diff options
-rw-r--r-- | source3/smbd/sec_ctx.c | 36 |
1 files changed, 22 insertions, 14 deletions
diff --git a/source3/smbd/sec_ctx.c b/source3/smbd/sec_ctx.c index 14faba5ee3..fd79fbb7fe 100644 --- a/source3/smbd/sec_ctx.c +++ b/source3/smbd/sec_ctx.c @@ -228,6 +228,21 @@ BOOL push_sec_ctx(void) } /**************************************************************************** + Change UNIX security context. Calls panic if not successful so no return value. +****************************************************************************/ + +static void set_unix_security_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups) +{ + /* Start context switch */ + gain_root(); +#ifdef HAVE_SETGROUPS + sys_setgroups(ngroups, groups); +#endif + become_id(uid, gid); + /* end context switch */ +} + +/**************************************************************************** Set the current security context to a given user. ****************************************************************************/ @@ -243,13 +258,8 @@ void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN debug_nt_user_token(DBGC_CLASS, 5, token); debug_unix_user_token(DBGC_CLASS, 5, uid, gid, ngroups, groups); - /* Start context switch */ - gain_root(); -#ifdef HAVE_SETGROUPS - sys_setgroups(ngroups, groups); -#endif - become_id(uid, gid); - /* end context switch */ + /* Change uid, gid and supplementary group list. */ + set_unix_security_ctx(uid, gid, ngroups, groups); ctx_p->ut.ngroups = ngroups; @@ -336,13 +346,11 @@ BOOL pop_sec_ctx(void) prev_ctx_p = &sec_ctx_stack[sec_ctx_stack_ndx]; - /* Start context switch */ - gain_root(); -#ifdef HAVE_SETGROUPS - sys_setgroups(prev_ctx_p->ut.ngroups, prev_ctx_p->ut.groups); -#endif - become_id(prev_ctx_p->ut.uid, prev_ctx_p->ut.gid); - /* end context switch */ + /* Change uid, gid and supplementary group list. */ + set_unix_security_ctx(prev_ctx_p->ut.uid, + prev_ctx_p->ut.gid, + prev_ctx_p->ut.ngroups, + prev_ctx_p->ut.groups); /* Update current_user stuff */ |