From 369040ac5d7220a301b09c16b0a6f4a3ce14c8b6 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 15 Jul 2002 03:59:14 +0000 Subject: fixed a problem with getgroups() where it could include our current effective gid which could mean that the user gets group 0 in their group list for acl interpretation this is a replacement fix for the one richard did in 2.2 (which didn't cope wiith variable behaviour depending on which nss module was in use) (This used to be commit cfc5ca3416cea5ea5d2ac34f5521cb6367e42cd2) --- source3/lib/util_sec.c | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) (limited to 'source3/lib/util_sec.c') diff --git a/source3/lib/util_sec.c b/source3/lib/util_sec.c index d59b1b0471..132748ce13 100644 --- a/source3/lib/util_sec.c +++ b/source3/lib/util_sec.c @@ -227,6 +227,7 @@ void set_effective_gid(gid_t gid) } static uid_t saved_euid, saved_ruid; +static gid_t saved_egid, saved_rgid; /**************************************************************************** save the real and effective uid for later restoration. Used by the quotas @@ -264,6 +265,41 @@ void restore_re_uid(void) assert_uid(saved_ruid, saved_euid); } + +/**************************************************************************** + save the real and effective gid for later restoration. Used by the + getgroups code +****************************************************************************/ +void save_re_gid(void) +{ + saved_rgid = getgid(); + saved_egid = getegid(); +} + +/**************************************************************************** + and restore them! +****************************************************************************/ +void restore_re_gid(void) +{ +#if USE_SETRESUID + setresgid(saved_rgid, saved_egid, -1); +#elif USE_SETREUID + setregid(saved_rgid, -1); + setregid(-1,saved_egid); +#elif USE_SETUIDX + setgidx(ID_REAL, saved_rgid); + setgidx(ID_EFFECTIVE, saved_egid); +#else + set_effective_gid(saved_egid); + if (getgid() != saved_rgid) + setgid(saved_rgid); + set_effective_gid(saved_egid); +#endif + + assert_gid(saved_rgid, saved_egid); +} + + /**************************************************************************** set the real AND effective uid to the current effective uid in a way that allows root to be regained. -- cgit