~ubuntu-branches/ubuntu/oneiric/sudo/oneiric-updates

errx(1, "setresuid(ROOT_UID, ROOT_UID, ROOT_UID) failed, your operating system may have a broken setresuid() function\nTry running configure with --disable-setresuid");

(void) setresgid(-1, user_gid, -1);

if (current_perm == PERM_RUNAS)

restore_groups();

break;

100

101

case PERM_USER:

103

112

break;

104

113

105

114

case PERM_RUNAS:

115

runas_setgroups();

106

116

(void) setresgid(-1, runas_pw->pw_gid, -1);

107

117

if (setresuid(-1, runas_pw->pw_uid, -1))

108

118

err(1, "unable to change to runas uid");

142

152

err(1, "setresuid(ROOT_UID, timestamp_uid, ROOT_UID)");

143

153

break;

144

154

}

155

156

current_perm = perm;

145

157

}

146

158

147

159

#else

157

169

set_perms(perm)

158

170

int perm;

159

171

{

172

if (perm == current_perm)

173

return;

174

160

175

switch (perm) {

161

176

case PERM_ROOT:

162

177

if (setreuid(-1, ROOT_UID))

164

179

if (setuid(ROOT_UID))

165

180

err(1, "setuid(ROOT_UID)");

166

181

(void) setregid(-1, user_gid);

182

if (current_perm == PERM_RUNAS)

183

restore_groups();

167

184

break;

168

185

169

186

case PERM_USER:

180

197

break;

181

198

182

199

case PERM_RUNAS:

200

runas_setgroups();

183

201

(void) setregid(-1, runas_pw->pw_gid);

184

202

if (setreuid(-1, runas_pw->pw_uid))

185

203

err(1, "unable to change to runas uid");

218

236

err(1, "setreuid(ROOT_UID, timestamp_uid)");

219

237

break;

220

238

}

239

240

current_perm = perm;

221

241

}

222

242

223

243

# else /* !HAVE_SETRESUID && !HAVE_SETREUID */

231

251

set_perms(perm)

232

252

int perm;

233

253

{

254

if (perm == current_perm)

255

return;

256

234

257

235

258

* Since we only have setuid() and seteuid() and semantics

236

259

* for these calls differ on various systems, we set

245

268

case PERM_ROOT:

246

269

/* uid set above */

247

270

(void) setegid(user_gid);

271

if (current_perm == PERM_RUNAS)

272

restore_groups();

248

273

break;

249

274

250

275

case PERM_USER:

261

286

break;

262

287

263

288

case PERM_RUNAS:

289

runas_setgroups();

264

290

(void) setegid(runas_pw->pw_gid);

265

291

if (seteuid(runas_pw->pw_uid))

266

292

err(1, "unable to change to runas uid");

297

323

err(1, "seteuid(timestamp_uid)");

298

324

break;

299

325

}

326

327

current_perm = perm;

300

328

}

301

329

302

330

# else /* !HAVE_SETRESUID && !HAVE_SETREUID && !HAVE_SETEUID */

310

338

set_perms(perm)

311

339

int perm;

312

340

{

341

if (perm == current_perm)

342

return;

313

343

314

344

switch (perm) {

315

345

case PERM_ROOT:

316

346

if (setuid(ROOT_UID))

317

347

err(1, "setuid(ROOT_UID)");

348

if (current_perm == PERM_RUNAS)

349

restore_groups();

318

350

break;

319

351

320

352

case PERM_FULL_USER:

336

368

/* Unsupported since we can't set euid. */

337

369

break;

338

370

}

371

372

current_perm = perm;

339

373

}

340

374

# endif /* HAVE_SETEUID */

341

375

# endif /* HAVE_SETREUID */

342

376

#endif /* HAVE_SETRESUID */

343

377

378

#ifdef HAVE_INITGROUPS

379

static void

380

runas_setgroups()

381

{

382

static int ngroups = -1;

383

static GETGROUPS_T *groups;

384

struct passwd *pw;

385

386

if (def_preserve_groups)

387

return;

388

389

390

* Use stashed copy of runas groups if available, else initgroups and stash.

391

392

if (ngroups == -1) {

393

pw = runas_pw ? runas_pw : sudo_user.pw;

394

if (initgroups(pw->pw_name, pw->pw_gid) < 0)

395

log_error(USE_ERRNO|MSG_ONLY, "can't set runas group vector");

396

if ((ngroups = getgroups(0, NULL)) < 0)

397

log_error(USE_ERRNO|MSG_ONLY, "can't get runas ngroups");

398

groups = emalloc2(ngroups, sizeof(GETGROUPS_T));

399

if (getgroups(ngroups, groups) < 0)

400

log_error(USE_ERRNO|MSG_ONLY, "can't get runas group vector");

401

} else {

402

if (setgroups(ngroups, groups) < 0)

403

log_error(USE_ERRNO|MSG_ONLY, "can't set runas group vector");

404

}

405

}

406

407

static void

408

restore_groups()

409

{

410

if (setgroups(user_ngroups, user_groups) < 0)

411

log_error(USE_ERRNO|MSG_ONLY, "can't reset user group vector");

412

}

413

414

#else

415

416

static void

417

runas_setgroups()

418

{

419

/* STUB */

420

}

421

422

static void

423

restore_groups()

424

{

425

/* STUB */

426

}

427

428

#endif /* HAVE_INITGROUPS */

429

344

430

static void

345

431

runas_setup()

346

432

{

357

443

#ifdef HAVE_LOGIN_CAP_H

358

444

if (def_use_loginclass) {

359

445

360

* We don't have setusercontext() set the user since we

361

* may only want to set the effective uid. Depending on

362

* sudoers and/or command line arguments we may not want

363

* setusercontext() to call initgroups().

446

* We only use setusercontext() set the nice value and rlimits.

364

447

365

448

flags = LOGIN_SETRESOURCES|LOGIN_SETPRIORITY;

366

449

if (!def_preserve_groups)

373

456

else

374

457

warn("unable to set user context");

375

458

}

376

} else

459

}

377

460

#endif /* HAVE_LOGIN_CAP_H */

378

{

379

if (setgid(runas_pw->pw_gid))

380

warn("cannot set gid to runas gid");

381

#ifdef HAVE_INITGROUPS

382

383

* Initialize group vector unless asked not to.

384

385

if (!def_preserve_groups &&

386

initgroups(*user_runas, runas_pw->pw_gid) < 0)

387

warn("cannot set group vector");

388

#endif /* HAVE_INITGROUPS */

389

}

461

if (setgid(runas_pw->pw_gid))

462

warn("cannot set gid to runas gid");

463

464

* Initialize group vector unless asked not to.

465

466

runas_setgroups();

390

467

}

391

468

}

Older »