svn commit: samba r15539 - in branches/SAMBA_3_0/source/nsswitch: .
jra at samba.org
jra at samba.org
Thu May 11 22:47:30 GMT 2006
Author: jra
Date: 2006-05-11 22:47:28 +0000 (Thu, 11 May 2006)
New Revision: 15539
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=15539
Log:
Use portable wrapper functions instead of seteuid
directly in winbindd.
Jeremy.
Modified:
branches/SAMBA_3_0/source/nsswitch/winbindd_cred_cache.c
branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c
Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cred_cache.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/winbindd_cred_cache.c 2006-05-11 21:21:36 UTC (rev 15538)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_cred_cache.c 2006-05-11 22:47:28 UTC (rev 15539)
@@ -105,7 +105,7 @@
if ((entry->renew_until < time(NULL)) && (entry->pass != NULL)) {
- seteuid(entry->uid);
+ set_effective_uid(entry->uid);
ret = kerberos_kinit_password_ext(entry->principal_name,
entry->pass,
@@ -116,7 +116,7 @@
False, /* no PAC required anymore */
True,
WINBINDD_PAM_AUTH_KRB5_RENEW_TIME);
- seteuid(0);
+ gain_root_privilege();
if (ret) {
DEBUG(3,("could not re-kinit: %s\n", error_message(ret)));
@@ -132,13 +132,13 @@
goto done;
}
- seteuid(entry->uid);
+ set_effective_uid(entry->uid);
ret = smb_krb5_renew_ticket(entry->ccname,
entry->principal_name,
entry->service,
&new_start);
- seteuid(0);
+ gain_root_privilege();
if (ret) {
DEBUG(3,("could not renew tickets: %s\n", error_message(ret)));
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c
===================================================================
--- branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2006-05-11 21:21:36 UTC (rev 15538)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2006-05-11 22:47:28 UTC (rev 15539)
@@ -478,7 +478,7 @@
if (!internal_ccache) {
- seteuid(uid);
+ set_effective_uid(uid);
DEBUG(10,("winbindd_raw_kerberos_login: uid is %d\n", uid));
}
@@ -533,7 +533,7 @@
}
if (!internal_ccache) {
- seteuid(0);
+ gain_root_privilege();
}
/************************ NON-ROOT **********************/
@@ -631,7 +631,7 @@
SAFE_FREE(client_princ_out);
if (!internal_ccache) {
- seteuid(0);
+ gain_root_privilege();
}
return result;
More information about the samba-cvs
mailing list