summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
Diffstat (limited to 'source3')
-rw-r--r--source3/lib/messages.c11
-rw-r--r--source3/lib/util_sec.c32
-rw-r--r--source3/smbd/posix_acls.c24
3 files changed, 45 insertions, 22 deletions
diff --git a/source3/lib/messages.c b/source3/lib/messages.c
index bae4052964..410e4af659 100644
--- a/source3/lib/messages.c
+++ b/source3/lib/messages.c
@@ -167,7 +167,6 @@ static TDB_DATA message_key_pid(struct process_id pid)
static BOOL message_notify(struct process_id procid)
{
pid_t pid = procid.pid;
- int saved_errno;
int ret;
uid_t euid = geteuid();
@@ -179,23 +178,21 @@ static BOOL message_notify(struct process_id procid)
SMB_ASSERT(pid > 0);
if (euid != 0) {
- save_re_uid();
- set_effective_uid(0);
+ become_root_uid_only();
}
ret = kill(pid, SIGUSR1);
- saved_errno = errno;
if (euid != 0) {
- restore_re_uid();
+ unbecome_root_uid_only();
}
if (ret == -1) {
- if (saved_errno == ESRCH) {
+ if (errno == ESRCH) {
DEBUG(2,("pid %d doesn't exist - deleting messages record\n", (int)pid));
tdb_delete(tdb, message_key_pid(procid));
} else {
- DEBUG(2,("message to process %d failed - %s\n", (int)pid, strerror(saved_errno)));
+ DEBUG(2,("message to process %d failed - %s\n", (int)pid, strerror(errno)));
}
return False;
}
diff --git a/source3/lib/util_sec.c b/source3/lib/util_sec.c
index c13b20ec92..3f8cb690cd 100644
--- a/source3/lib/util_sec.c
+++ b/source3/lib/util_sec.c
@@ -258,10 +258,9 @@ void save_re_uid(void)
/****************************************************************************
and restore them!
****************************************************************************/
-void restore_re_uid(void)
-{
- set_effective_uid(0);
+static void restore_re_uid_fromroot(void)
+{
#if USE_SETRESUID
setresuid(saved_ruid, saved_euid, -1);
#elif USE_SETREUID
@@ -280,6 +279,33 @@ void restore_re_uid(void)
assert_uid(saved_ruid, saved_euid);
}
+void restore_re_uid(void)
+{
+ set_effective_uid(0);
+ restore_re_uid_fromroot();
+}
+
+/****************************************************************************
+ Lightweight become root - no group change.
+****************************************************************************/
+
+void become_root_uid_only(void)
+{
+ save_re_uid();
+ set_effective_uid(0);
+}
+
+/****************************************************************************
+ Lightweight unbecome root - no group change. Expects we are root already,
+ saves errno across call boundary.
+****************************************************************************/
+
+void unbecome_root_uid_only(void)
+{
+ int saved_errno = errno;
+ restore_re_uid_fromroot();
+ errno = saved_errno;
+}
/****************************************************************************
save the real and effective gid for later restoration. Used by the
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 3ea442f818..f2ed2778f2 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -2458,9 +2458,9 @@ static BOOL set_canon_ace_list(files_struct *fsp, canon_ace *the_ace, BOOL defau
DEBUG(5,("set_canon_ace_list: acl group control on and current user in file %s primary group.\n",
fsp->fsp_name ));
- become_root();
+ become_root_uid_only();
sret = SMB_VFS_SYS_ACL_SET_FILE(conn, fsp->fsp_name, the_acl_type, the_acl);
- unbecome_root();
+ unbecome_root_uid_only();
if (sret == 0) {
ret = True;
}
@@ -2489,9 +2489,9 @@ static BOOL set_canon_ace_list(files_struct *fsp, canon_ace *the_ace, BOOL defau
DEBUG(5,("set_canon_ace_list: acl group control on and current user in file %s primary group.\n",
fsp->fsp_name ));
- become_root();
+ become_root_uid_only();
sret = SMB_VFS_SYS_ACL_SET_FD(fsp, fsp->fh->fd, the_acl);
- unbecome_root();
+ unbecome_root_uid_only();
if (sret == 0) {
ret = True;
}
@@ -3018,10 +3018,10 @@ static int try_chown(connection_struct *conn, const char *fname, uid_t uid, gid_
/* Case (3) */
( has_restore_priv ) ) {
- become_root();
+ become_root_uid_only();
/* Keep the current file gid the same - take ownership doesn't imply group change. */
ret = SMB_VFS_CHOWN(conn, fname, uid, (gid_t)-1);
- unbecome_root();
+ unbecome_root_uid_only();
return ret;
}
}
@@ -3045,10 +3045,10 @@ static int try_chown(connection_struct *conn, const char *fname, uid_t uid, gid_
*/
uid = current_user.ut.uid;
- become_root();
+ become_root_uid_only();
/* Keep the current file gid the same. */
ret = SMB_VFS_FCHOWN(fsp, fsp->fh->fd, uid, (gid_t)-1);
- unbecome_root();
+ unbecome_root_uid_only();
close_file_fchmod(fsp);
@@ -3226,9 +3226,9 @@ BOOL set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
"current user in file %s primary group. Override delete_def_acl\n",
fsp->fsp_name ));
- become_root();
+ become_root_uid_only();
sret = SMB_VFS_SYS_ACL_DELETE_DEF_FILE(conn, fsp->fsp_name);
- unbecome_root();
+ unbecome_root_uid_only();
}
if (sret == -1) {
@@ -3273,9 +3273,9 @@ BOOL set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
"current user in file %s primary group. Override chmod\n",
fsp->fsp_name ));
- become_root();
+ become_root_uid_only();
sret = SMB_VFS_CHMOD(conn,fsp->fsp_name, posix_perms);
- unbecome_root();
+ unbecome_root_uid_only();
}
if (sret == -1) {