From 0a1f5d71e4ad551f178613fff8bd288ad0cad057 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 8 Jun 2007 19:58:32 +0000 Subject: r23391: Second part of the patch for Apple. Change the sequence : gain_root(); sys_setgroups(ngroups, groups); become_id(uid, gid); to a function call : set_unix_security_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups) James - should be safe for you to create a Darwin-specific version of this function now. Jeremy. (This used to be commit 8ee982b3678be41ce8b4f4c1df428dcbf897ccbe) --- source3/smbd/sec_ctx.c | 36 ++++++++++++++++++++++-------------- 1 file changed, 22 insertions(+), 14 deletions(-) (limited to 'source3/smbd/sec_ctx.c') diff --git a/source3/smbd/sec_ctx.c b/source3/smbd/sec_ctx.c index 14faba5ee3..fd79fbb7fe 100644 --- a/source3/smbd/sec_ctx.c +++ b/source3/smbd/sec_ctx.c @@ -227,6 +227,21 @@ BOOL push_sec_ctx(void) return True; } +/**************************************************************************** + Change UNIX security context. Calls panic if not successful so no return value. +****************************************************************************/ + +static void set_unix_security_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups) +{ + /* Start context switch */ + gain_root(); +#ifdef HAVE_SETGROUPS + sys_setgroups(ngroups, groups); +#endif + become_id(uid, gid); + /* end context switch */ +} + /**************************************************************************** Set the current security context to a given user. ****************************************************************************/ @@ -243,13 +258,8 @@ void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN debug_nt_user_token(DBGC_CLASS, 5, token); debug_unix_user_token(DBGC_CLASS, 5, uid, gid, ngroups, groups); - /* Start context switch */ - gain_root(); -#ifdef HAVE_SETGROUPS - sys_setgroups(ngroups, groups); -#endif - become_id(uid, gid); - /* end context switch */ + /* Change uid, gid and supplementary group list. */ + set_unix_security_ctx(uid, gid, ngroups, groups); ctx_p->ut.ngroups = ngroups; @@ -336,13 +346,11 @@ BOOL pop_sec_ctx(void) prev_ctx_p = &sec_ctx_stack[sec_ctx_stack_ndx]; - /* Start context switch */ - gain_root(); -#ifdef HAVE_SETGROUPS - sys_setgroups(prev_ctx_p->ut.ngroups, prev_ctx_p->ut.groups); -#endif - become_id(prev_ctx_p->ut.uid, prev_ctx_p->ut.gid); - /* end context switch */ + /* Change uid, gid and supplementary group list. */ + set_unix_security_ctx(prev_ctx_p->ut.uid, + prev_ctx_p->ut.gid, + prev_ctx_p->ut.ngroups, + prev_ctx_p->ut.groups); /* Update current_user stuff */ -- cgit