From 50b6d948671850283d1d8e05c59758c8062c6e14 Mon Sep 17 00:00:00 2001
From: Robin Hack <hack.robin@gmail.com>
Date: Fri, 23 Jan 2015 15:16:34 +0100
Subject: [PATCH] uwrap: Reflect changes of uid/gid in threads to main process.

When thread changes uid/gid this change must be reflected to main
process.

Syscalls changes only uid/gid of thread. Call of libc functions changes
also uid/gid of main process.

Signed-off-by: Robin Hack <hack.robin@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
---
 lib/uid_wrapper/uid_wrapper.c | 57 +++++++++++++++++++++++++++++++++++++------
 1 file changed, 50 insertions(+), 7 deletions(-)

diff --git a/lib/uid_wrapper/uid_wrapper.c b/lib/uid_wrapper/uid_wrapper.c
index 187cc113862..8e3a7d31205 100644
--- a/lib/uid_wrapper/uid_wrapper.c
+++ b/lib/uid_wrapper/uid_wrapper.c
@@ -236,8 +236,17 @@ struct uwrap {
 	bool initialised;
 	bool enabled;
 
+	uid_t ruid;
+	uid_t euid;
+	uid_t suid;
+
+	gid_t rgid;
+	gid_t egid;
+	gid_t sgid;
+
+	/* Real uid and gid of user who run uid wrapper */
 	uid_t myuid;
-	uid_t mygid;
+	gid_t mygid;
 
 	struct uwrap_thread *ids;
 };
@@ -533,8 +542,13 @@ static int uwrap_new_id(pthread_t tid, bool do_alloc)
 	id->tid = tid;
 	id->dead = false;
 
-	id->ruid = id->euid = id->suid = uwrap.myuid;
-	id->rgid = id->egid = id->sgid = uwrap.mygid;
+	id->ruid = uwrap.ruid;
+	id->euid = uwrap.euid;
+	id->suid = uwrap.suid;
+
+	id->rgid = uwrap.rgid;
+	id->egid = uwrap.egid;
+	id->sgid = uwrap.sgid;
 
 	id->ngroups = 1;
 	id->groups[0] = uwrap.mygid;
@@ -612,13 +626,15 @@ static void uwrap_init(void)
 		const char *root = getenv("UID_WRAPPER_ROOT");
 		int rc;
 
+		uwrap.myuid = libc_geteuid();
+		uwrap.mygid = libc_getegid();
 		/* put us in one group */
 		if (root != NULL && root[0] == '1') {
-			uwrap.myuid = 0;
-			uwrap.mygid = 0;
+			uwrap.ruid = uwrap.euid = uwrap.suid = 0;
+			uwrap.rgid = uwrap.egid = uwrap.sgid = 0;
 		} else {
-			uwrap.myuid = libc_geteuid();
-			uwrap.mygid = libc_getegid();
+			uwrap.ruid = uwrap.euid = uwrap.suid = libc_geteuid();
+			uwrap.rgid = uwrap.egid = uwrap.sgid = libc_getegid();
 		}
 
 		rc = uwrap_new_id(tid, true);
@@ -704,6 +720,20 @@ static int uwrap_setresuid(uid_t ruid, uid_t euid, uid_t suid)
 			id->suid = suid;
 		}
 	}
+
+	/* Reflect changes in thread to main process. */
+	if (ruid != (uid_t)-1) {
+		uwrap.ruid = ruid;
+	}
+
+	if (euid != (uid_t)-1) {
+		uwrap.euid = euid;
+	}
+
+	if (suid != (uid_t)-1) {
+		uwrap.suid = suid;
+	}
+
 	UWRAP_UNLOCK(uwrap_id);
 
 	return 0;
@@ -877,6 +907,19 @@ static int uwrap_setresgid(gid_t rgid, gid_t egid, gid_t sgid)
 			id->sgid = sgid;
 		}
 	}
+
+	/* Reflect changes in thread to main process. */
+	if (rgid != (gid_t)-1) {
+		uwrap.rgid = rgid;
+	}
+
+	if (egid != (gid_t)-1) {
+		uwrap.egid = egid;
+	}
+
+	if (sgid != (gid_t)-1) {
+		uwrap.sgid = sgid;
+	}
 	UWRAP_UNLOCK(uwrap_id);
 
 	return 0;
-- 
2.11.4.GIT