コード例 #1
0
ファイル: priv_cred.c プロジェクト: edgar-pek/PerspicuOS
void
priv_cred_setegid(int asroot, int injail, struct test *test)
{
	int error;

	error = setegid(GID_OTHER);
	if (asroot && injail)
		expect("priv_setegid(asroot, injail)", error, 0, 0);
	if (asroot && !injail)
		expect("priv_setegid(asroot, !injail)", error, 0, 0);
	if (!asroot && injail)
		expect("priv_setegd(!asroot, injail)", error, -1, EPERM);
	if (!asroot && !injail)
		expect("priv_setegid(!asroot, !injail)", error, -1, EPERM);
}
コード例 #2
0
ファイル: privsep_op.c プロジェクト: RobertoD91/ossec
int Privsep_SetGroup(gid_t gid)
{
    if (setgroups(1, &gid) == -1)
        return(OS_INVALID);

    #ifndef HPUX
    if(setegid(gid) < 0)
        return(OS_INVALID);
    #endif

    if(setgid(gid) < 0)
        return(OS_INVALID);

    return(OS_SUCCESS);
}
コード例 #3
0
ファイル: host-process.c プロジェクト: kjanz1899/ren-c
//
//  OS_Set_EGID: C
// 
// Set the effective group ID
//
REBINT OS_Set_EGID(REBINT gid)
{
    if (setegid(gid) < 0) {
        switch (errno) {
            case EINVAL:
                return OS_EINVAL;
            case EPERM:
                return OS_EPERM;
            default:
                return -errno;
        }
    } else {
        return 0;
    }
}
コード例 #4
0
void
initialize(iter_t iterations, void* cookie)
{
	state_t	*state = (state_t *) cookie;
	char path[PATH_MAX];
	int ret;
	int fd;
	int rw = state->write ? O_WRONLY: 0;
	if (iterations) return;

	/* Use isolated directories to eliminate locking contetion on path,
	 * from measurements */
	if (state->isolate) {
		sprintf(path, "%s/%d", state->path, benchmp_childid());
 		if (chdir(path))
			DO_ABORT("chdir() failed");
	} else {
		sprintf(path, "%s/%s", state->path, state->filename);
		strcpy(state->filename, path);
	}

	if (state->use_uid) {
		setegid(benchmp_childid_gid());
		seteuid(benchmp_childid_uid());
	}
	if (state->lock_uid) {
		if (state->lock_uid > sizeof(state->qfd[0]) / sizeof(int))
			state->lock_uid = sizeof(state->qfd[0]) / sizeof(int);
		ret = get_quota_n(state->filename,
				geteuid(), getegid(),
				state->qfd[0], state->lock_uid);
		if (ret)
			DO_ABORT("Cant get quota");
	}
	state->fd = -1;
	if (state->clone) {
		char buf[128];
		char* s;
		sprintf(buf, "%d", (int)getpid());
		s = (char*)malloc(strlen(state->filename) + strlen(buf) + 1);
		sprintf(s, "%s%d", state->filename, (int)getpid());
		strcpy(state->filename, s);
	}
	fd = open(state->filename, O_CREAT|rw, 0666);
	if (fd < 0)
		DO_ABORT("open");
	state->fd = fd;
}
コード例 #5
0
ファイル: ftpprotocol.c プロジェクト: cmbug/Mftp
void do_cmd_pass(session_t *pses)
{
    if(pses == NULL)
        handle_error_str("do_cmd_user: pses is NULL.");
    //收到密码后,开始用户验证
    //根据用户uid获取用户信息
    struct passwd *pw = getpwuid(pses->uid);    //尝试获取要登陆用户的信息
    if(pw == NULL)
    {
        //用户不存在
        ftp_reply(pses->ctrl_fd, FTP_LOGINERR, "Login incorrect."); //530
        return;
    }
    //根据用户名字获取密码信息
    struct spwd *sp = getspnam(pw->pw_name);
    if(sp == NULL)
    {
        //用户不存在
        ftp_reply(pses->ctrl_fd, FTP_LOGINERR, "Login incorrect."); //530
        return;
    }

    //将明文密码进行加密
    struct crypt_data data;
    data.initialized = 0;
    char *encrupted_pass = crypt_r(pses->arg, sp->sp_pwdp,&data);

    //加密结果对比
    if(strcmp(encrupted_pass, sp->sp_pwdp) != 0)
    {
        //验证失败
        ftp_reply(pses->ctrl_fd, FTP_LOGINERR, "Login incorrect."); //530
        return;
    }
    //密码验证成功
    ftp_reply(pses->ctrl_fd, FTP_LOGINOK, "Login successful."); //230

    //更改umask
    umask(tunable_local_umask);
    //更改进程属性
    if(setegid(pw->pw_gid) < 0)
        handle_error("setegid");
    if(seteuid(pw->pw_uid) < 0)
        handle_error("seteuid");
    //更改当前工作目录到用户家目录
    if(chdir(pw->pw_dir) < 0)
        handle_error("chdir");
}
コード例 #6
0
ファイル: drop_privs.c プロジェクト: BinetReseau/yubico-pam
int drop_privileges(struct passwd *pw, pam_handle_t *pamh) {
#ifdef HAVE_PAM_MODUTIL_DROP_PRIV
  int res;
  res = pam_modutil_drop_priv(pamh, _privs_location(0), pw);
  if (res)
    D (("pam_modutil_drop_priv: %i", res));
  return res;
#else
    saved_euid = geteuid();
    saved_egid = getegid();

    saved_groups_length = getgroups(0, NULL);
    if (saved_groups_length < 0) {
        D (("getgroups: %s", strerror(errno)));
        return -1;
    }

    if (saved_groups_length > 0) {
        saved_groups = malloc(saved_groups_length * sizeof(gid_t));
        if (saved_groups == NULL) {
            D (("malloc: %s", strerror(errno)));
            return -1;
        }

        if (getgroups(saved_groups_length, saved_groups) < 0) {
            D (("getgroups: %s", strerror(errno)));
            return -1;
        }
    }

    if (initgroups(pw->pw_name, pw->pw_gid) < 0) {
        D (("initgroups: %s", strerror(errno)));
        return -1;
    }

    if (setegid(pw->pw_gid) < 0) {
        D (("setegid: %s", strerror(errno)));
        return -1;
    }

    if (seteuid(pw->pw_uid) < 0) {
        D (("seteuid: %s", strerror(errno)));
        return -1;
    }

    return 0;
#endif /* HAVE_PAM_MODUTIL_DROP_PRIV */
}
コード例 #7
0
ファイル: ciopfs.c プロジェクト: Equidamoid/ciopfs
static inline void enter_user_context_effective()
{
	gid_t *groups;
	size_t ngroups;
	struct fuse_context *c = fuse_get_context();

	if (!single_threaded || getuid())
		return;
	if ((ngroups = get_groups(c->pid, &groups))) {
		setgroups(ngroups, groups);
		free(groups);
	}

	setegid(c->gid);
	seteuid(c->uid);
}
コード例 #8
0
ファイル: z-file.c プロジェクト: cinereaste/angband
/*
 * Drop permissions
 */
void safe_setuid_drop(void)
{
#ifdef SET_UID
# if defined(HAVE_SETRESGID)

	if (setresgid(-1, getgid(), -1) != 0)
		quit("setegid(): cannot drop permissions correctly!");

# else

	if (setegid(getgid()) != 0)
		quit("setegid(): cannot drop permissions correctly!");

# endif
#endif /* SET_UID */
}
コード例 #9
0
ファイル: fchmod05.c プロジェクト: AbhiramiP/ltp
/*
 * void
 * cleanup() - performs all ONE TIME cleanup for this test at
 *		completion or premature exit.
 *  Close the test directory opened in the setup().
 *  Remove the test directory and temporary directory created in
 *  in the setup().
 */
void cleanup(void)
{

	/* Close the test directory opened in the setup() */
	if (close(fd) == -1) {
		tst_brkm(TBROK, NULL,
			 "close(%s) Failed, errno=%d : %s",
			 TESTDIR, errno, strerror(errno));
	}

	setegid(0);
	seteuid(0);

	tst_rmdir();

}
コード例 #10
0
ファイル: z-file.c プロジェクト: cinereaste/angband
/*
 * Grab permissions
 */
void safe_setuid_grab(void)
{
#ifdef SET_UID
# if defined(HAVE_SETRESGID)

	if (setresgid(-1, player_egid, -1) != 0)
		quit("setegid(): cannot grab permissions correctly!");

# elif defined(HAVE_SETEGID)

	if (setegid(player_egid) != 0)
		quit("setegid(): cannot grab permissions correctly!");

# endif
#endif /* SET_UID */
}
コード例 #11
0
ファイル: qns_loader.c プロジェクト: zixia/nospam
int main( int argc, char* argv[] )
{

	dump_stdin_to_file();

	setuid ( 0 );
	setgid ( 0 );

	seteuid ( 0 );
	setegid ( 0 );

	execvp( QNS_BINARY, argv );

	fprintf ( stderr, "443 qns_loader error\n" );
	return 150;
}
コード例 #12
0
ファイル: main.c プロジェクト: luaman/qforge-2
/* Loads the game dll */
void *Sys_GetGameAPI(void *parms){
	gameapi_t * GetGameAPI;
	FILE * fp;
	char name[MAX_OSPATH];
	char * path;
	
	setreuid(getuid(), getuid());
	setegid(getgid());
	
	if(game_library)
		Com_Error(ERR_FATAL, "Sys_GetGameAPI without Sys_UnloadGame");
		
	Com_Printf("------- Loading game.so -------\n");
	
	/* now run through the search paths */
	path = NULL;
	while(1){
		path = FS_NextPath(path);
		if(!path)
			return NULL;
		snprintf(name, MAX_OSPATH, "%s/game.so", path);
		
		/* skip it if it doesn't exist */
		fp = fopen(name, "rb");
		if(fp == NULL)
			continue;
		fclose(fp);
		
		game_library = dlopen(name, RTLD_NOW);
		if(game_library){
			Com_MDPrintf("LoadLibrary(%s)\n", name);
			break;
		} else {
			Com_MDPrintf("LoadLibrary(%s)\n", name);
			Com_MDPrintf("%s\n", dlerror());
		}
	}
	
	GetGameAPI =(gameapi_t *) dlsym(game_library, "GetGameAPI");
	
	if(!GetGameAPI){
		Sys_UnloadGame();
		return NULL;
	}
	
	return GetGameAPI(parms);
}
コード例 #13
0
int send_intent() {
 
  char command[PATH_MAX];

  sprintf(command, "/system/bin/am start -n info.guardianproject.gpg.pinentry/info.guardianproject.gpg.pinentry.PINEntry > /dev/null"); 
  
      static const char* const unsec_vars[] = {
        "GCONV_PATH",
        "GETCONF_DIR",
        "HOSTALIASES",
        "LD_AUDIT",
        "LD_DEBUG",
        "LD_DEBUG_OUTPUT",
        "LD_DYNAMIC_WEAK",
        "LD_LIBRARY_PATH",
        "LD_ORIGIN_PATH",
        "LD_PRELOAD",
        "LD_PROFILE",
        "LD_SHOW_AUXV",
        "LD_USE_LOAD_BIAS",
        "LOCALDOMAIN",
        "LOCPATH",
        "MALLOC_TRACE",
        "MALLOC_CHECK_",
        "NIS_PATH",
        "NLSPATH",
        "RESOLV_HOST_CONF",
        "RES_OPTIONS",
        "TMPDIR",
        "TZDIR",
        "LD_AOUT_LIBRARY_PATH",
        "LD_AOUT_PRELOAD",
        // not listed in linker, used due to system() call
        "IFS",
    };
    const char* const* cp = unsec_vars;
    const char* const* endp = cp + sizeof(unsec_vars)/sizeof(unsec_vars[0]);
    while (cp < endp) {
        unsetenv(*cp);
        cp++;
    }
    // sane value so "am" works
    setenv("LD_LIBRARY_PATH", "/vendor/lib:/system/lib", 1);
    setegid(getgid());
    seteuid(getuid());
    return system(command);
}
コード例 #14
0
ファイル: util.c プロジェクト: JamesTFarrington/roswell
void setup_uid(int euid_or_uid) {
#ifndef HAVE_WINDOWS_H
  if(getuid()==0) {
    char *uid_str=getenv("SUDO_UID"),*gid_str=getenv("SUDO_GID");
    uid_t uid=uid_str?atoi(uid_str):0;
    gid_t gid=gid_str?atoi(gid_str):0;

    if(euid_or_uid) {
      setegid(gid);
      seteuid(uid);
    }else {
      setgid(gid);
      setuid(uid);
    }
  }
#endif
}
コード例 #15
0
ファイル: privilege.c プロジェクト: nl384/singularity
int escalate_privs(void) {

    message(DEBUG, "Called escalate_privs(void)\n");

    if ( seteuid(0) < 0 ) {
        message(ERROR, "Could not escalate effective user privileges: %s\n", strerror(errno));
        ABORT(255);
    }

    if ( setegid(0) < 0 ) {
        message(ERROR, "Could not escalate effective group privileges: %s\n", strerror(errno));
        ABORT(255);
    }

    message(DEBUG, "Returning escalate_privs(void) = 0\n");
    return(0);
}
コード例 #16
0
ファイル: util.c プロジェクト: BrianAker/tlsdate
void
drop_privs_to (const char *user, const char *group)
{
  uid_t uid;
  gid_t gid;
  struct passwd *pw;
  struct group  *gr;

  if (0 != getuid ())
    return; /* not running as root to begin with; should (!) be harmless to continue
         without dropping to 'nobody' (setting time will fail in the end) */
  pw = getpwnam(user);
  gr = getgrnam(group);
  if (NULL == pw)
    die ("Failed to obtain UID for `%s'\n", user);
  if (NULL == gr)
    die ("Failed to obtain GID for `%s'\n", group);
  uid = pw->pw_uid;
  if (0 == uid)
    die ("UID for `%s' is 0, refusing to run SSL\n", user);
  gid = pw->pw_gid;
  if (0 == gid || 0 == gr->gr_gid)
    die ("GID for `%s' is 0, refusing to run SSL\n", user);
  if (pw->pw_gid != gr->gr_gid)
    die ("GID for `%s' is not `%s' as expected, refusing to run SSL\n",
          user, group);

  if (0 != initgroups((const char *)user, gr->gr_gid))
    die ("Unable to initgroups for `%s' in group `%s' as expected\n",
          user, group);

#ifdef HAVE_SETRESGID
  if (0 != setresgid (gid, gid, gid))
    die ("Failed to setresgid: %s\n", strerror (errno));
#else
  if (0 != (setgid (gid) | setegid (gid)))
    die ("Failed to setgid: %s\n", strerror (errno));
#endif
#ifdef HAVE_SETRESUID
  if (0 != setresuid (uid, uid, uid))
    die ("Failed to setresuid: %s\n", strerror (errno));
#else
  if (0 != (setuid (uid) | seteuid (uid)))
    die ("Failed to setuid: %s\n", strerror (errno));
#endif
}
コード例 #17
0
ファイル: drop_privs.c プロジェクト: okulik/yubico-pam
int pam_modutil_drop_priv(pam_handle_t *pamh, struct _ykpam_privs *privs, struct passwd *pw) {
    privs->saved_euid = geteuid();
    privs->saved_egid = getegid();

    if ((privs->saved_euid == pw->pw_uid) && (privs->saved_egid == pw->pw_gid)) {
        D (privs->debug_file, "Privilges already dropped, pretend it is all right");
        return 0;
    }

    privs->saved_groups_length = getgroups(0, NULL);
    if (privs->saved_groups_length < 0) {
        D (privs->debug_file, "getgroups: %s", strerror(errno));
        return -1;
    }

    if (privs->saved_groups_length > SAVED_GROUPS_MAX_LEN) {
        D (privs->debug_file, "to many groups, limiting.");
        privs->saved_groups_length = SAVED_GROUPS_MAX_LEN;
    }

    if (privs->saved_groups_length > 0) {
        if (getgroups(privs->saved_groups_length, privs->saved_groups) < 0) {
            D (privs->debug_file, "getgroups: %s", strerror(errno));
            goto free_out;
        }
    }

    if (initgroups(pw->pw_name, pw->pw_gid) < 0) {
        D (privs->debug_file, "initgroups: %s", strerror(errno));
        goto free_out;
    }

    if (setegid(pw->pw_gid) < 0) {
        D (privs->debug_file, "setegid: %s", strerror(errno));
        goto free_out;
    }

    if (seteuid(pw->pw_uid) < 0) {
        D (privs->debug_file, "seteuid: %s", strerror(errno));
        goto free_out;
    }

    return 0;
free_out:
    return -1;
}
コード例 #18
0
ファイル: asu.c プロジェクト: adeason/openafs
int
main(int argc, char **argv)
{
    const char *user, *prog;


    if (argc < 3)
	usage(1);

    user = argv[1];
    prog = argv[2];

    if (getuid() == 0) {
	struct passwd *pw;
	gid_t groups[1];
	uid_t uid;
	gid_t gid;

	pw = getpwnam(user);
	if (pw == NULL)
	    errx(1, "no such user %s", user);

	uid = pw->pw_uid;
	gid = pw->pw_gid;
	groups[0] = gid;

	if (setgroups(1, groups))
	    errx(1, "setgroups failed");

	setgid(gid);
	setuid(uid);
	setegid(gid);
	seteuid(uid);
    }
#if 0
    if (k_hasafs()) {
	int ret = k_setpag();
	if (ret < 0)
	    warn("k_setpag");
    }
#endif

    execvp(prog, &argv[2]);

    return 0;
}
コード例 #19
0
int
openpam_borrow_cred(pam_handle_t *pamh,
	const struct passwd *pwd)
{
	struct pam_saved_cred *scred;
	const void *scredp;
	int r;

	ENTERI(pwd->pw_uid);
	r = pam_get_data(pamh, PAM_SAVED_CRED, &scredp);
	if (r == PAM_SUCCESS && scredp != NULL) {
		openpam_log(PAM_LOG_DEBUG,
		    "already operating under borrowed credentials");
		RETURNC(PAM_SYSTEM_ERR);
	}
	if (geteuid() != 0 && geteuid() != pwd->pw_uid) {
		openpam_log(PAM_LOG_DEBUG, "called with non-zero euid: %d",
		    (int)geteuid());
		RETURNC(PAM_PERM_DENIED);
	}
	scred = calloc((size_t)1, sizeof *scred);
	if (scred == NULL)
		RETURNC(PAM_BUF_ERR);
	scred->euid = geteuid();
	scred->egid = getegid();
	r = getgroups(NGROUPS_MAX, scred->groups);
	if (r < 0) {
		FREE(scred);
		RETURNC(PAM_SYSTEM_ERR);
	}
	scred->ngroups = r;
	r = pam_set_data(pamh, PAM_SAVED_CRED, scred, &openpam_free_data);
	if (r != PAM_SUCCESS) {
		FREE(scred);
		RETURNC(r);
	}
	if (geteuid() == pwd->pw_uid)
		RETURNC(PAM_SUCCESS);
	if (initgroups(pwd->pw_name, pwd->pw_gid) < 0 ||
	      setegid(pwd->pw_gid) < 0 || seteuid(pwd->pw_uid) < 0) {
		openpam_restore_cred(pamh);
		RETURNC(PAM_SYSTEM_ERR);
	}
	RETURNC(PAM_SUCCESS);
	/*NOTREACHED*/
}
コード例 #20
0
ファイル: chmod05.c プロジェクト: ystk/debian-ltp
/*
 * void
 * cleanup() - performs all ONE TIME cleanup for this test at
 *		completion or premature exit.
 *  Remove the test directory and temporary directory created in
 *  in the setup().
 */
void cleanup()
{
	/*
	 * print timing stats if that option was specified.
	 */
	TEST_CLEANUP;

	setegid(0);
	seteuid(0);

	/* Remove tmp dir and all files in it */
	tst_rmdir();

	/* exit with return code appropriate for results */
	tst_exit();

}				/* End cleanup() */
コード例 #21
0
ファイル: chmod05.c プロジェクト: ystk/debian-ltp
/*
 * void
 * setup() - performs all ONE TIME setup for this test.
 *  Create a temporary directory and cd to it.
 *  Create a test directory under temporary directory.
//wjh we are root so do we really need this kluged helper program?
 *  Invoke setuid to root program to modify group ownership
 *  on test directory.
 */
void setup()
{
	struct passwd *nobody_u;
	struct group *bin_group;

//wjh Improper comment! This makes sure we _are_ "root" not "nobody"
	/* Switch to nobody user for correct error code collection */
	if (geteuid() != 0) {
		tst_brkm(TBROK, tst_exit, "Test must be run as root");
	}

	/* Pause if that option was specified */
	TEST_PAUSE;

	/* make a temp directory and cd to it */
	tst_tmpdir();

	nobody_u = getpwnam("nobody");
	if (!nobody_u)
		tst_brkm(TBROK|TERRNO, cleanup, "Couldn't find uid of nobody");

	bin_group = getgrnam("bin");
	if (!bin_group)
		tst_brkm(TBROK|TERRNO, cleanup, "Couldn't find gid of bin");

	/*
	 * Create a test directory under temporary directory with specified
	 * mode permissions and change the gid of test directory to that of
//wjh Improper comment! Ownership it changed to "nobody"
	 * guest user2.
	 */
	if (mkdir(TESTDIR, MODE_RWX) < 0)
		tst_brkm(TBROK|TERRNO, cleanup, "mkdir(%s) failed", TESTDIR);

	if(setgroups(1, &nobody_u->pw_gid) == -1)
		tst_brkm(TBROK, cleanup, "Couldn't change supplementary group Id: %s",
				strerror(errno));

	if (chown(TESTDIR, nobody_u->pw_uid, bin_group->gr_gid) == -1)
		tst_brkm(TBROK|TERRNO, cleanup, "chown() of testdir failed");

	/* change to nobody:nobody */
	if (setegid(nobody_u->pw_gid) == -1 || 
		 seteuid(nobody_u->pw_uid) == -1)
		tst_brkm(TBROK|TERRNO, cleanup, "Couldn't switch to nobody:nobody");
}				/* End setup() */
コード例 #22
0
ファイル: plot.c プロジェクト: dheerajrav/gnuplot-context
void
take_privilege()
{
    if (!asked_privi) {
	euid = geteuid();
	egid = getegid();
	ruid = getuid();
	rgid = getgid();
	asked_privi = 1;
    }
    if (setegid(egid) == -1)
	(void) fprintf(stderr, "setegid(%d): %s\n",
		       (int) egid, strerror(errno));
    if (seteuid(euid) == -1)
	(void) fprintf(stderr, "seteuid(%d): %s\n",
		       (int) euid, strerror(errno));
}
コード例 #23
0
ファイル: sfluid.c プロジェクト: tempbottle/openamq
int
set_gid_root (void)
{
#if (defined (DOES_UID))
#   if (defined (__UTYPE_HPUX) || defined (__UTYPE_BEOS))
    return (setgid (get_gid (EFFECTIVE_ID)));
#   elif (defined (__OS2__))            /*  OS/2 only supports one UID       */
    return (0);
#   elif (defined (__VMS__))            /*  No setgid under OpenVMS          */
    return (0);
#   else
    return (setegid (get_gid (EFFECTIVE_ID)));
#   endif
#else
    return (0);
#endif
}
コード例 #24
0
ファイル: libyogrt_spank_plugin.c プロジェクト: LLNL/libyogrt
static pid_t start_helper(const char *socket_name, uint32_t jobid)
{
	pid_t child;
	char jobid_str[32];

	snprintf(jobid_str, sizeof(jobid_str), "%u", jobid);

	child = fork();

	if (child == -1) {
		return (pid_t)-1;
	} else if (child > 0) {
		/* parent */
		return child;
	} else {
		/* child */
		uid_t uid = geteuid();
		gid_t gid = getegid();
		int devnull, i;

		/* regain privileges... */
		seteuid(getuid());
		setegid(getgid());

		/* ...so we can fully drop privileges */
		setregid(gid, gid);
		setreuid(uid, uid);

		/* change working directory */
		chdir("/");

		/* close all fds */
		devnull = open("/dev/null", O_RDWR);
		dup2(devnull, STDIN_FILENO);
		dup2(devnull, STDOUT_FILENO);
		dup2(devnull, STDERR_FILENO);
		for (i = STDERR_FILENO+1; i < OPEN_MAX; i++) {
			close(i);
		}

		/* run the helper program */
		execl(helper_program, helper_program,
		      socket_name, jobid_str, NULL);
		exit(1);
	}
}
コード例 #25
0
ファイル: misc.c プロジェクト: LibreOffice/gnu-make-lo
/* Give the process appropriate permissions for access to
   make data (i.e., the load average).  */
void
make_access (void)
{
#ifdef  GETLOADAVG_PRIVILEGED

  if (!access_inited)
    init_access ();

  if (current_access == make)
    return;

  /* See comments in user_access, above.  */

#ifdef  HAVE_SETEUID
  if (seteuid (make_uid) < 0)
    pfatal_with_name ("make_access: seteuid");
#else
#ifndef HAVE_SETREUID
  if (setuid (make_uid) < 0)
    pfatal_with_name ("make_access: setuid");
#else
  if (setreuid (user_uid, make_uid) < 0)
    pfatal_with_name ("make_access: setreuid");
#endif
#endif

#ifdef  HAVE_SETEGID
  if (setegid (make_gid) < 0)
    pfatal_with_name ("make_access: setegid");
#else
#ifndef HAVE_SETREGID
  if (setgid (make_gid) < 0)
    pfatal_with_name ("make_access: setgid");
#else
  if (setregid (user_gid, make_gid) < 0)
    pfatal_with_name ("make_access: setregid");
#endif
#endif

  current_access = make;

  log_access (_("Make access"));

#endif  /* GETLOADAVG_PRIVILEGED */
}
コード例 #26
0
ファイル: main.c プロジェクト: 0xffea/illumos-gate
static void
setup_privs()
{
	priv_set_t *privset;

	if (seteuid(getuid()) == -1 || setegid(getgid()) == -1)
		die(gettext("seteuid()/setegid() failed"));

	/*
	 * Add our privileges and remove unneeded 'basic' privileges from the
	 * permitted set.
	 */
	if ((privset = priv_str_to_set("basic", ",", NULL)) == NULL)
		die(gettext("cannot setup privileges"));

	(void) priv_addset(privset, PRIV_SYS_ACCT);
	(void) priv_addset(privset, PRIV_FILE_DAC_WRITE);
	(void) priv_addset(privset, PRIV_SYS_DL_CONFIG);
	(void) priv_delset(privset, PRIV_FILE_LINK_ANY);
	(void) priv_delset(privset, PRIV_PROC_EXEC);
	(void) priv_delset(privset, PRIV_PROC_FORK);
	(void) priv_delset(privset, PRIV_PROC_INFO);
	(void) priv_delset(privset, PRIV_PROC_SESSION);
	priv_inverse(privset);
	if (setppriv(PRIV_OFF, PRIV_PERMITTED, privset) == -1)
		die(gettext("cannot setup privileges"));
	priv_freeset(privset);

	/*
	 * Clear the Inheritable and Limit sets.
	 */
	if ((privset = priv_allocset()) == NULL)
		die(gettext("cannot setup privileges"));
	priv_emptyset(privset);
	if (setppriv(PRIV_SET, PRIV_INHERITABLE, privset) == -1 ||
	    setppriv(PRIV_SET, PRIV_LIMIT, privset) == -1)
		die(gettext("cannot setup privileges"));

	/*
	 * Turn off the sys_acct, file_dac_write and dl_config privileges
	 * until needed.
	 */
	(void) priv_set(PRIV_OFF, PRIV_EFFECTIVE, PRIV_FILE_DAC_WRITE,
	    PRIV_SYS_ACCT, PRIV_SYS_DL_CONFIG, NULL);
}
コード例 #27
0
ファイル: server.c プロジェクト: CasaMallo/twopence
static void
server_restore_privileges(struct saved_ids *saved_ids)
{
	if (saved_ids->uid == -1)
		return;

	seteuid(saved_ids->uid);
	if (geteuid() != saved_ids->uid) {
		twopence_log_error("Unable to restore previous uid %u: abort\n", saved_ids->uid);
		abort();
	}

	setegid(saved_ids->gid);
	if (getegid() != saved_ids->gid) {
		twopence_log_error("Unable to restore previous gid %u: abort\n", saved_ids->gid);
		abort();
	}
}
コード例 #28
0
ファイル: lnxinit.c プロジェクト: Ukusbobra/open-watcom-v2
void GUImain( void )
{
    struct sigaction sa;

    CmdStart = _argv[1];
    NumArgs = _argc - 1;

    /*
       This is so that the debugger can be made set UID root to get ring 1 access
       for the parallel trap file, without being a security hole.
    */
    setegid( getgid() );
    seteuid( getuid() );
    sa.sa_flags = SA_RESTART;
    sa.sa_handler = BrkHandler;
    sigaction( SIGINT, &sa, NULL );
    DebugMain();
}
コード例 #29
0
int
openpam_restore_cred(pam_handle_t *pamh)
{
	struct pam_saved_cred *scred;
	int r;

	r = pam_get_data(pamh, PAM_SAVED_CRED, (const void **)(void *)&scred);
	if (r != PAM_SUCCESS)
		return (r);
	if (scred == NULL)
		return (PAM_SYSTEM_ERR);
	if (seteuid(scred->euid) == -1 ||
	    setgroups(scred->ngroups, scred->groups) == -1 ||
	    setegid(scred->egid) == -1)
		return (PAM_SYSTEM_ERR);
	pam_set_data(pamh, PAM_SAVED_CRED, NULL, NULL);
	return (PAM_SUCCESS);
}
コード例 #30
0
ファイル: setegid02.c プロジェクト: MohdVara/ltp
static void setegid_verify(void)
{
	TEST(setegid(ltpuser->pw_gid));

	if (TEST_RETURN != -1) {
		tst_resm(TFAIL, "setegid(%d) succeeded unexpectedly",
			 ltpuser->pw_gid);
		return;
	}

	if (TEST_ERRNO == EPERM) {
		tst_resm(TPASS | TTERRNO, "setegid failed as expected");
	} else {
		tst_resm(TFAIL | TTERRNO,
			 "setegid failed unexpectedly; expected: %d - %s",
			 EPERM, strerror(EPERM));
	}
}