Annotation of src/usr.bin/ssh/uidswap.c, Revision 1.6.2.4
1.1 deraadt 1: /*
1.4 deraadt 2: * Author: Tatu Ylonen <ylo@cs.hut.fi>
3: * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4: * All rights reserved
5: * Code for uid-swapping.
1.6.2.2 jason 6: *
7: * As far as I am concerned, the code I have written for this software
8: * can be used freely for any purpose. Any derived versions of this
9: * software must be clearly marked as such, and if the derived work is
10: * incompatible with the protocol description in the RFC file, it must be
11: * called by a name other than "ssh" or "Secure Shell".
1.4 deraadt 12: */
1.1 deraadt 13:
14: #include "includes.h"
1.6.2.3 jason 15: RCSID("$OpenBSD: uidswap.c,v 1.13 2001/01/21 19:06:01 markus Exp $");
1.1 deraadt 16:
1.6.2.3 jason 17: #include "log.h"
1.1 deraadt 18: #include "uidswap.h"
19:
1.4 deraadt 20: /*
21: * Note: all these functions must work in all of the following cases:
22: * 1. euid=0, ruid=0
23: * 2. euid=0, ruid!=0
24: * 3. euid!=0, ruid!=0
25: * Additionally, they must work regardless of whether the system has
26: * POSIX saved uids or not.
27: */
1.1 deraadt 28:
29: #ifdef _POSIX_SAVED_IDS
30: /* Lets assume that posix saved ids also work with seteuid, even though that
31: is not part of the posix specification. */
32: #define SAVED_IDS_WORK_WITH_SETEUID
33: /* Saved effective uid. */
34: static uid_t saved_euid = 0;
1.6.2.3 jason 35: #endif /* _POSIX_SAVED_IDS */
1.1 deraadt 36:
1.4 deraadt 37: /*
38: * Temporarily changes to the given uid. If the effective user
39: * id is not root, this does nothing. This call cannot be nested.
40: */
1.6 markus 41: void
1.3 markus 42: temporarily_use_uid(uid_t uid)
1.1 deraadt 43: {
44: #ifdef SAVED_IDS_WORK_WITH_SETEUID
1.3 markus 45: /* Save the current euid. */
46: saved_euid = geteuid();
1.1 deraadt 47:
1.3 markus 48: /* Set the effective uid to the given (unprivileged) uid. */
49: if (seteuid(uid) == -1)
1.6.2.1 jason 50: debug("seteuid %u: %.100s", (u_int) uid, strerror(errno));
1.6.2.3 jason 51: #else /* SAVED_IDS_WORK_WITH_SETEUID */
1.3 markus 52: /* Propagate the privileged uid to all of our uids. */
53: if (setuid(geteuid()) < 0)
1.6.2.1 jason 54: debug("setuid %u: %.100s", (u_int) geteuid(), strerror(errno));
1.3 markus 55:
56: /* Set the effective uid to the given (unprivileged) uid. */
57: if (seteuid(uid) == -1)
1.6.2.1 jason 58: debug("seteuid %u: %.100s", (u_int) uid, strerror(errno));
1.1 deraadt 59: #endif /* SAVED_IDS_WORK_WITH_SETEUID */
60: }
61:
1.4 deraadt 62: /*
63: * Restores to the original uid.
64: */
1.6 markus 65: void
1.6.2.3 jason 66: restore_uid(void)
1.1 deraadt 67: {
68: #ifdef SAVED_IDS_WORK_WITH_SETEUID
1.3 markus 69: /* Set the effective uid back to the saved uid. */
70: if (seteuid(saved_euid) < 0)
1.6.2.1 jason 71: debug("seteuid %u: %.100s", (u_int) saved_euid, strerror(errno));
1.1 deraadt 72: #else /* SAVED_IDS_WORK_WITH_SETEUID */
1.5 markus 73: /*
74: * We are unable to restore the real uid to its unprivileged value.
75: * Propagate the real uid (usually more privileged) to effective uid
76: * as well.
77: */
1.3 markus 78: setuid(getuid());
1.1 deraadt 79: #endif /* SAVED_IDS_WORK_WITH_SETEUID */
80: }
81:
1.4 deraadt 82: /*
83: * Permanently sets all uids to the given uid. This cannot be
84: * called while temporarily_use_uid is effective.
85: */
1.6 markus 86: void
1.3 markus 87: permanently_set_uid(uid_t uid)
1.1 deraadt 88: {
1.3 markus 89: if (setuid(uid) < 0)
1.6.2.1 jason 90: debug("setuid %u: %.100s", (u_int) uid, strerror(errno));
1.1 deraadt 91: }