2 * Copyright (C) 2005 Diomidis Spinellis. All rights reserved.
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
13 * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
14 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
17 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 #include <sys/cdefs.h>
28 __FBSDID("$FreeBSD$");
34 #include <sys/types.h>
35 #include <sys/param.h>
36 #include <sys/syslog.h>
41 * Set the process's credentials to those specified in user,
42 * saveing the existing ones in save.
43 * Return 0 on success, -1 (with errno set) on error.
46 set_user_credentials(struct portal_cred *user, struct portal_cred *save)
48 save->pcr_uid = geteuid();
49 if ((save->pcr_ngroups = getgroups(NGROUPS_MAX, save->pcr_groups)) < 0)
51 if (setgroups(user->pcr_ngroups, user->pcr_groups) < 0)
53 if (seteuid(user->pcr_uid) < 0)
59 * Restore the process's credentials to the ones specified in save.
60 * Log failures using LOG_ERR.
61 * Return 0 on success, -1 (with errno set) on error.
64 restore_credentials(struct portal_cred *save)
66 if (seteuid(save->pcr_uid) < 0) {
67 syslog(LOG_ERR, "seteuid: %m");
70 if (setgroups(save->pcr_ngroups, save->pcr_groups) < 0) {
71 syslog(LOG_ERR, "setgroups: %m");