version 1.4, 2002/01/17 01:03:21 |
version 1.5, 2002/01/23 23:03:24 |
|
|
#include "sudo.h" |
#include "sudo.h" |
|
|
#ifndef lint |
#ifndef lint |
static const char rcsid[] = "$Sudo: set_perms.c,v 1.11 2002/01/16 21:27:09 millert Exp $"; |
static const char rcsid[] = "$Sudo: set_perms.c,v 1.12 2002/01/22 02:00:25 millert Exp $"; |
#endif /* lint */ |
#endif /* lint */ |
|
|
/* |
/* |
* Prototypes |
* Prototypes |
*/ |
*/ |
static void runas_setup __P((void)); |
static void runas_setup __P((void)); |
static void fatal __P((char *)); |
static void fatal __P((char *, int)); |
|
|
#if !defined(NO_SAVED_IDS) && defined(_SC_SAVED_IDS) && defined(_SC_VERSION) |
#if !defined(NO_SAVED_IDS) && defined(_SC_SAVED_IDS) && defined(_SC_VERSION) |
/* |
/* |
|
|
switch (perm) { |
switch (perm) { |
case PERM_ROOT: |
case PERM_ROOT: |
if (seteuid(0)) |
if (seteuid(0)) |
fatal("seteuid(0)"); |
fatal("seteuid(0) failed, your operating system may have broken POSIX saved ID support\nTry running configure with --disable-saved-ids", 0); |
break; |
break; |
|
|
case PERM_FULL_ROOT: |
case PERM_FULL_ROOT: |
/* headed for exec() */ |
/* headed for exec() */ |
(void) seteuid(0); |
(void) seteuid(0); |
if (setuid(0)) |
if (setuid(0)) |
fatal("setuid(0)"); |
fatal("setuid(0)", 1); |
break; |
break; |
|
|
case PERM_USER: |
case PERM_USER: |
(void) setegid(user_gid); |
(void) setegid(user_gid); |
if (seteuid(user_uid)) |
if (seteuid(user_uid)) |
fatal("seteuid(user_uid)"); |
fatal("seteuid(user_uid)", 1); |
break; |
break; |
|
|
case PERM_FULL_USER: |
case PERM_FULL_USER: |
/* headed for exec() */ |
/* headed for exec() */ |
(void) setgid(user_gid); |
(void) setgid(user_gid); |
if (setuid(user_uid)) |
if (setuid(user_uid)) |
fatal("setuid(user_uid)"); |
fatal("setuid(user_uid)", 1); |
break; |
break; |
|
|
case PERM_RUNAS: |
case PERM_RUNAS: |
|
|
else |
else |
error = setuid(runas_pw->pw_uid); |
error = setuid(runas_pw->pw_uid); |
if (error) |
if (error) |
fatal("unable to change to runas uid"); |
fatal("unable to change to runas uid", 1); |
break; |
break; |
|
|
case PERM_SUDOERS: |
case PERM_SUDOERS: |
/* assume euid == 0, ruid == user */ |
/* assume euid == 0, ruid == user */ |
if (setegid(SUDOERS_GID)) |
if (setegid(SUDOERS_GID)) |
fatal("unable to change to sudoers gid"); |
fatal("unable to change to sudoers gid", 1); |
|
|
/* |
/* |
* If SUDOERS_UID == 0 and SUDOERS_MODE |
* If SUDOERS_UID == 0 and SUDOERS_MODE |
|
|
*/ |
*/ |
if (SUDOERS_UID == 0) { |
if (SUDOERS_UID == 0) { |
if ((SUDOERS_MODE & 040) && seteuid(1)) |
if ((SUDOERS_MODE & 040) && seteuid(1)) |
fatal("seteuid(1)"); |
fatal("seteuid(1)", 1); |
} else { |
} else { |
if (seteuid(SUDOERS_UID)) |
if (seteuid(SUDOERS_UID)) |
fatal("seteuid(SUDOERS_UID)"); |
fatal("seteuid(SUDOERS_UID)", 1); |
} |
} |
break; |
break; |
} |
} |
|
|
case PERM_FULL_ROOT: |
case PERM_FULL_ROOT: |
case PERM_ROOT: |
case PERM_ROOT: |
if (setuid(0)) |
if (setuid(0)) |
fatal("setuid(0)"); |
fatal("setuid(0) failed, your operating system may have broken POSIX saved ID support\nTry running configure with --disable-setreuid", 0); |
break; |
break; |
|
|
case PERM_USER: |
case PERM_USER: |
(void) setegid(user_gid); |
(void) setegid(user_gid); |
if (setreuid(0, user_uid)) |
if (setreuid(0, user_uid)) |
fatal("setreuid(0, user_uid)"); |
fatal("setreuid(0, user_uid)", 1); |
break; |
break; |
|
|
case PERM_FULL_USER: |
case PERM_FULL_USER: |
/* headed for exec() */ |
/* headed for exec() */ |
(void) setgid(user_gid); |
(void) setgid(user_gid); |
if (setuid(user_uid)) |
if (setuid(user_uid)) |
fatal("setuid(user_uid)"); |
fatal("setuid(user_uid)", 1); |
break; |
break; |
|
|
case PERM_RUNAS: |
case PERM_RUNAS: |
|
|
else |
else |
error = setuid(runas_pw->pw_uid); |
error = setuid(runas_pw->pw_uid); |
if (error) |
if (error) |
fatal("unable to change to runas uid"); |
fatal("unable to change to runas uid", 1); |
break; |
break; |
|
|
case PERM_SUDOERS: |
case PERM_SUDOERS: |
/* assume euid == 0, ruid == user */ |
/* assume euid == 0, ruid == user */ |
if (setegid(SUDOERS_GID)) |
if (setegid(SUDOERS_GID)) |
fatal("unable to change to sudoers gid"); |
fatal("unable to change to sudoers gid", 1); |
|
|
/* |
/* |
* If SUDOERS_UID == 0 and SUDOERS_MODE |
* If SUDOERS_UID == 0 and SUDOERS_MODE |
|
|
*/ |
*/ |
if (SUDOERS_UID == 0) { |
if (SUDOERS_UID == 0) { |
if ((SUDOERS_MODE & 040) && setreuid(0, 1)) |
if ((SUDOERS_MODE & 040) && setreuid(0, 1)) |
fatal("setreuid(0, 1)"); |
fatal("setreuid(0, 1)", 1); |
} else { |
} else { |
if (setreuid(0, SUDOERS_UID)) |
if (setreuid(0, SUDOERS_UID)) |
fatal("setreuid(0, SUDOERS_UID)"); |
fatal("setreuid(0, SUDOERS_UID)", 1); |
} |
} |
break; |
break; |
} |
} |
|
|
* real and effective uidss to 0 initially. |
* real and effective uidss to 0 initially. |
*/ |
*/ |
if (setuid(0)) |
if (setuid(0)) |
fatal("setuid(0)"); |
fatal("setuid(0)", 1); |
|
|
switch (perm) { |
switch (perm) { |
case PERM_USER: |
case PERM_USER: |
(void) setegid(user_gid); |
(void) setegid(user_gid); |
if (seteuid(user_uid)) |
if (seteuid(user_uid)) |
fatal("seteuid(user_uid)"); |
fatal("seteuid(user_uid)", 1); |
break; |
break; |
|
|
case PERM_FULL_USER: |
case PERM_FULL_USER: |
/* headed for exec() */ |
/* headed for exec() */ |
(void) setgid(user_gid); |
(void) setgid(user_gid); |
if (setuid(user_uid)) |
if (setuid(user_uid)) |
fatal("setuid(user_uid)"); |
fatal("setuid(user_uid)", 1); |
break; |
break; |
|
|
case PERM_RUNAS: |
case PERM_RUNAS: |
/* headed for exec(), assume euid == 0 */ |
/* headed for exec(), assume euid == 0 */ |
runas_setup(); |
runas_setup(); |
if (setuid(runas_pw->pw_uid)) |
if (setuid(runas_pw->pw_uid)) |
fatal("unable to change to runas uid"); |
fatal("unable to change to runas uid", 1); |
break; |
break; |
|
|
case PERM_SUDOERS: |
case PERM_SUDOERS: |
/* assume euid == 0, ruid == user */ |
/* assume euid == 0, ruid == user */ |
if (setegid(SUDOERS_GID)) |
if (setegid(SUDOERS_GID)) |
fatal("unable to change to sudoers gid"); |
fatal("unable to change to sudoers gid", 1); |
|
|
/* |
/* |
* If SUDOERS_UID == 0 and SUDOERS_MODE |
* If SUDOERS_UID == 0 and SUDOERS_MODE |
|
|
*/ |
*/ |
if (SUDOERS_UID == 0) { |
if (SUDOERS_UID == 0) { |
if ((SUDOERS_MODE & 040) && seteuid(1)) |
if ((SUDOERS_MODE & 040) && seteuid(1)) |
fatal("seteuid(1)"); |
fatal("seteuid(1)", 1); |
} else { |
} else { |
if (seteuid(SUDOERS_UID)) |
if (seteuid(SUDOERS_UID)) |
fatal("seteuid(SUDOERS_UID)"); |
fatal("seteuid(SUDOERS_UID)", 1); |
} |
} |
break; |
break; |
} |
} |
|
|
} |
} |
|
|
static void |
static void |
fatal(str) |
fatal(str, printerr) |
char *str; |
char *str; |
{ |
{ |
|
|
if (str) |
if (str) { |
perror(str); |
if (printerr) |
|
perror(str); |
|
else { |
|
fputs(str, stderr); |
|
fputc('\n', stderr); |
|
} |
|
} |
exit(1); |
exit(1); |
} |
} |