diff options
| author | Andrew Tridgell <tridge@samba.org> | 2002-07-15 03:59:14 +0000 |
|---|---|---|
| committer | Andrew Tridgell <tridge@samba.org> | 2002-07-15 03:59:14 +0000 |
| commit | 369040ac5d7220a301b09c16b0a6f4a3ce14c8b6 (patch) | |
| tree | 5c0bccd36c23542221427ca27c8c4fa6af409fbf /source3/smbd/sec_ctx.c | |
| parent | ae10baa5fc98863c242b1036f588f59cf6ae3e0d (diff) | |
| download | samba-369040ac5d7220a301b09c16b0a6f4a3ce14c8b6.tar.gz samba-369040ac5d7220a301b09c16b0a6f4a3ce14c8b6.tar.bz2 samba-369040ac5d7220a301b09c16b0a6f4a3ce14c8b6.zip | |
fixed a problem with getgroups() where it could include our current
effective gid which could mean that the user gets group 0 in their
group list for acl interpretation
this is a replacement fix for the one richard did in 2.2 (which didn't
cope wiith variable behaviour depending on which nss module was in
use)
(This used to be commit cfc5ca3416cea5ea5d2ac34f5521cb6367e42cd2)
Diffstat (limited to 'source3/smbd/sec_ctx.c')
| -rw-r--r-- | source3/smbd/sec_ctx.c | 39 |
1 files changed, 27 insertions, 12 deletions
diff --git a/source3/smbd/sec_ctx.c b/source3/smbd/sec_ctx.c index 87bf8b1744..bdcdce6e14 100644 --- a/source3/smbd/sec_ctx.c +++ b/source3/smbd/sec_ctx.c @@ -132,29 +132,39 @@ static void gain_root(void) Get the list of current groups. ****************************************************************************/ -int get_current_groups(int *p_ngroups, gid_t **p_groups) +int get_current_groups(gid_t gid, int *p_ngroups, gid_t **p_groups) { int i; gid_t grp; - int ngroups = sys_getgroups(0,&grp); - gid_t *groups; + int ngroups; + gid_t *groups = NULL; (*p_ngroups) = 0; (*p_groups) = NULL; - if (ngroups <= 0) - return -1; + /* this looks a little strange, but is needed to cope with + systems that put the current egid in the group list + returned from getgroups() (tridge) */ + save_re_gid(); + set_effective_gid(gid); + setgid(gid); - if((groups = (gid_t *)malloc(sizeof(gid_t)*ngroups)) == NULL) { + ngroups = sys_getgroups(0,&grp); + if (ngroups <= 0) { + goto fail; + } + + if((groups = (gid_t *)malloc(sizeof(gid_t)*(ngroups+1))) == NULL) { DEBUG(0,("setup_groups malloc fail !\n")); - return -1; + goto fail; } if ((ngroups = sys_getgroups(ngroups,groups)) == -1) { - SAFE_FREE(groups); - return -1; + goto fail; } + restore_re_gid(); + (*p_ngroups) = ngroups; (*p_groups) = groups; @@ -164,7 +174,12 @@ int get_current_groups(int *p_ngroups, gid_t **p_groups) } DEBUG( 3, ( "\n" ) ); - return ngroups; + return ngroups; + +fail: + SAFE_FREE(groups); + restore_re_gid(); + return -1; } /**************************************************************************** @@ -204,7 +219,7 @@ BOOL initialise_groups(char *user, uid_t uid, gid_t gid) SAFE_FREE(prev_ctx_p->groups); prev_ctx_p->ngroups = 0; - get_current_groups(&prev_ctx_p->ngroups, &prev_ctx_p->groups); + get_current_groups(gid, &prev_ctx_p->ngroups, &prev_ctx_p->groups); done: unbecome_root(); @@ -404,7 +419,7 @@ void init_sec_ctx(void) ctx_p->uid = geteuid(); ctx_p->gid = getegid(); - get_current_groups(&ctx_p->ngroups, &ctx_p->groups); + get_current_groups(ctx_p->gid, &ctx_p->ngroups, &ctx_p->groups); ctx_p->token = NULL; /* Maps to guest user. */ |