2 * Copyright (c) 2009 Andrew Tridgell
3 * Copyright (c) 2011-2013 Andreas Schneider <asn@samba.org>
5 * This program is free software: you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation, either version 3 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program. If not, see <http://www.gnu.org/licenses/>.
27 #include <sys/types.h>
30 #ifdef HAVE_SYS_SYSCALL_H
31 #include <sys/syscall.h>
40 #ifdef HAVE_GCC_THREAD_LOCAL_STORAGE
41 # define UWRAP_THREAD __thread
46 # define UWRAP_LOCK(m) do { \
47 pthread_mutex_lock(&( m ## _mutex)); \
50 # define UWRAP_UNLOCK(m) do { \
51 pthread_mutex_unlock(&( m ## _mutex)); \
54 /* Add new global locks here please */
55 # define UWRAP_LOCK_ALL \
56 UWRAP_LOCK(uwrap_id); \
57 UWRAP_LOCK(libc_symbol_binding); \
58 UWRAP_LOCK(libpthread_symbol_binding)
60 # define UWRAP_UNLOCK_ALL \
61 UWRAP_UNLOCK(libpthread_symbol_binding); \
62 UWRAP_UNLOCK(libc_symbol_binding); \
63 UWRAP_UNLOCK(uwrap_id)
65 #ifdef HAVE_CONSTRUCTOR_ATTRIBUTE
66 #define CONSTRUCTOR_ATTRIBUTE __attribute__ ((constructor))
68 #define CONSTRUCTOR_ATTRIBUTE
69 #endif /* HAVE_CONSTRUCTOR_ATTRIBUTE */
71 #ifdef HAVE_DESTRUCTOR_ATTRIBUTE
72 #define DESTRUCTOR_ATTRIBUTE __attribute__ ((destructor))
74 #define DESTRUCTOR_ATTRIBUTE
75 #endif /* HAVE_DESTRUCTOR_ATTRIBUTE */
77 #ifdef HAVE_ADDRESS_SANITIZER_ATTRIBUTE
78 #define DO_NOT_SANITIZE_ADDRESS_ATTRIBUTE __attribute__((no_sanitize_address))
79 #else /* DO_NOT_SANITIZE_ADDRESS_ATTRIBUTE */
80 #define DO_NOT_SANITIZE_ADDRESS_ATTRIBUTE
81 #endif /* DO_NOT_SANITIZE_ADDRESS_ATTRIBUTE */
83 /* GCC have printf type attribute check. */
84 #ifdef HAVE_FUNCTION_ATTRIBUTE_FORMAT
85 #define PRINTF_ATTRIBUTE(a,b) __attribute__ ((__format__ (__printf__, a, b)))
87 #define PRINTF_ATTRIBUTE(a,b)
88 #endif /* HAVE_FUNCTION_ATTRIBUTE_FORMAT */
90 #define UWRAP_DLIST_ADD(list,item) do { \
92 (item)->prev = NULL; \
93 (item)->next = NULL; \
96 (item)->prev = NULL; \
97 (item)->next = (list); \
98 (list)->prev = (item); \
103 #define UWRAP_DLIST_REMOVE(list,item) do { \
104 if ((list) == (item)) { \
105 (list) = (item)->next; \
107 (list)->prev = NULL; \
110 if ((item)->prev) { \
111 (item)->prev->next = (item)->next; \
113 if ((item)->next) { \
114 (item)->next->prev = (item)->prev; \
117 (item)->prev = NULL; \
118 (item)->next = NULL; \
122 #define SAFE_FREE(x) do { if ((x) != NULL) {free(x); (x)=NULL;} } while(0)
129 enum uwrap_dbglvl_e {
136 static void uwrap_log(enum uwrap_dbglvl_e dbglvl, const char *function, const char *format, ...) PRINTF_ATTRIBUTE(3, 4);
137 # define UWRAP_LOG(dbglvl, ...) uwrap_log((dbglvl), __func__, __VA_ARGS__)
139 static void uwrap_log(enum uwrap_dbglvl_e dbglvl, const char *function, const char *format, ...)
144 unsigned int lvl = 0;
145 const char *prefix = "UWRAP";
147 d = getenv("UID_WRAPPER_DEBUGLEVEL");
156 va_start(va, format);
157 vsnprintf(buffer, sizeof(buffer), format, va);
161 case UWRAP_LOG_ERROR:
162 prefix = "UWRAP_ERROR";
165 prefix = "UWRAP_WARN";
167 case UWRAP_LOG_DEBUG:
168 prefix = "UWRAP_DEBUG";
170 case UWRAP_LOG_TRACE:
171 prefix = "UWRAP_TRACE";
187 #define LIBC_NAME "libc.so"
189 typedef int (*__libc_setuid)(uid_t uid);
191 typedef uid_t (*__libc_getuid)(void);
194 typedef int (*__libc_seteuid)(uid_t euid);
198 typedef int (*__libc_setreuid)(uid_t ruid, uid_t euid);
201 #ifdef HAVE_SETRESUID
202 typedef int (*__libc_setresuid)(uid_t ruid, uid_t euid, uid_t suid);
205 #ifdef HAVE_GETRESUID
206 typedef int (*__libc_getresuid)(uid_t *ruid, uid_t *euid, uid_t *suid);
209 typedef uid_t (*__libc_geteuid)(void);
211 typedef int (*__libc_setgid)(gid_t gid);
213 typedef gid_t (*__libc_getgid)(void);
216 typedef int (*__libc_setegid)(uid_t egid);
220 typedef int (*__libc_setregid)(uid_t rgid, uid_t egid);
223 #ifdef HAVE_SETRESGID
224 typedef int (*__libc_setresgid)(uid_t rgid, uid_t egid, uid_t sgid);
227 #ifdef HAVE_GETRESGID
228 typedef int (*__libc_getresgid)(gid_t *rgid, gid_t *egid, gid_t *sgid);
231 typedef gid_t (*__libc_getegid)(void);
233 typedef int (*__libc_getgroups)(int size, gid_t list[]);
235 typedef int (*__libc_setgroups)(size_t size, const gid_t *list);
238 typedef long int (*__libc_syscall)(long int sysno, ...);
241 #define UWRAP_SYMBOL_ENTRY(i) \
247 struct uwrap_libc_symbols {
248 UWRAP_SYMBOL_ENTRY(setuid);
249 UWRAP_SYMBOL_ENTRY(getuid);
251 UWRAP_SYMBOL_ENTRY(seteuid);
254 UWRAP_SYMBOL_ENTRY(setreuid);
256 #ifdef HAVE_SETRESUID
257 UWRAP_SYMBOL_ENTRY(setresuid);
259 #ifdef HAVE_GETRESUID
260 UWRAP_SYMBOL_ENTRY(getresuid);
262 UWRAP_SYMBOL_ENTRY(geteuid);
263 UWRAP_SYMBOL_ENTRY(setgid);
264 UWRAP_SYMBOL_ENTRY(getgid);
266 UWRAP_SYMBOL_ENTRY(setegid);
269 UWRAP_SYMBOL_ENTRY(setregid);
271 #ifdef HAVE_SETRESGID
272 UWRAP_SYMBOL_ENTRY(setresgid);
274 #ifdef HAVE_GETRESGID
275 UWRAP_SYMBOL_ENTRY(getresgid);
277 UWRAP_SYMBOL_ENTRY(getegid);
278 UWRAP_SYMBOL_ENTRY(getgroups);
279 UWRAP_SYMBOL_ENTRY(setgroups);
281 UWRAP_SYMBOL_ENTRY(syscall);
284 #undef UWRAP_SYMBOL_ENTRY
289 /* Yeah... I'm pig. I overloading macro here... So what? */
290 #define UWRAP_SYMBOL_ENTRY(i) \
292 __libpthread_##i f; \
296 typedef int (*__libpthread_pthread_create)(pthread_t *thread,
297 const pthread_attr_t *attr,
298 void *(*start_routine) (void *),
300 typedef void (*__libpthread_pthread_exit)(void *retval);
302 struct uwrap_libpthread_symbols {
303 UWRAP_SYMBOL_ENTRY(pthread_create);
304 UWRAP_SYMBOL_ENTRY(pthread_exit);
306 #undef UWRAP_SYMBOL_ENTRY
309 * We keep the virtualised euid/egid/groups information here
311 struct uwrap_thread {
325 struct uwrap_thread *next;
326 struct uwrap_thread *prev;
332 struct uwrap_libc_symbols symbols;
337 struct uwrap_libpthread_symbols symbols;
342 /* Real uid and gid of user who run uid wrapper */
346 struct uwrap_thread *ids;
349 static struct uwrap uwrap;
351 /* Shortcut to the list item */
352 static UWRAP_THREAD struct uwrap_thread *uwrap_tls_id;
354 /* The mutex or accessing the id */
355 static pthread_mutex_t uwrap_id_mutex = PTHREAD_MUTEX_INITIALIZER;
357 /* The mutex for accessing the global libc.symbols */
358 static pthread_mutex_t libc_symbol_binding_mutex = PTHREAD_MUTEX_INITIALIZER;
360 /* The mutex for accessing the global libpthread.symbols */
361 static pthread_mutex_t libpthread_symbol_binding_mutex = PTHREAD_MUTEX_INITIALIZER;
363 /*********************************************************
365 *********************************************************/
367 bool uid_wrapper_enabled(void);
368 void uwrap_constructor(void) CONSTRUCTOR_ATTRIBUTE;
369 void uwrap_destructor(void) DESTRUCTOR_ATTRIBUTE;
371 /*********************************************************
372 * UWRAP LIBC LOADER FUNCTIONS
373 *********************************************************/
382 static void *uwrap_load_lib_handle(enum uwrap_lib lib)
384 int flags = RTLD_LAZY;
389 flags |= RTLD_DEEPBIND;
395 case UWRAP_LIBSOCKET:
398 handle = uwrap.libc.handle;
399 if (handle == NULL) {
400 for (i = 10; i >= 0; i--) {
401 char soname[256] = {0};
403 snprintf(soname, sizeof(soname), "libc.so.%d", i);
404 handle = dlopen(soname, flags);
405 if (handle != NULL) {
409 /* glibc on Alpha and IA64 is libc.so.6.1 */
410 snprintf(soname, sizeof(soname), "libc.so.%d.1", i);
411 handle = dlopen(soname, flags);
412 if (handle != NULL) {
417 uwrap.libc.handle = handle;
420 case UWRAP_LIBPTHREAD:
421 handle = uwrap.libpthread.handle;
422 if (handle == NULL) {
423 handle = dlopen("libpthread.so.0", flags);
424 if (handle != NULL) {
431 if (handle == NULL) {
433 handle = uwrap.libc.handle = RTLD_NEXT;
436 "Failed to dlopen library: %s\n",
445 static void *_uwrap_bind_symbol(enum uwrap_lib lib, const char *fn_name)
450 handle = uwrap_load_lib_handle(lib);
452 func = dlsym(handle, fn_name);
455 "Failed to find %s: %s\n",
463 #define uwrap_bind_symbol_libc(sym_name) \
464 UWRAP_LOCK(libc_symbol_binding); \
465 if (uwrap.libc.symbols._libc_##sym_name.obj == NULL) { \
466 uwrap.libc.symbols._libc_##sym_name.obj = \
467 _uwrap_bind_symbol(UWRAP_LIBC, #sym_name); \
469 UWRAP_UNLOCK(libc_symbol_binding)
471 #define uwrap_bind_symbol_libpthread(sym_name) \
472 UWRAP_LOCK(libpthread_symbol_binding); \
473 if (uwrap.libpthread.symbols._libpthread_##sym_name.obj == NULL) { \
474 uwrap.libpthread.symbols._libpthread_##sym_name.obj = \
475 _uwrap_bind_symbol(UWRAP_LIBPTHREAD, #sym_name); \
477 UWRAP_UNLOCK(libpthread_symbol_binding)
482 * Functions expeciall from libc need to be loaded individually, you can't load
483 * all at once or gdb will segfault at startup. The same applies to valgrind and
484 * has probably something todo with with the linker.
485 * So we need load each function at the point it is called the first time.
487 static int libc_setuid(uid_t uid)
489 uwrap_bind_symbol_libc(setuid);
491 return uwrap.libc.symbols._libc_setuid.f(uid);
494 static uid_t libc_getuid(void)
496 uwrap_bind_symbol_libc(getuid);
498 return uwrap.libc.symbols._libc_getuid.f();
502 static int libc_seteuid(uid_t euid)
504 uwrap_bind_symbol_libc(seteuid);
506 return uwrap.libc.symbols._libc_seteuid.f(euid);
511 static int libc_setreuid(uid_t ruid, uid_t euid)
513 uwrap_bind_symbol_libc(setreuid);
515 return uwrap.libc.symbols._libc_setreuid.f(ruid, euid);
519 #ifdef HAVE_SETRESUID
520 static int libc_setresuid(uid_t ruid, uid_t euid, uid_t suid)
522 uwrap_bind_symbol_libc(setresuid);
524 return uwrap.libc.symbols._libc_setresuid.f(ruid, euid, suid);
528 #ifdef HAVE_GETRESUID
529 static int libc_getresuid(uid_t *ruid, uid_t *euid, uid_t *suid)
531 uwrap_bind_symbol_libc(getresuid);
533 return uwrap.libc.symbols._libc_getresuid.f(ruid, euid, suid);
537 static uid_t libc_geteuid(void)
539 uwrap_bind_symbol_libc(geteuid);
541 return uwrap.libc.symbols._libc_geteuid.f();
544 static int libc_setgid(gid_t gid)
546 uwrap_bind_symbol_libc(setgid);
548 return uwrap.libc.symbols._libc_setgid.f(gid);
551 static gid_t libc_getgid(void)
553 uwrap_bind_symbol_libc(getgid);
555 return uwrap.libc.symbols._libc_getgid.f();
559 static int libc_setegid(gid_t egid)
561 uwrap_bind_symbol_libc(setegid);
563 return uwrap.libc.symbols._libc_setegid.f(egid);
568 static int libc_setregid(gid_t rgid, gid_t egid)
570 uwrap_bind_symbol_libc(setregid);
572 return uwrap.libc.symbols._libc_setregid.f(rgid, egid);
576 #ifdef HAVE_SETRESGID
577 static int libc_setresgid(gid_t rgid, gid_t egid, gid_t sgid)
579 uwrap_bind_symbol_libc(setresgid);
581 return uwrap.libc.symbols._libc_setresgid.f(rgid, egid, sgid);
585 #ifdef HAVE_GETRESGID
586 static int libc_getresgid(gid_t *rgid, gid_t *egid, gid_t *sgid)
588 uwrap_bind_symbol_libc(setresgid);
590 return uwrap.libc.symbols._libc_getresgid.f(rgid, egid, sgid);
594 static gid_t libc_getegid(void)
596 uwrap_bind_symbol_libc(getegid);
598 return uwrap.libc.symbols._libc_getegid.f();
601 static int libc_getgroups(int size, gid_t list[])
603 uwrap_bind_symbol_libc(getgroups);
605 return uwrap.libc.symbols._libc_getgroups.f(size, list);
608 static int libc_setgroups(size_t size, const gid_t *list)
610 uwrap_bind_symbol_libc(setgroups);
612 return uwrap.libc.symbols._libc_setgroups.f(size, list);
616 DO_NOT_SANITIZE_ADDRESS_ATTRIBUTE
617 static long int libc_vsyscall(long int sysno, va_list va)
623 uwrap_bind_symbol_libc(syscall);
625 for (i = 0; i < 8; i++) {
626 args[i] = va_arg(va, long int);
629 rc = uwrap.libc.symbols._libc_syscall.f(sysno,
644 * This part is "optimistic".
645 * Thread can ends without pthread_exit call.
647 static void libpthread_pthread_exit(void *retval)
649 uwrap_bind_symbol_libpthread(pthread_exit);
651 uwrap.libpthread.symbols._libpthread_pthread_exit.f(retval);
654 static void uwrap_pthread_exit(void *retval)
656 struct uwrap_thread *id = uwrap_tls_id;
658 UWRAP_LOG(UWRAP_LOG_DEBUG, "Cleanup thread");
660 UWRAP_LOCK(uwrap_id);
662 UWRAP_UNLOCK(uwrap_id);
663 libpthread_pthread_exit(retval);
667 UWRAP_DLIST_REMOVE(uwrap.ids, id);
668 SAFE_FREE(id->groups);
672 UWRAP_UNLOCK(uwrap_id);
674 libpthread_pthread_exit(retval);
677 void pthread_exit(void *retval)
679 if (!uid_wrapper_enabled()) {
680 libpthread_pthread_exit(retval);
683 uwrap_pthread_exit(retval);
685 /* Calm down gcc warning. */
689 static int libpthread_pthread_create(pthread_t *thread,
690 const pthread_attr_t *attr,
691 void *(*start_routine) (void *),
694 uwrap_bind_symbol_libpthread(pthread_create);
695 return uwrap.libpthread.symbols._libpthread_pthread_create.f(thread,
701 struct uwrap_pthread_create_args {
702 struct uwrap_thread *id;
703 void *(*start_routine) (void *);
707 static void *uwrap_pthread_create_start(void *_a)
709 struct uwrap_pthread_create_args *a =
710 (struct uwrap_pthread_create_args *)_a;
711 void *(*start_routine) (void *) = a->start_routine;
713 struct uwrap_thread *id = a->id;
719 return start_routine(arg);
722 static int uwrap_pthread_create(pthread_t *thread,
723 const pthread_attr_t *attr,
724 void *(*start_routine) (void *),
727 struct uwrap_pthread_create_args *args;
728 struct uwrap_thread *src_id = uwrap_tls_id;
731 args = malloc(sizeof(struct uwrap_pthread_create_args));
733 UWRAP_LOG(UWRAP_LOG_ERROR,
734 "uwrap_pthread_create: Unable to allocate memory");
738 args->start_routine = start_routine;
741 args->id = calloc(1, sizeof(struct uwrap_thread));
742 if (args->id == NULL) {
744 UWRAP_LOG(UWRAP_LOG_ERROR,
745 "uwrap_pthread_create: Unable to allocate memory");
750 UWRAP_LOCK(uwrap_id);
752 args->id->groups = malloc(sizeof(gid_t) * src_id->ngroups);
753 if (args->id->groups == NULL) {
754 UWRAP_UNLOCK(uwrap_id);
757 UWRAP_LOG(UWRAP_LOG_ERROR,
758 "uwrap_pthread_create: Unable to allocate memory again");
763 args->id->ruid = src_id->ruid;
764 args->id->euid = src_id->euid;
765 args->id->suid = src_id->suid;
767 args->id->rgid = src_id->rgid;
768 args->id->egid = src_id->egid;
769 args->id->sgid = src_id->sgid;
771 args->id->enabled = src_id->enabled;
773 args->id->ngroups = src_id->ngroups;
774 if (src_id->groups != NULL) {
775 memcpy(args->id->groups, src_id->groups,
776 sizeof(gid_t) * src_id->ngroups);
778 SAFE_FREE(args->id->groups);
781 UWRAP_DLIST_ADD(uwrap.ids, args->id);
782 UWRAP_UNLOCK(uwrap_id);
784 ret = libpthread_pthread_create(thread, attr,
785 uwrap_pthread_create_start,
794 int pthread_create(pthread_t *thread,
795 const pthread_attr_t *attr,
796 void *(*start_routine) (void *),
799 if (!uid_wrapper_enabled()) {
800 return libpthread_pthread_create(thread,
806 return uwrap_pthread_create(thread,
812 /*********************************************************
814 *********************************************************/
816 #define GROUP_STRING_SIZE 16384
817 #define GROUP_MAX_COUNT (GROUP_STRING_SIZE / (10 + 1))
820 * This function exports all the IDs of the current user so if
821 * we fork and then exec we can setup uid_wrapper in the new process
824 static void uwrap_export_ids(struct uwrap_thread *id)
826 char groups_str[GROUP_STRING_SIZE] = {0};
827 size_t groups_str_size = sizeof(groups_str);
828 char unsigned_str[16] = {0}; /* We need 10 + 1 (+ 1) */
832 snprintf(unsigned_str, sizeof(unsigned_str), "%u", id->ruid);
833 setenv("UID_WRAPPER_INITIAL_RUID", unsigned_str, 1);
835 snprintf(unsigned_str, sizeof(unsigned_str), "%u", id->euid);
836 setenv("UID_WRAPPER_INITIAL_EUID", unsigned_str, 1);
838 snprintf(unsigned_str, sizeof(unsigned_str), "%u", id->suid);
839 setenv("UID_WRAPPER_INITIAL_SUID", unsigned_str, 1);
842 snprintf(unsigned_str, sizeof(unsigned_str), "%u", id->rgid);
843 setenv("UID_WRAPPER_INITIAL_RGID", unsigned_str, 1);
845 snprintf(unsigned_str, sizeof(unsigned_str), "%u", id->egid);
846 setenv("UID_WRAPPER_INITIAL_EGID", unsigned_str, 1);
848 snprintf(unsigned_str, sizeof(unsigned_str), "%u", id->sgid);
849 setenv("UID_WRAPPER_INITIAL_SGID", unsigned_str, 1);
851 if (id->ngroups > GROUP_MAX_COUNT) {
852 UWRAP_LOG(UWRAP_LOG_ERROR,
853 "ERROR: Number of groups (%u) exceeds maximum value "
854 "uid_wrapper can handle (%u).",
861 for (i = 0; i < id->ngroups; i++) {
862 size_t groups_str_len = strlen(groups_str);
863 size_t groups_str_avail = groups_str_size - groups_str_len - 1;
866 len = snprintf(unsigned_str, sizeof(unsigned_str), ",%u", id->groups[i]);
868 UWRAP_LOG(UWRAP_LOG_ERROR,
869 "snprintf failed for groups[%d]=%u",
874 if (((size_t)len) >= groups_str_avail) {
875 UWRAP_LOG(UWRAP_LOG_ERROR,
876 "groups env string is to small for %d groups",
881 len = snprintf(groups_str + groups_str_len,
882 groups_str_size - groups_str_len,
884 i == 0 ? unsigned_str + 1 : unsigned_str);
886 UWRAP_LOG(UWRAP_LOG_ERROR,
887 "snprintf failed to create groups string at groups[%d]=%u",
894 if (id->ngroups == i) {
895 setenv("UID_WRAPPER_INITIAL_GROUPS", groups_str, 1);
897 snprintf(unsigned_str, sizeof(unsigned_str), "%u", id->ngroups);
898 setenv("UID_WRAPPER_INITIAL_GROUPS_COUNT", unsigned_str, 1);
902 static void uwrap_thread_prepare(void)
904 struct uwrap_thread *id = uwrap_tls_id;
908 /* uid_wrapper is loaded but not enabled */
914 * What happens if another atfork prepare functions calls a uwrap
915 * function? So disable it in case another atfork prepare function
916 * calls a (s)uid function. We disable uid_wrapper only for thread
917 * (process) which called fork.
922 static void uwrap_thread_parent(void)
924 struct uwrap_thread *id = uwrap_tls_id;
926 /* uid_wrapper is loaded but not enabled */
937 static void uwrap_thread_child(void)
939 struct uwrap_thread *id = uwrap_tls_id;
940 struct uwrap_thread *u = uwrap.ids;
942 /* uid_wrapper is loaded but not enabled */
948 uwrap_export_ids(id);
951 * "Garbage collector" - Inspired by DESTRUCTOR.
952 * All threads (except one which called fork()) are dead now.. Dave
953 * That's what posix said...
957 /* Skip this item. */
962 UWRAP_DLIST_REMOVE(uwrap.ids, u);
964 SAFE_FREE(u->groups);
976 * This initializes uid_wrapper with the IDs exported to the environment. Those
977 * are normally set after we forked and executed.
979 static void uwrap_init_env(struct uwrap_thread *id)
984 env = getenv("UID_WRAPPER_INITIAL_RUID");
985 if (env != NULL && env[0] != '\0') {
986 UWRAP_LOG(UWRAP_LOG_DEBUG, "Initialize ruid with %s", env);
987 id->ruid = strtoul(env, (char **)NULL, 10);
988 unsetenv("UID_WRAPPER_INITIAL_RUID");
991 env = getenv("UID_WRAPPER_INITIAL_EUID");
992 if (env != NULL && env[0] != '\0') {
993 UWRAP_LOG(UWRAP_LOG_DEBUG, "Initalize euid with %s", env);
994 id->euid = strtoul(env, (char **)NULL, 10);
995 unsetenv("UID_WRAPPER_INITIAL_EUID");
998 env = getenv("UID_WRAPPER_INITIAL_SUID");
999 if (env != NULL && env[0] != '\0') {
1000 UWRAP_LOG(UWRAP_LOG_DEBUG, "Initalize suid with %s", env);
1001 id->suid = strtoul(env, (char **)NULL, 10);
1002 unsetenv("UID_WRAPPER_INITIAL_SUID");
1005 env = getenv("UID_WRAPPER_INITIAL_RGID");
1006 if (env != NULL && env[0] != '\0') {
1007 UWRAP_LOG(UWRAP_LOG_DEBUG, "Initialize ruid with %s", env);
1008 id->rgid = strtoul(env, (char **)NULL, 10);
1009 unsetenv("UID_WRAPPER_INITIAL_RGID");
1012 env = getenv("UID_WRAPPER_INITIAL_EGID");
1013 if (env != NULL && env[0] != '\0') {
1014 UWRAP_LOG(UWRAP_LOG_DEBUG, "Initalize egid with %s", env);
1015 id->egid = strtoul(env, (char **)NULL, 10);
1016 unsetenv("UID_WRAPPER_INITIAL_EGID");
1019 env = getenv("UID_WRAPPER_INITIAL_SGID");
1020 if (env != NULL && env[0] != '\0') {
1021 UWRAP_LOG(UWRAP_LOG_DEBUG, "Initalize sgid with %s", env);
1022 id->sgid = strtoul(env, (char **)NULL, 10);
1023 unsetenv("UID_WRAPPER_INITIAL_SGID");
1026 env = getenv("UID_WRAPPER_INITIAL_GROUPS_COUNT");
1027 if (env != NULL && env[0] != '\0') {
1028 ngroups = strtol(env, (char **)NULL, 10);
1029 unsetenv("UID_WRAPPER_INITIAL_GROUPS_COUNT");
1032 if (ngroups > 0 && ngroups < GROUP_MAX_COUNT) {
1038 id->groups = malloc(sizeof(gid_t) * ngroups);
1039 if (id->groups == NULL) {
1040 UWRAP_LOG(UWRAP_LOG_ERROR,
1041 "Unable to allocate memory");
1045 env = getenv("UID_WRAPPER_INITIAL_GROUPS");
1046 if (env != NULL && env[0] != '\0') {
1047 char *groups_str = NULL;
1048 char *saveptr = NULL;
1049 const char *p = NULL;
1051 groups_str = strdup(env);
1052 if (groups_str == NULL) {
1056 p = strtok_r(groups_str, ",", &saveptr);
1058 id->groups[i] = strtol(p, (char **)NULL, 10);
1061 p = strtok_r(NULL, ",", &saveptr);
1063 SAFE_FREE(groups_str);
1067 UWRAP_LOG(UWRAP_LOG_ERROR,
1068 "ERROR: The number of groups (%u) passed, "
1069 "does not match the number of groups (%u) "
1076 UWRAP_LOG(UWRAP_LOG_DEBUG, "Initalize groups with %s", env);
1077 id->ngroups = ngroups;
1081 static void uwrap_init(void)
1085 UWRAP_LOCK(uwrap_id);
1087 if (uwrap.initialised) {
1088 struct uwrap_thread *id = uwrap_tls_id;
1090 if (uwrap.ids == NULL) {
1091 UWRAP_UNLOCK(uwrap_id);
1096 UWRAP_LOG(UWRAP_LOG_ERROR,
1097 "Invalid id for thread");
1101 UWRAP_UNLOCK(uwrap_id);
1105 UWRAP_LOG(UWRAP_LOG_DEBUG, "Initialize uid_wrapper");
1107 uwrap.initialised = true;
1109 env = getenv("UID_WRAPPER");
1110 if (env != NULL && env[0] == '1') {
1111 const char *root = getenv("UID_WRAPPER_ROOT");
1112 struct uwrap_thread *id;
1114 id = calloc(1, sizeof(struct uwrap_thread));
1116 UWRAP_LOG(UWRAP_LOG_ERROR,
1117 "Unable to allocate memory for main id");
1121 UWRAP_DLIST_ADD(uwrap.ids, id);
1124 uwrap.myuid = libc_geteuid();
1125 uwrap.mygid = libc_getegid();
1127 /* put us in one group */
1128 if (root != NULL && root[0] == '1') {
1129 id->ruid = id->euid = id->suid = 0;
1130 id->rgid = id->egid = id->sgid = 0;
1132 id->groups = malloc(sizeof(gid_t) * 1);
1133 if (id->groups == NULL) {
1134 UWRAP_LOG(UWRAP_LOG_ERROR,
1135 "Unable to allocate memory");
1143 id->ruid = id->euid = id->suid = uwrap.myuid;
1144 id->rgid = id->egid = id->sgid = uwrap.mygid;
1146 id->ngroups = libc_getgroups(0, NULL);
1147 if (id->ngroups == -1) {
1148 UWRAP_LOG(UWRAP_LOG_ERROR,
1149 "Unable to call libc_getgroups in uwrap_init.");
1152 id->groups = malloc(sizeof(gid_t) * id->ngroups);
1153 if (id->groups == NULL) {
1154 UWRAP_LOG(UWRAP_LOG_ERROR, "Unable to allocate memory");
1157 if (libc_getgroups(id->ngroups, id->groups) == -1) {
1158 UWRAP_LOG(UWRAP_LOG_ERROR,
1159 "Unable to call libc_getgroups again in uwrap_init.");
1162 * Deallocation of uwrap.groups is handled by
1163 * library destructor.
1173 UWRAP_LOG(UWRAP_LOG_DEBUG,
1174 "Enabled uid_wrapper as %s (real uid=%u)",
1175 id->ruid == 0 ? "root" : "user",
1176 (unsigned int)uwrap.myuid);
1179 UWRAP_UNLOCK(uwrap_id);
1181 UWRAP_LOG(UWRAP_LOG_DEBUG, "Successfully initialized uid_wrapper");
1184 bool uid_wrapper_enabled(void)
1186 struct uwrap_thread *id = uwrap_tls_id;
1193 UWRAP_LOCK(uwrap_id);
1194 enabled = id->enabled;
1195 UWRAP_UNLOCK(uwrap_id);
1201 * UWRAP_SETxUID FUNCTIONS
1204 static int uwrap_setresuid_args(uid_t ruid, uid_t euid, uid_t suid)
1206 struct uwrap_thread *id = uwrap_tls_id;
1208 UWRAP_LOG(UWRAP_LOG_TRACE,
1209 "ruid %d -> %d, euid %d -> %d, suid %d -> %d",
1210 id->ruid, ruid, id->euid, euid, id->suid, suid);
1212 if (id->euid != 0) {
1213 if (ruid != (uid_t)-1 &&
1220 if (euid != (uid_t)-1 &&
1227 if (suid != (uid_t)-1 &&
1239 static int uwrap_setresuid_thread(uid_t ruid, uid_t euid, uid_t suid)
1241 struct uwrap_thread *id = uwrap_tls_id;
1244 UWRAP_LOG(UWRAP_LOG_TRACE,
1245 "ruid %d -> %d, euid %d -> %d, suid %d -> %d",
1246 id->ruid, ruid, id->euid, euid, id->suid, suid);
1248 rc = uwrap_setresuid_args(ruid, euid, suid);
1253 UWRAP_LOCK(uwrap_id);
1255 if (ruid != (uid_t)-1) {
1259 if (euid != (uid_t)-1) {
1263 if (suid != (uid_t)-1) {
1267 UWRAP_UNLOCK(uwrap_id);
1272 static int uwrap_setresuid(uid_t ruid, uid_t euid, uid_t suid)
1274 struct uwrap_thread *id = uwrap_tls_id;
1277 UWRAP_LOG(UWRAP_LOG_TRACE,
1278 "ruid %d -> %d, euid %d -> %d, suid %d -> %d",
1279 id->ruid, ruid, id->euid, euid, id->suid, suid);
1281 rc = uwrap_setresuid_args(ruid, euid, suid);
1286 UWRAP_LOCK(uwrap_id);
1288 for (id = uwrap.ids; id; id = id->next) {
1289 if (ruid != (uid_t)-1) {
1293 if (euid != (uid_t)-1) {
1297 if (suid != (uid_t)-1) {
1302 UWRAP_UNLOCK(uwrap_id);
1307 static int uwrap_setreuid_args(uid_t ruid, uid_t euid,
1312 struct uwrap_thread *id = uwrap_tls_id;
1313 uid_t new_ruid = -1, new_euid = -1, new_suid = -1;
1315 UWRAP_LOG(UWRAP_LOG_TRACE,
1316 "ruid %d -> %d, euid %d -> %d",
1317 id->ruid, ruid, id->euid, euid);
1319 if (ruid != (uid_t)-1) {
1321 if (ruid != id->ruid &&
1329 if (euid != (uid_t)-1) {
1331 if (euid != id->ruid &&
1340 if (ruid != (uid_t) -1 ||
1341 (euid != (uid_t)-1 && id->ruid != euid)) {
1342 new_suid = new_euid;
1345 *_new_ruid = new_ruid;
1346 *_new_euid = new_euid;
1347 *_new_suid = new_suid;
1352 static int uwrap_setreuid_thread(uid_t ruid, uid_t euid)
1354 struct uwrap_thread *id = uwrap_tls_id;
1355 uid_t new_ruid = -1, new_euid = -1, new_suid = -1;
1358 UWRAP_LOG(UWRAP_LOG_TRACE,
1359 "ruid %d -> %d, euid %d -> %d",
1360 id->ruid, ruid, id->euid, euid);
1362 rc = uwrap_setreuid_args(ruid, euid, &new_ruid, &new_euid, &new_suid);
1367 return uwrap_setresuid_thread(new_ruid, new_euid, new_suid);
1370 #ifdef HAVE_SETREUID
1371 static int uwrap_setreuid(uid_t ruid, uid_t euid)
1373 struct uwrap_thread *id = uwrap_tls_id;
1374 uid_t new_ruid = -1, new_euid = -1, new_suid = -1;
1377 UWRAP_LOG(UWRAP_LOG_TRACE,
1378 "ruid %d -> %d, euid %d -> %d",
1379 id->ruid, ruid, id->euid, euid);
1381 rc = uwrap_setreuid_args(ruid, euid, &new_ruid, &new_euid, &new_suid);
1386 return uwrap_setresuid(new_ruid, new_euid, new_suid);
1390 static int uwrap_setuid_args(uid_t uid,
1395 struct uwrap_thread *id = uwrap_tls_id;
1397 UWRAP_LOG(UWRAP_LOG_TRACE,
1401 if (uid == (uid_t)-1) {
1406 if (id->euid == 0) {
1407 *new_suid = *new_ruid = uid;
1408 } else if (uid != id->ruid &&
1419 static int uwrap_setuid_thread(uid_t uid)
1421 uid_t new_ruid = -1, new_euid = -1, new_suid = -1;
1424 rc = uwrap_setuid_args(uid, &new_ruid, &new_euid, &new_suid);
1429 return uwrap_setresuid_thread(new_ruid, new_euid, new_suid);
1432 static int uwrap_setuid(uid_t uid)
1434 uid_t new_ruid = -1, new_euid = -1, new_suid = -1;
1437 rc = uwrap_setuid_args(uid, &new_ruid, &new_euid, &new_suid);
1442 return uwrap_setresuid(new_ruid, new_euid, new_suid);
1446 * UWRAP_GETxUID FUNCTIONS
1449 #ifdef HAVE_GETRESUID
1450 static int uwrap_getresuid(uid_t *ruid, uid_t *euid, uid_t *suid)
1452 struct uwrap_thread *id = uwrap_tls_id;
1454 UWRAP_LOCK(uwrap_id);
1460 UWRAP_UNLOCK(uwrap_id);
1466 #ifdef HAVE_GETRESGID
1467 static int uwrap_getresgid(gid_t *rgid, gid_t *egid, gid_t *sgid)
1469 struct uwrap_thread *id = uwrap_tls_id;
1471 UWRAP_LOCK(uwrap_id);
1477 UWRAP_UNLOCK(uwrap_id);
1484 * UWRAP_SETxGID FUNCTIONS
1487 static int uwrap_setresgid_args(gid_t rgid, gid_t egid, gid_t sgid)
1489 struct uwrap_thread *id = uwrap_tls_id;
1491 UWRAP_LOG(UWRAP_LOG_TRACE,
1492 "rgid %d -> %d, egid %d -> %d, sgid %d -> %d",
1493 id->rgid, rgid, id->egid, egid, id->sgid, sgid);
1495 if (id->euid != 0) {
1496 if (rgid != (gid_t)-1 &&
1503 if (egid != (gid_t)-1 &&
1510 if (sgid != (gid_t)-1 &&
1522 static int uwrap_setresgid_thread(gid_t rgid, gid_t egid, gid_t sgid)
1524 struct uwrap_thread *id = uwrap_tls_id;
1527 UWRAP_LOG(UWRAP_LOG_TRACE,
1528 "rgid %d -> %d, egid %d -> %d, sgid %d -> %d",
1529 id->rgid, rgid, id->egid, egid, id->sgid, sgid);
1531 rc = uwrap_setresgid_args(rgid, egid, sgid);
1536 UWRAP_LOCK(uwrap_id);
1538 if (rgid != (gid_t)-1) {
1542 if (egid != (gid_t)-1) {
1546 if (sgid != (gid_t)-1) {
1550 UWRAP_UNLOCK(uwrap_id);
1555 static int uwrap_setresgid(gid_t rgid, gid_t egid, gid_t sgid)
1557 struct uwrap_thread *id = uwrap_tls_id;
1560 UWRAP_LOG(UWRAP_LOG_TRACE,
1561 "rgid %d -> %d, egid %d -> %d, sgid %d -> %d",
1562 id->rgid, rgid, id->egid, egid, id->sgid, sgid);
1564 rc = uwrap_setresgid_args(rgid, egid, sgid);
1569 UWRAP_LOCK(uwrap_id);
1571 for (id = uwrap.ids; id; id = id->next) {
1572 if (rgid != (gid_t)-1) {
1576 if (egid != (gid_t)-1) {
1580 if (sgid != (gid_t)-1) {
1585 UWRAP_UNLOCK(uwrap_id);
1590 static int uwrap_setregid_args(gid_t rgid, gid_t egid,
1595 struct uwrap_thread *id = uwrap_tls_id;
1596 gid_t new_rgid = -1, new_egid = -1, new_sgid = -1;
1598 UWRAP_LOG(UWRAP_LOG_TRACE,
1599 "rgid %d -> %d, egid %d -> %d",
1600 id->rgid, rgid, id->egid, egid);
1602 if (rgid != (gid_t)-1) {
1604 if (rgid != id->rgid &&
1612 if (egid != (gid_t)-1) {
1614 if (egid != id->rgid &&
1623 if (rgid != (gid_t) -1 ||
1624 (egid != (gid_t)-1 && id->rgid != egid)) {
1625 new_sgid = new_egid;
1628 *_new_rgid = new_rgid;
1629 *_new_egid = new_egid;
1630 *_new_sgid = new_sgid;
1635 static int uwrap_setregid_thread(gid_t rgid, gid_t egid)
1637 struct uwrap_thread *id = uwrap_tls_id;
1638 gid_t new_rgid = -1, new_egid = -1, new_sgid = -1;
1641 UWRAP_LOG(UWRAP_LOG_TRACE,
1642 "rgid %d -> %d, egid %d -> %d",
1643 id->rgid, rgid, id->egid, egid);
1645 rc = uwrap_setregid_args(rgid, egid, &new_rgid, &new_egid, &new_sgid);
1650 return uwrap_setresgid_thread(new_rgid, new_egid, new_sgid);
1653 #ifdef HAVE_SETREGID
1654 static int uwrap_setregid(gid_t rgid, gid_t egid)
1656 struct uwrap_thread *id = uwrap_tls_id;
1657 gid_t new_rgid = -1, new_egid = -1, new_sgid = -1;
1660 UWRAP_LOG(UWRAP_LOG_TRACE,
1661 "rgid %d -> %d, egid %d -> %d",
1662 id->rgid, rgid, id->egid, egid);
1664 rc = uwrap_setregid_args(rgid, egid, &new_rgid, &new_egid, &new_sgid);
1669 return uwrap_setresgid(new_rgid, new_egid, new_sgid);
1673 static int uwrap_setgid_args(gid_t gid,
1678 struct uwrap_thread *id = uwrap_tls_id;
1680 UWRAP_LOG(UWRAP_LOG_TRACE,
1684 if (gid == (gid_t)-1) {
1689 if (id->euid == 0) {
1690 *new_sgid = *new_rgid = gid;
1691 } else if (gid != id->rgid &&
1702 static int uwrap_setgid_thread(gid_t gid)
1704 gid_t new_rgid = -1, new_egid = -1, new_sgid = -1;
1707 rc = uwrap_setgid_args(gid, &new_rgid, &new_egid, &new_sgid);
1712 return uwrap_setresgid_thread(new_rgid, new_egid, new_sgid);
1715 static int uwrap_setgid(gid_t gid)
1717 gid_t new_rgid = -1, new_egid = -1, new_sgid = -1;
1720 rc = uwrap_setgid_args(gid, &new_rgid, &new_egid, &new_sgid);
1725 return uwrap_setresgid(new_rgid, new_egid, new_sgid);
1731 int setuid(uid_t uid)
1733 if (!uid_wrapper_enabled()) {
1734 return libc_setuid(uid);
1738 return uwrap_setuid(uid);
1742 int seteuid(uid_t euid)
1744 if (!uid_wrapper_enabled()) {
1745 return libc_seteuid(euid);
1748 /* On FreeBSD the uid_t -1 is set and doesn't produce and error */
1749 if (euid == (uid_t)-1) {
1755 return uwrap_setresuid(-1, euid, -1);
1759 #ifdef HAVE_SETREUID
1760 int setreuid(uid_t ruid, uid_t euid)
1762 if (!uid_wrapper_enabled()) {
1763 return libc_setreuid(ruid, euid);
1767 return uwrap_setreuid(ruid, euid);
1771 #ifdef HAVE_SETRESUID
1772 int setresuid(uid_t ruid, uid_t euid, uid_t suid)
1774 if (!uid_wrapper_enabled()) {
1775 return libc_setresuid(ruid, euid, suid);
1779 return uwrap_setresuid(ruid, euid, suid);
1783 #ifdef HAVE_GETRESUID
1784 int getresuid(uid_t *ruid, uid_t *euid, uid_t *suid)
1786 if (!uid_wrapper_enabled()) {
1787 return libc_getresuid(ruid, euid, suid);
1791 return uwrap_getresuid(ruid, euid, suid);
1798 static uid_t uwrap_getuid(void)
1800 struct uwrap_thread *id = uwrap_tls_id;
1803 UWRAP_LOCK(uwrap_id);
1805 UWRAP_UNLOCK(uwrap_id);
1812 if (!uid_wrapper_enabled()) {
1813 return libc_getuid();
1817 return uwrap_getuid();
1823 static uid_t uwrap_geteuid(void)
1825 const char *env = getenv("UID_WRAPPER_MYUID");
1826 struct uwrap_thread *id = uwrap_tls_id;
1829 UWRAP_LOCK(uwrap_id);
1831 UWRAP_UNLOCK(uwrap_id);
1833 /* Disable root and return myuid */
1834 if (env != NULL && env[0] == '1') {
1843 if (!uid_wrapper_enabled()) {
1844 return libc_geteuid();
1848 return uwrap_geteuid();
1854 int setgid(gid_t gid)
1856 if (!uid_wrapper_enabled()) {
1857 return libc_setgid(gid);
1861 return uwrap_setgid(gid);
1865 int setegid(gid_t egid)
1867 if (!uid_wrapper_enabled()) {
1868 return libc_setegid(egid);
1871 /* On FreeBSD the uid_t -1 is set and doesn't produce and error */
1872 if (egid == (gid_t)-1) {
1878 return uwrap_setresgid(-1, egid, -1);
1882 #ifdef HAVE_SETREGID
1883 int setregid(gid_t rgid, gid_t egid)
1885 if (!uid_wrapper_enabled()) {
1886 return libc_setregid(rgid, egid);
1890 return uwrap_setregid(rgid, egid);
1894 #ifdef HAVE_SETRESGID
1895 int setresgid(gid_t rgid, gid_t egid, gid_t sgid)
1897 if (!uid_wrapper_enabled()) {
1898 return libc_setresgid(rgid, egid, sgid);
1902 return uwrap_setresgid(rgid, egid, sgid);
1906 #ifdef HAVE_GETRESGID
1907 int getresgid(gid_t *rgid, gid_t *egid, gid_t *sgid)
1909 if (!uid_wrapper_enabled()) {
1910 return libc_getresgid(rgid, egid, sgid);
1914 return uwrap_getresgid(rgid, egid, sgid);
1921 static gid_t uwrap_getgid(void)
1923 struct uwrap_thread *id = uwrap_tls_id;
1926 UWRAP_LOCK(uwrap_id);
1928 UWRAP_UNLOCK(uwrap_id);
1935 if (!uid_wrapper_enabled()) {
1936 return libc_getgid();
1940 return uwrap_getgid();
1946 static uid_t uwrap_getegid(void)
1948 struct uwrap_thread *id = uwrap_tls_id;
1951 UWRAP_LOCK(uwrap_id);
1953 UWRAP_UNLOCK(uwrap_id);
1960 if (!uid_wrapper_enabled()) {
1961 return libc_getegid();
1965 return uwrap_getegid();
1968 static int uwrap_setgroups_thread(size_t size, const gid_t *list)
1970 struct uwrap_thread *id = uwrap_tls_id;
1973 UWRAP_LOCK(uwrap_id);
1976 SAFE_FREE(id->groups);
1978 } else if (size > 0) {
1981 tmp = realloc(id->groups, sizeof(gid_t) * size);
1988 memcpy(id->groups, list, size * sizeof(gid_t));
1993 UWRAP_UNLOCK(uwrap_id);
1998 static int uwrap_setgroups(size_t size, const gid_t *list)
2000 struct uwrap_thread *id;
2003 UWRAP_LOCK(uwrap_id);
2006 for (id = uwrap.ids; id; id = id->next) {
2007 SAFE_FREE(id->groups);
2011 } else if (size > 0) {
2014 for (id = uwrap.ids; id; id = id->next) {
2015 tmp = realloc(id->groups, sizeof(gid_t) * size);
2023 memcpy(id->groups, list, size * sizeof(gid_t));
2029 UWRAP_UNLOCK(uwrap_id);
2034 #ifdef HAVE_SETGROUPS_INT
2035 int setgroups(int size, const gid_t *list)
2037 int setgroups(size_t size, const gid_t *list)
2040 if (!uid_wrapper_enabled()) {
2041 return libc_setgroups(size, list);
2045 return uwrap_setgroups(size, list);
2048 static int uwrap_getgroups(int size, gid_t *list)
2050 struct uwrap_thread *id = uwrap_tls_id;
2053 UWRAP_LOCK(uwrap_id);
2054 ngroups = id->ngroups;
2056 if (size > ngroups) {
2062 if (size < ngroups) {
2066 memcpy(list, id->groups, size * sizeof(gid_t));
2069 UWRAP_UNLOCK(uwrap_id);
2074 int getgroups(int size, gid_t *list)
2076 if (!uid_wrapper_enabled()) {
2077 return libc_getgroups(size, list);
2081 return uwrap_getgroups(size, list);
2084 #if (defined(HAVE_SYS_SYSCALL_H) || defined(HAVE_SYSCALL_H)) \
2085 && (defined(SYS_setreuid) || defined(SYS_setreuid32))
2086 static long int uwrap_syscall (long int sysno, va_list vp)
2097 #ifdef HAVE_LINUX_32BIT_SYSCALLS
2101 rc = uwrap_getgid();
2106 #ifdef HAVE_LINUX_32BIT_SYSCALLS
2110 rc = uwrap_getegid();
2113 #endif /* SYS_getegid */
2115 #ifdef HAVE_LINUX_32BIT_SYSCALLS
2119 gid_t gid = (gid_t) va_arg(vp, gid_t);
2121 rc = uwrap_setgid_thread(gid);
2125 #ifdef HAVE_LINUX_32BIT_SYSCALLS
2126 case SYS_setregid32:
2129 gid_t rgid = (gid_t) va_arg(vp, gid_t);
2130 gid_t egid = (gid_t) va_arg(vp, gid_t);
2132 rc = uwrap_setregid_thread(rgid, egid);
2135 #ifdef SYS_setresgid
2137 #ifdef HAVE_LINUX_32BIT_SYSCALLS
2138 case SYS_setresgid32:
2141 gid_t rgid = (gid_t) va_arg(vp, gid_t);
2142 gid_t egid = (gid_t) va_arg(vp, gid_t);
2143 gid_t sgid = (gid_t) va_arg(vp, gid_t);
2145 rc = uwrap_setresgid_thread(rgid, egid, sgid);
2148 #endif /* SYS_setresgid */
2149 #if defined(SYS_getresgid) && defined(HAVE_GETRESGID)
2151 #ifdef HAVE_LINUX_32BIT_SYSCALLS
2152 case SYS_getresgid32:
2155 gid_t *rgid = (gid_t *) va_arg(vp, gid_t *);
2156 gid_t *egid = (gid_t *) va_arg(vp, gid_t *);
2157 gid_t *sgid = (gid_t *) va_arg(vp, gid_t *);
2159 rc = uwrap_getresgid(rgid, egid, sgid);
2162 #endif /* SYS_getresgid && HAVE_GETRESGID */
2170 #ifdef HAVE_LINUX_32BIT_SYSCALLS
2174 rc = uwrap_getuid();
2179 #ifdef HAVE_LINUX_32BIT_SYSCALLS
2183 rc = uwrap_geteuid();
2186 #endif /* SYS_geteuid */
2188 #ifdef HAVE_LINUX_32BIT_SYSCALLS
2192 uid_t uid = (uid_t) va_arg(vp, uid_t);
2194 rc = uwrap_setuid_thread(uid);
2198 #ifdef HAVE_LINUX_32BIT_SYSCALLS
2199 case SYS_setreuid32:
2202 uid_t ruid = (uid_t) va_arg(vp, uid_t);
2203 uid_t euid = (uid_t) va_arg(vp, uid_t);
2205 rc = uwrap_setreuid_thread(ruid, euid);
2208 #ifdef SYS_setresuid
2210 #ifdef HAVE_LINUX_32BIT_SYSCALLS
2211 case SYS_setresuid32:
2214 uid_t ruid = (uid_t) va_arg(vp, uid_t);
2215 uid_t euid = (uid_t) va_arg(vp, uid_t);
2216 uid_t suid = (uid_t) va_arg(vp, uid_t);
2218 rc = uwrap_setresuid_thread(ruid, euid, suid);
2221 #endif /* SYS_setresuid */
2222 #if defined(SYS_getresuid) && defined(HAVE_GETRESUID)
2224 #ifdef HAVE_LINUX_32BIT_SYSCALLS
2225 case SYS_getresuid32:
2228 uid_t *ruid = (uid_t *) va_arg(vp, uid_t *);
2229 uid_t *euid = (uid_t *) va_arg(vp, uid_t *);
2230 uid_t *suid = (uid_t *) va_arg(vp, uid_t *);
2232 rc = uwrap_getresuid(ruid, euid, suid);
2235 #endif /* SYS_getresuid && HAVE_GETRESUID*/
2238 #ifdef HAVE_LINUX_32BIT_SYSCALLS
2239 case SYS_setgroups32:
2242 size_t size = (size_t) va_arg(vp, size_t);
2243 gid_t *list = (gid_t *) va_arg(vp, int *);
2245 rc = uwrap_setgroups_thread(size, list);
2249 UWRAP_LOG(UWRAP_LOG_DEBUG,
2250 "UID_WRAPPER calling non-wrapped syscall %lu",
2253 rc = libc_vsyscall(sysno, vp);
2261 #ifdef HAVE_SYSCALL_INT
2262 int syscall (int sysno, ...)
2264 long int syscall (long int sysno, ...)
2267 #ifdef HAVE_SYSCALL_INT
2274 va_start(va, sysno);
2276 if (!uid_wrapper_enabled()) {
2277 rc = libc_vsyscall(sysno, va);
2283 rc = uwrap_syscall(sysno, va);
2288 #endif /* HAVE_SYSCALL */
2289 #endif /* HAVE_SYS_SYSCALL_H || HAVE_SYSCALL_H */
2291 /****************************
2293 ***************************/
2294 void uwrap_constructor(void)
2297 * If we hold a lock and the application forks, then the child
2298 * is not able to unlock the mutex and we are in a deadlock.
2299 * This should prevent such deadlocks.
2301 pthread_atfork(&uwrap_thread_prepare,
2302 &uwrap_thread_parent,
2303 &uwrap_thread_child);
2305 /* Here is safe place to call uwrap_init() and initialize data
2311 /****************************
2313 ***************************/
2316 * This function is called when the library is unloaded and makes sure that
2317 * resources are freed.
2319 void uwrap_destructor(void)
2321 struct uwrap_thread *u = uwrap.ids;
2326 UWRAP_DLIST_REMOVE(uwrap.ids, u);
2328 SAFE_FREE(u->groups);
2335 if (uwrap.libc.handle != NULL) {
2336 dlclose(uwrap.libc.handle);
2339 if (uwrap.libpthread.handle != NULL) {
2340 dlclose(uwrap.libpthread.handle);
git.samba.org / uid_wrapper.git / blob