diff options
| author | Jeremy Allison <jra@samba.org> | 2000-08-04 00:59:09 +0000 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2000-08-04 00:59:09 +0000 |
| commit | 06e4f11acd3aedd6c8e4adf365932a01eca902b8 (patch) | |
| tree | 07a8837ca9915b56fa0829a537f1e8a68f4e5a0c /source3/smbd/password.c | |
| parent | f87399915b009f88c41cb75a583c2972fe3daf30 (diff) | |
| download | samba-06e4f11acd3aedd6c8e4adf365932a01eca902b8.tar.gz samba-06e4f11acd3aedd6c8e4adf365932a01eca902b8.tar.bz2 samba-06e4f11acd3aedd6c8e4adf365932a01eca902b8.zip | |
Fixed up the user/group contexts when using authenticated pipes.
Added a become_root()/unbecome_root() (push/pop security context)
around the initgroups() call to ensure it would succeed. Hmmm - I
wonder if this call being done as non-root might explain any "group access"
bugs we've had in the past....
Jeremy.
(This used to be commit 06a65972e872f37d88b84f22ea714feebd38f6c0)
Diffstat (limited to 'source3/smbd/password.c')
| -rw-r--r-- | source3/smbd/password.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 9af7d3b1e9..4aa753c022 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -163,8 +163,9 @@ char *validated_domain(uint16 vuid) Initialize the groups a user belongs to. ****************************************************************************/ -int initialize_groups(char *user, uid_t uid, gid_t gid) +BOOL initialize_groups(char *user, uid_t uid, gid_t gid) { + become_root(); if (initgroups(user,gid) == -1) { DEBUG(0,("Unable to initgroups. Error was %s\n", strerror(errno) )); if (getuid() == 0) { @@ -172,9 +173,11 @@ int initialize_groups(char *user, uid_t uid, gid_t gid) DEBUG(0,("This is probably a problem with the account %s\n", user)); } } - return -1; + unbecome_root(); + return False; } - return 0; + become_root(); + return True; } /**************************************************************************** |