]>
Commit | Line | Data |
---|---|---|
8efc0c15 | 1 | /* |
5260325f | 2 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | |
4 | * All rights reserved | |
5 | * Created: Sat Sep 9 01:56:14 1995 ylo | |
6 | * Code for uid-swapping. | |
7 | */ | |
8efc0c15 | 8 | |
9 | #include "includes.h" | |
74fc9186 | 10 | RCSID("$OpenBSD: uidswap.c,v 1.7 2000/06/20 01:39:45 markus Exp $"); |
8efc0c15 | 11 | |
12 | #include "ssh.h" | |
13 | #include "uidswap.h" | |
3206bb3b | 14 | #ifdef WITH_IRIX_AUDIT |
15 | #include <sat.h> | |
16 | #endif /* WITH_IRIX_AUDIT */ | |
8efc0c15 | 17 | |
5260325f | 18 | /* |
19 | * Note: all these functions must work in all of the following cases: | |
20 | * 1. euid=0, ruid=0 | |
21 | * 2. euid=0, ruid!=0 | |
22 | * 3. euid!=0, ruid!=0 | |
23 | * Additionally, they must work regardless of whether the system has | |
24 | * POSIX saved uids or not. | |
25 | */ | |
8efc0c15 | 26 | |
27 | #ifdef _POSIX_SAVED_IDS | |
28 | /* Lets assume that posix saved ids also work with seteuid, even though that | |
29 | is not part of the posix specification. */ | |
30 | #define SAVED_IDS_WORK_WITH_SETEUID | |
8efc0c15 | 31 | |
32 | /* Saved effective uid. */ | |
33 | static uid_t saved_euid = 0; | |
34 | ||
d468fc76 | 35 | #endif /* _POSIX_SAVED_IDS */ |
36 | ||
5260325f | 37 | /* |
38 | * Temporarily changes to the given uid. If the effective user | |
39 | * id is not root, this does nothing. This call cannot be nested. | |
40 | */ | |
6ae2364d | 41 | void |
5260325f | 42 | temporarily_use_uid(uid_t uid) |
8efc0c15 | 43 | { |
44 | #ifdef SAVED_IDS_WORK_WITH_SETEUID | |
5260325f | 45 | /* Save the current euid. */ |
46 | saved_euid = geteuid(); | |
8efc0c15 | 47 | |
5260325f | 48 | /* Set the effective uid to the given (unprivileged) uid. */ |
49 | if (seteuid(uid) == -1) | |
50 | debug("seteuid %d: %.100s", (int) uid, strerror(errno)); | |
8efc0c15 | 51 | #else /* SAVED_IDS_WORK_WITH_SETUID */ |
5260325f | 52 | /* Propagate the privileged uid to all of our uids. */ |
53 | if (setuid(geteuid()) < 0) | |
54 | debug("setuid %d: %.100s", (int) geteuid(), strerror(errno)); | |
8efc0c15 | 55 | |
5260325f | 56 | /* Set the effective uid to the given (unprivileged) uid. */ |
57 | if (seteuid(uid) == -1) | |
58 | debug("seteuid %d: %.100s", (int) uid, strerror(errno)); | |
8efc0c15 | 59 | #endif /* SAVED_IDS_WORK_WITH_SETEUID */ |
8efc0c15 | 60 | } |
61 | ||
5260325f | 62 | /* |
63 | * Restores to the original uid. | |
64 | */ | |
6ae2364d | 65 | void |
5260325f | 66 | restore_uid() |
8efc0c15 | 67 | { |
68 | #ifdef SAVED_IDS_WORK_WITH_SETEUID | |
5260325f | 69 | /* Set the effective uid back to the saved uid. */ |
70 | if (seteuid(saved_euid) < 0) | |
71 | debug("seteuid %d: %.100s", (int) saved_euid, strerror(errno)); | |
8efc0c15 | 72 | #else /* SAVED_IDS_WORK_WITH_SETEUID */ |
aa3378df | 73 | /* |
74 | * We are unable to restore the real uid to its unprivileged value. | |
75 | * Propagate the real uid (usually more privileged) to effective uid | |
76 | * as well. | |
77 | */ | |
5260325f | 78 | setuid(getuid()); |
8efc0c15 | 79 | #endif /* SAVED_IDS_WORK_WITH_SETEUID */ |
80 | } | |
81 | ||
5260325f | 82 | /* |
83 | * Permanently sets all uids to the given uid. This cannot be | |
84 | * called while temporarily_use_uid is effective. | |
85 | */ | |
6ae2364d | 86 | void |
5260325f | 87 | permanently_set_uid(uid_t uid) |
8efc0c15 | 88 | { |
3206bb3b | 89 | #ifdef WITH_IRIX_AUDIT |
90 | if (sysconf(_SC_AUDIT)) { | |
91 | debug("Setting sat id to %d", (int) uid); | |
92 | if (satsetid(uid)) | |
93 | fatal("error setting satid: %.100s", strerror(errno)); | |
94 | } | |
95 | #endif /* WITH_IRIX_AUDIT */ | |
96 | ||
5260325f | 97 | if (setuid(uid) < 0) |
98 | debug("setuid %d: %.100s", (int) uid, strerror(errno)); | |
8efc0c15 | 99 | } |