[openssh.git] / uidswap.c

/*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
 * Code for uid-swapping.
 *
 * As far as I am concerned, the code I have written for this software
 * can be used freely for any purpose.  Any derived versions of this
 * software must be clearly marked as such, and if the derived work is
 * incompatible with the protocol description in the RFC file, it must be
 * called by a name other than "ssh" or "Secure Shell".
 */

#include "includes.h"
RCSID("$OpenBSD: uidswap.c,v 1.9 2000/09/07 20:27:55 deraadt Exp $");

#include "ssh.h"
#include "uidswap.h"
#ifdef WITH_IRIX_AUDIT
#include <sat.h>
#endif /* WITH_IRIX_AUDIT */

/*
 * Note: all these functions must work in all of the following cases:
 *    1. euid=0, ruid=0
 *    2. euid=0, ruid!=0
 *    3. euid!=0, ruid!=0
 * Additionally, they must work regardless of whether the system has
 * POSIX saved uids or not.
 */

#ifdef _POSIX_SAVED_IDS
/* Lets assume that posix saved ids also work with seteuid, even though that
   is not part of the posix specification. */
#define SAVED_IDS_WORK_WITH_SETEUID

/* Saved effective uid. */
static uid_t saved_euid = 0;

#endif /* _POSIX_SAVED_IDS */

/*
 * Temporarily changes to the given uid.  If the effective user
 * id is not root, this does nothing.  This call cannot be nested.
 */
void
temporarily_use_uid(uid_t uid)
{
#ifdef SAVED_IDS_WORK_WITH_SETEUID
	/* Save the current euid. */
	saved_euid = geteuid();

	/* Set the effective uid to the given (unprivileged) uid. */
	if (seteuid(uid) == -1)
		debug("seteuid %u: %.100s", (u_int) uid, strerror(errno));
#else /* SAVED_IDS_WORK_WITH_SETUID */
	/* Propagate the privileged uid to all of our uids. */
	if (setuid(geteuid()) < 0)
		debug("setuid %u: %.100s", (u_int) geteuid(), strerror(errno));

	/* Set the effective uid to the given (unprivileged) uid. */
	if (seteuid(uid) == -1)
		debug("seteuid %u: %.100s", (u_int) uid, strerror(errno));
#endif /* SAVED_IDS_WORK_WITH_SETEUID */
}

/*
 * Restores to the original uid.
 */
void
restore_uid()
{
#ifdef SAVED_IDS_WORK_WITH_SETEUID
	/* Set the effective uid back to the saved uid. */
	if (seteuid(saved_euid) < 0)
		debug("seteuid %u: %.100s", (u_int) saved_euid, strerror(errno));
#else /* SAVED_IDS_WORK_WITH_SETEUID */
	/*
	 * We are unable to restore the real uid to its unprivileged value.
	 * Propagate the real uid (usually more privileged) to effective uid
	 * as well.
	 */
	setuid(getuid());
#endif /* SAVED_IDS_WORK_WITH_SETEUID */
}

/*
 * Permanently sets all uids to the given uid.  This cannot be
 * called while temporarily_use_uid is effective.
 */
void
permanently_set_uid(uid_t uid)
{
#ifdef WITH_IRIX_AUDIT
	if (sysconf(_SC_AUDIT)) {
		debug("Setting sat id to %d", (int) uid);
		if (satsetid(uid))
			debug("error setting satid: %.100s", strerror(errno));
	}
#endif /* WITH_IRIX_AUDIT */

	if (setuid(uid) < 0)
		debug("setuid %u: %.100s", (u_int) uid, strerror(errno));
}
Commit	Line	Data
8efc0c15	1	/*
5260325f	2	* Author: Tatu Ylonen <ylo@cs.hut.fi>
	3	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
	4	* All rights reserved
5260325f	5	* Code for uid-swapping.
bcbf86ec	6	*
	7	* As far as I am concerned, the code I have written for this software
	8	* can be used freely for any purpose. Any derived versions of this
	9	* software must be clearly marked as such, and if the derived work is
	10	* incompatible with the protocol description in the RFC file, it must be
	11	* called by a name other than "ssh" or "Secure Shell".
5260325f	12	*/
8efc0c15	13
8efc0c15	14	#include "includes.h"
bcbf86ec	15	RCSID("$OpenBSD: uidswap.c,v 1.9 2000/09/07 20:27:55 deraadt Exp $");
8efc0c15	16
	17	#include "ssh.h"
	18	#include "uidswap.h"
3206bb3b	19	#ifdef WITH_IRIX_AUDIT
	20	#include <sat.h>
	21	#endif /* WITH_IRIX_AUDIT */
8efc0c15	22
5260325f	23	/*
	24	* Note: all these functions must work in all of the following cases:
	25	* 1. euid=0, ruid=0
	26	* 2. euid=0, ruid!=0
	27	* 3. euid!=0, ruid!=0
	28	* Additionally, they must work regardless of whether the system has
	29	* POSIX saved uids or not.
	30	*/
8efc0c15	31
	32	#ifdef _POSIX_SAVED_IDS
	33	/* Lets assume that posix saved ids also work with seteuid, even though that
	34	is not part of the posix specification. */
	35	#define SAVED_IDS_WORK_WITH_SETEUID
8efc0c15	36
	37	/* Saved effective uid. */
	38	static uid_t saved_euid = 0;
	39
d468fc76	40	#endif /* _POSIX_SAVED_IDS */
d468fc76	41
5260325f	42	/*
	43	* Temporarily changes to the given uid. If the effective user
	44	* id is not root, this does nothing. This call cannot be nested.
	45	*/
6ae2364d	46	void
5260325f	47	temporarily_use_uid(uid_t uid)
8efc0c15	48	{
8efc0c15	49	#ifdef SAVED_IDS_WORK_WITH_SETEUID
5260325f	50	/* Save the current euid. */
5260325f	51	saved_euid = geteuid();
8efc0c15	52
5260325f	53	/* Set the effective uid to the given (unprivileged) uid. */
5260325f	54	if (seteuid(uid) == -1)
14a9a859	55	debug("seteuid %u: %.100s", (u_int) uid, strerror(errno));
8efc0c15	56	#else /* SAVED_IDS_WORK_WITH_SETUID */
5260325f	57	/* Propagate the privileged uid to all of our uids. */
5260325f	58	if (setuid(geteuid()) < 0)
14a9a859	59	debug("setuid %u: %.100s", (u_int) geteuid(), strerror(errno));
8efc0c15	60
5260325f	61	/* Set the effective uid to the given (unprivileged) uid. */
5260325f	62	if (seteuid(uid) == -1)
14a9a859	63	debug("seteuid %u: %.100s", (u_int) uid, strerror(errno));
8efc0c15	64	#endif /* SAVED_IDS_WORK_WITH_SETEUID */
8efc0c15	65	}
8efc0c15	66
5260325f	67	/*
	68	* Restores to the original uid.
	69	*/
6ae2364d	70	void
5260325f	71	restore_uid()
8efc0c15	72	{
8efc0c15	73	#ifdef SAVED_IDS_WORK_WITH_SETEUID
5260325f	74	/* Set the effective uid back to the saved uid. */
5260325f	75	if (seteuid(saved_euid) < 0)
14a9a859	76	debug("seteuid %u: %.100s", (u_int) saved_euid, strerror(errno));
8efc0c15	77	#else /* SAVED_IDS_WORK_WITH_SETEUID */
aa3378df	78	/*
	79	* We are unable to restore the real uid to its unprivileged value.
	80	* Propagate the real uid (usually more privileged) to effective uid
	81	* as well.
	82	*/
5260325f	83	setuid(getuid());
8efc0c15	84	#endif /* SAVED_IDS_WORK_WITH_SETEUID */
	85	}
	86
5260325f	87	/*
	88	* Permanently sets all uids to the given uid. This cannot be
	89	* called while temporarily_use_uid is effective.
	90	*/
6ae2364d	91	void
5260325f	92	permanently_set_uid(uid_t uid)
8efc0c15	93	{
3206bb3b	94	#ifdef WITH_IRIX_AUDIT
	95	if (sysconf(_SC_AUDIT)) {
	96	debug("Setting sat id to %d", (int) uid);
	97	if (satsetid(uid))
cd352c82	98	debug("error setting satid: %.100s", strerror(errno));
3206bb3b	99	}
	100	#endif /* WITH_IRIX_AUDIT */
	101
5260325f	102	if (setuid(uid) < 0)
14a9a859	103	debug("setuid %u: %.100s", (u_int) uid, strerror(errno));
8efc0c15	104	}