Spelling mistake change due to very pick people (you know who you are :-).

Changed privilage to privilege.

Also added set_real_uid() call to lib/util_sec.c.
Removed last set[re]uid calls from quotas.c - all such calls now live only
in lib/util_sec.c.

Jeremy.

10 files changed, 99 insertions, 39 deletions

diff --git a/source/include/client.h b/source/include/client.h
index 0f28fa0d089..458c50d87ba 100644
--- a/source/include/client.h
+++ b/source/include/client.h
@@ -80,7 +80,7 @@ struct cli_state {
 	int protocol;
 	int sec_mode;
 	int rap_error;
-	int privilages;
+	int privileges;
 
 	fstring eff_name;
 	fstring desthost;
diff --git a/source/include/proto.h b/source/include/proto.h
index 77228036ec2..dc5763198f0 100644
--- a/source/include/proto.h
+++ b/source/include/proto.h
@@ -312,8 +312,8 @@ char *fgets_slash(char *s2,int maxlen,FILE *f);
 
 /*The following definitions come from  lib/util_sec.c  */
 
-void gain_root_privilage(void);
-void gain_root_group_privilage(void);
+void gain_root_privilege(void);
+void gain_root_group_privilege(void);
 int set_effective_uid(uid_t uid);
 int set_effective_gid(gid_t gid);
 BOOL become_user_permanently(uid_t uid, gid_t gid);
diff --git a/source/lib/smbrun.c b/source/lib/smbrun.c
index ad262c775a8..f8eb9134aed 100644
--- a/source/lib/smbrun.c
+++ b/source/lib/smbrun.c
@@ -28,7 +28,7 @@ extern int DEBUGLEVEL;
 
 /****************************************************************************
 This is a utility function of smbrun(). It must be called only from
-the child as it may leave the caller in a privilaged state.
+the child as it may leave the caller in a privileged state.
 ****************************************************************************/
 static BOOL setup_stdout_file(char *outfile,BOOL shared)
 {  
@@ -40,9 +40,9 @@ static BOOL setup_stdout_file(char *outfile,BOOL shared)
   close(1);
 
   if (shared) {
-	/* become root - unprivilaged users can't delete these files */
-	gain_root_privilage();
-	gain_root_group_privilage();
+	/* become root - unprivileged users can't delete these files */
+	gain_root_privilege();
+	gain_root_group_privilege();
   }
 
   if(sys_stat(outfile, &st) == 0) {
@@ -136,14 +136,14 @@ int smbrun(char *cmd,char *outfile,BOOL shared)
 		exit(80);
 	}
 	
-	/* now completely lose our privilages. This is a fairly paranoid
+	/* now completely lose our privileges. This is a fairly paranoid
 	   way of doing it, but it does work on all systems that I know of */
 
 	become_user_permanently(uid, gid);
 
 	if (getuid() != uid || geteuid() != uid ||
 	    getgid() != gid || getegid() != gid) {
-		/* we failed to lose our privilages - do not execute
+		/* we failed to lose our privileges - do not execute
                    the command */
 		exit(81); /* we can't print stuff at this stage,
 			     instead use exit codes for debugging */
diff --git a/source/lib/util_sec.c b/source/lib/util_sec.c
index f31f4f08275..a5f07413900 100644
--- a/source/lib/util_sec.c
+++ b/source/lib/util_sec.c
@@ -21,10 +21,10 @@
 #include "includes.h"
 
 /****************************************************************************
- Gain root privilage before doing something.
+ Gain root privilege before doing something.
 ****************************************************************************/
 
-void gain_root_privilage(void)
+void gain_root_privilege(void)
 {
 #if defined(HAVE_SETRESUID) && defined(HAVE_SETRESGID)
 
@@ -56,7 +56,7 @@ void gain_root_privilage(void)
  Ensure our real and effective groups are zero.
 ****************************************************************************/
 
-void gain_root_group_privilage(void)
+void gain_root_group_privilege(void)
 {
 #ifdef HAVE_SETRESGID
 	setresgid(0,0,0);
@@ -82,18 +82,19 @@ int set_effective_uid(uid_t uid)
 			return -1;
 		}
 	}
+	return 0;
 #endif
 #endif
 
 #if defined(HAVE_SETRESUID)
-    if (setresuid(-1,uid,-1) != 0)
+    return setresuid(-1,uid,-1);
 #elif defined(HAVE_SETREUID) && !defined(HAVE_SETEUID)
-	if(setreuid(-1,uid) != 0)
+	return setreuid(-1,uid);
 #else
     if ((seteuid(uid) != 0) && (setuid(uid) != 0))
-#endif
 		return -1;
 	return 0;
+#endif
 }
 
 /****************************************************************************
@@ -103,14 +104,40 @@ int set_effective_uid(uid_t uid)
 int set_effective_gid(gid_t gid)
 {
 #if defined(HAVE_SETRESGID)
-	if (setresgid(-1,gid,-1) != 0)
+	return setresgid(-1,gid,-1);
 #elif defined(HAVE_SETREGID) && !defined(HAVE_SETEGID)
-	if (setregid(-1,gid) != 0)
+	return setregid(-1,gid);
 #else
 	if ((setegid(gid) != 0) && (setgid(gid) != 0))
-#endif
 		return -1;
 	return 0;
+#endif
+}
+
+/****************************************************************************
+ Set *only* the real uid.
+****************************************************************************/
+
+int set_real_uid(uid_t uid)
+{
+#if defined(HAVE_TRAPDOOR_UID)
+#if defined(HAVE_SETUIDX)
+    /* AIX3 has setuidx which is NOT a trapoor function (tridge) */
+    return setuidx(ID_REAL,uid);
+#endif
+#endif
+
+#if defined(HAVE_SETRESUID)
+    return setresuid(uid,-1,-1);
+#elif defined(HAVE_SETREUID) && !defined(HAVE_SETEUID)
+    return setreuid(uid,-1);
+#else
+	/* 
+	 * Without either setresuid or setreuid we cannot
+	 * independently set the real uid.
+	 */
+    return -1;
+#endif
 }
 
 /****************************************************************************
@@ -120,17 +147,17 @@ int set_effective_gid(gid_t gid)
 BOOL become_user_permanently(uid_t uid, gid_t gid)
 {
 	/* 
-	 * Now completely lose our privilages. This is a fairly paranoid
+	 * Now completely lose our privileges. This is a fairly paranoid
 	 * way of doing it, but it does work on all systems that I know of.
 	 */
 
 	/*
-	 * First - gain root privilage. We do this to ensure
+	 * First - gain root privilege. We do this to ensure
 	 * we can lose it again.
 	 */
 
-	gain_root_privilage();
-	gain_root_group_privilage();
+	gain_root_privilege();
+	gain_root_group_privilege();
 
 #if defined(HAVE_SETRESUID) && defined(HAVE_SETRESGID)
 	/*
@@ -169,7 +196,7 @@ BOOL become_user_permanently(uid_t uid, gid_t gid)
 	
 	if (getuid() != uid || geteuid() != uid ||
 	    getgid() != gid || getegid() != gid) {
-		/* We failed to lose our privilages. */
+		/* We failed to lose our privileges. */
 		return False;
 	}
 	
diff --git a/source/libsmb/clientgen.c b/source/libsmb/clientgen.c
index 91cd1ce9e2c..d0ddfa87bef 100644
--- a/source/libsmb/clientgen.c
+++ b/source/libsmb/clientgen.c
@@ -497,7 +497,7 @@ BOOL cli_NetWkstaUserLogon(struct cli_state *cli,char *user, char *workstation)
 		
 		if (cli->rap_error == 0) {
 			DEBUG(4,("NetWkstaUserLogon success\n"));
-			cli->privilages = SVAL(p, 24);
+			cli->privileges = SVAL(p, 24);
 			fstrcpy(cli->eff_name,p+2);
 		} else {
 			DEBUG(1,("NetwkstaUserLogon gave error %d\n", cli->rap_error));
diff --git a/source/locking/locking_slow.c b/source/locking/locking_slow.c
index 58f17e3a928..5d2c5e7b664 100644
--- a/source/locking/locking_slow.c
+++ b/source/locking/locking_slow.c
@@ -118,7 +118,7 @@ static int delete_share_file(connection_struct *conn, char *fname )
     DEBUG(5,("delete_share_file: Deleted share file %s\n", fname));
   }
 
-  /* return to our previous privilage level */
+  /* return to our previous privilege level */
   unbecome_root(False);
 
   return 0;
@@ -210,7 +210,7 @@ static BOOL slow_lock_share_entry(connection_struct *conn,
 
   *ptok = (int)fd;
 
-  /* return to our previous privilage level */
+  /* return to our previous privilege level */
   unbecome_root(False);
 
   return ret;
diff --git a/source/smbd/chgpasswd.c b/source/smbd/chgpasswd.c
index d1562466ba1..4a12da8fc7c 100644
--- a/source/smbd/chgpasswd.c
+++ b/source/smbd/chgpasswd.c
@@ -121,7 +121,7 @@ static int dochild(int master,char *slavedev, char *name, char *passwordprogram,
   gid = pass->pw_gid;
   uid = pass->pw_uid;
 
-  gain_root_privilage();
+  gain_root_privilege();
 
   /* Start new session - gets rid of controlling terminal. */
   if (setsid() < 0) {
diff --git a/source/smbd/quotas.c b/source/smbd/quotas.c
index 93ec0ef3157..315cbd912f2 100644
--- a/source/smbd/quotas.c
+++ b/source/smbd/quotas.c
@@ -387,13 +387,29 @@ BOOL disk_quotas(char *path, SMB_BIG_UINT *bsize, SMB_BIG_UINT *dfree, SMB_BIG_U
   euser_id = geteuid();
   user_id = getuid();
 
-  setreuid(euser_id, -1);
+  /*
+   * To do this correctly we must set eff id back to zero,
+   * set real uid, then set eff uid (thus leaving saved-set). To reverse we set eff
+   * id to zero, set real uid, then set eff uid back.
+   */
+
+  set_effective_uid(0);
+  set_real_uid(euser_id);
+  set_effective_uid(euser_id);
+
   r= quotactl(path,QCMD(Q_GETQUOTA, USRQUOTA),euser_id,(char *) &D);
   if (r)
      save_errno = errno;
 
-  if (setreuid(user_id, -1) == -1)
-    DEBUG(5,("Unable to reset uid to %d\n", user_id));
+  set_effective_uid(0);
+  set_real_uid(user_id);
+  set_effective_uid(euser_id);
+
+  if (geteuid() != euser_id)
+    DEBUG(0,("Unable to reset eff uid to %d. THIS IS A BUG\n", (int)euser_id));
+
+  if (getuid() != user_id)
+    DEBUG(0,("Unable to reset real uid to %d. THIS IS A BUG\n", (int)user_id));
 
   *bsize = DEV_BSIZE;
 
@@ -586,14 +602,31 @@ BOOL disk_quotas(char *path, SMB_BIG_UINT *bsize, SMB_BIG_UINT *dfree, SMB_BIG_U
 
 #ifdef HPUX
   {
-    uid_t user_id;
+    uid_t user_id = getuid();
 
     /* for HPUX, real uid must be same as euid to execute quotactl for euid */
-    user_id = getuid();
-    setresuid(euser_id,-1,-1);
+
+    /*
+     * To do this correctly we must set eff id back to zero,
+     * set real uid, then set eff uid (thus leaving saved-set). To reverse we set eff
+     * id to zero, set real uid, then set eff uid back.
+     */
+
+    set_effective_uid(0);
+    set_real_uid(euser_id);
+    set_effective_uid(euser_id);
+
     r=quotactl(Q_GETQUOTA, dev_disk, euser_id, &D);
-    if (setresuid(user_id,-1,-1))
-      DEBUG(5,("Unable to reset uid to %d\n", user_id));
+
+    set_effective_uid(0);
+    set_real_uid(user_id);
+    set_effective_uid(euser_id);
+
+    if (geteuid() != euser_id)
+      DEBUG(0,("Unable to reset eff uid to %d. THIS IS A BUG\n", (int)euser_id));
+
+    if (getuid() != user_id)
+      DEBUG(0,("Unable to reset real uid to %d. THIS IS A BUG\n", (int)user_id));
   }
 #else 
 #if defined(__FreeBSD__) || defined(__OpenBSD__)
diff --git a/source/smbd/server.c b/source/smbd/server.c
index 30ffc4b8544..a53a5249eec 100644
--- a/source/smbd/server.c
+++ b/source/smbd/server.c
@@ -527,7 +527,7 @@ static void usage(char *pname)
 	/* make absolutely sure we run as root - to handle cases where people
 	   are crazy enough to have it setuid */
 
-	gain_root_privilage();
+	gain_root_privilege();
 
 	fault_setup((void (*)(void *))exit_server);
 	CatchSignal(SIGTERM , SIGNAL_CAST dflt_sig);
diff --git a/source/smbd/uid.c b/source/smbd/uid.c
index 90e3eafcf13..bf9e294808e 100644
--- a/source/smbd/uid.c
+++ b/source/smbd/uid.c
@@ -38,7 +38,7 @@ void init_uid(void)
 	current_user.gid = getegid();
 
 	if (current_user.gid != 0 && current_user.uid == 0) {
-		gain_root_group_privilage();
+		gain_root_group_privilege();
 	}
 
 	current_user.conn = NULL;
@@ -305,7 +305,7 @@ static int become_root_depth;
 static pstring become_root_dir;
 
 /****************************************************************************
-This is used when we need to do a privilaged operation (such as mucking
+This is used when we need to do a privileged operation (such as mucking
 with share mode files) and temporarily need root access to do it. This
 call should always be paired with an unbecome_root() call immediately
 after the operation
@@ -329,7 +329,7 @@ void become_root(BOOL save_dir)
 }
 
 /****************************************************************************
-When the privilaged operation is over call this
+When the privileged operation is over call this
 
 Set save_dir if you also need to save/restore the CWD 
 ****************************************************************************/