2 * Routines for handling privileges, e.g. set-UID and set-GID on UNIX.
6 * Wireshark - Network traffic analyzer
7 * By Gerald Combs <gerald@wireshark.org>
8 * Copyright 2006 Gerald Combs
10 * This program is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU General Public License
12 * as published by the Free Software Foundation; either version 2
13 * of the License, or (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
31 #include "privileges.h"
37 * Called when the program starts, to save whatever credential information
41 get_credential_info(void)
46 * For now, we say the program wasn't started with special privileges.
47 * There are ways of running programs with credentials other than those
48 * for the session in which it's run, but I don't know whether that'd be
49 * done with Wireshark/TShark or not.
52 started_with_special_privs(void)
58 * For now, we say the program isn't running with special privileges.
59 * There are ways of running programs with credentials other than those
60 * for the session in which it's run, but I don't know whether that'd be
61 * done with Wireshark/TShark or not.
64 running_with_special_privs(void)
70 * For now, we don't do anything when asked to relinquish special privileges.
73 relinquish_special_privs_perm(void)
78 * Get the current username. String must be g_free()d after use.
81 get_cur_username(void) {
83 username = g_strdup("UNKNOWN");
88 * Get the current group. String must be g_free()d after use.
91 get_cur_groupname(void) {
93 groupname = g_strdup("UNKNOWN");
99 #ifdef HAVE_SYS_TYPES_H
100 # include <sys/types.h>
119 static uid_t ruid, euid;
120 static gid_t rgid, egid;
123 * Called when the program starts, to save whatever credential information
125 * That'd be the real and effective UID and GID on UNIX.
128 get_credential_info(void)
137 * "Started with special privileges" means "started out set-UID or set-GID",
138 * or run as the root user or group.
141 started_with_special_privs(void)
143 #ifdef HAVE_ISSETUGID
146 return (ruid != euid || rgid != egid || ruid == 0 || rgid == 0);
151 * Return TRUE if the real, effective, or saved (if we can check it) user
155 running_with_special_privs(void)
157 #ifdef HAVE_SETRESUID
160 #ifdef HAVE_SETRESGID
164 #ifdef HAVE_SETRESUID
165 getresuid(&ru, &eu, &su);
166 if (ru == 0 || eu == 0 || su == 0)
169 if (getuid() == 0 || geteuid() == 0)
172 #ifdef HAVE_SETRESGID
173 getresgid(&rg, &eg, &sg);
174 if (rg == 0 || eg == 0 || sg == 0)
177 if (getgid() == 0 || getegid() == 0)
184 * Permanently relinquish set-UID and set-GID privileges.
185 * Ignore errors for now - if we have the privileges, we should
186 * be able to relinquish them.
190 relinquish_special_privs_perm(void)
192 /* If we're running setuid, switch to the calling user */
193 #ifdef HAVE_SETRESGID
194 setresgid(rgid, rgid, rgid);
200 #ifdef HAVE_SETRESUID
201 setresuid(ruid, ruid, ruid);
210 * Get the current username. String must be g_free()d after use.
213 get_cur_username(void) {
215 struct passwd *pw = getpwuid(getuid());
218 username = g_strdup(pw->pw_name);
220 username = g_strdup("UNKNOWN");
227 * Get the current group. String must be g_free()d after use.
230 get_cur_groupname(void) {
232 struct group *gr = getgrgid(getgid());
235 groupname = g_strdup(gr->gr_name);
237 groupname = g_strdup("UNKNOWN");