- (dtucker) [uidswap.c openbsd-compat/Makefile.in

   openbsd-compat/bsd-setres_id.c openbsd-compat/bsd-setres_id.h
   openbsd-compat/openbsd-compat.h]  Move the fallback code for setting uids
   and gids from uidswap.c to the compat library, which allows it to work with
   the new setresuid calls in auth2-pubkey.  with tim@, ok djm@

6 files changed, 134 insertions, 37 deletions

diff --git a/ChangeLog b/ChangeLog
index 85c92eb7f..8cc7c8e7b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+20121105
+ - (dtucker) [uidswap.c openbsd-compat/Makefile.in
+   openbsd-compat/bsd-setres_id.c openbsd-compat/bsd-setres_id.h
+   openbsd-compat/openbsd-compat.h]  Move the fallback code for setting uids
+   and gids from uidswap.c to the compat library, which allows it to work with
+   the new setresuid calls in auth2-pubkey.  with tim@, ok djm@
+
 20121104
  - (djm) OpenBSD CVS Sync
    - jmc@cvs.openbsd.org 2012/10/31 08:04:50
diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in
index 196a81d13..992b9743b 100644
--- a/openbsd-compat/Makefile.in
+++ b/openbsd-compat/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.48 2011/11/04 00:25:25 dtucker Exp $
+# $Id: Makefile.in,v 1.49 2012/11/05 06:04:37 dtucker Exp $
 
 sysconfdir=@sysconfdir@
 piddir=@piddir@
@@ -18,7 +18,7 @@ LDFLAGS=-L. @LDFLAGS@
 
 OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o timingsafe_bcmp.o vis.o
 
-COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
+COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
 
 PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o
 
diff --git a/openbsd-compat/bsd-setres_id.c b/openbsd-compat/bsd-setres_id.c
new file mode 100644
index 000000000..020b214b8
--- /dev/null
+++ b/openbsd-compat/bsd-setres_id.c
@@ -0,0 +1,99 @@
+/* $Id: bsd-setres_id.c,v 1.1 2012/11/05 06:04:37 dtucker Exp $ */
+
+/*
+ * Copyright (c) 2012 Darren Tucker (dtucker at zip com au).
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+
+#include <stdarg.h>
+#include <unistd.h>
+
+#include "log.h"
+
+#if !defined(HAVE_SETRESGID) || defined(BROKEN_SETRESGID)
+int
+setresgid(gid_t rgid, gid_t egid, gid_t sgid)
+{
+        int ret = 0, saved_errno;
+
+        if (rgid != sgid) {
+                errno = ENOSYS;
+                return -1;
+        }
+#if defined(HAVE_SETREGID) && !defined(BROKEN_SETREGID)
+        if (setregid(rgid, egid) < 0) {
+                saved_errno = errno;
+                error("setregid %u: %.100s", rgid, strerror(errno));
+                errno = saved_errno;
+                ret = -1;
+        }
+#else
+        if (setegid(egid) < 0) {
+                saved_errno = errno;
+                error("setegid %u: %.100s", (u_int)egid, strerror(errno));
+                errno = saved_errno;
+                ret = -1;
+        }
+        if (setgid(rgid) < 0) {
+                saved_errno = errno;
+                error("setgid %u: %.100s", rgid, strerror(errno));
+                errno = saved_errno;
+                ret = -1;
+        }
+#endif
+        return ret;
+}
+#endif
+
+#if !defined(HAVE_SETRESUID) || defined(BROKEN_SETRESUID)
+int
+setresuid(uid_t ruid, uid_t euid, uid_t suid)
+{
+        int ret = 0, saved_errno;
+
+        if (ruid != suid) {
+                errno = ENOSYS;
+                return -1;
+        }
+#if defined(HAVE_SETREUID) && !defined(BROKEN_SETREUID)
+        if (setreuid(ruid, euid) < 0) {
+                saved_errno = errno;
+                error("setreuid %u: %.100s", ruid, strerror(errno));
+                errno = saved_errno;
+                ret = -1;
+        }
+#else
+
+# ifndef SETEUID_BREAKS_SETUID
+        if (seteuid(euid) < 0) {
+                saved_errno = errno;
+                error("seteuid %u: %.100s", euid, strerror(errno));
+                errno = saved_errno;
+                ret = -1;
+        }
+# endif
+        if (setuid(ruid) < 0) {
+                saved_errno = errno;
+                error("setuid %u: %.100s", ruid, strerror(errno));
+                errno = saved_errno;
+                ret = -1;
+        }
+#endif
+        return ret;
+}
+#endif
diff --git a/openbsd-compat/bsd-setres_id.h b/openbsd-compat/bsd-setres_id.h
new file mode 100644
index 000000000..6c269e0b9
--- /dev/null
+++ b/openbsd-compat/bsd-setres_id.h
@@ -0,0 +1,24 @@
+/* $Id: bsd-setres_id.h,v 1.1 2012/11/05 06:04:37 dtucker Exp $ */
+
+/*
+ * Copyright (c) 2012 Darren Tucker (dtucker at zip com au).
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef HAVE_SETRESGID
+int     setresgid(gid_t, gid_t, gid_t);
+#endif
+#ifndef HAVE_SETRESUID
+int     setresuid(uid_t, uid_t, uid_t);
+#endif
diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h
index 807acf626..664cb0445 100644
--- a/openbsd-compat/openbsd-compat.h
+++ b/openbsd-compat/openbsd-compat.h
@@ -1,4 +1,4 @@
-/* $Id: openbsd-compat.h,v 1.52 2011/09/23 01:16:11 djm Exp $ */
+/* $Id: openbsd-compat.h,v 1.53 2012/11/05 06:04:38 dtucker Exp $ */
 
 /*
  * Copyright (c) 1999-2003 Damien Miller.  All rights reserved.
@@ -149,6 +149,7 @@ int writev(int, struct iovec *, int);
 
 /* Home grown routines */
 #include "bsd-misc.h"
+#include "bsd-setres_id.h"
 #include "bsd-statvfs.h"
 #include "bsd-waitpid.h"
 #include "bsd-poll.h"
diff --git a/uidswap.c b/uidswap.c
index 837648396..cdd7309e3 100644
--- a/uidswap.c
+++ b/uidswap.c
@@ -138,20 +138,8 @@ permanently_drop_suid(uid_t uid)
         uid_t old_uid = getuid();
 
         debug("permanently_drop_suid: %u", (u_int)uid);
-#if defined(HAVE_SETRESUID) && !defined(BROKEN_SETRESUID)
         if (setresuid(uid, uid, uid) < 0)
                 fatal("setresuid %u: %.100s", (u_int)uid, strerror(errno));
-#elif defined(HAVE_SETREUID) && !defined(BROKEN_SETREUID)
-        if (setreuid(uid, uid) < 0)
-                fatal("setreuid %u: %.100s", (u_int)uid, strerror(errno));
-#else
-# ifndef SETEUID_BREAKS_SETUID
-        if (seteuid(uid) < 0)
-                fatal("seteuid %u: %.100s", (u_int)uid, strerror(errno));
-# endif
-        if (setuid(uid) < 0)
-                fatal("setuid %u: %.100s", (u_int)uid, strerror(errno));
-#endif
 
 #ifndef HAVE_CYGWIN
         /* Try restoration of UID if changed (test clearing of saved uid) */
@@ -220,18 +208,8 @@ permanently_set_uid(struct passwd *pw)
         debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid,
             (u_int)pw->pw_gid);
 
-#if defined(HAVE_SETRESGID) && !defined(BROKEN_SETRESGID)
         if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0)
                 fatal("setresgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
-#elif defined(HAVE_SETREGID) && !defined(BROKEN_SETREGID)
-        if (setregid(pw->pw_gid, pw->pw_gid) < 0)
-                fatal("setregid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
-#else
-        if (setegid(pw->pw_gid) < 0)
-                fatal("setegid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
-        if (setgid(pw->pw_gid) < 0)
-                fatal("setgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
-#endif
 
 #ifdef __APPLE__
         /*
@@ -243,20 +221,8 @@ permanently_set_uid(struct passwd *pw)
                     pw->pw_name, (u_int)pw->pw_gid, strerror(errno));
 #endif
 
-#if defined(HAVE_SETRESUID) && !defined(BROKEN_SETRESUID)
         if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0)
                 fatal("setresuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno));
-#elif defined(HAVE_SETREUID) && !defined(BROKEN_SETREUID)
-        if (setreuid(pw->pw_uid, pw->pw_uid) < 0)
-                fatal("setreuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno));
-#else
-# ifndef SETEUID_BREAKS_SETUID
-        if (seteuid(pw->pw_uid) < 0)
-                fatal("seteuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno));
-# endif
-        if (setuid(pw->pw_uid) < 0)
-                fatal("setuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno));
-#endif
 
 #ifndef HAVE_CYGWIN
         /* Try restoration of GID if changed (test clearing of saved gid) */