/* Test of dropping uid/gid privileges of the current process temporarily.
Copyright (C) 2009-2022 Free Software Foundation, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see . */
#include
#include "idpriv.h"
#include
#include
#include
#include
#include
#include "macros.h"
static void
show_uids ()
{
#if HAVE_GETRESUID /* glibc, FreeBSD, OpenBSD, HP-UX */
uid_t real;
uid_t effective;
uid_t saved;
ASSERT (getresuid (&real, &effective, &saved) >= 0);
printf ("uids: real=%d effective=%d saved=%d",
(int) real, (int) effective, (int) saved);
#elif HAVE_GETEUID
printf ("uids: real=%d effective=%d",
(int) getuid (), (int) geteuid ());
#elif HAVE_GETUID
printf ("uids: real=%d",
(int) getuid ());
#endif
}
static void
show_gids ()
{
#if HAVE_GETRESGID /* glibc, FreeBSD, OpenBSD, HP-UX */
gid_t real;
gid_t effective;
gid_t saved;
ASSERT (getresgid (&real, &effective, &saved) >= 0);
printf ("gids: real=%d effective=%d saved=%d",
(int) real, (int) effective, (int) saved);
#elif HAVE_GETEGID
printf ("gids: real=%d effective=%d",
(int) getgid (), (int) getegid ());
#elif HAVE_GETGID
printf ("gids: real=%d",
(int) getgid ());
#endif
}
static void
show (const char *prefix)
{
printf ("%s ", prefix);
show_uids ();
printf (" ");
show_gids ();
printf ("\n");
}
int
main (int argc, char *argv[])
{
bool verbose = false;
int i;
#if HAVE_GETUID
int uid = getuid ();
#endif
#if HAVE_GETEUID
int privileged_uid = geteuid ();
#endif
#if HAVE_GETGID
int gid = getgid ();
#endif
#if HAVE_GETEGID
int privileged_gid = getegid ();
#endif
/* Parse arguments.
-v enables verbose output.
*/
for (i = 1; i < argc; i++)
{
const char *arg = argv[i];
if (strcmp (arg, "-v") == 0)
verbose = true;
}
for (i = 0; i < 3; i++)
{
if (verbose)
show ("before droptemp:");
ASSERT (idpriv_temp_drop () == 0);
if (verbose)
show ("privileged: ");
/* Verify that the privileges have really been dropped. */
#if HAVE_GETEUID
if (geteuid () != uid)
abort ();
#endif
#if HAVE_GETUID
if (getuid () != uid)
abort ();
#endif
#if HAVE_GETEGID
if (getegid () != gid)
abort ();
#endif
#if HAVE_GETGID
if (getgid () != gid)
abort ();
#endif
ASSERT (idpriv_temp_restore () == 0);
if (verbose)
show ("unprivileged: ");
/* Verify that the privileges have really been acquired again. */
#if HAVE_GETEUID
if (geteuid () != privileged_uid)
abort ();
#endif
#if HAVE_GETUID
if (getuid () != uid)
abort ();
#endif
#if HAVE_GETEGID
if (getegid () != privileged_gid)
abort ();
#endif
#if HAVE_GETGID
if (getgid () != gid)
abort ();
#endif
}
return 0;
}