void
rewind_perms(void)
{
+ debug_decl(rewind_perms, SUDO_DEBUG_PERMS)
+
while (perm_stack_depth > 1)
restore_perms();
grlist_delref(perm_stack[0].grlist);
+
+ debug_return;
}
#ifdef HAVE_SETRESUID
struct perm_state *state, *ostate = NULL;
const char *errstr;
int noexit;
+ debug_decl(set_perms, SUDO_DEBUG_PERMS)
noexit = ISSET(perm, PERM_NOEXIT);
CLR(perm, PERM_MASK);
done:
perm_stack_depth++;
- return 1;
+ debug_return_bool(1);
bad:
/* XXX - better warnings inline */
warningx("%s: %s", errstr,
errno == EAGAIN ? _("too many processes") : strerror(errno));
if (noexit)
- return 0;
+ debug_return_bool(0);
exit(1);
}
restore_perms(void)
{
struct perm_state *state, *ostate;
+ debug_decl(restore_perms, SUDO_DEBUG_PERMS)
if (perm_stack_depth < 2)
- return;
+ debug_return;
state = &perm_stack[perm_stack_depth - 1];
ostate = &perm_stack[perm_stack_depth - 2];
}
}
grlist_delref(state->grlist);
- return;
+ debug_return;
bad:
exit(1);
struct perm_state *state, *ostate = NULL;
const char *errstr;
int noexit;
+ debug_decl(set_perms, SUDO_DEBUG_PERMS)
noexit = ISSET(perm, PERM_NOEXIT);
CLR(perm, PERM_MASK);
case PERM_ROOT:
/*
- * setreuid(0, 0) may fail on some systems
- * when the euid is not already 0.
+ * setreuid(0, 0) may fail on some systems if euid is not already 0.
*/
- if (setreuid(-1, ROOT_UID)) {
- errstr = "setreuid(-1, ROOT_UID)";
- goto bad;
+ if (ostate->euid != ROOT_UID) {
+ if (setreuid(-1, ROOT_UID)) {
+ errstr = "setreuid(-1, ROOT_UID)";
+ goto bad;
+ }
}
- if (setuid(ROOT_UID)) {
- errstr = "setuid(ROOT_UID)";
+ state->euid = ROOT_UID;
+ if (setreuid(ID(ruid), -1)) {
+ errstr = "setreuid(ROOT_UID, -1)";
goto bad;
}
state->ruid = ROOT_UID;
- state->euid = ROOT_UID;
state->rgid = -1;
state->egid = -1;
state->grlist = ostate->grlist;
done:
perm_stack_depth++;
- return 1;
+ debug_return_bool(1);
bad:
/* XXX - better warnings inline */
warningx("%s: %s", errstr,
errno == EAGAIN ? _("too many processes") : strerror(errno));
if (noexit)
- return 0;
+ debug_return_bool(0);
exit(1);
}
restore_perms(void)
{
struct perm_state *state, *ostate;
+ debug_decl(restore_perms, SUDO_DEBUG_PERMS)
if (perm_stack_depth < 2)
- return;
+ debug_return;
state = &perm_stack[perm_stack_depth - 1];
ostate = &perm_stack[perm_stack_depth - 2];
}
}
grlist_delref(state->grlist);
- return;
+ debug_return;
bad:
exit(1);
struct perm_state *state, *ostate = NULL;
const char *errstr;
int noexit;
+ debug_decl(set_perms, SUDO_DEBUG_PERMS)
noexit = ISSET(perm, PERM_NOEXIT);
CLR(perm, PERM_MASK);
done:
perm_stack_depth++;
- return 1;
+ debug_return_bool(1);
bad:
/* XXX - better warnings inline */
warningx("%s: %s", errstr,
errno == EAGAIN ? _("too many processes") : strerror(errno));
if (noexit)
- return 0;
+ debug_return_bool(0);
exit(1);
}
restore_perms(void)
{
struct perm_state *state, *ostate;
+ debug_decl(restore_perms, SUDO_DEBUG_PERMS)
if (perm_stack_depth < 2)
- return;
+ debug_return;
state = &perm_stack[perm_stack_depth - 1];
ostate = &perm_stack[perm_stack_depth - 2];
goto bad;
}
grlist_delref(state->grlist);
- return;
+ debug_return;
bad:
exit(1);
struct perm_state *state, *ostate = NULL;
const char *errstr;
int noexit;
+ debug_decl(set_perms, SUDO_DEBUG_PERMS)
noexit = ISSET(perm, PERM_NOEXIT);
CLR(perm, PERM_MASK);
done:
perm_stack_depth++;
- return 1;
+ debug_return_bool(1);
bad:
/* XXX - better warnings inline */
warningx("%s: %s", errstr,
errno == EAGAIN ? _("too many processes") : strerror(errno));
if (noexit)
- return 0;
+ debug_return_bool(0);
exit(1);
}
restore_perms(void)
{
struct perm_state *state, *ostate;
+ debug_decl(restore_perms, SUDO_DEBUG_PERMS)
if (perm_stack_depth < 2)
- return;
+ debug_return;
state = &perm_stack[perm_stack_depth - 1];
ostate = &perm_stack[perm_stack_depth - 2];
warning("setuid(%d)", (int)ostate->ruid);
goto bad;
}
- return;
+ debug_return;
bad:
exit(1);
{
struct passwd *pw;
struct group_list *grlist;
+ debug_decl(runas_setgroups, SUDO_DEBUG_PERMS)
if (def_preserve_groups) {
grlist_addref(user_group_list);
- return user_group_list;
+ debug_return_ptr(user_group_list);
}
pw = runas_pw ? runas_pw : sudo_user.pw;
#endif
if (sudo_setgroups(grlist->ngids, grlist->gids) < 0)
log_error(USE_ERRNO|MSG_ONLY, _("unable to set runas group vector"));
- return grlist;
+ debug_return_ptr(grlist);
}