Replace relevant direct seteuid() calls with calls to (un)become_root()

diff --git a/etc/afpd/file.c b/etc/afpd/file.c
index 407dc6f9d9e5855e1bdde254ae888acf19e9956b..8cd5f456947333a38372e90487aa78c7819eae70 100644 (file)
--- a/etc/afpd/file.c
+++ b/etc/afpd/file.c
@@ -1954,9 +1954,6 @@ int afp_exchangefiles(AFPObj *obj, char *ibuf, size_t ibuflen _U_, char *rbuf _U
     uint32_t           sid, did;
     uint16_t           vid;
 
     uint32_t           sid, did;
     uint16_t           vid;
 

-    uid_t              uid;
-    gid_t              gid;
-

     *rbuflen = 0;
     ibuf += 2;
 
     *rbuflen = 0;
     ibuf += 2;
 


@@ -2124,13 +2121,7 @@ int afp_exchangefiles(AFPObj *obj, char *ibuf, size_t ibuflen _U_, char *rbuf _U
 
     /* change perms, src gets dest perm and vice versa */
 
 
     /* change perms, src gets dest perm and vice versa */
 

-    uid = geteuid();
-    gid = getegid();
-    if (seteuid(0)) {
-        LOG(log_error, logtype_afpd, "seteuid failed %s", strerror(errno));
-        err = AFP_OK; /* ignore error */
-        goto err_temp_to_dest;
-    }
+    become_root();

 
     /*
      * we need to exchange ACL entries as well
 
     /*
      * we need to exchange ACL entries as well


@@ -2154,10 +2145,7 @@ int afp_exchangefiles(AFPObj *obj, char *ibuf, size_t ibuflen _U_, char *rbuf _U
     setfilunixmode(vol, path, srcst.st_mode);
     setfilowner(vol, srcst.st_uid, srcst.st_gid, path);
 
     setfilunixmode(vol, path, srcst.st_mode);
     setfilowner(vol, srcst.st_uid, srcst.st_gid, path);
 

-    if ( setegid(gid) < 0 || seteuid(uid) < 0) {
-        LOG(log_error, logtype_afpd, "can't seteuid back %s", strerror(errno));
-        exit(EXITERR_SYS);
-    }
+    unbecome_root();

 
     err = AFP_OK;
     goto err_exchangefile;
 
     err = AFP_OK;
     goto err_exchangefile;

diff --git a/etc/afpd/messages.c b/etc/afpd/messages.c
index 241f0d08166a166ed2a4b22f8d8b5e088c0b7876..3c85f6a3a505c7fe9ae4c5ade65a5c44f997e708 100644 (file)
--- a/etc/afpd/messages.c
+++ b/etc/afpd/messages.c
@@ -15,6 +15,7 @@
 #include <atalk/afp.h>
 #include <atalk/dsi.h>
 #include <atalk/util.h>
 #include <atalk/afp.h>
 #include <atalk/dsi.h>
 #include <atalk/util.h>

+#include <atalk/unix.h>

 #include <atalk/logger.h>
 #include <atalk/globals.h>
 
 #include <atalk/logger.h>
 #include <atalk/globals.h>
 


@@ -40,7 +41,6 @@ void readmessage(AFPObj *obj)
     unsigned int i; 
     int rc;
     static int c;
     unsigned int i; 
     int rc;
     static int c;

-    uid_t euid;

     uint32_t maxmsgsize;
 
     maxmsgsize = MIN(MAX(obj->dsi->attn_quantum, MAXMESGSIZE), MAXPATHLEN);
     uint32_t maxmsgsize;
 
     maxmsgsize = MIN(MAX(obj->dsi->attn_quantum, MAXMESGSIZE), MAXPATHLEN);


@@ -77,22 +77,12 @@ void readmessage(AFPObj *obj)
         /* cleanup */
         fclose(message);
 
         /* cleanup */
         fclose(message);
 

-        /* Save effective uid and switch to root to delete file. */
-        /* Delete will probably fail otherwise, but let's try anyways */
-        euid = geteuid();
-        if (seteuid(0) < 0) {
-            LOG(log_error, logtype_afpd, "Could not switch back to root: %s",
-                               strerror(errno));
-        }
+        become_root();

 
         if ((rc = unlink(filename)) != 0)
            LOG(log_error, logtype_afpd, "File '%s' could not be deleted", strerror(errno));
 
 
         if ((rc = unlink(filename)) != 0)
            LOG(log_error, logtype_afpd, "File '%s' could not be deleted", strerror(errno));
 

-        /* Drop privs again, failing this is very bad */
-        if (seteuid(euid) < 0) {
-            LOG(log_error, logtype_afpd, "Could not switch back to uid %d: %s", euid, strerror(errno));
-            exit(EXITERR_SYS);
-        }
+        unbecome_root();

 
         if (rc < 0) {
             LOG(log_error, logtype_afpd, "Error deleting %s: %s", filename, strerror(rc));
 
         if (rc < 0) {
             LOG(log_error, logtype_afpd, "Error deleting %s: %s", filename, strerror(rc));

diff --git a/etc/afpd/quota.c b/etc/afpd/quota.c
index 4953d798f06d43c7e34da0b337a0bb80036533b2..6903a21610ab421bbd3560569ae0e3cb30131d45 100644 (file)
--- a/etc/afpd/quota.c
+++ b/etc/afpd/quota.c
@@ -25,6 +25,7 @@
 #include <atalk/logger.h>
 #include <atalk/afp.h>
 #include <atalk/compat.h>
 #include <atalk/logger.h>
 #include <atalk/afp.h>
 #include <atalk/compat.h>

+#include <atalk/unix.h>

 
 #include "auth.h"
 #include "volume.h"
 
 #include "auth.h"
 #include "volume.h"


@@ -47,16 +48,15 @@ getfreespace(const AFPObj *obj, struct vol *vol, VolSpace *bfree, VolSpace *btot
                return -1;
        }
 
                return -1;
        }
 

-       if ( seteuid( getuid() ) != 0 )  {
-               LOG(log_info, logtype_afpd, "seteuid(): %s",
-                   strerror(errno));
-               return -1;
-       }
+    become_root();
+

        if ((retq = getfsquota(obj, vol, ufsq, uid, classq)) < 0) {
                LOG(log_info, logtype_afpd, "getfsquota(%s, %s): %s",
                    vol->v_path, classq, strerror(errno));
        }
        if ((retq = getfsquota(obj, vol, ufsq, uid, classq)) < 0) {
                LOG(log_info, logtype_afpd, "getfsquota(%s, %s): %s",
                    vol->v_path, classq, strerror(errno));
        }

-        seteuid( uid );
+
+    unbecome_root();
+

        if (retq < 1)
                return retq;
 
        if (retq < 1)
                return retq;
 


@@ -541,29 +541,19 @@ static int getfsquota(const AFPObj *obj, struct vol *vol, const int uid, struct
 #endif /* TRU64 */
 
 #ifdef BSD4_4
 #endif /* TRU64 */
 
 #ifdef BSD4_4

-    if ( seteuid( getuid() ) == 0 ) {
+    become_root();

         if ( quotactl( vol->v_path, QCMD(Q_GETQUOTA,USRQUOTA),
                        uid, (char *)dq ) != 0 ) {
             /* try group quotas */
             if (obj->ngroups >= 1) {
                 if ( quotactl(vol->v_path, QCMD(Q_GETQUOTA, GRPQUOTA),
                               obj->groups[0], (char *) &dqg) != 0 ) {
         if ( quotactl( vol->v_path, QCMD(Q_GETQUOTA,USRQUOTA),
                        uid, (char *)dq ) != 0 ) {
             /* try group quotas */
             if (obj->ngroups >= 1) {
                 if ( quotactl(vol->v_path, QCMD(Q_GETQUOTA, GRPQUOTA),
                               obj->groups[0], (char *) &dqg) != 0 ) {

-                    seteuid( uid );
+                    unbecome_root();

                     return( AFPERR_PARAM );
                 }
             }
         }
                     return( AFPERR_PARAM );
                 }
             }
         }

-        seteuid( uid );
-    }
-
-#elif defined(TRU64)
-    if ( seteuid( getuid() ) == 0 ) {
-        if ( quotactl( vol->v_path, QCMD(Q_GETQUOTA, USRQUOTA),
-                       uid, (char *)dq ) != 0 ) {
-            seteuid( uid );
-            return ( AFPERR_PARAM );
-        }
-        seteuid( uid );
+        unbecome_root();

     }
 
 #else /* BSD4_4 */
     }
 
 #else /* BSD4_4 */

diff --git a/include/atalk/unix.h b/include/atalk/unix.h
index 24c1f7c5686e8d4063e655412d7e86f653b6e476..01997e9400f8b74d5e4c77a6a45c4f036029d4b0 100644 (file)
--- a/include/atalk/unix.h
+++ b/include/atalk/unix.h
@@ -19,6 +19,7 @@
 #include <config.h>
 #endif
 
 #include <config.h>
 #endif
 

+#include <sys/stat.h>

 #include <sys/types.h>
 #include <dirent.h>
 
 #include <sys/types.h>
 #include <dirent.h>
 

diff --git a/libatalk/adouble/ad_open.c b/libatalk/adouble/ad_open.c
index 70fba7d27ab5818a822a7269286dfdf1baab9833..3e06e93fb6cfe7e715ac0de66be0d58cf0ae72a7 100644 (file)
--- a/libatalk/adouble/ad_open.c
+++ b/libatalk/adouble/ad_open.c
@@ -1695,26 +1695,16 @@ EC_CLEANUP:
  */
 int ad_metadata(const char *name, int flags, struct adouble *adp)
 {
  */
 int ad_metadata(const char *name, int flags, struct adouble *adp)
 {

-    uid_t uid;

     int   ret, err, oflags;
 
     /* Sanitize flags */
     oflags = (flags & (ADFLAGS_CHECK_OF | ADFLAGS_DIR)) | ADFLAGS_HF | ADFLAGS_RDONLY;    
 
     if ((ret = ad_open(adp, name, oflags)) < 0 && errno == EACCES) {
     int   ret, err, oflags;
 
     /* Sanitize flags */
     oflags = (flags & (ADFLAGS_CHECK_OF | ADFLAGS_DIR)) | ADFLAGS_HF | ADFLAGS_RDONLY;    
 
     if ((ret = ad_open(adp, name, oflags)) < 0 && errno == EACCES) {

-        uid = geteuid();
-        if (seteuid(0)) {
-            LOG(log_error, logtype_default, "ad_metadata(%s): seteuid failed %s", name, strerror(errno));
-            errno = EACCES;
-            return -1;
-        }
-        /* we are root open read only */
+        become_root();

         ret = ad_open(adp, name, oflags);
         ret = ad_open(adp, name, oflags);

+        unbecome_root();

         err = errno;
         err = errno;

-        if ( seteuid(uid) < 0) {
-            LOG(log_error, logtype_default, "ad_metadata: can't seteuid back");
-            exit(EXITERR_SYS);
-        }

         errno = err;
     }
 
         errno = err;
     }
 

diff --git a/libatalk/util/logger.c b/libatalk/util/logger.c
index a7cdd2c12a402ecd8bd8d89a199ff4dd92b4cce2..c8a2a0a8acd2845c43bfbd088e81b7a496855a1b 100644 (file)
--- a/libatalk/util/logger.c
+++ b/libatalk/util/logger.c
@@ -1,3 +1,4 @@
+

 #ifdef HAVE_CONFIG_H
 #include "config.h"
 #endif
 #ifdef HAVE_CONFIG_H
 #include "config.h"
 #endif


@@ -31,8 +32,7 @@ Netatalk 2001 (c)
 
 #include <atalk/util.h>
 #include <atalk/logger.h>
 
 #include <atalk/util.h>
 #include <atalk/logger.h>

-
-#define OPEN_LOGS_AS_UID 0
+#include <atalk/unix.h>

 
 #define COUNT_ARRAY(array) (sizeof((array))/sizeof((array)[0]))
 
 
 #define COUNT_ARRAY(array) (sizeof((array))/sizeof((array)[0]))
 


@@ -256,8 +256,6 @@ static void log_init(void)
 
 static void log_setup(const char *filename, enum loglevels loglevel, enum logtypes logtype)
 {
 
 static void log_setup(const char *filename, enum loglevels loglevel, enum logtypes logtype)
 {

-    uid_t process_uid;
-

     if (loglevel == 0) {
         /* Disable */
         if (type_configs[logtype].set) {
     if (loglevel == 0) {
         /* Disable */
         if (type_configs[logtype].set) {


@@ -321,21 +319,11 @@ static void log_setup(const char *filename, enum loglevels loglevel, enum logtyp
         free(tmp);
 
     } else {
         free(tmp);
 
     } else {

-        process_uid = geteuid();
-        if (process_uid) {
-            if (seteuid(OPEN_LOGS_AS_UID) == -1) {
-                process_uid = 0;
-            }
-        }
+        become_root();

         type_configs[logtype].fd = open(filename,
                                         O_CREAT | O_WRONLY | O_APPEND,
                                         S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
         type_configs[logtype].fd = open(filename,
                                         O_CREAT | O_WRONLY | O_APPEND,
                                         S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);

-        if (process_uid) {
-            if (seteuid(process_uid) == -1) {
-                LOG(log_error, logtype_logger, "can't seteuid back %s", strerror(errno));
-                exit(EXITERR_SYS);
-            }
-        }
+        become_root();

     }
 
     /* Check for error opening/creating logfile */
     }
 
     /* Check for error opening/creating logfile */

diff --git a/libatalk/vfs/ea_ad.c b/libatalk/vfs/ea_ad.c
index 016f92fb7878dbc065a09d76f10cff0632af86fa..cdc7c82820b32837e1832be46054491a5a88898c 100644 (file)
--- a/libatalk/vfs/ea_ad.c
+++ b/libatalk/vfs/ea_ad.c
@@ -1694,28 +1694,20 @@ int ea_chmod_dir(VFS_FUNC_ARGS_SETDIRUNIXMODE)
 
     int ret = AFP_OK;
     unsigned int count = 0;
 
     int ret = AFP_OK;
     unsigned int count = 0;

-    uid_t uid;

     const char *eaname;
     const char *eaname_safe = NULL;
     struct ea ea;
 
     LOG(log_debug, logtype_afpd, "ea_chmod_dir('%s')", name);
     /* .AppleDouble already might be inaccesible, so we must run as id 0 */
     const char *eaname;
     const char *eaname_safe = NULL;
     struct ea ea;
 
     LOG(log_debug, logtype_afpd, "ea_chmod_dir('%s')", name);
     /* .AppleDouble already might be inaccesible, so we must run as id 0 */

-    uid = geteuid();
-    if (seteuid(0)) {
-        LOG(log_error, logtype_afpd, "ea_chmod_dir('%s'): seteuid: %s", name, strerror(errno));
-        return AFPERR_MISC;
-    }
+    become_root();

 
     /* Open EA stuff */
     if ((ea_open(vol, name, EA_RDWR, &ea)) != 0) {
         /* ENOENT --> no EA files, nothing to do */
         if (errno != ENOENT)
             ret = AFPERR_MISC;
 
     /* Open EA stuff */
     if ((ea_open(vol, name, EA_RDWR, &ea)) != 0) {
         /* ENOENT --> no EA files, nothing to do */
         if (errno != ENOENT)
             ret = AFPERR_MISC;

-        if (seteuid(uid) < 0) {
-            LOG(log_error, logtype_afpd, "can't seteuid back: %s", strerror(errno));
-            exit(EXITERR_SYS);
-        }
+        unbecome_root();

         return ret;
     }
 
         return ret;
     }
 


@@ -1768,10 +1760,7 @@ int ea_chmod_dir(VFS_FUNC_ARGS_SETDIRUNIXMODE)
     }
 
 exit:
     }
 
 exit:

-    if (seteuid(uid) < 0) {
-        LOG(log_error, logtype_afpd, "can't seteuid back: %s", strerror(errno));
-        exit(EXITERR_SYS);
-    }
+    unbecome_root();

 
     if ((ea_close(&ea)) != 0) {
         LOG(log_error, logtype_afpd, "ea_chmod_dir('%s'): error closing ea handle", name);
 
     if ((ea_close(&ea)) != 0) {
         LOG(log_error, logtype_afpd, "ea_chmod_dir('%s'): error closing ea handle", name);