summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/replace/libreplace.m44
-rw-r--r--lib/replace/wscript4
-rw-r--r--lib/util/setid.c50
3 files changed, 46 insertions, 12 deletions
diff --git a/lib/replace/libreplace.m4 b/lib/replace/libreplace.m4
index ad0f90411e..d298b9242b 100644
--- a/lib/replace/libreplace.m4
+++ b/lib/replace/libreplace.m4
@@ -124,8 +124,10 @@ AC_CHECK_HEADERS(sys/mount.h mntent.h)
AC_CHECK_HEADERS(stropts.h)
AC_CHECK_HEADERS(unix.h)
AC_CHECK_HEADERS(malloc.h)
+AC_CHECK_HEADERS(syscall.h)
+AC_CHECK_HEADERS(sys/syscall.h)
-AC_CHECK_FUNCS(seteuid setreuid setresuid setegid setregid setresgid)
+AC_CHECK_FUNCS(syscall setuid seteuid setreuid setresuid setgid setegid setregid setresgid setgroups)
AC_CHECK_FUNCS(chroot bzero strerror strerror_r memalign posix_memalign getpagesize)
AC_CHECK_FUNCS(vsyslog setlinebuf mktime ftruncate chsize rename)
AC_CHECK_FUNCS(waitpid wait4 strlcpy strlcat initgroups memmove strdup)
diff --git a/lib/replace/wscript b/lib/replace/wscript
index 68138cf8ed..157296b298 100644
--- a/lib/replace/wscript
+++ b/lib/replace/wscript
@@ -163,7 +163,7 @@ def configure(conf):
conf.CHECK_FUNCS('shl_load shl_unload shl_findsym')
conf.CHECK_FUNCS('pipe strftime srandom random srand rand usleep setbuffer')
- conf.CHECK_FUNCS('lstat getpgrp utime utimes seteuid setreuid setresuid setegid')
+ conf.CHECK_FUNCS('lstat getpgrp utime utimes setuid seteuid setreuid setresuid setgid setegid')
conf.CHECK_FUNCS('setregid setresgid chroot strerror vsyslog setlinebuf mktime')
conf.CHECK_FUNCS('ftruncate chsize rename waitpid wait4')
conf.CHECK_FUNCS('initgroups pread pwrite strndup strcasestr')
@@ -207,7 +207,7 @@ def configure(conf):
conf.CHECK_FUNCS('if_nametoindex strerror_r')
conf.CHECK_FUNCS('getdirentries getdents syslog')
conf.CHECK_FUNCS('gai_strerror get_current_dir_name')
- conf.CHECK_FUNCS('timegm getifaddrs freeifaddrs mmap setgroups setsid')
+ conf.CHECK_FUNCS('timegm getifaddrs freeifaddrs mmap setgroups syscall setsid')
conf.CHECK_FUNCS('getgrent_r getgrgid_r getgrnam_r getgrouplist getpagesize')
conf.CHECK_FUNCS('getpwent_r getpwnam_r getpwuid_r epoll_create')
diff --git a/lib/util/setid.c b/lib/util/setid.c
index 8b2efc076f..66c06397ee 100644
--- a/lib/util/setid.c
+++ b/lib/util/setid.c
@@ -70,10 +70,22 @@ int samba_setgroups(size_t setlen, const gid_t *gidset);
#include "../lib/util/setid.h"
+#if defined(USE_LINUX_THREAD_CREDENTIALS)
+#if defined(HAVE_SYSCALL_H)
+#include <syscall.h>
+#endif
+
+#if defined(HAVE_SYS_SYSCALL_H)
+#include <sys/syscall.h>
+#endif
+#endif
+
/* All the setXX[ug]id functions and setgroups Samba uses. */
int samba_setresuid(uid_t ruid, uid_t euid, uid_t suid)
{
-#if defined(HAVE_SETRESUID)
+#if defined(USE_LINUX_THREAD_CREDENTIALS)
+ return syscall(SYS_setresuid, ruid, euid, suid);
+#elif defined(HAVE_SETRESUID)
return setresuid(ruid, euid, suid);
#else
errno = ENOSYS;
@@ -83,7 +95,9 @@ int samba_setresuid(uid_t ruid, uid_t euid, uid_t suid)
int samba_setresgid(gid_t rgid, gid_t egid, gid_t sgid)
{
-#if defined(HAVE_SETRESGID)
+#if defined(USE_LINUX_THREAD_CREDENTIALS)
+ return syscall(SYS_setresgid, rgid, egid, sgid);
+#elif defined(HAVE_SETRESGID)
return setresgid(rgid, egid, sgid);
#else
errno = ENOSYS;
@@ -93,7 +107,9 @@ int samba_setresgid(gid_t rgid, gid_t egid, gid_t sgid)
int samba_setreuid(uid_t ruid, uid_t euid)
{
-#if defined(HAVE_SETREUID)
+#if defined(USE_LINUX_THREAD_CREDENTIALS)
+ return syscall(SYS_setreuid, ruid, euid);
+#elif defined(HAVE_SETREUID)
return setreuid(ruid, euid);
#else
errno = ENOSYS;
@@ -103,7 +119,9 @@ int samba_setreuid(uid_t ruid, uid_t euid)
int samba_setregid(gid_t rgid, gid_t egid)
{
-#if defined(HAVE_SETREGID)
+#if defined(USE_LINUX_THREAD_CREDENTIALS)
+ return syscall(SYS_setregid, rgid, egid);
+#elif defined(HAVE_SETREGID)
return setregid(rgid, egid);
#else
errno = ENOSYS;
@@ -113,7 +131,10 @@ int samba_setregid(gid_t rgid, gid_t egid)
int samba_seteuid(uid_t euid)
{
-#if defined(HAVE_SETEUID)
+#if defined(USE_LINUX_THREAD_CREDENTIALS)
+ /* seteuid is not a separate system call. */
+ return syscall(SYS_setresuid, -1, euid, -1);
+#elif defined(HAVE_SETEUID)
return seteuid(euid);
#else
errno = ENOSYS;
@@ -123,7 +144,10 @@ int samba_seteuid(uid_t euid)
int samba_setegid(gid_t egid)
{
-#if defined(HAVE_SETEGID)
+#if defined(USE_LINUX_THREAD_CREDENTIALS)
+ /* setegid is not a separate system call. */
+ return syscall(SYS_setresgid, -1, egid, -1);
+#elif defined(HAVE_SETEGID)
return setegid(egid);
#else
errno = ENOSYS;
@@ -133,7 +157,9 @@ int samba_setegid(gid_t egid)
int samba_setuid(uid_t uid)
{
-#if defined(HAVE_SETUID)
+#if defined(USE_LINUX_THREAD_CREDENTIALS)
+ return syscall(SYS_setuid, uid);
+#elif defined(HAVE_SETUID)
return setuid(uid);
#else
errno = ENOSYS;
@@ -143,7 +169,9 @@ int samba_setuid(uid_t uid)
int samba_setgid(gid_t gid)
{
-#if defined(HAVE_SETGID)
+#if defined(USE_LINUX_THREAD_CREDENTIALS)
+ return syscall(SYS_setgid, gid);
+#elif defined(HAVE_SETGID)
return setgid(gid);
#else
errno = ENOSYS;
@@ -156,6 +184,7 @@ int samba_setuidx(int flags, uid_t uid)
#if defined(HAVE_SETUIDX)
return setuidx(flags, uid);
#else
+ /* USE_LINUX_THREAD_CREDENTIALS doesn't have this. */
errno = ENOSYS;
return -1;
#endif
@@ -166,6 +195,7 @@ int samba_setgidx(int flags, gid_t gid)
#if defined(HAVE_SETGIDX)
return setgidx(flags, gid);
#else
+ /* USE_LINUX_THREAD_CREDENTIALS doesn't have this. */
errno = ENOSYS;
return -1;
#endif
@@ -173,7 +203,9 @@ int samba_setgidx(int flags, gid_t gid)
int samba_setgroups(size_t setlen, const gid_t *gidset)
{
-#if defined(HAVE_SETGROUPS)
+#if defined(USE_LINUX_THREAD_CREDENTIALS)
+ return syscall(SYS_setgroups, setlen, gidset);
+#elif defined(HAVE_SETGROUPS)
return setgroups(setlen, gidset);
#else
errno = ENOSYS;