------------------------
Summary of changes:
source4/auth/unix_token.c | 48 +++++++++++++++++++++++++++++---------------
1 files changed, 31 insertions(+), 17 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/auth/unix_token.c b/source4/auth/unix_token.c
index b7657aa..765bf06 100644
--- a/source4/auth/unix_token.c
+++ b/source4/auth/unix_token.c
@@ -33,28 +33,27 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx,
struct security_token *token,
struct security_unix_token **sec)
{
- int i;
+ uint32_t s, g;
NTSTATUS status;
struct id_map *ids;
struct composite_context *ctx;
- *sec = talloc(mem_ctx, struct security_unix_token);
/* we can't do unix security without a user and group */
if (token->num_sids < 2) {
return NT_STATUS_ACCESS_DENIED;
}
- ids = talloc_array(mem_ctx, struct id_map, token->num_sids);
- NT_STATUS_HAVE_NO_MEMORY(ids);
+ *sec = talloc_zero(mem_ctx, struct security_unix_token);
+ if (*sec == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
- (*sec)->ngroups = token->num_sids - 2;
- (*sec)->groups = talloc_array(*sec, gid_t, (*sec)->ngroups);
- NT_STATUS_HAVE_NO_MEMORY((*sec)->groups);
+ ids = talloc_zero_array(mem_ctx, struct id_map, token->num_sids);
+ NT_STATUS_HAVE_NO_MEMORY(ids);
- for (i=0;i<token->num_sids;i++) {
- ZERO_STRUCT(ids[i].xid);
- ids[i].sid = &token->sids[i];
- ids[i].status = ID_UNKNOWN;
+ for (s=0; s < token->num_sids; s++) {
+ ids[s].sid = &token->sids[s];
+ ids[s].status = ID_UNKNOWN;
}
ctx = wbc_sids_to_xids_send(wbc_ctx, ids, token->num_sids, ids);
@@ -63,8 +62,20 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx,
status = wbc_sids_to_xids_recv(ctx, &ids);
NT_STATUS_NOT_OK_RETURN(status);
- if (ids[0].xid.type == ID_TYPE_BOTH ||
- ids[0].xid.type == ID_TYPE_UID) {
+ g = token->num_sids;
+ if (ids[0].xid.type != ID_TYPE_BOTH) {
+ g--;
+ }
+ (*sec)->ngroups = g;
+ (*sec)->groups = talloc_array(*sec, gid_t, (*sec)->ngroups);
+ NT_STATUS_HAVE_NO_MEMORY((*sec)->groups);
+
+ g=0;
+ if (ids[0].xid.type == ID_TYPE_BOTH) {
+ (*sec)->uid = ids[0].xid.id;
+ (*sec)->groups[g] = ids[0].xid.id;
+ g++;
+ } else if (ids[0].xid.type == ID_TYPE_UID) {
(*sec)->uid = ids[0].xid.id;
} else {
return NT_STATUS_INVALID_SID;
@@ -73,14 +84,17 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx,
if (ids[1].xid.type == ID_TYPE_BOTH ||
ids[1].xid.type == ID_TYPE_GID) {
(*sec)->gid = ids[1].xid.id;
+ (*sec)->groups[g] = ids[1].xid.id;
+ g++;
} else {
return NT_STATUS_INVALID_SID;
}
- for (i=0;i<(*sec)->ngroups;i++) {
- if (ids[i+2].xid.type == ID_TYPE_BOTH ||
- ids[i+2].xid.type == ID_TYPE_GID) {
- (*sec)->groups[i] = ids[i+2].xid.id;
+ for (s=2; s < token->num_sids; s++) {
+ if (ids[s].xid.type == ID_TYPE_BOTH ||
+ ids[s].xid.type == ID_TYPE_GID) {
+ (*sec)->groups[g] = ids[s].xid.id;
+ g++;
} else {
return NT_STATUS_INVALID_SID;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list