2002-08-17 11:09:22 +04:00
/*
Unix SMB / CIFS implementation .
system call wrapper interface .
Copyright ( C ) Andrew Tridgell 2002
Copyright ( C ) Andrew Barteltt 2002
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-09 23:25:36 +04:00
the Free Software Foundation ; either version 3 of the License , or
2002-08-17 11:09:22 +04:00
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
2007-07-10 04:52:41 +04:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2002-08-17 11:09:22 +04:00
*/
/*
This file may assume linkage with smbd - for things like become_root ( )
etc .
*/
# include "includes.h"
# ifndef HAVE_GETGROUPLIST
2005-10-18 07:24:00 +04:00
2002-08-17 11:09:22 +04:00
/*
This is a * much * faster way of getting the list of groups for a user
2005-10-18 07:24:00 +04:00
without changing the current supplementary group list . The old
2002-08-17 11:09:22 +04:00
method used getgrent ( ) which could take 20 minutes on a really big
network with hundeds of thousands of groups and users . The new method
takes a couple of seconds .
NOTE ! ! this function only works if it is called as root !
*/
2005-10-18 07:24:00 +04:00
2006-02-04 01:19:41 +03:00
static int getgrouplist_internals ( const char * user , gid_t gid , gid_t * groups ,
int * grpcnt )
2002-08-17 11:09:22 +04:00
{
gid_t * gids_saved ;
2003-02-19 15:31:16 +03:00
int ret , ngrp_saved , num_gids ;
2002-08-17 11:09:22 +04:00
2002-09-25 19:19:00 +04:00
if ( non_root_mode ( ) ) {
* grpcnt = 0 ;
return 0 ;
}
2002-08-17 11:09:22 +04:00
/* work out how many groups we need to save */
ngrp_saved = getgroups ( 0 , NULL ) ;
if ( ngrp_saved = = - 1 ) {
/* this shouldn't happen */
return - 1 ;
}
2005-10-18 07:24:00 +04:00
2004-12-07 21:25:53 +03:00
gids_saved = SMB_MALLOC_ARRAY ( gid_t , ngrp_saved + 1 ) ;
2002-08-17 11:09:22 +04:00
if ( ! gids_saved ) {
errno = ENOMEM ;
return - 1 ;
}
ngrp_saved = getgroups ( ngrp_saved , gids_saved ) ;
if ( ngrp_saved = = - 1 ) {
2002-09-25 19:19:00 +04:00
SAFE_FREE ( gids_saved ) ;
2002-08-17 11:09:22 +04:00
/* very strange! */
return - 1 ;
}
if ( initgroups ( user , gid ) ! = 0 ) {
2002-09-25 19:19:00 +04:00
DEBUG ( 0 , ( " getgrouplist_internals: initgroups() failed! \n " ) ) ;
SAFE_FREE ( gids_saved ) ;
2002-08-17 11:09:22 +04:00
return - 1 ;
}
/* this must be done to cope with systems that put the current egid in the
return from getgroups ( ) */
save_re_gid ( ) ;
set_effective_gid ( gid ) ;
setgid ( gid ) ;
2003-02-19 15:31:16 +03:00
num_gids = getgroups ( 0 , NULL ) ;
2005-10-18 07:24:00 +04:00
if ( num_gids = = - 1 ) {
SAFE_FREE ( gids_saved ) ;
/* very strange! */
return - 1 ;
}
2003-02-19 15:31:16 +03:00
if ( num_gids + 1 > * grpcnt ) {
* grpcnt = num_gids + 1 ;
ret = - 1 ;
} else {
ret = getgroups ( * grpcnt - 1 , & groups [ 1 ] ) ;
2005-10-18 07:24:00 +04:00
if ( ret < 0 ) {
SAFE_FREE ( gids_saved ) ;
/* very strange! */
return - 1 ;
2003-02-19 15:31:16 +03:00
}
2005-10-18 07:24:00 +04:00
groups [ 0 ] = gid ;
* grpcnt = ret + 1 ;
2002-08-17 11:09:22 +04:00
}
restore_re_gid ( ) ;
2007-06-09 02:25:55 +04:00
if ( sys_setgroups ( gid , ngrp_saved , gids_saved ) ! = 0 ) {
2002-08-17 11:09:22 +04:00
/* yikes! */
DEBUG ( 0 , ( " ERROR: getgrouplist: failed to reset group list! \n " ) ) ;
2007-06-16 01:58:49 +04:00
smb_panic ( " getgrouplist: failed to reset group list! " ) ;
2002-08-17 11:09:22 +04:00
}
2005-10-18 07:24:00 +04:00
2002-08-17 11:09:22 +04:00
free ( gids_saved ) ;
return ret ;
}
# endif
2004-11-12 18:49:47 +03:00
static int sys_getgrouplist ( const char * user , gid_t gid , gid_t * groups , int * grpcnt )
2002-08-17 11:09:22 +04:00
{
Here's the code to make winbindd work on a Samba DC
to handle domain trusts. Jeremy and I talked about this
and it's going in as working code. It keeps winbind clean
and solves the trust problem with minimal changes.
To summarize, there are 2 basic cases where the deadlock would
occur. (1) lookuping up secondary groups for a user, and
(2) get[gr|pw]nam() calls that fall through the NSS layer because
they don't exist anywhere.
o To handle case #1, we bypass winbindd in sys_getgrouplist() unless
the username includes the 'winbind separator'.
o Case #2 is handled by adding checks in winbindd to return failure
if we are a DC and the domain matches our own.
This code has been tested using basic share connections, domain
logons, and with pam_winbind (both with and without 'winbind
use default domain'). The 'trustdomain' auth module should work
as well if an admin wants to manually create UNIX users for
acounts in the trusted domains.
Other misc fixes:
* we need to fix check_ntlm_password() to be able to determine
if an auth module is authoritative over a user (NT_STATUS_WRONG_PASSWORD,
etc...). I worked around my specific situation, but this needs to be
fixed. the winbindd auth module was causing delays.
* fix named server mutex deadlock between trust domain auth module
and winbindd looking up a uid
* make sure SAM_ACCOUNT gets stored in the server_info struct for the
_net_sam_logon() reply.
Configuration details:
The recommended method for supporting trusts is to use winbind.
The gets us around some of the server mutex issues as well.
* set 'files winbind' for passwd: and group: in /etc/nsswitch.conf
* create domain trusts like normal
* join winbind on the pdc to the Samba domain using 'net rpc join'
* add normal parameters to smb.conf for winbind
* set 'auth method = guest sam winbind'
* start smbd, nmbd, & winbindd
Problems that remain:
* join a Windows 2k/XP box to a Samba domain.
* create a 2-way trust between the Samba domain
and an NT domain
* logon to the windows client as a user from theh trusted
domain
* try to browse server in the trusted domain (or other
workstations). an NT client seems to work ok, but 2k
and XP either prompt for passwords or fail with errors.
apparanently this never got tested since no one has ever been
able to logon as a trusted user to a Samba domain from a Windows
client.
(This used to be commit f804b590f9dbf1f0147c06a0a2f12e221ae6fc3b)
2003-06-29 07:39:50 +04:00
int retval ;
2007-10-19 04:40:25 +04:00
bool winbind_env ;
Here's the code to make winbindd work on a Samba DC
to handle domain trusts. Jeremy and I talked about this
and it's going in as working code. It keeps winbind clean
and solves the trust problem with minimal changes.
To summarize, there are 2 basic cases where the deadlock would
occur. (1) lookuping up secondary groups for a user, and
(2) get[gr|pw]nam() calls that fall through the NSS layer because
they don't exist anywhere.
o To handle case #1, we bypass winbindd in sys_getgrouplist() unless
the username includes the 'winbind separator'.
o Case #2 is handled by adding checks in winbindd to return failure
if we are a DC and the domain matches our own.
This code has been tested using basic share connections, domain
logons, and with pam_winbind (both with and without 'winbind
use default domain'). The 'trustdomain' auth module should work
as well if an admin wants to manually create UNIX users for
acounts in the trusted domains.
Other misc fixes:
* we need to fix check_ntlm_password() to be able to determine
if an auth module is authoritative over a user (NT_STATUS_WRONG_PASSWORD,
etc...). I worked around my specific situation, but this needs to be
fixed. the winbindd auth module was causing delays.
* fix named server mutex deadlock between trust domain auth module
and winbindd looking up a uid
* make sure SAM_ACCOUNT gets stored in the server_info struct for the
_net_sam_logon() reply.
Configuration details:
The recommended method for supporting trusts is to use winbind.
The gets us around some of the server mutex issues as well.
* set 'files winbind' for passwd: and group: in /etc/nsswitch.conf
* create domain trusts like normal
* join winbind on the pdc to the Samba domain using 'net rpc join'
* add normal parameters to smb.conf for winbind
* set 'auth method = guest sam winbind'
* start smbd, nmbd, & winbindd
Problems that remain:
* join a Windows 2k/XP box to a Samba domain.
* create a 2-way trust between the Samba domain
and an NT domain
* logon to the windows client as a user from theh trusted
domain
* try to browse server in the trusted domain (or other
workstations). an NT client seems to work ok, but 2k
and XP either prompt for passwords or fail with errors.
apparanently this never got tested since no one has ever been
able to logon as a trusted user to a Samba domain from a Windows
client.
(This used to be commit f804b590f9dbf1f0147c06a0a2f12e221ae6fc3b)
2003-06-29 07:39:50 +04:00
DEBUG ( 10 , ( " sys_getgrouplist: user [%s] \n " , user ) ) ;
2006-04-02 10:25:11 +04:00
2006-02-13 20:08:25 +03:00
/* This is only ever called for Unix users, remote memberships are
* always determined by the info3 coming back from auth3 or the
* PAC . */
2006-10-20 02:34:58 +04:00
winbind_env = winbind_env_set ( ) ;
winbind_off ( ) ;
Here's the code to make winbindd work on a Samba DC
to handle domain trusts. Jeremy and I talked about this
and it's going in as working code. It keeps winbind clean
and solves the trust problem with minimal changes.
To summarize, there are 2 basic cases where the deadlock would
occur. (1) lookuping up secondary groups for a user, and
(2) get[gr|pw]nam() calls that fall through the NSS layer because
they don't exist anywhere.
o To handle case #1, we bypass winbindd in sys_getgrouplist() unless
the username includes the 'winbind separator'.
o Case #2 is handled by adding checks in winbindd to return failure
if we are a DC and the domain matches our own.
This code has been tested using basic share connections, domain
logons, and with pam_winbind (both with and without 'winbind
use default domain'). The 'trustdomain' auth module should work
as well if an admin wants to manually create UNIX users for
acounts in the trusted domains.
Other misc fixes:
* we need to fix check_ntlm_password() to be able to determine
if an auth module is authoritative over a user (NT_STATUS_WRONG_PASSWORD,
etc...). I worked around my specific situation, but this needs to be
fixed. the winbindd auth module was causing delays.
* fix named server mutex deadlock between trust domain auth module
and winbindd looking up a uid
* make sure SAM_ACCOUNT gets stored in the server_info struct for the
_net_sam_logon() reply.
Configuration details:
The recommended method for supporting trusts is to use winbind.
The gets us around some of the server mutex issues as well.
* set 'files winbind' for passwd: and group: in /etc/nsswitch.conf
* create domain trusts like normal
* join winbind on the pdc to the Samba domain using 'net rpc join'
* add normal parameters to smb.conf for winbind
* set 'auth method = guest sam winbind'
* start smbd, nmbd, & winbindd
Problems that remain:
* join a Windows 2k/XP box to a Samba domain.
* create a 2-way trust between the Samba domain
and an NT domain
* logon to the windows client as a user from theh trusted
domain
* try to browse server in the trusted domain (or other
workstations). an NT client seems to work ok, but 2k
and XP either prompt for passwords or fail with errors.
apparanently this never got tested since no one has ever been
able to logon as a trusted user to a Samba domain from a Windows
client.
(This used to be commit f804b590f9dbf1f0147c06a0a2f12e221ae6fc3b)
2003-06-29 07:39:50 +04:00
2002-08-17 11:09:22 +04:00
# ifdef HAVE_GETGROUPLIST
Here's the code to make winbindd work on a Samba DC
to handle domain trusts. Jeremy and I talked about this
and it's going in as working code. It keeps winbind clean
and solves the trust problem with minimal changes.
To summarize, there are 2 basic cases where the deadlock would
occur. (1) lookuping up secondary groups for a user, and
(2) get[gr|pw]nam() calls that fall through the NSS layer because
they don't exist anywhere.
o To handle case #1, we bypass winbindd in sys_getgrouplist() unless
the username includes the 'winbind separator'.
o Case #2 is handled by adding checks in winbindd to return failure
if we are a DC and the domain matches our own.
This code has been tested using basic share connections, domain
logons, and with pam_winbind (both with and without 'winbind
use default domain'). The 'trustdomain' auth module should work
as well if an admin wants to manually create UNIX users for
acounts in the trusted domains.
Other misc fixes:
* we need to fix check_ntlm_password() to be able to determine
if an auth module is authoritative over a user (NT_STATUS_WRONG_PASSWORD,
etc...). I worked around my specific situation, but this needs to be
fixed. the winbindd auth module was causing delays.
* fix named server mutex deadlock between trust domain auth module
and winbindd looking up a uid
* make sure SAM_ACCOUNT gets stored in the server_info struct for the
_net_sam_logon() reply.
Configuration details:
The recommended method for supporting trusts is to use winbind.
The gets us around some of the server mutex issues as well.
* set 'files winbind' for passwd: and group: in /etc/nsswitch.conf
* create domain trusts like normal
* join winbind on the pdc to the Samba domain using 'net rpc join'
* add normal parameters to smb.conf for winbind
* set 'auth method = guest sam winbind'
* start smbd, nmbd, & winbindd
Problems that remain:
* join a Windows 2k/XP box to a Samba domain.
* create a 2-way trust between the Samba domain
and an NT domain
* logon to the windows client as a user from theh trusted
domain
* try to browse server in the trusted domain (or other
workstations). an NT client seems to work ok, but 2k
and XP either prompt for passwords or fail with errors.
apparanently this never got tested since no one has ever been
able to logon as a trusted user to a Samba domain from a Windows
client.
(This used to be commit f804b590f9dbf1f0147c06a0a2f12e221ae6fc3b)
2003-06-29 07:39:50 +04:00
retval = getgrouplist ( user , gid , groups , grpcnt ) ;
2002-08-17 11:09:22 +04:00
# else
become_root ( ) ;
retval = getgrouplist_internals ( user , gid , groups , grpcnt ) ;
unbecome_root ( ) ;
# endif
Here's the code to make winbindd work on a Samba DC
to handle domain trusts. Jeremy and I talked about this
and it's going in as working code. It keeps winbind clean
and solves the trust problem with minimal changes.
To summarize, there are 2 basic cases where the deadlock would
occur. (1) lookuping up secondary groups for a user, and
(2) get[gr|pw]nam() calls that fall through the NSS layer because
they don't exist anywhere.
o To handle case #1, we bypass winbindd in sys_getgrouplist() unless
the username includes the 'winbind separator'.
o Case #2 is handled by adding checks in winbindd to return failure
if we are a DC and the domain matches our own.
This code has been tested using basic share connections, domain
logons, and with pam_winbind (both with and without 'winbind
use default domain'). The 'trustdomain' auth module should work
as well if an admin wants to manually create UNIX users for
acounts in the trusted domains.
Other misc fixes:
* we need to fix check_ntlm_password() to be able to determine
if an auth module is authoritative over a user (NT_STATUS_WRONG_PASSWORD,
etc...). I worked around my specific situation, but this needs to be
fixed. the winbindd auth module was causing delays.
* fix named server mutex deadlock between trust domain auth module
and winbindd looking up a uid
* make sure SAM_ACCOUNT gets stored in the server_info struct for the
_net_sam_logon() reply.
Configuration details:
The recommended method for supporting trusts is to use winbind.
The gets us around some of the server mutex issues as well.
* set 'files winbind' for passwd: and group: in /etc/nsswitch.conf
* create domain trusts like normal
* join winbind on the pdc to the Samba domain using 'net rpc join'
* add normal parameters to smb.conf for winbind
* set 'auth method = guest sam winbind'
* start smbd, nmbd, & winbindd
Problems that remain:
* join a Windows 2k/XP box to a Samba domain.
* create a 2-way trust between the Samba domain
and an NT domain
* logon to the windows client as a user from theh trusted
domain
* try to browse server in the trusted domain (or other
workstations). an NT client seems to work ok, but 2k
and XP either prompt for passwords or fail with errors.
apparanently this never got tested since no one has ever been
able to logon as a trusted user to a Samba domain from a Windows
client.
(This used to be commit f804b590f9dbf1f0147c06a0a2f12e221ae6fc3b)
2003-06-29 07:39:50 +04:00
2006-10-20 02:34:58 +04:00
/* allow winbindd lookups, but only if they were not already disabled */
if ( ! winbind_env ) {
2006-04-02 23:45:42 +04:00
winbind_on ( ) ;
}
2006-04-02 10:25:11 +04:00
Here's the code to make winbindd work on a Samba DC
to handle domain trusts. Jeremy and I talked about this
and it's going in as working code. It keeps winbind clean
and solves the trust problem with minimal changes.
To summarize, there are 2 basic cases where the deadlock would
occur. (1) lookuping up secondary groups for a user, and
(2) get[gr|pw]nam() calls that fall through the NSS layer because
they don't exist anywhere.
o To handle case #1, we bypass winbindd in sys_getgrouplist() unless
the username includes the 'winbind separator'.
o Case #2 is handled by adding checks in winbindd to return failure
if we are a DC and the domain matches our own.
This code has been tested using basic share connections, domain
logons, and with pam_winbind (both with and without 'winbind
use default domain'). The 'trustdomain' auth module should work
as well if an admin wants to manually create UNIX users for
acounts in the trusted domains.
Other misc fixes:
* we need to fix check_ntlm_password() to be able to determine
if an auth module is authoritative over a user (NT_STATUS_WRONG_PASSWORD,
etc...). I worked around my specific situation, but this needs to be
fixed. the winbindd auth module was causing delays.
* fix named server mutex deadlock between trust domain auth module
and winbindd looking up a uid
* make sure SAM_ACCOUNT gets stored in the server_info struct for the
_net_sam_logon() reply.
Configuration details:
The recommended method for supporting trusts is to use winbind.
The gets us around some of the server mutex issues as well.
* set 'files winbind' for passwd: and group: in /etc/nsswitch.conf
* create domain trusts like normal
* join winbind on the pdc to the Samba domain using 'net rpc join'
* add normal parameters to smb.conf for winbind
* set 'auth method = guest sam winbind'
* start smbd, nmbd, & winbindd
Problems that remain:
* join a Windows 2k/XP box to a Samba domain.
* create a 2-way trust between the Samba domain
and an NT domain
* logon to the windows client as a user from theh trusted
domain
* try to browse server in the trusted domain (or other
workstations). an NT client seems to work ok, but 2k
and XP either prompt for passwords or fail with errors.
apparanently this never got tested since no one has ever been
able to logon as a trusted user to a Samba domain from a Windows
client.
(This used to be commit f804b590f9dbf1f0147c06a0a2f12e221ae6fc3b)
2003-06-29 07:39:50 +04:00
return retval ;
2002-08-17 11:09:22 +04:00
}
2004-11-12 18:49:47 +03:00
2007-10-19 04:40:25 +04:00
bool getgroups_unix_user ( TALLOC_CTX * mem_ctx , const char * user ,
2006-02-04 01:19:41 +03:00
gid_t primary_gid ,
gid_t * * ret_groups , size_t * p_ngroups )
2004-11-12 18:49:47 +03:00
{
2005-10-18 07:24:00 +04:00
size_t ngrp ;
int max_grp ;
2004-11-12 18:49:47 +03:00
gid_t * temp_groups ;
gid_t * groups ;
int i ;
2007-06-17 09:19:30 +04:00
max_grp = MIN ( 32 , groups_max ( ) ) ;
2004-12-07 21:25:53 +03:00
temp_groups = SMB_MALLOC_ARRAY ( gid_t , max_grp ) ;
2004-11-12 18:49:47 +03:00
if ( ! temp_groups ) {
return False ;
}
if ( sys_getgrouplist ( user , primary_gid , temp_groups , & max_grp ) = = - 1 ) {
r13915: Fixed a very interesting class of realloc() bugs found by Coverity.
realloc can return NULL in one of two cases - (1) the realloc failed,
(2) realloc succeeded but the new size requested was zero, in which
case this is identical to a free() call.
The error paths dealing with these two cases should be different,
but mostly weren't. Secondly the standard idiom for dealing with
realloc when you know the new size is non-zero is the following :
tmp = realloc(p, size);
if (!tmp) {
SAFE_FREE(p);
return error;
} else {
p = tmp;
}
However, there were *many* *many* places in Samba where we were
using the old (broken) idiom of :
p = realloc(p, size)
if (!p) {
return error;
}
which will leak the memory pointed to by p on realloc fail.
This commit (hopefully) fixes all these cases by moving to
a standard idiom of :
p = SMB_REALLOC(p, size)
if (!p) {
return error;
}
Where if the realloc returns null due to the realloc failing
or size == 0 we *guarentee* that the storage pointed to by p
has been freed. This allows me to remove a lot of code that
was dealing with the standard (more verbose) method that required
a tmp pointer. This is almost always what you want. When a
realloc fails you never usually want the old memory, you
want to free it and get into your error processing asap.
For the 11 remaining cases where we really do need to keep the
old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR,
which can be used as follows :
tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size);
if (!tmp) {
SAFE_FREE(p);
return error;
} else {
p = tmp;
}
SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the
pointer p, even on size == 0 or realloc fail. All this is
done by a hidden extra argument to Realloc(), BOOL free_old_on_error
which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR
macros (and their array counterparts).
It remains to be seen what this will do to our Coverity bug count :-).
Jeremy.
(This used to be commit 1d710d06a214f3f1740e80e0bffd6aab44aac2b0)
2006-03-07 09:31:04 +03:00
temp_groups = SMB_REALLOC_ARRAY ( temp_groups , gid_t , max_grp ) ;
if ( ! temp_groups ) {
2004-11-12 18:49:47 +03:00
return False ;
}
if ( sys_getgrouplist ( user , primary_gid ,
temp_groups , & max_grp ) = = - 1 ) {
DEBUG ( 0 , ( " get_user_groups: failed to get the unix "
" group list \n " ) ) ;
SAFE_FREE ( temp_groups ) ;
return False ;
}
}
ngrp = 0 ;
groups = NULL ;
/* Add in primary group first */
2006-12-09 05:58:18 +03:00
if ( ! add_gid_to_array_unique ( mem_ctx , primary_gid , & groups , & ngrp ) ) {
SAFE_FREE ( temp_groups ) ;
return False ;
}
2004-11-12 18:49:47 +03:00
2006-12-09 05:58:18 +03:00
for ( i = 0 ; i < max_grp ; i + + ) {
if ( ! add_gid_to_array_unique ( mem_ctx , temp_groups [ i ] ,
& groups , & ngrp ) ) {
SAFE_FREE ( temp_groups ) ;
return False ;
}
}
2004-11-12 18:49:47 +03:00
2005-10-18 07:24:00 +04:00
* p_ngroups = ngrp ;
2004-11-12 18:49:47 +03:00
* ret_groups = groups ;
SAFE_FREE ( temp_groups ) ;
return True ;
}