diff options
-rw-r--r-- | source3/lib/debug.c | 4 | ||||
-rw-r--r-- | source3/lib/messages.c | 9 | ||||
-rw-r--r-- | source3/lib/util_sec.c | 24 | ||||
-rw-r--r-- | source3/passdb/lookup_sid.c | 24 | ||||
-rw-r--r-- | source3/passdb/passdb.c | 8 | ||||
-rw-r--r-- | source3/smbd/quotas.c | 30 |
6 files changed, 41 insertions, 58 deletions
diff --git a/source3/lib/debug.c b/source3/lib/debug.c index a2e8574bbd..138c52cdce 100644 --- a/source3/lib/debug.c +++ b/source3/lib/debug.c @@ -695,7 +695,7 @@ void check_log_size( void ) if( sys_fstat( x_fileno( dbf ), &st ) == 0 && st.st_size > maxlog ) { - become_root_uid_only(); + become_root(); (void)reopen_logs(); if( dbf && get_file_size( debugf ) > maxlog ) { @@ -710,7 +710,7 @@ void check_log_size( void ) } } - unbecome_root_uid_only(); + unbecome_root(); } /* diff --git a/source3/lib/messages.c b/source3/lib/messages.c index 336a9349e6..316854f643 100644 --- a/source3/lib/messages.c +++ b/source3/lib/messages.c @@ -183,13 +183,18 @@ static NTSTATUS message_notify(struct process_id procid) SMB_ASSERT(pid > 0); if (euid != 0) { - become_root_uid_only(); + /* If we're not root become so to send the message. */ + save_re_uid(); + set_effective_uid(0); } ret = kill(pid, SIGUSR1); if (euid != 0) { - unbecome_root_uid_only(); + /* Go back to who we were. */ + int saved_errno = errno; + restore_re_uid_fromroot(); + errno = saved_errno; } if (ret == -1) { diff --git a/source3/lib/util_sec.c b/source3/lib/util_sec.c index 3d997ee76a..1899208697 100644 --- a/source3/lib/util_sec.c +++ b/source3/lib/util_sec.c @@ -265,7 +265,7 @@ void save_re_uid(void) and restore them! ****************************************************************************/ -static void restore_re_uid_fromroot(void) +void restore_re_uid_fromroot(void) { #if USE_SETRESUID setresuid(saved_ruid, saved_euid, -1); @@ -292,28 +292,6 @@ void restore_re_uid(void) } /**************************************************************************** - Lightweight become root - no group change. -****************************************************************************/ - -void become_root_uid_only(void) -{ - save_re_uid(); - set_effective_uid(0); -} - -/**************************************************************************** - Lightweight unbecome root - no group change. Expects we are root already, - saves errno across call boundary. -****************************************************************************/ - -void unbecome_root_uid_only(void) -{ - int saved_errno = errno; - restore_re_uid_fromroot(); - errno = saved_errno; -} - -/**************************************************************************** save the real and effective gid for later restoration. Used by the getgroups code ****************************************************************************/ diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index cd9d8d7092..b260d8ce57 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -465,10 +465,10 @@ static BOOL lookup_rids(TALLOC_CTX *mem_ctx, const DOM_SID *domain_sid, return False; } - become_root_uid_only(); + become_root(); result = pdb_lookup_rids(domain_sid, num_rids, rids, *names, *types); - unbecome_root_uid_only(); + unbecome_root(); return (NT_STATUS_IS_OK(result) || NT_STATUS_EQUAL(result, NT_STATUS_NONE_MAPPED) || @@ -1127,9 +1127,9 @@ void legacy_uid_to_sid(DOM_SID *psid, uid_t uid) ZERO_STRUCTP(psid); - become_root_uid_only(); + become_root(); ret = pdb_uid_to_rid(uid, &rid); - unbecome_root_uid_only(); + unbecome_root(); if (ret) { /* This is a mapped user */ @@ -1160,9 +1160,9 @@ void legacy_gid_to_sid(DOM_SID *psid, gid_t gid) ZERO_STRUCTP(psid); - become_root_uid_only(); + become_root(); ret = pdb_gid_to_sid(gid, psid); - unbecome_root_uid_only(); + unbecome_root(); if (ret) { /* This is a mapped group */ @@ -1200,9 +1200,9 @@ BOOL legacy_sid_to_uid(const DOM_SID *psid, uid_t *puid) union unid_t id; BOOL ret; - become_root_uid_only(); + become_root(); ret = pdb_sid_to_id(psid, &id, &type); - unbecome_root_uid_only(); + unbecome_root(); if (ret) { if (type != SID_NAME_USER) { @@ -1251,9 +1251,9 @@ BOOL legacy_sid_to_gid(const DOM_SID *psid, gid_t *pgid) sid_check_is_in_wellknown_domain(psid))) { BOOL ret; - become_root_uid_only(); + become_root(); ret = pdb_getgrsid(&map, *psid); - unbecome_root_uid_only(); + unbecome_root(); if (ret) { *pgid = map.gid; @@ -1266,9 +1266,9 @@ BOOL legacy_sid_to_gid(const DOM_SID *psid, gid_t *pgid) if (sid_peek_check_rid(get_global_sam_sid(), psid, &rid)) { BOOL ret; - become_root_uid_only(); + become_root(); ret = pdb_sid_to_id(psid, &id, &type); - unbecome_root_uid_only(); + unbecome_root(); if (ret) { if ((type != SID_NAME_DOM_GRP) && diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index a061977f3c..0ad5e21c78 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -1390,9 +1390,9 @@ BOOL pdb_update_bad_password_count(struct samu *sampass, BOOL *updated) return True; } - become_root_uid_only(); + become_root(); res = pdb_get_account_policy(AP_RESET_COUNT_TIME, &resettime); - unbecome_root_uid_only(); + unbecome_root(); if (!res) { DEBUG(0, ("pdb_update_bad_password_count: pdb_get_account_policy failed.\n")); @@ -1435,9 +1435,9 @@ BOOL pdb_update_autolock_flag(struct samu *sampass, BOOL *updated) return True; } - become_root_uid_only(); + become_root(); res = pdb_get_account_policy(AP_LOCK_ACCOUNT_DURATION, &duration); - unbecome_root_uid_only(); + unbecome_root(); if (!res) { DEBUG(0, ("pdb_update_autolock_flag: pdb_get_account_policy failed.\n")); diff --git a/source3/smbd/quotas.c b/source3/smbd/quotas.c index 0492130950..ddfcb8e0f8 100644 --- a/source3/smbd/quotas.c +++ b/source3/smbd/quotas.c @@ -238,7 +238,7 @@ BOOL disk_quotas(const char *path, SMB_BIG_UINT *bsize, SMB_BIG_UINT *dfree, SMB if (!found) return(False); - become_root_uid_only(); + become_root(); if (strcmp(mnt->mnt_type, "xfs")==0) { r=get_smb_linux_xfs_quota(mnt->mnt_fsname, euser_id, egrp_id, &D); @@ -251,7 +251,7 @@ BOOL disk_quotas(const char *path, SMB_BIG_UINT *bsize, SMB_BIG_UINT *dfree, SMB } } - unbecome_root_uid_only(); + unbecome_root(); /* Use softlimit to determine disk space, except when it has been exceeded */ *bsize = D.bsize; @@ -655,20 +655,20 @@ BOOL disk_quotas(const char *path, SMB_BIG_UINT *bsize, SMB_BIG_UINT *dfree, SMB if ( ! found ) return(False) ; - become_root_uid_only(); + become_root(); #if defined(SUNOS5) if ( strcmp( mnt.mnt_fstype, "nfs" ) == 0) { BOOL retval; DEBUG(5,("disk_quotas: looking for mountpath (NFS) \"%s\"\n", mnt.mnt_special)); retval = nfs_quotas(mnt.mnt_special, euser_id, bsize, dfree, dsize); - unbecome_root_uid_only(); + unbecome(); return retval; } DEBUG(5,("disk_quotas: looking for quotas file \"%s\"\n", name)); if((file=sys_open(name, O_RDONLY,0))<0) { - unbecome_root_uid_only(); + unbecome_root(); return(False); } command.op = Q_GETQUOTA; @@ -681,7 +681,7 @@ BOOL disk_quotas(const char *path, SMB_BIG_UINT *bsize, SMB_BIG_UINT *dfree, SMB ret = quotactl(Q_GETQUOTA, name, euser_id, &D); #endif - unbecome_root_uid_only(); + unbecome_root(); if (ret < 0) { DEBUG(5,("disk_quotas ioctl (Solaris) failed. Error = %s\n", strerror(errno) )); @@ -841,7 +841,7 @@ BOOL disk_quotas(const char *path, SMB_BIG_UINT *bsize, SMB_BIG_UINT *dfree, SMB } euser_id=geteuid(); - become_root_uid_only(); + become_root(); /* Use softlimit to determine disk space, except when it has been exceeded */ @@ -851,7 +851,7 @@ BOOL disk_quotas(const char *path, SMB_BIG_UINT *bsize, SMB_BIG_UINT *dfree, SMB { r=quotactl (Q_GETQUOTA, mnt->mnt_fsname, euser_id, (caddr_t) &D); - unbecome_root_uid_only(); + unbecome_root(); if (r==-1) return(False); @@ -882,7 +882,7 @@ BOOL disk_quotas(const char *path, SMB_BIG_UINT *bsize, SMB_BIG_UINT *dfree, SMB { r=quotactl (Q_XGETQUOTA, mnt->mnt_fsname, euser_id, (caddr_t) &F); - unbecome_root_uid_only(); + unbecome_root(); if (r==-1) { @@ -916,7 +916,7 @@ BOOL disk_quotas(const char *path, SMB_BIG_UINT *bsize, SMB_BIG_UINT *dfree, SMB } else { - unbecome_root_uid_only(); + unbecome_root(); return(False); } @@ -1184,13 +1184,13 @@ BOOL disk_quotas(const char *path, SMB_BIG_UINT *bsize, SMB_BIG_UINT *dfree, SMB return False; #endif - become_root_uid_only(); + become_root(); #if defined(__FreeBSD__) || defined(__DragonFly__) if (strcmp(mnts[i].f_fstypename,"nfs") == 0) { BOOL retval; retval = nfs_quotas(mnts[i].f_mntfromname,euser_id,bsize,dfree,dsize); - unbecome_root_uid_only(); + unbecome_root(); return retval; } #endif @@ -1204,7 +1204,7 @@ BOOL disk_quotas(const char *path, SMB_BIG_UINT *bsize, SMB_BIG_UINT *dfree, SMB r= quotactl(path,QCMD(Q_GETQUOTA,GRPQUOTA),egrp_id,(char *) &D); } - unbecome_root_uid_only(); + unbecome_root(); } #elif defined(AIX) /* AIX has both USER and GROUP quotas: @@ -1218,9 +1218,9 @@ BOOL disk_quotas(const char *path, SMB_BIG_UINT *bsize, SMB_BIG_UINT *dfree, SMB if(statbuf.f_vfstype == MNT_J2) { /* For some reason we need to be root for jfs2 */ - become_root_uid_only(); + become_root(); r = quotactl(path,QCMD(Q_J2GETQUOTA,USRQUOTA),euser_id,(char *) &user_quota); - unbecome_root_uid_only(); + unbecome_root(); /* Copy results to old struct to let the following code work as before */ D.dqb_curblocks = user_quota.bused; D.dqb_bsoftlimit = user_quota.bsoft; |