From: Sam Hartman Date: Sun, 19 May 1996 18:56:50 +0000 (+0000) Subject: As per mail describing the ksu problem, invent a krb5util X-Git-Tag: krb5-1.0-beta6~64 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=36dc00f03da4c6be53018ee7702c5752f63fad8a;p=krb5.git As per mail describing the ksu problem, invent a krb5util function to properly set the euid on all systems where it is possible. Ksu cannot be used without this function in a secure manner. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8052 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/krb5util/.Sanitize b/src/lib/krb5util/.Sanitize index 576c5e2e7..03489e494 100644 --- a/src/lib/krb5util/.Sanitize +++ b/src/lib/krb5util/.Sanitize @@ -29,7 +29,7 @@ Makefile.in configure configure.in compat_recv.c - +seteuid.c Things-to-lose: Do-last: diff --git a/src/lib/krb5util/ChangeLog b/src/lib/krb5util/ChangeLog new file mode 100644 index 000000000..cf7a4691c --- /dev/null +++ b/src/lib/krb5util/ChangeLog @@ -0,0 +1,7 @@ +Sat May 18 04:41:55 1996 Sam Hartman + + * configure.in: Check for functions needed to seteuid. + + * seteuid.c (krb5_seteuid): New function to allow UID to be + changed and returned to later. + diff --git a/src/lib/krb5util/Makefile.in b/src/lib/krb5util/Makefile.in index 02039d245..b25298adb 100644 --- a/src/lib/krb5util/Makefile.in +++ b/src/lib/krb5util/Makefile.in @@ -6,9 +6,9 @@ CFLAGS = $(CCOPTS) $(DEFS) .c.o: $(CC) $(CFLAGS) -c $(srcdir)/$*.c -OBJS= compat_recv.$(OBJEXT) +OBJS= compat_recv.$(OBJEXT) seteuid.$(OBJEXT) -SRCS= $(srcdir)/compat_recv +SRCS= $(srcdir)/compat_recv.c $(srcdir)/seteuid.c LIB_SUBDIRS= . LIBDONE= DONE diff --git a/src/lib/krb5util/configure.in b/src/lib/krb5util/configure.in index 71d15a25d..7bcfa4872 100644 --- a/src/lib/krb5util/configure.in +++ b/src/lib/krb5util/configure.in @@ -4,6 +4,8 @@ AC_PROG_ARCHIVE AC_PROG_ARCHIVE_ADD AC_PROG_RANLIB AC_PROG_INSTALL +AC_CHECK_HEADERS(unistd.h stdlib.h) +AC_CHECK_FUNCS(seteuid setresuid setreuid) LinkFileDir(../libkrb5util.a, libkrb5util.a, ./krb5util) AppendRule([all-unix:: ../libkrb5util.a]) dnl AppendRule([all:: all-$(WHAT)]) diff --git a/src/lib/krb5util/seteuid.c b/src/lib/krb5util/seteuid.c new file mode 100644 index 000000000..11f43f371 --- /dev/null +++ b/src/lib/krb5util/seteuid.c @@ -0,0 +1,53 @@ +/* + * krb5_seteuid: Attempt to set the effective user ID of the current process + * in such a way it can be restored lated. + * + * Copyright 1996 by the Massachusetts Institute of Technology. + * + * + * Permission to use, copy, modify, and distribute this software and + * its documentation for any purpose and without fee is hereby + * granted, provided that the above copyright notice appear in all + * copies and that both that copyright notice and this permission + * notice appear in supporting documentation, and that the name of + * M.I.T. not be used in advertising or publicity pertaining to + * distribution of the software without specific, written prior + * permission. M.I.T. makes no representations about the suitability + * of this software for any purpose. It is provided "as is" without + * express or implied warranty. + * + */ + + +#ifdef HAVE_UNISTD_H +#include +#endif + +#ifdef HAVE_STDLIB_H +#include +#endif + +#include + +int krb5_seteuid( euid) + uid_t euid; +{ + #if defined(_POSIX_SAVED_IDS) && defined(HAVE_SETEUID) + return (seteuid(euid)) ; +#else +# if defined(HAVE_SETRESUID) + return (setresuid(getuid(), euid, getuid())) ; +# else +# if defined(HAVE_SETREUID) + return setreuid(geteuid(), euid); +#else /*HAVE_SETREUID*/ + /* You need to add a case to deal with this operating system.*/ + errno = EPERM; + return -1; + +# endif /* HAVE_SETREUID */ +# endif /* HAVE_SETRESUID */ +#endif /* _POSIX_SAVED_IDS */ + + +}