svn rev #3321: branches/krb5-appl-1-0/ gssftp/ftpd/

ghudson@MIT.EDU ghudson at MIT.EDU
Mon Jul 11 15:33:58 EDT 2011 

Commit By: ghudson
Log Message:
Pull up r3312 from trunk.

 ------------------------------------------------------------------------
 r3312 | ghudson | 2011-07-11 15:10:08 -0400 (Mon, 11 Jul 2011) | 11 lines

 Use setgid instead of setegid in ftpd.

 Using setgid simplifies portability (allowing us to eliminate the
 setegid macros in k5-util.h).  We never need to recover gid 0 so
 there's no reason not to do it.

 Also fail out at compile time if krb5_setegid() cannot be
 productively defined, and fail out at runtime if setgid() or
 initgroups() fails (unless ftpd isn't running as root, in which case
 initgroups() is allowed to fail).



Changed Files:
U   branches/krb5-appl-1-0/gssftp/ftpd/ftpd.c
U   branches/krb5-appl-1-0/k5-util.h
Modified: branches/krb5-appl-1-0/gssftp/ftpd/ftpd.c
===================================================================
--- branches/krb5-appl-1-0/gssftp/ftpd/ftpd.c	2011-07-11 19:33:37 UTC (rev 3320)
+++ branches/krb5-appl-1-0/gssftp/ftpd/ftpd.c	2011-07-11 19:33:58 UTC (rev 3321)
@@ -994,8 +994,14 @@
 #endif
 	}
 
-	(void) krb5_setegid((gid_t)pw->pw_gid);
-	(void) initgroups(pw->pw_name, pw->pw_gid);
+	if (setgid((gid_t)pw->pw_gid) < 0) {
+		reply(550, "Can't set gid.");
+		goto bad;
+	}
+	if (geteuid() == 0 && initgroups(pw->pw_name, pw->pw_gid) < 0) {
+		reply(550, "Can't initialize groups.");
+		goto bad;
+	}
 
 	/* open wtmp before chroot */
 	(void) snprintf(ttyline, sizeof(ttyline), "ftp%ld", (long) getpid());

Modified: branches/krb5-appl-1-0/k5-util.h
===================================================================
--- branches/krb5-appl-1-0/k5-util.h	2011-07-11 19:33:37 UTC (rev 3320)
+++ branches/krb5-appl-1-0/k5-util.h	2011-07-11 19:33:58 UTC (rev 3321)
@@ -69,19 +69,8 @@
 #elif defined(HAVE_SETREUID)
 #  define krb5_seteuid(EUID)	setreuid(geteuid(), (uid_t)(EUID))
 #else
-   /* You need to add a case to deal with this operating system.*/
+#  error "You need to add a case to deal with this operating system."
 #  define krb5_seteuid(EUID)	(errno = EPERM, -1)
 #endif
 
-#ifdef HAVE_SETEGID
-#  define krb5_setegid(EGID)	(setegid((gid_t)(EGID)))
-#elif defined(HAVE_SETRESGID)
-#  define krb5_setegid(EGID)	(setresgid(getgid(), (gid_t)(EGID), getegid()))
-#elif defined(HAVE_SETREGID)
-#  define krb5_setegid(EGID)	(setregid(getegid(), (gid_t)(EGID)))
-#else
-   /* You need to add a case to deal with this operating system.*/
-#  define krb5_setegid(EGID)	(errno = EPERM, -1)
 #endif
-
-#endif

More information about the Krb5-appl-commits mailing list