]>
git.saurik.com Git - apple/system_cmds.git/blob - at.tproj/privs.h
2 * Copyright (c) 1999 Apple Computer, Inc. All rights reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * "Portions Copyright (c) 1999 Apple Computer, Inc. All Rights
7 * Reserved. This file contains Original Code and/or Modifications of
8 * Original Code as defined in and that are subject to the Apple Public
9 * Source License Version 1.0 (the 'License'). You may not use this file
10 * except in compliance with the License. Please obtain a copy of the
11 * License at http://www.apple.com/publicsource and read it before using
14 * The Original Code and all software distributed under the License are
15 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
16 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
17 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the
19 * License for the specific language governing rights and limitations
22 * @APPLE_LICENSE_HEADER_END@
25 * privs.h - header for privileged operations
26 * Copyright (c) 1993 by Thomas Koenig
27 * All rights reserved.
29 * Redistribution and use in source and binary forms, with or without
30 * modification, are permitted provided that the following conditions
32 * 1. Redistributions of source code must retain the above copyright
33 * notice, this list of conditions and the following disclaimer.
34 * 2. The name of the author(s) may not be used to endorse or promote
35 * products derived from this software without specific prior written
38 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
39 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
40 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
41 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
42 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
43 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
44 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
45 * THEORY OF LIABILITY, WETHER IN CONTRACT, STRICT LIABILITY, OR TORT
46 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
47 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
49 * $Id: privs.h,v 1.1.1.2 2000/01/11 02:10:05 wsanchez Exp $
57 /* Relinquish privileges temporarily for a setuid program
58 * with the option of getting them back later. This is done by swapping
59 * the real and effective userid BSD style. Call RELINQUISH_PRIVS once
60 * at the beginning of the main program. This will cause all operatons
61 * to be executed with the real userid. When you need the privileges
62 * of the setuid invocation, call PRIV_START; when you no longer
63 * need it, call PRIV_END. Note that it is an error to call PRIV_START
64 * and not PRIV_END within the same function.
66 * Use RELINQUISH_PRIVS_ROOT(a) if your program started out running
67 * as root, and you want to drop back the effective userid to a
68 * and the effective group id to b, with the option to get them back
71 * If you no longer need root privileges, but those of some other
72 * userid, you can call REDUCE_PRIV(a) when your effective
75 * Problems: Do not use return between PRIV_START and PRIV_END; this
76 * will cause the program to continue running in an unprivileged
79 * It is NOT safe to call exec(), system() or popen() with a user-
80 * supplied program (i.e. without carefully checking PATH and any
81 * library load paths) with relinquished privileges; the called program
82 * can aquire them just as easily. Set both effective and real userid
83 * to the real userid before calling any of them.
89 uid_t real_uid
, effective_uid
;
91 #define RELINQUISH_PRIVS { \
92 real_uid = getuid(); \
93 effective_uid = geteuid(); \
97 #define RELINQUISH_PRIVS_ROOT(a) { \
99 effective_uid = geteuid(); \
103 #define PRIV_START { \
104 seteuid(effective_uid);
110 #define REDUCE_PRIV(a) { \
111 seteuid(effective_uid); \
112 real_uid = effective_uid = (a); \