| version 1.4, 2002/01/17 01:03:21 |
version 1.5, 2002/01/23 23:03:24 |
|
|
| #include "sudo.h" |
#include "sudo.h" |
| |
|
| #ifndef lint |
#ifndef lint |
| static const char rcsid[] = "$Sudo: set_perms.c,v 1.11 2002/01/16 21:27:09 millert Exp $"; |
static const char rcsid[] = "$Sudo: set_perms.c,v 1.12 2002/01/22 02:00:25 millert Exp $"; |
| #endif /* lint */ |
#endif /* lint */ |
| |
|
| /* |
/* |
| * Prototypes |
* Prototypes |
| */ |
*/ |
| static void runas_setup __P((void)); |
static void runas_setup __P((void)); |
| static void fatal __P((char *)); |
static void fatal __P((char *, int)); |
| |
|
| #if !defined(NO_SAVED_IDS) && defined(_SC_SAVED_IDS) && defined(_SC_VERSION) |
#if !defined(NO_SAVED_IDS) && defined(_SC_SAVED_IDS) && defined(_SC_VERSION) |
| /* |
/* |
|
|
| switch (perm) { |
switch (perm) { |
| case PERM_ROOT: |
case PERM_ROOT: |
| if (seteuid(0)) |
if (seteuid(0)) |
| fatal("seteuid(0)"); |
fatal("seteuid(0) failed, your operating system may have broken POSIX saved ID support\nTry running configure with --disable-saved-ids", 0); |
| break; |
break; |
| |
|
| case PERM_FULL_ROOT: |
case PERM_FULL_ROOT: |
| /* headed for exec() */ |
/* headed for exec() */ |
| (void) seteuid(0); |
(void) seteuid(0); |
| if (setuid(0)) |
if (setuid(0)) |
| fatal("setuid(0)"); |
fatal("setuid(0)", 1); |
| break; |
break; |
| |
|
| case PERM_USER: |
case PERM_USER: |
| (void) setegid(user_gid); |
(void) setegid(user_gid); |
| if (seteuid(user_uid)) |
if (seteuid(user_uid)) |
| fatal("seteuid(user_uid)"); |
fatal("seteuid(user_uid)", 1); |
| break; |
break; |
| |
|
| case PERM_FULL_USER: |
case PERM_FULL_USER: |
| /* headed for exec() */ |
/* headed for exec() */ |
| (void) setgid(user_gid); |
(void) setgid(user_gid); |
| if (setuid(user_uid)) |
if (setuid(user_uid)) |
| fatal("setuid(user_uid)"); |
fatal("setuid(user_uid)", 1); |
| break; |
break; |
| |
|
| case PERM_RUNAS: |
case PERM_RUNAS: |
|
|
| else |
else |
| error = setuid(runas_pw->pw_uid); |
error = setuid(runas_pw->pw_uid); |
| if (error) |
if (error) |
| fatal("unable to change to runas uid"); |
fatal("unable to change to runas uid", 1); |
| break; |
break; |
| |
|
| case PERM_SUDOERS: |
case PERM_SUDOERS: |
| /* assume euid == 0, ruid == user */ |
/* assume euid == 0, ruid == user */ |
| if (setegid(SUDOERS_GID)) |
if (setegid(SUDOERS_GID)) |
| fatal("unable to change to sudoers gid"); |
fatal("unable to change to sudoers gid", 1); |
| |
|
| /* |
/* |
| * If SUDOERS_UID == 0 and SUDOERS_MODE |
* If SUDOERS_UID == 0 and SUDOERS_MODE |
|
|
| */ |
*/ |
| if (SUDOERS_UID == 0) { |
if (SUDOERS_UID == 0) { |
| if ((SUDOERS_MODE & 040) && seteuid(1)) |
if ((SUDOERS_MODE & 040) && seteuid(1)) |
| fatal("seteuid(1)"); |
fatal("seteuid(1)", 1); |
| } else { |
} else { |
| if (seteuid(SUDOERS_UID)) |
if (seteuid(SUDOERS_UID)) |
| fatal("seteuid(SUDOERS_UID)"); |
fatal("seteuid(SUDOERS_UID)", 1); |
| } |
} |
| break; |
break; |
| } |
} |
|
|
| case PERM_FULL_ROOT: |
case PERM_FULL_ROOT: |
| case PERM_ROOT: |
case PERM_ROOT: |
| if (setuid(0)) |
if (setuid(0)) |
| fatal("setuid(0)"); |
fatal("setuid(0) failed, your operating system may have broken POSIX saved ID support\nTry running configure with --disable-setreuid", 0); |
| break; |
break; |
| |
|
| case PERM_USER: |
case PERM_USER: |
| (void) setegid(user_gid); |
(void) setegid(user_gid); |
| if (setreuid(0, user_uid)) |
if (setreuid(0, user_uid)) |
| fatal("setreuid(0, user_uid)"); |
fatal("setreuid(0, user_uid)", 1); |
| break; |
break; |
| |
|
| case PERM_FULL_USER: |
case PERM_FULL_USER: |
| /* headed for exec() */ |
/* headed for exec() */ |
| (void) setgid(user_gid); |
(void) setgid(user_gid); |
| if (setuid(user_uid)) |
if (setuid(user_uid)) |
| fatal("setuid(user_uid)"); |
fatal("setuid(user_uid)", 1); |
| break; |
break; |
| |
|
| case PERM_RUNAS: |
case PERM_RUNAS: |
|
|
| else |
else |
| error = setuid(runas_pw->pw_uid); |
error = setuid(runas_pw->pw_uid); |
| if (error) |
if (error) |
| fatal("unable to change to runas uid"); |
fatal("unable to change to runas uid", 1); |
| break; |
break; |
| |
|
| case PERM_SUDOERS: |
case PERM_SUDOERS: |
| /* assume euid == 0, ruid == user */ |
/* assume euid == 0, ruid == user */ |
| if (setegid(SUDOERS_GID)) |
if (setegid(SUDOERS_GID)) |
| fatal("unable to change to sudoers gid"); |
fatal("unable to change to sudoers gid", 1); |
| |
|
| /* |
/* |
| * If SUDOERS_UID == 0 and SUDOERS_MODE |
* If SUDOERS_UID == 0 and SUDOERS_MODE |
|
|
| */ |
*/ |
| if (SUDOERS_UID == 0) { |
if (SUDOERS_UID == 0) { |
| if ((SUDOERS_MODE & 040) && setreuid(0, 1)) |
if ((SUDOERS_MODE & 040) && setreuid(0, 1)) |
| fatal("setreuid(0, 1)"); |
fatal("setreuid(0, 1)", 1); |
| } else { |
} else { |
| if (setreuid(0, SUDOERS_UID)) |
if (setreuid(0, SUDOERS_UID)) |
| fatal("setreuid(0, SUDOERS_UID)"); |
fatal("setreuid(0, SUDOERS_UID)", 1); |
| } |
} |
| break; |
break; |
| } |
} |
|
|
| * real and effective uidss to 0 initially. |
* real and effective uidss to 0 initially. |
| */ |
*/ |
| if (setuid(0)) |
if (setuid(0)) |
| fatal("setuid(0)"); |
fatal("setuid(0)", 1); |
| |
|
| switch (perm) { |
switch (perm) { |
| case PERM_USER: |
case PERM_USER: |
| (void) setegid(user_gid); |
(void) setegid(user_gid); |
| if (seteuid(user_uid)) |
if (seteuid(user_uid)) |
| fatal("seteuid(user_uid)"); |
fatal("seteuid(user_uid)", 1); |
| break; |
break; |
| |
|
| case PERM_FULL_USER: |
case PERM_FULL_USER: |
| /* headed for exec() */ |
/* headed for exec() */ |
| (void) setgid(user_gid); |
(void) setgid(user_gid); |
| if (setuid(user_uid)) |
if (setuid(user_uid)) |
| fatal("setuid(user_uid)"); |
fatal("setuid(user_uid)", 1); |
| break; |
break; |
| |
|
| case PERM_RUNAS: |
case PERM_RUNAS: |
| /* headed for exec(), assume euid == 0 */ |
/* headed for exec(), assume euid == 0 */ |
| runas_setup(); |
runas_setup(); |
| if (setuid(runas_pw->pw_uid)) |
if (setuid(runas_pw->pw_uid)) |
| fatal("unable to change to runas uid"); |
fatal("unable to change to runas uid", 1); |
| break; |
break; |
| |
|
| case PERM_SUDOERS: |
case PERM_SUDOERS: |
| /* assume euid == 0, ruid == user */ |
/* assume euid == 0, ruid == user */ |
| if (setegid(SUDOERS_GID)) |
if (setegid(SUDOERS_GID)) |
| fatal("unable to change to sudoers gid"); |
fatal("unable to change to sudoers gid", 1); |
| |
|
| /* |
/* |
| * If SUDOERS_UID == 0 and SUDOERS_MODE |
* If SUDOERS_UID == 0 and SUDOERS_MODE |
|
|
| */ |
*/ |
| if (SUDOERS_UID == 0) { |
if (SUDOERS_UID == 0) { |
| if ((SUDOERS_MODE & 040) && seteuid(1)) |
if ((SUDOERS_MODE & 040) && seteuid(1)) |
| fatal("seteuid(1)"); |
fatal("seteuid(1)", 1); |
| } else { |
} else { |
| if (seteuid(SUDOERS_UID)) |
if (seteuid(SUDOERS_UID)) |
| fatal("seteuid(SUDOERS_UID)"); |
fatal("seteuid(SUDOERS_UID)", 1); |
| } |
} |
| break; |
break; |
| } |
} |
|
|
| } |
} |
| |
|
| static void |
static void |
| fatal(str) |
fatal(str, printerr) |
| char *str; |
char *str; |
| { |
{ |
| |
|
| if (str) |
if (str) { |
| perror(str); |
if (printerr) |
| |
perror(str); |
| |
else { |
| |
fputs(str, stderr); |
| |
fputc('\n', stderr); |
| |
} |
| |
} |
| exit(1); |
exit(1); |
| } |
} |
![[BACK]](/icons/back.gif){kind=icon}
Return to set_perms.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / sudo