svn commit: samba r15540 - in trunk/source/nsswitch: .
jra at samba.org
jra at samba.org
Thu May 11 23:04:38 GMT 2006
Author: jra
Date: 2006-05-11 23:04:38 +0000 (Thu, 11 May 2006)
New Revision: 15540
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=15540
Log:
Use portable wrapper functions instead of seteuid
directly in winbindd.
Jeremy.
Modified:
trunk/source/nsswitch/winbindd_cred_cache.c
trunk/source/nsswitch/winbindd_pam.c
Changeset:
Modified: trunk/source/nsswitch/winbindd_cred_cache.c
===================================================================
--- trunk/source/nsswitch/winbindd_cred_cache.c 2006-05-11 22:47:28 UTC (rev 15539)
+++ trunk/source/nsswitch/winbindd_cred_cache.c 2006-05-11 23:04:38 UTC (rev 15540)
@@ -105,7 +105,7 @@
if ((entry->renew_until < time(NULL)) && (entry->pass != NULL)) {
- seteuid(entry->uid);
+ set_effective_uid(entry->uid);
ret = kerberos_kinit_password_ext(entry->principal_name,
entry->pass,
@@ -116,7 +116,7 @@
False, /* no PAC required anymore */
True,
WINBINDD_PAM_AUTH_KRB5_RENEW_TIME);
- seteuid(0);
+ gain_root_privilege();
if (ret) {
DEBUG(3,("could not re-kinit: %s\n", error_message(ret)));
@@ -132,13 +132,13 @@
goto done;
}
- seteuid(entry->uid);
+ set_effective_uid(entry->uid);
ret = smb_krb5_renew_ticket(entry->ccname,
entry->principal_name,
entry->service,
&new_start);
- seteuid(0);
+ gain_root_privilege();
if (ret) {
DEBUG(3,("could not renew tickets: %s\n", error_message(ret)));
Modified: trunk/source/nsswitch/winbindd_pam.c
===================================================================
--- trunk/source/nsswitch/winbindd_pam.c 2006-05-11 22:47:28 UTC (rev 15539)
+++ trunk/source/nsswitch/winbindd_pam.c 2006-05-11 23:04:38 UTC (rev 15540)
@@ -478,7 +478,7 @@
if (!internal_ccache) {
- seteuid(uid);
+ set_effective_uid(uid);
DEBUG(10,("winbindd_raw_kerberos_login: uid is %d\n", uid));
}
@@ -533,7 +533,7 @@
}
if (!internal_ccache) {
- seteuid(0);
+ gain_root_privilege();
}
/************************ NON-ROOT **********************/
@@ -631,7 +631,7 @@
SAFE_FREE(client_princ_out);
if (!internal_ccache) {
- seteuid(0);
+ gain_root_privilege();
}
return result;
More information about the samba-cvs
mailing list