/**************************************************************************** set the real AND effective uid to the current effective uid in a way that allows root to be regained. This is only possible on some platforms. ****************************************************************************/ int set_re_uid(void) { uid_t uid = geteuid(); #if defined(USE_SETRESUID) || defined(USE_LINUX_THREAD_CREDENTIALS) samba_setresuid(uid, uid, -1); #endif #if USE_SETREUID samba_setreuid(0, 0); samba_setreuid(uid, -1); samba_setreuid(-1, uid); #endif #if USE_SETEUID /* can't be done */ return -1; #endif #if USE_SETUIDX /* can't be done */ return -1; #endif assert_uid(uid, uid); return 0; }
/**************************************************************************** set the real AND effective uid to the current effective uid in a way that allows root to be regained. This is only possible on some platforms. ****************************************************************************/ int set_re_uid(void) { uid_t uid = geteuid(); #if USE_SETRESUID setresuid(geteuid(), -1, -1); #endif #if USE_SETREUID setreuid(0, 0); setreuid(uid, -1); setreuid(-1, uid); #endif #if USE_SETEUID /* can't be done */ return -1; #endif #if USE_SETUIDX /* can't be done */ return -1; #endif assert_uid(uid, uid); return 0; }
/**************************************************************************** Set effective uid, and possibly the real uid too. We want to end up with either: ruid==uid and euid==uid or ruid==0 and euid==uid depending on what the local OS will allow us to regain root from. ****************************************************************************/ void set_effective_uid(uid_t uid) { #if defined(USE_SETRESUID) || defined(USE_LINUX_THREAD_CREDENTIALS) /* Set the effective as well as the real uid. */ if (samba_setresuid(uid,uid,-1) == -1) { if (errno == EAGAIN) { DEBUG(0, ("samba_setresuid failed with EAGAIN. uid(%d) " "might be over its NPROC limit\n", (int)uid)); } } #endif #if USE_SETREUID samba_setreuid(-1,uid); #endif #if USE_SETEUID samba_seteuid(uid); #endif #if USE_SETUIDX samba_setuidx(ID_EFFECTIVE, uid); #endif assert_uid(-1, uid); }
/**************************************************************************** Become the specified uid and gid - permanently ! there should be no way back if possible ****************************************************************************/ void become_user_permanently(uid_t uid, gid_t gid) { /* * First - gain root privilege. We do this to ensure * we can lose it again. */ gain_root_privilege(); gain_root_group_privilege(); #if USE_SETRESUID setresgid(gid,gid,gid); setgid(gid); setresuid(uid,uid,uid); setuid(uid); #endif #if USE_SETREUID setregid(gid,gid); setgid(gid); setreuid(uid,uid); setuid(uid); #endif #if USE_SETEUID setegid(gid); setgid(gid); setuid(uid); seteuid(uid); setuid(uid); #endif #if USE_SETUIDX setgidx(ID_REAL, gid); setgidx(ID_EFFECTIVE, gid); setgid(gid); setuidx(ID_REAL, uid); setuidx(ID_EFFECTIVE, uid); setuid(uid); #endif assert_uid(uid, uid); assert_gid(gid, gid); }
static void restore_re_uid_fromroot(void) { #if USE_SETRESUID setresuid(saved_ruid, saved_euid, -1); #elif USE_SETREUID setreuid(saved_ruid, -1); setreuid(-1,saved_euid); #elif USE_SETUIDX setuidx(ID_REAL, saved_ruid); setuidx(ID_EFFECTIVE, saved_euid); #else set_effective_uid(saved_euid); if (getuid() != saved_ruid) setuid(saved_ruid); set_effective_uid(saved_euid); #endif assert_uid(saved_ruid, saved_euid); }
void restore_re_uid_fromroot(void) { #if defined(USE_SETRESUID) || defined(USE_LINUX_THREAD_CREDENTIALS) samba_setresuid(saved_ruid, saved_euid, -1); #elif USE_SETREUID samba_setreuid(saved_ruid, -1); samba_setreuid(-1,saved_euid); #elif USE_SETUIDX samba_setuidx(ID_REAL, saved_ruid); samba_setuidx(ID_EFFECTIVE, saved_euid); #else set_effective_uid(saved_euid); if (getuid() != saved_ruid) samba_setuid(saved_ruid); set_effective_uid(saved_euid); #endif assert_uid(saved_ruid, saved_euid); }
/**************************************************************************** Set *only* the effective uid. we want to end up with ruid==0 and euid==uid ****************************************************************************/ void set_effective_uid(uid_t uid) { #if USE_SETRESUID setresuid(-1,uid,-1); #endif #if USE_SETREUID setreuid(-1,uid); #endif #if USE_SETEUID seteuid(uid); #endif #if USE_SETUIDX setuidx(ID_EFFECTIVE, uid); #endif assert_uid(-1, uid); }
/**************************************************************************** Set effective uid, and possibly the real uid too. We want to end up with either: ruid==uid and euid==uid or ruid==0 and euid==uid depending on what the local OS will allow us to regain root from. ****************************************************************************/ void set_effective_uid(uid_t uid) { #if USE_SETRESUID /* Set the effective as well as the real uid. */ setresuid(uid,uid,-1); #endif #if USE_SETREUID setreuid(-1,uid); #endif #if USE_SETEUID seteuid(uid); #endif #if USE_SETUIDX setuidx(ID_EFFECTIVE, uid); #endif assert_uid(-1, uid); }
/**************************************************************************** Gain root privilege before doing something. We want to end up with ruid==euid==0 ****************************************************************************/ void gain_root_privilege(void) { #if USE_SETRESUID setresuid(0,0,0); #endif #if USE_SETEUID seteuid(0); #endif #if USE_SETREUID setreuid(0, 0); #endif #if USE_SETUIDX setuidx(ID_EFFECTIVE, 0); setuidx(ID_REAL, 0); #endif /* this is needed on some systems */ setuid(0); assert_uid(0, 0); }
/**************************************************************************** Gain root privilege before doing something. We want to end up with ruid==euid==0 ****************************************************************************/ void gain_root_privilege(void) { #if defined(USE_SETRESUID) || defined(USE_LINUX_THREAD_CREDENTIALS) samba_setresuid(0,0,0); #endif #if USE_SETEUID samba_seteuid(0); #endif #if USE_SETREUID samba_setreuid(0, 0); #endif #if USE_SETUIDX samba_setuidx(ID_EFFECTIVE, 0); samba_setuidx(ID_REAL, 0); #endif /* this is needed on some systems */ samba_setuid(0); assert_uid(0, 0); }