Need help with become_unix_sec_ctx() setting groups

Johan Hedin johanh at fusion.kth.se
Wed Mar 15 13:07:59 GMT 2000 

I have tracked down my problem with the AFS patch to setting of groups
The new pag (c.f. previous mail "Question about groups") alter two
numerical groups. I tried to set the new groups with
conn->groups and conn->ngroups, but become_unix_sec_ctx() does still sets
the old groups before the k_setpag() call, making the AFS to use the wrong
pag. I include the part of the patch dealing with the groups. The patch is
to Samba TNG. What am I doing wrong?

TIA

Johan Hedin

--- Cut Here ---

Index: smbd/service.c
===================================================================
RCS file: /cvsroot/samba/source/smbd/service.c,v
retrieving revision 1.13.2.8
diff -u -u -r1.13.2.8 service.c
--- service.c	2000/02/17 21:04:04	1.13.2.8
+++ service.c	2000/03/15 13:04:17
@@ -34,6 +34,11 @@
 extern pstring sesssetup_user;
 extern fstring remote_machine;
 
+#ifdef RENEWABLE_AFS_TICKET
+extern struct Srvtabinfo srvtabinfo;
+/* what user is current? */
+extern struct current_user current_user;
+#endif /* RENEWABLE_AFS_TICKET */
 
 /****************************************************************************
 load parameters specific to a connection/service
@@ -508,6 +513,55 @@
 	}
 #endif
 	
+#ifdef RENEWABLE_AFS_TICKET
+	/* This must be done as the user */
+	if(!guest){
+	  gid_t grp = 0;
+	  int i;
+	  char tkfile[sizeof(pstring)] = "";
+	  pstrcat(tkfile, "/tmp/tkt_samba_");
+	  pstrcat(tkfile, user);
+	  unbecome_user();
+	  unlink(tkfile);
+	  become_user(conn, conn->vuid);	  
+	  krb_set_tkt_string(tkfile);
+	  /* The new pag needs to be initialized before the forking */
+	  if (k_hasafs()) 
+	    k_setpag();
+	  /* We need to reread the groups
+	   */
+	  conn->ngroups = sys_getgroups(0,&grp);
+	  if (conn->ngroups <= 0)
+	    {
+	      conn->ngroups = 32;
+	    }
+	  free(conn->groups);
+	  if((conn->groups = (gid_t *)malloc(sizeof(gid_t)*conn->ngroups))
+	     == NULL)
+	    {
+	      DEBUG(0,("setup_groups malloc fail !\n"));
+	      return NULL;
+	    }
+	  conn->ngroups = sys_getgroups(conn->ngroups, conn->groups);
+	  DEBUG(3, ("%s is in %d groups: ", user, conn->ngroups));
+	  for (i = 0; i < conn->ngroups; i++)
+	    {
+	      DEBUG(3, ("%s%d", (i ? ", " : ""), (int)conn->groups[i]));
+	    }
+	  DEBUG(3, ("\n"));
+	  current_user.ngroups = conn->ngroups;
+	  current_user.groups  = conn->groups;
+
+	  /* Add uid and user name to the global AFS srvtab variables
+	     and get an auto renewed AFS ticket */
+	  srvtabinfo.uid = conn->uid;
+	  strncpy(srvtabinfo.user, user, sizeof(srvtabinfo.user) - 1);
+	  conn->afs_ticket_pid = get_renewed_ticket();
+	} else {
+	  conn->afs_ticket_pid = 0;
+	}
+#endif /* RENEWABLE_AFS_TICKET */
+
 	add_session_user(user);
 		
 	/* execute any "preexec = " line */
@@ -652,6 +706,13 @@
 		smbrun(cmd,NULL,False);
 	}
 	
+#ifdef RENEWABLE_AFS_TICKET
+	if(conn->afs_ticket_pid != 0){
+	  kill(conn->afs_ticket_pid, SIGKILL);
+	  DEBUG(1,("Killing ticket renewer with pid %d\n",
+		   conn->afs_ticket_pid));
+	}
+#endif /* RENEWABLE_AFS_TICKET */
 	conn_free(conn);
 }

More information about the samba-ntdom mailing list