Blame - uidswap.c - platform/external/openssh

blob: 3786e276fdb23f527a3307b610aac57f50974226 [file] [log] [blame]

Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	1	/*
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	2	* Author: Tatu Ylonen <ylo@cs.hut.fi>
				3	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
				4	* All rights reserved
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	5	* Code for uid-swapping.
Damien Miller	e4340be	2000-09-16 13:29:08 +1100	[diff] [blame]	6	*
				7	* As far as I am concerned, the code I have written for this software
				8	* can be used freely for any purpose. Any derived versions of this
				9	* software must be clearly marked as such, and if the derived work is
				10	* incompatible with the protocol description in the RFC file, it must be
				11	* called by a name other than "ssh" or "Secure Shell".
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	12	*/
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	13
				14	#include "includes.h"
Ben Lindstrom	f52373f	2001-04-08 18:38:04 +0000	[diff] [blame^]	15	RCSID("$OpenBSD: uidswap.c,v 1.15 2001/04/08 11:24:33 markus Exp $");
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	16
Ben Lindstrom	226cfa0	2001-01-22 05:34:40 +0000	[diff] [blame]	17	#include "log.h"
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	18	#include "uidswap.h"
				19
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	20	/*
				21	* Note: all these functions must work in all of the following cases:
				22	* 1. euid=0, ruid=0
				23	* 2. euid=0, ruid!=0
				24	* 3. euid!=0, ruid!=0
				25	* Additionally, they must work regardless of whether the system has
				26	* POSIX saved uids or not.
				27	*/
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	28
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	29	/* Lets assume that posix saved ids also work with seteuid, even though that
				30	is not part of the posix specification. */
Ben Lindstrom	3fcf1a2	2001-04-08 18:26:59 +0000	[diff] [blame]	31
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	32	/* Saved effective uid. */
Ben Lindstrom	3fcf1a2	2001-04-08 18:26:59 +0000	[diff] [blame]	33	static int privileged = 0;
				34	static int temporarily_use_uid_effective = 0;
				35	static uid_t saved_euid = 0;
				36	static gid_t saved_egid;
				37	static gid_t saved_egroups[NGROUPS_MAX], user_groups[NGROUPS_MAX];
				38	static int saved_egroupslen = -1, user_groupslen = -1;
				39
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	40	/*
				41	* Temporarily changes to the given uid. If the effective user
				42	* id is not root, this does nothing. This call cannot be nested.
				43	*/
Damien Miller	4af5130	2000-04-16 11:18:38 +1000	[diff] [blame]	44	void
Ben Lindstrom	3fcf1a2	2001-04-08 18:26:59 +0000	[diff] [blame]	45	temporarily_use_uid(struct passwd *pw)
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	46	{
Ben Lindstrom	3fcf1a2	2001-04-08 18:26:59 +0000	[diff] [blame]	47	/* Save the current euid, and egroups. */
				48	saved_euid = geteuid();
				49	debug("temporarily_use_uid: %d/%d (e=%d)",
				50	pw->pw_uid, pw->pw_gid, saved_euid);
				51	if (saved_euid != 0) {
				52	privileged = 0;
				53	return;
				54	}
				55	privileged = 1;
				56	temporarily_use_uid_effective = 1;
Ben Lindstrom	f52373f	2001-04-08 18:38:04 +0000	[diff] [blame^]	57	saved_egid = getegid();
				58	saved_egroupslen = getgroups(NGROUPS_MAX, saved_egroups);
Ben Lindstrom	3fcf1a2	2001-04-08 18:26:59 +0000	[diff] [blame]	59	if (saved_egroupslen < 0)
				60	fatal("getgroups: %.100s", strerror(errno));
				61
				62	/* set and save the user's groups */
				63	if (user_groupslen == -1) {
				64	if (initgroups(pw->pw_name, pw->pw_gid) < 0)
				65	fatal("initgroups: %s: %.100s", pw->pw_name,
				66	strerror(errno));
				67	user_groupslen = getgroups(NGROUPS_MAX, user_groups);
				68	if (user_groupslen < 0)
				69	fatal("getgroups: %.100s", strerror(errno));
				70	}
				71	/* Set the effective uid to the given (unprivileged) uid. */
Ben Lindstrom	f52373f	2001-04-08 18:38:04 +0000	[diff] [blame^]	72	if (setgroups(user_groupslen, user_groups) < 0)
Ben Lindstrom	3fcf1a2	2001-04-08 18:26:59 +0000	[diff] [blame]	73	fatal("setgroups: %.100s", strerror(errno));
Ben Lindstrom	f52373f	2001-04-08 18:38:04 +0000	[diff] [blame^]	74	pw->pw_gid = pw->pw_gid;
				75	if (setegid(pw->pw_gid) < 0)
Ben Lindstrom	3fcf1a2	2001-04-08 18:26:59 +0000	[diff] [blame]	76	fatal("setegid %u: %.100s", (u_int) pw->pw_gid,
				77	strerror(errno));
				78	if (seteuid(pw->pw_uid) == -1)
				79	fatal("seteuid %u: %.100s", (u_int) pw->pw_uid,
				80	strerror(errno));
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	81	}
Ben Lindstrom	3fcf1a2	2001-04-08 18:26:59 +0000	[diff] [blame]	82
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	83	/*
				84	* Restores to the original uid.
				85	*/
Damien Miller	4af5130	2000-04-16 11:18:38 +1000	[diff] [blame]	86	void
Ben Lindstrom	46c1622	2000-12-22 01:43:59 +0000	[diff] [blame]	87	restore_uid(void)
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	88	{
Ben Lindstrom	3fcf1a2	2001-04-08 18:26:59 +0000	[diff] [blame]	89	debug("restore_uid");
				90	/* it's a no-op unless privileged */
				91	if (!privileged)
				92	return;
				93	if (!temporarily_use_uid_effective)
				94	fatal("restore_uid: temporarily_use_uid not effective");
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	95	/* Set the effective uid back to the saved uid. */
				96	if (seteuid(saved_euid) < 0)
Ben Lindstrom	3fcf1a2	2001-04-08 18:26:59 +0000	[diff] [blame]	97	fatal("seteuid %u: %.100s", (u_int) saved_euid, strerror(errno));
Ben Lindstrom	f52373f	2001-04-08 18:38:04 +0000	[diff] [blame^]	98	if (setgroups(saved_egroupslen, saved_egroups) < 0)
Ben Lindstrom	3fcf1a2	2001-04-08 18:26:59 +0000	[diff] [blame]	99	fatal("setgroups: %.100s", strerror(errno));
Ben Lindstrom	f52373f	2001-04-08 18:38:04 +0000	[diff] [blame^]	100	if (setegid(saved_egid) < 0)
Ben Lindstrom	3fcf1a2	2001-04-08 18:26:59 +0000	[diff] [blame]	101	fatal("setegid %u: %.100s", (u_int) saved_egid, strerror(errno));
				102	temporarily_use_uid_effective = 0;
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	103	}
				104
Damien Miller	95def09	1999-11-25 00:26:21 +1100	[diff] [blame]	105	/*
				106	* Permanently sets all uids to the given uid. This cannot be
				107	* called while temporarily_use_uid is effective.
				108	*/
Damien Miller	4af5130	2000-04-16 11:18:38 +1000	[diff] [blame]	109	void
Ben Lindstrom	3fcf1a2	2001-04-08 18:26:59 +0000	[diff] [blame]	110	permanently_set_uid(struct passwd *pw)
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	111	{
Ben Lindstrom	3fcf1a2	2001-04-08 18:26:59 +0000	[diff] [blame]	112	if (temporarily_use_uid_effective)
				113	fatal("restore_uid: temporarily_use_uid effective");
				114	if (setuid(pw->pw_uid) < 0)
				115	fatal("setuid %u: %.100s", (u_int) pw->pw_uid, strerror(errno));
				116	if (setgid(pw->pw_gid) < 0)
				117	fatal("setgid %u: %.100s", (u_int) pw->pw_gid, strerror(errno));
Damien Miller	d4a8b7e	1999-10-27 13:42:43 +1000	[diff] [blame]	118	}