- (dtucker) [uidswap.c openbsd-compat/Makefile.in

openbsd-compat/bsd-setres_id.c openbsd-compat/bsd-setres_id.h
   openbsd-compat/openbsd-compat.h]  Move the fallback code for setting uids
   and gids from uidswap.c to the compat library, which allows it to work with
   the new setresuid calls in auth2-pubkey.  with tim@, ok djm@

ChangeLog

@@ -1,3 +1,10 @@
+20121105
+ - (dtucker) [uidswap.c openbsd-compat/Makefile.in
+   openbsd-compat/bsd-setres_id.c openbsd-compat/bsd-setres_id.h
+   openbsd-compat/openbsd-compat.h]  Move the fallback code for setting uids
+   and gids from uidswap.c to the compat library, which allows it to work with
+   the new setresuid calls in auth2-pubkey.  with tim@, ok djm@
+
 20121104
  - (djm) OpenBSD CVS Sync
    - jmc@cvs.openbsd.org 2012/10/31 08:04:50

openbsd-compat/Makefile.in

@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.48 2011/11/04 00:25:25 dtucker Exp $
+# $Id: Makefile.in,v 1.49 2012/11/05 06:04:37 dtucker Exp $
 
 sysconfdir=@sysconfdir@
 piddir=@piddir@
@@ -18,7 +18,7 @@ LDFLAGS=-L. @LDFLAGS@
 
 OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o timingsafe_bcmp.o vis.o
 
-COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
+COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
 
 PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o
 

openbsd-compat/bsd-setres_id.c

@@ -0,0 +1,99 @@
+/* $Id: bsd-setres_id.c,v 1.1 2012/11/05 06:04:37 dtucker Exp $ */
+
+/*
+ * Copyright (c) 2012 Darren Tucker (dtucker at zip com au).
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+
+#include <stdarg.h>
+#include <unistd.h>
+
+#include "log.h"
+
+#if !defined(HAVE_SETRESGID) || defined(BROKEN_SETRESGID)
+int
+setresgid(gid_t rgid, gid_t egid, gid_t sgid)
+{
+	int ret = 0, saved_errno;
+
+	if (rgid != sgid) {
+		errno = ENOSYS;
+		return -1;
+	}
+#if defined(HAVE_SETREGID) && !defined(BROKEN_SETREGID)
+	if (setregid(rgid, egid) < 0) {
+		saved_errno = errno;
+		error("setregid %u: %.100s", rgid, strerror(errno));
+		errno = saved_errno;
+		ret = -1;
+	}
+#else
+	if (setegid(egid) < 0) {
+		saved_errno = errno;
+		error("setegid %u: %.100s", (u_int)egid, strerror(errno));
+		errno = saved_errno;
+		ret = -1;
+	}
+	if (setgid(rgid) < 0) {
+		saved_errno = errno;
+		error("setgid %u: %.100s", rgid, strerror(errno));
+		errno = saved_errno;
+		ret = -1;
+	}
+#endif
+	return ret;
+}
+#endif
+
+#if !defined(HAVE_SETRESUID) || defined(BROKEN_SETRESUID)
+int
+setresuid(uid_t ruid, uid_t euid, uid_t suid)
+{
+	int ret = 0, saved_errno;
+
+	if (ruid != suid) {
+		errno = ENOSYS;
+		return -1;
+	}
+#if defined(HAVE_SETREUID) && !defined(BROKEN_SETREUID)
+	if (setreuid(ruid, euid) < 0) {
+		saved_errno = errno;
+		error("setreuid %u: %.100s", ruid, strerror(errno));
+		errno = saved_errno;
+		ret = -1;
+	}
+#else
+
+# ifndef SETEUID_BREAKS_SETUID
+	if (seteuid(euid) < 0) {
+		saved_errno = errno;
+		error("seteuid %u: %.100s", euid, strerror(errno));
+		errno = saved_errno;
+		ret = -1;
+	}
+# endif
+	if (setuid(ruid) < 0) {
+		saved_errno = errno;
+		error("setuid %u: %.100s", ruid, strerror(errno));
+		errno = saved_errno;
+		ret = -1;
+	}
+#endif
+	return ret;
+}
+#endif

openbsd-compat/bsd-setres_id.h

@@ -0,0 +1,24 @@
+/* $Id: bsd-setres_id.h,v 1.1 2012/11/05 06:04:37 dtucker Exp $ */
+
+/*
+ * Copyright (c) 2012 Darren Tucker (dtucker at zip com au).
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef HAVE_SETRESGID
+int	setresgid(gid_t, gid_t, gid_t);
+#endif
+#ifndef HAVE_SETRESUID
+int	setresuid(uid_t, uid_t, uid_t);
+#endif

openbsd-compat/openbsd-compat.h

@@ -1,4 +1,4 @@
-/* $Id: openbsd-compat.h,v 1.52 2011/09/23 01:16:11 djm Exp $ */
+/* $Id: openbsd-compat.h,v 1.53 2012/11/05 06:04:38 dtucker Exp $ */
 
 /*
  * Copyright (c) 1999-2003 Damien Miller.  All rights reserved.
@@ -149,6 +149,7 @@ int writev(int, struct iovec *, int);
 
 /* Home grown routines */
 #include "bsd-misc.h"
+#include "bsd-setres_id.h"
 #include "bsd-statvfs.h"
 #include "bsd-waitpid.h"
 #include "bsd-poll.h"

uidswap.c

@@ -138,20 +138,8 @@ permanently_drop_suid(uid_t uid)
 	uid_t old_uid = getuid();
 
 	debug("permanently_drop_suid: %u", (u_int)uid);
-#if defined(HAVE_SETRESUID) && !defined(BROKEN_SETRESUID)
 	if (setresuid(uid, uid, uid) < 0)
 		fatal("setresuid %u: %.100s", (u_int)uid, strerror(errno));
-#elif defined(HAVE_SETREUID) && !defined(BROKEN_SETREUID)
-	if (setreuid(uid, uid) < 0)
-		fatal("setreuid %u: %.100s", (u_int)uid, strerror(errno));
-#else
-# ifndef SETEUID_BREAKS_SETUID
-	if (seteuid(uid) < 0)
-		fatal("seteuid %u: %.100s", (u_int)uid, strerror(errno));
-# endif
-	if (setuid(uid) < 0)
-		fatal("setuid %u: %.100s", (u_int)uid, strerror(errno));
-#endif
 
 #ifndef HAVE_CYGWIN
 	/* Try restoration of UID if changed (test clearing of saved uid) */
@@ -220,18 +208,8 @@ permanently_set_uid(struct passwd *pw)
 	debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid,
 	    (u_int)pw->pw_gid);
 
-#if defined(HAVE_SETRESGID) && !defined(BROKEN_SETRESGID)
 	if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0)
 		fatal("setresgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
-#elif defined(HAVE_SETREGID) && !defined(BROKEN_SETREGID)
-	if (setregid(pw->pw_gid, pw->pw_gid) < 0)
-		fatal("setregid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
-#else
-	if (setegid(pw->pw_gid) < 0)
-		fatal("setegid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
-	if (setgid(pw->pw_gid) < 0)
-		fatal("setgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
-#endif
 
 #ifdef __APPLE__
 	/*
@@ -243,20 +221,8 @@ permanently_set_uid(struct passwd *pw)
 		    pw->pw_name, (u_int)pw->pw_gid, strerror(errno));
 #endif
 
-#if defined(HAVE_SETRESUID) && !defined(BROKEN_SETRESUID)
 	if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0)
 		fatal("setresuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno));
-#elif defined(HAVE_SETREUID) && !defined(BROKEN_SETREUID)
-	if (setreuid(pw->pw_uid, pw->pw_uid) < 0)
-		fatal("setreuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno));
-#else
-# ifndef SETEUID_BREAKS_SETUID
-	if (seteuid(pw->pw_uid) < 0)
-		fatal("seteuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno));
-# endif
-	if (setuid(pw->pw_uid) < 0)
-		fatal("setuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno));
-#endif
 
 #ifndef HAVE_CYGWIN
 	/* Try restoration of GID if changed (test clearing of saved gid) */