Need help with become_unix_sec_ctx() setting groups
Johan Hedin
johanh at fusion.kth.se
Wed Mar 15 13:07:59 GMT 2000
I have tracked down my problem with the AFS patch to setting of groups
The new pag (c.f. previous mail "Question about groups") alter two
numerical groups. I tried to set the new groups with
conn->groups and conn->ngroups, but become_unix_sec_ctx() does still sets
the old groups before the k_setpag() call, making the AFS to use the wrong
pag. I include the part of the patch dealing with the groups. The patch is
to Samba TNG. What am I doing wrong?
TIA
Johan Hedin
--- Cut Here ---
Index: smbd/service.c
===================================================================
RCS file: /cvsroot/samba/source/smbd/service.c,v
retrieving revision 1.13.2.8
diff -u -u -r1.13.2.8 service.c
--- service.c 2000/02/17 21:04:04 1.13.2.8
+++ service.c 2000/03/15 13:04:17
@@ -34,6 +34,11 @@
extern pstring sesssetup_user;
extern fstring remote_machine;
+#ifdef RENEWABLE_AFS_TICKET
+extern struct Srvtabinfo srvtabinfo;
+/* what user is current? */
+extern struct current_user current_user;
+#endif /* RENEWABLE_AFS_TICKET */
/****************************************************************************
load parameters specific to a connection/service
@@ -508,6 +513,55 @@
}
#endif
+#ifdef RENEWABLE_AFS_TICKET
+ /* This must be done as the user */
+ if(!guest){
+ gid_t grp = 0;
+ int i;
+ char tkfile[sizeof(pstring)] = "";
+ pstrcat(tkfile, "/tmp/tkt_samba_");
+ pstrcat(tkfile, user);
+ unbecome_user();
+ unlink(tkfile);
+ become_user(conn, conn->vuid);
+ krb_set_tkt_string(tkfile);
+ /* The new pag needs to be initialized before the forking */
+ if (k_hasafs())
+ k_setpag();
+ /* We need to reread the groups
+ */
+ conn->ngroups = sys_getgroups(0,&grp);
+ if (conn->ngroups <= 0)
+ {
+ conn->ngroups = 32;
+ }
+ free(conn->groups);
+ if((conn->groups = (gid_t *)malloc(sizeof(gid_t)*conn->ngroups))
+ == NULL)
+ {
+ DEBUG(0,("setup_groups malloc fail !\n"));
+ return NULL;
+ }
+ conn->ngroups = sys_getgroups(conn->ngroups, conn->groups);
+ DEBUG(3, ("%s is in %d groups: ", user, conn->ngroups));
+ for (i = 0; i < conn->ngroups; i++)
+ {
+ DEBUG(3, ("%s%d", (i ? ", " : ""), (int)conn->groups[i]));
+ }
+ DEBUG(3, ("\n"));
+ current_user.ngroups = conn->ngroups;
+ current_user.groups = conn->groups;
+
+ /* Add uid and user name to the global AFS srvtab variables
+ and get an auto renewed AFS ticket */
+ srvtabinfo.uid = conn->uid;
+ strncpy(srvtabinfo.user, user, sizeof(srvtabinfo.user) - 1);
+ conn->afs_ticket_pid = get_renewed_ticket();
+ } else {
+ conn->afs_ticket_pid = 0;
+ }
+#endif /* RENEWABLE_AFS_TICKET */
+
add_session_user(user);
/* execute any "preexec = " line */
@@ -652,6 +706,13 @@
smbrun(cmd,NULL,False);
}
+#ifdef RENEWABLE_AFS_TICKET
+ if(conn->afs_ticket_pid != 0){
+ kill(conn->afs_ticket_pid, SIGKILL);
+ DEBUG(1,("Killing ticket renewer with pid %d\n",
+ conn->afs_ticket_pid));
+ }
+#endif /* RENEWABLE_AFS_TICKET */
conn_free(conn);
}
More information about the samba-ntdom
mailing list