summaryrefslogtreecommitdiff
path: root/uidswap.c
Commit message (Collapse)AuthorAgeFilesLines
* upstream: Remove support for running ssh(1) setuid and fatal ifdtucker@openbsd.org2018-07-191-32/+1
| | | | | | | | attempted. Do not link uidwap.c into ssh any more. Neuters UsePrivilegedPort, which will be marked as deprecated shortly. ok markus@ djm@ OpenBSD-Commit-ID: c4ba5bf9c096f57a6ed15b713a1d7e9e2e373c42
* upstream: invalidate supplemental group cache used bydjm@openbsd.org2018-06-151-2/+6
| | | | | | | | temporarily_use_uid() when the target uid differs; could cause failure to read authorized_keys under some configurations. patch by Jakub Jelen via bz2873; ok dtucker, markus OpenBSD-Commit-ID: 48a345f0ee90f6c465a078eb5e89566b23abd8a1
* Support Illumos/Solaris fine-grained privilegesDamien Miller2016-01-081-6/+12
| | | | | | | Includes a pre-auth privsep sandbox and several pledge() emulations. bz#2511, patch by Alex Wilson. ok dtucker@
* upstream commitdtucker@openbsd.org2015-06-251-2/+1
| | | | | | | | | | Revert previous commit. We still want to call setgroups in the case where there are zero groups to remove any that we might otherwise inherit (as pointed out by grawity at gmail.com) and since the 2nd argument to setgroups is always a static global it's always valid to dereference in this case. ok deraadt@ djm@ Upstream-ID: 895b5ac560a10befc6b82afa778641315725fd01
* upstream commitdtucker@openbsd.org2015-06-251-2/+2
| | | | | | | | | | Revert previous commit. We still want to call setgroups in the case where there are zero groups to remove any that we might otherwise inherit (as pointed out by grawity at gmail.com) and since the 2nd argument to setgroups is always a static global it's always valid to dereference in this case. ok deraadt@ djm@ Upstream-ID: 895b5ac560a10befc6b82afa778641315725fd01
* upstream commitdtucker@openbsd.org2015-06-231-3/+4
| | | | | | | | Don't call setgroups if we have zero groups; there's no guarantee that it won't try to deref the pointer. Based on a patch from mail at quitesimple.org, ok djm deraadt Upstream-ID: 2fff85e11d7a9a387ef7fddf41fbfaf566708ab1
* xrealloc -> xreallocarray in portable code too.Darren Tucker2015-04-301-2/+2
|
* upstream commitderaadt@openbsd.org2015-01-161-2/+2
| | | | | | | | | | Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
* - (dtucker) [uidswap.c] Prevent unused variable warnings on Cygwin. PatchDarren Tucker2014-01-181-0/+4
| | | | from vinschen at redhat.com
* - dtucker@cvs.openbsd.org 2013/11/08 11:15:19Damien Miller2013-11-211-1/+2
| | | | | [bufaux.c bufbn.c buffer.c sftp-client.c sftp-common.c sftp-glob.c] [uidswap.c] Include stdlib.h for free() as per the man page.
* - (dtucker) [M auth-chall.c auth-krb5.c auth-pam.c cipher-aes.c cipher-ctr.cDarren Tucker2013-06-021-4/+2
| | | | | | | | groupaccess.c loginrec.c monitor.c monitor_wrap.c session.c sshd.c sshlogin.c uidswap.c openbsd-compat/bsd-cygwin_util.c openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/port-aix.c openbsd-compat/port-linux.c] Replace portable-specific instances of xfree with the equivalent calls to free.
* - (dtucker) [uidswap.c openbsd-compat/Makefile.inDarren Tucker2012-11-051-34/+0
| | | | | | | openbsd-compat/bsd-setres_id.c openbsd-compat/bsd-setres_id.h openbsd-compat/openbsd-compat.h] Move the fallback code for setting uids and gids from uidswap.c to the compat library, which allows it to work with the new setresuid calls in auth2-pubkey. with tim@, ok djm@
* - (djm) [uidswap.c] bz#1412: Support >16 supplemental groups in OS X.Damien Miller2009-01-211-0/+10
| | | | Patch based on one from vgiffin AT apple.com; ok dtucker@
* - deraadt@cvs.openbsd.org 2006/08/03 03:34:42Damien Miller2006-08-051-3/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c] [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ] [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c] [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c] [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c] [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c] [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c] [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c] [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h] [serverloop.c session.c session.h sftp-client.c sftp-common.c] [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c] [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c] [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c] [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c] [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h] [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h] almost entirely get rid of the culture of ".h files that include .h files" ok djm, sort of ok stevesk makes the pain stop in one easy step NB. portable commit contains everything *except* removing includes.h, as that will take a fair bit more work as we move headers that are required for portability workarounds to defines.h. (also, this step wasn't "easy")
* - stevesk@cvs.openbsd.org 2006/07/26 02:35:17Damien Miller2006-08-051-1/+2
| | | | | | | | | [atomicio.c auth.c dh.c authfile.c buffer.c clientloop.c kex.c] [groupaccess.c gss-genr.c kexgexs.c misc.c monitor.c monitor_mm.c] [packet.c scp.c serverloop.c session.c sftp-client.c sftp-common.c] [sftp-server.c sftp.c ssh-add.c ssh-agent.c ssh-keygen.c sshlogin.c] [uidswap.c xmalloc.c] move #include <sys/param.h> out of includes.h
* - stevesk@cvs.openbsd.org 2006/07/22 20:48:23Damien Miller2006-07-241-1/+2
| | | | | | | | | | | | | | | | | [atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c] [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c] [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c] [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c] [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c] [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c] [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c] [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c] [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c] [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c] [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c] [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c] [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c] move #include <string.h> out of includes.h
* - stevesk@cvs.openbsd.org 2006/07/17 01:31:10Damien Miller2006-07-241-1/+2
| | | | | | | | | [authfd.c authfile.c channels.c cleanup.c clientloop.c groupaccess.c] [includes.h log.c misc.c msg.c packet.c progressmeter.c readconf.c] [readpass.c scp.c servconf.c sftp-client.c sftp-server.c sftp.c] [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c] [sshconnect.c sshlogin.c sshpty.c uidswap.c] move #include <unistd.h> out of includes.h
* - stevesk@cvs.openbsd.org 2006/07/11 20:07:25Darren Tucker2006-07-121-1/+2
| | | | | | | | | [scp.c auth.c monitor.c serverloop.c sftp-server.c sshpty.c readpass.c sshd.c monitor_wrap.c monitor_fdpass.c ssh-agent.c ttymodes.c atomicio.c includes.h session.c sshlogin.c monitor_mm.c packet.c sshconnect2.c sftp-client.c nchan.c clientloop.c sftp.c misc.c canohost.c channels.c ssh-keygen.c progressmeter.c uidswap.c msg.c readconf.c sshconnect.c] move #include <errno.h> out of includes.h; ok markus@
* - stevesk@cvs.openbsd.org 2006/07/06 16:03:53Damien Miller2006-07-101-1/+5
| | | | | | | | | | | [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c] [auth-rhosts.c auth-rsa.c auth.c auth.h auth2-hostbased.c] [auth2-pubkey.c auth2.c includes.h misc.c misc.h monitor.c] [monitor_wrap.c monitor_wrap.h scp.c serverloop.c session.c] [session.h sftp-common.c ssh-add.c ssh-keygen.c ssh-keysign.c] [ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c] [uidswap.h] move #include <pwd.h> out of includes.h; ok markus@
* - stevesk@cvs.openbsd.org 2006/07/02 22:45:59Damien Miller2006-07-101-0/+2
| | | | | | [groupaccess.c groupaccess.h includes.h session.c sftp-common.c sshpty.c] move #include <grp.h> out of includes.h (portable needed uidswap.c too)
* - markus@cvs.openbsd.org 2006/06/08 14:45:49Damien Miller2006-06-131-1/+36
| | | | | [readpass.c sshconnect.c sshconnect2.c uidswap.c uidswap.h] do not set the gid, noted by solar; ok djm
* - markus@cvs.openbsd.org 2006/06/06 10:20:20Damien Miller2006-06-131-1/+3
| | | | | | [readpass.c sshconnect.c sshconnect.h sshconnect2.c uidswap.c] replace remaining setuid() calls with permanently_set_uid() and check seteuid() return values; report Marcus Meissner; ok dtucker djm
* - djm@cvs.openbsd.org 2006/04/22 04:06:51Damien Miller2006-04-231-1/+1
| | | | | | [uidswap.c] use setres[ug]id() to permanently revoke privileges; ok deraadt@ (ID Sync only - portable already uses setres[ug]id() whenever possible)
* - djm@cvs.openbsd.org 2006/03/25 13:17:03Damien Miller2006-03-261-0/+1
| | | | | | | | | | | | | | | | | | | | | [atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c] [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c] [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c] [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c] [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c] [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c] [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c] [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c] [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c] [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c] [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c] [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c] [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c] [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] [uidswap.c uuencode.c xmalloc.c] Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that Theo nuked - our scripts to sync -portable need them in the files
* - djm@cvs.openbsd.org 2006/03/25 01:13:23Damien Miller2006-03-261-2/+2
| | | | | | | | | | | | [buffer.c channels.c deattack.c misc.c scp.c session.c sftp-client.c] [sftp-server.c ssh-agent.c ssh-rsa.c xmalloc.c xmalloc.h auth-pam.c] [uidswap.c] change OpenSSH's xrealloc() function from being xrealloc(p, new_size) to xrealloc(p, new_nmemb, new_itemsize). realloc is particularly prone to integer overflows because it is almost always allocating "n * size" bytes, so this is a far safer API; ok deraadt@
* - deraadt@cvs.openbsd.org 2006/03/19 18:51:18Damien Miller2006-03-261-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | [atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c] [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c] [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c] [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c] [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c] [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c] [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c] [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c] [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c] [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c] [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c] [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c] [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c] [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c] [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c] [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c] [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c] [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c] [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c] [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c] [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c] [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c] RCSID() can die
* - (dtucker) [uidswap.c] Skip uid restore test on Cygwin. Patch fromDarren Tucker2005-02-221-0/+2
| | | | vinschen at redhat.com.
* - (dtucker) [uidswap.c] Don't test dropping of gids for the root user orDarren Tucker2004-10-191-1/+3
| | | | on Cygwin. Cygwin parts from vinschen at redhat com; ok djm@
* - (dtucker) [uidswap.c] Minor KNF. ok djm@Darren Tucker2004-02-241-1/+1
|
* - (djm) [groupaccess.c uidswap.c] Bug #787: Size group arrays at runtimeDamien Miller2004-02-241-3/+24
| | | | | using sysconf() if available Based on patches from holger AT van-lengerich.de and openssh_bugzilla AT hockin.org
* - (dtucker) [acconfig.h configure.ac uidswap.c] Bug #645: Check forDarren Tucker2003-12-171-2/+2
| | | | | setres[ug]id() present but not implemented (eg some Linux/glibc combinations).
* - djm@cvs.openbsd.org 2003/11/21 11:57:03Damien Miller2003-11-211-6/+6
| | | | | | [everything] unexpand and delete whitespace at EOL; ok markus@ (done locally and RCS IDs synced)
* - (dtucker) [uidswap.c] Don't test restoration of uid on Cygwin since theDarren Tucker2003-09-221-0/+2
| | | | | OS does not support permanently dropping privileges. Patch from vinschen at redhat.com.
* - (dtucker) [acconfig.h configure.ac uidswap.c] Prefer setuid/setgid on AIX.Darren Tucker2003-09-061-2/+2
|
* - (dtucker) [uidswap.c] Fix setreuid and add missing args to fatal(). ok djm@Darren Tucker2003-06-061-5/+5
|
* - (djm) Implement paranoid priv dropping checks, based on:Damien Miller2003-06-051-0/+47
| | | | | "SetUID demystified" - Hao Chen, David Wagner and Drew Dean Proceedings of USENIX Security Symposium 2002
* - deraadt@cvs.openbsd.org 2003/05/29 16:58:45Damien Miller2003-06-021-1/+5
| | | | | [sshd.c uidswap.c] seteuid and setegid; markus ok
* - (bal) [uidswap.c] SCO compile correction by gert@greenie.muc.deBen Lindstrom2002-07-301-1/+1
|
* - stevesk@cvs.openbsd.org 2002/07/15 17:15:31Ben Lindstrom2002-07-231-5/+10
| | | | | [uidswap.c] little more debugging; ok markus@
* - (bal) Build noop setgroups() for cygwin to clean up code (For otherBen Lindstrom2002-06-121-4/+0
| | | | | platforms without the setgroups() requirement, you MUST define SETGROUPS_NOOP in the configure.ac) Based on patch by vinschen@redhat.com
* - stevesk@cvs.openbsd.org 2002/05/28 21:24:00Ben Lindstrom2002-06-061-1/+1
| | | | | | | [uidswap.c] use correct function name in fatal() [See the patch above, I saw it before apply the next patch. <sigh>]
* - (bal) Corrected debug() in uidswap.c to match upstream.Ben Lindstrom2002-06-061-1/+1
|
* - stevesk@cvs.openbsd.org 2002/05/28 17:28:02Ben Lindstrom2002-06-061-10/+9
| | | | | [uidswap.c] format spec change/casts and some KNF; ok markus@
* - (bal) mispelling in uidswap.c (portable only)Ben Lindstrom2002-04-031-1/+1
|
* - (bal) CVS ID sync of uidswap.cBen Lindstrom2002-04-021-1/+1
|
* - deraadt@cvs.openbsd.org 2001/12/19 07:18:56Damien Miller2001-12-211-3/+3
| | | | | | | | | | | | [auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h] [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c] [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c] [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c] [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c] [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c] [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config] [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c] basic KNF done while i was looking for something else
* - markus@cvs.openbsd.org 2001/08/08 21:34:19Ben Lindstrom2001-08-151-4/+1
| | | | | [uidswap.c] undo last change; does not work for sshd
* - markus@cvs.openbsd.org 2001/08/08 18:20:15Ben Lindstrom2001-08-151-1/+4
| | | | | | [uidswap.c] permanently_set_uid is a noop if user is not privilegued; fixes bug on solaris; from sbi@uchicago.edu
* - (bal) White Space and #ifdef sync with OpenBSDBen Lindstrom2001-05-061-2/+1
|
* - (bal) Cygwin lacks setgroups() API. Patch by Corinna VinschenBen Lindstrom2001-04-271-0/+4
| | | | <vinschen@redhat.com>