1 /* 2 * Copyright 2004 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 /* 6 * Author: Tatu Ylonen <ylo@cs.hut.fi> 7 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 8 * All rights reserved 9 * Code for uid-swapping. 10 * 11 * As far as I am concerned, the code I have written for this software 12 * can be used freely for any purpose. Any derived versions of this 13 * software must be clearly marked as such, and if the derived work is 14 * incompatible with the protocol description in the RFC file, it must be 15 * called by a name other than "ssh" or "Secure Shell". 16 */ 17 18 #include "includes.h" 19 RCSID("$OpenBSD: uidswap.c,v 1.23 2002/07/15 17:15:31 stevesk Exp $"); 20 21 #pragma ident "%Z%%M% %I% %E% SMI" 22 23 #include "log.h" 24 #include "uidswap.h" 25 26 /* 27 * Note: all these functions must work in all of the following cases: 28 * 1. euid=0, ruid=0 29 * 2. euid=0, ruid!=0 30 * 3. euid!=0, ruid!=0 31 * Additionally, they must work regardless of whether the system has 32 * POSIX saved uids or not. 33 */ 34 35 #if defined(_POSIX_SAVED_IDS) && !defined(BROKEN_SAVED_UIDS) 36 /* Lets assume that posix saved ids also work with seteuid, even though that 37 is not part of the posix specification. */ 38 #define SAVED_IDS_WORK 39 /* Saved effective uid. */ 40 static uid_t saved_euid = 0; 41 static gid_t saved_egid = 0; 42 #endif 43 44 /* Saved effective uid. */ 45 static int privileged = 0; 46 static int temporarily_use_uid_effective = 0; 47 static gid_t saved_egroups[NGROUPS_MAX], user_groups[NGROUPS_MAX]; 48 static int saved_egroupslen = -1, user_groupslen = -1; 49 50 /* 51 * Temporarily changes to the given uid. If the effective user 52 * id is not root, this does nothing. This call cannot be nested. 53 */ 54 void 55 temporarily_use_uid(struct passwd *pw) 56 { 57 /* Save the current euid, and egroups. */ 58 #ifdef SAVED_IDS_WORK 59 saved_euid = geteuid(); 60 saved_egid = getegid(); 61 debug("temporarily_use_uid: %u/%u (e=%u/%u)", 62 (u_int)pw->pw_uid, (u_int)pw->pw_gid, 63 (u_int)saved_euid, (u_int)saved_egid); 64 if (saved_euid != 0) { 65 privileged = 0; 66 return; 67 } 68 #else 69 if (geteuid() != 0) { 70 privileged = 0; 71 return; 72 } 73 #endif /* SAVED_IDS_WORK */ 74 75 privileged = 1; 76 temporarily_use_uid_effective = 1; 77 saved_egroupslen = getgroups(NGROUPS_MAX, saved_egroups); 78 if (saved_egroupslen < 0) 79 fatal("getgroups: %.100s", strerror(errno)); 80 81 /* set and save the user's groups */ 82 if (user_groupslen == -1) { 83 if (initgroups(pw->pw_name, pw->pw_gid) < 0) 84 fatal("initgroups: %s: %.100s", pw->pw_name, 85 strerror(errno)); 86 user_groupslen = getgroups(NGROUPS_MAX, user_groups); 87 if (user_groupslen < 0) 88 fatal("getgroups: %.100s", strerror(errno)); 89 } 90 /* Set the effective uid to the given (unprivileged) uid. */ 91 if (setgroups(user_groupslen, user_groups) < 0) 92 fatal("setgroups: %.100s", strerror(errno)); 93 #ifdef SAVED_IDS_WORK 94 /* Set saved gid and set real gid */ 95 if (setregid(pw->pw_gid, -1) == -1) 96 debug("setregid(%u, -1): %.100s", (uint_t)pw->pw_gid, strerror(errno)); 97 /* Set saved uid and set real uid */ 98 if (setreuid(pw->pw_uid, -1) == -1) 99 debug("setreuid(%u, -1): %.100s", (uint_t)pw->pw_uid, strerror(errno)); 100 #else 101 /* Propagate the privileged gid to all of our gids. */ 102 if (setgid(getegid()) < 0) 103 debug("setgid %u: %.100s", (u_int) getegid(), strerror(errno)); 104 /* Propagate the privileged uid to all of our uids. */ 105 if (setuid(geteuid()) < 0) 106 debug("setuid %u: %.100s", (u_int) geteuid(), strerror(errno)); 107 #endif /* SAVED_IDS_WORK */ 108 /* Set effective gid */ 109 if (setegid(pw->pw_gid) == -1) 110 fatal("setegid %u: %.100s", (u_int)pw->pw_uid, 111 strerror(errno)); 112 /* Set effective uid */ 113 if (seteuid(pw->pw_uid) == -1) 114 fatal("seteuid %u: %.100s", (u_int)pw->pw_uid, 115 strerror(errno)); 116 /* 117 * If saved set ids work then 118 * 119 * ruid == euid == pw->pw_uid 120 * saved uid = previous euid 121 * rgid == egid == pw->pw_gid 122 * saved gid = previous egid 123 */ 124 } 125 126 /* 127 * Restores to the original (privileged) uid. 128 */ 129 void 130 restore_uid(void) 131 { 132 /* it's a no-op unless privileged */ 133 if (!privileged) { 134 debug("restore_uid: (unprivileged)"); 135 return; 136 } 137 if (!temporarily_use_uid_effective) 138 fatal("restore_uid: temporarily_use_uid not effective"); 139 140 #ifdef SAVED_IDS_WORK 141 debug("restore_uid: %u/%u", (u_int)saved_euid, (u_int)saved_egid); 142 /* Set the effective uid back to the saved privileged uid. */ 143 if (seteuid(saved_euid) < 0) 144 fatal("seteuid %u: %.100s", (u_int)saved_euid, strerror(errno)); 145 if (setuid(saved_euid) < 0) 146 fatal("setuid %u: %.100s", (u_int)saved_euid, strerror(errno)); 147 if (setegid(saved_egid) < 0) 148 fatal("setegid %u: %.100s", (u_int)saved_egid, strerror(errno)); 149 if (setgid(saved_egid) < 0) 150 fatal("setgid %u: %.100s", (u_int)saved_egid, strerror(errno)); 151 #else /* SAVED_IDS_WORK */ 152 /* 153 * We are unable to restore the real uid to its unprivileged value. 154 * Propagate the real uid (usually more privileged) to effective uid 155 * as well. 156 */ 157 setuid(getuid()); 158 setgid(getgid()); 159 #endif /* SAVED_IDS_WORK */ 160 161 if (setgroups(saved_egroupslen, saved_egroups) < 0) 162 fatal("setgroups: %.100s", strerror(errno)); 163 temporarily_use_uid_effective = 0; 164 } 165 166 /* 167 * Permanently sets all uids to the given uid. This cannot be 168 * called while temporarily_use_uid is effective. 169 */ 170 void 171 permanently_set_uid(struct passwd *pw) 172 { 173 if (temporarily_use_uid_effective) 174 fatal("permanently_set_uid: temporarily_use_uid effective"); 175 debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid, 176 (u_int)pw->pw_gid); 177 if (initgroups(pw->pw_name, pw->pw_gid) < 0) 178 fatal("initgroups: %s: %.100s", pw->pw_name, 179 strerror(errno)); 180 if (setgid(pw->pw_gid) < 0) 181 fatal("setgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno)); 182 if (setuid(pw->pw_uid) < 0) 183 fatal("setuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno)); 184 } 185