git.samba.org
/
gd
/
samba
/
.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
r23779: Change from v2 or later to v3 or later.
[gd/samba/.git]
/
source3
/
lib
/
util_sec.c
diff --git
a/source3/lib/util_sec.c
b/source3/lib/util_sec.c
index 132748ce138e147b2ae019e78bb970ed7ca9e408..0d928aad3d9a1b6f8ab57eb53c51042b9676d8c3 100644
(file)
--- a/
source3/lib/util_sec.c
+++ b/
source3/lib/util_sec.c
@@
-5,7
+5,7
@@
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version
2
of the License, or
+ the Free Software Foundation; either version
3
of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
(at your option) any later version.
This program is distributed in the hope that it will be useful,
@@
-52,10
+52,16
@@
static gid_t initial_gid;
remember what uid we got started as - this allows us to run correctly
as non-root while catching trapdoor systems
****************************************************************************/
remember what uid we got started as - this allows us to run correctly
as non-root while catching trapdoor systems
****************************************************************************/
+
void sec_init(void)
{
void sec_init(void)
{
- initial_uid = geteuid();
- initial_gid = getegid();
+ static int initialized;
+
+ if (!initialized) {
+ initial_uid = geteuid();
+ initial_gid = getegid();
+ initialized = 1;
+ }
}
/****************************************************************************
}
/****************************************************************************
@@
-177,13
+183,28
@@
void gain_root_group_privilege(void)
/****************************************************************************
/****************************************************************************
- Set *only* the effective uid.
- we want to end up with ruid==0 and euid==uid
+ Set effective uid, and possibly the real uid too.
+ We want to end up with either:
+
+ ruid==uid and euid==uid
+
+ or
+
+ ruid==0 and euid==uid
+
+ depending on what the local OS will allow us to regain root from.
****************************************************************************/
void set_effective_uid(uid_t uid)
{
#if USE_SETRESUID
****************************************************************************/
void set_effective_uid(uid_t uid)
{
#if USE_SETRESUID
- setresuid(-1,uid,-1);
+ /* Set the effective as well as the real uid. */
+ if (setresuid(uid,uid,-1) == -1) {
+ if (errno == EAGAIN) {
+ DEBUG(0, ("setresuid failed with EAGAIN. uid(%d) "
+ "might be over its NPROC limit\n",
+ (int)uid));
+ }
+ }
#endif
#if USE_SETREUID
#endif
#if USE_SETREUID
@@
-243,10
+264,9
@@
void save_re_uid(void)
/****************************************************************************
and restore them!
****************************************************************************/
/****************************************************************************
and restore them!
****************************************************************************/
-void restore_re_uid(void)
-{
- set_effective_uid(0);
+void restore_re_uid_fromroot(void)
+{
#if USE_SETRESUID
setresuid(saved_ruid, saved_euid, -1);
#elif USE_SETREUID
#if USE_SETRESUID
setresuid(saved_ruid, saved_euid, -1);
#elif USE_SETREUID
@@
-265,6
+285,11
@@
void restore_re_uid(void)
assert_uid(saved_ruid, saved_euid);
}
assert_uid(saved_ruid, saved_euid);
}
+void restore_re_uid(void)
+{
+ set_effective_uid(0);
+ restore_re_uid_fromroot();
+}
/****************************************************************************
save the real and effective gid for later restoration. Used by the
/****************************************************************************
save the real and effective gid for later restoration. Used by the
git.samba.org / gd / samba / .git / blobdiff