From 392807b2bed296018f9b4080a32dc656cfa4fc33 Mon Sep 17 00:00:00 2001
From: Michal Hlavinka <mhlavink@redhat.com>
Date: Jul 25 2011 14:58:26 +0000
Subject: use better approach for supplementary groups


---

diff --git a/ecryptfs-utils-87-fixexecgid.patch b/ecryptfs-utils-87-fixexecgid.patch
index 2da6c24..2367a2a 100644
--- a/ecryptfs-utils-87-fixexecgid.patch
+++ b/ecryptfs-utils-87-fixexecgid.patch
@@ -1,6 +1,6 @@
 diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.fixexecgid ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c
---- ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.fixexecgid	2011-07-21 14:20:31.773602653 +0200
-+++ ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c	2011-07-21 14:21:12.302160125 +0200
+--- ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.fixexecgid	2011-07-25 16:38:48.040555555 +0200
++++ ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c	2011-07-25 16:52:22.751025667 +0200
 @@ -33,6 +33,7 @@
  #include <errno.h>
  #include <syslog.h>
@@ -9,25 +9,24 @@ diff -up ecryptfs-utils-87/src/pam_ecryptfs/pam_ecryptfs.c.fixexecgid ecryptfs-u
  #include <sys/types.h>
  #include <sys/wait.h>
  #include <sys/types.h>
-@@ -303,6 +304,23 @@ static int private_dir(pam_handle_t *pam
+@@ -303,6 +304,22 @@ static int private_dir(pam_handle_t *pam
  		return 1;
  	}
  	if (pid == 0) {
 +		/* explicitely change group to ecryptfs if user is member of that group, changing uid is not enough */
-+		errno=0;
-+		struct group *efsg = getgrnam("ecryptfs");
-+		if (efsg==NULL && errno) syslog(LOG_ERR, "unable to list members of ecryptfs group : %m");
-+		else
-+		{
-+			while (*efsg->gr_mem)
-+			{
-+				if (!strcmp(*efsg->gr_mem, pwd->pw_name))
-+				{
-+					if (setgid(efsg->gr_gid)<0) syslog(LOG_ERR, "Unable to change group to ecryptfs : %m");
-+					break;
-+				}
-+				efsg->gr_mem++;
-+			}
++		gid_t *groups;
++		int grn = 0;
++		
++		getgrouplist(pwd->pw_name,pwd->pw_gid,NULL,&grn);
++		groups = malloc(sizeof(gid_t)*grn);
++		if (groups == NULL) {
++			syslog(LOG_ERR, "Error allocating memory for group list");
++			_exit(255);
++		}
++		getgrouplist(pwd->pw_name, pwd->pw_gid, groups, &grn);
++		if (setgroups(grn, groups) < 0) {
++			syslog(LOG_ERR, "Unable to set user's supplementary groups : %m");
++			_exit(255);
 +		}
 +
  		if (mount == 1) {