[openssh.git] / uidswap.c

/*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
 * Created: Sat Sep  9 01:56:14 1995 ylo
 * Code for uid-swapping.
 */

#include "includes.h"
RCSID("$OpenBSD: uidswap.c,v 1.8 2000/08/28 03:50:54 deraadt Exp $");

#include "ssh.h"
#include "uidswap.h"
#ifdef WITH_IRIX_AUDIT
#include <sat.h>
#endif /* WITH_IRIX_AUDIT */

/*
 * Note: all these functions must work in all of the following cases:
 *    1. euid=0, ruid=0
 *    2. euid=0, ruid!=0
 *    3. euid!=0, ruid!=0
 * Additionally, they must work regardless of whether the system has
 * POSIX saved uids or not.
 */

#ifdef _POSIX_SAVED_IDS
/* Lets assume that posix saved ids also work with seteuid, even though that
   is not part of the posix specification. */
#define SAVED_IDS_WORK_WITH_SETEUID

/* Saved effective uid. */
static uid_t saved_euid = 0;

#endif /* _POSIX_SAVED_IDS */

/*
 * Temporarily changes to the given uid.  If the effective user
 * id is not root, this does nothing.  This call cannot be nested.
 */
void
temporarily_use_uid(uid_t uid)
{
#ifdef SAVED_IDS_WORK_WITH_SETEUID
	/* Save the current euid. */
	saved_euid = geteuid();

	/* Set the effective uid to the given (unprivileged) uid. */
	if (seteuid(uid) == -1)
		debug("seteuid %u: %.100s", (u_int) uid, strerror(errno));
#else /* SAVED_IDS_WORK_WITH_SETUID */
	/* Propagate the privileged uid to all of our uids. */
	if (setuid(geteuid()) < 0)
		debug("setuid %u: %.100s", (u_int) geteuid(), strerror(errno));

	/* Set the effective uid to the given (unprivileged) uid. */
	if (seteuid(uid) == -1)
		debug("seteuid %u: %.100s", (u_int) uid, strerror(errno));
#endif /* SAVED_IDS_WORK_WITH_SETEUID */
}

/*
 * Restores to the original uid.
 */
void
restore_uid()
{
#ifdef SAVED_IDS_WORK_WITH_SETEUID
	/* Set the effective uid back to the saved uid. */
	if (seteuid(saved_euid) < 0)
		debug("seteuid %u: %.100s", (u_int) saved_euid, strerror(errno));
#else /* SAVED_IDS_WORK_WITH_SETEUID */
	/*
	 * We are unable to restore the real uid to its unprivileged value.
	 * Propagate the real uid (usually more privileged) to effective uid
	 * as well.
	 */
	setuid(getuid());
#endif /* SAVED_IDS_WORK_WITH_SETEUID */
}

/*
 * Permanently sets all uids to the given uid.  This cannot be
 * called while temporarily_use_uid is effective.
 */
void
permanently_set_uid(uid_t uid)
{
#ifdef WITH_IRIX_AUDIT
	if (sysconf(_SC_AUDIT)) {
		debug("Setting sat id to %d", (int) uid);
		if (satsetid(uid))
			debug("error setting satid: %.100s", strerror(errno));
	}
#endif /* WITH_IRIX_AUDIT */

	if (setuid(uid) < 0)
		debug("setuid %u: %.100s", (u_int) uid, strerror(errno));
}
Commit	Line	Data
8efc0c15	1	/*
5260325f	2	* Author: Tatu Ylonen <ylo@cs.hut.fi>
	3	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
	4	* All rights reserved
	5	* Created: Sat Sep 9 01:56:14 1995 ylo
	6	* Code for uid-swapping.
	7	*/
8efc0c15	8
8efc0c15	9	#include "includes.h"
14a9a859	10	RCSID("$OpenBSD: uidswap.c,v 1.8 2000/08/28 03:50:54 deraadt Exp $");
8efc0c15	11
	12	#include "ssh.h"
	13	#include "uidswap.h"
3206bb3b	14	#ifdef WITH_IRIX_AUDIT
	15	#include <sat.h>
	16	#endif /* WITH_IRIX_AUDIT */
8efc0c15	17
5260325f	18	/*
	19	* Note: all these functions must work in all of the following cases:
	20	* 1. euid=0, ruid=0
	21	* 2. euid=0, ruid!=0
	22	* 3. euid!=0, ruid!=0
	23	* Additionally, they must work regardless of whether the system has
	24	* POSIX saved uids or not.
	25	*/
8efc0c15	26
	27	#ifdef _POSIX_SAVED_IDS
	28	/* Lets assume that posix saved ids also work with seteuid, even though that
	29	is not part of the posix specification. */
	30	#define SAVED_IDS_WORK_WITH_SETEUID
8efc0c15	31
	32	/* Saved effective uid. */
	33	static uid_t saved_euid = 0;
	34
d468fc76	35	#endif /* _POSIX_SAVED_IDS */
d468fc76	36
5260325f	37	/*
	38	* Temporarily changes to the given uid. If the effective user
	39	* id is not root, this does nothing. This call cannot be nested.
	40	*/
6ae2364d	41	void
5260325f	42	temporarily_use_uid(uid_t uid)
8efc0c15	43	{
8efc0c15	44	#ifdef SAVED_IDS_WORK_WITH_SETEUID
5260325f	45	/* Save the current euid. */
5260325f	46	saved_euid = geteuid();
8efc0c15	47
5260325f	48	/* Set the effective uid to the given (unprivileged) uid. */
5260325f	49	if (seteuid(uid) == -1)
14a9a859	50	debug("seteuid %u: %.100s", (u_int) uid, strerror(errno));
8efc0c15	51	#else /* SAVED_IDS_WORK_WITH_SETUID */
5260325f	52	/* Propagate the privileged uid to all of our uids. */
5260325f	53	if (setuid(geteuid()) < 0)
14a9a859	54	debug("setuid %u: %.100s", (u_int) geteuid(), strerror(errno));
8efc0c15	55
5260325f	56	/* Set the effective uid to the given (unprivileged) uid. */
5260325f	57	if (seteuid(uid) == -1)
14a9a859	58	debug("seteuid %u: %.100s", (u_int) uid, strerror(errno));
8efc0c15	59	#endif /* SAVED_IDS_WORK_WITH_SETEUID */
8efc0c15	60	}
8efc0c15	61
5260325f	62	/*
	63	* Restores to the original uid.
	64	*/
6ae2364d	65	void
5260325f	66	restore_uid()
8efc0c15	67	{
8efc0c15	68	#ifdef SAVED_IDS_WORK_WITH_SETEUID
5260325f	69	/* Set the effective uid back to the saved uid. */
5260325f	70	if (seteuid(saved_euid) < 0)
14a9a859	71	debug("seteuid %u: %.100s", (u_int) saved_euid, strerror(errno));
8efc0c15	72	#else /* SAVED_IDS_WORK_WITH_SETEUID */
aa3378df	73	/*
	74	* We are unable to restore the real uid to its unprivileged value.
	75	* Propagate the real uid (usually more privileged) to effective uid
	76	* as well.
	77	*/
5260325f	78	setuid(getuid());
8efc0c15	79	#endif /* SAVED_IDS_WORK_WITH_SETEUID */
	80	}
	81
5260325f	82	/*
	83	* Permanently sets all uids to the given uid. This cannot be
	84	* called while temporarily_use_uid is effective.
	85	*/
6ae2364d	86	void
5260325f	87	permanently_set_uid(uid_t uid)
8efc0c15	88	{
3206bb3b	89	#ifdef WITH_IRIX_AUDIT
	90	if (sysconf(_SC_AUDIT)) {
	91	debug("Setting sat id to %d", (int) uid);
	92	if (satsetid(uid))
cd352c82	93	debug("error setting satid: %.100s", strerror(errno));
3206bb3b	94	}
	95	#endif /* WITH_IRIX_AUDIT */
	96
5260325f	97	if (setuid(uid) < 0)
14a9a859	98	debug("setuid %u: %.100s", (u_int) uid, strerror(errno));
8efc0c15	99	}