diff options
author | Damien Miller <djm@mindrot.org> | 1999-11-25 00:26:21 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 1999-11-25 00:26:21 +1100 |
commit | 95def09838fc61b37b6ea7cd5c234a465b4b129b (patch) | |
tree | 042744f76f40a326b873cb1c3690a6d7d966bc3e /uidswap.c | |
parent | 4d2f15f895f4c795afc008aeff3fd2ceffbc44f4 (diff) |
- Merged very large OpenBSD source code reformat
- OpenBSD CVS updates
- [channels.c cipher.c compat.c log-client.c scp.c serverloop.c]
[ssh.h sshd.8 sshd.c]
syslog changes:
* Unified Logmessage for all auth-types, for success and for failed
* Standard connections get only ONE line in the LOG when level==LOG:
Auth-attempts are logged only, if authentication is:
a) successfull or
b) with passwd or
c) we had more than AUTH_FAIL_LOG failues
* many log() became verbose()
* old behaviour with level=VERBOSE
- [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c]
tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE
messages. allows use of s/key in windows (ttssh, securecrt) and
ssh-1.2.27 clients without 'ssh -v', ok: niels@
- [sshd.8]
-V, for fallback to openssh in SSH2 compatibility mode
- [sshd.c]
fix sigchld race; cjc5@po.cwru.edu
Diffstat (limited to 'uidswap.c')
-rw-r--r-- | uidswap.c | 115 |
1 files changed, 53 insertions, 62 deletions
@@ -1,32 +1,25 @@ | |||
1 | /* | 1 | /* |
2 | 2 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | |
3 | uidswap.c | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
4 | 4 | * All rights reserved | |
5 | Author: Tatu Ylonen <ylo@cs.hut.fi> | 5 | * Created: Sat Sep 9 01:56:14 1995 ylo |
6 | 6 | * Code for uid-swapping. | |
7 | Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 7 | */ |
8 | All rights reserved | ||
9 | |||
10 | Created: Sat Sep 9 01:56:14 1995 ylo | ||
11 | |||
12 | Code for uid-swapping. | ||
13 | |||
14 | */ | ||
15 | 8 | ||
16 | #include "includes.h" | 9 | #include "includes.h" |
17 | RCSID("$Id: uidswap.c,v 1.1 1999/10/27 03:42:46 damien Exp $"); | 10 | RCSID("$Id: uidswap.c,v 1.2 1999/11/24 13:26:23 damien Exp $"); |
18 | 11 | ||
19 | #include "ssh.h" | 12 | #include "ssh.h" |
20 | #include "uidswap.h" | 13 | #include "uidswap.h" |
21 | 14 | ||
22 | /* Note: all these functions must work in all of the following cases: | 15 | /* |
23 | 16 | * Note: all these functions must work in all of the following cases: | |
24 | 1. euid=0, ruid=0 | 17 | * 1. euid=0, ruid=0 |
25 | 2. euid=0, ruid!=0 | 18 | * 2. euid=0, ruid!=0 |
26 | 3. euid!=0, ruid!=0 | 19 | * 3. euid!=0, ruid!=0 |
27 | 20 | * Additionally, they must work regardless of whether the system has | |
28 | Additionally, they must work regardless of whether the system has | 21 | * POSIX saved uids or not. |
29 | POSIX saved uids or not. */ | 22 | */ |
30 | 23 | ||
31 | #ifdef _POSIX_SAVED_IDS | 24 | #ifdef _POSIX_SAVED_IDS |
32 | /* Lets assume that posix saved ids also work with seteuid, even though that | 25 | /* Lets assume that posix saved ids also work with seteuid, even though that |
@@ -37,59 +30,57 @@ RCSID("$Id: uidswap.c,v 1.1 1999/10/27 03:42:46 damien Exp $"); | |||
37 | /* Saved effective uid. */ | 30 | /* Saved effective uid. */ |
38 | static uid_t saved_euid = 0; | 31 | static uid_t saved_euid = 0; |
39 | 32 | ||
40 | /* Temporarily changes to the given uid. If the effective user id is not | 33 | /* |
41 | root, this does nothing. This call cannot be nested. */ | 34 | * Temporarily changes to the given uid. If the effective user |
42 | 35 | * id is not root, this does nothing. This call cannot be nested. | |
43 | void temporarily_use_uid(uid_t uid) | 36 | */ |
37 | void | ||
38 | temporarily_use_uid(uid_t uid) | ||
44 | { | 39 | { |
45 | #ifdef SAVED_IDS_WORK_WITH_SETEUID | 40 | #ifdef SAVED_IDS_WORK_WITH_SETEUID |
41 | /* Save the current euid. */ | ||
42 | saved_euid = geteuid(); | ||
46 | 43 | ||
47 | /* Save the current euid. */ | 44 | /* Set the effective uid to the given (unprivileged) uid. */ |
48 | saved_euid = geteuid(); | 45 | if (seteuid(uid) == -1) |
49 | 46 | debug("seteuid %d: %.100s", (int) uid, strerror(errno)); | |
50 | /* Set the effective uid to the given (unprivileged) uid. */ | ||
51 | if (seteuid(uid) == -1) | ||
52 | debug("seteuid %d: %.100s", (int)uid, strerror(errno)); | ||
53 | |||
54 | #else /* SAVED_IDS_WORK_WITH_SETUID */ | 47 | #else /* SAVED_IDS_WORK_WITH_SETUID */ |
48 | /* Propagate the privileged uid to all of our uids. */ | ||
49 | if (setuid(geteuid()) < 0) | ||
50 | debug("setuid %d: %.100s", (int) geteuid(), strerror(errno)); | ||
55 | 51 | ||
56 | /* Propagate the privileged uid to all of our uids. */ | 52 | /* Set the effective uid to the given (unprivileged) uid. */ |
57 | if (setuid(geteuid()) < 0) | 53 | if (seteuid(uid) == -1) |
58 | debug("setuid %d: %.100s", (int)geteuid(), strerror(errno)); | 54 | debug("seteuid %d: %.100s", (int) uid, strerror(errno)); |
59 | |||
60 | /* Set the effective uid to the given (unprivileged) uid. */ | ||
61 | if (seteuid(uid) == -1) | ||
62 | debug("seteuid %d: %.100s", (int)uid, strerror(errno)); | ||
63 | |||
64 | #endif /* SAVED_IDS_WORK_WITH_SETEUID */ | 55 | #endif /* SAVED_IDS_WORK_WITH_SETEUID */ |
65 | |||
66 | } | 56 | } |
67 | 57 | ||
68 | /* Restores to the original uid. */ | 58 | /* |
69 | 59 | * Restores to the original uid. | |
70 | void restore_uid() | 60 | */ |
61 | void | ||
62 | restore_uid() | ||
71 | { | 63 | { |
72 | #ifdef SAVED_IDS_WORK_WITH_SETEUID | 64 | #ifdef SAVED_IDS_WORK_WITH_SETEUID |
73 | 65 | /* Set the effective uid back to the saved uid. */ | |
74 | /* Set the effective uid back to the saved uid. */ | 66 | if (seteuid(saved_euid) < 0) |
75 | if (seteuid(saved_euid) < 0) | 67 | debug("seteuid %d: %.100s", (int) saved_euid, strerror(errno)); |
76 | debug("seteuid %d: %.100s", (int)saved_euid, strerror(errno)); | ||
77 | |||
78 | #else /* SAVED_IDS_WORK_WITH_SETEUID */ | 68 | #else /* SAVED_IDS_WORK_WITH_SETEUID */ |
79 | 69 | /* We are unable to restore the real uid to its unprivileged | |
80 | /* We are unable to restore the real uid to its unprivileged value. */ | 70 | value. */ |
81 | /* Propagate the real uid (usually more privileged) to effective uid | 71 | /* Propagate the real uid (usually more privileged) to effective |
82 | as well. */ | 72 | uid as well. */ |
83 | setuid(getuid()); | 73 | setuid(getuid()); |
84 | |||
85 | #endif /* SAVED_IDS_WORK_WITH_SETEUID */ | 74 | #endif /* SAVED_IDS_WORK_WITH_SETEUID */ |
86 | } | 75 | } |
87 | 76 | ||
88 | /* Permanently sets all uids to the given uid. This cannot be called while | 77 | /* |
89 | temporarily_use_uid is effective. */ | 78 | * Permanently sets all uids to the given uid. This cannot be |
90 | 79 | * called while temporarily_use_uid is effective. | |
91 | void permanently_set_uid(uid_t uid) | 80 | */ |
81 | void | ||
82 | permanently_set_uid(uid_t uid) | ||
92 | { | 83 | { |
93 | if (setuid(uid) < 0) | 84 | if (setuid(uid) < 0) |
94 | debug("setuid %d: %.100s", (int)uid, strerror(errno)); | 85 | debug("setuid %d: %.100s", (int) uid, strerror(errno)); |
95 | } | 86 | } |