Move set_thread_credentials_permanently() to set_thread_credentials()

as we need to keep the saved set uid/gid otherwise there is an
interaction with open[at]() and NO_ATIME returning EPERM. As this
is meant for threaded code inside the process we don't need
to do an irreverisble change anyway.

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jul 11 03:54:00 CEST 2012 on sn-devel-104

diff --git a/source3/include/proto.h b/source3/include/proto.h
index 76259835184b42728b64a2114a506bae9a5cc5a8..95dded820dfacfe9cd4edde459804bd44f574cf3 100644 (file)
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -549,10 +549,10 @@ void save_re_gid(void);
 void restore_re_gid(void);
 int set_re_uid(void);
 void become_user_permanently(uid_t uid, gid_t gid);
-int set_thread_credentials_permanently(uid_t uid,
-                               gid_t gid,
-                               size_t setlen,
-                               const gid_t *gidset);
+int set_thread_credentials(uid_t uid,
+                       gid_t gid,
+                       size_t setlen,
+                       const gid_t *gidset);
 bool is_setuid_root(void) ;
 
 /* The following definitions come from lib/util_sid.c  */

diff --git a/source3/lib/util_sec.c b/source3/lib/util_sec.c
index 36d2a2b25384f8cd99aa6c96fb785de02741bdd6..ac999e360d1b917ad05f994ddc68ff75e4cf465f 100644 (file)
--- a/source3/lib/util_sec.c
+++ b/source3/lib/util_sec.c
@@ -411,14 +411,14 @@ void become_user_permanently(uid_t uid, gid_t gid)
 }
 
 /**********************************************************
- Function to set thread specific credentials in an
- irreversible way. Must be thread-safe code.
+ Function to set thread specific credentials. Leave
+ saved-set uid/gid alone.Must be thread-safe code.
 **********************************************************/
 
-int set_thread_credentials_permanently(uid_t uid,
-                               gid_t gid,
-                               size_t setlen,
-                               const gid_t *gidset)
+int set_thread_credentials(uid_t uid,
+                       gid_t gid,
+                       size_t setlen,
+                       const gid_t *gidset)
 {
 #if defined(USE_LINUX_THREAD_CREDENTIALS)
        /*
@@ -433,22 +433,22 @@ int set_thread_credentials_permanently(uid_t uid,
                return -1;
        }
        /* Set our primary gid. */
-       /* Set rg=gid, eg=gid, sg=gid */
-       if (samba_setresgid(gid, gid, gid) != 0) {
+       /* Set rg=gid, eg=gid */
+       if (samba_setresgid(gid, gid, -1) != 0) {
                return -1;
        }
        /* Set extra groups list. */
        if (samba_setgroups(setlen, gidset) != 0) {
                return -1;
        }
-       /* Become the requested user. No way back after this. */
-       /* Set ru=uid, eu=uid, su=uid */
-       if (samba_setresuid(uid, uid, uid) != 0) {
+       /* Become the requested user. */
+       /* Set ru=uid, eu=uid */
+       if (samba_setresuid(uid, uid, -1) != 0) {
                return -1;
        }
        if (geteuid() != uid || getuid() != uid ||
                        getegid() != gid || getgid() != gid) {
-               smb_panic("set_thread_credentials_permanently failed\n");
+               smb_panic("set_thread_credentials failed\n");
                return -1;
        }
        return 0;