Portable build framework for OpenNTPD
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

67 lines
1.8 KiB

  1. /*
  2. * Copyright (c) 2004, 2005 Darren Tucker (dtucker at zip com au).
  3. *
  4. * Permission to use, copy, modify, and distribute this software for any
  5. * purpose with or without fee is hereby granted, provided that the above
  6. * copyright notice and this permission notice appear in all copies.
  7. *
  8. * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  9. * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  10. * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
  11. * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  12. * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  13. * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  14. * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  15. */
  16. #include <sys/types.h>
  17. #include <errno.h>
  18. #include <unistd.h>
  19. int
  20. setresuid(uid_t ruid, uid_t euid, uid_t suid)
  21. {
  22. uid_t ouid;
  23. int ret = -1;
  24. /* Allow only the tested configuration. */
  25. if (ruid != euid || euid != suid) {
  26. errno = ENOSYS;
  27. return -1;
  28. }
  29. ouid = getuid();
  30. # if defined(HAVE_SETREUID) && !defined(BROKEN_SETREUID)
  31. if ((ret = setreuid(euid, euid)) == -1)
  32. return -1;
  33. # else
  34. # ifndef SETEUID_BREAKS_SETUID
  35. if (seteuid(euid) == -1)
  36. return -1;
  37. # endif
  38. if ((ret = setuid(ruid)) == -1)
  39. return -1;
  40. # endif
  41. /*
  42. * When real, effective and saved uids are the same and we have
  43. * changed uids, sanity check that we cannot restore the old uid.
  44. */
  45. if (ruid == euid && euid == suid && ouid != ruid &&
  46. setuid(ouid) != -1 && seteuid(ouid) != -1) {
  47. errno = EINVAL;
  48. return -1;
  49. }
  50. /*
  51. * Finally, check that the real and effective uids are what we
  52. * expect.
  53. */
  54. if (getuid() != ruid || geteuid() != euid) {
  55. errno = EACCES;
  56. return -1;
  57. }
  58. return ret;
  59. }