From 821bd95156e8cc6d843aecb0a27d4a08761b7dac Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Thu, 28 Jun 2012 11:59:51 -0700
Subject: Replace all uses of setXX[ug]id() and setgroups with
 samba_setXX[ug]id() calls.

Will allow thread-specific credentials to be added by modifying
the central definitions. Deliberately left the setXX[ug]id()
call in popt as this is not used in Samba.
---
 source3/lib/system.c      |   9 ++--
 source3/lib/system_smbd.c |   3 +-
 source3/lib/util_sec.c    | 127 ++++++++++++++++++++++++----------------------
 3 files changed, 73 insertions(+), 66 deletions(-)

(limited to 'source3/lib')

diff --git a/source3/lib/system.c b/source3/lib/system.c
index 3daa041a27..fe8aec317d 100644
--- a/source3/lib/system.c
+++ b/source3/lib/system.c
@@ -25,6 +25,7 @@
 #include "system/capability.h"
 #include "system/passwd.h"
 #include "system/filesys.h"
+#include "../lib/util/setid.h"
 
 #ifdef HAVE_SYS_SYSCTL_H
 #include <sys/sysctl.h>
@@ -956,7 +957,7 @@ static int sys_broken_setgroups(int setlen, gid_t *gidset)
 	for(i = 0; i < setlen; i++) 
 		group_list[i] = (GID_T) gidset[i]; 
 
-	if(setgroups(setlen, group_list) != 0) {
+	if(samba_setgroups(setlen, group_list) != 0) {
 		int saved_errno = errno;
 		SAFE_FREE(group_list);
 		errno = saved_errno;
@@ -993,7 +994,7 @@ static int sys_bsd_setgroups(gid_t primary_gid, int setlen, const gid_t *gidset)
 
 	/* No group list, just make sure we are setting the efective GID. */
 	if (setlen == 0) {
-		return setgroups(1, &primary_gid);
+		return samba_setgroups(1, &primary_gid);
 	}
 
 	/* If the primary gid is not the first array element, grow the array
@@ -1019,7 +1020,7 @@ static int sys_bsd_setgroups(gid_t primary_gid, int setlen, const gid_t *gidset)
 #if defined(HAVE_BROKEN_GETGROUPS)
 	ret = sys_broken_setgroups(setlen, new_gidset ? new_gidset : gidset);
 #else
-	ret = setgroups(setlen, new_gidset ? new_gidset : gidset);
+	ret = samba_setgroups(setlen, new_gidset ? new_gidset : gidset);
 #endif
 
 	if (new_gidset) {
@@ -1062,7 +1063,7 @@ int sys_setgroups(gid_t UNUSED(primary_gid), int setlen, gid_t *gidset)
 #elif defined(HAVE_BROKEN_GETGROUPS)
 	return sys_broken_setgroups(setlen, gidset);
 #else
-	return setgroups(setlen, gidset);
+	return samba_setgroups(setlen, gidset);
 #endif
 }
 
diff --git a/source3/lib/system_smbd.c b/source3/lib/system_smbd.c
index 634f88ea9c..10d7f38d52 100644
--- a/source3/lib/system_smbd.c
+++ b/source3/lib/system_smbd.c
@@ -26,6 +26,7 @@
 #include "includes.h"
 #include "system/passwd.h"
 #include "nsswitch/winbind_client.h"
+#include "../lib/util/setid.h"
 
 #ifndef HAVE_GETGROUPLIST
 
@@ -130,7 +131,7 @@ static int getgrouplist_internals(const char *user, gid_t gid, gid_t *groups,
 	   return from getgroups() */
 	save_re_gid();
 	set_effective_gid(gid);
-	setgid(gid);
+	samba_setgid(gid);
 
 	num_gids = getgroups(0, NULL);
 	if (num_gids == -1) {
diff --git a/source3/lib/util_sec.c b/source3/lib/util_sec.c
index 60ea214d26..bbb75dbbd4 100644
--- a/source3/lib/util_sec.c
+++ b/source3/lib/util_sec.c
@@ -20,6 +20,8 @@
 #ifndef AUTOCONF_TEST
 #include "includes.h"
 #include "system/passwd.h" /* uid_wrapper */
+#include "../lib/util/setid.h"
+
 #else
 /* we are running this code in autoconf test mode to see which type of setuid
    function works */
@@ -38,6 +40,9 @@
 #include <sys/id.h>
 #endif
 
+/* In autoconf/test mode include the definitions of samba_setXXX. */
+#include "../lib/util/setid.c"
+
 #define DEBUG(x, y) printf y
 #define smb_panic(x) exit(1)
 #define bool int
@@ -130,24 +135,24 @@ static void assert_gid(gid_t rgid, gid_t egid)
 void gain_root_privilege(void)
 {	
 #if USE_SETRESUID
-	setresuid(0,0,0);
+	samba_setresuid(0,0,0);
 #endif
     
 #if USE_SETEUID
-	seteuid(0);
+	samba_seteuid(0);
 #endif
 
 #if USE_SETREUID
-	setreuid(0, 0);
+	samba_setreuid(0, 0);
 #endif
 
 #if USE_SETUIDX
-	setuidx(ID_EFFECTIVE, 0);
-	setuidx(ID_REAL, 0);
+	samba_setuidx(ID_EFFECTIVE, 0);
+	samba_setuidx(ID_REAL, 0);
 #endif
 
 	/* this is needed on some systems */
-	setuid(0);
+	samba_setuid(0);
 
 	assert_uid(0, 0);
 }
@@ -160,23 +165,23 @@ void gain_root_privilege(void)
 void gain_root_group_privilege(void)
 {
 #if USE_SETRESUID
-	setresgid(0,0,0);
+	samba_setresgid(0,0,0);
 #endif
 
 #if USE_SETREUID
-	setregid(0,0);
+	samba_setregid(0,0);
 #endif
 
 #if USE_SETEUID
-	setegid(0);
+	samba_setegid(0);
 #endif
 
 #if USE_SETUIDX
-	setgidx(ID_EFFECTIVE, 0);
-	setgidx(ID_REAL, 0);
+	samba_setgidx(ID_EFFECTIVE, 0);
+	samba_setgidx(ID_REAL, 0);
 #endif
 
-	setgid(0);
+	samba_setgid(0);
 
 	assert_gid(0, 0);
 }
@@ -198,9 +203,9 @@ void set_effective_uid(uid_t uid)
 {
 #if USE_SETRESUID
         /* Set the effective as well as the real uid. */
-	if (setresuid(uid,uid,-1) == -1) {
+	if (samba_setresuid(uid,uid,-1) == -1) {
 		if (errno == EAGAIN) {
-			DEBUG(0, ("setresuid failed with EAGAIN. uid(%d) "
+			DEBUG(0, ("samba_setresuid failed with EAGAIN. uid(%d) "
 				  "might be over its NPROC limit\n",
 				  (int)uid));
 		}
@@ -208,15 +213,15 @@ void set_effective_uid(uid_t uid)
 #endif
 
 #if USE_SETREUID
-	setreuid(-1,uid);
+	samba_setreuid(-1,uid);
 #endif
 
 #if USE_SETEUID
-	seteuid(uid);
+	samba_seteuid(uid);
 #endif
 
 #if USE_SETUIDX
-	setuidx(ID_EFFECTIVE, uid);
+	samba_setuidx(ID_EFFECTIVE, uid);
 #endif
 
 	assert_uid(-1, uid);
@@ -229,19 +234,19 @@ void set_effective_uid(uid_t uid)
 void set_effective_gid(gid_t gid)
 {
 #if USE_SETRESUID
-	setresgid(-1,gid,-1);
+	samba_setresgid(-1,gid,-1);
 #endif
 
 #if USE_SETREUID
-	setregid(-1,gid);
+	samba_setregid(-1,gid);
 #endif
 
 #if USE_SETEUID
-	setegid(gid);
+	samba_setegid(gid);
 #endif
 
 #if USE_SETUIDX
-	setgidx(ID_EFFECTIVE, gid);
+	samba_setgidx(ID_EFFECTIVE, gid);
 #endif
 
 	assert_gid(-1, gid);
@@ -268,17 +273,17 @@ void save_re_uid(void)
 void restore_re_uid_fromroot(void)
 {
 #if USE_SETRESUID
-	setresuid(saved_ruid, saved_euid, -1);
+	samba_setresuid(saved_ruid, saved_euid, -1);
 #elif USE_SETREUID
-	setreuid(saved_ruid, -1);
-	setreuid(-1,saved_euid);
+	samba_setreuid(saved_ruid, -1);
+	samba_setreuid(-1,saved_euid);
 #elif USE_SETUIDX
-	setuidx(ID_REAL, saved_ruid);
-	setuidx(ID_EFFECTIVE, saved_euid);
+	samba_setuidx(ID_REAL, saved_ruid);
+	samba_setuidx(ID_EFFECTIVE, saved_euid);
 #else
 	set_effective_uid(saved_euid);
 	if (getuid() != saved_ruid)
-		setuid(saved_ruid);
+		samba_setuid(saved_ruid);
 	set_effective_uid(saved_euid);
 #endif
 
@@ -307,17 +312,17 @@ void save_re_gid(void)
 void restore_re_gid(void)
 {
 #if USE_SETRESUID
-	setresgid(saved_rgid, saved_egid, -1);
+	samba_setresgid(saved_rgid, saved_egid, -1);
 #elif USE_SETREUID
-	setregid(saved_rgid, -1);
-	setregid(-1,saved_egid);
+	samba_setregid(saved_rgid, -1);
+	samba_setregid(-1,saved_egid);
 #elif USE_SETUIDX
-	setgidx(ID_REAL, saved_rgid);
-	setgidx(ID_EFFECTIVE, saved_egid);
+	samba_setgidx(ID_REAL, saved_rgid);
+	samba_setgidx(ID_EFFECTIVE, saved_egid);
 #else
 	set_effective_gid(saved_egid);
 	if (getgid() != saved_rgid)
-		setgid(saved_rgid);
+		samba_setgid(saved_rgid);
 	set_effective_gid(saved_egid);
 #endif
 
@@ -335,13 +340,13 @@ int set_re_uid(void)
 	uid_t uid = geteuid();
 
 #if USE_SETRESUID
-	setresuid(geteuid(), -1, -1);
+	samba_setresuid(geteuid(), -1, -1);
 #endif
 
 #if USE_SETREUID
-	setreuid(0, 0);
-	setreuid(uid, -1);
-	setreuid(-1, uid);
+	samba_setreuid(0, 0);
+	samba_setreuid(uid, -1);
+	samba_setreuid(-1, uid);
 #endif
 
 #if USE_SETEUID
@@ -374,34 +379,34 @@ void become_user_permanently(uid_t uid, gid_t gid)
 	gain_root_group_privilege();
 
 #if USE_SETRESUID
-	setresgid(gid,gid,gid);
-	setgid(gid);
-	setresuid(uid,uid,uid);
-	setuid(uid);
+	samba_setresgid(gid,gid,gid);
+	samba_setgid(gid);
+	samba_setresuid(uid,uid,uid);
+	samba_setuid(uid);
 #endif
 
 #if USE_SETREUID
-	setregid(gid,gid);
-	setgid(gid);
-	setreuid(uid,uid);
-	setuid(uid);
+	samba_setregid(gid,gid);
+	samba_setgid(gid);
+	samba_setreuid(uid,uid);
+	samba_setuid(uid);
 #endif
 
 #if USE_SETEUID
-	setegid(gid);
-	setgid(gid);
-	setuid(uid);
-	seteuid(uid);
-	setuid(uid);
+	samba_setegid(gid);
+	samba_setgid(gid);
+	samba_setuid(uid);
+	samba_seteuid(uid);
+	samba_setuid(uid);
 #endif
 
 #if USE_SETUIDX
-	setgidx(ID_REAL, gid);
-	setgidx(ID_EFFECTIVE, gid);
-	setgid(gid);
-	setuidx(ID_REAL, uid);
-	setuidx(ID_EFFECTIVE, uid);
-	setuid(uid);
+	samba_setgidx(ID_REAL, gid);
+	samba_setgidx(ID_EFFECTIVE, gid);
+	samba_setgid(gid);
+	samba_setuidx(ID_REAL, uid);
+	samba_setuidx(ID_EFFECTIVE, uid);
+	samba_setuid(uid);
 #endif
 	
 	assert_uid(uid, uid);
@@ -418,19 +423,19 @@ static int have_syscall(void)
 	errno = 0;
 
 #if USE_SETRESUID
-	setresuid(-1,-1,-1);
+	samba_setresuid(-1,-1,-1);
 #endif
 
 #if USE_SETREUID
-	setreuid(-1,-1);
+	samba_setreuid(-1,-1);
 #endif
 
 #if USE_SETEUID
-	seteuid(-1);
+	samba_seteuid(-1);
 #endif
 
 #if USE_SETUIDX
-	setuidx(ID_EFFECTIVE, -1);
+	samba_setuidx(ID_EFFECTIVE, -1);
 #endif
 
 	if (errno == ENOSYS) return -1;
@@ -462,7 +467,7 @@ main()
 	gain_root_privilege();
 	gain_root_group_privilege();
 	become_user_permanently(1, 1);
-	setuid(0);
+	samba_setuid(0);
 	if (getuid() == 0) {
 		fprintf(stderr,"uid not set permanently\n");
 		exit(1);
-- 
cgit