int main(void)
{
uid_t ruid = 13, euid = 13, suid = 13;
gid_t rgid = 13, egid = 13, sgid = 13;
int status;
status = getresuid(&ruid, &euid, &suid);
if (status != 0 || ruid != 0 || euid != 0 || suid != 0) {
perror("getresuid");
fprintf(stderr, "%ld %ld %ld\n", (unsigned long) ruid, (unsigned long) euid, (unsigned long) suid);
exit(EXIT_FAILURE);
}
status = getresgid(&rgid, &egid, &sgid);
if (status != 0 || rgid != 0 || egid != 0 || sgid != 0) {
perror("getresgid");
fprintf(stderr, "%ld %ld %ld\n", (unsigned long) ruid, (unsigned long) euid, (unsigned long) suid);
exit(EXIT_FAILURE);
}
status = setresgid(1, 1, 1);
if (status != 0) {
perror("setresgid");
exit(EXIT_FAILURE);
}
status = getresgid(&rgid, &egid, &sgid);
if (status != 0 || rgid != 1 || egid != 1 || sgid != 1) {
perror("getresgid");
fprintf(stderr, "%ld %ld %ld\n", (unsigned long) rgid, (unsigned long) egid, (unsigned long) sgid);
exit(EXIT_FAILURE);
}
if (status != 0 || rgid != 1 || egid != 1 || sgid != 1) {
perror("getresgid");
fprintf(stderr, "%ld %ld %ld\n", (unsigned long) ruid, (unsigned long) euid, (unsigned long) suid);
exit(EXIT_FAILURE);
}
status = setresuid(1, 1, 1);
if (status != 0) {
perror("setresuid");
exit(EXIT_FAILURE);
}
status = getresuid(&ruid, &euid, &suid);
if (status != 0 || ruid != 1 || euid != 1 || suid != 1) {
perror("getresuid");
fprintf(stderr, "%ld %ld %ld\n", (unsigned long) ruid, (unsigned long) euid, (unsigned long) suid);
exit(EXIT_FAILURE);
}
exit(EXIT_SUCCESS);
}
int main (void)
{
gid_t gid_R, gid_E, gid_S;
getresgid(& gid_R, & gid_E, & gid_S);
printf("GID-R=%u, GID-E=%u, GID-S=%u\n", gid_R, gid_E,gid_S);
printf("setresgid(-1, %u, %u)=%d\n",
gid_E, gid_R, setresgid(-1, gid_E, gid_R));
getresgid(& gid_R, & gid_E, & gid_S);
printf("GID-R=%u, GID-E=%u, GID-S=%u\n", gid_R, gid_E,gid_S);
printf("setresgid(-1, %u, -1)=%d\n",
gid_S, setresgid(-1, gid_S, -1));
getresgid(& gid_R, & gid_E, & gid_S);
printf("GID-R=%u, GID-E=%u, GID-S=%u\n", gid_R, gid_E,gid_S);
return 0;
}
/*
* Return TRUE if the real, effective, or saved (if we can check it) user
* ID or group are 0.
*/
gboolean
running_with_special_privs(void)
{
#ifdef HAVE_SETRESUID
uid_t ru, eu, su;
#endif
#ifdef HAVE_SETRESGID
gid_t rg, eg, sg;
#endif
#ifdef HAVE_SETRESUID
getresuid(&ru, &eu, &su);
if (ru == 0 || eu == 0 || su == 0)
return TRUE;
#else
if (getuid() == 0 || geteuid() == 0)
return TRUE;
#endif
#ifdef HAVE_SETRESGID
getresgid(&rg, &eg, &sg);
if (rg == 0 || eg == 0 || sg == 0)
return TRUE;
#else
if (getgid() == 0 || getegid() == 0)
return TRUE;
#endif
return FALSE;
}
int
reportprivilege(char *message)
{
uid_t euid, ruid, suid;
gid_t egid, rgid, sgid;
int error;
error = getresuid(&ruid, &euid, &suid);
if (error) {
perror("getresuid");
return (error);
}
error = getresgid(&rgid, &egid, &sgid);
if (error) {
perror("getresgid");
return (error);
}
if (message)
printf("%s: ", message);
printf("ruid: %d, euid: %d, suid: %d, ", ruid, euid, suid);
printf("rgid: %d, egid: %d, sgid: %d\n", rgid, egid, sgid);
return (0);
}
static void
test_setresgid3 (enum ACTION action, int tno)
{
if (action == PREPARE)
return;
if (action != CHECK_AFTER)
check_prev_gid (tno);
if (action == SET && setresgid (nobody_gid, nobody_gid, nobody_gid) < 0)
{
printf ("setresgid failed: %m\n");
exit (1);
}
if (action != CHECK_BEFORE)
{
gid_t rgid, egid, sgid;
if (getresgid (&rgid, &egid, &sgid) < 0)
{
printf ("getresgid failed: %d %m\n", tno);
exit (1);
}
if (rgid != nobody_gid || egid != nobody_gid || sgid != nobody_gid)
{
printf ("after setresgid %d (%d %d %d) != (%d %d %d)\n", tno,
rgid, egid, sgid, nobody_gid, nobody_gid, nobody_gid);
exit (1);
}
}
}
/*
* sys_getuid
* ----------
*
* Gets the user information of the user the server is executing as
*/
DWORD request_sys_config_getuid(Remote *remote, Packet *packet)
{
Packet *response = packet_create_response(packet);
DWORD res = ERROR_SUCCESS;
#ifdef _WIN32
CHAR username[512], username_only[512], domainname_only[512];
LPVOID TokenUserInfo[4096];
HANDLE token;
DWORD user_length = sizeof(username_only), domain_length = sizeof(domainname_only);
DWORD size = sizeof(username), sid_type = 0, returned_tokinfo_length;
memset(username, 0, sizeof(username));
memset(username_only, 0, sizeof(username_only));
memset(domainname_only, 0, sizeof(domainname_only));
do
{
if (!OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, FALSE, &token))
{
OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &token);
}
if (!GetTokenInformation(token, TokenUser, TokenUserInfo, 4096, &returned_tokinfo_length))
{
res = GetLastError();
break;
}
if (!LookupAccountSidA(NULL, ((TOKEN_USER*)TokenUserInfo)->User.Sid, username_only, &user_length, domainname_only, &domain_length, (PSID_NAME_USE)&sid_type))
{
res = GetLastError();
break;
}
// Make full name in DOMAIN\USERNAME format
_snprintf(username, 512, "%s\\%s", domainname_only, username_only);
username[511] = '\0';
packet_add_tlv_string(response, TLV_TYPE_USER_NAME, username);
} while (0);
#else
CHAR info[512];
uid_t ru, eu, su;
gid_t rg, eg, sg;
ru = eu = su = rg = eg = sg = 31337;
getresuid(&ru, &eu, &su);
getresgid(&rg, &eg, &sg);
snprintf(info, sizeof(info)-1, "uid=%d, gid=%d, euid=%d, egid=%d, suid=%d, sgid=%d", ru, rg, eu, eg, su, sg);
packet_add_tlv_string(response, TLV_TYPE_USER_NAME, info);
#endif
// Transmit the response
packet_transmit_response(res, remote, response);
return res;
}
static gboolean
check_is_root_user (void)
{
#ifndef G_OS_WIN32
uid_t ruid, euid, suid; /* Real, effective and saved user ID's */
gid_t rgid, egid, sgid; /* Real, effective and saved group ID's */
#ifdef HAVE_GETRESUID
if (getresuid (&ruid, &euid, &suid) != 0 ||
getresgid (&rgid, &egid, &sgid) != 0)
#endif /* HAVE_GETRESUID */
{
suid = ruid = getuid ();
sgid = rgid = getgid ();
euid = geteuid ();
egid = getegid ();
}
if (ruid == 0)
{
return TRUE;
}
#endif
return FALSE;
}
static bool DropRoot() {
if (prctl(PR_SET_DUMPABLE, 0, 0, 0, 0)) {
perror("prctl(PR_SET_DUMPABLE)");
return false;
}
if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0)) {
perror("Still dumpable after prctl(PR_SET_DUMPABLE)");
return false;
}
gid_t rgid, egid, sgid;
if (getresgid(&rgid, &egid, &sgid)) {
perror("getresgid");
return false;
}
if (setresgid(rgid, rgid, rgid)) {
perror("setresgid");
return false;
}
uid_t ruid, euid, suid;
if (getresuid(&ruid, &euid, &suid)) {
perror("getresuid");
return false;
}
if (setresuid(ruid, ruid, ruid)) {
perror("setresuid");
return false;
}
return true;
}
/*
* @brief Get the user name of the current process/thread.
* @param pRemote Pointer to the \c Remote instance.
* @param pRequest Pointer to the \c Request packet.
* @returns Indication of success or failure.
*/
DWORD request_sys_config_getuid(Remote* pRemote, Packet* pPacket)
{
Packet *pResponse = packet_create_response(pPacket);
DWORD dwResult = ERROR_SUCCESS;
#ifdef _WIN32
dwResult = populate_uid(pResponse);
#else
CHAR info[512];
uid_t ru, eu, su;
gid_t rg, eg, sg;
ru = eu = su = rg = eg = sg = 31337;
getresuid(&ru, &eu, &su);
getresgid(&rg, &eg, &sg);
snprintf(info, sizeof(info)-1, "uid=%d, gid=%d, euid=%d, egid=%d, suid=%d, sgid=%d", ru, rg, eu, eg, su, sg);
packet_add_tlv_string(pResponse, TLV_TYPE_USER_NAME, info);
#endif
// Transmit the response
packet_transmit_response(dwResult, pRemote, pResponse);
return dwResult;
}
int main(int ac, char **av)
{
int lc;
char *msg;
gid_t real_gid, /* real/eff./saved user id from getresgid() */
eff_gid, sav_gid;
msg = parse_opts(ac, av, NULL, NULL);
if (msg != NULL) {
tst_brkm(TBROK, NULL, "OPTION PARSING ERROR - %s", msg);
}
setup();
for (lc = 0; TEST_LOOPING(lc); lc++) {
tst_count = 0;
/*
* Call getresgid() to get the real/effective/saved
* user id's of the calling process after
* setregid() in setup.
*/
TEST(getresgid(&real_gid, &eff_gid, &sav_gid));
if (TEST_RETURN == -1) {
tst_resm(TFAIL, "getresgid() Failed, errno=%d : %s",
TEST_ERRNO, strerror(TEST_ERRNO));
continue;
}
/*
* Perform functional verification if test
* executed without (-f) option.
*/
if (STD_FUNCTIONAL_TEST) {
/*
* Verify the real/effective/saved gid
* values returned by getresgid with the
* expected values.
*/
if ((real_gid != pr_gid) || (eff_gid != pe_gid) ||
(sav_gid != ps_gid)) {
tst_resm(TFAIL, "real:%d, effective:%d, "
"saved-user:%d ids differ",
real_gid, eff_gid, sav_gid);
} else {
tst_resm(TPASS, "Functionality of getresgid() "
"successful");
}
} else {
tst_resm(TPASS, "call succeeded");
}
}
cleanup();
tst_exit();
}
int
main (void)
{
marker1 ();
getresuid (&ruid, &euid, &suid);
getresgid (&rgid, &egid, &sgid);
marker2 ();
return 0;
}
static int
do_test (void)
{
struct passwd *pwd = getpwnam ("nobody");
if (pwd == NULL)
{
puts ("User nobody doesn't exist");
return 0;
}
nobody_uid = pwd->pw_uid;
nobody_gid = pwd->pw_gid;
if (getresuid (&prev_ruid, &prev_euid, &prev_suid) < 0)
{
printf ("getresuid failed: %m\n");
exit (1);
}
if (getresgid (&prev_rgid, &prev_egid, &prev_sgid) < 0)
{
printf ("getresgid failed: %m\n");
exit (1);
}
if (prev_ruid == nobody_uid || prev_euid == nobody_uid
|| prev_suid == nobody_uid)
{
puts ("already running as user nobody, skipping tests");
exit (0);
}
if (prev_rgid == nobody_gid || prev_egid == nobody_gid
|| prev_sgid == nobody_gid)
{
puts ("already running as group nobody, skipping tests");
exit (0);
}
if (pthread_barrier_init (&b3, NULL, 3) != 0)
{
puts ("barrier_init failed");
exit (1);
}
if (pthread_barrier_init (&b4, NULL, 4) != 0)
{
puts ("barrier_init failed");
exit (1);
}
for (unsigned long int testno = 0;
testno < sizeof (setuid_tests) / sizeof (setuid_tests[0]);
++testno)
do_one_test (testno);
return 0;
}
static bool
gid_verify(gid_t real, gid_t effective, gid_t saved)
{
gid_t r, e, s;
return (getresgid(&r, &e, &s) == 0 &&
gid_matches(real, r) &&
gid_matches(effective, e) &&
gid_matches(saved, s));
}
void dump_uids(void)
{
uid_t uid, euid, suid;
gid_t gid, egid, sgid;
getresuid(&uid, &euid, &suid);
getresgid(&gid, &egid, &sgid);
outputstd("initial uid:%u gid:%u euid:%u egid:%u suid:%u sgid:%u\n",
uid, gid, euid, egid, suid, sgid);
}
/*
* void
* setup() - performs all ONE TIME setup for this test.
* This function gets real/effective/saved uid/gid, umask, the device/inode
* number of '/' and current working directory for the parent process.
*/
void setup()
{
tst_sig(FORK, DEF_HANDLER, cleanup);
TEST_PAUSE;
/*
* Get the euid, ruid, egid, rgid, umask value
* and the current working directory of the parent process.
*/
if (getresuid(&Pruid, &Peuid, &Psuid) < 0) {
tst_brkm(TFAIL, cleanup, "getresuid() fails to get "
"real/eff./saved uid of parent");
}
if (getresgid(&Prgid, &Pegid, &Psgid) < 0) {
tst_brkm(TFAIL, cleanup, "getresgid() fails to get "
"real/eff./saved gid of parent");
}
/* Get the process file mode creation mask by setting value 0 */
Pumask = umask(0);
umask(Pumask); /*
* Restore the mask value of the
* process.
*/
/*
* Get the pathname of current working directory of the parent
* process.
*/
if ((Pcwd = (char *)getcwd(NULL, BUFSIZ)) == NULL) {
tst_brkm(TFAIL, cleanup,
"getcwd failed for the parent process");
}
/*
* Get the device and inode number of root directory for the
* parent process.
*/
if (stat("/", &StatPbuf) == -1) {
tst_brkm(TFAIL, cleanup, "stat(2) failed to get info. of '/' "
"in parent process");
}
/*
* Get the device number and the inode number of "." (current-
* working directory) for the parent process.
*/
if (stat(Pcwd, &Stat_cwd_Pbuf) < 0) {
tst_brkm(TFAIL, cleanup, "stat(2) failed to get info. of "
"working directory in parent process");
}
}
int safe_getresgid(const char *file, const int lineno, void (*cleanup_fn)(void),
gid_t *rgid, gid_t *egid, gid_t *sgid)
{
int rval;
rval = getresgid(rgid, egid, sgid);
if (rval == -1) {
tst_brkm(TBROK | TERRNO, cleanup_fn,
"%s:%d: getresgid(%p, %p, %p) failed",
file, lineno, rgid, egid, sgid);
}
return rval;
}
static void do_setresgid(const struct privctx *opts)
{
gid_t rgid, egid, sgid;
if (getresgid(&rgid, &egid, &sgid) != 0)
err(SETPRIV_EXIT_PRIVERR, _("getresgid failed"));
if (opts->have_rgid)
rgid = opts->rgid;
if (opts->have_egid)
egid = opts->egid;
/* Also copy effective to saved (for paranoia). */
if (setresgid(rgid, egid, egid) != 0)
err(SETPRIV_EXIT_PRIVERR, _("setresgid failed"));
}
static int test_functionality(uid_t exp_rgid, uid_t exp_egid, uid_t exp_sgid)
{
uid_t cur_rgid, cur_egid, cur_sgid;
/* Get current real, effective and saved group id's */
if (getresgid(&cur_rgid, &cur_egid, &cur_sgid) == -1) {
tst_brkm(TBROK, cleanup, "getresgid() failed");
}
if ((cur_rgid == exp_rgid) && (cur_egid == exp_egid)
&& (cur_sgid == exp_sgid)) {
return 0;
}
return 1;
}
static void
check_prev_gid (int tno)
{
gid_t rgid, egid, sgid;
if (getresgid (&rgid, &egid, &sgid) < 0)
{
printf ("getresgid failed: %d %m\n", tno);
exit (1);
}
if (rgid != prev_rgid || egid != prev_egid || sgid != prev_sgid)
{
printf ("gids before in %d (%d %d %d) != (%d %d %d)\n", tno,
rgid, egid, sgid, prev_rgid, prev_egid, prev_sgid);
exit (1);
}
}
int main(int ac, char **av)
{
int lc;
gid_t real_gid, /* real/eff./saved user id from getresgid() */
eff_gid, sav_gid;
tst_parse_opts(ac, av, NULL, NULL);
setup();
for (lc = 0; TEST_LOOPING(lc); lc++) {
tst_count = 0;
/*
* Call getresgid() to get the real/effective/saved
* user id's of the calling process after
* setregid() in setup.
*/
TEST(getresgid(&real_gid, &eff_gid, &sav_gid));
if (TEST_RETURN == -1) {
tst_resm(TFAIL, "getresgid() Failed, errno=%d : %s",
TEST_ERRNO, strerror(TEST_ERRNO));
continue;
}
/*
* Verify the real/effective/saved gid
* values returned by getresgid with the
* expected values.
*/
if ((real_gid != pr_gid) || (eff_gid != pe_gid) ||
(sav_gid != ps_gid)) {
tst_resm(TFAIL, "real:%d, effective:%d, "
"saved-user:%d ids differ",
real_gid, eff_gid, sav_gid);
} else {
tst_resm(TPASS, "Functionality of getresgid() "
"successful");
}
}
cleanup();
tst_exit();
}
static void
show_gids ()
{
#if HAVE_GETRESGID /* glibc, FreeBSD, OpenBSD, HP-UX */
gid_t real;
gid_t effective;
gid_t saved;
ASSERT (getresgid (&real, &effective, &saved) >= 0);
printf ("gids: real=%d effective=%d saved=%d",
(int) real, (int) effective, (int) saved);
#elif HAVE_GETEGID
printf ("gids: real=%d effective=%d",
(int) getgid (), (int) getegid ());
#elif HAVE_GETGID
printf ("gids: real=%d",
(int) getgid ());
#endif
}
static void setperms (uid_t uid, gid_t gid)
{
char strbuf[ISC_STRERRORSIZE];
#if !defined(HAVE_SETEGID) && defined(HAVE_SETRESGID)
gid_t oldgid, tmpg;
#endif
#if !defined(HAVE_SETEUID) && defined(HAVE_SETRESUID)
uid_t olduid, tmpu;
#endif
#if defined(HAVE_SETEGID)
if (getegid () != gid && setegid (gid) == -1)
{
isc__strerror (errno, strbuf, sizeof (strbuf));
ns_main_earlywarning ("unable to set effective gid to %ld: %s", (long) gid, strbuf);
}
#elif defined(HAVE_SETRESGID)
if (getresgid (&tmpg, &oldgid, &tmpg) == -1 || oldgid != gid)
{
if (setresgid (-1, gid, -1) == -1)
{
isc__strerror (errno, strbuf, sizeof (strbuf));
ns_main_earlywarning ("unable to set effective " "gid to %d: %s", gid, strbuf);
}
}
#endif
#if defined(HAVE_SETEUID)
if (geteuid () != uid && seteuid (uid) == -1)
{
isc__strerror (errno, strbuf, sizeof (strbuf));
ns_main_earlywarning ("unable to set effective uid to %ld: %s", (long) uid, strbuf);
}
#elif defined(HAVE_SETRESUID)
if (getresuid (&tmpu, &olduid, &tmpu) == -1 || olduid != uid)
{
if (setresuid (-1, uid, -1) == -1)
{
isc__strerror (errno, strbuf, sizeof (strbuf));
ns_main_earlywarning ("unable to set effective " "uid to %d: %s", uid, strbuf);
}
}
#endif
}
int restore_privs(void)
{
if (geteuid()) {
uid_t ruid, euid, suid;
if (getresuid(&ruid, &euid, &suid) < 0) {
perror("priv restore: getresuid failed");
return -1;
}
if (setresuid(-1, suid, -1) < 0) {
perror("priv restore: setresuid failed");
return -1;
}
if (geteuid() != suid) {
perror("restoring privilege failed");
return -1;
}
}
if (getegid()) {
gid_t rgid, egid, sgid;
if (getresgid(&rgid, &egid, &sgid) < 0) {
perror("priv restore: getresgid failed");
return -1;
}
if (setresgid(-1, sgid, -1) < 0) {
perror("priv restore: setresgid failed");
return -1;
}
if (getegid() != sgid){
perror("restoring group privilege failed");
return -1;
}
}
return 0;
}
static int DropRoot(void)
{
uid_t ruid, euid, suid;
gid_t rgid, egid, sgid;
int rc = -1; /* assume failure */
if (prctl(PR_SET_DUMPABLE, 0, 0, 0, 0)) {
perror("prctl(PR_SET_DUMPABLE)");
goto exit;
}
if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0)) {
perror("Still dumpable after prctl(PR_SET_DUMPABLE)");
goto exit;
}
if (getresgid(&rgid, &egid, &sgid)) {
perror("getresgid");
goto exit;
}
if (setresgid(rgid, rgid, rgid)) {
perror("setresgid");
goto exit;
}
if (getresuid(&ruid, &euid, &suid)) {
perror("getresuid");
goto exit;
}
if (setresuid(ruid, ruid, ruid)) {
perror("setresuid");
goto exit;
}
rc = 0;
exit:
return rc;
}
static int test_functionality(uid_t exp_rgid, uid_t exp_egid, uid_t exp_sgid)
{
uid_t cur_rgid, cur_egid, cur_sgid;
/*
* Perform functional verification, if STD_FUNCTIONAL_TEST is
* set (-f options is not used)
*/
if (STD_FUNCTIONAL_TEST == 0) {
return 0;
}
/* Get current real, effective and saved group id */
if (getresgid(&cur_rgid, &cur_egid, &cur_sgid) == -1) {
tst_brkm(TBROK, cleanup, "getresgid() failed");
}
if ((cur_rgid == exp_rgid) && (cur_egid == exp_egid)
&& (cur_sgid == exp_sgid)) {
return 0;
}
return 1;
}
static
int
ipc_exec_drop_privileges(void)
{
uid_t nuid = ipc_exec_exec_uid;
gid_t ngid = ipc_exec_exec_gid;
uid_t ruid, euid, suid;
gid_t rgid, egid, sgid;
if( setresgid(ngid,ngid,ngid) == -1 )
{
return -1;
}
if( getresgid(&rgid, &egid, &sgid) == -1 )
{
return -1;
}
if( rgid != ngid || egid != ngid || sgid != ngid )
{
return -1;
}
if( setresuid(nuid,nuid,nuid) == -1 )
{
return -1;
}
if( getresuid(&ruid, &euid, &suid) == -1 )
{
return -1;
}
if( ruid != nuid || euid != nuid || suid != nuid )
{
return -1;
}
return 0;
}
do_child(int master_fd, const char *path, char *const *argv)
{
if ((dup2(master_fd, STDIN_FILENO) != STDIN_FILENO)
|| (dup2(master_fd, STDOUT_FILENO) != STDOUT_FILENO))
{
#ifdef UTEMPTER_DEBUG
fprintf(stderr, "libutempter: dup2: %s\n", strerror(errno));
#endif
_exit(EXIT_FAILURE);
}
execv(path, argv);
#ifdef UTEMPTER_DEBUG
fprintf(stderr, "libutempter: execv: %s\n", strerror(errno));
#endif
while (EACCES == errno)
{
/* try saved group ID */
gid_t rgid, egid, sgid;
if (getresgid(&rgid, &egid, &sgid))
break;
if (sgid == egid)
break;
if (setgid(sgid))
break;
(void) execv(path, argv);
break;
}
_exit(EXIT_FAILURE);
}
int
main (int argc, char *argv[])
{
bool verbose = false;
int i;
#if HAVE_GETUID
int uid = getuid ();
#endif
#if HAVE_GETGID
int gid = getgid ();
#endif
/* Parse arguments.
-v enables verbose output.
*/
for (i = 1; i < argc; i++)
{
const char *arg = argv[i];
if (strcmp (arg, "-v") == 0)
verbose = true;
}
if (verbose)
show ("before drop:");
ASSERT (idpriv_drop () == 0);
if (verbose)
show ("after drop: ");
/* Verify that the privileges have really been dropped. */
#if HAVE_GETRESUID /* glibc, FreeBSD, OpenBSD, HP-UX */
{
uid_t real;
uid_t effective;
uid_t saved;
if (getresuid (&real, &effective, &saved) < 0
|| real != uid
|| effective != uid
|| saved != uid)
abort ();
}
#else
# if HAVE_GETEUID
if (geteuid () != uid)
abort ();
# endif
# if HAVE_GETUID
if (getuid () != uid)
abort ();
# endif
#endif
#if HAVE_GETRESGID /* glibc, FreeBSD, OpenBSD, HP-UX */
{
gid_t real;
gid_t effective;
gid_t saved;
if (getresgid (&real, &effective, &saved) < 0
|| real != gid
|| effective != gid
|| saved != gid)
abort ();
}
#else
# if HAVE_GETEGID
if (getegid () != gid)
abort ();
# endif
# if HAVE_GETGID
if (getgid () != gid)
abort ();
# endif
#endif
return 0;
}
int main(int argc, char **argv)
{
int pid, s_p[2], f_p[2], r_p[3];
const __uid_t w_ruid = 1, w_euid = 2, w_suid = 3, w_fsuid = w_euid;
const __uid_t w_rgid = 5, w_egid = 6, w_sgid = 7, w_fsgid = 8;
__uid_t rid, eid, sid, fsid;
char res = 'x';
test_init(argc, argv);
pipe(s_p);
pipe(f_p);
pipe(r_p);
pid = fork();
if (pid == 0) {
close(s_p[0]);
close(f_p[1]);
close(r_p[0]);
setresgid(w_rgid, w_egid, w_sgid);
setfsgid(w_fsgid);
setresuid(w_ruid, w_euid, w_suid);
/* fsuid change is impossible after above */
close(s_p[1]);
read(f_p[0], &res, 1);
close(f_p[0]);
#define CHECK_ID(__t, __w, __e) do { \
if (__t##id != w_##__t##__w##id) { \
res = __e; \
goto bad; \
} \
} while (0)
rid = eid = sid = fsid = 0;
getresuid(&rid, &eid, &sid);
fsid = setfsuid(w_euid);
CHECK_ID(r, u, '1');
CHECK_ID(e, u, '2');
CHECK_ID(s, u, '3');
CHECK_ID(s, u, '3');
CHECK_ID(fs, u, '4');
rid = eid = sid = fsid = 0;
getresgid(&rid, &eid, &sid);
fsid = setfsgid(w_fsgid);
CHECK_ID(r, g, '5');
CHECK_ID(e, g, '6');
CHECK_ID(s, g, '7');
CHECK_ID(fs, g, '8');
res = '0';
bad:
write(r_p[1], &res, 1);
close(r_p[1]);
_exit(0);
}
close(f_p[0]);
close(s_p[1]);
close(r_p[1]);
read(s_p[0], &res, 1);
close(s_p[0]);
test_daemon();
test_waitsig();
close(f_p[1]);
read(r_p[0], &res, 1);
if (res == '0')
pass();
else
fail("Fail: %c", res);
return 0;
}
static void
xlocalelibdir(
char *buf,
int buf_len)
{
char *p = buf;
int len = 0;
#ifndef NO_XLOCALEDIR
char *dir;
int priv = 1;
dir = getenv("XLOCALELIBDIR");
if (dir) {
#ifndef WIN32
/*
* Only use the user-supplied path if the process isn't priviledged.
*/
if (getuid() == geteuid() && getgid() == getegid()) {
#if defined(HASSETUGID)
priv = issetugid();
#elif defined(HASGETRESUID)
{
uid_t ruid, euid, suid;
gid_t rgid, egid, sgid;
if ((getresuid(&ruid, &euid, &suid) == 0) &&
(getresgid(&rgid, &egid, &sgid) == 0))
priv = (euid != suid) || (egid != sgid);
}
#else
/*
* If there are saved ID's the process might still be priviledged
* even though the above test succeeded. If issetugid() and
* getresgid() aren't available, test this by trying to set
* euid to 0.
*
* Note: this only protects setuid-root clients. It doesn't
* protect other setuid or any setgid clients. If this tradeoff
* isn't acceptable, set DisableXLocaleDirEnv to YES in host.def.
*/
unsigned int oldeuid;
oldeuid = geteuid();
if (seteuid(0) != 0) {
priv = 0;
} else {
if (seteuid(oldeuid) == -1) {
/* XXX ouch, coudn't get back to original uid
what can we do ??? */
_exit(127);
}
priv = 1;
}
#endif
}
#else
priv = 0;
#endif
if (!priv) {
len = strlen(dir);
strncpy(p, dir, buf_len);
if (len < buf_len) {
p[len++] = LC_PATHDELIM;
p += len;
}
}
}
#endif /* NO_XLOCALEDIR */
if (len < buf_len)
#ifndef __UNIXOS2__
strncpy(p, XLOCALELIBDIR, buf_len - len);
#else
strncpy(p,__XOS2RedirRoot(XLOCALELIBDIR), buf_len - len);
#endif
buf[buf_len-1] = '\0';
}
