The branch, master has been updated
via fae40ec uwrap: Bump version to 1.2.0
via 2dae19c uwrap: Fix build warning with release build
via 3328bce uwrap: Add the EINVAL check to setegid()
via 6e30b2e uwrap: Allow setgid calls only for privileged users
via be0cb8a uwrap: Allow setregid calls only for privileged users
via 6b38879 uwrap: Allow setresgid calls only for privileged users
via 2232db8 uwrap: Move the EINVAL check down in seteuid()
via 56970b4 uwrap: Allow setuid calls only for privileged users
via 253f42c uwrap: Allow setreuid calls only for privileged users
via 5a9c80d uwrap: Allow setresuid calls only for privileged users
via 656f0db uwrap: Fix a possible null pointer dereference
via aad7019 uwrap: Improve debug output
via 8922654 uwrap: Fix debug line in uwrap_init()
via e821e45 ntvfs: Add error debug statements for set_unix_security
via 3d7fdb8 selftest: Start Samba AD DC as root
via 3b7cbc2 s4-rpc_server: Get the real initial uid for selftest
via 796a05b selftest: Start smbd, nmbd and winbindd as root
via 6361063 s3-lib: Get the real initial uid for selftest
from 77eb8e0 vfs_offline: add documentation
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit fae40ec5b4702dd55905e66d896a73c356c95374
Author: Andreas Schneider <a...@samba.org>
Date: Wed Nov 4 12:54:05 2015 +0100
uwrap: Bump version to 1.2.0
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org>
Autobuild-Date(master): Thu Nov 5 12:30:02 CET 2015 on sn-devel-104
commit 2dae19c43b2db4f4fe39d93cdb6918ae8a7dcc49
Author: Andreas Schneider <a...@samba.org>
Date: Fri Oct 30 13:41:47 2015 +0100
uwrap: Fix build warning with release build
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit 3328bcede7b2950f9d1ec4c0c9d8acf684b77d30
Author: Andreas Schneider <a...@samba.org>
Date: Fri Oct 30 13:41:18 2015 +0100
uwrap: Add the EINVAL check to setegid()
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit 6e30b2e63854c9c7067f176c84468aece17641f7
Author: Andreas Schneider <a...@samba.org>
Date: Fri Oct 30 13:40:45 2015 +0100
uwrap: Allow setgid calls only for privileged users
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit be0cb8ab4d68680f0c4b1ec1db994781056d61b2
Author: Andreas Schneider <a...@samba.org>
Date: Fri Oct 30 13:40:18 2015 +0100
uwrap: Allow setregid calls only for privileged users
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit 6b388799e1c834d74584dc6982155c731f56a49a
Author: Andreas Schneider <a...@samba.org>
Date: Fri Oct 30 13:39:55 2015 +0100
uwrap: Allow setresgid calls only for privileged users
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit 2232db817336787c520ad32a1d3179a628d53e06
Author: Andreas Schneider <a...@samba.org>
Date: Fri Oct 30 13:39:30 2015 +0100
uwrap: Move the EINVAL check down in seteuid()
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit 56970b467b65ac00001132b499ab61b40ba1efa3
Author: Andreas Schneider <a...@samba.org>
Date: Fri Oct 30 13:39:02 2015 +0100
uwrap: Allow setuid calls only for privileged users
Pair-Programmed-With: Stefan Metzmacher <me...@samba.org>
Signed-off-by: Andreas Schneider <a...@samba.org>
Signed-off-by: Stefan Metzmacher <me...@samba.org>
commit 253f42c83721085ceb19a7f1efd5810a36ca122a
Author: Andreas Schneider <a...@samba.org>
Date: Fri Oct 30 13:38:32 2015 +0100
uwrap: Allow setreuid calls only for privileged users
Pair-Programmed-With: Stefan Metzmacher <me...@samba.org>
Signed-off-by: Andreas Schneider <a...@samba.org>
Signed-off-by: Stefan Metzmacher <me...@samba.org>
commit 5a9c80da7f4c6a9ab3d9d328dff9eb0568e270b9
Author: Andreas Schneider <a...@samba.org>
Date: Fri Oct 30 13:37:51 2015 +0100
uwrap: Allow setresuid calls only for privileged users
Pair-Programmed-With: Stefan Metzmacher <me...@samba.org>
Signed-off-by: Andreas Schneider <a...@samba.org>
Signed-off-by: Stefan Metzmacher <me...@samba.org>
commit 656f0db652969bd0cd8faf145479e78356fc7252
Author: Andreas Schneider <a...@samba.org>
Date: Fri Oct 30 13:37:11 2015 +0100
uwrap: Fix a possible null pointer dereference
If uid_wrapper is loaded but not enabled (UID_WRAPPER environment
variable not set), then we dereference a NULL pointer while forking.
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit aad7019e2db23521772542cc2da2b1d8bc863024
Author: Andreas Schneider <a...@samba.org>
Date: Fri Oct 30 13:36:39 2015 +0100
uwrap: Improve debug output
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit 8922654f840c09a2f33a722048a8f3f326da3a4c
Author: Andreas Schneider <a...@samba.org>
Date: Fri Oct 30 13:36:04 2015 +0100
uwrap: Fix debug line in uwrap_init()
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit e821e4596a9798bb06573fcb277bbc8b8b80631f
Author: Andreas Schneider <a...@samba.org>
Date: Tue Oct 13 14:43:08 2015 +0200
ntvfs: Add error debug statements for set_unix_security
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit 3d7fdb8dbc1457aab5b2fe9580115bd518a93c1f
Author: Andreas Schneider <a...@samba.org>
Date: Tue Oct 13 13:02:07 2015 +0200
selftest: Start Samba AD DC as root
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit 3b7cbc2eeb74ff9a5090d1e21506cf5a351e27a9
Author: Andreas Schneider <a...@samba.org>
Date: Wed Nov 4 10:15:13 2015 +0100
s4-rpc_server: Get the real initial uid for selftest
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit 796a05b810bd8d6b817ae7259f80ec675a1e4568
Author: Andreas Schneider <a...@samba.org>
Date: Fri Oct 30 14:30:58 2015 +0100
selftest: Start smbd, nmbd and winbindd as root
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit 6361063995ed457a6005eb048eef2c55f1b8ae87
Author: Andreas Schneider <a...@samba.org>
Date: Fri Oct 30 14:31:33 2015 +0100
s3-lib: Get the real initial uid for selftest
We need this that if we connect as the user who started smbd, we are
able to perform privileged operation like creating a user.
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
lib/uid_wrapper/uid_wrapper.c | 636 +++++++++++++++++++++++++++++-------
lib/uid_wrapper/wscript | 2 +-
selftest/target/Samba3.pm | 3 +
selftest/target/Samba4.pm | 1 +
source3/lib/util_sec.c | 14 +
source4/ntvfs/unixuid/vfs_unixuid.c | 3 +
source4/rpc_server/dcerpc_server.c | 8 +
7 files changed, 553 insertions(+), 114 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/uid_wrapper/uid_wrapper.c b/lib/uid_wrapper/uid_wrapper.c
index 2961b87..ab47dd0 100644
--- a/lib/uid_wrapper/uid_wrapper.c
+++ b/lib/uid_wrapper/uid_wrapper.c
@@ -136,10 +136,10 @@ enum uwrap_dbglvl_e {
#ifdef NDEBUG
# define UWRAP_LOG(...)
#else /* NDEBUG */
-static void uwrap_log(enum uwrap_dbglvl_e dbglvl, const char *format, ...)
PRINTF_ATTRIBUTE(2, 3);
-# define UWRAP_LOG(dbglvl, ...) uwrap_log((dbglvl), __VA_ARGS__)
+static void uwrap_log(enum uwrap_dbglvl_e dbglvl, const char *function, const
char *format, ...) PRINTF_ATTRIBUTE(3, 4);
+# define UWRAP_LOG(dbglvl, ...) uwrap_log((dbglvl), __func__, __VA_ARGS__)
-static void uwrap_log(enum uwrap_dbglvl_e dbglvl, const char *format, ...)
+static void uwrap_log(enum uwrap_dbglvl_e dbglvl, const char *function, const
char *format, ...)
{
char buffer[1024];
va_list va;
@@ -156,28 +156,28 @@ static void uwrap_log(enum uwrap_dbglvl_e dbglvl, const
char *format, ...)
va_end(va);
if (lvl >= dbglvl) {
+ const char *prefix;
switch (dbglvl) {
case UWRAP_LOG_ERROR:
- fprintf(stderr,
- "UWRAP_ERROR(%d): %s\n",
- (int)getpid(), buffer);
+ prefix = "UWRAP_ERROR";
break;
case UWRAP_LOG_WARN:
- fprintf(stderr,
- "UWRAP_WARN(%d): %s\n",
- (int)getpid(), buffer);
+ prefix = "UWRAP_WARN";
break;
case UWRAP_LOG_DEBUG:
- fprintf(stderr,
- "UWRAP_DEBUG(%d): %s\n",
- (int)getpid(), buffer);
+ prefix = "UWRAP_DEBUG";
break;
case UWRAP_LOG_TRACE:
- fprintf(stderr,
- "UWRAP_TRACE(%d): %s\n",
- (int)getpid(), buffer);
+ prefix = "UWRAP_TRACE";
break;
}
+
+ fprintf(stderr,
+ "%s(%d) - %s: %s\n",
+ prefix,
+ (int)getpid(),
+ function,
+ buffer);
}
}
#endif /* NDEBUG */
@@ -812,6 +812,11 @@ static void uwrap_thread_prepare(void)
{
struct uwrap_thread *id = uwrap_tls_id;
+ /* uid_wrapper is loaded but not enabled */
+ if (id == NULL) {
+ return;
+ }
+
UWRAP_LOCK_ALL;
/*
@@ -826,6 +831,12 @@ static void uwrap_thread_prepare(void)
static void uwrap_thread_parent(void)
{
struct uwrap_thread *id = uwrap_tls_id;
+
+ /* uid_wrapper is loaded but not enabled */
+ if (id == NULL) {
+ return;
+ }
+
id->enabled = true;
UWRAP_UNLOCK_ALL;
@@ -836,6 +847,11 @@ static void uwrap_thread_child(void)
struct uwrap_thread *id = uwrap_tls_id;
struct uwrap_thread *u = uwrap.ids;
+ /* uid_wrapper is loaded but not enabled */
+ if (id == NULL) {
+ return;
+ }
+
/*
* "Garbage collector" - Inspired by DESTRUCTOR.
* All threads (except one which called fork()) are dead now.. Dave
@@ -952,8 +968,9 @@ static void uwrap_init(void)
id->enabled = true;
UWRAP_LOG(UWRAP_LOG_DEBUG,
- "Enabled uid_wrapper as %s",
- uwrap.myuid == 0 ? "root" : "user");
+ "Enabled uid_wrapper as %s (real uid=%u)",
+ id->ruid == 0 ? "root" : "user",
+ (unsigned int)uwrap.myuid);
}
UWRAP_UNLOCK(uwrap_id);
@@ -977,33 +994,61 @@ bool uid_wrapper_enabled(void)
return enabled;
}
-#ifdef HAVE_GETRESUID
-static int uwrap_getresuid(uid_t *ruid, uid_t *euid, uid_t *suid)
+/*
+ * UWRAP_SETxUID FUNCTIONS
+ */
+
+static int uwrap_setresuid_args(uid_t ruid, uid_t euid, uid_t suid)
{
struct uwrap_thread *id = uwrap_tls_id;
- UWRAP_LOCK(uwrap_id);
-
- *ruid = id->ruid;
- *euid = id->euid;
- *suid = id->suid;
-
- UWRAP_UNLOCK(uwrap_id);
+ UWRAP_LOG(UWRAP_LOG_TRACE,
+ "ruid %d -> %d, euid %d -> %d, suid %d -> %d",
+ id->ruid, ruid, id->euid, euid, id->suid, suid);
+
+ if (id->euid != 0) {
+ if (ruid != (uid_t)-1 &&
+ ruid != id->ruid &&
+ ruid != id->euid &&
+ ruid != id->suid) {
+ errno = EPERM;
+ return -1;
+ }
+ if (euid != (uid_t)-1 &&
+ euid != id->ruid &&
+ euid != id->euid &&
+ euid != id->suid) {
+ errno = EPERM;
+ return -1;
+ }
+ if (suid != (uid_t)-1 &&
+ suid != id->ruid &&
+ suid != id->euid &&
+ suid != id->suid) {
+ errno = EPERM;
+ return -1;
+ }
+ }
return 0;
}
-#endif
static int uwrap_setresuid_thread(uid_t ruid, uid_t euid, uid_t suid)
{
struct uwrap_thread *id = uwrap_tls_id;
+ int rc;
- if (ruid == (uid_t)-1 && euid == (uid_t)-1 && suid == (uid_t)-1) {
- errno = EINVAL;
- return -1;
+ UWRAP_LOG(UWRAP_LOG_TRACE,
+ "ruid %d -> %d, euid %d -> %d, suid %d -> %d",
+ id->ruid, ruid, id->euid, euid, id->suid, suid);
+
+ rc = uwrap_setresuid_args(ruid, euid, suid);
+ if (rc != 0) {
+ return rc;
}
UWRAP_LOCK(uwrap_id);
+
if (ruid != (uid_t)-1) {
id->ruid = ruid;
}
@@ -1021,6 +1066,204 @@ static int uwrap_setresuid_thread(uid_t ruid, uid_t
euid, uid_t suid)
return 0;
}
+static int uwrap_setresuid(uid_t ruid, uid_t euid, uid_t suid)
+{
+ struct uwrap_thread *id = uwrap_tls_id;
+ int rc;
+
+ UWRAP_LOG(UWRAP_LOG_TRACE,
+ "ruid %d -> %d, euid %d -> %d, suid %d -> %d",
+ id->ruid, ruid, id->euid, euid, id->suid, suid);
+
+ rc = uwrap_setresuid_args(ruid, euid, suid);
+ if (rc != 0) {
+ return rc;
+ }
+
+ UWRAP_LOCK(uwrap_id);
+
+ for (id = uwrap.ids; id; id = id->next) {
+ if (ruid != (uid_t)-1) {
+ id->ruid = ruid;
+ }
+
+ if (euid != (uid_t)-1) {
+ id->euid = euid;
+ }
+
+ if (suid != (uid_t)-1) {
+ id->suid = suid;
+ }
+ }
+
+ UWRAP_UNLOCK(uwrap_id);
+
+ return 0;
+}
+
+static int uwrap_setreuid_args(uid_t ruid, uid_t euid,
+ uid_t *_new_ruid,
+ uid_t *_new_euid,
+ uid_t *_new_suid)
+{
+ struct uwrap_thread *id = uwrap_tls_id;
+ uid_t new_ruid = -1, new_euid = -1, new_suid = -1;
+
+ UWRAP_LOG(UWRAP_LOG_TRACE,
+ "ruid %d -> %d, euid %d -> %d",
+ id->ruid, ruid, id->euid, euid);
+
+ if (ruid != (uid_t)-1) {
+ new_ruid = ruid;
+ if (ruid != id->ruid &&
+ ruid != id->euid &&
+ id->euid != 0) {
+ errno = EPERM;
+ return -1;
+ }
+ }
+
+ if (euid != (uid_t)-1) {
+ new_euid = euid;
+ if (euid != id->ruid &&
+ euid != id->euid &&
+ euid != id->suid &&
+ id->euid != 0) {
+ errno = EPERM;
+ return -1;
+ }
+ }
+
+ if (ruid != (uid_t) -1 ||
+ (euid != (uid_t)-1 && id->ruid != euid)) {
+ new_suid = new_euid;
+ }
+
+ *_new_ruid = new_ruid;
+ *_new_euid = new_euid;
+ *_new_suid = new_suid;
+
+ return 0;
+}
+
+static int uwrap_setreuid_thread(uid_t ruid, uid_t euid)
+{
+#ifndef NDEBUG
+ struct uwrap_thread *id = uwrap_tls_id;
+#endif
+ uid_t new_ruid = -1, new_euid = -1, new_suid = -1;
+ int rc;
+
+ UWRAP_LOG(UWRAP_LOG_TRACE,
+ "ruid %d -> %d, euid %d -> %d",
+ id->ruid, ruid, id->euid, euid);
+
+ rc = uwrap_setreuid_args(ruid, euid, &new_ruid, &new_euid, &new_suid);
+ if (rc != 0) {
+ return rc;
+ }
+
+ return uwrap_setresuid_thread(new_ruid, new_euid, new_suid);
+}
+
+#ifdef HAVE_SETREUID
+static int uwrap_setreuid(uid_t ruid, uid_t euid)
+{
+#ifndef NDEBUG
+ struct uwrap_thread *id = uwrap_tls_id;
+#endif
+ uid_t new_ruid = -1, new_euid = -1, new_suid = -1;
+ int rc;
+
+ UWRAP_LOG(UWRAP_LOG_TRACE,
+ "ruid %d -> %d, euid %d -> %d",
+ id->ruid, ruid, id->euid, euid);
+
+ rc = uwrap_setreuid_args(ruid, euid, &new_ruid, &new_euid, &new_suid);
+ if (rc != 0) {
+ return rc;
+ }
+
+ return uwrap_setresuid(new_ruid, new_euid, new_suid);
+}
+#endif
+
+static int uwrap_setuid_args(uid_t uid,
+ uid_t *new_ruid,
+ uid_t *new_euid,
+ uid_t *new_suid)
+{
+ struct uwrap_thread *id = uwrap_tls_id;
+
+ UWRAP_LOG(UWRAP_LOG_TRACE,
+ "uid %d -> %d",
+ id->ruid, uid);
+
+ if (uid == (uid_t)-1) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ if (id->euid == 0) {
+ *new_suid = *new_ruid = uid;
+ } else if (uid != id->ruid &&
+ uid != id->suid) {
+ errno = EPERM;
+ return -1;
+ }
+
+ *new_euid = uid;
+
+ return 0;
+}
+
+static int uwrap_setuid_thread(uid_t uid)
+{
+ uid_t new_ruid = -1, new_euid = -1, new_suid = -1;
+ int rc;
+
+ rc = uwrap_setuid_args(uid, &new_ruid, &new_euid, &new_suid);
+ if (rc != 0) {
+ return rc;
+ }
+
+ return uwrap_setresuid_thread(new_ruid, new_euid, new_suid);
+}
+
+static int uwrap_setuid(uid_t uid)
+{
+ uid_t new_ruid = -1, new_euid = -1, new_suid = -1;
+ int rc;
+
+ rc = uwrap_setuid_args(uid, &new_ruid, &new_euid, &new_suid);
+ if (rc != 0) {
+ return rc;
+ }
+
+ return uwrap_setresuid(new_ruid, new_euid, new_suid);
+}
+
+/*
+ * UWRAP_GETxUID FUNCTIONS
+ */
+
+#ifdef HAVE_GETRESUID
+static int uwrap_getresuid(uid_t *ruid, uid_t *euid, uid_t *suid)
+{
+ struct uwrap_thread *id = uwrap_tls_id;
+
+ UWRAP_LOCK(uwrap_id);
+
+ *ruid = id->ruid;
+ *euid = id->euid;
+ *suid = id->suid;
+
+ UWRAP_UNLOCK(uwrap_id);
+
+ return 0;
+}
+#endif
+
#ifdef HAVE_GETRESGID
static int uwrap_getresgid(gid_t *rgid, gid_t *egid, gid_t *sgid)
{
@@ -1038,27 +1281,105 @@ static int uwrap_getresgid(gid_t *rgid, gid_t *egid,
gid_t *sgid)
}
#endif
-static int uwrap_setresuid(uid_t ruid, uid_t euid, uid_t suid)
+/*
+ * UWRAP_SETxGID FUNCTIONS
+ */
+
+static int uwrap_setresgid_args(gid_t rgid, gid_t egid, gid_t sgid)
{
- struct uwrap_thread *id;
+ struct uwrap_thread *id = uwrap_tls_id;
- if (ruid == (uid_t)-1 && euid == (uid_t)-1 && suid == (uid_t)-1) {
- errno = EINVAL;
- return -1;
+ UWRAP_LOG(UWRAP_LOG_TRACE,
+ "rgid %d -> %d, egid %d -> %d, sgid %d -> %d",
+ id->rgid, rgid, id->egid, egid, id->sgid, sgid);
+
+ if (id->euid != 0) {
+ if (rgid != (gid_t)-1 &&
+ rgid != id->rgid &&
+ rgid != id->egid &&
+ rgid != id->sgid) {
+ errno = EPERM;
+ return -1;
+ }
+ if (egid != (gid_t)-1 &&
+ egid != id->rgid &&
+ egid != id->egid &&
+ egid != id->sgid) {
+ errno = EPERM;
+ return -1;
+ }
+ if (sgid != (gid_t)-1 &&
+ sgid != id->rgid &&
+ sgid != id->egid &&
+ sgid != id->sgid) {
+ errno = EPERM;
+ return -1;
+ }
+ }
+
+ return 0;
+}
+
+static int uwrap_setresgid_thread(gid_t rgid, gid_t egid, gid_t sgid)
+{
+ struct uwrap_thread *id = uwrap_tls_id;
+ int rc;
+
+ UWRAP_LOG(UWRAP_LOG_TRACE,
+ "rgid %d -> %d, egid %d -> %d, sgid %d -> %d",
+ id->rgid, rgid, id->egid, egid, id->sgid, sgid);
+
+ rc = uwrap_setresgid_args(rgid, egid, sgid);
+ if (rc != 0) {
+ return rc;
}
UWRAP_LOCK(uwrap_id);
+
+ if (rgid != (gid_t)-1) {
+ id->rgid = rgid;
+ }
+
+ if (egid != (gid_t)-1) {
+ id->egid = egid;
+ }
+
+ if (sgid != (gid_t)-1) {
+ id->sgid = sgid;
+ }
+
+ UWRAP_UNLOCK(uwrap_id);
+
+ return 0;
+}
+
+static int uwrap_setresgid(gid_t rgid, gid_t egid, gid_t sgid)
+{
+ struct uwrap_thread *id = uwrap_tls_id;
+ int rc;
+
+ UWRAP_LOG(UWRAP_LOG_TRACE,
+ "rgid %d -> %d, egid %d -> %d, sgid %d -> %d",
+ id->rgid, rgid, id->egid, egid, id->sgid, sgid);
+
+ rc = uwrap_setresgid_args(rgid, egid, sgid);
+ if (rc != 0) {
+ return rc;
+ }
+
+ UWRAP_LOCK(uwrap_id);
+
for (id = uwrap.ids; id; id = id->next) {
- if (ruid != (uid_t)-1) {
- id->ruid = ruid;
+ if (rgid != (gid_t)-1) {
+ id->rgid = rgid;
}
- if (euid != (uid_t)-1) {
- id->euid = euid;
+ if (egid != (gid_t)-1) {
+ id->egid = egid;
}
- if (suid != (uid_t)-1) {
- id->suid = suid;
--
Samba Shared Repository
