summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2012-07-10 16:56:20 -0700
committerJeremy Allison <jra@samba.org>2012-07-11 03:54:00 +0200
commitd81e20653baa53c678b2c421d90b6351a7388a37 (patch)
treea41729643874d4da5e8e59f8f12a970b8fd86393
parentb25619175f9ed3a62210b5b9f9cda7c4cde4f0db (diff)
downloadsamba-d81e20653baa53c678b2c421d90b6351a7388a37.tar.gz
samba-d81e20653baa53c678b2c421d90b6351a7388a37.tar.bz2
samba-d81e20653baa53c678b2c421d90b6351a7388a37.zip
Move set_thread_credentials_permanently() to set_thread_credentials()
as we need to keep the saved set uid/gid otherwise there is an interaction with open[at]() and NO_ATIME returning EPERM. As this is meant for threaded code inside the process we don't need to do an irreverisble change anyway. Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Jul 11 03:54:00 CEST 2012 on sn-devel-104
-rw-r--r--source3/include/proto.h8
-rw-r--r--source3/lib/util_sec.c24
2 files changed, 16 insertions, 16 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 7625983518..95dded820d 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -549,10 +549,10 @@ void save_re_gid(void);
void restore_re_gid(void);
int set_re_uid(void);
void become_user_permanently(uid_t uid, gid_t gid);
-int set_thread_credentials_permanently(uid_t uid,
- gid_t gid,
- size_t setlen,
- const gid_t *gidset);
+int set_thread_credentials(uid_t uid,
+ gid_t gid,
+ size_t setlen,
+ const gid_t *gidset);
bool is_setuid_root(void) ;
/* The following definitions come from lib/util_sid.c */
diff --git a/source3/lib/util_sec.c b/source3/lib/util_sec.c
index 36d2a2b253..ac999e360d 100644
--- a/source3/lib/util_sec.c
+++ b/source3/lib/util_sec.c
@@ -411,14 +411,14 @@ void become_user_permanently(uid_t uid, gid_t gid)
}
/**********************************************************
- Function to set thread specific credentials in an
- irreversible way. Must be thread-safe code.
+ Function to set thread specific credentials. Leave
+ saved-set uid/gid alone.Must be thread-safe code.
**********************************************************/
-int set_thread_credentials_permanently(uid_t uid,
- gid_t gid,
- size_t setlen,
- const gid_t *gidset)
+int set_thread_credentials(uid_t uid,
+ gid_t gid,
+ size_t setlen,
+ const gid_t *gidset)
{
#if defined(USE_LINUX_THREAD_CREDENTIALS)
/*
@@ -433,22 +433,22 @@ int set_thread_credentials_permanently(uid_t uid,
return -1;
}
/* Set our primary gid. */
- /* Set rg=gid, eg=gid, sg=gid */
- if (samba_setresgid(gid, gid, gid) != 0) {
+ /* Set rg=gid, eg=gid */
+ if (samba_setresgid(gid, gid, -1) != 0) {
return -1;
}
/* Set extra groups list. */
if (samba_setgroups(setlen, gidset) != 0) {
return -1;
}
- /* Become the requested user. No way back after this. */
- /* Set ru=uid, eu=uid, su=uid */
- if (samba_setresuid(uid, uid, uid) != 0) {
+ /* Become the requested user. */
+ /* Set ru=uid, eu=uid */
+ if (samba_setresuid(uid, uid, -1) != 0) {
return -1;
}
if (geteuid() != uid || getuid() != uid ||
getegid() != gid || getgid() != gid) {
- smb_panic("set_thread_credentials_permanently failed\n");
+ smb_panic("set_thread_credentials failed\n");
return -1;
}
return 0;