}
static uid_t saved_euid, saved_ruid;
+static gid_t saved_egid, saved_rgid;
/****************************************************************************
save the real and effective uid for later restoration. Used by the quotas
assert_uid(saved_ruid, saved_euid);
}
+
+/****************************************************************************
+ save the real and effective gid for later restoration. Used by the
+ getgroups code
+****************************************************************************/
+void save_re_gid(void)
+{
+ saved_rgid = getgid();
+ saved_egid = getegid();
+}
+
+/****************************************************************************
+ and restore them!
+****************************************************************************/
+void restore_re_gid(void)
+{
+#if USE_SETRESUID
+ setresgid(saved_rgid, saved_egid, -1);
+#elif USE_SETREUID
+ setregid(saved_rgid, -1);
+ setregid(-1,saved_egid);
+#elif USE_SETUIDX
+ setgidx(ID_REAL, saved_rgid);
+ setgidx(ID_EFFECTIVE, saved_egid);
+#else
+ set_effective_gid(saved_egid);
+ if (getgid() != saved_rgid)
+ setgid(saved_rgid);
+ set_effective_gid(saved_egid);
+#endif
+
+ assert_gid(saved_rgid, saved_egid);
+}
+
+
/****************************************************************************
set the real AND effective uid to the current effective uid in a way that
allows root to be regained.
/* Set up pipe user group membership. */
initialise_groups(p->pipe_user_name, p->pipe_user.uid, p->pipe_user.gid);
- get_current_groups( &p->pipe_user.ngroups, &p->pipe_user.groups);
+ get_current_groups(p->pipe_user.gid, &p->pipe_user.ngroups, &p->pipe_user.groups);
if (server_info->ptok)
add_supplementary_nt_login_groups(&p->pipe_user.ngroups, &p->pipe_user.groups, &server_info->ptok);
/* Find all the groups this uid is in and store them.
Used by change_to_user() */
initialise_groups(vuser->user.unix_name, vuser->uid, vuser->gid);
- get_current_groups( &vuser->n_groups, &vuser->groups);
+ get_current_groups(vuser->gid, &vuser->n_groups, &vuser->groups);
if (server_info->ptok)
add_supplementary_nt_login_groups(&vuser->n_groups, &vuser->groups, &server_info->ptok);
Get the list of current groups.
****************************************************************************/
-int get_current_groups(int *p_ngroups, gid_t **p_groups)
+int get_current_groups(gid_t gid, int *p_ngroups, gid_t **p_groups)
{
int i;
gid_t grp;
- int ngroups = sys_getgroups(0,&grp);
- gid_t *groups;
+ int ngroups;
+ gid_t *groups = NULL;
(*p_ngroups) = 0;
(*p_groups) = NULL;
- if (ngroups <= 0)
- return -1;
+ /* this looks a little strange, but is needed to cope with
+ systems that put the current egid in the group list
+ returned from getgroups() (tridge) */
+ save_re_gid();
+ set_effective_gid(gid);
+ setgid(gid);
- if((groups = (gid_t *)malloc(sizeof(gid_t)*ngroups)) == NULL) {
+ ngroups = sys_getgroups(0,&grp);
+ if (ngroups <= 0) {
+ goto fail;
+ }
+
+ if((groups = (gid_t *)malloc(sizeof(gid_t)*(ngroups+1))) == NULL) {
DEBUG(0,("setup_groups malloc fail !\n"));
- return -1;
+ goto fail;
}
if ((ngroups = sys_getgroups(ngroups,groups)) == -1) {
- SAFE_FREE(groups);
- return -1;
+ goto fail;
}
+ restore_re_gid();
+
(*p_ngroups) = ngroups;
(*p_groups) = groups;
}
DEBUG( 3, ( "\n" ) );
- return ngroups;
+ return ngroups;
+
+fail:
+ SAFE_FREE(groups);
+ restore_re_gid();
+ return -1;
}
/****************************************************************************
SAFE_FREE(prev_ctx_p->groups);
prev_ctx_p->ngroups = 0;
- get_current_groups(&prev_ctx_p->ngroups, &prev_ctx_p->groups);
+ get_current_groups(gid, &prev_ctx_p->ngroups, &prev_ctx_p->groups);
done:
unbecome_root();
ctx_p->uid = geteuid();
ctx_p->gid = getegid();
- get_current_groups(&ctx_p->ngroups, &ctx_p->groups);
+ get_current_groups(ctx_p->gid, &ctx_p->ngroups, &ctx_p->groups);
ctx_p->token = NULL; /* Maps to guest user. */
git.samba.org / import / samba-cvsimport.git / commitdiff