void restore_re_gid(void);
int set_re_uid(void);
void become_user_permanently(uid_t uid, gid_t gid);
+int set_thread_credentials_permanently(uid_t uid,
+ gid_t gid,
+ size_t setlen,
+ const gid_t *gidset);
bool is_setuid_root(void) ;
/* The following definitions come from lib/util_sid.c */
assert_gid(gid, gid);
}
+/**********************************************************
+ Function to set thread specific credentials in an
+ irreversible way. Must be thread-safe code.
+**********************************************************/
+
+int set_thread_credentials_permanently(uid_t uid,
+ gid_t gid,
+ size_t setlen,
+ const gid_t *gidset)
+{
+#if defined(USE_LINUX_THREAD_CREDENTIALS)
+ /*
+ * With Linux thread-specific credentials
+ * we know we have setresuid/setresgid
+ * available.
+ */
+
+ /* Become root. */
+ /* Set ru=0, eu=0 */
+ if (samba_setresuid(0, 0, -1) != 0) {
+ return -1;
+ }
+ /* Set our primary gid. */
+ /* Set rg=gid, eg=gid, sg=gid */
+ if (samba_setresgid(gid, gid, gid) != 0) {
+ return -1;
+ }
+ /* Set extra groups list. */
+ if (samba_setgroups(setlen, gidset) != 0) {
+ return -1;
+ }
+ /* Become the requested user. No way back after this. */
+ /* Set ru=uid, eu=uid, su=uid */
+ if (samba_setresuid(uid, uid, uid) != 0) {
+ return -1;
+ }
+ if (geteuid() != uid || getuid() != uid ||
+ getegid() != gid || getgid() != gid) {
+ smb_panic("set_thread_credentials_permanently failed\n");
+ return -1;
+ }
+ return 0;
+#else
+ errno = ENOSYS;
+ return -1;
+#endif
+}
+
#ifdef AUTOCONF_TEST
/****************************************************************************
git.samba.org / mat / samba.git / commitdiff