2 Unix SMB/CIFS implementation.
3 system call wrapper interface.
4 Copyright (C) Andrew Tridgell 2002
5 Copyright (C) Andrew Barteltt 2002
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 This file may assume linkage with smbd - for things like become_root()
28 #ifndef HAVE_GETGROUPLIST
31 This is a *much* faster way of getting the list of groups for a user
32 without changing the current supplementary group list. The old
33 method used getgrent() which could take 20 minutes on a really big
34 network with hundeds of thousands of groups and users. The new method
35 takes a couple of seconds.
37 NOTE!! this function only works if it is called as root!
40 static int getgrouplist_internals(const char *user, gid_t gid, gid_t *groups,
44 int ret, ngrp_saved, num_gids;
46 if (non_root_mode()) {
51 /* work out how many groups we need to save */
52 ngrp_saved = getgroups(0, NULL);
53 if (ngrp_saved == -1) {
54 /* this shouldn't happen */
58 gids_saved = SMB_MALLOC_ARRAY(gid_t, ngrp_saved+1);
64 ngrp_saved = getgroups(ngrp_saved, gids_saved);
65 if (ngrp_saved == -1) {
66 SAFE_FREE(gids_saved);
71 if (initgroups(user, gid) != 0) {
72 DEBUG(0, ("getgrouplist_internals: initgroups() failed!\n"));
73 SAFE_FREE(gids_saved);
77 /* this must be done to cope with systems that put the current egid in the
78 return from getgroups() */
80 set_effective_gid(gid);
83 num_gids = getgroups(0, NULL);
85 SAFE_FREE(gids_saved);
90 if (num_gids + 1 > *grpcnt) {
91 *grpcnt = num_gids + 1;
94 ret = getgroups(*grpcnt - 1, &groups[1]);
96 SAFE_FREE(gids_saved);
106 if (sys_setgroups(gid, ngrp_saved, gids_saved) != 0) {
108 DEBUG(0,("ERROR: getgrouplist: failed to reset group list!\n"));
109 smb_panic("getgrouplist: failed to reset group list!");
117 static int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grpcnt)
122 DEBUG(10,("sys_getgrouplist: user [%s]\n", user));
124 /* This is only ever called for Unix users, remote memberships are
125 * always determined by the info3 coming back from auth3 or the
127 winbind_env = winbind_env_set();
130 #ifdef HAVE_GETGROUPLIST
131 retval = getgrouplist(user, gid, groups, grpcnt);
134 retval = getgrouplist_internals(user, gid, groups, grpcnt);
138 /* allow winbindd lookups, but only if they were not already disabled */
146 bool getgroups_unix_user(TALLOC_CTX *mem_ctx, const char *user,
148 gid_t **ret_groups, size_t *p_ngroups)
156 max_grp = MIN(32, groups_max());
157 temp_groups = SMB_MALLOC_ARRAY(gid_t, max_grp);
162 if (sys_getgrouplist(user, primary_gid, temp_groups, &max_grp) == -1) {
163 temp_groups = SMB_REALLOC_ARRAY(temp_groups, gid_t, max_grp);
168 if (sys_getgrouplist(user, primary_gid,
169 temp_groups, &max_grp) == -1) {
170 DEBUG(0, ("get_user_groups: failed to get the unix "
172 SAFE_FREE(temp_groups);
180 /* Add in primary group first */
181 if (!add_gid_to_array_unique(mem_ctx, primary_gid, &groups, &ngrp)) {
182 SAFE_FREE(temp_groups);
186 for (i=0; i<max_grp; i++) {
187 if (!add_gid_to_array_unique(mem_ctx, temp_groups[i],
189 SAFE_FREE(temp_groups);
195 *ret_groups = groups;
196 SAFE_FREE(temp_groups);