+++ /dev/null
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 04_shadow.dpatch by <elacour@home-dn.net>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: Add check for egid to properly works like "shadow" enabled authentications
-
-@DPATCH@
---- libnss-mysql-bg-1.5/src/lookup.c 2011-09-13 09:28:30.000000000 +0200
-+++ libnss-mysql-bg-1.5/src/lookup.c 2011-09-13 09:47:16.000000000 +0200
-@@ -21,6 +21,8 @@
- #include "nss_mysql.h"
- #include <stdio.h> /* snprintf () */
- #include <string.h> /* strcpy () */
-+#include <sys/types.h>
-+#include <grp.h>
-
- extern conf_t conf;
-
-@@ -131,12 +133,22 @@
- int attempts = MAX_QUERY_ATTEMPTS; /* Attempt # (countdown) */
- static uid_t euid = -1; /* Last known euid for change detect */
- uid_t cur_euid; /* CURRENT euid */
-+ gid_t cur_egid; /* CURRENT egid */
-+ gid_t shadow_gid; /* gid for group shadow (usually 42 on Debian) */
-
- DENTER
-
- cur_euid = geteuid ();
-+
-+ /* Get shadow gid, if needed */
-+ if(cur_euid != 0) {
-+ cur_egid = getegid ();
-+ struct group *grp = getgrnam("shadow");
-+ shadow_gid = (grp ? grp->gr_gid : -1);
-+ }
-+
- D ("%s: restricted = %d, cur_euid = %u", FUNCNAME, restricted, cur_euid);
-- if (restricted == ntrue && cur_euid != 0)
-+ if (restricted == ntrue && cur_euid != 0 && (shadow_gid == -1 || cur_egid != shadow_gid))
- DSRETURN (NSS_NOTFOUND)
-
- /* Make sure euid hasn't changed, thus changing our access abilities */
projects / manu / libnss-mysql-bg.git / blobdiff