diff options
| author | Gerald Carter <jerry@samba.org> | 2006-10-01 21:20:14 +0000 |
|---|---|---|
| committer | Gerald Carter <jerry@samba.org> | 2006-10-01 21:20:14 +0000 |
| commit | 6cd6987fc504a8056295113c12f629ad5c4b2868 (patch) | |
| tree | 1cb4088f4b88d086f5b0bc84ffa99aa3c537e0b2 /source/lib/util_sec.c | |
| parent | 2f4cccbf3b63db498bde48679c228747f1838f91 (diff) | |
| download | samba-6cd6987fc504a8056295113c12f629ad5c4b2868.tar.gz samba-6cd6987fc504a8056295113c12f629ad5c4b2868.tar.xz samba-6cd6987fc504a8056295113c12f629ad5c4b2868.zip | |
r19018: staging for a 3.0.23d on Tuesday (I think we have sufficient changes to warrant one)
Diffstat (limited to 'source/lib/util_sec.c')
| -rw-r--r-- | source/lib/util_sec.c | 42 |
1 files changed, 37 insertions, 5 deletions
diff --git a/source/lib/util_sec.c b/source/lib/util_sec.c index 26be27ea515..3f8cb690cd0 100644 --- a/source/lib/util_sec.c +++ b/source/lib/util_sec.c @@ -52,10 +52,16 @@ static gid_t initial_gid; remember what uid we got started as - this allows us to run correctly as non-root while catching trapdoor systems ****************************************************************************/ + void sec_init(void) { - initial_uid = geteuid(); - initial_gid = getegid(); + static int initialized; + + if (!initialized) { + initial_uid = geteuid(); + initial_gid = getegid(); + initialized = 1; + } } /**************************************************************************** @@ -252,10 +258,9 @@ void save_re_uid(void) /**************************************************************************** and restore them! ****************************************************************************/ -void restore_re_uid(void) -{ - set_effective_uid(0); +static void restore_re_uid_fromroot(void) +{ #if USE_SETRESUID setresuid(saved_ruid, saved_euid, -1); #elif USE_SETREUID @@ -274,6 +279,33 @@ void restore_re_uid(void) assert_uid(saved_ruid, saved_euid); } +void restore_re_uid(void) +{ + set_effective_uid(0); + restore_re_uid_fromroot(); +} + +/**************************************************************************** + Lightweight become root - no group change. +****************************************************************************/ + +void become_root_uid_only(void) +{ + save_re_uid(); + set_effective_uid(0); +} + +/**************************************************************************** + Lightweight unbecome root - no group change. Expects we are root already, + saves errno across call boundary. +****************************************************************************/ + +void unbecome_root_uid_only(void) +{ + int saved_errno = errno; + restore_re_uid_fromroot(); + errno = saved_errno; +} /**************************************************************************** save the real and effective gid for later restoration. Used by the |