=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/sudo/Attic/set_perms.c,v retrieving revision 1.13 retrieving revision 1.14 diff -c -r1.13 -r1.14 *** src/usr.bin/sudo/Attic/set_perms.c 2008/11/14 11:58:08 1.13 --- src/usr.bin/sudo/Attic/set_perms.c 2009/06/21 14:48:42 1.14 *************** *** 1,5 **** /* ! * Copyright (c) 1994-1996,1998-2008 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above --- 1,5 ---- /* ! * Copyright (c) 1994-1996,1998-2009 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above *************** *** 52,58 **** #include "sudo.h" #ifndef lint ! __unused static const char rcsid[] = "$Sudo: set_perms.c,v 1.44 2008/03/06 17:19:56 millert Exp $"; #endif /* lint */ #ifdef __TANDEM --- 52,58 ---- #include "sudo.h" #ifndef lint ! __unused static const char rcsid[] = "$Sudo: set_perms.c,v 1.48 2009/05/25 12:02:41 millert Exp $"; #endif /* lint */ #ifdef __TANDEM *************** *** 77,90 **** * We only flip the effective gid since it only changes for PERM_SUDOERS. * This version of set_perms() works fine with the "stay_setuid" option. */ ! void set_perms(perm) int perm; { const char *errstr; if (perm == current_perm) ! return; switch (perm) { case PERM_ROOT: --- 77,94 ---- * We only flip the effective gid since it only changes for PERM_SUDOERS. * This version of set_perms() works fine with the "stay_setuid" option. */ ! int set_perms(perm) int perm; { const char *errstr; + int noexit; + noexit = ISSET(perm, PERM_NOEXIT); + CLR(perm, PERM_MASK); + if (perm == current_perm) ! return(1); switch (perm) { case PERM_ROOT: *************** *** 169,178 **** } current_perm = perm; ! return; bad: ! errorx(1, "%s: %s", errstr, errno == EAGAIN ? "too many processes" : strerror(errno)); } #else --- 173,185 ---- } current_perm = perm; ! return(1); bad: ! warningx("%s: %s", errstr, errno == EAGAIN ? "too many processes" : strerror(errno)); + if (noexit) + return(0); + exit(1); } #else *************** *** 184,197 **** * we are headed for an exec(). * This version of set_perms() works fine with the "stay_setuid" option. */ ! void set_perms(perm) int perm; { const char *errstr; if (perm == current_perm) ! return; switch (perm) { case PERM_ROOT: --- 191,208 ---- * we are headed for an exec(). * This version of set_perms() works fine with the "stay_setuid" option. */ ! int set_perms(perm) int perm; { const char *errstr; + int noexit; + noexit = ISSET(perm, PERM_NOEXIT); + CLR(perm, PERM_MASK); + if (perm == current_perm) ! return(1); switch (perm) { case PERM_ROOT: *************** *** 279,288 **** } current_perm = perm; ! return; bad: ! errorx(1, "%s: %s", errstr, errno == EAGAIN ? "too many processes" : strerror(errno)); } # else /* !HAVE_SETRESUID && !HAVE_SETREUID */ --- 290,302 ---- } current_perm = perm; ! return(1); bad: ! warningx("%s: %s", errstr, errno == EAGAIN ? "too many processes" : strerror(errno)); + if (noexit) + return(0); + exit(1); } # else /* !HAVE_SETRESUID && !HAVE_SETREUID */ *************** *** 292,305 **** * Set real and effective uids and gids based on perm. * NOTE: does not support the "stay_setuid" option. */ ! void set_perms(perm) int perm; { const char *errstr; if (perm == current_perm) ! return; /* * Since we only have setuid() and seteuid() and semantics --- 306,323 ---- * Set real and effective uids and gids based on perm. * NOTE: does not support the "stay_setuid" option. */ ! int set_perms(perm) int perm; { const char *errstr; + int noexit; + noexit = ISSET(perm, PERM_NOEXIT); + CLR(perm, PERM_MASK); + if (perm == current_perm) ! return(1); /* * Since we only have setuid() and seteuid() and semantics *************** *** 391,400 **** } current_perm = perm; ! return; bad: ! errorx(1, "%s: %s", errstr, errno == EAGAIN ? "too many processes" : strerror(errno)); } # else /* !HAVE_SETRESUID && !HAVE_SETREUID && !HAVE_SETEUID */ --- 409,421 ---- } current_perm = perm; ! return(1); bad: ! warningx("%s: %s", errstr, errno == EAGAIN ? "too many processes" : strerror(errno)); + if (noexit) + return(0); + exit(1); } # else /* !HAVE_SETRESUID && !HAVE_SETREUID && !HAVE_SETEUID */ *************** *** 404,417 **** * NOTE: does not support the "stay_setuid" or timestampowner options. * Also, SUDOERS_UID and SUDOERS_GID are not used. */ ! void set_perms(perm) int perm; { const char *errstr; if (perm == current_perm) ! return; switch (perm) { case PERM_ROOT: --- 425,442 ---- * NOTE: does not support the "stay_setuid" or timestampowner options. * Also, SUDOERS_UID and SUDOERS_GID are not used. */ ! int set_perms(perm) int perm; { const char *errstr; + int noexit; + noexit = ISSET(perm, PERM_NOEXIT); + CLR(perm, PERM_MASK); + if (perm == current_perm) ! return(1); switch (perm) { case PERM_ROOT: *************** *** 448,457 **** } current_perm = perm; ! return; bad: ! errorx(1, "%s: %s", errstr, errno == EAGAIN ? "too many processes" : strerror(errno)); } # endif /* HAVE_SETEUID */ # endif /* HAVE_SETREUID */ --- 473,485 ---- } current_perm = perm; ! return(1); bad: ! warningx("%s: %s", errstr, errno == EAGAIN ? "too many processes" : strerror(errno)); + if (noexit) + return(0); + exit(1); } # endif /* HAVE_SETEUID */ # endif /* HAVE_SETREUID */ *************** *** 462,468 **** --- 490,498 ---- runas_setgroups() { static int ngroups = -1; + #ifdef HAVE_GETGROUPS static GETGROUPS_T *groups; + #endif struct passwd *pw; if (def_preserve_groups) *************** *** 475,488 **** pw = runas_pw ? runas_pw : sudo_user.pw; if (initgroups(pw->pw_name, pw->pw_gid) < 0) log_error(USE_ERRNO|MSG_ONLY, "can't set runas group vector"); ! if ((ngroups = getgroups(0, NULL)) < 0) ! log_error(USE_ERRNO|MSG_ONLY, "can't get runas ngroups"); ! groups = emalloc2(ngroups, sizeof(GETGROUPS_T)); ! if (getgroups(ngroups, groups) < 0) ! log_error(USE_ERRNO|MSG_ONLY, "can't get runas group vector"); } else { if (setgroups(ngroups, groups) < 0) log_error(USE_ERRNO|MSG_ONLY, "can't set runas group vector"); } } --- 505,520 ---- pw = runas_pw ? runas_pw : sudo_user.pw; if (initgroups(pw->pw_name, pw->pw_gid) < 0) log_error(USE_ERRNO|MSG_ONLY, "can't set runas group vector"); ! #ifdef HAVE_GETGROUPS ! if ((ngroups = getgroups(0, NULL)) > 0) { ! groups = emalloc2(ngroups, sizeof(GETGROUPS_T)); ! if (getgroups(ngroups, groups) < 0) ! log_error(USE_ERRNO|MSG_ONLY, "can't get runas group vector"); ! } } else { if (setgroups(ngroups, groups) < 0) log_error(USE_ERRNO|MSG_ONLY, "can't set runas group vector"); + #endif /* HAVE_GETGROUPS */ } } *************** *** 530,542 **** #ifdef HAVE_LOGIN_CAP_H if (def_use_loginclass) { /* ! * We only use setusercontext() set the nice value and rlimits. */ flags = LOGIN_SETRESOURCES|LOGIN_SETPRIORITY; - if (!def_preserve_groups) - SET(flags, LOGIN_SETGROUP); - else if (setgid(gid)) - warning("cannot set gid to runas gid"); if (setusercontext(lc, runas_pw, runas_pw->pw_uid, flags)) { if (runas_pw->pw_uid != ROOT_UID) error(1, "unable to set user context"); --- 562,570 ---- #ifdef HAVE_LOGIN_CAP_H if (def_use_loginclass) { /* ! * We only use setusercontext() to set the nice value and rlimits. */ flags = LOGIN_SETRESOURCES|LOGIN_SETPRIORITY; if (setusercontext(lc, runas_pw, runas_pw->pw_uid, flags)) { if (runas_pw->pw_uid != ROOT_UID) error(1, "unable to set user context"); *************** *** 545,555 **** } } #endif /* HAVE_LOGIN_CAP_H */ - if (setgid(gid)) - warning("cannot set gid to runas gid"); /* * Initialize group vector */ runas_setgroups(); } } --- 573,583 ---- } } #endif /* HAVE_LOGIN_CAP_H */ /* * Initialize group vector */ runas_setgroups(); + if (setegid(gid) || setgid(gid)) + warning("cannot set gid to runas gid"); } }