summaryrefslogtreecommitdiff
path: root/source3/lib
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2002-07-15 03:59:14 +0000
committerAndrew Tridgell <tridge@samba.org>2002-07-15 03:59:14 +0000
commit369040ac5d7220a301b09c16b0a6f4a3ce14c8b6 (patch)
tree5c0bccd36c23542221427ca27c8c4fa6af409fbf /source3/lib
parentae10baa5fc98863c242b1036f588f59cf6ae3e0d (diff)
downloadsamba-369040ac5d7220a301b09c16b0a6f4a3ce14c8b6.tar.gz
samba-369040ac5d7220a301b09c16b0a6f4a3ce14c8b6.tar.bz2
samba-369040ac5d7220a301b09c16b0a6f4a3ce14c8b6.zip
fixed a problem with getgroups() where it could include our current
effective gid which could mean that the user gets group 0 in their group list for acl interpretation this is a replacement fix for the one richard did in 2.2 (which didn't cope wiith variable behaviour depending on which nss module was in use) (This used to be commit cfc5ca3416cea5ea5d2ac34f5521cb6367e42cd2)
Diffstat (limited to 'source3/lib')
-rw-r--r--source3/lib/util_sec.c36
1 files changed, 36 insertions, 0 deletions
diff --git a/source3/lib/util_sec.c b/source3/lib/util_sec.c
index d59b1b0471..132748ce13 100644
--- a/source3/lib/util_sec.c
+++ b/source3/lib/util_sec.c
@@ -227,6 +227,7 @@ void set_effective_gid(gid_t gid)
}
static uid_t saved_euid, saved_ruid;
+static gid_t saved_egid, saved_rgid;
/****************************************************************************
save the real and effective uid for later restoration. Used by the quotas
@@ -264,6 +265,41 @@ void restore_re_uid(void)
assert_uid(saved_ruid, saved_euid);
}
+
+/****************************************************************************
+ save the real and effective gid for later restoration. Used by the
+ getgroups code
+****************************************************************************/
+void save_re_gid(void)
+{
+ saved_rgid = getgid();
+ saved_egid = getegid();
+}
+
+/****************************************************************************
+ and restore them!
+****************************************************************************/
+void restore_re_gid(void)
+{
+#if USE_SETRESUID
+ setresgid(saved_rgid, saved_egid, -1);
+#elif USE_SETREUID
+ setregid(saved_rgid, -1);
+ setregid(-1,saved_egid);
+#elif USE_SETUIDX
+ setgidx(ID_REAL, saved_rgid);
+ setgidx(ID_EFFECTIVE, saved_egid);
+#else
+ set_effective_gid(saved_egid);
+ if (getgid() != saved_rgid)
+ setgid(saved_rgid);
+ set_effective_gid(saved_egid);
+#endif
+
+ assert_gid(saved_rgid, saved_egid);
+}
+
+
/****************************************************************************
set the real AND effective uid to the current effective uid in a way that
allows root to be regained.