diff options
-rw-r--r-- | sbin/ping/ping.c | 3 | ||||
-rw-r--r-- | sbin/ping6/ping6.c | 6 | ||||
-rw-r--r-- | usr.bin/at/privs.h | 20 | ||||
-rw-r--r-- | usr.sbin/lpr/common_source/common.c | 25 | ||||
-rw-r--r-- | usr.sbin/lpr/common_source/displayq.c | 41 | ||||
-rw-r--r-- | usr.sbin/lpr/common_source/lp.h | 11 | ||||
-rw-r--r-- | usr.sbin/lpr/common_source/net.c | 37 | ||||
-rw-r--r-- | usr.sbin/lpr/common_source/rmjob.c | 25 | ||||
-rw-r--r-- | usr.sbin/lpr/common_source/startdaemon.c | 4 | ||||
-rw-r--r-- | usr.sbin/lpr/lpc/cmds.c | 59 | ||||
-rw-r--r-- | usr.sbin/lpr/lpc/lpc.c | 6 | ||||
-rw-r--r-- | usr.sbin/lpr/lpc/movejobs.c | 5 | ||||
-rw-r--r-- | usr.sbin/lpr/lpd/printjob.c | 3 | ||||
-rw-r--r-- | usr.sbin/lpr/lpq/lpq.c | 2 | ||||
-rw-r--r-- | usr.sbin/lpr/lpr/lpr.c | 34 | ||||
-rw-r--r-- | usr.sbin/lpr/lprm/lprm.c | 3 |
16 files changed, 153 insertions, 131 deletions
diff --git a/sbin/ping/ping.c b/sbin/ping/ping.c index f8f62d1..85d0348 100644 --- a/sbin/ping/ping.c +++ b/sbin/ping/ping.c @@ -255,7 +255,8 @@ main(int argc, char *const *argv) s = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP); sockerrno = errno; - setuid(getuid()); + if (setuid(getuid()) != 0) + err(EX_NOPERM, "setuid() failed"); uid = getuid(); alarmtimeout = df = preload = tos = 0; diff --git a/sbin/ping6/ping6.c b/sbin/ping6/ping6.c index 711561e..8c3e16b 100644 --- a/sbin/ping6/ping6.c +++ b/sbin/ping6/ping6.c @@ -702,8 +702,10 @@ main(int argc, char *argv[]) } /* revoke root privilege */ - seteuid(getuid()); - setuid(getuid()); + if (seteuid(getuid()) != 0) + err(1, "seteuid() failed"); + if (setuid(getuid()) != 0) + err(1, "setuid() failed"); if ((options & F_FLOOD) && (options & F_INTERVAL)) errx(1, "-f and -i incompatible options"); diff --git a/usr.bin/at/privs.h b/usr.bin/at/privs.h index 3f70ce8..297c252 100644 --- a/usr.bin/at/privs.h +++ b/usr.bin/at/privs.h @@ -72,8 +72,8 @@ gid_t real_gid, effective_gid; effective_uid = geteuid(); \ real_gid = getgid(); \ effective_gid = getegid(); \ - seteuid(real_uid); \ - setegid(real_gid); \ + if (seteuid(real_uid) != 0) err(1, "seteuid failed"); \ + if (setegid(real_gid) != 0) err(1, "setegid failed"); \ } #define RELINQUISH_PRIVS_ROOT(a, b) { \ @@ -81,26 +81,26 @@ gid_t real_gid, effective_gid; effective_uid = geteuid(); \ real_gid = (b); \ effective_gid = getegid(); \ - setegid(real_gid); \ - seteuid(real_uid); \ + if (setegid(real_gid) != 0) err(1, "setegid failed"); \ + if (seteuid(real_uid) != 0) err(1, "seteuid failed"); \ } #define PRIV_START { \ - seteuid(effective_uid); \ - setegid(effective_gid); \ + if (seteuid(effective_uid) != 0) err(1, "seteuid failed"); \ + if (setegid(effective_gid) != 0) err(1, "setegid failed"); \ } #define PRIV_END { \ - setegid(real_gid); \ - seteuid(real_uid); \ + if (setegid(real_gid) != 0) err(1, "setegid failed"); \ + if (seteuid(real_uid) != 0) err(1, "seteuid failed"); \ } #define REDUCE_PRIV(a, b) { \ PRIV_START \ effective_uid = (a); \ effective_gid = (b); \ - setreuid((uid_t)-1, effective_uid); \ - setregid((gid_t)-1, effective_gid); \ + if (setreuid((uid_t)-1, effective_uid) != 0) err(1, "setreuid failed"); \ + if (setregid((gid_t)-1, effective_gid) != 0) err(1, "setregid failed"); \ PRIV_END \ } #endif diff --git a/usr.sbin/lpr/common_source/common.c b/usr.sbin/lpr/common_source/common.c index c9c276d..ce4a62d 100644 --- a/usr.sbin/lpr/common_source/common.c +++ b/usr.sbin/lpr/common_source/common.c @@ -52,6 +52,7 @@ __FBSDID("$FreeBSD$"); #include <ctype.h> #include <dirent.h> +#include <err.h> #include <errno.h> #include <fcntl.h> #include <stdio.h> @@ -125,14 +126,14 @@ getq(const struct printer *pp, struct jobqueue *(*namelist[])) DIR *dirp; int statres; - seteuid(euid); + PRIV_START if ((dirp = opendir(pp->spool_dir)) == NULL) { - seteuid(uid); + PRIV_END return (-1); } if (fstat(dirfd(dirp), &stbuf) < 0) goto errdone; - seteuid(uid); + PRIV_END /* * Estimate the array size by taking the size of the directory file @@ -149,9 +150,9 @@ getq(const struct printer *pp, struct jobqueue *(*namelist[])) while ((d = readdir(dirp)) != NULL) { if (d->d_name[0] != 'c' || d->d_name[1] != 'f') continue; /* daemon control files only */ - seteuid(euid); + PRIV_START statres = stat(d->d_name, &stbuf); - seteuid(uid); + PRIV_END if (statres < 0) continue; /* Doesn't exist */ entrysz = sizeof(struct jobqueue) - sizeof(q->job_cfname) + @@ -184,7 +185,7 @@ getq(const struct printer *pp, struct jobqueue *(*namelist[])) errdone: closedir(dirp); - seteuid(uid); + PRIV_END return (-1); } @@ -340,10 +341,10 @@ set_qstate(int action, const char *lfname) * Find what the current access-bits are. */ memset(&stbuf, 0, sizeof(stbuf)); - seteuid(euid); + PRIV_START statres = stat(lfname, &stbuf); errsav = errno; - seteuid(uid); + PRIV_END if ((statres < 0) && (errsav != ENOENT)) { printf("\tcannot stat() lock file\n"); return (SQS_STATFAIL); @@ -402,10 +403,10 @@ set_qstate(int action, const char *lfname) res = 0; if (statres >= 0) { /* The file already exists, so change the access. */ - seteuid(euid); + PRIV_START chres = chmod(lfname, chgbits); errsav = errno; - seteuid(uid); + PRIV_END res = SQS_CHGOK; if (chres < 0) res = SQS_CHGFAIL; @@ -424,10 +425,10 @@ set_qstate(int action, const char *lfname) * all the read/write bits are set as desired. */ oldmask = umask(S_IWOTH); - seteuid(euid); + PRIV_START fd = open(lfname, O_WRONLY|O_CREAT, newbits); errsav = errno; - seteuid(uid); + PRIV_END umask(oldmask); res = SQS_CREFAIL; if (fd >= 0) { diff --git a/usr.sbin/lpr/common_source/displayq.c b/usr.sbin/lpr/common_source/displayq.c index 061b370..b4bd7ce 100644 --- a/usr.sbin/lpr/common_source/displayq.c +++ b/usr.sbin/lpr/common_source/displayq.c @@ -41,6 +41,7 @@ __FBSDID("$FreeBSD$"); #include <ctype.h> #include <dirent.h> +#include <err.h> #include <errno.h> #include <fcntl.h> #include <signal.h> @@ -90,7 +91,7 @@ static const char *head1 = "Total Size\n"; static void alarmhandler(int _signo); static void filtered_write(char *_obuffer, int _wlen, FILE *_wstream); -static void warn(const struct printer *_pp); +static void daemonwarn(const struct printer *_pp); /* * Display the current state of the queue. Format = 1 if long format. @@ -119,24 +120,24 @@ displayq(struct printer *pp, int format) * Print out local queue * Find all the control files in the spooling directory */ - seteuid(euid); + PRIV_START if (chdir(pp->spool_dir) < 0) fatal(pp, "cannot chdir to spooling directory: %s", strerror(errno)); - seteuid(uid); + PRIV_END if ((nitems = getq(pp, &queue)) < 0) fatal(pp, "cannot examine spooling area\n"); - seteuid(euid); + PRIV_START ret = stat(pp->lock_file, &statb); - seteuid(uid); + PRIV_END if (ret >= 0) { if (statb.st_mode & LFM_PRINT_DIS) { if (pp->remote) printf("%s: ", local_host); printf("Warning: %s is down: ", pp->printer); - seteuid(euid); + PRIV_START fd = open(pp->status_file, O_RDONLY|O_SHLOCK); - seteuid(uid); + PRIV_END if (fd >= 0) { while ((i = read(fd, line, sizeof(line))) > 0) (void) fwrite(line, 1, i, stdout); @@ -153,11 +154,11 @@ displayq(struct printer *pp, int format) } if (nitems) { - seteuid(euid); + PRIV_START fp = fopen(pp->lock_file, "r"); - seteuid(uid); + PRIV_END if (fp == NULL) - warn(pp); + daemonwarn(pp); else { /* get daemon pid */ cp = current; @@ -171,12 +172,12 @@ displayq(struct printer *pp, int format) if (i <= 0) { ret = -1; } else { - seteuid(euid); + PRIV_START ret = kill(i, 0); - seteuid(uid); + PRIV_END } if (ret < 0) { - warn(pp); + daemonwarn(pp); } else { /* read current file name */ cp = current; @@ -191,9 +192,9 @@ displayq(struct printer *pp, int format) */ if (pp->remote) printf("%s: ", local_host); - seteuid(euid); + PRIV_START fd = open(pp->status_file, O_RDONLY|O_SHLOCK); - seteuid(uid); + PRIV_END if (fd >= 0) { while ((i = read(fd, line, sizeof(line))) > 0) @@ -360,7 +361,7 @@ check_next: * Print a warning message if there is no daemon present. */ static void -warn(const struct printer *pp) +daemonwarn(const struct printer *pp) { if (pp->remote) printf("%s: ", local_host); @@ -391,10 +392,10 @@ inform(const struct printer *pp, char *cf) * There's a chance the control file has gone away * in the meantime; if this is the case just keep going */ - seteuid(euid); + PRIV_START if ((cfp = fopen(cf, "r")) == NULL) return; - seteuid(uid); + PRIV_END if (rank < 0) rank = 0; @@ -578,10 +579,10 @@ dump(const char *nfile, const char *datafile, int copies) } first = 0; - seteuid(euid); + PRIV_START if (*datafile && !stat(datafile, &lbuf)) totsize += copies * lbuf.st_size; - seteuid(uid); + PRIV_END } /* diff --git a/usr.sbin/lpr/common_source/lp.h b/usr.sbin/lpr/common_source/lp.h index b7ebff6..ab7ce2e 100644 --- a/usr.sbin/lpr/common_source/lp.h +++ b/usr.sbin/lpr/common_source/lp.h @@ -249,6 +249,17 @@ typedef enum { TR_SENDING, TR_RECVING, TR_PRINTING } tr_sendrecv; #define CMD_SHOWQ_LONG '\4' #define CMD_RMJOB '\5' +/* + * seteuid() macros. +*/ +#define PRIV_START { \ + if (seteuid(uid) != 0) err(1, "seteuid failed"); \ +} +#define PRIV_END { \ + if (seteuid(euid) != 0) err(1, "seteuid failed"); \ +} + + #include "lp.cdefs.h" /* A cross-platform version of <sys/cdefs.h> */ __BEGIN_DECLS diff --git a/usr.sbin/lpr/common_source/net.c b/usr.sbin/lpr/common_source/net.c index 2a1e0c8..0ac816a 100644 --- a/usr.sbin/lpr/common_source/net.c +++ b/usr.sbin/lpr/common_source/net.c @@ -52,6 +52,7 @@ __FBSDID("$FreeBSD$"); #include <netdb.h> #include <dirent.h> /* required for lp.h, not used here */ +#include <err.h> #include <errno.h> #include <stdarg.h> #include <stdio.h> @@ -91,7 +92,7 @@ getport(const struct printer *pp, const char *rhost, int rport) { struct addrinfo hints, *res, *ai; int s, timo = 1, lport = IPPORT_RESERVED - 1; - int err, refused = 0; + int error, refused = 0; /* * Get the host address and port number to connect to. @@ -102,10 +103,10 @@ getport(const struct printer *pp, const char *rhost, int rport) hints.ai_family = family; hints.ai_socktype = SOCK_STREAM; hints.ai_protocol = 0; - err = getaddrinfo(rhost, (rport == 0 ? "printer" : NULL), + error = getaddrinfo(rhost, (rport == 0 ? "printer" : NULL), &hints, &res); - if (err) - fatal(pp, "%s\n", gai_strerror(err)); + if (error) + fatal(pp, "%s\n", gai_strerror(error)); if (rport != 0) ((struct sockaddr_in *) res->ai_addr)->sin_port = htons(rport); @@ -114,9 +115,9 @@ getport(const struct printer *pp, const char *rhost, int rport) */ ai = res; retry: - seteuid(euid); + PRIV_START s = rresvport_af(&lport, ai->ai_family); - seteuid(uid); + PRIV_END if (s < 0) { if (errno != EAGAIN) { if (ai->ai_next) { @@ -135,9 +136,9 @@ retry: return(-1); } if (connect(s, ai->ai_addr, ai->ai_addrlen) < 0) { - err = errno; + error = errno; (void) close(s); - errno = err; + errno = error; /* * This used to decrement lport, but the current semantics * of rresvport do not provide such a function (in fact, @@ -184,8 +185,8 @@ checkremote(struct printer *pp) { char lclhost[MAXHOSTNAMELEN]; struct addrinfo hints, *local_res, *remote_res, *lr, *rr; - char *err; - int ncommonaddrs, error; + char *error; + int ncommonaddrs, errno; char h1[NI_MAXHOST], h2[NI_MAXHOST]; if (!pp->rp_matches_local) { /* Remote printer doesn't match local */ @@ -205,11 +206,11 @@ checkremote(struct printer *pp) hints.ai_family = family; hints.ai_socktype = SOCK_STREAM; hints.ai_flags = AI_PASSIVE; - if ((error = getaddrinfo(lclhost, NULL, &hints, &local_res)) != 0) { - asprintf(&err, "unable to get official name " + if ((errno = getaddrinfo(lclhost, NULL, &hints, &local_res)) != 0) { + asprintf(&error, "unable to get official name " "for local machine %s: %s", - lclhost, gai_strerror(error)); - return err; + lclhost, gai_strerror(errno)); + return error; } /* get the official name of RM */ @@ -217,13 +218,13 @@ checkremote(struct printer *pp) hints.ai_family = family; hints.ai_socktype = SOCK_STREAM; hints.ai_flags = AI_PASSIVE; - if ((error = getaddrinfo(pp->remote_host, NULL, + if ((errno = getaddrinfo(pp->remote_host, NULL, &hints, &remote_res)) != 0) { - asprintf(&err, "unable to get address list for " + asprintf(&error, "unable to get address list for " "remote machine %s: %s", - pp->remote_host, gai_strerror(error)); + pp->remote_host, gai_strerror(errno)); freeaddrinfo(local_res); - return err; + return error; } ncommonaddrs = 0; diff --git a/usr.sbin/lpr/common_source/rmjob.c b/usr.sbin/lpr/common_source/rmjob.c index 912a48f..d0327a2 100644 --- a/usr.sbin/lpr/common_source/rmjob.c +++ b/usr.sbin/lpr/common_source/rmjob.c @@ -41,6 +41,7 @@ __FBSDID("$FreeBSD$"); #include <ctype.h> #include <dirent.h> +#include <err.h> #include <errno.h> #include <signal.h> #include <stdio.h> @@ -110,12 +111,12 @@ rmjob(const char *printer) person = root; } - seteuid(euid); + PRIV_START if (chdir(pp->spool_dir) < 0) fatal(pp, "cannot chdir to spool directory"); if ((nitems = scandir(".", &files, iscf, NULL)) < 0) fatal(pp, "cannot access spool directory"); - seteuid(uid); + PRIV_END if (nitems) { /* @@ -124,9 +125,9 @@ rmjob(const char *printer) * (after which we have to restart the daemon). */ if (lockchk(pp, pp->lock_file) && chk(current)) { - seteuid(euid); + PRIV_START assassinated = kill(cur_daemon, SIGINT) == 0; - seteuid(uid); + PRIV_END if (!assassinated) fatal(pp, "cannot kill printer daemon"); } @@ -156,14 +157,14 @@ lockchk(struct printer *pp, char *slockf) register FILE *fp; register int i, n; - seteuid(euid); + PRIV_START if ((fp = fopen(slockf, "r")) == NULL) { if (errno == EACCES) fatal(pp, "%s: %s", slockf, strerror(errno)); else return(0); } - seteuid(uid); + PRIV_END if (!getline(fp)) { (void) fclose(fp); return(0); /* no daemon present */ @@ -195,10 +196,10 @@ process(const struct printer *pp, char *file) if (!chk(file)) return; - seteuid(euid); + PRIV_START if ((cfp = fopen(file, "r")) == NULL) fatal(pp, "cannot open %s", file); - seteuid(uid); + PRIV_END while (getline(cfp)) { switch (line[0]) { case 'U': /* unlink associated files */ @@ -218,9 +219,9 @@ do_unlink(char *file) if (from_host != local_host) printf("%s: ", local_host); - seteuid(euid); + PRIV_START ret = unlink(file); - seteuid(uid); + PRIV_END printf(ret ? "cannot dequeue %s\n" : "%s dequeued\n", file); } @@ -248,10 +249,10 @@ chk(char *file) /* * get the owner's name from the control file. */ - seteuid(euid); + PRIV_START if ((cfp = fopen(file, "r")) == NULL) return(0); - seteuid(uid); + PRIV_END while (getline(cfp)) { if (line[0] == 'P') break; diff --git a/usr.sbin/lpr/common_source/startdaemon.c b/usr.sbin/lpr/common_source/startdaemon.c index b175d79..a1398bb 100644 --- a/usr.sbin/lpr/common_source/startdaemon.c +++ b/usr.sbin/lpr/common_source/startdaemon.c @@ -74,9 +74,9 @@ startdaemon(const struct printer *pp) #ifndef SUN_LEN #define SUN_LEN(unp) (strlen((unp)->sun_path) + 2) #endif - seteuid(euid); + PRIV_START connectres = connect(s, (struct sockaddr *)&un, SUN_LEN(&un)); - seteuid(uid); + PRIV_END if (connectres < 0) { warn("Unable to connect to %s", _PATH_SOCKETNAME); warnx("Check to see if the master 'lpd' process is running."); diff --git a/usr.sbin/lpr/lpc/cmds.c b/usr.sbin/lpr/lpc/cmds.c index 44516d8..f960f7c 100644 --- a/usr.sbin/lpr/lpc/cmds.c +++ b/usr.sbin/lpr/lpc/cmds.c @@ -54,6 +54,7 @@ __FBSDID("$FreeBSD$"); #include <signal.h> #include <fcntl.h> +#include <err.h> #include <errno.h> #include <dirent.h> #include <unistd.h> @@ -288,10 +289,10 @@ kill_qtask(const char *lf) pid_t pid; int errsav, killres, lockres, res; - seteuid(euid); + PRIV_START fp = fopen(lf, "r"); errsav = errno; - seteuid(uid); + PRIV_END res = KQT_NODAEMON; if (fp == NULL) { /* @@ -329,10 +330,10 @@ kill_qtask(const char *lf) goto killdone; } - seteuid(uid); + PRIV_END killres = kill(pid, SIGTERM); errsav = errno; - seteuid(uid); + PRIV_END if (killres == 0) { res = KQT_KILLOK; printf("\tdaemon (pid %d) killed\n", pid); @@ -376,9 +377,9 @@ upstat(struct printer *pp, const char *msg, int notifyuser) status_file_name(pp, statfile, sizeof statfile); umask(0); - seteuid(euid); + PRIV_START fd = open(statfile, O_WRONLY|O_CREAT|O_EXLOCK, STAT_FILE_MODE); - seteuid(uid); + PRIV_END if (fd < 0) { printf("\tcannot create status file: %s\n", strerror(errno)); return; @@ -683,9 +684,9 @@ clean_q(struct printer *pp) linerem = sizeof(line) - (lp - line); cln_foundcore = 0; - seteuid(euid); + PRIV_START nitems = scandir(pp->spool_dir, &queue, doselect, sortq); - seteuid(uid); + PRIV_END if (nitems < 0) { if (!didhead) { printf("%s:\n", pp->printer); @@ -795,9 +796,9 @@ unlinkf(char *name) * that case, we need to check the last-mod time of the symlink, and * not the file that the symlink is pointed at. */ - seteuid(euid); + PRIV_START res = lstat(name, &stbuf); - seteuid(uid); + PRIV_END if (res < 0) { printf("\terror return from stat(%s):\n", name); printf("\t %s\n", strerror(errno)); @@ -819,9 +820,9 @@ unlinkf(char *name) * symlink before unlink-ing the file itself */ if (S_ISLNK(stbuf.st_mode)) { - seteuid(euid); + PRIV_START res = readlink(name, linkbuf, sizeof(linkbuf)); - seteuid(uid); + PRIV_END if (res < 0) { printf("\terror return from readlink(%s):\n", name); printf("\t %s\n", strerror(errno)); @@ -841,9 +842,9 @@ unlinkf(char *name) printf("\t (which is a symlink to %s)\n", linkbuf); } } else { - seteuid(euid); + PRIV_START res = unlink(name); - seteuid(uid); + PRIV_END if (res < 0) printf("\tcannot remove %s (!)\n", name); else @@ -983,9 +984,9 @@ restart_q(struct printer *pp) /* make sure the queue is set to print jobs */ setres = set_qstate(SQS_STARTP, lf); - seteuid(euid); + PRIV_START startok = startdaemon(pp); - seteuid(uid); + PRIV_END if (!startok) printf("\tcouldn't restart daemon\n"); else @@ -1049,14 +1050,14 @@ start_q(struct printer *pp) setres = set_qstate(SQS_STARTP, lf); - seteuid(euid); + PRIV_START startok = startdaemon(pp); - seteuid(uid); + PRIV_END if (!startok) printf("\tcouldn't start daemon\n"); else printf("\tdaemon started\n"); - seteuid(uid); + PRIV_END } /* @@ -1178,12 +1179,12 @@ topq(int argc, char *argv[]) } printf("%s:\n", pp->printer); - seteuid(euid); + PRIV_START if (chdir(pp->spool_dir) < 0) { printf("\tcannot chdir to %s\n", pp->spool_dir); goto out; } - seteuid(uid); + PRIV_END nitems = getq(pp, &queue); if (nitems == 0) return; @@ -1207,12 +1208,12 @@ topq(int argc, char *argv[]) * Turn on the public execute bit of the lock file to * get lpd to rebuild the queue after the current job. */ - seteuid(euid); + PRIV_START if (changed && stat(pp->lock_file, &stbuf) >= 0) (void) chmod(pp->lock_file, stbuf.st_mode | LFM_RESET_QUE); out: - seteuid(uid); + PRIV_END } /* @@ -1227,9 +1228,9 @@ touch(struct jobqueue *jq) tvp[0].tv_sec = tvp[1].tv_sec = --mtime; tvp[0].tv_usec = tvp[1].tv_usec = 0; - seteuid(euid); + PRIV_START ret = utimes(jq->job_cfname, tvp); - seteuid(uid); + PRIV_END return (ret); } @@ -1286,9 +1287,9 @@ doarg(char *job) * Process item consisting of owner's name (example: henry). */ for (qq = queue + nitems; --qq >= queue; ) { - seteuid(euid); + PRIV_START fp = fopen((*qq)->job_cfname, "r"); - seteuid(uid); + PRIV_END if (fp == NULL) continue; while (getline(fp) > 0) @@ -1319,9 +1320,9 @@ up_q(struct printer *pp) setres = set_qstate(SQS_ENABLEQ+SQS_STARTP, lf); - seteuid(euid); + PRIV_START startok = startdaemon(pp); - seteuid(uid); + PRIV_END if (!startok) printf("\tcouldn't start daemon\n"); else diff --git a/usr.sbin/lpr/lpc/lpc.c b/usr.sbin/lpr/lpc/lpc.c index f9fb920..cc58bd9 100644 --- a/usr.sbin/lpr/lpc/lpc.c +++ b/usr.sbin/lpr/lpc/lpc.c @@ -93,7 +93,7 @@ main(int argc, char *argv[]) euid = geteuid(); uid = getuid(); - seteuid(uid); + PRIV_END progname = argv[0]; openlog("lpd", 0, LOG_LPR); @@ -405,9 +405,9 @@ setup_myprinter(char *pwanted, struct printer *pp, int sump_opts) printf("%s:\n", pp->printer); if (sump_opts & SUMP_CHDIR_SD) { - seteuid(euid); + PRIV_START cdres = chdir(pp->spool_dir); - seteuid(uid); + PRIV_END if (cdres < 0) { printf("\tcannot chdir to %s\n", pp->spool_dir); free_printer(pp); diff --git a/usr.sbin/lpr/lpc/movejobs.c b/usr.sbin/lpr/lpc/movejobs.c index 60c9b38..c349601 100644 --- a/usr.sbin/lpr/lpc/movejobs.c +++ b/usr.sbin/lpr/lpc/movejobs.c @@ -47,6 +47,7 @@ __FBSDID("$FreeBSD$"); #include <ctype.h> #include <dirent.h> /* just for MAXNAMLEN, for job_cfname in lp.h! */ +#include <err.h> #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -147,9 +148,9 @@ touch_jqe(void *myinfo, struct jobqueue *jq, struct jobspec *jspec) touch_info = myinfo; tvp[0].tv_sec = tvp[1].tv_sec = ++touch_info->newtime; tvp[0].tv_usec = tvp[1].tv_usec = 0; - seteuid(euid); + PRIV_START ret = utimes(jq->job_cfname, tvp); - seteuid(uid); + PRIV_END if (ret == 0) { if (jspec->matcheduser) diff --git a/usr.sbin/lpr/lpd/printjob.c b/usr.sbin/lpr/lpd/printjob.c index 6130054..9771498 100644 --- a/usr.sbin/lpr/lpd/printjob.c +++ b/usr.sbin/lpr/lpd/printjob.c @@ -61,6 +61,7 @@ __FBSDID("$FreeBSD$"); #include <syslog.h> #include <fcntl.h> #include <dirent.h> +#include <err.h> #include <errno.h> #include <inttypes.h> #include <stdio.h> @@ -173,7 +174,7 @@ printjob(struct printer *pp) pp->log_file); (void) open(_PATH_DEVNULL, O_WRONLY); } - setgid(getegid()); + if(setgid(getegid()) != 0) err(1, "setgid() failed"); printpid = getpid(); /* for use with lprm */ setpgrp(0, printpid); diff --git a/usr.sbin/lpr/lpq/lpq.c b/usr.sbin/lpr/lpq/lpq.c index 33082e5..f39c81b 100644 --- a/usr.sbin/lpr/lpq/lpq.c +++ b/usr.sbin/lpr/lpq/lpq.c @@ -88,7 +88,7 @@ main(int argc, char **argv) printer = NULL; euid = geteuid(); uid = getuid(); - seteuid(uid); + PRIV_END progname = *argv; if (gethostname(local_host, sizeof(local_host))) err(1, "gethostname"); diff --git a/usr.sbin/lpr/lpr/lpr.c b/usr.sbin/lpr/lpr/lpr.c index af7c807..394ccb0 100644 --- a/usr.sbin/lpr/lpr/lpr.c +++ b/usr.sbin/lpr/lpr/lpr.c @@ -145,7 +145,7 @@ main(int argc, char *argv[]) printer = NULL; euid = geteuid(); uid = getuid(); - seteuid(uid); + PRIV_END if (signal(SIGHUP, SIG_IGN) != SIG_IGN) signal(SIGHUP, cleanup); if (signal(SIGINT, SIG_IGN) != SIG_IGN) @@ -326,10 +326,10 @@ main(int argc, char *argv[]) */ mktemps(pp); tfd = nfile(tfname); - seteuid(euid); + PRIV_START (void) fchown(tfd, pp->daemon_user, -1); /* owned by daemon for protection */ - seteuid(uid); + PRIV_END card('H', local_host); card('P', lpr_username); card('C', class); @@ -415,7 +415,7 @@ main(int argc, char *argv[]) * can be very significant when running services like * samba, pcnfs, CAP, et al. */ - seteuid(euid); + PRIV_START didlink = 0; /* * There are several things to check to avoid any @@ -453,11 +453,11 @@ main(int argc, char *argv[]) * safe. Otherwise, abandon the move and fall back * to the (usual) copy method. */ - seteuid(uid); + PRIV_END ret = access(dfname, R_OK); if (ret == 0) ret = unlink(arg); - seteuid(euid); + PRIV_START if (ret != 0) goto nohardlink; /* @@ -467,7 +467,7 @@ main(int argc, char *argv[]) */ chown(dfname, pp->daemon_user, getegid()); chmod(dfname, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP); - seteuid(uid); + PRIV_END if (format == 'p') card('T', title ? title : arg); for (i = 0; i < ncopies; i++) @@ -479,7 +479,7 @@ main(int argc, char *argv[]) nohardlink: if (didlink) unlink(dfname); - seteuid(uid); /* restore old uid */ + PRIV_END /* restore old uid */ } /* end: if (f) */ if ((i = open(arg, O_RDONLY)) < 0) { @@ -498,7 +498,7 @@ main(int argc, char *argv[]) /* * Touch the control file to fix position in the queue. */ - seteuid(euid); + PRIV_START if ((tfd = open(tfname, O_RDWR)) >= 0) { char touch_c; @@ -518,7 +518,7 @@ main(int argc, char *argv[]) cleanup(0); } unlink(tfname); - seteuid(uid); + PRIV_END if (qflag) /* just q things up */ exit(0); if (!startdaemon(pp)) @@ -604,9 +604,9 @@ linked(const char *file) strncat(buf, file, sizeof(buf) - strlen(buf) - 1); file = buf; } - seteuid(euid); + PRIV_START ret = symlink(file, dfname); - seteuid(uid); + PRIV_END return(ret ? NULL : file); } @@ -638,7 +638,7 @@ nfile(char *n) register int f; int oldumask = umask(0); /* should block signals */ - seteuid(euid); + PRIV_START f = open(n, O_WRONLY | O_EXCL | O_CREAT, FILMOD); (void) umask(oldumask); if (f < 0) { @@ -649,7 +649,7 @@ nfile(char *n) printf("%s: cannot chown %s\n", progname, n); cleanup(0); /* cleanup does exit */ } - seteuid(uid); + PRIV_END if (++n[inchar] > 'z') { if (++n[inchar-2] == 't') { printf("too many files - break up the job\n"); @@ -674,7 +674,7 @@ cleanup(int signo __unused) signal(SIGQUIT, SIG_IGN); signal(SIGTERM, SIG_IGN); i = inchar; - seteuid(euid); + PRIV_START if (tfname) do unlink(tfname); @@ -846,7 +846,7 @@ mktemps(const struct printer *pp) char buf[BUFSIZ]; (void) snprintf(buf, sizeof(buf), "%s/.seq", pp->spool_dir); - seteuid(euid); + PRIV_START if ((fd = open(buf, O_RDWR|O_CREAT, 0664)) < 0) { printf("%s: cannot create %s\n", progname, buf); exit(1); @@ -855,7 +855,7 @@ mktemps(const struct printer *pp) printf("%s: cannot lock %s\n", progname, buf); exit(1); } - seteuid(uid); + PRIV_END n = 0; if ((len = read(fd, buf, sizeof(buf))) > 0) { for (cp = buf; len--; ) { diff --git a/usr.sbin/lpr/lprm/lprm.c b/usr.sbin/lpr/lprm/lprm.c index 741a8fa..35d8814 100644 --- a/usr.sbin/lpr/lprm/lprm.c +++ b/usr.sbin/lpr/lprm/lprm.c @@ -58,6 +58,7 @@ __FBSDID("$FreeBSD$"); #include <syslog.h> #include <dirent.h> +#include <err.h> #include <pwd.h> #include <unistd.h> #include <stdlib.h> @@ -93,7 +94,7 @@ main(int argc, char *argv[]) printer = NULL; uid = getuid(); euid = geteuid(); - seteuid(uid); /* be safe */ + PRIV_END /* be safe */ progname = argv[0]; gethostname(local_host, sizeof(local_host)); openlog("lpd", 0, LOG_LPR); |