XRootD
XrdSysPriv Class Reference

#include <XrdSysPriv.hh>

+ Collaboration diagram for XrdSysPriv:

Public Member Functions

virtual ~XrdSysPriv ()
 

Static Public Member Functions

static int ChangePerm (uid_t uid, gid_t gid)
 

Friends

class XrdSysPrivGuard
 

Detailed Description

Definition at line 54 of file XrdSysPriv.hh.

Constructor & Destructor Documentation

◆ ~XrdSysPriv()

virtual XrdSysPriv::~XrdSysPriv ( )
inlinevirtual

Definition at line 71 of file XrdSysPriv.hh.

71 { }

Member Function Documentation

◆ ChangePerm()

int XrdSysPriv::ChangePerm ( uid_t  uid,
gid_t  gid 
)
static

Definition at line 233 of file XrdSysPriv.cc.

234 {
235  // Change permanently to entity newuid. Requires super-userprivileges.
236  // Provides a way to drop permanently su privileges.
237  // Return 0 on success, < 0 (== -errno) if any error occurs.
238 
239  // Atomic action
240  XrdSysPriv::fgMutex.Lock();
241 #if !defined(WINDOWS)
242  // Get UIDs
243  uid_t cruid = 0, ceuid = 0, csuid = 0;
244  if (getresuid(&cruid, &ceuid, &csuid) != 0) {
245  XrdSysPriv::fgMutex.UnLock();
246  return XSPERR(errno);
247  }
248 
249  // Get GIDs
250  uid_t crgid = 0, cegid = 0, csgid = 0;
251  if (getresgid(&crgid, &cegid, &csgid) != 0) {
252  XrdSysPriv::fgMutex.UnLock();
253  return XSPERR(errno);
254  }
255  // Restore privileges, if needed
256  if (ceuid && XrdSysPriv::Restore(0) != 0) {
257  XrdSysPriv::fgMutex.UnLock();
258  return XSPERR(errno);
259  }
260  // Act only if needed
261  if (newgid != cegid || newgid != crgid) {
262 
263  // Set newgid as GID, all levels
264  if (setresgid(newgid, newgid, newgid) != 0) {
265  XrdSysPriv::fgMutex.UnLock();
266  return XSPERR(errno);
267  }
268  // Get GIDs
269  uid_t rgid = 0, egid = 0, sgid = 0;
270  if (getresgid(&rgid, &egid, &sgid) != 0) {
271  XrdSysPriv::fgMutex.UnLock();
272  return XSPERR(errno);
273  }
274  // Make sure the new GIDs are all equal to the one asked
275  if (rgid != newgid || egid != newgid) {
276  XrdSysPriv::fgMutex.UnLock();
277  return XSPERR(errno);
278  }
279  }
280 
281  // Act only if needed
282  if (newuid != ceuid || newuid != cruid) {
283 
284  // Set newuid as UID, all levels
285  if (setresuid(newuid, newuid, newuid) != 0) {
286  XrdSysPriv::fgMutex.UnLock();
287  return XSPERR(errno);
288  }
289  // Get UIDs
290  uid_t ruid = 0, euid = 0, suid = 0;
291  if (getresuid(&ruid, &euid, &suid) != 0) {
292  XrdSysPriv::fgMutex.UnLock();
293  return XSPERR(errno);
294  }
295  // Make sure the new UIDs are all equal to the one asked
296  if (ruid != newuid || euid != newuid) {
297  XrdSysPriv::fgMutex.UnLock();
298  return XSPERR(errno);
299  }
300  }
301 #endif
302  // Release the mutex
303  XrdSysPriv::fgMutex.UnLock();
304 
305  // Done
306  return 0;
307 }
#define XSPERR(x)
Definition: XrdSysPriv.cc:53
static int getresgid(gid_t *r, gid_t *e, gid_t *)
Definition: XrdSysPriv.cc:89
static int setresgid(gid_t r, gid_t e, gid_t)
Definition: XrdSysPriv.cc:75
static int getresuid(uid_t *r, uid_t *e, uid_t *)
Definition: XrdSysPriv.cc:96
static int setresuid(uid_t r, uid_t e, uid_t)
Definition: XrdSysPriv.cc:82

References getresgid(), getresuid(), XrdSysMutex::Lock(), setresgid(), setresuid(), XrdSysMutex::UnLock(), and XSPERR.

+ Here is the call graph for this function:

Friends And Related Function Documentation

◆ XrdSysPrivGuard

friend class XrdSysPrivGuard
friend

Definition at line 56 of file XrdSysPriv.hh.


The documentation for this class was generated from the following files: