diff options
Diffstat (limited to 'source3')
-rw-r--r-- | source3/lib/messages.c | 11 | ||||
-rw-r--r-- | source3/lib/util_sec.c | 32 | ||||
-rw-r--r-- | source3/smbd/posix_acls.c | 24 |
3 files changed, 45 insertions, 22 deletions
diff --git a/source3/lib/messages.c b/source3/lib/messages.c index bae4052964..410e4af659 100644 --- a/source3/lib/messages.c +++ b/source3/lib/messages.c @@ -167,7 +167,6 @@ static TDB_DATA message_key_pid(struct process_id pid) static BOOL message_notify(struct process_id procid) { pid_t pid = procid.pid; - int saved_errno; int ret; uid_t euid = geteuid(); @@ -179,23 +178,21 @@ static BOOL message_notify(struct process_id procid) SMB_ASSERT(pid > 0); if (euid != 0) { - save_re_uid(); - set_effective_uid(0); + become_root_uid_only(); } ret = kill(pid, SIGUSR1); - saved_errno = errno; if (euid != 0) { - restore_re_uid(); + unbecome_root_uid_only(); } if (ret == -1) { - if (saved_errno == ESRCH) { + if (errno == ESRCH) { DEBUG(2,("pid %d doesn't exist - deleting messages record\n", (int)pid)); tdb_delete(tdb, message_key_pid(procid)); } else { - DEBUG(2,("message to process %d failed - %s\n", (int)pid, strerror(saved_errno))); + DEBUG(2,("message to process %d failed - %s\n", (int)pid, strerror(errno))); } return False; } diff --git a/source3/lib/util_sec.c b/source3/lib/util_sec.c index c13b20ec92..3f8cb690cd 100644 --- a/source3/lib/util_sec.c +++ b/source3/lib/util_sec.c @@ -258,10 +258,9 @@ void save_re_uid(void) /**************************************************************************** and restore them! ****************************************************************************/ -void restore_re_uid(void) -{ - set_effective_uid(0); +static void restore_re_uid_fromroot(void) +{ #if USE_SETRESUID setresuid(saved_ruid, saved_euid, -1); #elif USE_SETREUID @@ -280,6 +279,33 @@ void restore_re_uid(void) assert_uid(saved_ruid, saved_euid); } +void restore_re_uid(void) +{ + set_effective_uid(0); + restore_re_uid_fromroot(); +} + +/**************************************************************************** + Lightweight become root - no group change. +****************************************************************************/ + +void become_root_uid_only(void) +{ + save_re_uid(); + set_effective_uid(0); +} + +/**************************************************************************** + Lightweight unbecome root - no group change. Expects we are root already, + saves errno across call boundary. +****************************************************************************/ + +void unbecome_root_uid_only(void) +{ + int saved_errno = errno; + restore_re_uid_fromroot(); + errno = saved_errno; +} /**************************************************************************** save the real and effective gid for later restoration. Used by the diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 3ea442f818..f2ed2778f2 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -2458,9 +2458,9 @@ static BOOL set_canon_ace_list(files_struct *fsp, canon_ace *the_ace, BOOL defau DEBUG(5,("set_canon_ace_list: acl group control on and current user in file %s primary group.\n", fsp->fsp_name )); - become_root(); + become_root_uid_only(); sret = SMB_VFS_SYS_ACL_SET_FILE(conn, fsp->fsp_name, the_acl_type, the_acl); - unbecome_root(); + unbecome_root_uid_only(); if (sret == 0) { ret = True; } @@ -2489,9 +2489,9 @@ static BOOL set_canon_ace_list(files_struct *fsp, canon_ace *the_ace, BOOL defau DEBUG(5,("set_canon_ace_list: acl group control on and current user in file %s primary group.\n", fsp->fsp_name )); - become_root(); + become_root_uid_only(); sret = SMB_VFS_SYS_ACL_SET_FD(fsp, fsp->fh->fd, the_acl); - unbecome_root(); + unbecome_root_uid_only(); if (sret == 0) { ret = True; } @@ -3018,10 +3018,10 @@ static int try_chown(connection_struct *conn, const char *fname, uid_t uid, gid_ /* Case (3) */ ( has_restore_priv ) ) { - become_root(); + become_root_uid_only(); /* Keep the current file gid the same - take ownership doesn't imply group change. */ ret = SMB_VFS_CHOWN(conn, fname, uid, (gid_t)-1); - unbecome_root(); + unbecome_root_uid_only(); return ret; } } @@ -3045,10 +3045,10 @@ static int try_chown(connection_struct *conn, const char *fname, uid_t uid, gid_ */ uid = current_user.ut.uid; - become_root(); + become_root_uid_only(); /* Keep the current file gid the same. */ ret = SMB_VFS_FCHOWN(fsp, fsp->fh->fd, uid, (gid_t)-1); - unbecome_root(); + unbecome_root_uid_only(); close_file_fchmod(fsp); @@ -3226,9 +3226,9 @@ BOOL set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd) "current user in file %s primary group. Override delete_def_acl\n", fsp->fsp_name )); - become_root(); + become_root_uid_only(); sret = SMB_VFS_SYS_ACL_DELETE_DEF_FILE(conn, fsp->fsp_name); - unbecome_root(); + unbecome_root_uid_only(); } if (sret == -1) { @@ -3273,9 +3273,9 @@ BOOL set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd) "current user in file %s primary group. Override chmod\n", fsp->fsp_name )); - become_root(); + become_root_uid_only(); sret = SMB_VFS_CHMOD(conn,fsp->fsp_name, posix_perms); - unbecome_root(); + unbecome_root_uid_only(); } if (sret == -1) { |