diff options
-rw-r--r-- | source3/lib/afs.c | 10 | ||||
-rw-r--r-- | source3/lib/util_sec.c | 7 |
2 files changed, 5 insertions, 12 deletions
diff --git a/source3/lib/afs.c b/source3/lib/afs.c index 882442a79f..fc78950f39 100644 --- a/source3/lib/afs.c +++ b/source3/lib/afs.c @@ -185,13 +185,9 @@ BOOL afs_login(connection_struct *conn) strncpy(p, cell, sizeof(ticket)-PTR_DIFF(p,ticket)-1); p += strlen(p)+1; - /* As long as we still only use the effective UID we need to set the - * token for it here as well. This involves patching AFS in two - * places. Once we start using the real uid where we have the - * setresuid function, we can use getuid() here which would be more - * correct. */ - - ct.ViceId = geteuid(); + /* This assumes that we have setresuid and set the real uid as well as + the effective uid in set_effective_uid(). */ + ct.ViceId = getuid(); DEBUG(10, ("Creating Token for uid %d\n", ct.ViceId)); /* Alice's network layer address. At least Openafs-1.2.10 diff --git a/source3/lib/util_sec.c b/source3/lib/util_sec.c index 1980b8bfb7..7c2576ed91 100644 --- a/source3/lib/util_sec.c +++ b/source3/lib/util_sec.c @@ -183,11 +183,8 @@ void gain_root_group_privilege(void) void set_effective_uid(uid_t uid) { #if USE_SETRESUID - /* On Systems which have this function, would it not be more - * appropriate to also set the real uid by doing - * setresuid(uid,uid,-1)? This would make patching AFS - * unnecessary. See comment in lib/afs.c. */ - setresuid(-1,uid,-1); + /* Set the effective as well as the real uid. */ + setresuid(uid,uid,-1); #endif #if USE_SETREUID |