Annotation of src/usr.bin/ssh/uidswap.c, Revision 1.9.2.4
1.1 deraadt 1: /*
1.4 deraadt 2: * Author: Tatu Ylonen <ylo@cs.hut.fi>
3: * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4: * All rights reserved
5: * Code for uid-swapping.
1.9 deraadt 6: *
7: * As far as I am concerned, the code I have written for this software
8: * can be used freely for any purpose. Any derived versions of this
9: * software must be clearly marked as such, and if the derived work is
10: * incompatible with the protocol description in the RFC file, it must be
11: * called by a name other than "ssh" or "Secure Shell".
1.4 deraadt 12: */
1.1 deraadt 13:
14: #include "includes.h"
1.9.2.4 ! jason 15: RCSID("$OpenBSD: uidswap.c,v 1.16 2001/04/20 16:32:22 markus Exp $");
1.1 deraadt 16:
1.9.2.1 jason 17: #include "log.h"
1.1 deraadt 18: #include "uidswap.h"
19:
1.4 deraadt 20: /*
21: * Note: all these functions must work in all of the following cases:
22: * 1. euid=0, ruid=0
23: * 2. euid=0, ruid!=0
24: * 3. euid!=0, ruid!=0
25: * Additionally, they must work regardless of whether the system has
26: * POSIX saved uids or not.
27: */
1.1 deraadt 28:
29: /* Lets assume that posix saved ids also work with seteuid, even though that
30: is not part of the posix specification. */
1.9.2.4 ! jason 31:
1.1 deraadt 32: /* Saved effective uid. */
1.9.2.4 ! jason 33: static int privileged = 0;
! 34: static int temporarily_use_uid_effective = 0;
! 35: static uid_t saved_euid = 0;
! 36: static gid_t saved_egid;
! 37: static gid_t saved_egroups[NGROUPS_MAX], user_groups[NGROUPS_MAX];
! 38: static int saved_egroupslen = -1, user_groupslen = -1;
1.1 deraadt 39:
1.4 deraadt 40: /*
41: * Temporarily changes to the given uid. If the effective user
42: * id is not root, this does nothing. This call cannot be nested.
43: */
1.6 markus 44: void
1.9.2.4 ! jason 45: temporarily_use_uid(struct passwd *pw)
1.1 deraadt 46: {
1.9.2.4 ! jason 47: /* Save the current euid, and egroups. */
1.3 markus 48: saved_euid = geteuid();
1.9.2.4 ! jason 49: debug("temporarily_use_uid: %d/%d (e=%d)",
! 50: pw->pw_uid, pw->pw_gid, saved_euid);
! 51: if (saved_euid != 0) {
! 52: privileged = 0;
! 53: return;
! 54: }
! 55: privileged = 1;
! 56: temporarily_use_uid_effective = 1;
! 57: saved_egid = getegid();
! 58: saved_egroupslen = getgroups(NGROUPS_MAX, saved_egroups);
! 59: if (saved_egroupslen < 0)
! 60: fatal("getgroups: %.100s", strerror(errno));
! 61:
! 62: /* set and save the user's groups */
! 63: if (user_groupslen == -1) {
! 64: if (initgroups(pw->pw_name, pw->pw_gid) < 0)
! 65: fatal("initgroups: %s: %.100s", pw->pw_name,
! 66: strerror(errno));
! 67: user_groupslen = getgroups(NGROUPS_MAX, user_groups);
! 68: if (user_groupslen < 0)
! 69: fatal("getgroups: %.100s", strerror(errno));
! 70: }
1.3 markus 71: /* Set the effective uid to the given (unprivileged) uid. */
1.9.2.4 ! jason 72: if (setgroups(user_groupslen, user_groups) < 0)
! 73: fatal("setgroups: %.100s", strerror(errno));
! 74: pw->pw_gid = pw->pw_gid;
! 75: if (setegid(pw->pw_gid) < 0)
! 76: fatal("setegid %u: %.100s", (u_int) pw->pw_gid,
! 77: strerror(errno));
! 78: if (seteuid(pw->pw_uid) == -1)
! 79: fatal("seteuid %u: %.100s", (u_int) pw->pw_uid,
! 80: strerror(errno));
1.1 deraadt 81: }
82:
1.4 deraadt 83: /*
1.9.2.4 ! jason 84: * Restores to the original (privileged) uid.
1.4 deraadt 85: */
1.6 markus 86: void
1.9.2.1 jason 87: restore_uid(void)
1.1 deraadt 88: {
1.9.2.4 ! jason 89: debug("restore_uid");
! 90: /* it's a no-op unless privileged */
! 91: if (!privileged)
! 92: return;
! 93: if (!temporarily_use_uid_effective)
! 94: fatal("restore_uid: temporarily_use_uid not effective");
! 95: /* Set the effective uid back to the saved privileged uid. */
1.3 markus 96: if (seteuid(saved_euid) < 0)
1.9.2.4 ! jason 97: fatal("seteuid %u: %.100s", (u_int) saved_euid, strerror(errno));
! 98: if (setgroups(saved_egroupslen, saved_egroups) < 0)
! 99: fatal("setgroups: %.100s", strerror(errno));
! 100: if (setegid(saved_egid) < 0)
! 101: fatal("setegid %u: %.100s", (u_int) saved_egid, strerror(errno));
! 102: temporarily_use_uid_effective = 0;
1.1 deraadt 103: }
104:
1.4 deraadt 105: /*
106: * Permanently sets all uids to the given uid. This cannot be
107: * called while temporarily_use_uid is effective.
108: */
1.6 markus 109: void
1.9.2.4 ! jason 110: permanently_set_uid(struct passwd *pw)
1.1 deraadt 111: {
1.9.2.4 ! jason 112: if (temporarily_use_uid_effective)
! 113: fatal("restore_uid: temporarily_use_uid effective");
! 114: if (setgid(pw->pw_gid) < 0)
! 115: fatal("setgid %u: %.100s", (u_int) pw->pw_gid, strerror(errno));
! 116: if (setuid(pw->pw_uid) < 0)
! 117: fatal("setuid %u: %.100s", (u_int) pw->pw_uid, strerror(errno));
1.1 deraadt 118: }