本文整理汇总了C++中setresuid函数的典型用法代码示例。如果您正苦于以下问题:C++ setresuid函数的具体用法?C++ setresuid怎么用?C++ setresuid使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了setresuid函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: set_identity
void set_identity(unsigned int uid) {
/*
* Set effective uid back to root, otherwise setres[ug]id will fail
* if uid isn't root.
*/
if (seteuid(0)) {
PLOGE("seteuid (root)");
exit(EXIT_FAILURE);
}
if (setresgid(uid, uid, uid)) {
PLOGE("setresgid (%u)", uid);
exit(EXIT_FAILURE);
}
if (setresuid(uid, uid, uid)) {
PLOGE("setresuid (%u)", uid);
exit(EXIT_FAILURE);
}
}示例2: fr_suid_down
void fr_suid_down(void)
{
if (!doing_setuid) return;
if (setresuid(-1, server_uid, geteuid()) < 0) {
fprintf(stderr, "%s: Failed switching to uid %s: %s\n",
progname, uid_name, fr_syserror(errno));
fr_exit_now(1);
}
if (geteuid() != server_uid) {
fprintf(stderr, "%s: Failed switching uid: UID is incorrect\n",
progname);
fr_exit_now(1);
}
fr_set_dumpable(allow_core_dumps);
}示例3: setperms
static void setperms (uid_t uid, gid_t gid)
{
char strbuf[ISC_STRERRORSIZE];
#if !defined(HAVE_SETEGID) && defined(HAVE_SETRESGID)
gid_t oldgid, tmpg;
#endif
#if !defined(HAVE_SETEUID) && defined(HAVE_SETRESUID)
uid_t olduid, tmpu;
#endif
#if defined(HAVE_SETEGID)
if (getegid () != gid && setegid (gid) == -1)
{
isc__strerror (errno, strbuf, sizeof (strbuf));
ns_main_earlywarning ("unable to set effective gid to %ld: %s", (long) gid, strbuf);
}
#elif defined(HAVE_SETRESGID)
if (getresgid (&tmpg, &oldgid, &tmpg) == -1 || oldgid != gid)
{
if (setresgid (-1, gid, -1) == -1)
{
isc__strerror (errno, strbuf, sizeof (strbuf));
ns_main_earlywarning ("unable to set effective " "gid to %d: %s", gid, strbuf);
}
}
#endif
#if defined(HAVE_SETEUID)
if (geteuid () != uid && seteuid (uid) == -1)
{
isc__strerror (errno, strbuf, sizeof (strbuf));
ns_main_earlywarning ("unable to set effective uid to %ld: %s", (long) uid, strbuf);
}
#elif defined(HAVE_SETRESUID)
if (getresuid (&tmpu, &olduid, &tmpu) == -1 || olduid != uid)
{
if (setresuid (-1, uid, -1) == -1)
{
isc__strerror (errno, strbuf, sizeof (strbuf));
ns_main_earlywarning ("unable to set effective " "uid to %d: %s", uid, strbuf);
}
}
#endif
}示例4: change_identity
/*
* Create the context as the user (not as root).
*
* Note that we change the *real* uid here, as changing the effective uid is
* not sufficient. This is due to an unfortunate historical error in the MIT
* krb5 libs, where they used %{uid} in the default_ccache_name. Changing that
* now might break some applications so we're sort of stuck with it.
*
* Unfortunately, doing this leaves the forked child vulnerable to signals and
* renicing, but this is the best we can do. In the event that a child is
* signalled before downcalling, the kernel will just eventually time out the
* upcall attempt.
*/
static int
change_identity(uid_t uid)
{
struct passwd *pw;
/* drop list of supplimentary groups first */
if (setgroups(0, NULL) != 0) {
printerr(0, "WARNING: unable to drop supplimentary groups!");
return errno;
}
/* try to get pwent for user */
pw = getpwuid(uid);
if (!pw) {
/* if that doesn't work, try to get one for "nobody" */
errno = 0;
pw = getpwnam("nobody");
if (!pw) {
printerr(0, "WARNING: unable to determine gid for uid %u\n", uid);
return errno ? errno : ENOENT;
}
}
/*
* Switch the GIDs. Note that we leave the saved-set-gid alone in an
* attempt to prevent attacks via ptrace()
*/
if (setresgid(pw->pw_gid, pw->pw_gid, -1) != 0) {
printerr(0, "WARNING: failed to set gid to %u!\n", pw->pw_gid);
return errno;
}
/*
* Switch UIDs, but leave saved-set-uid alone to prevent ptrace() by
* other processes running with this uid.
*/
if (setresuid(uid, uid, -1) != 0) {
printerr(0, "WARNING: Failed to setuid for user with uid %u\n",
uid);
return errno;
}
return 0;
}示例5: become_user_permanently
/****************************************************************************
Become the specified uid and gid - permanently !
there should be no way back if possible
****************************************************************************/
void become_user_permanently(uid_t uid, gid_t gid)
{
/*
* First - gain root privilege. We do this to ensure
* we can lose it again.
*/
gain_root_privilege();
gain_root_group_privilege();
#if USE_SETRESUID
setresgid(gid,gid,gid);
setgid(gid);
setresuid(uid,uid,uid);
setuid(uid);
#endif
#if USE_SETREUID
setregid(gid,gid);
setgid(gid);
setreuid(uid,uid);
setuid(uid);
#endif
#if USE_SETEUID
setegid(gid);
setgid(gid);
setuid(uid);
seteuid(uid);
setuid(uid);
#endif
#if USE_SETUIDX
setgidx(ID_REAL, gid);
setgidx(ID_EFFECTIVE, gid);
setgid(gid);
setuidx(ID_REAL, uid);
setuidx(ID_EFFECTIVE, uid);
setuid(uid);
#endif
assert_uid(uid, uid);
assert_gid(gid, gid);
}示例6: drop_privs_to
void
drop_privs_to (const char *user, const char *group)
{
uid_t uid;
gid_t gid;
struct passwd *pw;
struct group *gr;
if (0 != getuid ())
return; /* not running as root to begin with; should (!) be harmless to continue
without dropping to 'nobody' (setting time will fail in the end) */
pw = getpwnam (user);
gr = getgrnam (group);
if (NULL == pw)
die ("Failed to obtain UID for `%s'\n", user);
if (NULL == gr)
die ("Failed to obtain GID for `%s'\n", group);
uid = pw->pw_uid;
if (0 == uid)
die ("UID for `%s' is 0, refusing to run SSL\n", user);
gid = pw->pw_gid;
if (0 == gid || 0 == gr->gr_gid)
die ("GID for `%s' is 0, refusing to run SSL\n", user);
if (pw->pw_gid != gr->gr_gid)
die ("GID for `%s' is not `%s' as expected, refusing to run SSL\n",
user, group);
if (0 != initgroups ( (const char *) user, gr->gr_gid))
die ("Unable to initgroups for `%s' in group `%s' as expected\n",
user, group);
#ifdef HAVE_SETRESGID
if (0 != setresgid (gid, gid, gid))
die ("Failed to setresgid: %s\n", strerror (errno));
#else
if (0 != (setgid (gid) | setegid (gid)))
die ("Failed to setgid: %s\n", strerror (errno));
#endif
#ifdef HAVE_SETRESUID
if (0 != setresuid (uid, uid, uid))
die ("Failed to setresuid: %s\n", strerror (errno));
#else
if (0 != (setuid (uid) | seteuid (uid)))
die ("Failed to setuid: %s\n", strerror (errno));
#endif
}示例7: drop_privs
/*
* Do the real work of dropping privileges. Checks to
* see what the current uid/gid are, sets res gid and
* uid to the specified user's uid/gid and verifies
* that privs can't be restored to the initial uid/gid
*/
int drop_privs(struct passwd *pw) {
char *dir;
int uid = getuid();
int gid = getgid();
int result = -1;
#if defined DO_CHROOT
dir = "/";
if (chroot(pw->pw_dir) == -1) {;
#ifdef DEBUG
perror("chroot");
fprintf(stderr, "Failed chroot to %s", pw->pw_dir);
#endif
return -1;
}
#else
dir = pw->pw_dir;
#endif
initgroups(pw->pw_name, pw->pw_gid);
if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0) return -1;
if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0) return -1;
if (pw->pw_gid != gid && (setgid(gid) != -1 || setegid(gid) != -1)) {
#ifdef DEBUG
printf(ERROR_BAD_GID, getgid(), pw->pw_gid);
#endif
return -1;
}
if (pw->pw_uid != uid && (setuid(uid) != -1 || seteuid(uid) != -1)) {
#ifdef DEBUG
printf(ERROR_BAD_UID, getuid(), pw->pw_uid);
#endif
return -1;
}
if (getgid() != pw->pw_gid || getegid() != pw->pw_gid) return -1;
if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) return -1;
if (chdir(dir) == -1) {;
#ifdef DEBUG
perror("chdir");
fprintf(stderr, "Failed chdir to %s", dir);
#endif
return -1;
}
return 0;
}示例8: change_rights
int change_rights ()
{
if (getuid () == 0 ) {
struct passwd *pw;
struct group *gr;
gid_t gid;
if ((gr = getgrnam(conf_group))) {
gid = gr->gr_gid;
if (setresgid(gid, gid, gid) != 0) {
log(LOG_WARNING, "cannot change gid");
return (1);
}
if (initgroups(conf_user, gid) == -1) {
log(LOG_WARNING, "cannot change gid");
return (1);
}
}
else {
log(LOG_WARNING, "cannot find group %s on system",
conf_group);
return (1);
}
if ((pw = getpwnam(conf_user))) {
if (chown(conf_socket_path, pw->pw_uid, gid) == -1) {
log(LOG_WARNING, "cannot change owner of "
"%s : %m", conf_socket_path);
return (1);
}
if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) != 0){
log(LOG_WARNING, "cannot change uid");
return (1);
}
}
else {
log(LOG_WARNING, "cannot find user %s on system",
conf_user);
return (1);
}
return (0);
}
log(LOG_WARNING, "User isn't root");
return (1);
}示例9: fr_suid_up
void fr_suid_up(void)
{
uid_t ruid, euid, suid;
if (getresuid(&ruid, &euid, &suid) < 0) {
radlog(L_ERR, "Failed getting saved UID's");
_exit(1);
}
if (setresuid(-1, suid, -1) < 0) {
radlog(L_ERR, "Failed switching to privileged user");
_exit(1);
}
if (geteuid() != suid) {
radlog(L_ERR, "Switched to unknown UID");
_exit(1);
}
}示例10: test_setresuid4
static void
test_setresuid4 (enum ACTION action, int tno)
{
if (action == PREPARE)
{
if (setresuid (nobody_uid, nobody_uid, -1) < 0)
{
printf ("setresuid failed: %m\n");
exit (1);
}
prev_ruid = nobody_uid;
prev_euid = nobody_uid;
nobody_uid = prev_suid;
return;
}
test_setresuid1 (action, tno);
}示例11: RevertToSelf
gboolean RevertToSelf (void)
{
#ifdef HAVE_GETRESUID
uid_t ruid, euid;
#endif
uid_t suid = -1;
#ifdef HAVE_GETRESUID
if (getresuid (&ruid, &euid, &suid) < 0)
return FALSE;
#endif
#ifdef HAVE_SETRESUID
if (setresuid (-1, suid, -1) < 0)
return FALSE;
#else
return TRUE;
#endif
return (geteuid () == suid);
}示例12: child
static void
child(const char *root, char *cmd[])
{
pid_t pid = (pid_t)syscall(SYS_getpid);
assert(pid == 1);
// die when parent dies
NONNEGATIVE(prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0));
NONNEGATIVE(sethostname(POE_HOSTNAME, strlen(POE_HOSTNAME)));
NONNEGATIVE(mount(NULL, "/", NULL, MS_PRIVATE | MS_REC, NULL));
NONNEGATIVE(mount(root, root, "bind", MS_BIND | MS_REC, NULL));
NONNEGATIVE(chroot(root));
// NONNEGATIVE(mount(NULL, "/proc", "proc", MS_NOSUID | MS_NOEXEC | MS_NODEV, NULL));
// NONNEGATIVE(mount(NULL, "/dev", "devtmpfs", MS_NOSUID | MS_NOEXEC, NULL));
// NONNEGATIVE(mount(NULL, "/dev/shm", "tmpfs", MS_NOSUID | MS_NODEV, NULL));
struct passwd *pw = getpwnam(POE_USERNAME);
if (!pw) ERROR("getpwnam() failed");
NONNEGATIVE(chdir("/tmp"));
NONNEGATIVE(setsid());
NONNEGATIVE(initgroups(POE_USERNAME, pw->pw_gid));
NONNEGATIVE(setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid));
NONNEGATIVE(setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid));
char *env[] = {
"PATH=/opt/bin:/usr/bin",
"USER=" POE_USERNAME,
"LOGNAME=" POE_USERNAME,
NULL,
NULL
};
NONNEGATIVE(asprintf(env + 3, "HOME=%s", pw->pw_dir));
// wait parent
NONNEGATIVE(kill(pid, SIGSTOP));
NONNEGATIVE(prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0));
poe_init_seccomp(SCMP_ACT_TRACE(0));
NONNEGATIVE(execvpe(cmd[0], cmd, env));
}示例13: privdrop
void
privdrop(void)
{
struct passwd *pw;
struct stat sb;
if ((pw = getpwnam(SNDIO_USER)) == NULL)
errx(1, "unknown user %s", SNDIO_USER);
if (stat(pw->pw_dir, &sb) < 0)
err(1, "stat(\"%s\")", pw->pw_dir);
if (sb.st_uid != 0 || (sb.st_mode & 022) != 0)
errx(1, "%s has wrong permissions", pw->pw_dir);
if (setpriority(PRIO_PROCESS, 0, SNDIO_PRIO) < 0)
err(1, "setpriority");
if (setgroups(1, &pw->pw_gid) ||
setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
err(1, "cannot drop privileges");
}示例14: restore_re_uid_fromroot
static void restore_re_uid_fromroot(void)
{
#if USE_SETRESUID
setresuid(saved_ruid, saved_euid, -1);
#elif USE_SETREUID
setreuid(saved_ruid, -1);
setreuid(-1,saved_euid);
#elif USE_SETUIDX
setuidx(ID_REAL, saved_ruid);
setuidx(ID_EFFECTIVE, saved_euid);
#else
set_effective_uid(saved_euid);
if (getuid() != saved_ruid)
setuid(saved_ruid);
set_effective_uid(saved_euid);
#endif
assert_uid(saved_ruid, saved_euid);
}示例15: main
int main(int argc, char **argv) {
char **newargv;
int i;
if (argc <= 1) {
exit(1);
}
newargv = argv + 1;
if (setresuid((uid_t)0, (uid_t)0, (uid_t)0)) {
perror("setresuid");
}
if (setresgid((gid_t)0, (gid_t)0, (gid_t)0)) {
perror("setresgid");
}
exit(execvp(newargv[0], newargv));
}