2 * Routines for handling privileges, e.g. set-UID and set-GID on UNIX.
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 2006 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
29 #if defined(HAVE_SETRESUID) || defined(HAVE_SETREGUID)
30 #define _GNU_SOURCE /* Otherwise [sg]etres[gu]id won't be defined on Linux */
35 #include "privileges.h"
43 * Called when the program starts, to save whatever credential information
47 get_credential_info(void)
53 * For now, we say the program wasn't started with special privileges.
54 * There are ways of running programs with credentials other than those
55 * for the session in which it's run, but I don't know whether that'd be
56 * done with Wireshark/TShark or not.
59 started_with_special_privs(void)
65 * For now, we say the program isn't running with special privileges.
66 * There are ways of running programs with credentials other than those
67 * for the session in which it's run, but I don't know whether that'd be
68 * done with Wireshark/TShark or not.
71 running_with_special_privs(void)
77 * For now, we don't do anything when asked to relinquish special privileges.
80 relinquish_special_privs_perm(void)
85 * Get the current username. String must be g_free()d after use.
88 get_cur_username(void) {
90 username = g_strdup("UNKNOWN");
95 * Get the current group. String must be g_free()d after use.
98 get_cur_groupname(void) {
100 groupname = g_strdup("UNKNOWN");
105 * If npf.sys is running, return TRUE.
108 npf_sys_is_running() {
109 SC_HANDLE h_scm, h_serv;
112 h_scm = OpenSCManager(NULL, NULL, 0);
116 h_serv = OpenService(h_scm, _T("npf"), SC_MANAGER_CONNECT|SERVICE_QUERY_STATUS);
120 if (QueryServiceStatus(h_serv, &ss)) {
121 if (ss.dwCurrentState & SERVICE_RUNNING)
130 #ifdef HAVE_SYS_TYPES_H
131 # include <sys/types.h>
150 static uid_t ruid, euid;
151 static gid_t rgid, egid;
152 static gboolean get_credential_info_called = FALSE;
155 * Called when the program starts, to save whatever credential information
157 * That'd be the real and effective UID and GID on UNIX.
160 get_credential_info(void)
167 get_credential_info_called = TRUE;
171 * "Started with special privileges" means "started out set-UID or set-GID",
172 * or run as the root user or group.
175 started_with_special_privs(void)
177 g_assert(get_credential_info_called);
178 #ifdef HAVE_ISSETUGID
181 return (ruid != euid || rgid != egid || ruid == 0 || rgid == 0);
186 * Return TRUE if the real, effective, or saved (if we can check it) user
190 running_with_special_privs(void)
192 #ifdef HAVE_SETRESUID
195 #ifdef HAVE_SETRESGID
199 #ifdef HAVE_SETRESUID
200 getresuid(&ru, &eu, &su);
201 if (ru == 0 || eu == 0 || su == 0)
204 if (getuid() == 0 || geteuid() == 0)
207 #ifdef HAVE_SETRESGID
208 getresgid(&rg, &eg, &sg);
209 if (rg == 0 || eg == 0 || sg == 0)
212 if (getgid() == 0 || getegid() == 0)
219 * Permanently relinquish set-UID and set-GID privileges.
220 * Ignore errors for now - if we have the privileges, we should
221 * be able to relinquish them.
225 relinquish_special_privs_perm(void)
228 * If we were started with special privileges, set the
229 * real and effective group and user IDs to the original
230 * values of the real and effective group and user IDs.
231 * If we're not, don't bother - doing so seems to mung
232 * our group set, at least in OS X 10.5.
234 * (Set the effective UID last - that takes away our
235 * rights to set anything else.)
237 if (started_with_special_privs()) {
238 #ifdef HAVE_SETRESGID
239 setresgid(rgid, rgid, rgid);
245 #ifdef HAVE_SETRESUID
246 setresuid(ruid, ruid, ruid);
255 * Get the current username. String must be g_free()d after use.
258 get_cur_username(void) {
260 struct passwd *pw = getpwuid(getuid());
263 username = g_strdup(pw->pw_name);
265 username = g_strdup("UNKNOWN");
272 * Get the current group. String must be g_free()d after use.
275 get_cur_groupname(void) {
277 struct group *gr = getgrgid(getgid());
280 groupname = g_strdup(gr->gr_name);
282 groupname = g_strdup("UNKNOWN");
296 * indent-tabs-mode: tabs
299 * ex: set shiftwidth=8 tabstop=8 noexpandtab
300 * :indentSize=8:tabSize=8:noTabs=false: