- (bal) Cygwin lacks setgroups() API. Patch by Corinna Vinschen

[openssh.git] / uidswap.c

diff --git a/uidswap.c b/uidswap.c
index 91f93923f69177717ba198e6ff7dfcd479360373..3b264cf9e866bb75331ae30eeba5d8c16e86764a 100644 (file)
--- a/uidswap.c
+++ b/uidswap.c
@@ -12,9 +12,9 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: uidswap.c,v 1.12 2000/12/29 10:48:56 markus Exp $");
+RCSID("$OpenBSD: uidswap.c,v 1.16 2001/04/20 16:32:22 markus Exp $");
 
-#include "ssh.h"
+#include "log.h"
 #include "uidswap.h"
 
 /*
@@ -26,51 +26,102 @@ RCSID("$OpenBSD: uidswap.c,v 1.12 2000/12/29 10:48:56 markus Exp $");
  * POSIX saved uids or not.
  */
 
-#ifdef _POSIX_SAVED_IDS
+#if defined(_POSIX_SAVED_IDS) && !defined(BROKEN_SAVED_UIDS)
 /* Lets assume that posix saved ids also work with seteuid, even though that
    is not part of the posix specification. */
 #define SAVED_IDS_WORK_WITH_SETEUID
-
 /* Saved effective uid. */
-static uid_t saved_euid = 0;
+static uid_t   saved_euid = 0;
+static gid_t   saved_egid = 0;
+#endif
 
-#endif /* _POSIX_SAVED_IDS */
+/* Saved effective uid. */
+static int     privileged = 0;
+static int     temporarily_use_uid_effective = 0;
+static gid_t   saved_egroups[NGROUPS_MAX], user_groups[NGROUPS_MAX];
+static int     saved_egroupslen = -1, user_groupslen = -1;
 
 /*
  * Temporarily changes to the given uid.  If the effective user
  * id is not root, this does nothing.  This call cannot be nested.
  */
 void
-temporarily_use_uid(uid_t uid)
+temporarily_use_uid(struct passwd *pw)
 {
+       /* Save the current euid, and egroups. */
 #ifdef SAVED_IDS_WORK_WITH_SETEUID
-       /* Save the current euid. */
        saved_euid = geteuid();
+       saved_egid = getegid();
+       debug("temporarily_use_uid: %d/%d (e=%d)",
+           pw->pw_uid, pw->pw_gid, saved_euid);
+       if (saved_euid != 0) {
+               privileged = 0;
+               return;
+       }
+#else
+       if (geteuid() != 0) {
+               privileged = 0;
+               return;
+       }
+#endif /* SAVED_IDS_WORK_WITH_SETEUID */
 
+       privileged = 1;
+       temporarily_use_uid_effective = 1;
+       saved_egroupslen = getgroups(NGROUPS_MAX, saved_egroups);                           
+       if (saved_egroupslen < 0)
+               fatal("getgroups: %.100s", strerror(errno));
+
+       /* set and save the user's groups */
+       if (user_groupslen == -1) {
+               if (initgroups(pw->pw_name, pw->pw_gid) < 0)
+                       fatal("initgroups: %s: %.100s", pw->pw_name,
+                           strerror(errno));
+               user_groupslen = getgroups(NGROUPS_MAX, user_groups);                           
+               if (user_groupslen < 0)
+                       fatal("getgroups: %.100s", strerror(errno));
+       }
+#ifndef HAVE_CYGWIN
        /* Set the effective uid to the given (unprivileged) uid. */
-       if (seteuid(uid) == -1)
-               debug("seteuid %u: %.100s", (u_int) uid, strerror(errno));
-#else /* SAVED_IDS_WORK_WITH_SETEUID */
+       if (setgroups(user_groupslen, user_groups) < 0)
+               fatal("setgroups: %.100s", strerror(errno));
+#endif /* !HAVE_CYWIN */
+#ifndef SAVED_IDS_WORK_WITH_SETEUID
+       /* Propagate the privileged gid to all of our gids. */
+       if (setgid(getegid()) < 0)
+               debug("setgid %u: %.100s", (u_int) getegid(), strerror(errno));
        /* Propagate the privileged uid to all of our uids. */
        if (setuid(geteuid()) < 0)
                debug("setuid %u: %.100s", (u_int) geteuid(), strerror(errno));
-
-       /* Set the effective uid to the given (unprivileged) uid. */
-       if (seteuid(uid) == -1)
-               debug("seteuid %u: %.100s", (u_int) uid, strerror(errno));
 #endif /* SAVED_IDS_WORK_WITH_SETEUID */
+       if (setegid(pw->pw_gid) < 0)
+               fatal("setegid %u: %.100s", (u_int) pw->pw_gid,
+                   strerror(errno));
+       if (seteuid(pw->pw_uid) == -1)
+               fatal("seteuid %u: %.100s", (u_int) pw->pw_uid,
+                   strerror(errno));
 }
 
 /*
- * Restores to the original uid.
+ * Restores to the original (privileged) uid.
  */
 void
 restore_uid(void)
 {
+       debug("restore_uid");
+       /* it's a no-op unless privileged */
+       if (!privileged)
+               return;
+       if (!temporarily_use_uid_effective)
+               fatal("restore_uid: temporarily_use_uid not effective");
+
 #ifdef SAVED_IDS_WORK_WITH_SETEUID
-       /* Set the effective uid back to the saved uid. */
+       /* Set the effective uid back to the saved privileged uid. */
        if (seteuid(saved_euid) < 0)
-               debug("seteuid %u: %.100s", (u_int) saved_euid, strerror(errno));
+               fatal("seteuid %u: %.100s", (u_int) saved_euid, 
+                   strerror(errno));
+       if (setegid(saved_egid) < 0)
+               fatal("setegid %u: %.100s", (u_int) saved_egid, 
+                   strerror(errno));
 #else /* SAVED_IDS_WORK_WITH_SETEUID */
        /*
         * We are unable to restore the real uid to its unprivileged value.
@@ -78,7 +129,14 @@ restore_uid(void)
         * as well.
         */
        setuid(getuid());
+       setgid(getgid());
 #endif /* SAVED_IDS_WORK_WITH_SETEUID */
+
+#ifndef HAVE_CYGWIN
+       if (setgroups(saved_egroupslen, saved_egroups) < 0)
+               fatal("setgroups: %.100s", strerror(errno));
+#endif /* !HAVE_CYGWIN */
+       temporarily_use_uid_effective = 0;
 }
 
 /*
@@ -86,8 +144,12 @@ restore_uid(void)
  * called while temporarily_use_uid is effective.
  */
 void
-permanently_set_uid(uid_t uid)
+permanently_set_uid(struct passwd *pw)
 {
-       if (setuid(uid) < 0)
-               debug("setuid %u: %.100s", (u_int) uid, strerror(errno));
+       if (temporarily_use_uid_effective)
+               fatal("restore_uid: temporarily_use_uid effective");
+       if (setgid(pw->pw_gid) < 0)
+               fatal("setgid %u: %.100s", (u_int) pw->pw_gid, strerror(errno));
+       if (setuid(pw->pw_uid) < 0)
+               fatal("setuid %u: %.100s", (u_int) pw->pw_uid, strerror(errno));
 }