s3/service: convert lp_force_group() to const

set_conn_force_user_group() and change_to_user_internal() leak onto
the callers' talloc stackframe. Drop the unnecessary heap allocations.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/docs-xml/smbdotconf/security/forcegroup.xml b/docs-xml/smbdotconf/security/forcegroup.xml
index d101f1c1b86ac1a1838e0277f72d08e0584ef354..b6e729be927b52b276ae0eeccb431b62f4b96aeb 100644 (file)
--- a/docs-xml/smbdotconf/security/forcegroup.xml
+++ b/docs-xml/smbdotconf/security/forcegroup.xml
@@ -1,6 +1,7 @@
 <samba:parameter name="force group"
                  context="S"
                  type="string"
+                 constant="1"
                  xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
 <synonym>group</synonym>
 <description>

diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index 2e4a1136254b56941dd1dfd1374560ec94f21181..df72172d9b015d1a295daa71073e8bcc6a2448a6 100644 (file)
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -243,23 +243,18 @@ static NTSTATUS find_forced_group(bool force_user,
        TALLOC_CTX *frame = talloc_stackframe();
        struct dom_sid group_sid;
        enum lsa_SidType type;
+       const char *force_group;
        char *groupname;
        bool user_must_be_member = False;
        gid_t gid;
 
-       groupname = lp_force_group(talloc_tos(), snum);
-       if (groupname == NULL) {
-               DEBUG(1, ("talloc_strdup failed\n"));
-               result = NT_STATUS_NO_MEMORY;
-               goto done;
-       }
-
-       if (groupname[0] == '+') {
-               user_must_be_member = True;
-               groupname += 1;
+       force_group = lp_force_group(snum);
+       if (force_group[0] == '+') {
+               user_must_be_member = true;
+               force_group += 1;
        }
 
-       groupname = talloc_string_sub(talloc_tos(), groupname,
+       groupname = talloc_string_sub(talloc_tos(), force_group,
                                      "%S", lp_const_servicename(snum));
        if (groupname == NULL) {
                DEBUG(1, ("talloc_string_sub failed\n"));
@@ -427,7 +422,7 @@ NTSTATUS set_conn_force_user_group(connection_struct *conn, int snum)
         * any groupid stored for the connecting user.
         */
 
-       if (*lp_force_group(talloc_tos(), snum)) {
+       if (*lp_force_group(snum)) {
 
                status = find_forced_group(
                        conn->force_user, snum, conn->session_info->unix_info->unix_name,

diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index 9d5321cf4ccc7772f81158a3356e6a8c0bd7c41d..b6a754b8cfd4c64bd6618d1425a780f092c4379d 100644 (file)
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -335,7 +335,8 @@ static bool change_to_user_internal(connection_struct *conn,
         * See if we should force group for this service. If so this overrides
         * any group set in the force user code.
         */
-       if((group_c = *lp_force_group(talloc_tos(), snum))) {
+       group_c = *lp_force_group(snum);
+       if (group_c != '\0') {
 
                SMB_ASSERT(conn->force_group_gid != (gid_t)-1);