#include "replace.h"
#include "system/passwd.h"
#include <talloc.h>
+#include "../lib/util/setid.h"
#else /* _SAMBA_BUILD_ */
{
uwrap_init();
if (!uwrap.enabled) {
- return seteuid(euid);
+ return samba_seteuid(euid);
}
/* assume for now that the ruid stays as root */
if (euid == 0) {
{
uwrap_init();
if (!uwrap.enabled) {
- return setreuid(ruid, euid);
+ return samba_setreuid(ruid, euid);
}
/* assume for now that the ruid stays as root */
if (euid == 0) {
{
uwrap_init();
if (!uwrap.enabled) {
- return setresuid(ruid, euid, suid);
+ return samba_setresuid(ruid, euid, suid);
}
/* assume for now that the ruid stays as root */
if (euid == 0) {
{
uwrap_init();
if (!uwrap.enabled) {
- return setegid(egid);
+ return samba_setegid(egid);
}
/* assume for now that the ruid stays as root */
if (egid == 0) {
{
uwrap_init();
if (!uwrap.enabled) {
- return setregid(rgid, egid);
+ return samba_setregid(rgid, egid);
}
/* assume for now that the ruid stays as root */
if (egid == 0) {
{
uwrap_init();
if (!uwrap.enabled) {
- return setresgid(rgid, egid, sgid);
+ return samba_setresgid(rgid, egid, sgid);
}
/* assume for now that the ruid stays as root */
if (egid == 0) {
{
uwrap_init();
if (!uwrap.enabled) {
- return setgroups(size, list);
+ return samba_setgroups(size, list);
}
talloc_free(uwrap.groups);
#ifdef UID_WRAPPER_REPLACE
-#ifdef seteuid
-#undef seteuid
+#ifdef samba_seteuid
+#undef samba_seteuid
#endif
-#define seteuid uwrap_seteuid
+#define samba_seteuid uwrap_seteuid
-#ifdef setreuid
-#undef setreuid
+#ifdef samba_setreuid
+#undef samba_setreuid
#endif
-#define setreuid uwrap_setreuid
+#define samba_setreuid uwrap_setreuid
-#ifdef setresuid
-#undef setresuid
+#ifdef samba_setresuid
+#undef samba_setresuid
#endif
-#define setresuid uwrap_setresuid
+#define samba_setresuid uwrap_setresuid
-#ifdef setegid
-#undef setegid
+#ifdef samba_setegid
+#undef samba_setegid
#endif
-#define setegid uwrap_setegid
+#define samba_setegid uwrap_setegid
-#ifdef setregid
-#undef setregid
+#ifdef samba_setregid
+#undef samba_setregid
#endif
-#define setregid uwrap_setregid
+#define samba_setregid uwrap_setregid
-#ifdef setresgid
-#undef setresgid
+#ifdef samba_setresgid
+#undef samba_setresgid
#endif
-#define setresgid uwrap_setresgid
+#define samba_setresgid uwrap_setresgid
#ifdef geteuid
#undef geteuid
#endif
#define getegid uwrap_getegid
-#ifdef setgroups
-#undef setgroups
+#ifdef samba_setgroups
+#undef samba_setgroups
#endif
-#define setgroups uwrap_setgroups
+#define samba_setgroups uwrap_setgroups
#ifdef getgroups
#undef getgroups
bld.SAMBA_LIBRARY('uid_wrapper',
source='uid_wrapper.c',
- deps='talloc',
+ deps='talloc util_setid',
private_library=True,
enabled=bld.CONFIG_SET("UID_WRAPPER"),
)
--- /dev/null
+/*
+ Unix SMB/CIFS implementation.
+ setXXid() functions for Samba.
+ Copyright (C) Jeremy Allison 2012
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef AUTOCONF_TEST
+#include "replace.h"
+#include "system/passwd.h"
+#include "include/includes.h"
+
+#ifdef UID_WRAPPER_REPLACE
+
+#ifdef samba_seteuid
+#undef samba_seteuid
+#endif
+
+#ifdef samba_setreuid
+#undef samba_setreuid
+#endif
+
+#ifdef samba_setresuid
+#undef samba_setresuid
+#endif
+
+#ifdef samba_setegid
+#undef samba_setegid
+#endif
+
+#ifdef samba_setregid
+#undef samba_setregid
+#endif
+
+#ifdef samba_setresgid
+#undef samba_setresgid
+#endif
+
+#ifdef samba_setgroups
+#undef samba_setgroups
+#endif
+
+/* uid_wrapper will have redefined these. */
+int samba_setresuid(uid_t ruid, uid_t euid, uid_t suid);
+int samba_setresgid(gid_t rgid, gid_t egid, gid_t sgid);
+int samba_setreuid(uid_t ruid, uid_t euid);
+int samba_setregid(gid_t rgid, gid_t egid);
+int samba_seteuid(uid_t euid);
+int samba_setegid(gid_t egid);
+int samba_setuid(uid_t uid);
+int samba_setgid(gid_t gid);
+int samba_setuidx(int flags, uid_t uid);
+int samba_setgidx(int flags, gid_t gid);
+int samba_setgroups(size_t setlen, const gid_t *gidset);
+
+#endif
+#endif
+
+#include "../lib/util/setid.h"
+
+/* All the setXX[ug]id functions and setgroups Samba uses. */
+int samba_setresuid(uid_t ruid, uid_t euid, uid_t suid)
+{
+#if defined(HAVE_SETRESUID)
+ return setresuid(ruid, euid, suid);
+#else
+ errno = ENOSYS;
+ return -1;
+#endif
+}
+
+int samba_setresgid(gid_t rgid, gid_t egid, gid_t sgid)
+{
+#if defined(HAVE_SETRESGID)
+ return setresgid(rgid, egid, sgid);
+#else
+ errno = ENOSYS;
+ return -1;
+#endif
+}
+
+int samba_setreuid(uid_t ruid, uid_t euid)
+{
+#if defined(HAVE_SETREUID)
+ return setreuid(ruid, euid);
+#else
+ errno = ENOSYS;
+ return -1;
+#endif
+}
+
+int samba_setregid(gid_t rgid, gid_t egid)
+{
+#if defined(HAVE_SETREGID)
+ return setregid(rgid, egid);
+#else
+ errno = ENOSYS;
+ return -1;
+#endif
+}
+
+int samba_seteuid(uid_t euid)
+{
+#if defined(HAVE_SETEUID)
+ return seteuid(euid);
+#else
+ errno = ENOSYS;
+ return -1;
+#endif
+}
+
+int samba_setegid(gid_t egid)
+{
+#if defined(HAVE_SETEGID)
+ return setegid(egid);
+#else
+ errno = ENOSYS;
+ return -1;
+#endif
+}
+
+int samba_setuid(uid_t uid)
+{
+#if defined(HAVE_SETUID)
+ return setuid(uid);
+#else
+ errno = ENOSYS;
+ return -1;
+#endif
+}
+
+int samba_setgid(gid_t gid)
+{
+#if defined(HAVE_SETGID)
+ return setgid(gid);
+#else
+ errno = ENOSYS;
+ return -1;
+#endif
+}
+
+int samba_setuidx(int flags, uid_t uid)
+{
+#if defined(HAVE_SETUIDX)
+ return setuidx(flags, uid);
+#else
+ errno = ENOSYS;
+ return -1;
+#endif
+}
+
+int samba_setgidx(int flags, gid_t gid)
+{
+#if defined(HAVE_SETGIDX)
+ return setgidx(flags, gid);
+#else
+ errno = ENOSYS;
+ return -1;
+#endif
+}
+
+int samba_setgroups(size_t setlen, const gid_t *gidset)
+{
+#if defined(HAVE_SETGROUPS)
+ return setgroups(setlen, gidset);
+#else
+ errno = ENOSYS;
+ return -1;
+#endif
+}
--- /dev/null
+/*
+ Unix SMB/CIFS implementation.
+ setXXid() functions for Samba.
+ Copyright (C) Jeremy Allison 2012
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _SETID_H
+#define _SETID_H
+
+/*
+ * NB. We don't wrap initgroups although on some systems
+ * this can call setgroups. On systems with thread-specific
+ * credentials (Linux so far) we know they have getgrouplist()
+ * which doesn't make a system call.
+ */
+
+/* All the setXX[ug]id functions and setgroups Samba uses. */
+int samba_setresuid(uid_t ruid, uid_t euid, uid_t suid);
+int samba_setresgid(gid_t rgid, gid_t egid, gid_t sgid);
+int samba_setreuid(uid_t ruid, uid_t euid);
+int samba_setregid(gid_t rgid, gid_t egid);
+int samba_seteuid(uid_t euid);
+int samba_setegid(gid_t egid);
+int samba_setuid(uid_t uid);
+int samba_setgid(gid_t gid);
+int samba_setuidx(int flags, uid_t uid);
+int samba_setgidx(int flags, gid_t gid);
+int samba_setgroups(size_t setlen, const gid_t *gidset);
+
+#endif
#include "includes.h"
#include "system/passwd.h"
#include "../lib/util/unix_privs.h"
+#include "../lib/util/setid.h"
/**
* @file
static int privileges_destructor(struct saved_state *s)
{
if (geteuid() != s->uid &&
- seteuid(s->uid) != 0) {
+ samba_seteuid(s->uid) != 0) {
smb_panic("Failed to restore privileges");
}
return 0;
if (!s) return NULL;
s->uid = geteuid();
if (s->uid != 0) {
- seteuid(0);
+ samba_seteuid(0);
}
talloc_set_destructor(s, privileges_destructor);
return s;
util_str.c util_str_common.c substitute.c ms_fnmatch.c
server_id.c dprintf.c parmlist.c bitmap.c''',
deps='DYNCONFIG',
- public_deps='talloc execinfo uid_wrapper pthread LIBCRYPTO charset',
+ public_deps='talloc execinfo uid_wrapper pthread LIBCRYPTO charset util_setid',
public_headers='debug.h attr.h byteorder.h data_blob.h memory.h safe_string.h time.h talloc_stack.h xfile.h dlinklist.h samba_util.h string_wrappers.h',
header_path= [ ('dlinklist.h samba_util.h', '.'), ('*', 'util') ],
local_include=False,
vnum='0.0.1'
)
+bld.SAMBA_LIBRARY('util_setid',
+ source='setid.c',
+ local_include=False,
+ private_library=True
+ )
bld.SAMBA_SUBSYSTEM('util_ldb',
source='util_ldb.c',
lib/tevent_barrier.o \
../lib/util/smb_threads.o ../lib/util/util_id.o \
../lib/util/blocking.o ../lib/util/rfc1738.o \
- ../lib/util/select.o ../lib/util/util_pw.o ../lib/util/server_id.o
+ ../lib/util/select.o ../lib/util/util_pw.o ../lib/util/server_id.o \
+ ../lib/util/setid.o
CRYPTO_OBJ = ../lib/crypto/crc32.o @CRYPTO_MD5_OBJ@ \
../lib/crypto/hmacmd5.o ../lib/crypto/arcfour.o \
$(LIBSMB_OBJ) $(LIB_NONSMBD_OBJ) \
$(LIBMSRPC_OBJ) $(LIBMSRPC_GEN_OBJ) $(FNAME_UTIL_OBJ)
-NSSTEST_OBJ = ../nsswitch/nsstest.o $(LIBSAMBAUTIL_OBJ)
+NSSTEST_OBJ = ../nsswitch/nsstest.o ../lib/util/setid.o $(LIBSAMBAUTIL_OBJ)
PDBTEST_OBJ = torture/pdbtest.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \
$(LIB_NONSMBD_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \
../lib/util/util_str_common.o \
../lib/util/data_blob.o \
../dynconfig/dynconfig.o \
+ ../lib/util/setid.o \
$(LIBSAMBAUTIL_OBJ) \
param/util.o
#include "../lib/util/smb_threads.h"
#include "../lib/util/smb_threads_internal.h"
+/* samba_setXXid functions. */
+#include "../lib/util/setid.h"
+
/***** prototypes *****/
#ifndef NO_PROTO_H
#include "proto.h"
#include "system/capability.h"
#include "system/passwd.h"
#include "system/filesys.h"
+#include "../lib/util/setid.h"
#ifdef HAVE_SYS_SYSCTL_H
#include <sys/sysctl.h>
for(i = 0; i < setlen; i++)
group_list[i] = (GID_T) gidset[i];
- if(setgroups(setlen, group_list) != 0) {
+ if(samba_setgroups(setlen, group_list) != 0) {
int saved_errno = errno;
SAFE_FREE(group_list);
errno = saved_errno;
/* No group list, just make sure we are setting the efective GID. */
if (setlen == 0) {
- return setgroups(1, &primary_gid);
+ return samba_setgroups(1, &primary_gid);
}
/* If the primary gid is not the first array element, grow the array
#if defined(HAVE_BROKEN_GETGROUPS)
ret = sys_broken_setgroups(setlen, new_gidset ? new_gidset : gidset);
#else
- ret = setgroups(setlen, new_gidset ? new_gidset : gidset);
+ ret = samba_setgroups(setlen, new_gidset ? new_gidset : gidset);
#endif
if (new_gidset) {
#elif defined(HAVE_BROKEN_GETGROUPS)
return sys_broken_setgroups(setlen, gidset);
#else
- return setgroups(setlen, gidset);
+ return samba_setgroups(setlen, gidset);
#endif
}
#include "includes.h"
#include "system/passwd.h"
#include "nsswitch/winbind_client.h"
+#include "../lib/util/setid.h"
#ifndef HAVE_GETGROUPLIST
return from getgroups() */
save_re_gid();
set_effective_gid(gid);
- setgid(gid);
+ samba_setgid(gid);
num_gids = getgroups(0, NULL);
if (num_gids == -1) {
#ifndef AUTOCONF_TEST
#include "includes.h"
#include "system/passwd.h" /* uid_wrapper */
+#include "../lib/util/setid.h"
+
#else
/* we are running this code in autoconf test mode to see which type of setuid
function works */
#include <sys/id.h>
#endif
+/* In autoconf/test mode include the definitions of samba_setXXX. */
+#include "../lib/util/setid.c"
+
#define DEBUG(x, y) printf y
#define smb_panic(x) exit(1)
#define bool int
void gain_root_privilege(void)
{
#if USE_SETRESUID
- setresuid(0,0,0);
+ samba_setresuid(0,0,0);
#endif
#if USE_SETEUID
- seteuid(0);
+ samba_seteuid(0);
#endif
#if USE_SETREUID
- setreuid(0, 0);
+ samba_setreuid(0, 0);
#endif
#if USE_SETUIDX
- setuidx(ID_EFFECTIVE, 0);
- setuidx(ID_REAL, 0);
+ samba_setuidx(ID_EFFECTIVE, 0);
+ samba_setuidx(ID_REAL, 0);
#endif
/* this is needed on some systems */
- setuid(0);
+ samba_setuid(0);
assert_uid(0, 0);
}
void gain_root_group_privilege(void)
{
#if USE_SETRESUID
- setresgid(0,0,0);
+ samba_setresgid(0,0,0);
#endif
#if USE_SETREUID
- setregid(0,0);
+ samba_setregid(0,0);
#endif
#if USE_SETEUID
- setegid(0);
+ samba_setegid(0);
#endif
#if USE_SETUIDX
- setgidx(ID_EFFECTIVE, 0);
- setgidx(ID_REAL, 0);
+ samba_setgidx(ID_EFFECTIVE, 0);
+ samba_setgidx(ID_REAL, 0);
#endif
- setgid(0);
+ samba_setgid(0);
assert_gid(0, 0);
}
{
#if USE_SETRESUID
/* Set the effective as well as the real uid. */
- if (setresuid(uid,uid,-1) == -1) {
+ if (samba_setresuid(uid,uid,-1) == -1) {
if (errno == EAGAIN) {
- DEBUG(0, ("setresuid failed with EAGAIN. uid(%d) "
+ DEBUG(0, ("samba_setresuid failed with EAGAIN. uid(%d) "
"might be over its NPROC limit\n",
(int)uid));
}
#endif
#if USE_SETREUID
- setreuid(-1,uid);
+ samba_setreuid(-1,uid);
#endif
#if USE_SETEUID
- seteuid(uid);
+ samba_seteuid(uid);
#endif
#if USE_SETUIDX
- setuidx(ID_EFFECTIVE, uid);
+ samba_setuidx(ID_EFFECTIVE, uid);
#endif
assert_uid(-1, uid);
void set_effective_gid(gid_t gid)
{
#if USE_SETRESUID
- setresgid(-1,gid,-1);
+ samba_setresgid(-1,gid,-1);
#endif
#if USE_SETREUID
- setregid(-1,gid);
+ samba_setregid(-1,gid);
#endif
#if USE_SETEUID
- setegid(gid);
+ samba_setegid(gid);
#endif
#if USE_SETUIDX
- setgidx(ID_EFFECTIVE, gid);
+ samba_setgidx(ID_EFFECTIVE, gid);
#endif
assert_gid(-1, gid);
void restore_re_uid_fromroot(void)
{
#if USE_SETRESUID
- setresuid(saved_ruid, saved_euid, -1);
+ samba_setresuid(saved_ruid, saved_euid, -1);
#elif USE_SETREUID
- setreuid(saved_ruid, -1);
- setreuid(-1,saved_euid);
+ samba_setreuid(saved_ruid, -1);
+ samba_setreuid(-1,saved_euid);
#elif USE_SETUIDX
- setuidx(ID_REAL, saved_ruid);
- setuidx(ID_EFFECTIVE, saved_euid);
+ samba_setuidx(ID_REAL, saved_ruid);
+ samba_setuidx(ID_EFFECTIVE, saved_euid);
#else
set_effective_uid(saved_euid);
if (getuid() != saved_ruid)
- setuid(saved_ruid);
+ samba_setuid(saved_ruid);
set_effective_uid(saved_euid);
#endif
void restore_re_gid(void)
{
#if USE_SETRESUID
- setresgid(saved_rgid, saved_egid, -1);
+ samba_setresgid(saved_rgid, saved_egid, -1);
#elif USE_SETREUID
- setregid(saved_rgid, -1);
- setregid(-1,saved_egid);
+ samba_setregid(saved_rgid, -1);
+ samba_setregid(-1,saved_egid);
#elif USE_SETUIDX
- setgidx(ID_REAL, saved_rgid);
- setgidx(ID_EFFECTIVE, saved_egid);
+ samba_setgidx(ID_REAL, saved_rgid);
+ samba_setgidx(ID_EFFECTIVE, saved_egid);
#else
set_effective_gid(saved_egid);
if (getgid() != saved_rgid)
- setgid(saved_rgid);
+ samba_setgid(saved_rgid);
set_effective_gid(saved_egid);
#endif
uid_t uid = geteuid();
#if USE_SETRESUID
- setresuid(geteuid(), -1, -1);
+ samba_setresuid(geteuid(), -1, -1);
#endif
#if USE_SETREUID
- setreuid(0, 0);
- setreuid(uid, -1);
- setreuid(-1, uid);
+ samba_setreuid(0, 0);
+ samba_setreuid(uid, -1);
+ samba_setreuid(-1, uid);
#endif
#if USE_SETEUID
gain_root_group_privilege();
#if USE_SETRESUID
- setresgid(gid,gid,gid);
- setgid(gid);
- setresuid(uid,uid,uid);
- setuid(uid);
+ samba_setresgid(gid,gid,gid);
+ samba_setgid(gid);
+ samba_setresuid(uid,uid,uid);
+ samba_setuid(uid);
#endif
#if USE_SETREUID
- setregid(gid,gid);
- setgid(gid);
- setreuid(uid,uid);
- setuid(uid);
+ samba_setregid(gid,gid);
+ samba_setgid(gid);
+ samba_setreuid(uid,uid);
+ samba_setuid(uid);
#endif
#if USE_SETEUID
- setegid(gid);
- setgid(gid);
- setuid(uid);
- seteuid(uid);
- setuid(uid);
+ samba_setegid(gid);
+ samba_setgid(gid);
+ samba_setuid(uid);
+ samba_seteuid(uid);
+ samba_setuid(uid);
#endif
#if USE_SETUIDX
- setgidx(ID_REAL, gid);
- setgidx(ID_EFFECTIVE, gid);
- setgid(gid);
- setuidx(ID_REAL, uid);
- setuidx(ID_EFFECTIVE, uid);
- setuid(uid);
+ samba_setgidx(ID_REAL, gid);
+ samba_setgidx(ID_EFFECTIVE, gid);
+ samba_setgid(gid);
+ samba_setuidx(ID_REAL, uid);
+ samba_setuidx(ID_EFFECTIVE, uid);
+ samba_setuid(uid);
#endif
assert_uid(uid, uid);
errno = 0;
#if USE_SETRESUID
- setresuid(-1,-1,-1);
+ samba_setresuid(-1,-1,-1);
#endif
#if USE_SETREUID
- setreuid(-1,-1);
+ samba_setreuid(-1,-1);
#endif
#if USE_SETEUID
- seteuid(-1);
+ samba_seteuid(-1);
#endif
#if USE_SETUIDX
- setuidx(ID_EFFECTIVE, -1);
+ samba_setuidx(ID_EFFECTIVE, -1);
#endif
if (errno == ENOSYS) return -1;
gain_root_privilege();
gain_root_group_privilege();
become_user_permanently(1, 1);
- setuid(0);
+ samba_setuid(0);
if (getuid() == 0) {
fprintf(stderr,"uid not set permanently\n");
exit(1);
#include "libcli/security/security_token.h"
#include "auth.h"
#include "smbprofile.h"
+#include "../lib/util/setid.h"
extern struct current_user current_user;
returned from getgroups() (tridge) */
save_re_gid();
set_effective_gid(gid);
- setgid(gid);
+ samba_setgid(gid);
ngroups = sys_getgroups(0,&grp);
if (ngroups <= 0) {
#include "intl/lang_tdb.h"
#include "auth.h"
#include "secrets.h"
+#include "../lib/util/setid.h"
#define MAX_VARIABLES 10000
C_user = SMB_STRDUP(user);
- if (!setuid(0)) {
+ if (!samba_setuid(0)) {
C_pass = secrets_fetch_generic("root", "SWAT");
if (C_pass == NULL) {
char *tmp_pass = NULL;
TALLOC_FREE(tmp_pass);
}
}
- setuid(pwd->pw_uid);
+ samba_setuid(pwd->pw_uid);
if (geteuid() != pwd->pw_uid || getuid() != pwd->pw_uid) {
printf("%sFailed to become user %s - uid=%d/%d<br>%s\n",
head, user, (int)geteuid(), (int)getuid(), tail);
#include "../lib/util/smb_threads.h"
#include "../lib/util/smb_threads_internal.h"
+/* samba_setXXid functions. */
+#include "../lib/util/setid.h"
+
#endif /* _INCLUDES_H */
#include "libcli/wbclient/wbclient.h"
#define TEVENT_DEPRECATED
#include <tevent.h>
+#include "../lib/util/setid.h"
NTSTATUS ntvfs_unixuid_init(void);
*/
static NTSTATUS set_unix_security(struct security_unix_token *sec)
{
- seteuid(0);
+ samba_seteuid(0);
- if (setgroups(sec->ngroups, sec->groups) != 0) {
+ if (samba_setgroups(sec->ngroups, sec->groups) != 0) {
return NT_STATUS_ACCESS_DENIED;
}
- if (setegid(sec->gid) != 0) {
+ if (samba_setegid(sec->gid) != 0) {
return NT_STATUS_ACCESS_DENIED;
}
- if (seteuid(sec->uid) != 0) {
+ if (samba_seteuid(sec->uid) != 0) {
return NT_STATUS_ACCESS_DENIED;
}
return NT_STATUS_OK;
return -1;
}
*(struct security_unix_token **)stack_ptr = sec_ctx;
- if (seteuid(0) != 0 || setegid(0) != 0) {
+ if (samba_seteuid(0) != 0 || samba_setegid(0) != 0) {
DEBUG(0,("%s: Failed to change to root\n", location));
return -1;
}
{
/* Become a non-root user */
- setuid(1);
- setgid(1);
+ samba_setuid(1);
+ samba_setgid(1);
/* Try to push a security context. This should fail with a
smb_assert() error. */
/* Become a non-root user */
- setuid(1);
- setgid(1);
+ samba_setuid(1);
+ samba_setgid(1);
/* Try to push a security context. This should fail with a
smb_assert() error. */