diff options
Diffstat (limited to 'uidswap.c')
-rw-r--r-- | uidswap.c | 66 |
1 files changed, 33 insertions, 33 deletions
@@ -28,7 +28,7 @@ RCSID("$OpenBSD: uidswap.c,v 1.16 2001/04/20 16:32:22 markus Exp $"); | |||
28 | 28 | ||
29 | /* Lets assume that posix saved ids also work with seteuid, even though that | 29 | /* Lets assume that posix saved ids also work with seteuid, even though that |
30 | is not part of the posix specification. */ | 30 | is not part of the posix specification. */ |
31 | 31 | ||
32 | /* Saved effective uid. */ | 32 | /* Saved effective uid. */ |
33 | static int privileged = 0; | 33 | static int privileged = 0; |
34 | static int temporarily_use_uid_effective = 0; | 34 | static int temporarily_use_uid_effective = 0; |
@@ -36,7 +36,7 @@ static uid_t saved_euid = 0; | |||
36 | static gid_t saved_egid; | 36 | static gid_t saved_egid; |
37 | static gid_t saved_egroups[NGROUPS_MAX], user_groups[NGROUPS_MAX]; | 37 | static gid_t saved_egroups[NGROUPS_MAX], user_groups[NGROUPS_MAX]; |
38 | static int saved_egroupslen = -1, user_groupslen = -1; | 38 | static int saved_egroupslen = -1, user_groupslen = -1; |
39 | 39 | ||
40 | /* | 40 | /* |
41 | * Temporarily changes to the given uid. If the effective user | 41 | * Temporarily changes to the given uid. If the effective user |
42 | * id is not root, this does nothing. This call cannot be nested. | 42 | * id is not root, this does nothing. This call cannot be nested. |
@@ -44,42 +44,42 @@ static int saved_egroupslen = -1, user_groupslen = -1; | |||
44 | void | 44 | void |
45 | temporarily_use_uid(struct passwd *pw) | 45 | temporarily_use_uid(struct passwd *pw) |
46 | { | 46 | { |
47 | /* Save the current euid, and egroups. */ | 47 | /* Save the current euid, and egroups. */ |
48 | saved_euid = geteuid(); | 48 | saved_euid = geteuid(); |
49 | debug("temporarily_use_uid: %d/%d (e=%d)", | 49 | debug("temporarily_use_uid: %d/%d (e=%d)", |
50 | pw->pw_uid, pw->pw_gid, saved_euid); | 50 | pw->pw_uid, pw->pw_gid, saved_euid); |
51 | if (saved_euid != 0) { | 51 | if (saved_euid != 0) { |
52 | privileged = 0; | 52 | privileged = 0; |
53 | return; | 53 | return; |
54 | } | 54 | } |
55 | privileged = 1; | 55 | privileged = 1; |
56 | temporarily_use_uid_effective = 1; | 56 | temporarily_use_uid_effective = 1; |
57 | saved_egid = getegid(); | 57 | saved_egid = getegid(); |
58 | saved_egroupslen = getgroups(NGROUPS_MAX, saved_egroups); | 58 | saved_egroupslen = getgroups(NGROUPS_MAX, saved_egroups); |
59 | if (saved_egroupslen < 0) | 59 | if (saved_egroupslen < 0) |
60 | fatal("getgroups: %.100s", strerror(errno)); | 60 | fatal("getgroups: %.100s", strerror(errno)); |
61 | 61 | ||
62 | /* set and save the user's groups */ | 62 | /* set and save the user's groups */ |
63 | if (user_groupslen == -1) { | 63 | if (user_groupslen == -1) { |
64 | if (initgroups(pw->pw_name, pw->pw_gid) < 0) | 64 | if (initgroups(pw->pw_name, pw->pw_gid) < 0) |
65 | fatal("initgroups: %s: %.100s", pw->pw_name, | 65 | fatal("initgroups: %s: %.100s", pw->pw_name, |
66 | strerror(errno)); | 66 | strerror(errno)); |
67 | user_groupslen = getgroups(NGROUPS_MAX, user_groups); | 67 | user_groupslen = getgroups(NGROUPS_MAX, user_groups); |
68 | if (user_groupslen < 0) | 68 | if (user_groupslen < 0) |
69 | fatal("getgroups: %.100s", strerror(errno)); | 69 | fatal("getgroups: %.100s", strerror(errno)); |
70 | } | 70 | } |
71 | /* Set the effective uid to the given (unprivileged) uid. */ | 71 | /* Set the effective uid to the given (unprivileged) uid. */ |
72 | if (setgroups(user_groupslen, user_groups) < 0) | 72 | if (setgroups(user_groupslen, user_groups) < 0) |
73 | fatal("setgroups: %.100s", strerror(errno)); | 73 | fatal("setgroups: %.100s", strerror(errno)); |
74 | pw->pw_gid = pw->pw_gid; | 74 | pw->pw_gid = pw->pw_gid; |
75 | if (setegid(pw->pw_gid) < 0) | 75 | if (setegid(pw->pw_gid) < 0) |
76 | fatal("setegid %u: %.100s", (u_int) pw->pw_gid, | 76 | fatal("setegid %u: %.100s", (u_int) pw->pw_gid, |
77 | strerror(errno)); | 77 | strerror(errno)); |
78 | if (seteuid(pw->pw_uid) == -1) | 78 | if (seteuid(pw->pw_uid) == -1) |
79 | fatal("seteuid %u: %.100s", (u_int) pw->pw_uid, | 79 | fatal("seteuid %u: %.100s", (u_int) pw->pw_uid, |
80 | strerror(errno)); | 80 | strerror(errno)); |
81 | } | 81 | } |
82 | 82 | ||
83 | /* | 83 | /* |
84 | * Restores to the original (privileged) uid. | 84 | * Restores to the original (privileged) uid. |
85 | */ | 85 | */ |