diff options
author | Jeremy Allison <jra@samba.org> | 2007-06-08 19:58:32 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:23:12 -0500 |
commit | 0a1f5d71e4ad551f178613fff8bd288ad0cad057 (patch) | |
tree | 10dabb1e2aaa2bc3f0c8041faa69afc9661716f2 /source3/smbd | |
parent | 334c961cc55aafb6b5587ba8ab517b94f1cbe278 (diff) | |
download | samba-0a1f5d71e4ad551f178613fff8bd288ad0cad057.tar.gz samba-0a1f5d71e4ad551f178613fff8bd288ad0cad057.tar.bz2 samba-0a1f5d71e4ad551f178613fff8bd288ad0cad057.zip |
r23391: Second part of the patch for Apple.
Change the sequence :
gain_root();
sys_setgroups(ngroups, groups);
become_id(uid, gid);
to a function call :
set_unix_security_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups)
James - should be safe for you to create a Darwin-specific
version of this function now.
Jeremy.
(This used to be commit 8ee982b3678be41ce8b4f4c1df428dcbf897ccbe)
Diffstat (limited to 'source3/smbd')
-rw-r--r-- | source3/smbd/sec_ctx.c | 36 |
1 files changed, 22 insertions, 14 deletions
diff --git a/source3/smbd/sec_ctx.c b/source3/smbd/sec_ctx.c index 14faba5ee3..fd79fbb7fe 100644 --- a/source3/smbd/sec_ctx.c +++ b/source3/smbd/sec_ctx.c @@ -228,6 +228,21 @@ BOOL push_sec_ctx(void) } /**************************************************************************** + Change UNIX security context. Calls panic if not successful so no return value. +****************************************************************************/ + +static void set_unix_security_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups) +{ + /* Start context switch */ + gain_root(); +#ifdef HAVE_SETGROUPS + sys_setgroups(ngroups, groups); +#endif + become_id(uid, gid); + /* end context switch */ +} + +/**************************************************************************** Set the current security context to a given user. ****************************************************************************/ @@ -243,13 +258,8 @@ void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN debug_nt_user_token(DBGC_CLASS, 5, token); debug_unix_user_token(DBGC_CLASS, 5, uid, gid, ngroups, groups); - /* Start context switch */ - gain_root(); -#ifdef HAVE_SETGROUPS - sys_setgroups(ngroups, groups); -#endif - become_id(uid, gid); - /* end context switch */ + /* Change uid, gid and supplementary group list. */ + set_unix_security_ctx(uid, gid, ngroups, groups); ctx_p->ut.ngroups = ngroups; @@ -336,13 +346,11 @@ BOOL pop_sec_ctx(void) prev_ctx_p = &sec_ctx_stack[sec_ctx_stack_ndx]; - /* Start context switch */ - gain_root(); -#ifdef HAVE_SETGROUPS - sys_setgroups(prev_ctx_p->ut.ngroups, prev_ctx_p->ut.groups); -#endif - become_id(prev_ctx_p->ut.uid, prev_ctx_p->ut.gid); - /* end context switch */ + /* Change uid, gid and supplementary group list. */ + set_unix_security_ctx(prev_ctx_p->ut.uid, + prev_ctx_p->ut.gid, + prev_ctx_p->ut.ngroups, + prev_ctx_p->ut.groups); /* Update current_user stuff */ |