Annotation of src/usr.bin/at/privs.h, Revision 1.10
1.10 ! krw 1: /* $OpenBSD: privs.h,v 1.9 2004/06/17 22:09:11 millert Exp $ */
1.1 deraadt 2:
1.9 millert 3: /*
4: * privs.h - header for privileged operations
1.4 millert 5: * Copyright (C) 1993 Thomas Koenig
1.1 deraadt 6: *
7: * Redistribution and use in source and binary forms, with or without
8: * modification, are permitted provided that the following conditions
9: * are met:
10: * 1. Redistributions of source code must retain the above copyright
11: * notice, this list of conditions and the following disclaimer.
12: * 2. The name of the author(s) may not be used to endorse or promote
13: * products derived from this software without specific prior written
14: * permission.
15: *
16: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
17: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
1.4 millert 19: * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
1.1 deraadt 20: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
1.10 ! krw 23: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
1.1 deraadt 24: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26: */
27:
28: #ifndef _PRIVS_H
29: #define _PRIVS_H
30:
31: #include <unistd.h>
32:
1.4 millert 33: /* Relinquish privileges temporarily for a setuid or setgid program
34: * with the option of getting them back later. This is done by
1.7 millert 35: * utilizing POSIX saved user and groups ids (or setreuid amd setregid if
36: * POSIX saved ids are not available). Call RELINQUISH_PRIVS once
1.8 jmc 37: * at the beginning of the main program. This will cause all operations
1.1 deraadt 38: * to be executed with the real userid. When you need the privileges
1.4 millert 39: * of the setuid/setgid invocation, call PRIV_START; when you no longer
1.1 deraadt 40: * need it, call PRIV_END. Note that it is an error to call PRIV_START
41: * and not PRIV_END within the same function.
42: *
1.4 millert 43: * Use RELINQUISH_PRIVS_ROOT(a,b) if your program started out running
1.1 deraadt 44: * as root, and you want to drop back the effective userid to a
45: * and the effective group id to b, with the option to get them back
46: * later.
47: *
48: * Problems: Do not use return between PRIV_START and PRIV_END; this
49: * will cause the program to continue running in an unprivileged
50: * state.
51: *
52: * It is NOT safe to call exec(), system() or popen() with a user-
53: * supplied program (i.e. without carefully checking PATH and any
54: * library load paths) with relinquished privileges; the called program
1.6 deraadt 55: * can acquire them just as easily. Set both effective and real userid
1.1 deraadt 56: * to the real userid before calling any of them.
57: */
58:
1.7 millert 59: #ifndef MAIN_PROGRAM
1.1 deraadt 60: extern
61: #endif
62: uid_t real_uid, effective_uid;
63:
1.9 millert 64: #ifndef MAIN_PROGRAM
1.4 millert 65: extern
66: #endif
67: gid_t real_gid, effective_gid;
68:
1.7 millert 69: #ifdef HAVE_SAVED_UIDS
70:
1.5 millert 71: #define RELINQUISH_PRIVS do { \
72: real_uid = getuid(); \
73: effective_uid = geteuid(); \
74: real_gid = getgid(); \
75: effective_gid = getegid(); \
76: setegid(real_gid); \
77: seteuid(real_uid); \
78: } while (0)
79:
80: #define RELINQUISH_PRIVS_ROOT(a, b) do { \
81: real_uid = (a); \
82: effective_uid = geteuid(); \
83: real_gid = (b); \
84: effective_gid = getegid(); \
85: setegid(real_gid); \
86: seteuid(real_uid); \
87: } while (0)
88:
89: #define PRIV_START do { \
90: seteuid(effective_uid); \
91: setegid(effective_gid); \
92: } while (0)
93:
94: #define PRIV_END do { \
95: setegid(real_gid); \
96: seteuid(real_uid); \
97: } while (0)
1.7 millert 98:
99: #else /* HAVE_SAVED_UIDS */
100:
101: #define RELINQUISH_PRIVS do { \
102: real_uid = getuid(); \
103: effective_uid = geteuid(); \
104: real_gid = getgid(); \
105: effective_gid = getegid(); \
106: setregid(effective_gid, real_gid); \
107: setreuid(effective_uid, real_uid); \
108: } while (0)
109:
110: #define RELINQUISH_PRIVS_ROOT(a, b) do { \
111: real_uid = (a); \
112: effective_uid = geteuid(); \
113: real_gid = (b); \
114: effective_gid = getegid(); \
115: setregid(effective_gid, real_gid); \
116: setreuid(effective_uid, real_uid); \
117: } while (0)
118:
119: #define PRIV_START do { \
120: setreuid(real_uid, effective_uid); \
121: setregid(real_gid, effective_gid); \
122: } while (0)
123:
124: #define PRIV_END do { \
125: setregid(effective_gid, real_gid); \
126: setreuid(effective_uid, real_uid); \
127: } while (0)
128:
129: #endif /* HAVE_SAVED_UIDS */
1.1 deraadt 130:
1.5 millert 131: #endif /* _PRIVS_H */