version 1.3, 1996/12/22 03:39:24 |
version 1.4, 1997/03/01 23:40:12 |
|
|
/* $OpenBSD$ */ |
/* $OpenBSD$ */ |
/* $NetBSD: privs.h,v 1.3 1995/03/25 18:13:41 glass Exp $ */ |
/* $NetBSD: privs.h,v 1.3 1995/03/25 18:13:41 glass Exp $ */ |
|
|
/* |
/* |
* privs.h - header for privileged operations |
* privs.h - header for privileged operations |
* Copyright (c) 1993 by Thomas Koenig |
* Copyright (C) 1993 Thomas Koenig |
* All rights reserved. |
|
* |
* |
* Redistribution and use in source and binary forms, with or without |
* Redistribution and use in source and binary forms, with or without |
* modification, are permitted provided that the following conditions |
* modification, are permitted provided that the following conditions |
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR |
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR |
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
* IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, |
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
* THEORY OF LIABILITY, WETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
* THEORY OF LIABILITY, WETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
* |
|
*/ |
*/ |
|
|
#ifndef _PRIVS_H |
#ifndef _PRIVS_H |
|
|
|
|
#include <unistd.h> |
#include <unistd.h> |
|
|
/* Relinquish privileges temporarily for a setuid program |
/* Relinquish privileges temporarily for a setuid or setgid program |
* with the option of getting them back later. This is done by swapping |
* with the option of getting them back later. This is done by |
* the real and effective userid BSD style. Call RELINQUISH_PRIVS once |
* utilizing POSIX saved user and groups ids. Call RELINQUISH_PRIVS once |
* at the beginning of the main program. This will cause all operatons |
* at the beginning of the main program. This will cause all operatons |
* to be executed with the real userid. When you need the privileges |
* to be executed with the real userid. When you need the privileges |
* of the setuid invocation, call PRIV_START; when you no longer |
* of the setuid/setgid invocation, call PRIV_START; when you no longer |
* need it, call PRIV_END. Note that it is an error to call PRIV_START |
* need it, call PRIV_END. Note that it is an error to call PRIV_START |
* and not PRIV_END within the same function. |
* and not PRIV_END within the same function. |
* |
* |
* Use RELINQUISH_PRIVS_ROOT(a) if your program started out running |
* Use RELINQUISH_PRIVS_ROOT(a,b) if your program started out running |
* as root, and you want to drop back the effective userid to a |
* as root, and you want to drop back the effective userid to a |
* and the effective group id to b, with the option to get them back |
* and the effective group id to b, with the option to get them back |
* later. |
* later. |
* |
* |
* If you no longer need root privileges, but those of some other |
|
* userid, you can call REDUCE_PRIV(a) when your effective |
|
* is the user's. |
|
* |
|
* Problems: Do not use return between PRIV_START and PRIV_END; this |
* Problems: Do not use return between PRIV_START and PRIV_END; this |
* will cause the program to continue running in an unprivileged |
* will cause the program to continue running in an unprivileged |
* state. |
* state. |
|
|
#endif |
#endif |
uid_t real_uid, effective_uid; |
uid_t real_uid, effective_uid; |
|
|
|
#ifndef MAIN |
|
extern |
|
#endif |
|
gid_t real_gid, effective_gid; |
|
|
#define RELINQUISH_PRIVS { \ |
#define RELINQUISH_PRIVS { \ |
real_uid = getuid(); \ |
real_uid = getuid(); \ |
effective_uid = geteuid(); \ |
effective_uid = geteuid(); \ |
seteuid(real_uid); \ |
real_gid = getgid(); \ |
|
effective_gid = getegid(); \ |
|
setegid(real_gid); \ |
|
seteuid(real_uid); \ |
} |
} |
|
|
#define RELINQUISH_PRIVS_ROOT(a) { \ |
#define RELINQUISH_PRIVS_ROOT(a, b) { \ |
real_uid = (a); \ |
real_uid = (a); \ |
effective_uid = geteuid(); \ |
effective_uid = geteuid(); \ |
|
real_gid = (b); \ |
|
effective_gid = getegid(); \ |
|
setegid(real_gid); \ |
seteuid(real_uid); \ |
seteuid(real_uid); \ |
} |
} |
|
|
#define PRIV_START { \ |
#define PRIV_START { \ |
seteuid(effective_uid); |
seteuid(effective_uid); \ |
|
setegid(effective_gid); \ |
|
} |
|
|
#define PRIV_END \ |
#define PRIV_END { \ |
|
setegid(real_gid); \ |
seteuid(real_uid); \ |
seteuid(real_uid); \ |
} |
} |
|
|
#define REDUCE_PRIV(a) { \ |
|
real_uid = effective_uid = (a); \ |
|
seteuid(effective_uid); \ |
|
setuid(real_uid); \ |
|
} |
|
#endif |
#endif |