r23391: Second part of the patch for Apple.

Change the sequence :

gain_root();
sys_setgroups(ngroups, groups);
become_id(uid, gid);

to a function call :

set_unix_security_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups)

James - should be safe for you to create a Darwin-specific
version of this function now.

Jeremy.
(This used to be commit 8ee982b3678be41ce8b4f4c1df428dcbf897ccbe)

diff --git a/source3/smbd/sec_ctx.c b/source3/smbd/sec_ctx.c
index 14faba5ee3bfed5048d7535d102349c1a30daa54..fd79fbb7fe894dd0657a317332c039ab769e3493 100644 (file)
--- a/source3/smbd/sec_ctx.c
+++ b/source3/smbd/sec_ctx.c
@@ -227,6 +227,21 @@ BOOL push_sec_ctx(void)
        return True;
 }
 
+/****************************************************************************
+ Change UNIX security context. Calls panic if not successful so no return value.
+****************************************************************************/
+
+static void set_unix_security_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups)
+{
+       /* Start context switch */
+       gain_root();
+#ifdef HAVE_SETGROUPS
+       sys_setgroups(ngroups, groups);
+#endif
+       become_id(uid, gid);
+       /* end context switch */
+}
+
 /****************************************************************************
  Set the current security context to a given user.
 ****************************************************************************/
@@ -243,13 +258,8 @@ void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN
        debug_nt_user_token(DBGC_CLASS, 5, token);
        debug_unix_user_token(DBGC_CLASS, 5, uid, gid, ngroups, groups);
 
-       /* Start context switch */
-       gain_root();
-#ifdef HAVE_SETGROUPS
-       sys_setgroups(ngroups, groups);
-#endif
-       become_id(uid, gid);
-       /* end context switch */
+       /* Change uid, gid and supplementary group list. */
+       set_unix_security_ctx(uid, gid, ngroups, groups);
 
        ctx_p->ut.ngroups = ngroups;
 
@@ -336,13 +346,11 @@ BOOL pop_sec_ctx(void)
 
        prev_ctx_p = &sec_ctx_stack[sec_ctx_stack_ndx];
 
-       /* Start context switch */
-       gain_root();
-#ifdef HAVE_SETGROUPS
-       sys_setgroups(prev_ctx_p->ut.ngroups, prev_ctx_p->ut.groups);
-#endif
-       become_id(prev_ctx_p->ut.uid, prev_ctx_p->ut.gid);
-       /* end context switch */
+       /* Change uid, gid and supplementary group list. */
+       set_unix_security_ctx(prev_ctx_p->ut.uid,
+                       prev_ctx_p->ut.gid,
+                       prev_ctx_p->ut.ngroups,
+                       prev_ctx_p->ut.groups);
 
        /* Update current_user stuff */