| 8efc0c15 |
1 | /* |
| 5260325f |
2 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| 4 | * All rights reserved |
| 5260325f |
5 | * Code for uid-swapping. |
| bcbf86ec |
6 | * |
| 7 | * As far as I am concerned, the code I have written for this software |
| 8 | * can be used freely for any purpose. Any derived versions of this |
| 9 | * software must be clearly marked as such, and if the derived work is |
| 10 | * incompatible with the protocol description in the RFC file, it must be |
| 11 | * called by a name other than "ssh" or "Secure Shell". |
| 5260325f |
12 | */ |
| 8efc0c15 |
13 | |
| 14 | #include "includes.h" |
| 42f11eb2 |
15 | RCSID("$OpenBSD: uidswap.c,v 1.13 2001/01/21 19:06:01 markus Exp $"); |
| 8efc0c15 |
16 | |
| 42f11eb2 |
17 | #include "log.h" |
| 8efc0c15 |
18 | #include "uidswap.h" |
| 19 | |
| 5260325f |
20 | /* |
| 21 | * Note: all these functions must work in all of the following cases: |
| 22 | * 1. euid=0, ruid=0 |
| 23 | * 2. euid=0, ruid!=0 |
| 24 | * 3. euid!=0, ruid!=0 |
| 25 | * Additionally, they must work regardless of whether the system has |
| 26 | * POSIX saved uids or not. |
| 27 | */ |
| 8efc0c15 |
28 | |
| 29 | #ifdef _POSIX_SAVED_IDS |
| 30 | /* Lets assume that posix saved ids also work with seteuid, even though that |
| 31 | is not part of the posix specification. */ |
| 32 | #define SAVED_IDS_WORK_WITH_SETEUID |
| 8efc0c15 |
33 | /* Saved effective uid. */ |
| 34 | static uid_t saved_euid = 0; |
| d468fc76 |
35 | #endif /* _POSIX_SAVED_IDS */ |
| 36 | |
| 5260325f |
37 | /* |
| 38 | * Temporarily changes to the given uid. If the effective user |
| 39 | * id is not root, this does nothing. This call cannot be nested. |
| 40 | */ |
| 6ae2364d |
41 | void |
| 5260325f |
42 | temporarily_use_uid(uid_t uid) |
| 8efc0c15 |
43 | { |
| 44 | #ifdef SAVED_IDS_WORK_WITH_SETEUID |
| 5260325f |
45 | /* Save the current euid. */ |
| 46 | saved_euid = geteuid(); |
| 8efc0c15 |
47 | |
| 5260325f |
48 | /* Set the effective uid to the given (unprivileged) uid. */ |
| 49 | if (seteuid(uid) == -1) |
| 14a9a859 |
50 | debug("seteuid %u: %.100s", (u_int) uid, strerror(errno)); |
| 67b0facb |
51 | #else /* SAVED_IDS_WORK_WITH_SETEUID */ |
| 5260325f |
52 | /* Propagate the privileged uid to all of our uids. */ |
| 53 | if (setuid(geteuid()) < 0) |
| 14a9a859 |
54 | debug("setuid %u: %.100s", (u_int) geteuid(), strerror(errno)); |
| 8efc0c15 |
55 | |
| 5260325f |
56 | /* Set the effective uid to the given (unprivileged) uid. */ |
| 57 | if (seteuid(uid) == -1) |
| 14a9a859 |
58 | debug("seteuid %u: %.100s", (u_int) uid, strerror(errno)); |
| 8efc0c15 |
59 | #endif /* SAVED_IDS_WORK_WITH_SETEUID */ |
| 8efc0c15 |
60 | } |
| 61 | |
| 5260325f |
62 | /* |
| 63 | * Restores to the original uid. |
| 64 | */ |
| 6ae2364d |
65 | void |
| 1e3b8b07 |
66 | restore_uid(void) |
| 8efc0c15 |
67 | { |
| 68 | #ifdef SAVED_IDS_WORK_WITH_SETEUID |
| 5260325f |
69 | /* Set the effective uid back to the saved uid. */ |
| 70 | if (seteuid(saved_euid) < 0) |
| 14a9a859 |
71 | debug("seteuid %u: %.100s", (u_int) saved_euid, strerror(errno)); |
| 8efc0c15 |
72 | #else /* SAVED_IDS_WORK_WITH_SETEUID */ |
| aa3378df |
73 | /* |
| 74 | * We are unable to restore the real uid to its unprivileged value. |
| 75 | * Propagate the real uid (usually more privileged) to effective uid |
| 76 | * as well. |
| 77 | */ |
| 5260325f |
78 | setuid(getuid()); |
| 8efc0c15 |
79 | #endif /* SAVED_IDS_WORK_WITH_SETEUID */ |
| 80 | } |
| 81 | |
| 5260325f |
82 | /* |
| 83 | * Permanently sets all uids to the given uid. This cannot be |
| 84 | * called while temporarily_use_uid is effective. |
| 85 | */ |
| 6ae2364d |
86 | void |
| 5260325f |
87 | permanently_set_uid(uid_t uid) |
| 8efc0c15 |
88 | { |
| 5260325f |
89 | if (setuid(uid) < 0) |
| 14a9a859 |
90 | debug("setuid %u: %.100s", (u_int) uid, strerror(errno)); |
| 8efc0c15 |
91 | } |
andersk / openssh.git / blame