summaryrefslogtreecommitdiff
path: root/source3/lib
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>1998-11-12 07:06:48 +0000
committerAndrew Tridgell <tridge@samba.org>1998-11-12 07:06:48 +0000
commit29e36b713468d7e7de301c483fc340ef42b4a9fb (patch)
treefd97dcedea842356595ce290c2fb1f95d8448285 /source3/lib
parent4f368d8b924b76007809e967ac1f37f6a1ebdd68 (diff)
downloadsamba-29e36b713468d7e7de301c483fc340ef42b4a9fb.tar.gz
samba-29e36b713468d7e7de301c483fc340ef42b4a9fb.tar.bz2
samba-29e36b713468d7e7de301c483fc340ef42b4a9fb.zip
extracted the password change code from smbpasswd and used it in swat
instead of opening pipes and other horrible stuff. (This used to be commit 49bf19710345a59a2d17cd449be1a132885ed821)
Diffstat (limited to 'source3/lib')
-rw-r--r--source3/lib/util.c53
1 files changed, 53 insertions, 0 deletions
diff --git a/source3/lib/util.c b/source3/lib/util.c
index 2be1fcaf6f..1710205f3c 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -3095,3 +3095,56 @@ BOOL reg_split_key(char *full_keyname, uint32 *reg_type, char *key_name)
return True;
}
+
+/****************************************************************************
+ become the specified uid - permanently !
+****************************************************************************/
+BOOL become_user_permanently(uid_t uid, gid_t gid)
+{
+ /* now completely lose our privilages. This is a fairly paranoid
+ way of doing it, but it does work on all systems that I know of */
+
+#ifdef HAVE_SETRESUID
+ /*
+ * Firstly ensure all our uids are set to root.
+ */
+ setresgid(0,0,0);
+ setresuid(0,0,0);
+
+ /*
+ * Now ensure we change all our gids.
+ */
+ setresgid(gid,gid,gid);
+
+ /*
+ * Now ensure all the uids are the user.
+ */
+ setresuid(uid,uid,uid);
+#else
+ /*
+ * Firstly ensure all our uids are set to root.
+ */
+ setuid(0);
+ seteuid(0);
+
+ /*
+ * Now ensure we change all our gids.
+ */
+ setgid(gid);
+ setegid(gid);
+
+ /*
+ * Now ensure all the uids are the user.
+ */
+ setuid(uid);
+ seteuid(uid);
+#endif
+
+ if (getuid() != uid || geteuid() != uid ||
+ getgid() != gid || getegid() != gid) {
+ /* We failed to lose our privilages. */
+ return False;
+ }
+
+ return(True);
+}