Return to uidswap.c CVS log

Up to [local] / src / usr.bin / ssh

Annotation of src/usr.bin/ssh/uidswap.c, Revision 1.27

1.27    ! djm         1: /* $OpenBSD: uidswap.c,v 1.26 2006/03/25 13:17:03 djm Exp $ */
1.1       deraadt     2: /*
1.4       deraadt     3:  * Author: Tatu Ylonen <ylo@cs.hut.fi>
                      4:  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
                      5:  *                    All rights reserved
                      6:  * Code for uid-swapping.
1.9       deraadt     7:  *
                      8:  * As far as I am concerned, the code I have written for this software
                      9:  * can be used freely for any purpose.  Any derived versions of this
                     10:  * software must be clearly marked as such, and if the derived work is
                     11:  * incompatible with the protocol description in the RFC file, it must be
                     12:  * called by a name other than "ssh" or "Secure Shell".
1.4       deraadt    13:  */
1.1       deraadt    14:
                     15: #include "includes.h"
                     16:
1.13      markus     17: #include "log.h"
1.1       deraadt    18: #include "uidswap.h"
                     19:
1.4       deraadt    20: /*
                     21:  * Note: all these functions must work in all of the following cases:
                     22:  *    1. euid=0, ruid=0
                     23:  *    2. euid=0, ruid!=0
                     24:  *    3. euid!=0, ruid!=0
                     25:  * Additionally, they must work regardless of whether the system has
                     26:  * POSIX saved uids or not.
                     27:  */
1.1       deraadt    28:
                     29: /* Lets assume that posix saved ids also work with seteuid, even though that
                     30:    is not part of the posix specification. */
1.14      markus     31:
1.1       deraadt    32: /* Saved effective uid. */
1.14      markus     33: static int     privileged = 0;
                     34: static int     temporarily_use_uid_effective = 0;
                     35: static uid_t   saved_euid = 0;
                     36: static gid_t   saved_egid;
                     37: static gid_t   saved_egroups[NGROUPS_MAX], user_groups[NGROUPS_MAX];
                     38: static int     saved_egroupslen = -1, user_groupslen = -1;
1.1       deraadt    39:
1.4       deraadt    40: /*
                     41:  * Temporarily changes to the given uid.  If the effective user
                     42:  * id is not root, this does nothing.  This call cannot be nested.
                     43:  */
1.6       markus     44: void
1.14      markus     45: temporarily_use_uid(struct passwd *pw)
1.1       deraadt    46: {
1.14      markus     47:        /* Save the current euid, and egroups. */
1.3       markus     48:        saved_euid = geteuid();
1.23      stevesk    49:        saved_egid = getegid();
                     50:        debug("temporarily_use_uid: %u/%u (e=%u/%u)",
                     51:            (u_int)pw->pw_uid, (u_int)pw->pw_gid,
                     52:            (u_int)saved_euid, (u_int)saved_egid);
1.14      markus     53:        if (saved_euid != 0) {
                     54:                privileged = 0;
                     55:                return;
                     56:        }
                     57:        privileged = 1;
                     58:        temporarily_use_uid_effective = 1;
1.19      deraadt    59:        saved_egroupslen = getgroups(NGROUPS_MAX, saved_egroups);
1.14      markus     60:        if (saved_egroupslen < 0)
                     61:                fatal("getgroups: %.100s", strerror(errno));
                     62:
                     63:        /* set and save the user's groups */
                     64:        if (user_groupslen == -1) {
                     65:                if (initgroups(pw->pw_name, pw->pw_gid) < 0)
                     66:                        fatal("initgroups: %s: %.100s", pw->pw_name,
                     67:                            strerror(errno));
1.19      deraadt    68:                user_groupslen = getgroups(NGROUPS_MAX, user_groups);
1.14      markus     69:                if (user_groupslen < 0)
                     70:                        fatal("getgroups: %.100s", strerror(errno));
                     71:        }
1.3       markus     72:        /* Set the effective uid to the given (unprivileged) uid. */
1.15      markus     73:        if (setgroups(user_groupslen, user_groups) < 0)
1.14      markus     74:                fatal("setgroups: %.100s", strerror(errno));
1.15      markus     75:        if (setegid(pw->pw_gid) < 0)
1.21      stevesk    76:                fatal("setegid %u: %.100s", (u_int)pw->pw_gid,
1.14      markus     77:                    strerror(errno));
                     78:        if (seteuid(pw->pw_uid) == -1)
1.21      stevesk    79:                fatal("seteuid %u: %.100s", (u_int)pw->pw_uid,
1.14      markus     80:                    strerror(errno));
1.1       deraadt    81: }
                     82:
1.4       deraadt    83: /*
1.16      markus     84:  * Restores to the original (privileged) uid.
1.4       deraadt    85:  */
1.6       markus     86: void
1.11      markus     87: restore_uid(void)
1.1       deraadt    88: {
1.14      markus     89:        /* it's a no-op unless privileged */
1.23      stevesk    90:        if (!privileged) {
                     91:                debug("restore_uid: (unprivileged)");
1.14      markus     92:                return;
1.23      stevesk    93:        }
1.14      markus     94:        if (!temporarily_use_uid_effective)
                     95:                fatal("restore_uid: temporarily_use_uid not effective");
1.23      stevesk    96:        debug("restore_uid: %u/%u", (u_int)saved_euid, (u_int)saved_egid);
1.16      markus     97:        /* Set the effective uid back to the saved privileged uid. */
1.3       markus     98:        if (seteuid(saved_euid) < 0)
1.21      stevesk    99:                fatal("seteuid %u: %.100s", (u_int)saved_euid, strerror(errno));
1.15      markus    100:        if (setgroups(saved_egroupslen, saved_egroups) < 0)
1.14      markus    101:                fatal("setgroups: %.100s", strerror(errno));
1.15      markus    102:        if (setegid(saved_egid) < 0)
1.21      stevesk   103:                fatal("setegid %u: %.100s", (u_int)saved_egid, strerror(errno));
1.14      markus    104:        temporarily_use_uid_effective = 0;
1.1       deraadt   105: }
                    106:
1.4       deraadt   107: /*
                    108:  * Permanently sets all uids to the given uid.  This cannot be
                    109:  * called while temporarily_use_uid is effective.
                    110:  */
1.6       markus    111: void
1.14      markus    112: permanently_set_uid(struct passwd *pw)
1.1       deraadt   113: {
1.14      markus    114:        if (temporarily_use_uid_effective)
1.22      stevesk   115:                fatal("permanently_set_uid: temporarily_use_uid effective");
1.23      stevesk   116:        debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid,
                    117:            (u_int)pw->pw_gid);
1.27    ! djm       118:        if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0)
        !           119:                fatal("setresgid %u: %s", (u_int)pw->pw_gid, strerror(errno));
        !           120:        if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) != 0)
        !           121:                fatal("setresuid %u: %s", (u_int)pw->pw_uid, strerror(errno));
1.1       deraadt   122: }