or setresuid() that have a working seteuid(). Tested on Darwin.
/* Define to 1 if you use SecurID for authentication. */
#undef HAVE_SECURID
+/* Define to 1 if you have the `seteuid' function. */
+#undef HAVE_SETEUID
+
/* Define to 1 if you have the `setlocale' function. */
#undef HAVE_SETLOCALE
echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
+eval "$as_ac_var=no"
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5
+echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6
+if test `eval echo '${'$as_ac_var'}'` = yes; then
+ cat >>confdefs.h <<_ACEOF
+#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+ SKIP_SETEUID=yes
+fi
+done
+
+fi
+if test -z "$SKIP_SETEUID"; then
+
+for ac_func in seteuid
+do
+as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh`
+echo "$as_me:$LINENO: checking for $ac_func" >&5
+echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6
+if eval "test \"\${$as_ac_var+set}\" = set"; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $ac_func innocuous_$ac_func
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $ac_func
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char $ac_func ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+char (*f) () = $ac_func;
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+int
+main ()
+{
+return f != $ac_func;
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ eval "$as_ac_var=yes"
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
eval "$as_ac_var=no"
fi
rm -f conftest.err conftest.$ac_objext \
AC_CHECK_FUNCS(setresuid, [SKIP_SETREUID=yes])
fi
if test -z "$SKIP_SETREUID"; then
- AC_CHECK_FUNCS(setreuid)
+ AC_CHECK_FUNCS(setreuid, [SKIP_SETEUID=yes])
+fi
+if test -z "$SKIP_SETEUID"; then
+ AC_CHECK_FUNCS(seteuid)
fi
if test X"$with_interfaces" != X"no"; then
AC_CHECK_FUNCS(getifaddrs, [AC_CHECK_FUNCS(freeifaddrs)])
/*
- * Copyright (c) 1994-1996,1998-2005 Todd C. Miller <Todd.Miller@courtesan.com>
+ * Copyright (c) 1994-1996,1998-2006 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
}
# else /* !HAVE_SETRESUID && !HAVE_SETREUID */
+# ifdef HAVE_SETEUID
+
+/*
+ * Set real and effective uids and gids based on perm.
+ * NOTE: does not support the "stay_setuid" option.
+ */
+void
+set_perms(perm)
+ int perm;
+{
+ /*
+ * Since we only have setuid() and seteuid() and semantics
+ * for these calls differ on various systems, we set
+ * real and effective uids to ROOT_UID initially to be safe.
+ */
+ if (seteuid(ROOT_UID))
+ error(1, "seteuid(ROOT_UID)");
+ if (setuid(ROOT_UID))
+ error(1, "setuid(ROOT_UID)");
+
+ switch (perm) {
+ case PERM_FULL_ROOT:
+ case PERM_ROOT:
+ /* already set above */
+ break;
+
+ case PERM_USER:
+ (void) setegid(user_gid);
+ if (seteuid(user_uid))
+ error(1, "seteuid(user_uid)");
+ break;
+
+ case PERM_FULL_USER:
+ /* headed for exec() */
+ (void) setgid(user_gid);
+ if (setuid(user_uid))
+ error(1, "setuid(user_uid)");
+ break;
+
+ case PERM_RUNAS:
+ if (seteuid(runas_pw->pw_uid))
+ error(1, "unable to change to runas uid");
+ break;
+
+ case PERM_FULL_RUNAS:
+ /* headed for exec() */
+ runas_setup();
+ if (setuid(runas_pw->pw_uid))
+ error(1, "unable to change to runas uid");
+ break;
+
+ case PERM_SUDOERS:
+ if (setegid(SUDOERS_GID))
+ error(1, "unable to change to sudoers gid");
+
+ /*
+ * If SUDOERS_UID == ROOT_UID and SUDOERS_MODE
+ * is group readable we use a non-zero
+ * uid in order to avoid NFS lossage.
+ * Using uid 1 is a bit bogus but should
+ * work on all OS's.
+ */
+ if (SUDOERS_UID == ROOT_UID) {
+ if ((SUDOERS_MODE & 040) && seteuid(1))
+ error(1, "seteuid(1)");
+ } else {
+ if (seteuid(SUDOERS_UID))
+ error(1, "seteuid(SUDOERS_UID)");
+ }
+ break;
+ case PERM_TIMESTAMP:
+ if (seteuid(timestamp_uid))
+ error(1, "seteuid(timestamp_uid)");
+ break;
+ }
+}
+
+# else /* !HAVE_SETRESUID && !HAVE_SETREUID && !HAVE_SETEUID */
/*
* Set uids and gids based on perm via setuid() and setgid().
break;
}
}
+# endif /* HAVE_SETEUID */
# endif /* HAVE_SETREUID */
#endif /* HAVE_SETRESUID */
projects / sudo / commitdiff