[ecryptfs-utils/f15] use better approach for supplementary groups

Mon Jul 25 14:58:10 UTC 2011

commit 94132fcac5454a3c9e8fd0ed726579c3a4bfbc72
Author: Michal Hlavinka <mhlavink at redhat.com>
Date:   Mon Jul 25 16:57:53 2011 +0200

    use better approach for supplementary groups

 ecryptfs-utils-87-fixexecgid.patch |   33 ++++++++++++++++-----------------
 1 files changed, 16 insertions(+), 17 deletions(-)
---

diff --git a/ecryptfs-utils-87-fixexecgid.patch b/ecryptfs-utils-87-fixexecgid.patch
index 2da6c24..2367a2a 100644
--- a/ecryptfs-utils-87-fixexecgid.patch
+++ b/ecryptfs-utils-87-fixexecgid.patch
@@ -1,6 +1,6 @@
 diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.fixexecgid ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c
---- ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.fixexecgid	2011-07-21 14:20:31.773602653 +0200
-+++ ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c	2011-07-21 14:21:12.302160125 +0200
+--- ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.fixexecgid	2011-07-25 16:38:48.040555555 +0200
++++ ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c	2011-07-25 16:52:22.751025667 +0200
 @@ -33,6 +33,7 @@
  #include <errno.h>
  #include <syslog.h>
@@ -9,25 +9,24 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.fixexecgid ecryptfs-u
  #include <sys/types.h>
  #include <sys/wait.h>
  #include <sys/types.h>
-@@ -303,6 +304,23 @@ static int private_dir(pam_handle_t *pam
+@@ -303,6 +304,22 @@ static int private_dir(pam_handle_t *pam
  		return 1;
  	}
  	if (pid == 0) {
 +		/* explicitely change group to ecryptfs if user is member of that group, changing uid is not enough */
-+		errno=0;
-+		struct group *efsg = getgrnam("ecryptfs");
-+		if (efsg==NULL && errno) syslog(LOG_ERR, "unable to list members of ecryptfs group : %m");
-+		else
-+		{
-+			while (*efsg->gr_mem)
-+			{
-+				if (!strcmp(*efsg->gr_mem, pwd->pw_name))
-+				{
-+					if (setgid(efsg->gr_gid)<0) syslog(LOG_ERR, "Unable to change group to ecryptfs : %m");
-+					break;
-+				}
-+				efsg->gr_mem++;
-+			}
++		gid_t *groups;
++		int grn = 0;
++		
++		getgrouplist(pwd->pw_name,pwd->pw_gid,NULL,&grn);
++		groups = malloc(sizeof(gid_t)*grn);
++		if (groups == NULL) {
++			syslog(LOG_ERR, "Error allocating memory for group list");
++			_exit(255);
++		}
++		getgrouplist(pwd->pw_name, pwd->pw_gid, groups, &grn);
++		if (setgroups(grn, groups) < 0) {
++			syslog(LOG_ERR, "Unable to set user's supplementary groups : %m");
++			_exit(255);
 +		}
 +
  		if (mount == 1) {
