/****************************************************************************
Become the specified uid and gid - permanently !
there should be no way back if possible
****************************************************************************/
void become_user_permanently(uid_t uid, gid_t gid)
{
/*
* First - gain root privilege. We do this to ensure
* we can lose it again.
*/
gain_root_privilege();
gain_root_group_privilege();
#if USE_SETRESUID
setresgid(gid,gid,gid);
setgid(gid);
setresuid(uid,uid,uid);
setuid(uid);
#endif
#if USE_SETREUID
setregid(gid,gid);
setgid(gid);
setreuid(uid,uid);
setuid(uid);
#endif
#if USE_SETEUID
setegid(gid);
setgid(gid);
setuid(uid);
seteuid(uid);
setuid(uid);
#endif
#if USE_SETUIDX
setgidx(ID_REAL, gid);
setgidx(ID_EFFECTIVE, gid);
setgid(gid);
setuidx(ID_REAL, uid);
setuidx(ID_EFFECTIVE, uid);
setuid(uid);
#endif
assert_uid(uid, uid);
assert_gid(gid, gid);
}
/****************************************************************************
and restore them!
****************************************************************************/
void restore_re_gid(void)
{
#if USE_SETRESUID
setresgid(saved_rgid, saved_egid, -1);
#elif USE_SETREUID
setregid(saved_rgid, -1);
setregid(-1,saved_egid);
#elif USE_SETUIDX
setgidx(ID_REAL, saved_rgid);
setgidx(ID_EFFECTIVE, saved_egid);
#else
set_effective_gid(saved_egid);
if (getgid() != saved_rgid)
setgid(saved_rgid);
set_effective_gid(saved_egid);
#endif
assert_gid(saved_rgid, saved_egid);
}
/****************************************************************************
and restore them!
****************************************************************************/
void restore_re_gid(void)
{
#if defined(USE_SETRESUID) || defined(USE_LINUX_THREAD_CREDENTIALS)
samba_setresgid(saved_rgid, saved_egid, -1);
#elif USE_SETREUID
samba_setregid(saved_rgid, -1);
samba_setregid(-1,saved_egid);
#elif USE_SETUIDX
samba_setgidx(ID_REAL, saved_rgid);
samba_setgidx(ID_EFFECTIVE, saved_egid);
#else
set_effective_gid(saved_egid);
if (getgid() != saved_rgid)
samba_setgid(saved_rgid);
set_effective_gid(saved_egid);
#endif
assert_gid(saved_rgid, saved_egid);
}
/****************************************************************************
Set *only* the effective gid.
we want to end up with rgid==0 and egid==gid
****************************************************************************/
void set_effective_gid(gid_t gid)
{
#if USE_SETRESUID
setresgid(-1,gid,-1);
#endif
#if USE_SETREUID
setregid(-1,gid);
#endif
#if USE_SETEUID
setegid(gid);
#endif
#if USE_SETUIDX
setgidx(ID_EFFECTIVE, gid);
#endif
assert_gid(-1, gid);
}
/****************************************************************************
Set *only* the effective gid.
we want to end up with rgid==0 and egid==gid
****************************************************************************/
void set_effective_gid(gid_t gid)
{
#if defined(USE_SETRESUID) || defined(USE_LINUX_THREAD_CREDENTIALS)
samba_setresgid(-1,gid,-1);
#endif
#if USE_SETREUID
samba_setregid(-1,gid);
#endif
#if USE_SETEUID
samba_setegid(gid);
#endif
#if USE_SETUIDX
samba_setgidx(ID_EFFECTIVE, gid);
#endif
assert_gid(-1, gid);
}
/****************************************************************************
Ensure our real and effective groups are zero.
we want to end up with rgid==egid==0
****************************************************************************/
void gain_root_group_privilege(void)
{
#if USE_SETRESUID
setresgid(0,0,0);
#endif
#if USE_SETREUID
setregid(0,0);
#endif
#if USE_SETEUID
setegid(0);
#endif
#if USE_SETUIDX
setgidx(ID_EFFECTIVE, 0);
setgidx(ID_REAL, 0);
#endif
setgid(0);
assert_gid(0, 0);
}
/****************************************************************************
Ensure our real and effective groups are zero.
we want to end up with rgid==egid==0
****************************************************************************/
void gain_root_group_privilege(void)
{
#if defined(USE_SETRESUID) || defined(USE_LINUX_THREAD_CREDENTIALS)
samba_setresgid(0,0,0);
#endif
#if USE_SETREUID
samba_setregid(0,0);
#endif
#if USE_SETEUID
samba_setegid(0);
#endif
#if USE_SETUIDX
samba_setgidx(ID_EFFECTIVE, 0);
samba_setgidx(ID_REAL, 0);
#endif
samba_setgid(0);
assert_gid(0, 0);
}
