uid_wrapper: Handle euid and egid 0.

[ira/wip.git] / lib / uid_wrapper / uid_wrapper.c

diff --git a/lib/uid_wrapper/uid_wrapper.c b/lib/uid_wrapper/uid_wrapper.c
index aaa21fcb223783dfec0428ed0b5544003f3033f3..6c7fc6effa95d832e641439611f0f6917d22dfc7 100644 (file)
--- a/lib/uid_wrapper/uid_wrapper.c
+++ b/lib/uid_wrapper/uid_wrapper.c
@@ -38,7 +38,9 @@
 static struct {
        bool initialised;
        bool enabled;
+       uid_t myuid;
        uid_t euid;
+       uid_t mygid;
        gid_t egid;
        gid_t *groups;
 } uwrap;
@@ -50,8 +52,8 @@ static void uwrap_init(void)
        if (getenv("UID_WRAPPER")) {
                uwrap.enabled = true;
                /* put us in one group */
-               uwrap.euid = geteuid();
-               uwrap.egid = getegid();
+               uwrap.myuid = uwrap.euid = geteuid();
+               uwrap.mygid = uwrap.egid = getegid();
                uwrap.groups = talloc_array(NULL, gid_t, 1);
                uwrap.groups[0] = 0;
        }
@@ -71,7 +73,11 @@ _PUBLIC_ int uwrap_seteuid(uid_t euid)
                return seteuid(euid);
        }
        /* assume for now that the ruid stays as root */
-       uwrap.euid = euid;
+       if (euid == 0) {
+               uwrap.euid = uwrap.myuid;
+       } else {
+               uwrap.euid = euid;
+       }
        return 0;
 }
 
@@ -82,7 +88,11 @@ _PUBLIC_ int uwrap_setreuid(uid_t ruid, uid_t euid)
                return setreuid(ruid, euid);
        }
        /* assume for now that the ruid stays as root */
-       uwrap.euid = euid;
+       if (euid == 0) {
+               uwrap.euid = uwrap.myuid;
+       } else {
+               uwrap.euid = euid;
+       }
        return 0;
 }
 
@@ -93,7 +103,11 @@ _PUBLIC_ int uwrap_setresuid(uid_t ruid, uid_t euid, uid_t suid)
                return setresuid(ruid, euid, suid);
        }
        /* assume for now that the ruid stays as root */
-       uwrap.euid = euid;
+       if (euid == 0) {
+               uwrap.euid = uwrap.myuid;
+       } else {
+               uwrap.euid = euid;
+       }
        return 0;
 }
 
@@ -113,7 +127,11 @@ _PUBLIC_ int uwrap_setegid(gid_t egid)
                return setegid(egid);
        }
        /* assume for now that the ruid stays as root */
-       uwrap.egid = egid;
+       if (egid == 0) {
+               uwrap.egid = uwrap.mygid;
+       } else {
+               uwrap.egid = egid;
+       }
        return 0;
 }
 
@@ -124,7 +142,11 @@ _PUBLIC_ int uwrap_setregid(gid_t rgid, gid_t egid)
                return setregid(rgid, egid);
        }
        /* assume for now that the ruid stays as root */
-       uwrap.egid = egid;
+       if (egid == 0) {
+               uwrap.egid = uwrap.mygid;
+       } else {
+               uwrap.egid = egid;
+       }
        return 0;
 }