blob: bdfa484fc2ef75caf358a23ea278ad32d3cabaf8 [file] [log] [blame]
Damien Millerd4a8b7e1999-10-27 13:42:43 +10001/*
Damien Miller95def091999-11-25 00:26:21 +11002 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved
Damien Miller95def091999-11-25 00:26:21 +11005 * Code for uid-swapping.
Damien Millere4340be2000-09-16 13:29:08 +11006 *
7 * As far as I am concerned, the code I have written for this software
8 * can be used freely for any purpose. Any derived versions of this
9 * software must be clearly marked as such, and if the derived work is
10 * incompatible with the protocol description in the RFC file, it must be
11 * called by a name other than "ssh" or "Secure Shell".
Damien Miller95def091999-11-25 00:26:21 +110012 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +100013
14#include "includes.h"
Ben Lindstrom226cfa02001-01-22 05:34:40 +000015RCSID("$OpenBSD: uidswap.c,v 1.13 2001/01/21 19:06:01 markus Exp $");
Damien Millerd4a8b7e1999-10-27 13:42:43 +100016
Ben Lindstrom226cfa02001-01-22 05:34:40 +000017#include "log.h"
Damien Millerd4a8b7e1999-10-27 13:42:43 +100018#include "uidswap.h"
19
Damien Miller95def091999-11-25 00:26:21 +110020/*
21 * Note: all these functions must work in all of the following cases:
22 * 1. euid=0, ruid=0
23 * 2. euid=0, ruid!=0
24 * 3. euid!=0, ruid!=0
25 * Additionally, they must work regardless of whether the system has
26 * POSIX saved uids or not.
27 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +100028
Damien Millerfbd884a2001-02-27 08:39:07 +110029#if defined(_POSIX_SAVED_IDS) && !defined(BROKEN_SAVED_UIDS)
Damien Millerd4a8b7e1999-10-27 13:42:43 +100030/* Lets assume that posix saved ids also work with seteuid, even though that
31 is not part of the posix specification. */
32#define SAVED_IDS_WORK_WITH_SETEUID
Damien Millerd4a8b7e1999-10-27 13:42:43 +100033/* Saved effective uid. */
34static uid_t saved_euid = 0;
Damien Millerfbd884a2001-02-27 08:39:07 +110035#endif
Damien Milleree1c0b32000-01-21 00:18:15 +110036
Damien Miller95def091999-11-25 00:26:21 +110037/*
38 * Temporarily changes to the given uid. If the effective user
39 * id is not root, this does nothing. This call cannot be nested.
40 */
Damien Miller4af51302000-04-16 11:18:38 +100041void
Damien Miller95def091999-11-25 00:26:21 +110042temporarily_use_uid(uid_t uid)
Damien Millerd4a8b7e1999-10-27 13:42:43 +100043{
44#ifdef SAVED_IDS_WORK_WITH_SETEUID
Damien Miller95def091999-11-25 00:26:21 +110045 /* Save the current euid. */
46 saved_euid = geteuid();
Damien Millerd4a8b7e1999-10-27 13:42:43 +100047
Damien Miller95def091999-11-25 00:26:21 +110048 /* Set the effective uid to the given (unprivileged) uid. */
49 if (seteuid(uid) == -1)
Damien Millercaf6dd62000-08-29 11:33:50 +110050 debug("seteuid %u: %.100s", (u_int) uid, strerror(errno));
Kevin Stevesa074feb2000-12-21 22:33:45 +000051#else /* SAVED_IDS_WORK_WITH_SETEUID */
Damien Miller95def091999-11-25 00:26:21 +110052 /* Propagate the privileged uid to all of our uids. */
53 if (setuid(geteuid()) < 0)
Damien Millercaf6dd62000-08-29 11:33:50 +110054 debug("setuid %u: %.100s", (u_int) geteuid(), strerror(errno));
Damien Millerd4a8b7e1999-10-27 13:42:43 +100055
Damien Miller95def091999-11-25 00:26:21 +110056 /* Set the effective uid to the given (unprivileged) uid. */
57 if (seteuid(uid) == -1)
Damien Millercaf6dd62000-08-29 11:33:50 +110058 debug("seteuid %u: %.100s", (u_int) uid, strerror(errno));
Damien Millerd4a8b7e1999-10-27 13:42:43 +100059#endif /* SAVED_IDS_WORK_WITH_SETEUID */
Damien Millerd4a8b7e1999-10-27 13:42:43 +100060}
61
Damien Miller95def091999-11-25 00:26:21 +110062/*
63 * Restores to the original uid.
64 */
Damien Miller4af51302000-04-16 11:18:38 +100065void
Ben Lindstrom46c16222000-12-22 01:43:59 +000066restore_uid(void)
Damien Millerd4a8b7e1999-10-27 13:42:43 +100067{
68#ifdef SAVED_IDS_WORK_WITH_SETEUID
Damien Miller95def091999-11-25 00:26:21 +110069 /* Set the effective uid back to the saved uid. */
70 if (seteuid(saved_euid) < 0)
Damien Millercaf6dd62000-08-29 11:33:50 +110071 debug("seteuid %u: %.100s", (u_int) saved_euid, strerror(errno));
Damien Millerd4a8b7e1999-10-27 13:42:43 +100072#else /* SAVED_IDS_WORK_WITH_SETEUID */
Damien Miller5428f641999-11-25 11:54:57 +110073 /*
74 * We are unable to restore the real uid to its unprivileged value.
75 * Propagate the real uid (usually more privileged) to effective uid
76 * as well.
77 */
Damien Miller95def091999-11-25 00:26:21 +110078 setuid(getuid());
Damien Millerd4a8b7e1999-10-27 13:42:43 +100079#endif /* SAVED_IDS_WORK_WITH_SETEUID */
80}
81
Damien Miller95def091999-11-25 00:26:21 +110082/*
83 * Permanently sets all uids to the given uid. This cannot be
84 * called while temporarily_use_uid is effective.
85 */
Damien Miller4af51302000-04-16 11:18:38 +100086void
Damien Miller95def091999-11-25 00:26:21 +110087permanently_set_uid(uid_t uid)
Damien Millerd4a8b7e1999-10-27 13:42:43 +100088{
Damien Miller95def091999-11-25 00:26:21 +110089 if (setuid(uid) < 0)
Damien Millercaf6dd62000-08-29 11:33:50 +110090 debug("setuid %u: %.100s", (u_int) uid, strerror(errno));
Damien Millerd4a8b7e1999-10-27 13:42:43 +100091}