summaryrefslogtreecommitdiff
path: root/source3/nsswitch
diff options
context:
space:
mode:
Diffstat (limited to 'source3/nsswitch')
-rw-r--r--source3/nsswitch/winbindd_cred_cache.c8
-rw-r--r--source3/nsswitch/winbindd_pam.c6
2 files changed, 7 insertions, 7 deletions
diff --git a/source3/nsswitch/winbindd_cred_cache.c b/source3/nsswitch/winbindd_cred_cache.c
index db1dc57795..84c316dbf8 100644
--- a/source3/nsswitch/winbindd_cred_cache.c
+++ b/source3/nsswitch/winbindd_cred_cache.c
@@ -105,7 +105,7 @@ static void krb5_ticket_refresh_handler(struct timed_event *te,
if ((entry->renew_until < time(NULL)) && (entry->pass != NULL)) {
- seteuid(entry->uid);
+ set_effective_uid(entry->uid);
ret = kerberos_kinit_password_ext(entry->principal_name,
entry->pass,
@@ -116,7 +116,7 @@ static void krb5_ticket_refresh_handler(struct timed_event *te,
False, /* no PAC required anymore */
True,
WINBINDD_PAM_AUTH_KRB5_RENEW_TIME);
- seteuid(0);
+ gain_root_privilege();
if (ret) {
DEBUG(3,("could not re-kinit: %s\n", error_message(ret)));
@@ -132,13 +132,13 @@ static void krb5_ticket_refresh_handler(struct timed_event *te,
goto done;
}
- seteuid(entry->uid);
+ set_effective_uid(entry->uid);
ret = smb_krb5_renew_ticket(entry->ccname,
entry->principal_name,
entry->service,
&new_start);
- seteuid(0);
+ gain_root_privilege();
if (ret) {
DEBUG(3,("could not renew tickets: %s\n", error_message(ret)));
diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c
index 243d2a7838..b02ba8e36c 100644
--- a/source3/nsswitch/winbindd_pam.c
+++ b/source3/nsswitch/winbindd_pam.c
@@ -478,7 +478,7 @@ static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain,
if (!internal_ccache) {
- seteuid(uid);
+ set_effective_uid(uid);
DEBUG(10,("winbindd_raw_kerberos_login: uid is %d\n", uid));
}
@@ -533,7 +533,7 @@ static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain,
}
if (!internal_ccache) {
- seteuid(0);
+ gain_root_privilege();
}
/************************ NON-ROOT **********************/
@@ -631,7 +631,7 @@ done:
SAFE_FREE(client_princ_out);
if (!internal_ccache) {
- seteuid(0);
+ gain_root_privilege();
}
return result;
generated by cgit (git 2.34.1) at 2024-12-11 19:40:33 +0000