Keep coding this boring stuff to lay out security descriptors ...

[kai/samba.git] / source3 / lib / util_sec.c

diff --git a/source3/lib/util_sec.c b/source3/lib/util_sec.c
index 231f0b178da664dda219ac5b13907fd0c08a4632..132748ce138e147b2ae019e78bb970ed7ca9e408 100644 (file)
--- a/source3/lib/util_sec.c
+++ b/source3/lib/util_sec.c
@@ -1,6 +1,5 @@
 /*
-   Unix SMB/Netbios implementation.
-   Version 2.0
+   Unix SMB/CIFS implementation.
    Copyright (C) Jeremy Allison 1998.
    rewritten for version 2.0.6 by Tridge
 
@@ -21,7 +20,6 @@
 
 #ifndef AUTOCONF_TEST
 #include "includes.h"
-extern int DEBUGLEVEL;
 #else
 /* we are running this code in autoconf test mode to see which type of setuid
    function works */
@@ -229,6 +227,7 @@ void set_effective_gid(gid_t gid)
 }
 
 static uid_t saved_euid, saved_ruid;
+static gid_t saved_egid, saved_rgid;
 
 /****************************************************************************
  save the real and effective uid for later restoration. Used by the quotas
@@ -266,6 +265,41 @@ void restore_re_uid(void)
        assert_uid(saved_ruid, saved_euid);
 }
 
+
+/****************************************************************************
+ save the real and effective gid for later restoration. Used by the 
+ getgroups code
+****************************************************************************/
+void save_re_gid(void)
+{
+       saved_rgid = getgid();
+       saved_egid = getegid();
+}
+
+/****************************************************************************
+ and restore them!
+****************************************************************************/
+void restore_re_gid(void)
+{
+#if USE_SETRESUID
+       setresgid(saved_rgid, saved_egid, -1);
+#elif USE_SETREUID
+       setregid(saved_rgid, -1);
+       setregid(-1,saved_egid);
+#elif USE_SETUIDX
+       setgidx(ID_REAL, saved_rgid);
+       setgidx(ID_EFFECTIVE, saved_egid);
+#else
+       set_effective_gid(saved_egid);
+       if (getgid() != saved_rgid)
+               setgid(saved_rgid);
+       set_effective_gid(saved_egid);
+#endif
+
+       assert_gid(saved_rgid, saved_egid);
+}
+
+
 /****************************************************************************
  set the real AND effective uid to the current effective uid in a way that
  allows root to be regained.
@@ -414,3 +448,11 @@ main()
        exit(0);
 }
 #endif
+
+/****************************************************************************
+Check if we are setuid root.  Used in libsmb and smbpasswd paranoia checks.
+****************************************************************************/
+BOOL is_setuid_root(void) 
+{
+       return (geteuid() == (uid_t)0) && (getuid() != (uid_t)0);
+}