uwrap: Support dropping all supplemetary groups with setgroups()
authorJakub Hrozek <jakub.hrozek@gmail.com>
Thu, 31 Jul 2014 08:20:40 +0000 (10:20 +0200)
committerMichael Adam <obnox@samba.org>
Thu, 31 Jul 2014 16:49:48 +0000 (18:49 +0200)
Dropping all supplementary groups is a common practice when changing
UIDs. This patch adds support for dropping all supplementary groups when
setgroups is called with size=0.

Signed-off-by: Jakub Hrozek <jakub.hrozek@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
lib/uid_wrapper/uid_wrapper.c

index f53aa470992cf14eb2747e60cac42c067478999e..2181767246ebe38b6582a36986108f25b6ac1c7c 100644 (file)
@@ -956,7 +956,11 @@ static int uwrap_setgroups_thread(size_t size, const gid_t *list)
 
        pthread_mutex_lock(&uwrap_id_mutex);
 
-       if (size > 0) {
+       if (size == 0) {
+               free(id->groups);
+               id->groups = NULL;
+               id->ngroups = 0;
+       } else if (size > 0) {
                gid_t *tmp;
 
                tmp = realloc(id->groups, sizeof(gid_t) * size);
@@ -984,7 +988,13 @@ static int uwrap_setgroups(size_t size, const gid_t *list)
 
        pthread_mutex_lock(&uwrap_id_mutex);
 
-       if (size > 0) {
+       if (size == 0) {
+               for (id = uwrap.ids; id; id = id->next) {
+                       free(id->groups);
+                       id->groups = NULL;
+                       id->ngroups = 0;
+               }
+       } else if (size > 0) {
                for (id = uwrap.ids; id; id = id->next) {
                        gid_t *tmp;