132
129
Get the list of current groups.
133
130
****************************************************************************/
135
int get_current_groups(gid_t gid, int *p_ngroups, gid_t **p_groups)
132
static int get_current_groups(gid_t gid, int *p_ngroups, gid_t **p_groups)
185
182
/****************************************************************************
186
Initialize the groups a user belongs to.
187
****************************************************************************/
189
BOOL initialise_groups(char *user, uid_t uid, gid_t gid)
191
struct sec_ctx *prev_ctx_p;
194
if (non_root_mode()) {
200
/* Call initgroups() to get user groups */
202
if (winbind_initgroups(user,gid) == -1) {
203
DEBUG(0,("Unable to initgroups. Error was %s\n", strerror(errno) ));
205
if (gid < 0 || gid > 32767 || uid < 0 || uid > 32767) {
206
DEBUG(0,("This is probably a problem with the account %s\n", user));
213
/* Store groups in previous user's security context. This will
214
always work as the become_root() call increments the stack
217
prev_ctx_p = &sec_ctx_stack[sec_ctx_stack_ndx - 1];
219
SAFE_FREE(prev_ctx_p->groups);
220
prev_ctx_p->ngroups = 0;
222
get_current_groups(gid, &prev_ctx_p->ngroups, &prev_ctx_p->groups);
230
/****************************************************************************
231
183
Create a new security context on the stack. It is the same as the old
232
184
one. User changes are done using the set_sec_ctx() function.
233
185
****************************************************************************/
250
202
ctx_p = &sec_ctx_stack[sec_ctx_stack_ndx];
252
ctx_p->uid = geteuid();
253
ctx_p->gid = getegid();
204
ctx_p->ut.uid = geteuid();
205
ctx_p->ut.gid = getegid();
255
207
DEBUG(3, ("push_sec_ctx(%u, %u) : sec_ctx_stack_ndx = %d\n",
256
(unsigned int)ctx_p->uid, (unsigned int)ctx_p->gid, sec_ctx_stack_ndx ));
258
ctx_p->token = dup_nt_token(sec_ctx_stack[sec_ctx_stack_ndx-1].token);
260
ctx_p->ngroups = sys_getgroups(0, NULL);
262
if (ctx_p->ngroups != 0) {
263
if (!(ctx_p->groups = SMB_MALLOC_ARRAY(gid_t, ctx_p->ngroups))) {
208
(unsigned int)ctx_p->ut.uid, (unsigned int)ctx_p->ut.gid, sec_ctx_stack_ndx ));
210
ctx_p->token = dup_nt_token(NULL,
211
sec_ctx_stack[sec_ctx_stack_ndx-1].token);
213
ctx_p->ut.ngroups = sys_getgroups(0, NULL);
215
if (ctx_p->ut.ngroups != 0) {
216
if (!(ctx_p->ut.groups = SMB_MALLOC_ARRAY(gid_t, ctx_p->ut.ngroups))) {
264
217
DEBUG(0, ("Out of memory in push_sec_ctx()\n"));
265
delete_nt_token(&ctx_p->token);
218
TALLOC_FREE(ctx_p->token);
269
sys_getgroups(ctx_p->ngroups, ctx_p->groups);
222
sys_getgroups(ctx_p->ut.ngroups, ctx_p->ut.groups);
271
ctx_p->groups = NULL;
224
ctx_p->ut.groups = NULL;
296
249
sys_setgroups(ngroups, groups);
299
ctx_p->ngroups = ngroups;
252
ctx_p->ut.ngroups = ngroups;
301
SAFE_FREE(ctx_p->groups);
254
SAFE_FREE(ctx_p->ut.groups);
302
255
if (token && (token == ctx_p->token))
303
256
smb_panic("DUPLICATE_TOKEN");
305
delete_nt_token(&ctx_p->token);
258
TALLOC_FREE(ctx_p->token);
307
ctx_p->groups = memdup(groups, sizeof(gid_t) * ngroups);
308
ctx_p->token = dup_nt_token(token);
260
ctx_p->ut.groups = memdup(groups, sizeof(gid_t) * ngroups);
261
ctx_p->token = dup_nt_token(NULL, token);
310
263
become_id(uid, gid);
315
268
/* Update current_user stuff */
317
current_user.uid = uid;
318
current_user.gid = gid;
319
current_user.ngroups = ngroups;
320
current_user.groups = groups;
270
current_user.ut.uid = uid;
271
current_user.ut.gid = gid;
272
current_user.ut.ngroups = ngroups;
273
current_user.ut.groups = groups;
321
274
current_user.nt_user_token = ctx_p->token;
353
306
/* Clear previous user info */
355
ctx_p->uid = (uid_t)-1;
356
ctx_p->gid = (gid_t)-1;
358
SAFE_FREE(ctx_p->groups);
361
delete_nt_token(&ctx_p->token);
308
ctx_p->ut.uid = (uid_t)-1;
309
ctx_p->ut.gid = (gid_t)-1;
311
SAFE_FREE(ctx_p->ut.groups);
312
ctx_p->ut.ngroups = 0;
314
TALLOC_FREE(ctx_p->token);
363
316
/* Pop back previous user */
369
322
prev_ctx_p = &sec_ctx_stack[sec_ctx_stack_ndx];
371
324
#ifdef HAVE_SETGROUPS
372
sys_setgroups(prev_ctx_p->ngroups, prev_ctx_p->groups);
325
sys_setgroups(prev_ctx_p->ut.ngroups, prev_ctx_p->ut.groups);
375
become_id(prev_ctx_p->uid, prev_ctx_p->gid);
328
become_id(prev_ctx_p->ut.uid, prev_ctx_p->ut.gid);
377
330
/* Update current_user stuff */
379
current_user.uid = prev_ctx_p->uid;
380
current_user.gid = prev_ctx_p->gid;
381
current_user.ngroups = prev_ctx_p->ngroups;
382
current_user.groups = prev_ctx_p->groups;
332
current_user.ut.uid = prev_ctx_p->ut.uid;
333
current_user.ut.gid = prev_ctx_p->ut.gid;
334
current_user.ut.ngroups = prev_ctx_p->ut.ngroups;
335
current_user.ut.groups = prev_ctx_p->ut.groups;
383
336
current_user.nt_user_token = prev_ctx_p->token;
385
338
DEBUG(3, ("pop_sec_ctx (%u, %u) - sec_ctx_stack_ndx = %d\n",
400
353
memset(sec_ctx_stack, 0, sizeof(struct sec_ctx) * MAX_SEC_CTX_DEPTH);
402
355
for (i = 0; i < MAX_SEC_CTX_DEPTH; i++) {
403
sec_ctx_stack[i].uid = (uid_t)-1;
404
sec_ctx_stack[i].gid = (gid_t)-1;
356
sec_ctx_stack[i].ut.uid = (uid_t)-1;
357
sec_ctx_stack[i].ut.gid = (gid_t)-1;
407
360
/* Initialise first level of stack. It is the current context */
408
361
ctx_p = &sec_ctx_stack[0];
410
ctx_p->uid = geteuid();
411
ctx_p->gid = getegid();
363
ctx_p->ut.uid = geteuid();
364
ctx_p->ut.gid = getegid();
413
get_current_groups(ctx_p->gid, &ctx_p->ngroups, &ctx_p->groups);
366
get_current_groups(ctx_p->ut.gid, &ctx_p->ut.ngroups, &ctx_p->ut.groups);
415
368
ctx_p->token = NULL; /* Maps to guest user. */
417
370
/* Initialise current_user global */
419
current_user.uid = ctx_p->uid;
420
current_user.gid = ctx_p->gid;
421
current_user.ngroups = ctx_p->ngroups;
422
current_user.groups = ctx_p->groups;
372
current_user.ut.uid = ctx_p->ut.uid;
373
current_user.ut.gid = ctx_p->ut.gid;
374
current_user.ut.ngroups = ctx_p->ut.ngroups;
375
current_user.ut.groups = ctx_p->ut.groups;
424
377
/* The conn and vuid are usually taken care of by other modules.
425
378
We initialise them here. */