Rather large (I'm afraid) tidyup of the setuid handling code.

All setuid code now resides in the one module lib/util_sec.c.
The interfaces this module exports are :

void gain_root_privilage(void); - Set real/eff/saved uid's to 0.
void gain_root_group_privilage(void); - Set real/eff/saved gid's to 0.
int set_effective_uid(uid_t uid); - Set eff uid *only* to given value.
int set_effective_gid(gid_t gid); - Set eff gid *only* to given value.
BOOL become_user_permanently(uid_t uid, gid_t gid); - Set real/eff/saved uid's and gid's
	to uid and gid permanently - with no way back to root.

Most of the quota code now uses these calls (except for a few
special cases).

smbd/chgpasswd.c: Ensured the dochild exits in the fork()'d child.
libsmb/nmblib.c: Fix from Jasper for memory leak.

Jeremy.

2 files changed, 9 insertions, 78 deletions

diff --git a/source/lib/smbrun.c b/source/lib/smbrun.c
index 2257fa09e41..ad262c775a8 100644
--- a/source/lib/smbrun.c
+++ b/source/lib/smbrun.c
@@ -40,14 +40,9 @@ static BOOL setup_stdout_file(char *outfile,BOOL shared)
   close(1);
 
   if (shared) {
-	  /* become root - unprivilaged users can't delete these files */
-#if defined(HAVE_SETRESUID) && defined(HAVE_SETRESGID)
-	  setresgid(0,0,0);
-	  setresuid(0,0,0);
-#else      
-	  setuid(0);
-	  seteuid(0);
-#endif
+	/* become root - unprivilaged users can't delete these files */
+	gain_root_privilage();
+	gain_root_group_privilage();
   }
 
   if(sys_stat(outfile, &st) == 0) {
@@ -86,8 +81,8 @@ if shared is not set then open the file with O_EXCL set
 int smbrun(char *cmd,char *outfile,BOOL shared)
 {
 	int fd,pid;
-	int uid = current_user.uid;
-	int gid = current_user.gid;
+	uid_t uid = current_user.uid;
+	gid_t gid = current_user.gid;
 
     /*
      * Lose any kernel oplock capabilities we may have.
@@ -110,7 +105,7 @@ int smbrun(char *cmd,char *outfile,BOOL shared)
 	}
 
 	slprintf(syscmd,sizeof(syscmd)-1,"%s %d %d \"(%s 2>&1) > %s\"",
-		 path,uid,gid,cmd,
+		 path,(int)uid,(int)gid,cmd,
 		 outfile?outfile:"/dev/null");
 	
 	DEBUG(5,("smbrun - running %s ",syscmd));
@@ -143,20 +138,9 @@ int smbrun(char *cmd,char *outfile,BOOL shared)
 	
 	/* now completely lose our privilages. This is a fairly paranoid
 	   way of doing it, but it does work on all systems that I know of */
-#if defined(HAVE_SETRESUID) && defined(HAVE_SETRESGID)
-	setresgid(0,0,0);
-	setresuid(0,0,0);
-	setresgid(gid,gid,gid);
-	setresuid(uid,uid,uid);      
-#else      
-	setuid(0);
-	seteuid(0);
-	setgid(gid);
-	setegid(gid);
-	setuid(uid);
-	seteuid(uid);
-#endif
-	
+
+	become_user_permanently(uid, gid);
+
 	if (getuid() != uid || geteuid() != uid ||
 	    getgid() != gid || getegid() != gid) {
 		/* we failed to lose our privilages - do not execute
diff --git a/source/lib/util.c b/source/lib/util.c
index 9c8e6e92f01..3bf0a42c52a 100644
--- a/source/lib/util.c
+++ b/source/lib/util.c
@@ -2972,56 +2972,3 @@ BOOL reg_split_key(char *full_keyname, uint32 *reg_type, char *key_name)
 
 	return True;
 }
-
-/****************************************************************************
-  become the specified uid - permanently !
-****************************************************************************/
-BOOL become_user_permanently(uid_t uid, gid_t gid)
-{
-	/* now completely lose our privilages. This is a fairly paranoid
-	   way of doing it, but it does work on all systems that I know of */
-
-#if defined(HAVE_SETRESUID) && defined(HAVE_SETRESGID)
-	/*
-	 * Firstly ensure all our uids are set to root.
-	 */
-	setresgid(0,0,0);
-	setresuid(0,0,0);
-
-	/*
-	 * Now ensure we change all our gids.
-	 */
-	setresgid(gid,gid,gid);
-	
-	/*
-	 * Now ensure all the uids are the user.
-	 */
-	setresuid(uid,uid,uid);
-#else
-	/*
-	 * Firstly ensure all our uids are set to root.
-	 */
-	setuid(0);
-	seteuid(0);
-	
-	/*
-	 * Now ensure we change all our gids.
-	 */
-	setgid(gid);
-	setegid(gid);
-	
-	/*
-	 * Now ensure all the uids are the user.
-	 */
-	setuid(uid);
-	seteuid(uid);
-#endif
-	
-	if (getuid() != uid || geteuid() != uid ||
-	    getgid() != gid || getegid() != gid) {
-		/* We failed to lose our privilages. */
-		return False;
-	}
-	
-	return(True);
-}