From 23bd0535f2a4c1caf758c194ea275546b253e57f Mon Sep 17 00:00:00 2001
From: "Andrey A. Chernov" <ache@FreeBSD.org>
Date: Sat, 24 Apr 1999 17:01:58 +0000
Subject: Switch to user UID/GID before checking/reading its ~/.login_conf -
 some NFSes have root read access disabled

---
 libutil/login_cap.c | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

(limited to 'libutil')

diff --git a/libutil/login_cap.c b/libutil/login_cap.c
index 0369907..8fee8dd 100644
--- a/libutil/login_cap.c
+++ b/libutil/login_cap.c
@@ -25,7 +25,7 @@
  *
  * Low-level routines relating to the user capabilities database
  *
- *	$Id: login_cap.c,v 1.13 1997/05/11 08:07:29 davidn Exp $
+ *	$Id: login_cap.c,v 1.14 1997/06/13 22:26:41 davidn Exp $
  */
 
 #include <stdio.h>
@@ -184,12 +184,21 @@ login_getclassbyname(char const *name, const struct passwd *pwd)
   
     if ((lc = malloc(sizeof(login_cap_t))) != NULL) {
 	int	    r, i = 0;
+	uid_t euid;
+	gid_t egid;
 	const char  *msg = NULL;
 	const char  *dir = (pwd == NULL) ? NULL : pwd->pw_dir;
 	char	    userpath[MAXPATHLEN];
 
 	static char *login_dbarray[] = { NULL, NULL, NULL };
 
+	/* Switch to user mode before checking/reading its ~/.login_conf */
+	/* - some NFSes have root read access disabled.                  */
+	euid = geteuid();
+	egid = getegid();
+	(void)setegid(pwd->pw_gid);
+	(void)seteuid(pwd->pw_uid);
+
 	if (dir && snprintf(userpath, MAXPATHLEN, "%s/%s", dir,
 			    _FILE_LOGIN_CONF) < MAXPATHLEN) {
 	    login_dbarray[i] = userpath;
@@ -229,6 +238,8 @@ login_getclassbyname(char const *name, const struct passwd *pwd)
 	    /* Fallthru - just return system defaults */
 	case 0:		/* success! */
 	    if ((lc->lc_class = strdup(name)) != NULL) {
+		(void)seteuid(euid);
+		(void)setegid(egid);
 		++lc_object_count;
 		return lc;
 	    }
@@ -247,6 +258,8 @@ login_getclassbyname(char const *name, const struct passwd *pwd)
 	    msg = "%s: unexpected cgetent() error '%s': %m";
 	    break;
 	}
+	(void)seteuid(euid);
+	(void)setegid(egid);
 	if (msg != NULL)
 	    syslog(LOG_ERR, msg, "login_getclass", name);
 	free(lc);
-- 
cgit v1.2.3-56-ge451