From: Frank Lahm <franklahm@gmail.com>
Date: Fri, 31 Aug 2012 09:36:08 +0000 (+0200)
Subject: Replace relevant direct seteuid() calls with calls to (un)become_root()
X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?p=netatalk.git;a=commitdiff_plain;h=4111aba41c36a99bfd7eb7e987b24314735cdd10

Replace relevant direct seteuid() calls with calls to (un)become_root()
---

diff --git a/etc/afpd/file.c b/etc/afpd/file.c
index 407dc6f9..8cd5f456 100644
--- a/etc/afpd/file.c
+++ b/etc/afpd/file.c
@@ -1954,9 +1954,6 @@ int afp_exchangefiles(AFPObj *obj, char *ibuf, size_t ibuflen _U_, char *rbuf _U
     uint32_t		sid, did;
     uint16_t		vid;
 
-    uid_t              uid;
-    gid_t              gid;
-
     *rbuflen = 0;
     ibuf += 2;
 
@@ -2124,13 +2121,7 @@ int afp_exchangefiles(AFPObj *obj, char *ibuf, size_t ibuflen _U_, char *rbuf _U
 
     /* change perms, src gets dest perm and vice versa */
 
-    uid = geteuid();
-    gid = getegid();
-    if (seteuid(0)) {
-        LOG(log_error, logtype_afpd, "seteuid failed %s", strerror(errno));
-        err = AFP_OK; /* ignore error */
-        goto err_temp_to_dest;
-    }
+    become_root();
 
     /*
      * we need to exchange ACL entries as well
@@ -2154,10 +2145,7 @@ int afp_exchangefiles(AFPObj *obj, char *ibuf, size_t ibuflen _U_, char *rbuf _U
     setfilunixmode(vol, path, srcst.st_mode);
     setfilowner(vol, srcst.st_uid, srcst.st_gid, path);
 
-    if ( setegid(gid) < 0 || seteuid(uid) < 0) {
-        LOG(log_error, logtype_afpd, "can't seteuid back %s", strerror(errno));
-        exit(EXITERR_SYS);
-    }
+    unbecome_root();
 
     err = AFP_OK;
     goto err_exchangefile;
diff --git a/etc/afpd/messages.c b/etc/afpd/messages.c
index 241f0d08..3c85f6a3 100644
--- a/etc/afpd/messages.c
+++ b/etc/afpd/messages.c
@@ -15,6 +15,7 @@
 #include <atalk/afp.h>
 #include <atalk/dsi.h>
 #include <atalk/util.h>
+#include <atalk/unix.h>
 #include <atalk/logger.h>
 #include <atalk/globals.h>
 
@@ -40,7 +41,6 @@ void readmessage(AFPObj *obj)
     unsigned int i; 
     int rc;
     static int c;
-    uid_t euid;
     uint32_t maxmsgsize;
 
     maxmsgsize = MIN(MAX(obj->dsi->attn_quantum, MAXMESGSIZE), MAXPATHLEN);
@@ -77,22 +77,12 @@ void readmessage(AFPObj *obj)
         /* cleanup */
         fclose(message);
 
-        /* Save effective uid and switch to root to delete file. */
-        /* Delete will probably fail otherwise, but let's try anyways */
-        euid = geteuid();
-        if (seteuid(0) < 0) {
-            LOG(log_error, logtype_afpd, "Could not switch back to root: %s",
-				strerror(errno));
-        }
+        become_root();
 
         if ((rc = unlink(filename)) != 0)
 	    LOG(log_error, logtype_afpd, "File '%s' could not be deleted", strerror(errno));
 
-        /* Drop privs again, failing this is very bad */
-        if (seteuid(euid) < 0) {
-            LOG(log_error, logtype_afpd, "Could not switch back to uid %d: %s", euid, strerror(errno));
-            exit(EXITERR_SYS);
-        }
+        unbecome_root();
 
         if (rc < 0) {
             LOG(log_error, logtype_afpd, "Error deleting %s: %s", filename, strerror(rc));
diff --git a/etc/afpd/quota.c b/etc/afpd/quota.c
index 4953d798..6903a216 100644
--- a/etc/afpd/quota.c
+++ b/etc/afpd/quota.c
@@ -25,6 +25,7 @@
 #include <atalk/logger.h>
 #include <atalk/afp.h>
 #include <atalk/compat.h>
+#include <atalk/unix.h>
 
 #include "auth.h"
 #include "volume.h"
@@ -47,16 +48,15 @@ getfreespace(const AFPObj *obj, struct vol *vol, VolSpace *bfree, VolSpace *btot
 		return -1;
 	}
 
-	if ( seteuid( getuid() ) != 0 )  {
-		LOG(log_info, logtype_afpd, "seteuid(): %s",
-		    strerror(errno));
-		return -1;
-	}
+    become_root();
+
 	if ((retq = getfsquota(obj, vol, ufsq, uid, classq)) < 0) {
 		LOG(log_info, logtype_afpd, "getfsquota(%s, %s): %s",
 		    vol->v_path, classq, strerror(errno));
 	}
-        seteuid( uid );
+
+    unbecome_root();
+
 	if (retq < 1)
 		return retq;
 
@@ -541,29 +541,19 @@ static int getfsquota(const AFPObj *obj, struct vol *vol, const int uid, struct
 #endif /* TRU64 */
 
 #ifdef BSD4_4
-    if ( seteuid( getuid() ) == 0 ) {
+    become_root();
         if ( quotactl( vol->v_path, QCMD(Q_GETQUOTA,USRQUOTA),
                        uid, (char *)dq ) != 0 ) {
             /* try group quotas */
             if (obj->ngroups >= 1) {
                 if ( quotactl(vol->v_path, QCMD(Q_GETQUOTA, GRPQUOTA),
                               obj->groups[0], (char *) &dqg) != 0 ) {
-                    seteuid( uid );
+                    unbecome_root();
                     return( AFPERR_PARAM );
                 }
             }
         }
-        seteuid( uid );
-    }
-
-#elif defined(TRU64)
-    if ( seteuid( getuid() ) == 0 ) {
-        if ( quotactl( vol->v_path, QCMD(Q_GETQUOTA, USRQUOTA),
-                       uid, (char *)dq ) != 0 ) {
-            seteuid( uid );
-            return ( AFPERR_PARAM );
-        }
-        seteuid( uid );
+        unbecome_root();
     }
 
 #else /* BSD4_4 */
diff --git a/include/atalk/unix.h b/include/atalk/unix.h
index 24c1f7c5..01997e94 100644
--- a/include/atalk/unix.h
+++ b/include/atalk/unix.h
@@ -19,6 +19,7 @@
 #include <config.h>
 #endif
 
+#include <sys/stat.h>
 #include <sys/types.h>
 #include <dirent.h>
 
diff --git a/libatalk/adouble/ad_open.c b/libatalk/adouble/ad_open.c
index 70fba7d2..3e06e93f 100644
--- a/libatalk/adouble/ad_open.c
+++ b/libatalk/adouble/ad_open.c
@@ -1695,26 +1695,16 @@ EC_CLEANUP:
  */
 int ad_metadata(const char *name, int flags, struct adouble *adp)
 {
-    uid_t uid;
     int   ret, err, oflags;
 
     /* Sanitize flags */
     oflags = (flags & (ADFLAGS_CHECK_OF | ADFLAGS_DIR)) | ADFLAGS_HF | ADFLAGS_RDONLY;    
 
     if ((ret = ad_open(adp, name, oflags)) < 0 && errno == EACCES) {
-        uid = geteuid();
-        if (seteuid(0)) {
-            LOG(log_error, logtype_default, "ad_metadata(%s): seteuid failed %s", name, strerror(errno));
-            errno = EACCES;
-            return -1;
-        }
-        /* we are root open read only */
+        become_root();
         ret = ad_open(adp, name, oflags);
+        unbecome_root();
         err = errno;
-        if ( seteuid(uid) < 0) {
-            LOG(log_error, logtype_default, "ad_metadata: can't seteuid back");
-            exit(EXITERR_SYS);
-        }
         errno = err;
     }
 
diff --git a/libatalk/util/logger.c b/libatalk/util/logger.c
index a7cdd2c1..c8a2a0a8 100644
--- a/libatalk/util/logger.c
+++ b/libatalk/util/logger.c
@@ -1,3 +1,4 @@
+
 #ifdef HAVE_CONFIG_H
 #include "config.h"
 #endif
@@ -31,8 +32,7 @@ Netatalk 2001 (c)
 
 #include <atalk/util.h>
 #include <atalk/logger.h>
-
-#define OPEN_LOGS_AS_UID 0
+#include <atalk/unix.h>
 
 #define COUNT_ARRAY(array) (sizeof((array))/sizeof((array)[0]))
 
@@ -256,8 +256,6 @@ static void log_init(void)
 
 static void log_setup(const char *filename, enum loglevels loglevel, enum logtypes logtype)
 {
-    uid_t process_uid;
-
     if (loglevel == 0) {
         /* Disable */
         if (type_configs[logtype].set) {
@@ -321,21 +319,11 @@ static void log_setup(const char *filename, enum loglevels loglevel, enum logtyp
         free(tmp);
 
     } else {
-        process_uid = geteuid();
-        if (process_uid) {
-            if (seteuid(OPEN_LOGS_AS_UID) == -1) {
-                process_uid = 0;
-            }
-        }
+        become_root();
         type_configs[logtype].fd = open(filename,
                                         O_CREAT | O_WRONLY | O_APPEND,
                                         S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
-        if (process_uid) {
-            if (seteuid(process_uid) == -1) {
-                LOG(log_error, logtype_logger, "can't seteuid back %s", strerror(errno));
-                exit(EXITERR_SYS);
-            }
-        }
+        become_root();
     }
 
     /* Check for error opening/creating logfile */
diff --git a/libatalk/vfs/ea_ad.c b/libatalk/vfs/ea_ad.c
index 016f92fb..cdc7c828 100644
--- a/libatalk/vfs/ea_ad.c
+++ b/libatalk/vfs/ea_ad.c
@@ -1694,28 +1694,20 @@ int ea_chmod_dir(VFS_FUNC_ARGS_SETDIRUNIXMODE)
 
     int ret = AFP_OK;
     unsigned int count = 0;
-    uid_t uid;
     const char *eaname;
     const char *eaname_safe = NULL;
     struct ea ea;
 
     LOG(log_debug, logtype_afpd, "ea_chmod_dir('%s')", name);
     /* .AppleDouble already might be inaccesible, so we must run as id 0 */
-    uid = geteuid();
-    if (seteuid(0)) {
-        LOG(log_error, logtype_afpd, "ea_chmod_dir('%s'): seteuid: %s", name, strerror(errno));
-        return AFPERR_MISC;
-    }
+    become_root();
 
     /* Open EA stuff */
     if ((ea_open(vol, name, EA_RDWR, &ea)) != 0) {
         /* ENOENT --> no EA files, nothing to do */
         if (errno != ENOENT)
             ret = AFPERR_MISC;
-        if (seteuid(uid) < 0) {
-            LOG(log_error, logtype_afpd, "can't seteuid back: %s", strerror(errno));
-            exit(EXITERR_SYS);
-        }
+        unbecome_root();
         return ret;
     }
 
@@ -1768,10 +1760,7 @@ int ea_chmod_dir(VFS_FUNC_ARGS_SETDIRUNIXMODE)
     }
 
 exit:
-    if (seteuid(uid) < 0) {
-        LOG(log_error, logtype_afpd, "can't seteuid back: %s", strerror(errno));
-        exit(EXITERR_SYS);
-    }
+    unbecome_root();
 
     if ((ea_close(&ea)) != 0) {
         LOG(log_error, logtype_afpd, "ea_chmod_dir('%s'): error closing ea handle", name);