From 71465a6fbc2941c77141607bd4af312d15fe3892 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 11 May 2006 22:47:28 +0000 Subject: r15539: Use portable wrapper functions instead of seteuid directly in winbindd. Jeremy. (This used to be commit 2e65fcc9def5f1386a33ca4a76e494838e3a0632) --- source3/nsswitch/winbindd_cred_cache.c | 8 ++++---- source3/nsswitch/winbindd_pam.c | 6 +++--- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/source3/nsswitch/winbindd_cred_cache.c b/source3/nsswitch/winbindd_cred_cache.c index db1dc57795..84c316dbf8 100644 --- a/source3/nsswitch/winbindd_cred_cache.c +++ b/source3/nsswitch/winbindd_cred_cache.c @@ -105,7 +105,7 @@ static void krb5_ticket_refresh_handler(struct timed_event *te, if ((entry->renew_until < time(NULL)) && (entry->pass != NULL)) { - seteuid(entry->uid); + set_effective_uid(entry->uid); ret = kerberos_kinit_password_ext(entry->principal_name, entry->pass, @@ -116,7 +116,7 @@ static void krb5_ticket_refresh_handler(struct timed_event *te, False, /* no PAC required anymore */ True, WINBINDD_PAM_AUTH_KRB5_RENEW_TIME); - seteuid(0); + gain_root_privilege(); if (ret) { DEBUG(3,("could not re-kinit: %s\n", error_message(ret))); @@ -132,13 +132,13 @@ static void krb5_ticket_refresh_handler(struct timed_event *te, goto done; } - seteuid(entry->uid); + set_effective_uid(entry->uid); ret = smb_krb5_renew_ticket(entry->ccname, entry->principal_name, entry->service, &new_start); - seteuid(0); + gain_root_privilege(); if (ret) { DEBUG(3,("could not renew tickets: %s\n", error_message(ret))); diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c index 243d2a7838..b02ba8e36c 100644 --- a/source3/nsswitch/winbindd_pam.c +++ b/source3/nsswitch/winbindd_pam.c @@ -478,7 +478,7 @@ static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain, if (!internal_ccache) { - seteuid(uid); + set_effective_uid(uid); DEBUG(10,("winbindd_raw_kerberos_login: uid is %d\n", uid)); } @@ -533,7 +533,7 @@ static NTSTATUS winbindd_raw_kerberos_login(struct winbindd_domain *domain, } if (!internal_ccache) { - seteuid(0); + gain_root_privilege(); } /************************ NON-ROOT **********************/ @@ -631,7 +631,7 @@ done: SAFE_FREE(client_princ_out); if (!internal_ccache) { - seteuid(0); + gain_root_privilege(); } return result; -- cgit