void test_switch_user(void **state) { errno_t ret; struct passwd *sssd; TALLOC_CTX *tmp_ctx; struct sss_creds *saved_creds; struct sss_creds *saved_creds2 = NULL; assert_true(leak_check_setup()); tmp_ctx = talloc_new(global_talloc_context); assert_non_null(tmp_ctx); /* Must root as root, real or fake */ assert_int_equal(geteuid(), 0); sssd = getpwnam("sssd"); assert_non_null(sssd); check_leaks_push(tmp_ctx); ret = switch_creds(tmp_ctx, sssd->pw_uid, sssd->pw_gid, 0, NULL, &saved_creds); assert_int_equal(ret, EOK); assert_int_equal(geteuid(), sssd->pw_uid); assert_int_equal(getegid(), sssd->pw_gid); /* Only effective UID is changed.. */ assert_int_equal(getuid(), 0); assert_int_equal(getgid(), 0); assert_non_null(saved_creds); assert_int_equal(saved_creds->uid, 0); assert_int_equal(saved_creds->gid, 0); /* Attempt to restore creds again */ ret = switch_creds(tmp_ctx, sssd->pw_uid, sssd->pw_gid, 0, NULL, &saved_creds2); assert_int_equal(ret, EOK); assert_null(saved_creds2); /* restore root */ ret = restore_creds(saved_creds); assert_int_equal(ret, EOK); assert_int_equal(geteuid(), 0); assert_int_equal(getegid(), 0); assert_int_equal(getuid(), 0); assert_int_equal(getgid(), 0); talloc_free(saved_creds); assert_true(check_leaks_pop(tmp_ctx)); talloc_free(tmp_ctx); assert_true(leak_check_teardown()); }
errno_t restore_creds(struct sss_creds *saved_creds) { return switch_creds(saved_creds, saved_creds->uid, saved_creds->gid, saved_creds->num_gids, saved_creds->gids, NULL); }
errno_t restore_creds(struct sss_creds *saved_creds) { if (saved_creds == NULL) { /* In case save_creds was saved with the UID already dropped */ return EOK; } return switch_creds(saved_creds, saved_creds->uid, saved_creds->gid, saved_creds->num_gids, saved_creds->gids, NULL); }