関数 | |
void | sec_init (void) |
uid_t | sec_initial_uid (void) |
gid_t | sec_initial_gid (void) |
BOOL | non_root_mode (void) |
static void | assert_uid (uid_t ruid, uid_t euid) |
static void | assert_gid (gid_t rgid, gid_t egid) |
void | gain_root_privilege (void) |
void | gain_root_group_privilege (void) |
void | set_effective_uid (uid_t uid) |
void | set_effective_gid (gid_t gid) |
void | save_re_uid (void) |
void | restore_re_uid_fromroot (void) |
void | restore_re_uid (void) |
void | save_re_gid (void) |
void | restore_re_gid (void) |
int | set_re_uid (void) |
void | become_user_permanently (uid_t uid, gid_t gid) |
static int | have_syscall (void) |
main () | |
BOOL | is_setuid_root (void) |
変数 | |
static uid_t | initial_uid |
static gid_t | initial_gid |
static uid_t | saved_euid |
static uid_t | saved_ruid |
static gid_t | saved_egid |
static gid_t | saved_rgid |
void sec_init | ( | void | ) |
util_sec.c の 56 行で定義されています。
参照先 initial_gid・initial_uid・initialized.
参照元 cgi_setup()・main()・message_init().
00057 { 00058 static int initialized; 00059 00060 if (!initialized) { 00061 initial_uid = geteuid(); 00062 initial_gid = getegid(); 00063 initialized = 1; 00064 } 00065 }
uid_t sec_initial_uid | ( | void | ) |
util_sec.c の 70 行で定義されています。
参照先 initial_uid.
参照元 _lsa_add_acct_rights()・_lsa_addprivs()・_lsa_remove_acct_rights()・_lsa_removeprivs()・_srv_net_sess_del()・_srv_net_share_add()・_srv_net_share_del()・_srv_net_share_set_info()・access_check_samr_function()・access_check_samr_object()・create_pipe_sock()・elog_check_access()・profile_setup()・registry_access_check()・svcctl_access_check().
00071 { 00072 return initial_uid; 00073 }
gid_t sec_initial_gid | ( | void | ) |
util_sec.c の 78 行で定義されています。
参照先 initial_gid.
参照元 profile_setup().
00079 { 00080 return initial_gid; 00081 }
BOOL non_root_mode | ( | void | ) |
util_sec.c の 86 行で定義されています。
参照先 initial_uid.
参照元 assert_gid()・assert_uid()・gain_root()・getgrouplist_internals()・make_connection().
00087 { 00088 return (initial_uid != (uid_t)0); 00089 }
static void assert_uid | ( | uid_t | ruid, | |
uid_t | euid | |||
) | [static] |
util_sec.c の 94 行で定義されています。
参照先 non_root_mode()・smb_panic().
参照元 become_user_permanently()・gain_root_privilege()・restore_re_uid_fromroot()・set_effective_uid()・set_re_uid().
00095 { 00096 if ((euid != (uid_t)-1 && geteuid() != euid) || 00097 (ruid != (uid_t)-1 && getuid() != ruid)) { 00098 if (!non_root_mode()) { 00099 DEBUG(0,("Failed to set uid privileges to (%d,%d) now set to (%d,%d)\n", 00100 (int)ruid, (int)euid, 00101 (int)getuid(), (int)geteuid())); 00102 smb_panic("failed to set uid\n"); 00103 exit(1); 00104 } 00105 } 00106 }
static void assert_gid | ( | gid_t | rgid, | |
gid_t | egid | |||
) | [static] |
util_sec.c の 111 行で定義されています。
参照先 non_root_mode()・smb_panic().
参照元 become_user_permanently()・gain_root_group_privilege()・restore_re_gid()・set_effective_gid().
00112 { 00113 if ((egid != (gid_t)-1 && getegid() != egid) || 00114 (rgid != (gid_t)-1 && getgid() != rgid)) { 00115 if (!non_root_mode()) { 00116 DEBUG(0,("Failed to set gid privileges to (%d,%d) now set to (%d,%d) uid=(%d,%d)\n", 00117 (int)rgid, (int)egid, 00118 (int)getgid(), (int)getegid(), 00119 (int)getuid(), (int)geteuid())); 00120 smb_panic("failed to set gid\n"); 00121 exit(1); 00122 } 00123 } 00124 }
void gain_root_privilege | ( | void | ) |
util_sec.c の 130 行で定義されています。
参照先 assert_uid().
参照元 become_user_permanently()・dochild()・krb5_ticket_gain_handler()・krb5_ticket_refresh_handler()・main()・winbindd_raw_kerberos_login().
00131 { 00132 #if USE_SETRESUID 00133 setresuid(0,0,0); 00134 #endif 00135 00136 #if USE_SETEUID 00137 seteuid(0); 00138 #endif 00139 00140 #if USE_SETREUID 00141 setreuid(0, 0); 00142 #endif 00143 00144 #if USE_SETUIDX 00145 setuidx(ID_EFFECTIVE, 0); 00146 setuidx(ID_REAL, 0); 00147 #endif 00148 00149 /* this is needed on some systems */ 00150 setuid(0); 00151 00152 assert_uid(0, 0); 00153 }
void gain_root_group_privilege | ( | void | ) |
util_sec.c の 160 行で定義されています。
参照先 assert_gid().
参照元 become_user_permanently()・main().
00161 { 00162 #if USE_SETRESUID 00163 setresgid(0,0,0); 00164 #endif 00165 00166 #if USE_SETREUID 00167 setregid(0,0); 00168 #endif 00169 00170 #if USE_SETEUID 00171 setegid(0); 00172 #endif 00173 00174 #if USE_SETUIDX 00175 setgidx(ID_EFFECTIVE, 0); 00176 setgidx(ID_REAL, 0); 00177 #endif 00178 00179 setgid(0); 00180 00181 assert_gid(0, 0); 00182 }
void set_effective_uid | ( | uid_t | uid | ) |
util_sec.c の 197 行で定義されています。
参照先 assert_uid()・errno.
参照元 become_uid()・dfs_auth()・disk_quotas_vxfs()・gain_root()・krb5_ticket_gain_handler()・krb5_ticket_refresh_handler()・main()・message_notify()・restore_re_uid()・restore_re_uid_fromroot()・winbindd_raw_kerberos_login().
00198 { 00199 #if USE_SETRESUID 00200 /* Set the effective as well as the real uid. */ 00201 if (setresuid(uid,uid,-1) == -1) { 00202 if (errno == EAGAIN) { 00203 DEBUG(0, ("setresuid failed with EAGAIN. uid(%d) " 00204 "might be over its NPROC limit\n", 00205 (int)uid)); 00206 } 00207 } 00208 #endif 00209 00210 #if USE_SETREUID 00211 setreuid(-1,uid); 00212 #endif 00213 00214 #if USE_SETEUID 00215 seteuid(uid); 00216 #endif 00217 00218 #if USE_SETUIDX 00219 setuidx(ID_EFFECTIVE, uid); 00220 #endif 00221 00222 assert_uid(-1, uid); 00223 }
void set_effective_gid | ( | gid_t | gid | ) |
util_sec.c の 229 行で定義されています。
参照先 assert_gid().
参照元 become_gid()・dfs_auth()・gain_root()・get_current_groups()・getgrouplist_internals()・main()・restore_re_gid().
00230 { 00231 #if USE_SETRESUID 00232 setresgid(-1,gid,-1); 00233 #endif 00234 00235 #if USE_SETREUID 00236 setregid(-1,gid); 00237 #endif 00238 00239 #if USE_SETEUID 00240 setegid(gid); 00241 #endif 00242 00243 #if USE_SETUIDX 00244 setgidx(ID_EFFECTIVE, gid); 00245 #endif 00246 00247 assert_gid(-1, gid); 00248 }
void save_re_uid | ( | void | ) |
util_sec.c の 257 行で定義されています。
参照先 saved_euid・saved_ruid.
参照元 main()・message_notify().
00258 { 00259 saved_ruid = getuid(); 00260 saved_euid = geteuid(); 00261 }
void restore_re_uid_fromroot | ( | void | ) |
util_sec.c の 268 行で定義されています。
参照先 assert_uid()・saved_euid・saved_ruid・set_effective_uid().
参照元 message_notify()・restore_re_uid().
00269 { 00270 #if USE_SETRESUID 00271 setresuid(saved_ruid, saved_euid, -1); 00272 #elif USE_SETREUID 00273 setreuid(saved_ruid, -1); 00274 setreuid(-1,saved_euid); 00275 #elif USE_SETUIDX 00276 setuidx(ID_REAL, saved_ruid); 00277 setuidx(ID_EFFECTIVE, saved_euid); 00278 #else 00279 set_effective_uid(saved_euid); 00280 if (getuid() != saved_ruid) 00281 setuid(saved_ruid); 00282 set_effective_uid(saved_euid); 00283 #endif 00284 00285 assert_uid(saved_ruid, saved_euid); 00286 }
void restore_re_uid | ( | void | ) |
util_sec.c の 288 行で定義されています。
参照先 restore_re_uid_fromroot()・set_effective_uid().
参照元 main().
00289 { 00290 set_effective_uid(0); 00291 restore_re_uid_fromroot(); 00292 }
void save_re_gid | ( | void | ) |
util_sec.c の 298 行で定義されています。
参照先 saved_egid・saved_rgid.
参照元 get_current_groups()・getgrouplist_internals().
00299 { 00300 saved_rgid = getgid(); 00301 saved_egid = getegid(); 00302 }
void restore_re_gid | ( | void | ) |
util_sec.c の 307 行で定義されています。
参照先 assert_gid()・saved_egid・saved_rgid・set_effective_gid().
参照元 get_current_groups()・getgrouplist_internals().
00308 { 00309 #if USE_SETRESUID 00310 setresgid(saved_rgid, saved_egid, -1); 00311 #elif USE_SETREUID 00312 setregid(saved_rgid, -1); 00313 setregid(-1,saved_egid); 00314 #elif USE_SETUIDX 00315 setgidx(ID_REAL, saved_rgid); 00316 setgidx(ID_EFFECTIVE, saved_egid); 00317 #else 00318 set_effective_gid(saved_egid); 00319 if (getgid() != saved_rgid) 00320 setgid(saved_rgid); 00321 set_effective_gid(saved_egid); 00322 #endif 00323 00324 assert_gid(saved_rgid, saved_egid); 00325 }
int set_re_uid | ( | void | ) |
util_sec.c の 333 行で定義されています。
参照先 assert_uid().
00334 { 00335 uid_t uid = geteuid(); 00336 00337 #if USE_SETRESUID 00338 setresuid(geteuid(), -1, -1); 00339 #endif 00340 00341 #if USE_SETREUID 00342 setreuid(0, 0); 00343 setreuid(uid, -1); 00344 setreuid(-1, uid); 00345 #endif 00346 00347 #if USE_SETEUID 00348 /* can't be done */ 00349 return -1; 00350 #endif 00351 00352 #if USE_SETUIDX 00353 /* can't be done */ 00354 return -1; 00355 #endif 00356 00357 assert_uid(uid, uid); 00358 return 0; 00359 }
void become_user_permanently | ( | uid_t | uid, | |
gid_t | gid | |||
) |
util_sec.c の 366 行で定義されています。
参照先 assert_gid()・assert_uid()・gain_root_group_privilege()・gain_root_privilege().
参照元 cgi_handle_authorization()・dochild()・main()・smbrun_internal()・smbrunsecret().
00367 { 00368 /* 00369 * First - gain root privilege. We do this to ensure 00370 * we can lose it again. 00371 */ 00372 00373 gain_root_privilege(); 00374 gain_root_group_privilege(); 00375 00376 #if USE_SETRESUID 00377 setresgid(gid,gid,gid); 00378 setgid(gid); 00379 setresuid(uid,uid,uid); 00380 setuid(uid); 00381 #endif 00382 00383 #if USE_SETREUID 00384 setregid(gid,gid); 00385 setgid(gid); 00386 setreuid(uid,uid); 00387 setuid(uid); 00388 #endif 00389 00390 #if USE_SETEUID 00391 setegid(gid); 00392 setgid(gid); 00393 setuid(uid); 00394 seteuid(uid); 00395 setuid(uid); 00396 #endif 00397 00398 #if USE_SETUIDX 00399 setgidx(ID_REAL, gid); 00400 setgidx(ID_EFFECTIVE, gid); 00401 setgid(gid); 00402 setuidx(ID_REAL, uid); 00403 setuidx(ID_EFFECTIVE, uid); 00404 setuid(uid); 00405 #endif 00406 00407 assert_uid(uid, uid); 00408 assert_gid(gid, gid); 00409 }
static int have_syscall | ( | void | ) | [static] |
util_sec.c の 416 行で定義されています。
参照先 errno.
参照元 main().
00417 { 00418 errno = 0; 00419 00420 #if USE_SETRESUID 00421 setresuid(-1,-1,-1); 00422 #endif 00423 00424 #if USE_SETREUID 00425 setreuid(-1,-1); 00426 #endif 00427 00428 #if USE_SETEUID 00429 seteuid(-1); 00430 #endif 00431 00432 #if USE_SETUIDX 00433 setuidx(ID_EFFECTIVE, -1); 00434 #endif 00435 00436 if (errno == ENOSYS) return -1; 00437 00438 return 0; 00439 }
main | ( | void | ) |
util_sec.c の 441 行で定義されています。
参照先 become_user_permanently()・fprintf()・gain_root_group_privilege()・gain_root_privilege()・have_syscall()・printf()・restore_re_uid()・save_re_uid()・set_effective_gid()・set_effective_uid().
00442 { 00443 if (getuid() != 0) { 00444 #if (defined(AIX) && defined(USE_SETREUID)) 00445 /* setreuid is badly broken on AIX 4.1, we avoid it completely */ 00446 fprintf(stderr,"avoiding possibly broken setreuid\n"); 00447 exit(1); 00448 #endif 00449 00450 /* if not running as root then at least check to see if we get ENOSYS - this 00451 handles Linux 2.0.x with glibc 2.1 */ 00452 fprintf(stderr,"not running as root: checking for ENOSYS\n"); 00453 exit(have_syscall()); 00454 } 00455 00456 gain_root_privilege(); 00457 gain_root_group_privilege(); 00458 set_effective_gid(1); 00459 set_effective_uid(1); 00460 save_re_uid(); 00461 restore_re_uid(); 00462 gain_root_privilege(); 00463 gain_root_group_privilege(); 00464 become_user_permanently(1, 1); 00465 setuid(0); 00466 if (getuid() == 0) { 00467 fprintf(stderr,"uid not set permanently\n"); 00468 exit(1); 00469 } 00470 00471 printf("OK\n"); 00472 00473 exit(0); 00474 }
BOOL is_setuid_root | ( | void | ) |
uid_t initial_uid [static] |
gid_t initial_gid [static] |
uid_t saved_euid [static] |
uid_t saved_ruid [static] |
gid_t saved_egid [static] |
gid_t saved_rgid [static] |