Annotation of src/usr.bin/at/privs.h, Revision 1.3
1.3 ! tholo 1: /* $OpenBSD: privs.h,v 1.2 1996/06/26 05:31:31 deraadt Exp $ */
1.1 deraadt 2: /* $NetBSD: privs.h,v 1.3 1995/03/25 18:13:41 glass Exp $ */
3:
4: /*
5: * privs.h - header for privileged operations
6: * Copyright (c) 1993 by Thomas Koenig
7: * All rights reserved.
8: *
9: * Redistribution and use in source and binary forms, with or without
10: * modification, are permitted provided that the following conditions
11: * are met:
12: * 1. Redistributions of source code must retain the above copyright
13: * notice, this list of conditions and the following disclaimer.
14: * 2. The name of the author(s) may not be used to endorse or promote
15: * products derived from this software without specific prior written
16: * permission.
17: *
18: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
19: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21: * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
22: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25: * THEORY OF LIABILITY, WETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28: *
29: */
30:
31: #ifndef _PRIVS_H
32: #define _PRIVS_H
33:
34: #include <unistd.h>
35:
36: /* Relinquish privileges temporarily for a setuid program
37: * with the option of getting them back later. This is done by swapping
38: * the real and effective userid BSD style. Call RELINQUISH_PRIVS once
39: * at the beginning of the main program. This will cause all operatons
40: * to be executed with the real userid. When you need the privileges
41: * of the setuid invocation, call PRIV_START; when you no longer
42: * need it, call PRIV_END. Note that it is an error to call PRIV_START
43: * and not PRIV_END within the same function.
44: *
45: * Use RELINQUISH_PRIVS_ROOT(a) if your program started out running
46: * as root, and you want to drop back the effective userid to a
47: * and the effective group id to b, with the option to get them back
48: * later.
49: *
50: * If you no longer need root privileges, but those of some other
51: * userid, you can call REDUCE_PRIV(a) when your effective
52: * is the user's.
53: *
54: * Problems: Do not use return between PRIV_START and PRIV_END; this
55: * will cause the program to continue running in an unprivileged
56: * state.
57: *
58: * It is NOT safe to call exec(), system() or popen() with a user-
59: * supplied program (i.e. without carefully checking PATH and any
60: * library load paths) with relinquished privileges; the called program
61: * can aquire them just as easily. Set both effective and real userid
62: * to the real userid before calling any of them.
63: */
64:
65: #ifndef MAIN
66: extern
67: #endif
68: uid_t real_uid, effective_uid;
69:
70: #define RELINQUISH_PRIVS { \
71: real_uid = getuid(); \
72: effective_uid = geteuid(); \
73: seteuid(real_uid); \
74: }
75:
76: #define RELINQUISH_PRIVS_ROOT(a) { \
77: real_uid = (a); \
78: effective_uid = geteuid(); \
79: seteuid(real_uid); \
80: }
81:
82: #define PRIV_START { \
83: seteuid(effective_uid);
84:
85: #define PRIV_END \
86: seteuid(real_uid); \
87: }
88:
89: #define REDUCE_PRIV(a) { \
1.3 ! tholo 90: real_uid = effective_uid = (a); \
1.1 deraadt 91: seteuid(effective_uid); \
92: setuid(real_uid); \
93: }
94: #endif
![[BACK]](/icons/back.gif){kind=icon}
Return to privs.h CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / at