diff options
Diffstat (limited to 'source3/lib/util_sec.c')
| -rw-r--r-- | source3/lib/util_sec.c | 55 |
1 files changed, 40 insertions, 15 deletions
diff --git a/source3/lib/util_sec.c b/source3/lib/util_sec.c index 164e6ab506..c62df82396 100644 --- a/source3/lib/util_sec.c +++ b/source3/lib/util_sec.c @@ -44,6 +44,31 @@ extern int DEBUGLEVEL; #define smb_panic(x) exit(1) #endif +/* are we running as non-root? This is used by the regresison test code, + and potentially also for sites that want non-root smbd */ +static uid_t initial_uid; + +/**************************************************************************** +remember what uid we got started as - this allows us to run correctly +as non-root while catching trapdoor systems +****************************************************************************/ +void sec_init(void) +{ + initial_uid = geteuid(); + if (initial_uid != (uid_t)0) { + /* the DEBUG() subsystem has not been initialised when this is called */ + fprintf(stderr, "WARNING: running as non-root. Some functionality will be missing\n"); + } +} + +/**************************************************************************** +are we running in non-root mode? +****************************************************************************/ +BOOL non_root_mode(void) +{ + return (initial_uid != (uid_t)0); +} + /**************************************************************************** abort if we haven't set the uid correctly ****************************************************************************/ @@ -51,13 +76,13 @@ static void assert_uid(uid_t ruid, uid_t euid) { if ((euid != (uid_t)-1 && geteuid() != euid) || (ruid != (uid_t)-1 && getuid() != ruid)) { -#ifndef SMB_REGRESSION_TEST - DEBUG(0,("Failed to set uid privileges to (%d,%d) now set to (%d,%d)\n", - (int)ruid, (int)euid, - (int)getuid(), (int)geteuid())); - smb_panic("failed to set uid\n"); - exit(1); -#endif + if (!non_root_mode()) { + DEBUG(0,("Failed to set uid privileges to (%d,%d) now set to (%d,%d)\n", + (int)ruid, (int)euid, + (int)getuid(), (int)geteuid())); + smb_panic("failed to set uid\n"); + exit(1); + } } } @@ -68,14 +93,14 @@ static void assert_gid(gid_t rgid, gid_t egid) { if ((egid != (gid_t)-1 && getegid() != egid) || (rgid != (gid_t)-1 && getgid() != rgid)) { -#ifndef SMB_REGRESSION_TEST - DEBUG(0,("Failed to set gid privileges to (%d,%d) now set to (%d,%d) uid=(%d,%d)\n", - (int)rgid, (int)egid, - (int)getgid(), (int)getegid(), - (int)getuid(), (int)geteuid())); - smb_panic("failed to set gid\n"); - exit(1); -#endif + if (!non_root_mode()) { + DEBUG(0,("Failed to set gid privileges to (%d,%d) now set to (%d,%d) uid=(%d,%d)\n", + (int)rgid, (int)egid, + (int)getgid(), (int)getegid(), + (int)getuid(), (int)geteuid())); + smb_panic("failed to set gid\n"); + exit(1); + } } } |