void test_switch_user(void **state)
{
errno_t ret;
struct passwd *sssd;
TALLOC_CTX *tmp_ctx;
struct sss_creds *saved_creds;
struct sss_creds *saved_creds2 = NULL;
assert_true(leak_check_setup());
tmp_ctx = talloc_new(global_talloc_context);
assert_non_null(tmp_ctx);
/* Must root as root, real or fake */
assert_int_equal(geteuid(), 0);
sssd = getpwnam("sssd");
assert_non_null(sssd);
check_leaks_push(tmp_ctx);
ret = switch_creds(tmp_ctx, sssd->pw_uid, sssd->pw_gid,
0, NULL, &saved_creds);
assert_int_equal(ret, EOK);
assert_int_equal(geteuid(), sssd->pw_uid);
assert_int_equal(getegid(), sssd->pw_gid);
/* Only effective UID is changed.. */
assert_int_equal(getuid(), 0);
assert_int_equal(getgid(), 0);
assert_non_null(saved_creds);
assert_int_equal(saved_creds->uid, 0);
assert_int_equal(saved_creds->gid, 0);
/* Attempt to restore creds again */
ret = switch_creds(tmp_ctx, sssd->pw_uid, sssd->pw_gid,
0, NULL, &saved_creds2);
assert_int_equal(ret, EOK);
assert_null(saved_creds2);
/* restore root */
ret = restore_creds(saved_creds);
assert_int_equal(ret, EOK);
assert_int_equal(geteuid(), 0);
assert_int_equal(getegid(), 0);
assert_int_equal(getuid(), 0);
assert_int_equal(getgid(), 0);
talloc_free(saved_creds);
assert_true(check_leaks_pop(tmp_ctx));
talloc_free(tmp_ctx);
assert_true(leak_check_teardown());
}
errno_t restore_creds(struct sss_creds *saved_creds)
{
return switch_creds(saved_creds,
saved_creds->uid,
saved_creds->gid,
saved_creds->num_gids,
saved_creds->gids, NULL);
}
errno_t restore_creds(struct sss_creds *saved_creds)
{
if (saved_creds == NULL) {
/* In case save_creds was saved with the UID already dropped */
return EOK;
}
return switch_creds(saved_creds,
saved_creds->uid,
saved_creds->gid,
saved_creds->num_gids,
saved_creds->gids, NULL);
}
