summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/lib/afs.c10
-rw-r--r--source3/lib/util_sec.c7
2 files changed, 5 insertions, 12 deletions
diff --git a/source3/lib/afs.c b/source3/lib/afs.c
index 882442a79f..fc78950f39 100644
--- a/source3/lib/afs.c
+++ b/source3/lib/afs.c
@@ -185,13 +185,9 @@ BOOL afs_login(connection_struct *conn)
strncpy(p, cell, sizeof(ticket)-PTR_DIFF(p,ticket)-1);
p += strlen(p)+1;
- /* As long as we still only use the effective UID we need to set the
- * token for it here as well. This involves patching AFS in two
- * places. Once we start using the real uid where we have the
- * setresuid function, we can use getuid() here which would be more
- * correct. */
-
- ct.ViceId = geteuid();
+ /* This assumes that we have setresuid and set the real uid as well as
+ the effective uid in set_effective_uid(). */
+ ct.ViceId = getuid();
DEBUG(10, ("Creating Token for uid %d\n", ct.ViceId));
/* Alice's network layer address. At least Openafs-1.2.10
diff --git a/source3/lib/util_sec.c b/source3/lib/util_sec.c
index 1980b8bfb7..7c2576ed91 100644
--- a/source3/lib/util_sec.c
+++ b/source3/lib/util_sec.c
@@ -183,11 +183,8 @@ void gain_root_group_privilege(void)
void set_effective_uid(uid_t uid)
{
#if USE_SETRESUID
- /* On Systems which have this function, would it not be more
- * appropriate to also set the real uid by doing
- * setresuid(uid,uid,-1)? This would make patching AFS
- * unnecessary. See comment in lib/afs.c. */
- setresuid(-1,uid,-1);
+ /* Set the effective as well as the real uid. */
+ setresuid(uid,uid,-1);
#endif
#if USE_SETREUID