diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-05 17:47:29 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-05 17:47:29 +0000 |
commit | 4f5791ebd03eaec1c7da0865a383175b05102712 (patch) | |
tree | 8ce7b00f7a76baa386372422adebbe64510812d4 /lib/util/unix_privs.c | |
parent | Initial commit. (diff) | |
download | samba-4f5791ebd03eaec1c7da0865a383175b05102712.tar.xz samba-4f5791ebd03eaec1c7da0865a383175b05102712.zip |
Adding upstream version 2:4.17.12+dfsg.upstream/2%4.17.12+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'lib/util/unix_privs.c')
-rw-r--r-- | lib/util/unix_privs.c | 92 |
1 files changed, 92 insertions, 0 deletions
diff --git a/lib/util/unix_privs.c b/lib/util/unix_privs.c new file mode 100644 index 0000000..9f28432 --- /dev/null +++ b/lib/util/unix_privs.c @@ -0,0 +1,92 @@ +/* + Unix SMB/CIFS implementation. + + gain/lose root privileges + + Copyright (C) Andrew Tridgell 2004 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "replace.h" +#include <talloc.h> +#include "lib/util/fault.h" +#include "system/passwd.h" + +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif + +#include "../lib/util/unix_privs.h" +#include "../lib/util/setid.h" + +/** + * @file + * @brief Gaining/losing root privileges + */ + +/* + there are times when smbd needs to temporarily gain root privileges + to do some operation. To do this you call root_privileges(), which + returns a talloc handle. To restore your previous privileges + talloc_free() this pointer. + + Note that this call is considered successful even if it does not + manage to gain root privileges, but it will call smb_abort() if it + fails to restore the privileges afterwards. The logic is that + failing to gain root access can be caught by whatever operation + needs to be run as root failing, but failing to lose the root + privileges is dangerous. + + This also means that this code is safe to be called from completely + unprivileged processes. +*/ + +struct saved_state { + uid_t uid; +}; + +static int privileges_destructor(struct saved_state *s) +{ + if (geteuid() != s->uid && + samba_seteuid(s->uid) != 0) { + smb_panic("Failed to restore privileges"); + } + return 0; +} + +/** + * Obtain root privileges for the current process. + * + * The privileges can be dropped by talloc_free()-ing the + * token returned by this function + */ +void *root_privileges(void) +{ + struct saved_state *s; + s = talloc(NULL, struct saved_state); + if (!s) return NULL; + s->uid = geteuid(); + if (s->uid != 0) { + samba_seteuid(0); + } + talloc_set_destructor(s, privileges_destructor); + return s; +} + +uid_t root_privileges_original_uid(void *s) +{ + struct saved_state *saved = talloc_get_type_abort(s, struct saved_state); + return saved->uid; +} |