diff options
author | Jeremy Allison <jra@samba.org> | 2012-06-28 11:59:51 -0700 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2012-06-28 17:15:16 -0700 |
commit | 821bd95156e8cc6d843aecb0a27d4a08761b7dac (patch) | |
tree | a35f1f0059005555bc3fe548760a9cf01e896d55 /source3/lib | |
parent | 7630fe50bd7d0783d1f6b253cbee46cccca3f774 (diff) | |
download | samba-821bd95156e8cc6d843aecb0a27d4a08761b7dac.tar.gz samba-821bd95156e8cc6d843aecb0a27d4a08761b7dac.tar.bz2 samba-821bd95156e8cc6d843aecb0a27d4a08761b7dac.zip |
Replace all uses of setXX[ug]id() and setgroups with samba_setXX[ug]id() calls.
Will allow thread-specific credentials to be added by modifying
the central definitions. Deliberately left the setXX[ug]id()
call in popt as this is not used in Samba.
Diffstat (limited to 'source3/lib')
-rw-r--r-- | source3/lib/system.c | 9 | ||||
-rw-r--r-- | source3/lib/system_smbd.c | 3 | ||||
-rw-r--r-- | source3/lib/util_sec.c | 127 |
3 files changed, 73 insertions, 66 deletions
diff --git a/source3/lib/system.c b/source3/lib/system.c index 3daa041a27..fe8aec317d 100644 --- a/source3/lib/system.c +++ b/source3/lib/system.c @@ -25,6 +25,7 @@ #include "system/capability.h" #include "system/passwd.h" #include "system/filesys.h" +#include "../lib/util/setid.h" #ifdef HAVE_SYS_SYSCTL_H #include <sys/sysctl.h> @@ -956,7 +957,7 @@ static int sys_broken_setgroups(int setlen, gid_t *gidset) for(i = 0; i < setlen; i++) group_list[i] = (GID_T) gidset[i]; - if(setgroups(setlen, group_list) != 0) { + if(samba_setgroups(setlen, group_list) != 0) { int saved_errno = errno; SAFE_FREE(group_list); errno = saved_errno; @@ -993,7 +994,7 @@ static int sys_bsd_setgroups(gid_t primary_gid, int setlen, const gid_t *gidset) /* No group list, just make sure we are setting the efective GID. */ if (setlen == 0) { - return setgroups(1, &primary_gid); + return samba_setgroups(1, &primary_gid); } /* If the primary gid is not the first array element, grow the array @@ -1019,7 +1020,7 @@ static int sys_bsd_setgroups(gid_t primary_gid, int setlen, const gid_t *gidset) #if defined(HAVE_BROKEN_GETGROUPS) ret = sys_broken_setgroups(setlen, new_gidset ? new_gidset : gidset); #else - ret = setgroups(setlen, new_gidset ? new_gidset : gidset); + ret = samba_setgroups(setlen, new_gidset ? new_gidset : gidset); #endif if (new_gidset) { @@ -1062,7 +1063,7 @@ int sys_setgroups(gid_t UNUSED(primary_gid), int setlen, gid_t *gidset) #elif defined(HAVE_BROKEN_GETGROUPS) return sys_broken_setgroups(setlen, gidset); #else - return setgroups(setlen, gidset); + return samba_setgroups(setlen, gidset); #endif } diff --git a/source3/lib/system_smbd.c b/source3/lib/system_smbd.c index 634f88ea9c..10d7f38d52 100644 --- a/source3/lib/system_smbd.c +++ b/source3/lib/system_smbd.c @@ -26,6 +26,7 @@ #include "includes.h" #include "system/passwd.h" #include "nsswitch/winbind_client.h" +#include "../lib/util/setid.h" #ifndef HAVE_GETGROUPLIST @@ -130,7 +131,7 @@ static int getgrouplist_internals(const char *user, gid_t gid, gid_t *groups, return from getgroups() */ save_re_gid(); set_effective_gid(gid); - setgid(gid); + samba_setgid(gid); num_gids = getgroups(0, NULL); if (num_gids == -1) { diff --git a/source3/lib/util_sec.c b/source3/lib/util_sec.c index 60ea214d26..bbb75dbbd4 100644 --- a/source3/lib/util_sec.c +++ b/source3/lib/util_sec.c @@ -20,6 +20,8 @@ #ifndef AUTOCONF_TEST #include "includes.h" #include "system/passwd.h" /* uid_wrapper */ +#include "../lib/util/setid.h" + #else /* we are running this code in autoconf test mode to see which type of setuid function works */ @@ -38,6 +40,9 @@ #include <sys/id.h> #endif +/* In autoconf/test mode include the definitions of samba_setXXX. */ +#include "../lib/util/setid.c" + #define DEBUG(x, y) printf y #define smb_panic(x) exit(1) #define bool int @@ -130,24 +135,24 @@ static void assert_gid(gid_t rgid, gid_t egid) void gain_root_privilege(void) { #if USE_SETRESUID - setresuid(0,0,0); + samba_setresuid(0,0,0); #endif #if USE_SETEUID - seteuid(0); + samba_seteuid(0); #endif #if USE_SETREUID - setreuid(0, 0); + samba_setreuid(0, 0); #endif #if USE_SETUIDX - setuidx(ID_EFFECTIVE, 0); - setuidx(ID_REAL, 0); + samba_setuidx(ID_EFFECTIVE, 0); + samba_setuidx(ID_REAL, 0); #endif /* this is needed on some systems */ - setuid(0); + samba_setuid(0); assert_uid(0, 0); } @@ -160,23 +165,23 @@ void gain_root_privilege(void) void gain_root_group_privilege(void) { #if USE_SETRESUID - setresgid(0,0,0); + samba_setresgid(0,0,0); #endif #if USE_SETREUID - setregid(0,0); + samba_setregid(0,0); #endif #if USE_SETEUID - setegid(0); + samba_setegid(0); #endif #if USE_SETUIDX - setgidx(ID_EFFECTIVE, 0); - setgidx(ID_REAL, 0); + samba_setgidx(ID_EFFECTIVE, 0); + samba_setgidx(ID_REAL, 0); #endif - setgid(0); + samba_setgid(0); assert_gid(0, 0); } @@ -198,9 +203,9 @@ void set_effective_uid(uid_t uid) { #if USE_SETRESUID /* Set the effective as well as the real uid. */ - if (setresuid(uid,uid,-1) == -1) { + if (samba_setresuid(uid,uid,-1) == -1) { if (errno == EAGAIN) { - DEBUG(0, ("setresuid failed with EAGAIN. uid(%d) " + DEBUG(0, ("samba_setresuid failed with EAGAIN. uid(%d) " "might be over its NPROC limit\n", (int)uid)); } @@ -208,15 +213,15 @@ void set_effective_uid(uid_t uid) #endif #if USE_SETREUID - setreuid(-1,uid); + samba_setreuid(-1,uid); #endif #if USE_SETEUID - seteuid(uid); + samba_seteuid(uid); #endif #if USE_SETUIDX - setuidx(ID_EFFECTIVE, uid); + samba_setuidx(ID_EFFECTIVE, uid); #endif assert_uid(-1, uid); @@ -229,19 +234,19 @@ void set_effective_uid(uid_t uid) void set_effective_gid(gid_t gid) { #if USE_SETRESUID - setresgid(-1,gid,-1); + samba_setresgid(-1,gid,-1); #endif #if USE_SETREUID - setregid(-1,gid); + samba_setregid(-1,gid); #endif #if USE_SETEUID - setegid(gid); + samba_setegid(gid); #endif #if USE_SETUIDX - setgidx(ID_EFFECTIVE, gid); + samba_setgidx(ID_EFFECTIVE, gid); #endif assert_gid(-1, gid); @@ -268,17 +273,17 @@ void save_re_uid(void) void restore_re_uid_fromroot(void) { #if USE_SETRESUID - setresuid(saved_ruid, saved_euid, -1); + samba_setresuid(saved_ruid, saved_euid, -1); #elif USE_SETREUID - setreuid(saved_ruid, -1); - setreuid(-1,saved_euid); + samba_setreuid(saved_ruid, -1); + samba_setreuid(-1,saved_euid); #elif USE_SETUIDX - setuidx(ID_REAL, saved_ruid); - setuidx(ID_EFFECTIVE, saved_euid); + samba_setuidx(ID_REAL, saved_ruid); + samba_setuidx(ID_EFFECTIVE, saved_euid); #else set_effective_uid(saved_euid); if (getuid() != saved_ruid) - setuid(saved_ruid); + samba_setuid(saved_ruid); set_effective_uid(saved_euid); #endif @@ -307,17 +312,17 @@ void save_re_gid(void) void restore_re_gid(void) { #if USE_SETRESUID - setresgid(saved_rgid, saved_egid, -1); + samba_setresgid(saved_rgid, saved_egid, -1); #elif USE_SETREUID - setregid(saved_rgid, -1); - setregid(-1,saved_egid); + samba_setregid(saved_rgid, -1); + samba_setregid(-1,saved_egid); #elif USE_SETUIDX - setgidx(ID_REAL, saved_rgid); - setgidx(ID_EFFECTIVE, saved_egid); + samba_setgidx(ID_REAL, saved_rgid); + samba_setgidx(ID_EFFECTIVE, saved_egid); #else set_effective_gid(saved_egid); if (getgid() != saved_rgid) - setgid(saved_rgid); + samba_setgid(saved_rgid); set_effective_gid(saved_egid); #endif @@ -335,13 +340,13 @@ int set_re_uid(void) uid_t uid = geteuid(); #if USE_SETRESUID - setresuid(geteuid(), -1, -1); + samba_setresuid(geteuid(), -1, -1); #endif #if USE_SETREUID - setreuid(0, 0); - setreuid(uid, -1); - setreuid(-1, uid); + samba_setreuid(0, 0); + samba_setreuid(uid, -1); + samba_setreuid(-1, uid); #endif #if USE_SETEUID @@ -374,34 +379,34 @@ void become_user_permanently(uid_t uid, gid_t gid) gain_root_group_privilege(); #if USE_SETRESUID - setresgid(gid,gid,gid); - setgid(gid); - setresuid(uid,uid,uid); - setuid(uid); + samba_setresgid(gid,gid,gid); + samba_setgid(gid); + samba_setresuid(uid,uid,uid); + samba_setuid(uid); #endif #if USE_SETREUID - setregid(gid,gid); - setgid(gid); - setreuid(uid,uid); - setuid(uid); + samba_setregid(gid,gid); + samba_setgid(gid); + samba_setreuid(uid,uid); + samba_setuid(uid); #endif #if USE_SETEUID - setegid(gid); - setgid(gid); - setuid(uid); - seteuid(uid); - setuid(uid); + samba_setegid(gid); + samba_setgid(gid); + samba_setuid(uid); + samba_seteuid(uid); + samba_setuid(uid); #endif #if USE_SETUIDX - setgidx(ID_REAL, gid); - setgidx(ID_EFFECTIVE, gid); - setgid(gid); - setuidx(ID_REAL, uid); - setuidx(ID_EFFECTIVE, uid); - setuid(uid); + samba_setgidx(ID_REAL, gid); + samba_setgidx(ID_EFFECTIVE, gid); + samba_setgid(gid); + samba_setuidx(ID_REAL, uid); + samba_setuidx(ID_EFFECTIVE, uid); + samba_setuid(uid); #endif assert_uid(uid, uid); @@ -418,19 +423,19 @@ static int have_syscall(void) errno = 0; #if USE_SETRESUID - setresuid(-1,-1,-1); + samba_setresuid(-1,-1,-1); #endif #if USE_SETREUID - setreuid(-1,-1); + samba_setreuid(-1,-1); #endif #if USE_SETEUID - seteuid(-1); + samba_seteuid(-1); #endif #if USE_SETUIDX - setuidx(ID_EFFECTIVE, -1); + samba_setuidx(ID_EFFECTIVE, -1); #endif if (errno == ENOSYS) return -1; @@ -462,7 +467,7 @@ main() gain_root_privilege(); gain_root_group_privilege(); become_user_permanently(1, 1); - setuid(0); + samba_setuid(0); if (getuid() == 0) { fprintf(stderr,"uid not set permanently\n"); exit(1); |