]>
Commit | Line | Data |
---|---|---|
8efc0c15 | 1 | /* |
5260325f | 2 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | |
4 | * All rights reserved | |
5260325f | 5 | * Code for uid-swapping. |
bcbf86ec | 6 | * |
7 | * As far as I am concerned, the code I have written for this software | |
8 | * can be used freely for any purpose. Any derived versions of this | |
9 | * software must be clearly marked as such, and if the derived work is | |
10 | * incompatible with the protocol description in the RFC file, it must be | |
11 | * called by a name other than "ssh" or "Secure Shell". | |
5260325f | 12 | */ |
8efc0c15 | 13 | |
14 | #include "includes.h" | |
42f11eb2 | 15 | RCSID("$OpenBSD: uidswap.c,v 1.13 2001/01/21 19:06:01 markus Exp $"); |
8efc0c15 | 16 | |
42f11eb2 | 17 | #include "log.h" |
8efc0c15 | 18 | #include "uidswap.h" |
19 | ||
5260325f | 20 | /* |
21 | * Note: all these functions must work in all of the following cases: | |
22 | * 1. euid=0, ruid=0 | |
23 | * 2. euid=0, ruid!=0 | |
24 | * 3. euid!=0, ruid!=0 | |
25 | * Additionally, they must work regardless of whether the system has | |
26 | * POSIX saved uids or not. | |
27 | */ | |
8efc0c15 | 28 | |
86b416a7 | 29 | #if defined(_POSIX_SAVED_IDS) && !defined(BROKEN_SAVED_UIDS) |
8efc0c15 | 30 | /* Lets assume that posix saved ids also work with seteuid, even though that |
31 | is not part of the posix specification. */ | |
32 | #define SAVED_IDS_WORK_WITH_SETEUID | |
8efc0c15 | 33 | /* Saved effective uid. */ |
34 | static uid_t saved_euid = 0; | |
86b416a7 | 35 | #endif |
d468fc76 | 36 | |
5260325f | 37 | /* |
38 | * Temporarily changes to the given uid. If the effective user | |
39 | * id is not root, this does nothing. This call cannot be nested. | |
40 | */ | |
6ae2364d | 41 | void |
5260325f | 42 | temporarily_use_uid(uid_t uid) |
8efc0c15 | 43 | { |
44 | #ifdef SAVED_IDS_WORK_WITH_SETEUID | |
5260325f | 45 | /* Save the current euid. */ |
46 | saved_euid = geteuid(); | |
8efc0c15 | 47 | |
5260325f | 48 | /* Set the effective uid to the given (unprivileged) uid. */ |
49 | if (seteuid(uid) == -1) | |
14a9a859 | 50 | debug("seteuid %u: %.100s", (u_int) uid, strerror(errno)); |
67b0facb | 51 | #else /* SAVED_IDS_WORK_WITH_SETEUID */ |
5260325f | 52 | /* Propagate the privileged uid to all of our uids. */ |
53 | if (setuid(geteuid()) < 0) | |
14a9a859 | 54 | debug("setuid %u: %.100s", (u_int) geteuid(), strerror(errno)); |
8efc0c15 | 55 | |
5260325f | 56 | /* Set the effective uid to the given (unprivileged) uid. */ |
57 | if (seteuid(uid) == -1) | |
14a9a859 | 58 | debug("seteuid %u: %.100s", (u_int) uid, strerror(errno)); |
8efc0c15 | 59 | #endif /* SAVED_IDS_WORK_WITH_SETEUID */ |
8efc0c15 | 60 | } |
61 | ||
5260325f | 62 | /* |
63 | * Restores to the original uid. | |
64 | */ | |
6ae2364d | 65 | void |
1e3b8b07 | 66 | restore_uid(void) |
8efc0c15 | 67 | { |
68 | #ifdef SAVED_IDS_WORK_WITH_SETEUID | |
5260325f | 69 | /* Set the effective uid back to the saved uid. */ |
70 | if (seteuid(saved_euid) < 0) | |
14a9a859 | 71 | debug("seteuid %u: %.100s", (u_int) saved_euid, strerror(errno)); |
8efc0c15 | 72 | #else /* SAVED_IDS_WORK_WITH_SETEUID */ |
aa3378df | 73 | /* |
74 | * We are unable to restore the real uid to its unprivileged value. | |
75 | * Propagate the real uid (usually more privileged) to effective uid | |
76 | * as well. | |
77 | */ | |
5260325f | 78 | setuid(getuid()); |
8efc0c15 | 79 | #endif /* SAVED_IDS_WORK_WITH_SETEUID */ |
80 | } | |
81 | ||
5260325f | 82 | /* |
83 | * Permanently sets all uids to the given uid. This cannot be | |
84 | * called while temporarily_use_uid is effective. | |
85 | */ | |
6ae2364d | 86 | void |
5260325f | 87 | permanently_set_uid(uid_t uid) |
8efc0c15 | 88 | { |
5260325f | 89 | if (setuid(uid) < 0) |
14a9a859 | 90 | debug("setuid %u: %.100s", (u_int) uid, strerror(errno)); |
8efc0c15 | 91 | } |