r23779: Change from v2 or later to v3 or later.

[gd/samba/.git] / source3 / lib / util_sec.c

diff --git a/source3/lib/util_sec.c b/source3/lib/util_sec.c
index 132748ce138e147b2ae019e78bb970ed7ca9e408..0d928aad3d9a1b6f8ab57eb53c51042b9676d8c3 100644 (file)
--- a/source3/lib/util_sec.c
+++ b/source3/lib/util_sec.c
@@ -5,7 +5,7 @@
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 2 of the License, or
+   the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.
 
    This program is distributed in the hope that it will be useful,
@@ -52,10 +52,16 @@ static gid_t initial_gid;
 remember what uid we got started as - this allows us to run correctly
 as non-root while catching trapdoor systems
 ****************************************************************************/
+
 void sec_init(void)
 {
-       initial_uid = geteuid();
-       initial_gid = getegid();
+       static int initialized;
+
+       if (!initialized) {
+               initial_uid = geteuid();
+               initial_gid = getegid();
+               initialized = 1;
+       }
 }
 
 /****************************************************************************
@@ -177,13 +183,28 @@ void gain_root_group_privilege(void)
 
 
 /****************************************************************************
- Set *only* the effective uid.
- we want to end up with ruid==0 and euid==uid
+ Set effective uid, and possibly the real uid too.
+ We want to end up with either:
+  
+   ruid==uid and euid==uid
+
+ or
+
+   ruid==0 and euid==uid
+
+ depending on what the local OS will allow us to regain root from.
 ****************************************************************************/
 void set_effective_uid(uid_t uid)
 {
 #if USE_SETRESUID
-       setresuid(-1,uid,-1);
+        /* Set the effective as well as the real uid. */
+       if (setresuid(uid,uid,-1) == -1) {
+               if (errno == EAGAIN) {
+                       DEBUG(0, ("setresuid failed with EAGAIN. uid(%d) "
+                                 "might be over its NPROC limit\n",
+                                 (int)uid));
+               }
+       }
 #endif
 
 #if USE_SETREUID
@@ -243,10 +264,9 @@ void save_re_uid(void)
 /****************************************************************************
  and restore them!
 ****************************************************************************/
-void restore_re_uid(void)
-{
-       set_effective_uid(0);
 
+void restore_re_uid_fromroot(void)
+{
 #if USE_SETRESUID
        setresuid(saved_ruid, saved_euid, -1);
 #elif USE_SETREUID
@@ -265,6 +285,11 @@ void restore_re_uid(void)
        assert_uid(saved_ruid, saved_euid);
 }
 
+void restore_re_uid(void)
+{
+       set_effective_uid(0);
+       restore_re_uid_fromroot();
+}
 
 /****************************************************************************
  save the real and effective gid for later restoration. Used by the