1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

68 Commits

Author SHA1 Message Date
Jeremy Allison
76b351e907 s3:smbd: Fix incorrect use of sys_getgroups()
Second arg must be NULL when first arg is 0 (it is in all other places).

Bug report and patch from Hanno Böck <hanno@hboeck.de>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12747

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Apr 18 15:43:02 CEST 2017 on sn-devel-144
2017-04-18 15:43:02 +02:00
Stefan Metzmacher
49f84f0719 s3:smbprofile: improve profiling for the security context switching.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-11-19 20:51:37 +01:00
Björn Baumbach
5adacb43f3 s3: use smb_xmemdup instead of smb_memdup and smb_panic
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 16 22:53:42 CEST 2014 on sn-devel-104
2014-04-16 22:53:42 +02:00
Björn Baumbach
fae7e5d771 lib-util: rename memdup to smb_memdup and fix all callers
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
2014-04-16 20:39:08 +02:00
Jeremy Allison
3a4b755ce5 Fix bug #9329 - Directory listing with SeBackup can crash smbd.
When we do a become_root()/unbecome_root() pair to temporarily
raise privilege, this NULLs out the NT token. If we're within
a become_root()/unbecome_root() pair then return the previous
token on the stack as our NT token. This is what we should be
using to check against NT ACLs in the file server. This copes
with security context changing when removing a file on close
under the context of another user (when 2 users have a file
open, one sets delete on close and then the other user has
to actually do the delete).

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Mon Oct 29 16:26:20 CET 2012 on sn-devel-104
2012-10-29 16:26:20 +01:00
Matthieu Patou
9eb91a5055 uid_t is a synonym for int on osX
This function is clearly osX oriented so we adapt the modifier to the
target
2012-09-10 05:57:21 +02:00
Jeremy Allison
821bd95156 Replace all uses of setXX[ug]id() and setgroups with samba_setXX[ug]id() calls.
Will allow thread-specific credentials to be added by modifying
the central definitions. Deliberately left the setXX[ug]id()
call in popt as this is not used in Samba.
2012-06-28 17:15:16 -07:00
Jeremy Allison
f042de2f34 First part of fix for bug 8837 - smbd crashes when deleting directory and veto files are enabled.
Add some const to the sec_ctx code.
2012-04-04 14:58:42 -07:00
Andreas Schneider
7cb08171ce Include uid_wrapper correctly. 2011-10-27 13:32:02 +02:00
Volker Lendecke
1184e7de59 s3: Use the uid_wrapper
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
2011-10-06 12:15:27 +02:00
Günther Deschner
165521e20d s3: only include smb profiling where needed.
Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Thu Apr 14 01:31:39 CEST 2011 on sn-devel-104
2011-04-14 01:31:39 +02:00
Günther Deschner
af300a9fcb s3-auth: smbd needs auth.h
Guenther
2011-03-30 01:13:09 +02:00
Günther Deschner
8c24ebf371 s3: include smbd/smbd.h where needed.
Guenther
2011-03-30 01:13:08 +02:00
Andreas Schneider
b181cd8465 s3-smbd: Increase debug level von context messages. 2011-03-09 09:28:42 +01:00
Andrew Bartlett
04f5ef83b9 s3-auth struct security_unix_token replaces UNIX_USER_TOKEN 2011-03-01 06:29:04 +01:00
Jeremy Allison
8238357ac7 Fix warning introduced by changing the size of UNIX_USER_TOKEN->ngroups from size_t to uint32_t. 2011-02-28 21:58:20 +01:00
Volker Lendecke
13bfae95e7 s3: Fix some nonempty blank lines 2011-02-20 10:23:28 +01:00
Andrew Bartlett
170b345e0c s3-auth Use security_token_debug() from common code
This prints the security token including the privileges as strings
instead of just a bitmap.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-10-14 02:35:04 +00:00
Andrew Bartlett
d1bb21b0d5 s3:auth Remove NT_USER_TOKEN
The all UPPER case typedef is no longer the preferred Samba style
and this makes it easier to see that this is the IDL-derivied structure

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:06 +10:00
Stefan Metzmacher
3dde0cbb76 s3:smbd: move all globals and static variables in globals.[ch]
The goal is to move all this variables into a big context structure.

metze
2009-01-08 12:22:21 +01:00
Volker Lendecke
40f5eab5eb Wrap the unix token info in a unix_user_token in auth_serversupplied_info
No functional change, this is a preparation for more current_user ref removal
(This used to be commit dcaedf345e)
2008-06-19 18:51:37 +02:00
Jeremy Allison
f33f4ef4a2 Don't switch user contexts unless you have to. Saves
a bunch of syscalls on close. Noticed by Volker.
Jeremy.
(This used to be commit 3caeeaea16)
2008-01-10 16:35:54 -08:00
Jeremy Allison
30191d1a57 RIP BOOL. Convert BOOL -> bool. I found a few interesting
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3c)
2007-10-18 17:40:25 -07:00
James Peach
8b6366b301 r25161: Don't panic if setgroups fails in non-root mode.
(This used to be commit ea226c5ed9)
2007-10-10 12:30:46 -05:00
James Peach
45a2713b47 r25142: Panic if setting the group list fails while switching security
contexts. Patch from Tim Prouty <tim.prouty@isilon.com>.
(This used to be commit a136de663f)
2007-10-10 12:30:45 -05:00
Andrew Tridgell
5e54558c6d r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text
(This used to be commit b0132e94fc)
2007-10-10 12:28:22 -05:00
Jeremy Allison
d824b98f80 r23779: Change from v2 or later to v3 or later.
Jeremy.
(This used to be commit 407e6e695b)
2007-10-10 12:28:20 -05:00
James Peach
b1ce226af8 r23510: Tidy calls to smb_panic by removing trailing newlines. Print the
failed expression in SMB_ASSERT.
(This used to be commit 171dc060e2)
2007-10-10 12:23:23 -05:00
James Peach
bde0642ab4 r23398: Support membership of >16 groups on Darwin by making sure we opt in to the
dynamic group resolution mechanism when switching UNIX credentials.
(This used to be commit b5cb21e951)
2007-10-10 12:23:13 -05:00
James Peach
74c74f8dcc r23393: Support BSD group semantics by making sure that the effective GID is always
passed as the first GID when calling setgroups(2).
(This used to be commit 6ebaf856c1)
2007-10-10 12:23:12 -05:00
Jeremy Allison
0a1f5d71e4 r23391: Second part of the patch for Apple.
Change the sequence :

gain_root();
sys_setgroups(ngroups, groups);
become_id(uid, gid);

to a function call :

set_unix_security_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups)

James - should be safe for you to create a Darwin-specific
version of this function now.

Jeremy.
(This used to be commit 8ee982b367)
2007-10-10 12:23:12 -05:00
Jeremy Allison
334c961cc5 r23390: First part of the patch to make Apple's life easier.
Doing this in two stages to make it very easy to
review. Context switching must look like :

gain_root();
sys_setgroups(ngroups, groups);
become_id(uid, gid);

Re-arrange order so these three calls are always
seen together.

Next will be to turn these into a function.

Jeremy.
(This used to be commit eb537185ee)
2007-10-10 12:23:12 -05:00
Volker Lendecke
430fa0eba0 r17348: Some C++ warnings
(This used to be commit ae6b9b34e5)
2007-10-10 11:38:27 -05:00
Jeremy Allison
d1014c1cdf r16582: Fix Klocwork #1997 and all generic class of problems
where we don't correctly check the return from memdup.
Jeremy.
(This used to be commit ce14daf51c)
2007-10-10 11:19:01 -05:00
Gerald Carter
fb5362c069 r13571: Replace all calls to talloc_free() with thye TALLOC_FREE()
macro which sets the freed pointer to NULL.
(This used to be commit b65be8874a)
2007-10-10 11:10:14 -05:00
Gerald Carter
0af1500fc0 r13316: Let the carnage begin....
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed)
2007-10-10 11:06:23 -05:00
Jeremy Allison
d14af63e6a r13293: Rather a big patch I'm afraid, but this should fix bug #3347
by saving the UNIX token used to set a delete on close flag,
and using it when doing the delete. libsmbsharemodes.so still
needs updating to cope with this change.
Samba4 torture tests to follow.
Jeremy.
(This used to be commit 23f16cbc2e)
2007-10-10 11:06:21 -05:00
Jeremy Allison
acf9d61421 r4088: Get medieval on our ass about malloc.... :-). Take control of all our allocation
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f)
2007-10-10 10:53:32 -05:00
Gerald Carter
c1bc3a7841 fix for BUG #267 (problem with supplementary groups).
Use winbindd to get the group list if possible since we already
know it from netsamlogon_cache.tdb. More effecient than letting
libc call getgrent() to get seconary groups.

Tested by Ken Cross.
(This used to be commit 3c537c906f)
2003-08-09 23:12:35 +00:00
Gerald Carter
a834a73e34 sync'ing up for 3.0alpha20 release
(This used to be commit 65e7b5273b)
2002-09-25 15:19:00 +00:00
Andrew Tridgell
e90b652848 updated the 3.0 branch from the head branch - ready for alpha18
(This used to be commit 03ac082dcb)
2002-07-15 10:35:28 +00:00
Tim Potter
cd68afe312 Removed version number from file header.
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06)
2002-01-30 06:08:46 +00:00
Andrew Bartlett
7b671e34f5 Some more 'winbind default domain' support patches from Alexander Bokovoy
<a.bokovoy@sam-solutions.net>.

This patch is designed to remove the 'special cases' required for this support.

In particular this now kills off winbind_initgroups, as it appears no longer to
be required.

Andrew Bartlett
(This used to be commit f1d8d50976)
2002-01-27 12:12:22 +00:00
Jeremy Allison
f8e2baf39e Added NT_USER_TOKEN into server_info to fix extra groups problem.
Got "medieval on our ass" about const warnings (as many as I could :-).
Jeremy.
(This used to be commit ee5e7ca547)
2001-11-03 23:34:24 +00:00
Tim Potter
67dae09cc6 Fixed confusing debug message - it was always printing uid 0 instead of the
correct uid.
(This used to be commit ad30a35ebc)
2001-10-29 03:46:09 +00:00
Jeremy Allison
c416ff851b Merge the become_XXX -> change_to_XXX fixes from 2.2.2 to HEAD.
Ensure make_conection() can only be called as root.
Jeremy.
(This used to be commit 8d23a7441b)
2001-10-18 20:15:12 +00:00
Tim Potter
dc1fc3ee8e Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.
(This used to be commit 2d0922b0ea)
2001-10-02 04:29:50 +00:00
Andrew Tridgell
3e9bcd111d don't try to initgroups in non root mode
(This used to be commit 1a04ea2476)
2001-09-19 03:30:20 +00:00
Simo Sorce
61b2794968 move to SAFE_FREE()
(This used to be commit a95943fde0)
2001-09-17 11:25:41 +00:00
Jeremy Allison
e662983fbe Excellent patch from Anselm Kruis <A.Kruis@science-computing.de> to fix
problem with wrong token being used in current_user.
Jeremy.
(This used to be commit 2c7d2a1d53)
2001-07-25 18:07:36 +00:00