PageRenderTime 24ms CodeModel.GetById 28ms RepoModel.GetById 1ms app.codeStats 0ms

/samba-3.5.6/source3/lib/system_smbd.c

https://github.com/theuni/XBMC-deps
C | 198 lines | 123 code | 30 blank | 45 comment | 25 complexity | bd5e5f117629c6745168b376d2e48aba MD5 | raw file
    

  1. /* 
    2. 

  2.    Unix SMB/CIFS implementation.
    3. 

  3.    system call wrapper interface.
    4. 

  4.    Copyright (C) Andrew Tridgell 2002
    5. 

  5.    Copyright (C) Andrew Barteltt 2002
    6. 

    7. 

  7.    This program is free software; you can redistribute it and/or modify
    8. 

  8.    it under the terms of the GNU General Public License as published by
    9. 

  9.    the Free Software Foundation; either version 3 of the License, or
    10. 

  10.    (at your option) any later version.
    11. 

  11.    
    12. 

  12.    This program is distributed in the hope that it will be useful,
    13. 

  13.    but WITHOUT ANY WARRANTY; without even the implied warranty of
    14. 

  14.    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    15. 

  15.    GNU General Public License for more details.
    16. 

  16.    
    17. 

  17.    You should have received a copy of the GNU General Public License
    18. 

  18.    along with this program.  If not, see <http://www.gnu.org/licenses/>.
    19. 

  19. */
    20. 

  20. 

  21. /* 
    22. 

  22.    This file may assume linkage with smbd - for things like become_root()
    23. 

  23.    etc. 
    24. 

  24. */
    25. 

  25. 

  26. #include "includes.h"
    27. 

  27. 

  28. #ifndef HAVE_GETGROUPLIST
    29. 

  29. 

  30. /*
    31. 

  31.   This is a *much* faster way of getting the list of groups for a user
    32. 

  32.   without changing the current supplementary group list. The old
    33. 

  33.   method used getgrent() which could take 20 minutes on a really big
    34. 

  34.   network with hundeds of thousands of groups and users. The new method
    35. 

  35.   takes a couple of seconds.
    36. 

    37. 

  37.   NOTE!! this function only works if it is called as root!
    38. 

  38.   */
    39. 

  39. 

  40. static int getgrouplist_internals(const char *user, gid_t gid, gid_t *groups,
    41. 

  41. 				  int *grpcnt)
    42. 

  42. {
    43. 

  43. 	gid_t *gids_saved;
    44. 

  44. 	int ret, ngrp_saved, num_gids;
    45. 

  45. 

  46. 	if (non_root_mode()) {
    47. 

  47. 		*grpcnt = 0;
    48. 

  48. 		return 0;
    49. 

  49. 	}
    50. 

  50. 

  51. 	/* work out how many groups we need to save */
    52. 

  52. 	ngrp_saved = getgroups(0, NULL);
    53. 

  53. 	if (ngrp_saved == -1) {
    54. 

  54. 		/* this shouldn't happen */
    55. 

  55. 		return -1;
    56. 

  56. 	}
    57. 

  57. 

  58. 	gids_saved = SMB_MALLOC_ARRAY(gid_t, ngrp_saved+1);
    59. 

  59. 	if (!gids_saved) {
    60. 

  60. 		errno = ENOMEM;
    61. 

  61. 		return -1;
    62. 

  62. 	}
    63. 

  63. 

  64. 	ngrp_saved = getgroups(ngrp_saved, gids_saved);
    65. 

  65. 	if (ngrp_saved == -1) {
    66. 

  66. 		SAFE_FREE(gids_saved);
    67. 

  67. 		/* very strange! */
    68. 

  68. 		return -1;
    69. 

  69. 	}
    70. 

  70. 

  71. 	if (initgroups(user, gid) != 0) {
    72. 

  72. 		DEBUG(0, ("getgrouplist_internals: initgroups() failed!\n"));
    73. 

  73. 		SAFE_FREE(gids_saved);
    74. 

  74. 		return -1;
    75. 

  75. 	}
    76. 

  76. 

  77. 	/* this must be done to cope with systems that put the current egid in the
    78. 

  78. 	   return from getgroups() */
    79. 

  79. 	save_re_gid();
    80. 

  80. 	set_effective_gid(gid);
    81. 

  81. 	setgid(gid);
    82. 

  82. 

  83. 	num_gids = getgroups(0, NULL);
    84. 

  84. 	if (num_gids == -1) {
    85. 

  85. 		SAFE_FREE(gids_saved);
    86. 

  86. 		/* very strange! */
    87. 

  87. 		return -1;
    88. 

  88. 	}
    89. 

  89. 

  90. 	if (num_gids + 1 > *grpcnt) {
    91. 

  91. 		*grpcnt = num_gids + 1;
    92. 

  92. 		ret = -1;
    93. 

  93. 	} else {
    94. 

  94. 		ret = getgroups(*grpcnt - 1, &groups[1]);
    95. 

  95. 		if (ret < 0) {
    96. 

  96. 			SAFE_FREE(gids_saved);
    97. 

  97. 			/* very strange! */
    98. 

  98. 			return -1;
    99. 

  99. 		}
    100. 

  100. 		groups[0] = gid;
    101. 

  101. 		*grpcnt = ret + 1;
    102. 

  102. 	}
    103. 

  103. 

  104. 	restore_re_gid();
    105. 

  105. 

  106. 	if (sys_setgroups(gid, ngrp_saved, gids_saved) != 0) {
    107. 

  107. 		/* yikes! */
    108. 

  108. 		DEBUG(0,("ERROR: getgrouplist: failed to reset group list!\n"));
    109. 

  109. 		smb_panic("getgrouplist: failed to reset group list!");
    110. 

  110. 	}
    111. 

  111. 

  112. 	free(gids_saved);
    113. 

  113. 	return ret;
    114. 

  114. }
    115. 

  115. #endif
    116. 

  116. 

  117. static int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grpcnt)
    118. 

  118. {
    119. 

  119. 	int retval;
    120. 

  120. 	bool winbind_env;
    121. 

  121. 

  122. 	DEBUG(10,("sys_getgrouplist: user [%s]\n", user));
    123. 

  123. 

  124. 	/* This is only ever called for Unix users, remote memberships are
    125. 

  125. 	 * always determined by the info3 coming back from auth3 or the
    126. 

  126. 	 * PAC. */
    127. 

  127. 	winbind_env = winbind_env_set();
    128. 

  128. 	(void)winbind_off();
    129. 

  129. 

  130. #ifdef HAVE_GETGROUPLIST
    131. 

  131. 	retval = getgrouplist(user, gid, groups, grpcnt);
    132. 

  132. #else
    133. 

  133. 	become_root();
    134. 

  134. 	retval = getgrouplist_internals(user, gid, groups, grpcnt);
    135. 

  135. 	unbecome_root();
    136. 

  136. #endif
    137. 

  137. 

  138. 	/* allow winbindd lookups, but only if they were not already disabled */
    139. 

  139. 	if (!winbind_env) {
    140. 

  140. 		(void)winbind_on();
    141. 

  141. 	}
    142. 

  142. 

  143. 	return retval;
    144. 

  144. }
    145. 

  145. 

  146. bool getgroups_unix_user(TALLOC_CTX *mem_ctx, const char *user,
    147. 

  147. 			 gid_t primary_gid,
    148. 

  148. 			 gid_t **ret_groups, size_t *p_ngroups)
    149. 

  149. {
    150. 

  150. 	size_t ngrp;
    151. 

  151. 	int max_grp;
    152. 

  152. 	gid_t *temp_groups;
    153. 

  153. 	gid_t *groups;
    154. 

  154. 	int i;
    155. 

  155. 

  156. 	max_grp = MIN(128, groups_max());
    157. 

  157. 	temp_groups = SMB_MALLOC_ARRAY(gid_t, max_grp);
    158. 

  158. 	if (! temp_groups) {
    159. 

  159. 		return False;
    160. 

  160. 	}
    161. 

  161. 

  162. 	if (sys_getgrouplist(user, primary_gid, temp_groups, &max_grp) == -1) {
    163. 

  163. 		temp_groups = SMB_REALLOC_ARRAY(temp_groups, gid_t, max_grp);
    164. 

  164. 		if (!temp_groups) {
    165. 

  165. 			return False;
    166. 

  166. 		}
    167. 

  167. 		
    168. 

  168. 		if (sys_getgrouplist(user, primary_gid,
    169. 

  169. 				     temp_groups, &max_grp) == -1) {
    170. 

  170. 			DEBUG(0, ("get_user_groups: failed to get the unix "
    171. 

  171. 				  "group list\n"));
    172. 

  172. 			SAFE_FREE(temp_groups);
    173. 

  173. 			return False;
    174. 

  174. 		}
    175. 

  175. 	}
    176. 

  176. 	
    177. 

  177. 	ngrp = 0;
    178. 

  178. 	groups = NULL;
    179. 

  179. 

  180. 	/* Add in primary group first */
    181. 

  181. 	if (!add_gid_to_array_unique(mem_ctx, primary_gid, &groups, &ngrp)) {
    182. 

  182. 		SAFE_FREE(temp_groups);
    183. 

  183. 		return False;
    184. 

  184. 	}
    185. 

  185. 

  186. 	for (i=0; i<max_grp; i++) {
    187. 

  187. 		if (!add_gid_to_array_unique(mem_ctx, temp_groups[i],
    188. 

  188. 					&groups, &ngrp)) {
    189. 

  189. 			SAFE_FREE(temp_groups);
    190. 

  190. 			return False;
    191. 

  191. 		}
    192. 

  192. 	}
    193. 

  193. 

  194. 	*p_ngroups = ngrp;
    195. 

  195. 	*ret_groups = groups;
    196. 

  196. 	SAFE_FREE(temp_groups);
    197. 

  197. 	return True;
    198. 

  198. }
    199. 

  199.