2 files changed, 160 insertions, 0 deletions

diff --git a/gnulib b/gnulib
deleted file mode 160000
-Subproject 443bc5ffcf7429e557f4a371b0661abe98ddbc1
diff --git a/gnulib/tests/test-idpriv-droptemp.c b/gnulib/tests/test-idpriv-droptemp.c
new file mode 100644
index 0000000..d0b352c
--- /dev/null
+++ b/gnulib/tests/test-idpriv-droptemp.c
@@ -0,0 +1,160 @@
+/* Test of dropping uid/gid privileges of the current process temporarily.
+   Copyright (C) 2009-2011 Free Software Foundation, Inc.
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.  */
+
+#include <config.h>
+
+#include "idpriv.h"
+
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "macros.h"
+
+static void
+show_uids ()
+{
+#if HAVE_GETRESUID /* glibc, FreeBSD, OpenBSD, HP-UX */
+  uid_t real;
+  uid_t effective;
+  uid_t saved;
+  ASSERT (getresuid (&real, &effective, &saved) >= 0);
+  printf ("uids: real=%d effective=%d saved=%d",
+          (int) real, (int) effective, (int) saved);
+#elif HAVE_GETEUID
+  printf ("uids: real=%d effective=%d",
+          (int) getuid (), (int) geteuid ());
+#elif HAVE_GETUID
+  printf ("uids: real=%d",
+          (int) getuid ());
+#endif
+}
+
+static void
+show_gids ()
+{
+#if HAVE_GETRESGID /* glibc, FreeBSD, OpenBSD, HP-UX */
+  gid_t real;
+  gid_t effective;
+  gid_t saved;
+  ASSERT (getresgid (&real, &effective, &saved) >= 0);
+  printf ("gids: real=%d effective=%d saved=%d",
+          (int) real, (int) effective, (int) saved);
+#elif HAVE_GETEGID
+  printf ("gids: real=%d effective=%d",
+          (int) getgid (), (int) getegid ());
+#elif HAVE_GETGID
+  printf ("gids: real=%d",
+          (int) getgid ());
+#endif
+}
+
+static void
+show (const char *prefix)
+{
+  printf ("%s  ", prefix);
+  show_uids ();
+  printf ("  ");
+  show_gids ();
+  printf ("\n");
+}
+
+int
+main (int argc, char *argv[])
+{
+  bool verbose = false;
+  int i;
+
+#if HAVE_GETUID
+  int uid = getuid ();
+#endif
+#if HAVE_GETEUID
+  int privileged_uid = geteuid ();
+#endif
+#if HAVE_GETGID
+  int gid = getgid ();
+#endif
+#if HAVE_GETEGID
+  int privileged_gid = getegid ();
+#endif
+
+  /* Parse arguments.
+     -v  enables verbose output.
+   */
+  for (i = 1; i < argc; i++)
+    {
+      const char *arg = argv[i];
+      if (strcmp (arg, "-v") == 0)
+        verbose = true;
+    }
+
+  for (i = 0; i < 3; i++)
+    {
+      if (verbose)
+        show ("before droptemp:");
+
+      ASSERT (idpriv_temp_drop () == 0);
+
+      if (verbose)
+        show ("privileged:     ");
+
+      /* Verify that the privileges have really been dropped.  */
+#if HAVE_GETEUID
+      if (geteuid () != uid)
+        abort ();
+#endif
+#if HAVE_GETUID
+      if (getuid () != uid)
+        abort ();
+#endif
+#if HAVE_GETEGID
+      if (getegid () != gid)
+        abort ();
+#endif
+#if HAVE_GETGID
+      if (getgid () != gid)
+        abort ();
+#endif
+
+      ASSERT (idpriv_temp_restore () == 0);
+
+      if (verbose)
+        show ("unprivileged:   ");
+
+      /* Verify that the privileges have really been acquired again.  */
+#if HAVE_GETEUID
+      if (geteuid () != privileged_uid)
+        abort ();
+#endif
+#if HAVE_GETUID
+      if (getuid () != uid)
+        abort ();
+#endif
+#if HAVE_GETEGID
+      if (getegid () != privileged_gid)
+        abort ();
+#endif
+#if HAVE_GETGID
+      if (getgid () != gid)
+        abort ();
+#endif
+    }
+
+
+  return 0;
+}