void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN *token)
{
struct sec_ctx *ctx_p = &sec_ctx_stack[sec_ctx_stack_ndx];
/* Set the security context */
DEBUG(3, ("setting sec ctx (%u, %u) - sec_ctx_stack_ndx = %d\n",
(unsigned int)uid, (unsigned int)gid, sec_ctx_stack_ndx));
debug_nt_user_token(DBGC_CLASS, 5, token);
debug_unix_user_token(DBGC_CLASS, 5, uid, gid, ngroups, groups);
gain_root();
#ifdef HAVE_SETGROUPS
sys_setgroups(ngroups, groups);
#endif
ctx_p->ut.ngroups = ngroups;
SAFE_FREE(ctx_p->ut.groups);
if (token && (token == ctx_p->token)) {
smb_panic("DUPLICATE_TOKEN");
}
TALLOC_FREE(ctx_p->token);
if (ngroups) {
ctx_p->ut.groups = (gid_t *)memdup(groups,
sizeof(gid_t) * ngroups);
if (!ctx_p->ut.groups) {
smb_panic("memdup failed");
}
} else {
ctx_p->ut.groups = NULL;
}
if (token) {
ctx_p->token = dup_nt_token(NULL, token);
if (!ctx_p->token) {
smb_panic("dup_nt_token failed");
}
} else {
ctx_p->token = NULL;
}
become_id(uid, gid);
ctx_p->ut.uid = uid;
ctx_p->ut.gid = gid;
/* Update current_user stuff */
current_user.ut.uid = uid;
current_user.ut.gid = gid;
current_user.ut.ngroups = ngroups;
current_user.ut.groups = groups;
current_user.nt_user_token = ctx_p->token;
}
static void set_unix_security_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups)
{
/* Start context switch */
gain_root();
#ifdef HAVE_SETGROUPS
if (sys_setgroups(gid, ngroups, groups) != 0 && !non_root_mode()) {
smb_panic("sys_setgroups failed");
}
#endif
become_id(uid, gid);
/* end context switch */
}
BOOL pop_sec_ctx(void)
{
struct sec_ctx *ctx_p;
struct sec_ctx *prev_ctx_p;
/* Check for stack underflow */
if (sec_ctx_stack_ndx == 0) {
DEBUG(0, ("Security context stack underflow!\n"));
smb_panic("Security context stack underflow!\n");
}
ctx_p = &sec_ctx_stack[sec_ctx_stack_ndx];
/* Clear previous user info */
ctx_p->uid = (uid_t)-1;
ctx_p->gid = (gid_t)-1;
SAFE_FREE(ctx_p->groups);
ctx_p->ngroups = 0;
delete_nt_token(&ctx_p->token);
/* Pop back previous user */
sec_ctx_stack_ndx--;
gain_root();
prev_ctx_p = &sec_ctx_stack[sec_ctx_stack_ndx];
#ifdef HAVE_SETGROUPS
sys_setgroups(prev_ctx_p->ngroups, prev_ctx_p->groups);
#endif
become_id(prev_ctx_p->uid, prev_ctx_p->gid);
/* Update current_user stuff */
current_user.uid = prev_ctx_p->uid;
current_user.gid = prev_ctx_p->gid;
current_user.ngroups = prev_ctx_p->ngroups;
current_user.groups = prev_ctx_p->groups;
current_user.nt_user_token = prev_ctx_p->token;
DEBUG(3, ("pop_sec_ctx (%u, %u) - sec_ctx_stack_ndx = %d\n",
(unsigned int)geteuid(), (unsigned int)getegid(), sec_ctx_stack_ndx));
return True;
}
void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN *token)
{
struct sec_ctx *ctx_p = &sec_ctx_stack[sec_ctx_stack_ndx];
/* Set the security context */
DEBUG(3, ("setting sec ctx (%u, %u) - sec_ctx_stack_ndx = %d\n",
(unsigned int)uid, (unsigned int)gid, sec_ctx_stack_ndx));
if (ngroups) {
int i;
DEBUG(3, ("%d user groups: \n", ngroups));
for (i = 0; i < ngroups; i++) {
DEBUGADD(3, ("%u ", (unsigned int)groups[i]));
}
DEBUG(3, ("\n"));
}
gain_root();
#ifdef HAVE_SETGROUPS
sys_setgroups(ngroups, groups);
#endif
ctx_p->ngroups = ngroups;
SAFE_FREE(ctx_p->groups);
if (token && (token == ctx_p->token))
smb_panic("DUPLICATE_TOKEN");
delete_nt_token(&ctx_p->token);
ctx_p->groups = memdup(groups, sizeof(gid_t) * ngroups);
ctx_p->token = dup_nt_token(token);
become_id(uid, gid);
ctx_p->uid = uid;
ctx_p->gid = gid;
/* Update current_user stuff */
current_user.uid = uid;
current_user.gid = gid;
current_user.ngroups = ngroups;
current_user.groups = groups;
current_user.nt_user_token = ctx_p->token;
}
static void set_unix_security_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups)
{
int max = groups_max();
/* Start context switch */
gain_root();
become_gid(gid);
if (syscall(SYS_initgroups, (ngroups > max) ? max : ngroups,
groups, uid) == -1 && !non_root_mode()) {
DEBUG(0, ("WARNING: failed to set group list "
"(%d groups) for UID %d: %s\n",
ngroups, uid, strerror(errno)));
smb_panic("sys_setgroups failed");
}
become_uid(uid);
/* end context switch */
}
