diff options
author | Damien Miller <djm@mindrot.org> | 1999-11-25 00:26:21 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 1999-11-25 00:26:21 +1100 |
commit | 95def09838fc61b37b6ea7cd5c234a465b4b129b (patch) | |
tree | 042744f76f40a326b873cb1c3690a6d7d966bc3e /uidswap.c | |
parent | 4d2f15f895f4c795afc008aeff3fd2ceffbc44f4 (diff) | |
download | openssh-git-95def09838fc61b37b6ea7cd5c234a465b4b129b.tar.gz |
- Merged very large OpenBSD source code reformat
- OpenBSD CVS updates
- [channels.c cipher.c compat.c log-client.c scp.c serverloop.c]
[ssh.h sshd.8 sshd.c]
syslog changes:
* Unified Logmessage for all auth-types, for success and for failed
* Standard connections get only ONE line in the LOG when level==LOG:
Auth-attempts are logged only, if authentication is:
a) successfull or
b) with passwd or
c) we had more than AUTH_FAIL_LOG failues
* many log() became verbose()
* old behaviour with level=VERBOSE
- [readconf.c readconf.h ssh.1 ssh.h sshconnect.c sshd.c]
tranfer s/key challenge/response data in SSH_SMSG_AUTH_TIS_CHALLENGE
messages. allows use of s/key in windows (ttssh, securecrt) and
ssh-1.2.27 clients without 'ssh -v', ok: niels@
- [sshd.8]
-V, for fallback to openssh in SSH2 compatibility mode
- [sshd.c]
fix sigchld race; cjc5@po.cwru.edu
Diffstat (limited to 'uidswap.c')
-rw-r--r-- | uidswap.c | 115 |
1 files changed, 53 insertions, 62 deletions
@@ -1,32 +1,25 @@ /* - -uidswap.c - -Author: Tatu Ylonen <ylo@cs.hut.fi> - -Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland - All rights reserved - -Created: Sat Sep 9 01:56:14 1995 ylo - -Code for uid-swapping. - -*/ + * Author: Tatu Ylonen <ylo@cs.hut.fi> + * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland + * All rights reserved + * Created: Sat Sep 9 01:56:14 1995 ylo + * Code for uid-swapping. + */ #include "includes.h" -RCSID("$Id: uidswap.c,v 1.1 1999/10/27 03:42:46 damien Exp $"); +RCSID("$Id: uidswap.c,v 1.2 1999/11/24 13:26:23 damien Exp $"); #include "ssh.h" #include "uidswap.h" -/* Note: all these functions must work in all of the following cases: - - 1. euid=0, ruid=0 - 2. euid=0, ruid!=0 - 3. euid!=0, ruid!=0 - - Additionally, they must work regardless of whether the system has - POSIX saved uids or not. */ +/* + * Note: all these functions must work in all of the following cases: + * 1. euid=0, ruid=0 + * 2. euid=0, ruid!=0 + * 3. euid!=0, ruid!=0 + * Additionally, they must work regardless of whether the system has + * POSIX saved uids or not. + */ #ifdef _POSIX_SAVED_IDS /* Lets assume that posix saved ids also work with seteuid, even though that @@ -37,59 +30,57 @@ RCSID("$Id: uidswap.c,v 1.1 1999/10/27 03:42:46 damien Exp $"); /* Saved effective uid. */ static uid_t saved_euid = 0; -/* Temporarily changes to the given uid. If the effective user id is not - root, this does nothing. This call cannot be nested. */ - -void temporarily_use_uid(uid_t uid) +/* + * Temporarily changes to the given uid. If the effective user + * id is not root, this does nothing. This call cannot be nested. + */ +void +temporarily_use_uid(uid_t uid) { #ifdef SAVED_IDS_WORK_WITH_SETEUID + /* Save the current euid. */ + saved_euid = geteuid(); - /* Save the current euid. */ - saved_euid = geteuid(); - - /* Set the effective uid to the given (unprivileged) uid. */ - if (seteuid(uid) == -1) - debug("seteuid %d: %.100s", (int)uid, strerror(errno)); - + /* Set the effective uid to the given (unprivileged) uid. */ + if (seteuid(uid) == -1) + debug("seteuid %d: %.100s", (int) uid, strerror(errno)); #else /* SAVED_IDS_WORK_WITH_SETUID */ + /* Propagate the privileged uid to all of our uids. */ + if (setuid(geteuid()) < 0) + debug("setuid %d: %.100s", (int) geteuid(), strerror(errno)); - /* Propagate the privileged uid to all of our uids. */ - if (setuid(geteuid()) < 0) - debug("setuid %d: %.100s", (int)geteuid(), strerror(errno)); - - /* Set the effective uid to the given (unprivileged) uid. */ - if (seteuid(uid) == -1) - debug("seteuid %d: %.100s", (int)uid, strerror(errno)); - + /* Set the effective uid to the given (unprivileged) uid. */ + if (seteuid(uid) == -1) + debug("seteuid %d: %.100s", (int) uid, strerror(errno)); #endif /* SAVED_IDS_WORK_WITH_SETEUID */ - } -/* Restores to the original uid. */ - -void restore_uid() +/* + * Restores to the original uid. + */ +void +restore_uid() { #ifdef SAVED_IDS_WORK_WITH_SETEUID - - /* Set the effective uid back to the saved uid. */ - if (seteuid(saved_euid) < 0) - debug("seteuid %d: %.100s", (int)saved_euid, strerror(errno)); - + /* Set the effective uid back to the saved uid. */ + if (seteuid(saved_euid) < 0) + debug("seteuid %d: %.100s", (int) saved_euid, strerror(errno)); #else /* SAVED_IDS_WORK_WITH_SETEUID */ - - /* We are unable to restore the real uid to its unprivileged value. */ - /* Propagate the real uid (usually more privileged) to effective uid - as well. */ - setuid(getuid()); - + /* We are unable to restore the real uid to its unprivileged + value. */ + /* Propagate the real uid (usually more privileged) to effective + uid as well. */ + setuid(getuid()); #endif /* SAVED_IDS_WORK_WITH_SETEUID */ } -/* Permanently sets all uids to the given uid. This cannot be called while - temporarily_use_uid is effective. */ - -void permanently_set_uid(uid_t uid) +/* + * Permanently sets all uids to the given uid. This cannot be + * called while temporarily_use_uid is effective. + */ +void +permanently_set_uid(uid_t uid) { - if (setuid(uid) < 0) - debug("setuid %d: %.100s", (int)uid, strerror(errno)); + if (setuid(uid) < 0) + debug("setuid %d: %.100s", (int) uid, strerror(errno)); } |