From: Arvin Schnell <aschnell@suse.de>
Date: Tue, 25 Jun 2013 07:10:57 +0000 (+0200)
Subject: - also call initgroups in pam_snapper (bnc#815383)
X-Git-Tag: v0.1.5~14
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f91eeced7d5f9f20f5375dc4502f7483fb7f6e6f;p=thirdparty%2Fsnapper.git

- also call initgroups in pam_snapper (bnc#815383)
---

diff --git a/package/snapper.changes b/package/snapper.changes
index 2cced6ae..5006969f 100644
--- a/package/snapper.changes
+++ b/package/snapper.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Tue Jun 25 09:09:20 CEST 2013 - aschnell@suse.de
+
+- also call initgroups in pam_snapper (bnc#815383)
+
 -------------------------------------------------------------------
 Fri Jun 21 15:50:22 CEST 2013 - aschnell@suse.de
 
diff --git a/pam/pam_snapper.c b/pam/pam_snapper.c
index 86aff7ab..f429be42 100644
--- a/pam/pam_snapper.c
+++ b/pam/pam_snapper.c
@@ -64,6 +64,7 @@
 #include <sys/wait.h>
 #include <sys/mman.h>
 #include <pwd.h>
+#include <grp.h>
 
 /*
  * PAM Preamble
@@ -353,10 +354,10 @@ static int cdbus_create_snapshot( const char *snapper_conf, createmode_t createm
  * Special functions for pam_snapper
  */
 
-static int forker( pam_handle_t * pamh, uid_t uid, gid_t gid, const char *snapper_conf,
-		   createmode_t createmode, const char *cleanup, uint32_t num_user_data,
-		   const struct dict *user_data, const uint32_t * snapshot_num_in,
-		   uint32_t * snapshot_num_out )
+static int forker( pam_handle_t * pamh, const char *pam_user, uid_t uid, gid_t gid,
+		   const char *snapper_conf, createmode_t createmode, const char *cleanup,
+		   uint32_t num_user_data, const struct dict *user_data,
+		   const uint32_t * snapshot_num_in, uint32_t * snapshot_num_out )
 {
 	void *p = mmap( NULL, sizeof( *snapshot_num_out ), PROT_READ | PROT_WRITE,
 			MAP_SHARED | MAP_ANONYMOUS, -1, 0 );
@@ -370,7 +371,7 @@ static int forker( pam_handle_t * pamh, uid_t uid, gid_t gid, const char *snappe
 
 		/* setting uid/gui affects other threads so it has to be done in a separate process */
 
-		if ( setegid( gid ) != 0 || seteuid( uid ) != 0 ) {
+		if ( setgid( gid ) != 0 || initgroups( pam_user, gid ) != 0 || setuid( uid ) != 0 ) {
 			munmap( p, sizeof( *snapshot_num_out ) );
 			exit( EXIT_FAILURE );
 		}
@@ -497,8 +498,8 @@ static int worker( pam_handle_t * pamh, const char *pam_user, const char *snappe
 		}
 	}
 
-	if ( forker( pamh, uid, gid, snapper_conf, createmode, cleanup, num_user_data, user_data,
-		     snapshot_num_in, snapshot_num_out ) != 0 )
+	if ( forker( pamh, pam_user, uid, gid, snapper_conf, createmode, cleanup, num_user_data,
+		     user_data, snapshot_num_in, snapshot_num_out ) != 0 )
 		return -1;
 
 	if ( pam_set_data