This changes our behaviour when the setresuid call is available. We now not
only change the effective uid but also the real uid when becoming
unprivileged. This is mainly for improved AFS compatibility, as AFS selects
the token to send to the server based on the real uid of the process.
I tested this with a W2k server with two non-root 'runas' sessions. They come
in via a single smbd as two different users using two session setups. Samba on
Linux can still switch between the two uids, proved by two different files
created via those sessions.
Volker
(This used to be commit
556c62f93535c606122b22e7e843d9da9a1cd438)
strncpy(p, cell, sizeof(ticket)-PTR_DIFF(p,ticket)-1);
p += strlen(p)+1;
- /* As long as we still only use the effective UID we need to set the
- * token for it here as well. This involves patching AFS in two
- * places. Once we start using the real uid where we have the
- * setresuid function, we can use getuid() here which would be more
- * correct. */
-
- ct.ViceId = geteuid();
+ /* This assumes that we have setresuid and set the real uid as well as
+ the effective uid in set_effective_uid(). */
+ ct.ViceId = getuid();
DEBUG(10, ("Creating Token for uid %d\n", ct.ViceId));
/* Alice's network layer address. At least Openafs-1.2.10
void set_effective_uid(uid_t uid)
{
#if USE_SETRESUID
- /* On Systems which have this function, would it not be more
- * appropriate to also set the real uid by doing
- * setresuid(uid,uid,-1)? This would make patching AFS
- * unnecessary. See comment in lib/afs.c. */
- setresuid(-1,uid,-1);
+ /* Set the effective as well as the real uid. */
+ setresuid(uid,uid,-1);
#endif
#if USE_SETREUID
git.samba.org / gd / samba / .git / commitdiff