This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef AUTOCONF_TEST
#include "includes.h"
+#include "system/passwd.h" /* uid_wrapper */
#else
/* we are running this code in autoconf test mode to see which type of setuid
function works */
#define DEBUG(x, y) printf y
#define smb_panic(x) exit(1)
-#define BOOL int
+#define bool int
#endif
/* are we running as non-root? This is used by the regresison test code,
remember what uid we got started as - this allows us to run correctly
as non-root while catching trapdoor systems
****************************************************************************/
+
void sec_init(void)
{
- initial_uid = geteuid();
- initial_gid = getegid();
+ static int initialized;
+
+ if (!initialized) {
+ initial_uid = geteuid();
+ initial_gid = getegid();
+ initialized = 1;
+ }
}
/****************************************************************************
/****************************************************************************
are we running in non-root mode?
****************************************************************************/
-BOOL non_root_mode(void)
+bool non_root_mode(void)
{
return (initial_uid != (uid_t)0);
}
/****************************************************************************
- Set *only* the effective uid.
- we want to end up with ruid==0 and euid==uid
+ Set effective uid, and possibly the real uid too.
+ We want to end up with either:
+
+ ruid==uid and euid==uid
+
+ or
+
+ ruid==0 and euid==uid
+
+ depending on what the local OS will allow us to regain root from.
****************************************************************************/
void set_effective_uid(uid_t uid)
{
#if USE_SETRESUID
/* Set the effective as well as the real uid. */
- setresuid(uid,uid,-1);
+ if (setresuid(uid,uid,-1) == -1) {
+ if (errno == EAGAIN) {
+ DEBUG(0, ("setresuid failed with EAGAIN. uid(%d) "
+ "might be over its NPROC limit\n",
+ (int)uid));
+ }
+ }
#endif
#if USE_SETREUID
/****************************************************************************
and restore them!
****************************************************************************/
-void restore_re_uid(void)
-{
- set_effective_uid(0);
+void restore_re_uid_fromroot(void)
+{
#if USE_SETRESUID
setresuid(saved_ruid, saved_euid, -1);
#elif USE_SETREUID
assert_uid(saved_ruid, saved_euid);
}
+void restore_re_uid(void)
+{
+ set_effective_uid(0);
+ restore_re_uid_fromroot();
+}
/****************************************************************************
save the real and effective gid for later restoration. Used by the
/****************************************************************************
Check if we are setuid root. Used in libsmb and smbpasswd paranoia checks.
****************************************************************************/
-BOOL is_setuid_root(void)
+bool is_setuid_root(void)
{
return (geteuid() == (uid_t)0) && (getuid() != (uid_t)0);
}