char *validated_username(uint16 vuid);
char *validated_domain(uint16 vuid);
int initialize_groups(char *user, uid_t uid, gid_t gid);
+NT_USER_TOKEN *create_nt_token(uid_t uid, gid_t gid, int ngroups, gid_t *groups);
uint16 register_vuid(uid_t uid,gid_t gid, char *unix_name, char *requested_name,
char *domain,BOOL guest);
void add_session_user(char *user);
int get_current_groups(int *p_ngroups, gid_t **p_groups);
void delete_nt_token(NT_USER_TOKEN **pptoken);
+NT_USER_TOKEN *dup_nt_token(NT_USER_TOKEN *ptoken);
BOOL push_sec_ctx(void);
void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN *token);
void set_root_sec_ctx(void);
memset(p->domain, '\0', sizeof(p->domain));
memset(p->wks, '\0', sizeof(p->wks));
+ /* Set up for non-authenticated user. */
+ delete_nt_token(&p->pipe_user.nt_user_token);
+ p->pipe_user.ngroups = 0;
+ safe_free( p->pipe_user.groups);
+
/*
* Setup an empty password for a guest user.
*/
p->pipe_user.uid = pass->pw_uid;
p->pipe_user.gid = pass->pw_gid;
- /* XXX also set up pipe user group membership */
+ /* Set up pipe user group membership. */
+ initialize_groups(pipe_user_name, p->pipe_user.uid, p->pipe_user.gid);
+ get_current_groups( &p->pipe_user.ngroups, &p->pipe_user.groups);
+
+ /* Create an NT_USER_TOKEN struct for this user. */
+ p->pipe_user.nt_user_token = create_nt_token(p->pipe_user.uid,p->pipe_user.gid,
+ p->pipe_user.ngroups, p->pipe_user.groups);
p->ntlmssp_auth_validated = True;
return True;
DLIST_REMOVE(Pipes, p);
+ delete_nt_token(&p->pipe_user.nt_user_token);
+ safe_free(p->pipe_user.groups);
+
ZERO_STRUCTP(p);
free(p);
gotstart = 1;
}
- if( $0 ~ /^TDB_CONTEXT|^TDB_DATA|^smb_ucs2_t|^TALLOC_CTX|^hash_element|^NT_DEVICEMODE|^enum nss_status/ ) {
+ if( $0 ~ /^TDB_CONTEXT|^TDB_DATA|^smb_ucs2_t|^TALLOC_CTX|^hash_element|^NT_DEVICEMODE|^enum nss_status|^NT_USER_TOKEN/ ) {
gotstart = 1;
}
Initialize the groups a user belongs to.
****************************************************************************/
-int initialize_groups(char *user, uid_t uid, gid_t gid)
+BOOL initialize_groups(char *user, uid_t uid, gid_t gid)
{
+ become_root();
if (initgroups(user,gid) == -1) {
DEBUG(0,("Unable to initgroups. Error was %s\n", strerror(errno) ));
if (getuid() == 0) {
DEBUG(0,("This is probably a problem with the account %s\n", user));
}
}
- return -1;
+ unbecome_root();
+ return False;
}
- return 0;
+ become_root();
+ return True;
}
/****************************************************************************
return False;
}
- /* JRATEST - this needs fixined w.r.t. NT user tokens... */
set_sec_ctx(p->pipe_user.uid, p->pipe_user.gid,
- p->pipe_user.ngroups, p->pipe_user.groups, NULL);
+ p->pipe_user.ngroups, p->pipe_user.groups, p->pipe_user.nt_user_token);
return True;
}