1 /* Test of dropping uid/gid privileges of the current process temporarily.
2 Copyright (C) 2009 Free Software Foundation, Inc.
4 This program is free software: you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; either version 3 of the License, or
7 (at your option) any later version.
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
14 You should have received a copy of the GNU General Public License
15 along with this program. If not, see <http://www.gnu.org/licenses/>. */
27 #define ASSERT(expr) \
32 fprintf (stderr, "%s:%d: assertion failed\n", __FILE__, __LINE__); \
42 #if HAVE_GETRESUID /* glibc, FreeBSD, OpenBSD, HP-UX */
46 ASSERT (getresuid (&real, &effective, &saved) >= 0);
47 printf ("uids: real=%d effective=%d saved=%d",
48 (int) real, (int) effective, (int) saved);
50 printf ("uids: real=%d effective=%d",
51 (int) getuid (), (int) geteuid());
53 printf ("uids: real=%d",
61 #if HAVE_GETRESGID /* glibc, FreeBSD, OpenBSD, HP-UX */
65 ASSERT (getresgid (&real, &effective, &saved) >= 0);
66 printf ("gids: real=%d effective=%d saved=%d",
67 (int) real, (int) effective, (int) saved);
69 printf ("gids: real=%d effective=%d",
70 (int) getgid (), (int) getegid());
72 printf ("gids: real=%d",
78 show (const char *prefix)
80 printf ("%s ", prefix);
88 main (int argc, char *argv[])
97 int privileged_uid = geteuid ();
103 int privileged_gid = getegid ();
107 -v enables verbose output.
109 for (i = 1; i < argc; i++)
111 const char *arg = argv[i];
112 if (strcmp (arg, "-v") == 0)
116 for (i = 0; i < 3; i++)
119 show ("before droptemp:");
121 ASSERT (idpriv_temp_drop () == 0);
124 show ("privileged: ");
126 /* Verify that the privileges have really been dropped. */
128 if (geteuid () != uid)
132 if (getuid () != uid)
136 if (getegid () != gid)
140 if (getgid () != gid)
144 ASSERT (idpriv_temp_restore () == 0);
147 show ("unprivileged: ");
149 /* Verify that the privileges have really been acquired again. */
151 if (geteuid () != privileged_uid)
155 if (getuid () != uid)
159 if (getegid () != privileged_gid)
163 if (getgid () != gid)