| version 1.6.2.4, 2001/03/21 18:53:19 |
version 1.7, 2000/06/20 01:39:45 |
|
|
| * Author: Tatu Ylonen <ylo@cs.hut.fi> |
* Author: Tatu Ylonen <ylo@cs.hut.fi> |
| * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| * All rights reserved |
* All rights reserved |
| |
* Created: Sat Sep 9 01:56:14 1995 ylo |
| * Code for uid-swapping. |
* Code for uid-swapping. |
| * |
|
| * As far as I am concerned, the code I have written for this software |
|
| * can be used freely for any purpose. Any derived versions of this |
|
| * software must be clearly marked as such, and if the derived work is |
|
| * incompatible with the protocol description in the RFC file, it must be |
|
| * called by a name other than "ssh" or "Secure Shell". |
|
| */ |
*/ |
| |
|
| #include "includes.h" |
#include "includes.h" |
| RCSID("$OpenBSD$"); |
RCSID("$OpenBSD$"); |
| |
|
| #include "log.h" |
#include "ssh.h" |
| #include "uidswap.h" |
#include "uidswap.h" |
| |
|
| /* |
/* |
|
|
| /* Lets assume that posix saved ids also work with seteuid, even though that |
/* Lets assume that posix saved ids also work with seteuid, even though that |
| is not part of the posix specification. */ |
is not part of the posix specification. */ |
| #define SAVED_IDS_WORK_WITH_SETEUID |
#define SAVED_IDS_WORK_WITH_SETEUID |
| |
#endif /* _POSIX_SAVED_IDS */ |
| |
|
| /* Saved effective uid. */ |
/* Saved effective uid. */ |
| static uid_t saved_euid = 0; |
static uid_t saved_euid = 0; |
| #endif /* _POSIX_SAVED_IDS */ |
|
| |
|
| /* |
/* |
| * Temporarily changes to the given uid. If the effective user |
* Temporarily changes to the given uid. If the effective user |
|
|
| |
|
| /* Set the effective uid to the given (unprivileged) uid. */ |
/* Set the effective uid to the given (unprivileged) uid. */ |
| if (seteuid(uid) == -1) |
if (seteuid(uid) == -1) |
| debug("seteuid %u: %.100s", (u_int) uid, strerror(errno)); |
debug("seteuid %d: %.100s", (int) uid, strerror(errno)); |
| #else /* SAVED_IDS_WORK_WITH_SETEUID */ |
#else /* SAVED_IDS_WORK_WITH_SETUID */ |
| /* Propagate the privileged uid to all of our uids. */ |
/* Propagate the privileged uid to all of our uids. */ |
| if (setuid(geteuid()) < 0) |
if (setuid(geteuid()) < 0) |
| debug("setuid %u: %.100s", (u_int) geteuid(), strerror(errno)); |
debug("setuid %d: %.100s", (int) geteuid(), strerror(errno)); |
| |
|
| /* Set the effective uid to the given (unprivileged) uid. */ |
/* Set the effective uid to the given (unprivileged) uid. */ |
| if (seteuid(uid) == -1) |
if (seteuid(uid) == -1) |
| debug("seteuid %u: %.100s", (u_int) uid, strerror(errno)); |
debug("seteuid %d: %.100s", (int) uid, strerror(errno)); |
| #endif /* SAVED_IDS_WORK_WITH_SETEUID */ |
#endif /* SAVED_IDS_WORK_WITH_SETEUID */ |
| } |
} |
| |
|
|
|
| * Restores to the original uid. |
* Restores to the original uid. |
| */ |
*/ |
| void |
void |
| restore_uid(void) |
restore_uid() |
| { |
{ |
| #ifdef SAVED_IDS_WORK_WITH_SETEUID |
#ifdef SAVED_IDS_WORK_WITH_SETEUID |
| /* Set the effective uid back to the saved uid. */ |
/* Set the effective uid back to the saved uid. */ |
| if (seteuid(saved_euid) < 0) |
if (seteuid(saved_euid) < 0) |
| debug("seteuid %u: %.100s", (u_int) saved_euid, strerror(errno)); |
debug("seteuid %d: %.100s", (int) saved_euid, strerror(errno)); |
| #else /* SAVED_IDS_WORK_WITH_SETEUID */ |
#else /* SAVED_IDS_WORK_WITH_SETEUID */ |
| /* |
/* |
| * We are unable to restore the real uid to its unprivileged value. |
* We are unable to restore the real uid to its unprivileged value. |
|
|
| permanently_set_uid(uid_t uid) |
permanently_set_uid(uid_t uid) |
| { |
{ |
| if (setuid(uid) < 0) |
if (setuid(uid) < 0) |
| debug("setuid %u: %.100s", (u_int) uid, strerror(errno)); |
debug("setuid %d: %.100s", (int) uid, strerror(errno)); |
| } |
} |
![[BACK]](/icons/back.gif){kind=icon}
Return to uidswap.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh