/*
- Unix SMB/Netbios implementation.
- Version 2.0
+ Unix SMB/CIFS implementation.
Copyright (C) Jeremy Allison 1998.
rewritten for version 2.0.6 by Tridge
#ifndef AUTOCONF_TEST
#include "includes.h"
-extern int DEBUGLEVEL;
#else
/* we are running this code in autoconf test mode to see which type of setuid
function works */
#define DEBUG(x, y) printf y
#define smb_panic(x) exit(1)
+#define BOOL int
#endif
/* are we running as non-root? This is used by the regresison test code,
and potentially also for sites that want non-root smbd */
static uid_t initial_uid;
+static gid_t initial_gid;
/****************************************************************************
remember what uid we got started as - this allows us to run correctly
void sec_init(void)
{
initial_uid = geteuid();
- if (initial_uid != (uid_t)0) {
- /* the DEBUG() subsystem has not been initialised when this is called */
- fprintf(stderr, "WARNING: running as non-root. Some functionality will be missing\n");
- }
+ initial_gid = getegid();
+}
+
+/****************************************************************************
+some code (eg. winbindd) needs to know what uid we started as
+****************************************************************************/
+uid_t sec_initial_uid(void)
+{
+ return initial_uid;
+}
+
+/****************************************************************************
+some code (eg. winbindd, profiling shm) needs to know what gid we started as
+****************************************************************************/
+gid_t sec_initial_gid(void)
+{
+ return initial_gid;
}
/****************************************************************************
}
static uid_t saved_euid, saved_ruid;
+static gid_t saved_egid, saved_rgid;
/****************************************************************************
save the real and effective uid for later restoration. Used by the quotas
assert_uid(saved_ruid, saved_euid);
}
+
+/****************************************************************************
+ save the real and effective gid for later restoration. Used by the
+ getgroups code
+****************************************************************************/
+void save_re_gid(void)
+{
+ saved_rgid = getgid();
+ saved_egid = getegid();
+}
+
+/****************************************************************************
+ and restore them!
+****************************************************************************/
+void restore_re_gid(void)
+{
+#if USE_SETRESUID
+ setresgid(saved_rgid, saved_egid, -1);
+#elif USE_SETREUID
+ setregid(saved_rgid, -1);
+ setregid(-1,saved_egid);
+#elif USE_SETUIDX
+ setgidx(ID_REAL, saved_rgid);
+ setgidx(ID_EFFECTIVE, saved_egid);
+#else
+ set_effective_gid(saved_egid);
+ if (getgid() != saved_rgid)
+ setgid(saved_rgid);
+ set_effective_gid(saved_egid);
+#endif
+
+ assert_gid(saved_rgid, saved_egid);
+}
+
+
/****************************************************************************
set the real AND effective uid to the current effective uid in a way that
allows root to be regained.
exit(0);
}
#endif
+
+/****************************************************************************
+Check if we are setuid root. Used in libsmb and smbpasswd paranoia checks.
+****************************************************************************/
+BOOL is_setuid_root(void)
+{
+ return (geteuid() == (uid_t)0) && (getuid() != (uid_t)0);
+}
git.samba.org / kai / samba.git / blobdiff