blob: 48026b9b4efca53750f36a2c2a0103484dc435b2 [file] [log] [blame]
Damien Millerd4a8b7e1999-10-27 13:42:43 +10001/*
Damien Miller95def091999-11-25 00:26:21 +11002 * Author: Tatu Ylonen <ylo@cs.hut.fi>
3 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 * All rights reserved
Damien Miller95def091999-11-25 00:26:21 +11005 * Code for uid-swapping.
Damien Millere4340be2000-09-16 13:29:08 +11006 *
7 * As far as I am concerned, the code I have written for this software
8 * can be used freely for any purpose. Any derived versions of this
9 * software must be clearly marked as such, and if the derived work is
10 * incompatible with the protocol description in the RFC file, it must be
11 * called by a name other than "ssh" or "Secure Shell".
Damien Miller95def091999-11-25 00:26:21 +110012 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +100013
14#include "includes.h"
Damien Millere4340be2000-09-16 13:29:08 +110015RCSID("$OpenBSD: uidswap.c,v 1.9 2000/09/07 20:27:55 deraadt Exp $");
Damien Millerd4a8b7e1999-10-27 13:42:43 +100016
17#include "ssh.h"
18#include "uidswap.h"
Damien Miller91606b12000-06-28 08:22:29 +100019#ifdef WITH_IRIX_AUDIT
20#include <sat.h>
21#endif /* WITH_IRIX_AUDIT */
Damien Millerd4a8b7e1999-10-27 13:42:43 +100022
Damien Miller95def091999-11-25 00:26:21 +110023/*
24 * Note: all these functions must work in all of the following cases:
25 * 1. euid=0, ruid=0
26 * 2. euid=0, ruid!=0
27 * 3. euid!=0, ruid!=0
28 * Additionally, they must work regardless of whether the system has
29 * POSIX saved uids or not.
30 */
Damien Millerd4a8b7e1999-10-27 13:42:43 +100031
32#ifdef _POSIX_SAVED_IDS
33/* Lets assume that posix saved ids also work with seteuid, even though that
34 is not part of the posix specification. */
35#define SAVED_IDS_WORK_WITH_SETEUID
Damien Millerd4a8b7e1999-10-27 13:42:43 +100036
37/* Saved effective uid. */
38static uid_t saved_euid = 0;
39
Damien Milleree1c0b32000-01-21 00:18:15 +110040#endif /* _POSIX_SAVED_IDS */
41
Damien Miller95def091999-11-25 00:26:21 +110042/*
43 * Temporarily changes to the given uid. If the effective user
44 * id is not root, this does nothing. This call cannot be nested.
45 */
Damien Miller4af51302000-04-16 11:18:38 +100046void
Damien Miller95def091999-11-25 00:26:21 +110047temporarily_use_uid(uid_t uid)
Damien Millerd4a8b7e1999-10-27 13:42:43 +100048{
49#ifdef SAVED_IDS_WORK_WITH_SETEUID
Damien Miller95def091999-11-25 00:26:21 +110050 /* Save the current euid. */
51 saved_euid = geteuid();
Damien Millerd4a8b7e1999-10-27 13:42:43 +100052
Damien Miller95def091999-11-25 00:26:21 +110053 /* Set the effective uid to the given (unprivileged) uid. */
54 if (seteuid(uid) == -1)
Damien Millercaf6dd62000-08-29 11:33:50 +110055 debug("seteuid %u: %.100s", (u_int) uid, strerror(errno));
Damien Millerd4a8b7e1999-10-27 13:42:43 +100056#else /* SAVED_IDS_WORK_WITH_SETUID */
Damien Miller95def091999-11-25 00:26:21 +110057 /* Propagate the privileged uid to all of our uids. */
58 if (setuid(geteuid()) < 0)
Damien Millercaf6dd62000-08-29 11:33:50 +110059 debug("setuid %u: %.100s", (u_int) geteuid(), strerror(errno));
Damien Millerd4a8b7e1999-10-27 13:42:43 +100060
Damien Miller95def091999-11-25 00:26:21 +110061 /* Set the effective uid to the given (unprivileged) uid. */
62 if (seteuid(uid) == -1)
Damien Millercaf6dd62000-08-29 11:33:50 +110063 debug("seteuid %u: %.100s", (u_int) uid, strerror(errno));
Damien Millerd4a8b7e1999-10-27 13:42:43 +100064#endif /* SAVED_IDS_WORK_WITH_SETEUID */
Damien Millerd4a8b7e1999-10-27 13:42:43 +100065}
66
Damien Miller95def091999-11-25 00:26:21 +110067/*
68 * Restores to the original uid.
69 */
Damien Miller4af51302000-04-16 11:18:38 +100070void
Damien Miller95def091999-11-25 00:26:21 +110071restore_uid()
Damien Millerd4a8b7e1999-10-27 13:42:43 +100072{
73#ifdef SAVED_IDS_WORK_WITH_SETEUID
Damien Miller95def091999-11-25 00:26:21 +110074 /* Set the effective uid back to the saved uid. */
75 if (seteuid(saved_euid) < 0)
Damien Millercaf6dd62000-08-29 11:33:50 +110076 debug("seteuid %u: %.100s", (u_int) saved_euid, strerror(errno));
Damien Millerd4a8b7e1999-10-27 13:42:43 +100077#else /* SAVED_IDS_WORK_WITH_SETEUID */
Damien Miller5428f641999-11-25 11:54:57 +110078 /*
79 * We are unable to restore the real uid to its unprivileged value.
80 * Propagate the real uid (usually more privileged) to effective uid
81 * as well.
82 */
Damien Miller95def091999-11-25 00:26:21 +110083 setuid(getuid());
Damien Millerd4a8b7e1999-10-27 13:42:43 +100084#endif /* SAVED_IDS_WORK_WITH_SETEUID */
85}
86
Damien Miller95def091999-11-25 00:26:21 +110087/*
88 * Permanently sets all uids to the given uid. This cannot be
89 * called while temporarily_use_uid is effective.
90 */
Damien Miller4af51302000-04-16 11:18:38 +100091void
Damien Miller95def091999-11-25 00:26:21 +110092permanently_set_uid(uid_t uid)
Damien Millerd4a8b7e1999-10-27 13:42:43 +100093{
Damien Miller91606b12000-06-28 08:22:29 +100094#ifdef WITH_IRIX_AUDIT
95 if (sysconf(_SC_AUDIT)) {
96 debug("Setting sat id to %d", (int) uid);
97 if (satsetid(uid))
Damien Millerc83aa832000-08-15 10:08:00 +100098 debug("error setting satid: %.100s", strerror(errno));
Damien Miller91606b12000-06-28 08:22:29 +100099 }
100#endif /* WITH_IRIX_AUDIT */
101
Damien Miller95def091999-11-25 00:26:21 +1100102 if (setuid(uid) < 0)
Damien Millercaf6dd62000-08-29 11:33:50 +1100103 debug("setuid %u: %.100s", (u_int) uid, strerror(errno));
Damien Millerd4a8b7e1999-10-27 13:42:43 +1000104}