diff options
| author | Andrew Tridgell <tridge@samba.org> | 2004-11-03 10:09:48 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:05:23 -0500 |
| commit | dde07058075d357cfdc63624c8dcaa67ebd40add (patch) | |
| tree | c3f29090e37f1bc103a3d6051e708d1ebbe305a5 /source4/lib/unix_privs.c | |
| parent | 90a8c4acc7e673e6439197776d19cc4b095ac322 (diff) | |
| download | samba-dde07058075d357cfdc63624c8dcaa67ebd40add.tar.gz samba-dde07058075d357cfdc63624c8dcaa67ebd40add.tar.bz2 samba-dde07058075d357cfdc63624c8dcaa67ebd40add.zip | |
r3507: - added deferred replies on sharing violation in pvfs open. The
deferred reply is short-circuited immediately when the file is
closed by another user, allowing it to be opened by the waiting user.
- added a sane set of timeval manipulation routines
- converted all the events code and code that uses it to use struct
timeval instead of time_t, which allows for microsecond resolution
instead of 1 second resolution. This was needed for doing the pvfs
deferred open code, and is why the patch is so big.
(This used to be commit 0d51511d408d91eb5f68a35e980e0875299b1831)
Diffstat (limited to 'source4/lib/unix_privs.c')
| -rw-r--r-- | source4/lib/unix_privs.c | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/source4/lib/unix_privs.c b/source4/lib/unix_privs.c new file mode 100644 index 0000000000..c65f490aeb --- /dev/null +++ b/source4/lib/unix_privs.c @@ -0,0 +1,69 @@ +/* + Unix SMB/CIFS implementation. + + gain/lose root privileges + + Copyright (C) Andrew Tridgell 2004 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" +#include "system/passwd.h" + +/* + there are times when smbd needs to temporarily gain root privileges + to do some operation. To do this you call root_privileges(), which + returns a talloc handle. To restore your previous privileges + talloc_free() this pointer. + + Note that this call is considered successful even if it does not + manage to gain too privileges, but it will call smb_abort() if it + fails to restore the privileges afterwards. The logic is that + failing to gain root access can be caught by whatever operation + needs to be run as root failing, but failing to lose the root + privileges is dangerous. + + This also means that this code is safe to be called from completely + unprivileged processes. +*/ + +struct saved_state { + uid_t uid; +}; + +static int privileges_destructor(void *ptr) +{ + struct saved_state *s = ptr; + if (geteuid() != s->uid && + seteuid(s->uid) != 0) { + smb_panic("Failed to restore privileges"); + } + return 0; +} + +void *root_privileges(void) +{ + struct saved_state *s; + s = talloc_p(NULL, struct saved_state); + if (!s) return NULL; + s->uid = geteuid(); + if (s->uid != 0) { + seteuid(0); + } + talloc_set_destructor(s, privileges_destructor); + return s; +} + |