From: Alan T. DeKok <aland@freeradius.org>
Date: Sun, 8 Feb 2026 15:48:44 +0000 (-0500)
Subject: add trampoline functions for SUID up/down
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f2a0965423b11a11f9b17ed16c297b76cb5633b8;p=thirdparty%2Ffreeradius-server.git

add trampoline functions for SUID up/down

some libraries should call suid up/down, but we don't want to
link them to libfreeradius-server.  So we instead createxi
trampoline functions.
---

diff --git a/src/lib/server/base.c b/src/lib/server/base.c
index a1a448030b1..1e9cbe773d5 100644
--- a/src/lib/server/base.c
+++ b/src/lib/server/base.c
@@ -124,6 +124,9 @@ int server_init(CONF_SECTION *cs, char const *conf_dir, fr_dict_t *dict)
 	 */
 	if (packet_global_init() < 0) return -1;
 
+	fr_suid_up = rad_suid_up;
+	fr_suid_down = rad_suid_down;
+
 	return 0;
 }
 
@@ -137,4 +140,7 @@ void server_free(void)
 	 *	Free xlat instance data, and call any detach methods
 	 */
 	xlat_instances_free();
+
+	fr_suid_up = fr_suid_noop;
+	fr_suid_down = fr_suid_noop;
 }
diff --git a/src/lib/util/misc.c b/src/lib/util/misc.c
index 0c2ecdf8f13..0158d846d1a 100644
--- a/src/lib/util/misc.c
+++ b/src/lib/util/misc.c
@@ -558,3 +558,13 @@ char const *fr_filename_common_trim(char const *path, char const *common)
 
 	return p_p;
 }
+
+/*
+ *	Trampoline points for wrapping rad_suid_up() and rad_suid_down().
+ */
+void fr_suid_noop(void)
+{
+}
+
+fr_suid_t fr_suid_up = fr_suid_noop;
+fr_suid_t fr_suid_down = fr_suid_noop;
diff --git a/src/lib/util/misc.h b/src/lib/util/misc.h
index ca61a10c18a..70ba928bd87 100644
--- a/src/lib/util/misc.h
+++ b/src/lib/util/misc.h
@@ -157,6 +157,17 @@ int		fr_digest_cmp(uint8_t const *a, uint8_t const *b, size_t length) CC_HINT(no
 char const	*fr_filename(char const *path);
 char const	*fr_filename_common_trim(char const *path, char const *common);
 
+/*
+ *	Some libraries need to call suid up/down, except that those are functions in the server, and we don't
+ *	want to link everything to the server library.  As a result, we include trampoline functions which do
+ *	nothing, but which can be over-written by the server when is starts.
+ */
+typedef void (*fr_suid_t)(void);
+
+void		fr_suid_noop(void);
+extern		fr_suid_t fr_suid_up;
+extern		fr_suid_t fr_suid_down;
+
 #ifdef __cplusplus
 }
 #endif