r907: fixing browse.dat bug -- don't include the resouce byte from the netbios name...

[jra/samba/.git] / source3 / lib / util_sec.c

diff --git a/source3/lib/util_sec.c b/source3/lib/util_sec.c
index d59b1b0471664a7b9a0f67cd4337a1418b67f89f..26be27ea515b60d06ac689986cc32d4d8572b2da 100644 (file)
--- a/source3/lib/util_sec.c
+++ b/source3/lib/util_sec.c
@@ -177,13 +177,22 @@ void gain_root_group_privilege(void)
 
 
 /****************************************************************************
- Set *only* the effective uid.
- we want to end up with ruid==0 and euid==uid
+ Set effective uid, and possibly the real uid too.
+ We want to end up with either:
+  
+   ruid==uid and euid==uid
+
+ or
+
+   ruid==0 and euid==uid
+
+ depending on what the local OS will allow us to regain root from.
 ****************************************************************************/
 void set_effective_uid(uid_t uid)
 {
 #if USE_SETRESUID
-       setresuid(-1,uid,-1);
+        /* Set the effective as well as the real uid. */
+       setresuid(uid,uid,-1);
 #endif
 
 #if USE_SETREUID
@@ -227,6 +236,7 @@ void set_effective_gid(gid_t gid)
 }
 
 static uid_t saved_euid, saved_ruid;
+static gid_t saved_egid, saved_rgid;
 
 /****************************************************************************
  save the real and effective uid for later restoration. Used by the quotas
@@ -264,6 +274,41 @@ void restore_re_uid(void)
        assert_uid(saved_ruid, saved_euid);
 }
 
+
+/****************************************************************************
+ save the real and effective gid for later restoration. Used by the 
+ getgroups code
+****************************************************************************/
+void save_re_gid(void)
+{
+       saved_rgid = getgid();
+       saved_egid = getegid();
+}
+
+/****************************************************************************
+ and restore them!
+****************************************************************************/
+void restore_re_gid(void)
+{
+#if USE_SETRESUID
+       setresgid(saved_rgid, saved_egid, -1);
+#elif USE_SETREUID
+       setregid(saved_rgid, -1);
+       setregid(-1,saved_egid);
+#elif USE_SETUIDX
+       setgidx(ID_REAL, saved_rgid);
+       setgidx(ID_EFFECTIVE, saved_egid);
+#else
+       set_effective_gid(saved_egid);
+       if (getgid() != saved_rgid)
+               setgid(saved_rgid);
+       set_effective_gid(saved_egid);
+#endif
+
+       assert_gid(saved_rgid, saved_egid);
+}
+
+
 /****************************************************************************
  set the real AND effective uid to the current effective uid in a way that
  allows root to be regained.