uint32_t sid, did;
uint16_t vid;
- uid_t uid;
- gid_t gid;
-
*rbuflen = 0;
ibuf += 2;
/* change perms, src gets dest perm and vice versa */
- uid = geteuid();
- gid = getegid();
- if (seteuid(0)) {
- LOG(log_error, logtype_afpd, "seteuid failed %s", strerror(errno));
- err = AFP_OK; /* ignore error */
- goto err_temp_to_dest;
- }
+ become_root();
/*
* we need to exchange ACL entries as well
setfilunixmode(vol, path, srcst.st_mode);
setfilowner(vol, srcst.st_uid, srcst.st_gid, path);
- if ( setegid(gid) < 0 || seteuid(uid) < 0) {
- LOG(log_error, logtype_afpd, "can't seteuid back %s", strerror(errno));
- exit(EXITERR_SYS);
- }
+ unbecome_root();
err = AFP_OK;
goto err_exchangefile;
#include <atalk/afp.h>
#include <atalk/dsi.h>
#include <atalk/util.h>
+#include <atalk/unix.h>
#include <atalk/logger.h>
#include <atalk/globals.h>
unsigned int i;
int rc;
static int c;
- uid_t euid;
uint32_t maxmsgsize;
maxmsgsize = MIN(MAX(obj->dsi->attn_quantum, MAXMESGSIZE), MAXPATHLEN);
/* cleanup */
fclose(message);
- /* Save effective uid and switch to root to delete file. */
- /* Delete will probably fail otherwise, but let's try anyways */
- euid = geteuid();
- if (seteuid(0) < 0) {
- LOG(log_error, logtype_afpd, "Could not switch back to root: %s",
- strerror(errno));
- }
+ become_root();
if ((rc = unlink(filename)) != 0)
LOG(log_error, logtype_afpd, "File '%s' could not be deleted", strerror(errno));
- /* Drop privs again, failing this is very bad */
- if (seteuid(euid) < 0) {
- LOG(log_error, logtype_afpd, "Could not switch back to uid %d: %s", euid, strerror(errno));
- exit(EXITERR_SYS);
- }
+ unbecome_root();
if (rc < 0) {
LOG(log_error, logtype_afpd, "Error deleting %s: %s", filename, strerror(rc));
#include <atalk/logger.h>
#include <atalk/afp.h>
#include <atalk/compat.h>
+#include <atalk/unix.h>
#include "auth.h"
#include "volume.h"
return -1;
}
- if ( seteuid( getuid() ) != 0 ) {
- LOG(log_info, logtype_afpd, "seteuid(): %s",
- strerror(errno));
- return -1;
- }
+ become_root();
+
if ((retq = getfsquota(obj, vol, ufsq, uid, classq)) < 0) {
LOG(log_info, logtype_afpd, "getfsquota(%s, %s): %s",
vol->v_path, classq, strerror(errno));
}
- seteuid( uid );
+
+ unbecome_root();
+
if (retq < 1)
return retq;
#endif /* TRU64 */
#ifdef BSD4_4
- if ( seteuid( getuid() ) == 0 ) {
+ become_root();
if ( quotactl( vol->v_path, QCMD(Q_GETQUOTA,USRQUOTA),
uid, (char *)dq ) != 0 ) {
/* try group quotas */
if (obj->ngroups >= 1) {
if ( quotactl(vol->v_path, QCMD(Q_GETQUOTA, GRPQUOTA),
obj->groups[0], (char *) &dqg) != 0 ) {
- seteuid( uid );
+ unbecome_root();
return( AFPERR_PARAM );
}
}
}
- seteuid( uid );
- }
-
-#elif defined(TRU64)
- if ( seteuid( getuid() ) == 0 ) {
- if ( quotactl( vol->v_path, QCMD(Q_GETQUOTA, USRQUOTA),
- uid, (char *)dq ) != 0 ) {
- seteuid( uid );
- return ( AFPERR_PARAM );
- }
- seteuid( uid );
+ unbecome_root();
}
#else /* BSD4_4 */
#include <config.h>
#endif
+#include <sys/stat.h>
#include <sys/types.h>
#include <dirent.h>
*/
int ad_metadata(const char *name, int flags, struct adouble *adp)
{
- uid_t uid;
int ret, err, oflags;
/* Sanitize flags */
oflags = (flags & (ADFLAGS_CHECK_OF | ADFLAGS_DIR)) | ADFLAGS_HF | ADFLAGS_RDONLY;
if ((ret = ad_open(adp, name, oflags)) < 0 && errno == EACCES) {
- uid = geteuid();
- if (seteuid(0)) {
- LOG(log_error, logtype_default, "ad_metadata(%s): seteuid failed %s", name, strerror(errno));
- errno = EACCES;
- return -1;
- }
- /* we are root open read only */
+ become_root();
ret = ad_open(adp, name, oflags);
+ unbecome_root();
err = errno;
- if ( seteuid(uid) < 0) {
- LOG(log_error, logtype_default, "ad_metadata: can't seteuid back");
- exit(EXITERR_SYS);
- }
errno = err;
}
+
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <atalk/util.h>
#include <atalk/logger.h>
-
-#define OPEN_LOGS_AS_UID 0
+#include <atalk/unix.h>
#define COUNT_ARRAY(array) (sizeof((array))/sizeof((array)[0]))
static void log_setup(const char *filename, enum loglevels loglevel, enum logtypes logtype)
{
- uid_t process_uid;
-
if (loglevel == 0) {
/* Disable */
if (type_configs[logtype].set) {
free(tmp);
} else {
- process_uid = geteuid();
- if (process_uid) {
- if (seteuid(OPEN_LOGS_AS_UID) == -1) {
- process_uid = 0;
- }
- }
+ become_root();
type_configs[logtype].fd = open(filename,
O_CREAT | O_WRONLY | O_APPEND,
S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
- if (process_uid) {
- if (seteuid(process_uid) == -1) {
- LOG(log_error, logtype_logger, "can't seteuid back %s", strerror(errno));
- exit(EXITERR_SYS);
- }
- }
+ become_root();
}
/* Check for error opening/creating logfile */
int ret = AFP_OK;
unsigned int count = 0;
- uid_t uid;
const char *eaname;
const char *eaname_safe = NULL;
struct ea ea;
LOG(log_debug, logtype_afpd, "ea_chmod_dir('%s')", name);
/* .AppleDouble already might be inaccesible, so we must run as id 0 */
- uid = geteuid();
- if (seteuid(0)) {
- LOG(log_error, logtype_afpd, "ea_chmod_dir('%s'): seteuid: %s", name, strerror(errno));
- return AFPERR_MISC;
- }
+ become_root();
/* Open EA stuff */
if ((ea_open(vol, name, EA_RDWR, &ea)) != 0) {
/* ENOENT --> no EA files, nothing to do */
if (errno != ENOENT)
ret = AFPERR_MISC;
- if (seteuid(uid) < 0) {
- LOG(log_error, logtype_afpd, "can't seteuid back: %s", strerror(errno));
- exit(EXITERR_SYS);
- }
+ unbecome_root();
return ret;
}
}
exit:
- if (seteuid(uid) < 0) {
- LOG(log_error, logtype_afpd, "can't seteuid back: %s", strerror(errno));
- exit(EXITERR_SYS);
- }
+ unbecome_root();
if ((ea_close(&ea)) != 0) {
LOG(log_error, logtype_afpd, "ea_chmod_dir('%s'): error closing ea handle", name);