[PATCH 0/4] improve group membership support for FreeBSD and Darwin
James Peach
jpeach at samba.org
Fri Jun 8 03:34:42 GMT 2007
Hi all,
The following patch series alters the Samba3 security context
handling to better support group semantics in FreeBSD and Darwin.
In FreeBSD (and I believe most BSD flavours), the first gid_t in the
kernel credential's groups array is the effective group ID. This is
always returned by getgroups(2) and is assumed to be the first gid_t
in the groups array passed in via setgroups(2). Some BSD systems will
set the effective group ID to be group[0] from setgroups(2), others
will simply ignore groups[0]. Either way, the right thing to do is to
guarantee that the effective group ID we want is in groups[0] when we
call setgroups(2).
This patch series also alters the order of operations used to make a
security context current in order to obey the rather unique rules
that Darwin has WRT it's dynamic group membership implementation (see
patch 3).
Since this alters the security context handling, please review
carefully. I'd like to apply these patches to SAMBA_3_026 and SAMBA_3_0.
--
James Peach | jpeach at samba.org
More information about the samba-technical
mailing list