source: branches/samba-3.0/source/lib/util_sec.c@ 682

/*
   Unix SMB/CIFS implementation.
   Copyright (C) Jeremy Allison 1998.
   rewritten for version 2.0.6 by Tridge

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 2 of the License, or
   (at your option) any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program; if not, write to the Free Software
   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/

#ifndef AUTOCONF_TEST
#include "includes.h"
#else
/* we are running this code in autoconf test mode to see which type of setuid
   function works */
#if defined(HAVE_UNISTD_H)
#include <unistd.h>
#endif
#include <stdlib.h>
#include <stdio.h>
#include <sys/types.h>
#include <errno.h>

#ifdef HAVE_SYS_PRIV_H
#include <sys/priv.h>
#endif
#ifdef HAVE_SYS_ID_H
#include <sys/id.h>
#endif

#define DEBUG(x, y) printf y
#define smb_panic(x) exit(1)
#define BOOL int
#endif

/* are we running as non-root? This is used by the regresison test code,
   and potentially also for sites that want non-root smbd */
static uid_t initial_uid;
static gid_t initial_gid;

/****************************************************************************
remember what uid we got started as - this allows us to run correctly
as non-root while catching trapdoor systems
****************************************************************************/

void sec_init(void)
{
        static int initialized;

        if (!initialized) {
                initial_uid = geteuid();
                initial_gid = getegid();
                initialized = 1;
        }
}

/****************************************************************************
some code (eg. winbindd) needs to know what uid we started as
****************************************************************************/
uid_t sec_initial_uid(void)
{
        return initial_uid;
}

/****************************************************************************
some code (eg. winbindd, profiling shm) needs to know what gid we started as
****************************************************************************/
gid_t sec_initial_gid(void)
{
        return initial_gid;
}

/****************************************************************************
are we running in non-root mode?
****************************************************************************/
BOOL non_root_mode(void)
{
        return (initial_uid != (uid_t)0);
}

/****************************************************************************
abort if we haven't set the uid correctly
****************************************************************************/
static void assert_uid(uid_t ruid, uid_t euid)
{
#ifndef __OS2__
        if ((euid != (uid_t)-1 && geteuid() != euid) ||
            (ruid != (uid_t)-1 && getuid() != ruid)) {
                if (!non_root_mode()) {
                        DEBUG(0,("Failed to set uid privileges to (%d,%d) now set to (%d,%d)\n",
                                 (int)ruid, (int)euid,
                                 (int)getuid(), (int)geteuid()));
                        smb_panic("failed to set uid\n");
                        exit(1);
                }
        }
#endif /* __OS2__ */
}

/****************************************************************************
abort if we haven't set the gid correctly
****************************************************************************/
static void assert_gid(gid_t rgid, gid_t egid)
{
#ifndef __OS2__
        if ((egid != (gid_t)-1 && getegid() != egid) ||
            (rgid != (gid_t)-1 && getgid() != rgid)) {
                if (!non_root_mode()) {
                        DEBUG(0,("Failed to set gid privileges to (%d,%d) now set to (%d,%d) uid=(%d,%d)\n",
                                 (int)rgid, (int)egid,
                                 (int)getgid(), (int)getegid(),
                                 (int)getuid(), (int)geteuid()));
                        smb_panic("failed to set gid\n");
                        exit(1);
                }
        }
#endif
}

/****************************************************************************
 Gain root privilege before doing something. 
 We want to end up with ruid==euid==0
****************************************************************************/
void gain_root_privilege(void)
{       
#if USE_SETRESUID
        setresuid(0,0,0);
#endif
    
#if USE_SETEUID
        seteuid(0);
#endif

#if USE_SETREUID
        setreuid(0, 0);
#endif

#if USE_SETUIDX
        setuidx(ID_EFFECTIVE, 0);
        setuidx(ID_REAL, 0);
#endif

        /* this is needed on some systems */
        setuid(0);

        assert_uid(0, 0);
}


/****************************************************************************
 Ensure our real and effective groups are zero.
 we want to end up with rgid==egid==0
****************************************************************************/
void gain_root_group_privilege(void)
{
#if USE_SETRESUID
        setresgid(0,0,0);
#endif

#if USE_SETREUID
        setregid(0,0);
#endif

#if USE_SETEUID
        setegid(0);
#endif

#if USE_SETUIDX
        setgidx(ID_EFFECTIVE, 0);
        setgidx(ID_REAL, 0);
#endif

        setgid(0);

        assert_gid(0, 0);
}


/****************************************************************************
 Set effective uid, and possibly the real uid too.
 We want to end up with either:
  
   ruid==uid and euid==uid

 or

   ruid==0 and euid==uid

 depending on what the local OS will allow us to regain root from.
****************************************************************************/
void set_effective_uid(uid_t uid)
{
#if USE_SETRESUID
        /* Set the effective as well as the real uid. */
        if (setresuid(uid,uid,-1) == -1) {
                if (errno == EAGAIN) {
                        DEBUG(0, ("setresuid failed with EAGAIN. uid(%d) "
                                  "might be over its NPROC limit\n",
                                  (int)uid));
                }
        }
#endif

#if USE_SETREUID
        setreuid(-1,uid);
#endif

#if USE_SETEUID
        seteuid(uid);
#endif

#if USE_SETUIDX
        setuidx(ID_EFFECTIVE, uid);
#endif