privs.h (54158) | privs.h (82973) |
---|---|
1/* 2 * privs.h - header for privileged operations 3 * Copyright (C) 1993 Thomas Koenig 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 8 unchanged lines hidden (view full) --- 17 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, 18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21 * THEORY OF LIABILITY, WETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 * | 1/* 2 * privs.h - header for privileged operations 3 * Copyright (C) 1993 Thomas Koenig 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 8 unchanged lines hidden (view full) --- 17 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, 18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21 * THEORY OF LIABILITY, WETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 * |
25 * $FreeBSD: head/usr.bin/at/privs.h 54158 1999-12-05 19:57:14Z charnier $ | 25 * $FreeBSD: head/usr.bin/at/privs.h 82973 2001-09-04 16:15:51Z ru $ |
26 */ 27 28#ifndef _PRIVS_H 29#define _PRIVS_H 30 | 26 */ 27 28#ifndef _PRIVS_H 29#define _PRIVS_H 30 |
31#ifndef _USE_BSD 32#define _USE_BSD 1 | |
33#include <unistd.h> | 31#include <unistd.h> |
34#undef _USE_BSD 35#else 36#include <unistd.h> 37#endif | |
38 39/* Relinquish privileges temporarily for a setuid or setgid program | 32 33/* Relinquish privileges temporarily for a setuid or setgid program |
40 * with the option of getting them back later. This is done by swapping 41 * the real and effective userid BSD style. Call RELINQUISH_PRIVS once | 34 * with the option of getting them back later. This is done by 35 * utilizing POSIX saved user and group IDs. Call RELINQUISH_PRIVS once |
42 * at the beginning of the main program. This will cause all operations 43 * to be executed with the real userid. When you need the privileges 44 * of the setuid/setgid invocation, call PRIV_START; when you no longer 45 * need it, call PRIV_END. Note that it is an error to call PRIV_START 46 * and not PRIV_END within the same function. 47 * 48 * Use RELINQUISH_PRIVS_ROOT(a,b) if your program started out running 49 * as root, and you want to drop back the effective userid to a --- 21 unchanged lines hidden (view full) --- 71uid_t real_uid, effective_uid; 72 73#ifndef MAIN 74extern 75#endif 76gid_t real_gid, effective_gid; 77 78#define RELINQUISH_PRIVS { \ | 36 * at the beginning of the main program. This will cause all operations 37 * to be executed with the real userid. When you need the privileges 38 * of the setuid/setgid invocation, call PRIV_START; when you no longer 39 * need it, call PRIV_END. Note that it is an error to call PRIV_START 40 * and not PRIV_END within the same function. 41 * 42 * Use RELINQUISH_PRIVS_ROOT(a,b) if your program started out running 43 * as root, and you want to drop back the effective userid to a --- 21 unchanged lines hidden (view full) --- 65uid_t real_uid, effective_uid; 66 67#ifndef MAIN 68extern 69#endif 70gid_t real_gid, effective_gid; 71 72#define RELINQUISH_PRIVS { \ |
79 real_uid = getuid(); \ 80 effective_uid = geteuid(); \ 81 real_gid = getgid(); \ 82 effective_gid = getegid(); \ 83 setreuid(effective_uid, real_uid); \ 84 setregid(effective_gid, real_gid); \ 85 } | 73 real_uid = getuid(); \ 74 effective_uid = geteuid(); \ 75 real_gid = getgid(); \ 76 effective_gid = getegid(); \ 77 seteuid(real_uid); \ 78 setegid(real_gid); \ 79} |
86 | 80 |
87#define RELINQUISH_PRIVS_ROOT(a,b) { \ 88 real_uid = (a); \ 89 effective_uid = geteuid(); \ 90 real_gid = (b); \ 91 effective_gid = getegid(); \ 92 setregid(effective_gid, real_gid); \ 93 setreuid(effective_uid, real_uid); \ 94 } | 81#define RELINQUISH_PRIVS_ROOT(a, b) { \ 82 real_uid = (a); \ 83 effective_uid = geteuid(); \ 84 real_gid = (b); \ 85 effective_gid = getegid(); \ 86 setegid(real_gid); \ 87 seteuid(real_uid); \ 88} |
95 | 89 |
96#define PRIV_START {\ 97 setreuid(real_uid, effective_uid); \ 98 setregid(real_gid, effective_gid); | 90#define PRIV_START { \ 91 seteuid(effective_uid); \ 92 setegid(effective_gid); \ 93} |
99 | 94 |
100#define PRIV_END \ 101 setregid(effective_gid, real_gid); \ 102 setreuid(effective_uid, real_uid); \ 103 } | 95#define PRIV_END { \ 96 setegid(real_gid); \ 97 seteuid(real_uid); \ 98} |
104 | 99 |
105#define REDUCE_PRIV(a,b) {\ 106 setreuid(real_uid, effective_uid); \ 107 setregid(real_gid, effective_gid); \ 108 effective_uid = (a); \ 109 effective_gid = (b); \ 110 setregid(effective_gid, real_gid); \ 111 setreuid(effective_uid, real_uid); \ 112 } | 100#define REDUCE_PRIV(a, b) { \ 101 PRIV_START \ 102 effective_uid = (a); \ 103 effective_gid = (b); \ 104 setreuid((uid_t)-1, effective_uid); \ 105 setregid((gid_t)-1, effective_gid); \ 106 PRIV_END \ 107} |
113#endif | 108#endif |