From: Stefan Metzmacher Date: Mon, 17 Oct 2011 12:20:45 +0000 (+0200) Subject: s4:auth/unix_token: match s3 behavior and add uid/gid to the groups array X-Git-Url: http://git.samba.org/?p=obnox%2Fsamba%2Fsamba-obnox.git;a=commitdiff_plain;h=9b407ee6d54601aca8ee157c9afc2a1d3e9b07ed s4:auth/unix_token: match s3 behavior and add uid/gid to the groups array If mappings use ID_TYPE_BOTH. metze Autobuild-User: Stefan Metzmacher Autobuild-Date: Tue Oct 18 10:39:54 CEST 2011 on sn-devel-104 --- diff --git a/source4/auth/unix_token.c b/source4/auth/unix_token.c index b7657aad63e..765bf061885 100644 --- a/source4/auth/unix_token.c +++ b/source4/auth/unix_token.c @@ -33,28 +33,27 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx, struct security_token *token, struct security_unix_token **sec) { - int i; + uint32_t s, g; NTSTATUS status; struct id_map *ids; struct composite_context *ctx; - *sec = talloc(mem_ctx, struct security_unix_token); /* we can't do unix security without a user and group */ if (token->num_sids < 2) { return NT_STATUS_ACCESS_DENIED; } - ids = talloc_array(mem_ctx, struct id_map, token->num_sids); - NT_STATUS_HAVE_NO_MEMORY(ids); + *sec = talloc_zero(mem_ctx, struct security_unix_token); + if (*sec == NULL) { + return NT_STATUS_NO_MEMORY; + } - (*sec)->ngroups = token->num_sids - 2; - (*sec)->groups = talloc_array(*sec, gid_t, (*sec)->ngroups); - NT_STATUS_HAVE_NO_MEMORY((*sec)->groups); + ids = talloc_zero_array(mem_ctx, struct id_map, token->num_sids); + NT_STATUS_HAVE_NO_MEMORY(ids); - for (i=0;inum_sids;i++) { - ZERO_STRUCT(ids[i].xid); - ids[i].sid = &token->sids[i]; - ids[i].status = ID_UNKNOWN; + for (s=0; s < token->num_sids; s++) { + ids[s].sid = &token->sids[s]; + ids[s].status = ID_UNKNOWN; } ctx = wbc_sids_to_xids_send(wbc_ctx, ids, token->num_sids, ids); @@ -63,8 +62,20 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx, status = wbc_sids_to_xids_recv(ctx, &ids); NT_STATUS_NOT_OK_RETURN(status); - if (ids[0].xid.type == ID_TYPE_BOTH || - ids[0].xid.type == ID_TYPE_UID) { + g = token->num_sids; + if (ids[0].xid.type != ID_TYPE_BOTH) { + g--; + } + (*sec)->ngroups = g; + (*sec)->groups = talloc_array(*sec, gid_t, (*sec)->ngroups); + NT_STATUS_HAVE_NO_MEMORY((*sec)->groups); + + g=0; + if (ids[0].xid.type == ID_TYPE_BOTH) { + (*sec)->uid = ids[0].xid.id; + (*sec)->groups[g] = ids[0].xid.id; + g++; + } else if (ids[0].xid.type == ID_TYPE_UID) { (*sec)->uid = ids[0].xid.id; } else { return NT_STATUS_INVALID_SID; @@ -73,14 +84,17 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx, if (ids[1].xid.type == ID_TYPE_BOTH || ids[1].xid.type == ID_TYPE_GID) { (*sec)->gid = ids[1].xid.id; + (*sec)->groups[g] = ids[1].xid.id; + g++; } else { return NT_STATUS_INVALID_SID; } - for (i=0;i<(*sec)->ngroups;i++) { - if (ids[i+2].xid.type == ID_TYPE_BOTH || - ids[i+2].xid.type == ID_TYPE_GID) { - (*sec)->groups[i] = ids[i+2].xid.id; + for (s=2; s < token->num_sids; s++) { + if (ids[s].xid.type == ID_TYPE_BOTH || + ids[s].xid.type == ID_TYPE_GID) { + (*sec)->groups[g] = ids[s].xid.id; + g++; } else { return NT_STATUS_INVALID_SID; }