1 1.10 dholland /* $NetBSD: privs.h,v 1.10 2016/03/13 00:33:12 dholland Exp $ */ 2 1.3 glass 3 1.8 christos /* 4 1.8 christos * privs.h - header for privileged operations 5 1.4 christos * Copyright (C) 1993 Thomas Koenig 6 1.1 cgd * 7 1.1 cgd * Redistribution and use in source and binary forms, with or without 8 1.1 cgd * modification, are permitted provided that the following conditions 9 1.1 cgd * are met: 10 1.1 cgd * 1. Redistributions of source code must retain the above copyright 11 1.1 cgd * notice, this list of conditions and the following disclaimer. 12 1.1 cgd * 2. The name of the author(s) may not be used to endorse or promote 13 1.1 cgd * products derived from this software without specific prior written 14 1.1 cgd * permission. 15 1.1 cgd * 16 1.1 cgd * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR 17 1.1 cgd * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 1.1 cgd * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 1.4 christos * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, 20 1.1 cgd * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21 1.1 cgd * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22 1.1 cgd * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23 1.1 cgd * THEORY OF LIABILITY, WETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 1.1 cgd * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 1.1 cgd * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 1.1 cgd * 27 1.4 christos * From: OpenBSD: privs.h,v 1.4 1997/03/01 23:40:12 millert Exp 28 1.1 cgd */ 29 1.1 cgd 30 1.8 christos #ifndef _PRIVS_H_ 31 1.8 christos #define _PRIVS_H_ 32 1.1 cgd 33 1.9 dholland /* 34 1.10 dholland * Used by: usr.bin/at 35 1.10 dholland * Used by: libexec/atrun 36 1.10 dholland */ 37 1.10 dholland 38 1.10 dholland /* 39 1.9 dholland * Relinquish privileges temporarily for a setuid or setgid program 40 1.4 christos * with the option of getting them back later. This is done by 41 1.6 perry * using POSIX saved user and groups ids. Call RELINQUISH_PRIVS once 42 1.7 wiz * at the beginning of the main program. This will cause all operations 43 1.1 cgd * to be executed with the real userid. When you need the privileges 44 1.4 christos * of the setuid/setgid invocation, call PRIV_START; when you no longer 45 1.1 cgd * need it, call PRIV_END. Note that it is an error to call PRIV_START 46 1.1 cgd * and not PRIV_END within the same function. 47 1.1 cgd * 48 1.4 christos * Use RELINQUISH_PRIVS_ROOT(a,b) if your program started out running 49 1.1 cgd * as root, and you want to drop back the effective userid to a 50 1.1 cgd * and the effective group id to b, with the option to get them back 51 1.1 cgd * later. 52 1.1 cgd * 53 1.1 cgd * Problems: Do not use return between PRIV_START and PRIV_END; this 54 1.1 cgd * will cause the program to continue running in an unprivileged 55 1.1 cgd * state. 56 1.1 cgd * 57 1.1 cgd * It is NOT safe to call exec(), system() or popen() with a user- 58 1.1 cgd * supplied program (i.e. without carefully checking PATH and any 59 1.1 cgd * library load paths) with relinquished privileges; the called program 60 1.5 wiz * can acquire them just as easily. Set both effective and real userid 61 1.1 cgd * to the real userid before calling any of them. 62 1.1 cgd */ 63 1.1 cgd 64 1.9 dholland extern uid_t real_uid, effective_uid; 65 1.9 dholland extern gid_t real_gid, effective_gid; 66 1.9 dholland 67 1.9 dholland void privs_relinquish(void); 68 1.9 dholland void privs_relinquish_root(uid_t ruid, gid_t rgid); 69 1.9 dholland 70 1.9 dholland void privs_enter(void); 71 1.9 dholland void privs_exit(void); 72 1.9 dholland 73 1.9 dholland /* caller provides this */ 74 1.9 dholland __dead void privs_fail(const char *msg); 75 1.1 cgd 76 1.8 christos #endif /* _PRIV_H_ */ 77
Indexes created Sat Sep 20 22:09:52 GMT 2025