2 Copyright (C) Andrew Tridgell 2009
3 Copyright (c) 2011 Andreas Schneider <asn@samba.org>
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 3 of the License, or
8 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 #define UID_WRAPPER_NOT_REPLACE
23 #include "system/passwd.h"
26 #else /* _SAMBA_BUILD_ */
28 #error uid_wrapper_only_supported_in_samba_yet
37 we keep the virtualised euid/egid/groups information here
49 static void uwrap_init(void)
51 if (uwrap.initialised) return;
52 uwrap.initialised = true;
53 if (getenv("UID_WRAPPER")) {
55 /* put us in one group */
56 uwrap.myuid = uwrap.euid = geteuid();
57 uwrap.mygid = uwrap.egid = getegid();
58 uwrap.groups = talloc_array(NULL, gid_t, 1);
64 _PUBLIC_ int uwrap_enabled(void)
67 return uwrap.enabled?1:0;
71 _PUBLIC_ int uwrap_seteuid(uid_t euid)
77 /* assume for now that the ruid stays as root */
79 uwrap.euid = uwrap.myuid;
88 _PUBLIC_ int uwrap_setreuid(uid_t ruid, uid_t euid)
92 return setreuid(ruid, euid);
94 /* assume for now that the ruid stays as root */
96 uwrap.euid = uwrap.myuid;
104 #ifdef HAVE_SETRESUID
105 _PUBLIC_ int uwrap_setresuid(uid_t ruid, uid_t euid, uid_t suid)
108 if (!uwrap.enabled) {
109 return setresuid(ruid, euid, suid);
111 /* assume for now that the ruid stays as root */
113 uwrap.euid = uwrap.myuid;
121 _PUBLIC_ uid_t uwrap_geteuid(void)
124 if (!uwrap.enabled) {
131 _PUBLIC_ int uwrap_setegid(gid_t egid)
134 if (!uwrap.enabled) {
135 return setegid(egid);
137 /* assume for now that the ruid stays as root */
139 uwrap.egid = uwrap.mygid;
148 _PUBLIC_ int uwrap_setregid(gid_t rgid, gid_t egid)
151 if (!uwrap.enabled) {
152 return setregid(rgid, egid);
154 /* assume for now that the ruid stays as root */
156 uwrap.egid = uwrap.mygid;
164 #ifdef HAVE_SETRESGID
165 _PUBLIC_ int uwrap_setresgid(gid_t rgid, gid_t egid, gid_t sgid)
168 if (!uwrap.enabled) {
169 return setresgid(rgid, egid, sgid);
171 /* assume for now that the ruid stays as root */
173 uwrap.egid = uwrap.mygid;
181 _PUBLIC_ uid_t uwrap_getegid(void)
184 if (!uwrap.enabled) {
190 _PUBLIC_ int uwrap_setgroups(size_t size, const gid_t *list)
193 if (!uwrap.enabled) {
194 return setgroups(size, list);
197 talloc_free(uwrap.groups);
201 uwrap.groups = talloc_array(NULL, gid_t, size);
202 if (uwrap.groups == NULL) {
206 memcpy(uwrap.groups, list, size*sizeof(gid_t));
211 _PUBLIC_ int uwrap_getgroups(int size, gid_t *list)
216 if (!uwrap.enabled) {
217 return getgroups(size, list);
220 ngroups = talloc_array_length(uwrap.groups);
222 if (size > ngroups) {
228 if (size < ngroups) {
232 memcpy(list, uwrap.groups, size*sizeof(gid_t));
236 _PUBLIC_ uid_t uwrap_getuid(void)
239 if (!uwrap.enabled) {
242 /* we don't simulate ruid changing */
246 _PUBLIC_ gid_t uwrap_getgid(void)
249 if (!uwrap.enabled) {
252 /* we don't simulate rgid changing */