[ecryptfs-utils] use better approach for supplementary groups
Michal Hlavinka
mhlavink at fedoraproject.org
Mon Jul 25 14:58:42 UTC 2011
commit 392807b2bed296018f9b4080a32dc656cfa4fc33
Author: Michal Hlavinka <mhlavink at redhat.com>
Date: Mon Jul 25 16:58:26 2011 +0200
use better approach for supplementary groups
ecryptfs-utils-87-fixexecgid.patch | 33 ++++++++++++++++-----------------
1 files changed, 16 insertions(+), 17 deletions(-)
---
diff --git a/ecryptfs-utils-87-fixexecgid.patch b/ecryptfs-utils-87-fixexecgid.patch
index 2da6c24..2367a2a 100644
--- a/ecryptfs-utils-87-fixexecgid.patch
+++ b/ecryptfs-utils-87-fixexecgid.patch
@@ -1,6 +1,6 @@
diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.fixexecgid ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c
---- ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.fixexecgid 2011-07-21 14:20:31.773602653 +0200
-+++ ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c 2011-07-21 14:21:12.302160125 +0200
+--- ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.fixexecgid 2011-07-25 16:38:48.040555555 +0200
++++ ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c 2011-07-25 16:52:22.751025667 +0200
@@ -33,6 +33,7 @@
#include <errno.h>
#include <syslog.h>
@@ -9,25 +9,24 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.fixexecgid ecryptfs-u
#include <sys/types.h>
#include <sys/wait.h>
#include <sys/types.h>
-@@ -303,6 +304,23 @@ static int private_dir(pam_handle_t *pam
+@@ -303,6 +304,22 @@ static int private_dir(pam_handle_t *pam
return 1;
}
if (pid == 0) {
+ /* explicitely change group to ecryptfs if user is member of that group, changing uid is not enough */
-+ errno=0;
-+ struct group *efsg = getgrnam("ecryptfs");
-+ if (efsg==NULL && errno) syslog(LOG_ERR, "unable to list members of ecryptfs group : %m");
-+ else
-+ {
-+ while (*efsg->gr_mem)
-+ {
-+ if (!strcmp(*efsg->gr_mem, pwd->pw_name))
-+ {
-+ if (setgid(efsg->gr_gid)<0) syslog(LOG_ERR, "Unable to change group to ecryptfs : %m");
-+ break;
-+ }
-+ efsg->gr_mem++;
-+ }
++ gid_t *groups;
++ int grn = 0;
++
++ getgrouplist(pwd->pw_name,pwd->pw_gid,NULL,&grn);
++ groups = malloc(sizeof(gid_t)*grn);
++ if (groups == NULL) {
++ syslog(LOG_ERR, "Error allocating memory for group list");
++ _exit(255);
++ }
++ getgrouplist(pwd->pw_name, pwd->pw_gid, groups, &grn);
++ if (setgroups(grn, groups) < 0) {
++ syslog(LOG_ERR, "Unable to set user's supplementary groups : %m");
++ _exit(255);
+ }
+
if (mount == 1) {
More information about the scm-commits
mailing list