From: Jeremy Allison Date: Fri, 8 Jun 2007 19:58:32 +0000 (+0000) Subject: r23391: Second part of the patch for Apple. X-Git-Tag: samba-misc-tags/initial-v3-0-unstable~244 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8ee982b3678be41ce8b4f4c1df428dcbf897ccbe;p=thirdparty%2Fsamba.git r23391: Second part of the patch for Apple. Change the sequence : gain_root(); sys_setgroups(ngroups, groups); become_id(uid, gid); to a function call : set_unix_security_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups) James - should be safe for you to create a Darwin-specific version of this function now. Jeremy. --- diff --git a/source/smbd/sec_ctx.c b/source/smbd/sec_ctx.c index 14faba5ee3b..fd79fbb7fe8 100644 --- a/source/smbd/sec_ctx.c +++ b/source/smbd/sec_ctx.c @@ -227,6 +227,21 @@ BOOL push_sec_ctx(void) return True; } +/**************************************************************************** + Change UNIX security context. Calls panic if not successful so no return value. +****************************************************************************/ + +static void set_unix_security_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups) +{ + /* Start context switch */ + gain_root(); +#ifdef HAVE_SETGROUPS + sys_setgroups(ngroups, groups); +#endif + become_id(uid, gid); + /* end context switch */ +} + /**************************************************************************** Set the current security context to a given user. ****************************************************************************/ @@ -243,13 +258,8 @@ void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN debug_nt_user_token(DBGC_CLASS, 5, token); debug_unix_user_token(DBGC_CLASS, 5, uid, gid, ngroups, groups); - /* Start context switch */ - gain_root(); -#ifdef HAVE_SETGROUPS - sys_setgroups(ngroups, groups); -#endif - become_id(uid, gid); - /* end context switch */ + /* Change uid, gid and supplementary group list. */ + set_unix_security_ctx(uid, gid, ngroups, groups); ctx_p->ut.ngroups = ngroups; @@ -336,13 +346,11 @@ BOOL pop_sec_ctx(void) prev_ctx_p = &sec_ctx_stack[sec_ctx_stack_ndx]; - /* Start context switch */ - gain_root(); -#ifdef HAVE_SETGROUPS - sys_setgroups(prev_ctx_p->ut.ngroups, prev_ctx_p->ut.groups); -#endif - become_id(prev_ctx_p->ut.uid, prev_ctx_p->ut.gid); - /* end context switch */ + /* Change uid, gid and supplementary group list. */ + set_unix_security_ctx(prev_ctx_p->ut.uid, + prev_ctx_p->ut.gid, + prev_ctx_p->ut.ngroups, + prev_ctx_p->ut.groups); /* Update current_user stuff */