[PATCH 1/4] Make sure groups[0] is the effective gid on FreeBSD.

Jeremy Allison jra at samba.org
Fri Jun 8 04:49:22 GMT 2007

On Thu, Jun 07, 2007 at 09:39:39PM -0700, Jeremy Allison wrote:
> What I'd like to see is a parallel implementation
> of the functions you want to change in the security
> context code, that only work for *BSD.

One more thing (sorry for going on about this but
I'm really paranoid about this :-).

I dislike the way you've added the new
apply_unix_token() call - I feel this is
the wrong way to do things.

What I'd like to see is a *BSD specific
version of sys_setgroups() that re-arranges
the groups as *BSD requires. I'm not
averse to changing the function interface
from it's current :

int sys_setgroups(int setlen, gid_t *gidset);

to be :

int sys_setgroups(gid_t primary_gid, int setlen, gid_t *gidset);

as I think on *BSD you need to know the primary gid
for setgroups to work correctly.

But I don't think you need to be changing
code in smbd/sec_ctx.c *AT ALL* for this.


More information about the samba-technical mailing list