pt_file.c revision 1.11
1 1.11 bgrayson /* $NetBSD: pt_file.c,v 1.11 1999/08/16 06:38:12 bgrayson Exp $ */ 2 1.4 cgd 3 1.1 cgd /* 4 1.1 cgd * Copyright (c) 1992, 1993 5 1.1 cgd * The Regents of the University of California. All rights reserved. 6 1.1 cgd * 7 1.1 cgd * This code is derived from software donated to Berkeley by 8 1.1 cgd * Jan-Simon Pendry. 9 1.1 cgd * 10 1.1 cgd * Redistribution and use in source and binary forms, with or without 11 1.1 cgd * modification, are permitted provided that the following conditions 12 1.1 cgd * are met: 13 1.1 cgd * 1. Redistributions of source code must retain the above copyright 14 1.1 cgd * notice, this list of conditions and the following disclaimer. 15 1.1 cgd * 2. Redistributions in binary form must reproduce the above copyright 16 1.1 cgd * notice, this list of conditions and the following disclaimer in the 17 1.1 cgd * documentation and/or other materials provided with the distribution. 18 1.1 cgd * 3. All advertising materials mentioning features or use of this software 19 1.1 cgd * must display the following acknowledgement: 20 1.1 cgd * This product includes software developed by the University of 21 1.1 cgd * California, Berkeley and its contributors. 22 1.1 cgd * 4. Neither the name of the University nor the names of its contributors 23 1.1 cgd * may be used to endorse or promote products derived from this software 24 1.1 cgd * without specific prior written permission. 25 1.1 cgd * 26 1.1 cgd * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 27 1.1 cgd * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 28 1.1 cgd * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29 1.1 cgd * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 30 1.1 cgd * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 1.1 cgd * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 1.1 cgd * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 1.1 cgd * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 1.1 cgd * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 1.1 cgd * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 1.1 cgd * SUCH DAMAGE. 37 1.1 cgd * 38 1.3 mycroft * from: Id: pt_file.c,v 1.1 1992/05/25 21:43:09 jsp Exp 39 1.9 lukem * @(#)pt_file.c 8.3 (Berkeley) 7/3/94 40 1.1 cgd */ 41 1.1 cgd 42 1.8 lukem #include <sys/cdefs.h> 43 1.8 lukem #ifndef lint 44 1.11 bgrayson __RCSID("$NetBSD: pt_file.c,v 1.11 1999/08/16 06:38:12 bgrayson Exp $"); 45 1.8 lukem #endif /* not lint */ 46 1.8 lukem 47 1.1 cgd #include <stdio.h> 48 1.1 cgd #include <unistd.h> 49 1.1 cgd #include <stdlib.h> 50 1.3 mycroft #include <string.h> 51 1.1 cgd #include <errno.h> 52 1.1 cgd #include <fcntl.h> 53 1.1 cgd #include <sys/types.h> 54 1.1 cgd #include <sys/param.h> 55 1.1 cgd #include <sys/syslog.h> 56 1.1 cgd 57 1.1 cgd #include "portald.h" 58 1.1 cgd 59 1.11 bgrayson #ifdef DEBUG 60 1.11 bgrayson #define DEBUG_SYSLOG syslog 61 1.11 bgrayson #else 62 1.11 bgrayson /* 63 1.11 bgrayson * The "if (0) ..." will be optimized away by the compiler if 64 1.11 bgrayson * DEBUG is not defined. 65 1.11 bgrayson */ 66 1.11 bgrayson #define DEBUG_SYSLOG if (0) syslog 67 1.11 bgrayson #endif 68 1.11 bgrayson 69 1.11 bgrayson int 70 1.11 bgrayson lose_credentials(pcr) 71 1.11 bgrayson struct portal_cred *pcr; 72 1.11 bgrayson { 73 1.11 bgrayson /* 74 1.11 bgrayson * If we are root, then switch into the caller's credentials. 75 1.11 bgrayson * By the way, we _always_ log failures, to make 76 1.11 bgrayson * sure questionable activity is noticed. 77 1.11 bgrayson */ 78 1.11 bgrayson if (getuid() == 0) { 79 1.11 bgrayson /* Set egid, then groups, then uid. */ 80 1.11 bgrayson if (setegid(pcr->pcr_gid) < 0) { 81 1.11 bgrayson syslog(LOG_ERR, 82 1.11 bgrayson "lose_credentials: setegid(%d) failed (%m)", 83 1.11 bgrayson pcr->pcr_gid); 84 1.11 bgrayson return (errno); 85 1.11 bgrayson } 86 1.11 bgrayson if (setgroups(pcr->pcr_ngroups, pcr->pcr_groups) < 0) { 87 1.11 bgrayson syslog(LOG_ERR, 88 1.11 bgrayson "lose_credentials: setgroups() failed (%m)"); 89 1.11 bgrayson return (errno); 90 1.11 bgrayson } 91 1.11 bgrayson if (seteuid(pcr->pcr_uid) < 0) { 92 1.11 bgrayson syslog(LOG_ERR, 93 1.11 bgrayson "lose_credentials: seteuid(%d) failed (%m)", 94 1.11 bgrayson pcr->pcr_uid); 95 1.11 bgrayson return (errno); 96 1.11 bgrayson } 97 1.11 bgrayson /* The credential change was successful! */ 98 1.11 bgrayson DEBUG_SYSLOG(LOG_ERR, "Root-owned mount process lowered credentials -- returning successfully!\n"); 99 1.11 bgrayson return 0; 100 1.11 bgrayson } 101 1.11 bgrayson DEBUG_SYSLOG(LOG_ERR, "Actual/effective/caller's creds are:"); 102 1.11 bgrayson DEBUG_SYSLOG(LOG_ERR, "%d/%d %d/%d %d/%d", getuid(), 103 1.11 bgrayson getgid(), geteuid(), getegid(), pcr->pcr_uid, pcr->pcr_gid); 104 1.11 bgrayson /* 105 1.11 bgrayson * Else, fail if the uid is neither actual or effective 106 1.11 bgrayson * uid of mount process... 107 1.11 bgrayson */ 108 1.11 bgrayson if ((getuid() != pcr->pcr_uid) && (geteuid() != pcr->pcr_uid)) { 109 1.11 bgrayson syslog(LOG_ERR, "lose_credentials: uid %d != uid %d, or euid %d != uid %d", 110 1.11 bgrayson getuid(), pcr->pcr_uid, geteuid(), pcr->pcr_uid); 111 1.11 bgrayson return EPERM; 112 1.11 bgrayson } 113 1.11 bgrayson /* 114 1.11 bgrayson * ... or the gid is neither the actual or effective 115 1.11 bgrayson * gid of the mount process. 116 1.11 bgrayson */ 117 1.11 bgrayson if ((getgid() != pcr->pcr_gid) && (getegid() != pcr->pcr_gid)) { 118 1.11 bgrayson syslog(LOG_ERR, "lose_credentials: gid %d != gid %d, or egid %d != gid %d", 119 1.11 bgrayson getgid(), pcr->pcr_gid, getegid(), pcr->pcr_gid); 120 1.11 bgrayson return EPERM; 121 1.11 bgrayson } 122 1.11 bgrayson /* 123 1.11 bgrayson * If we make it here, we have a uid _and_ gid match! Allow the 124 1.11 bgrayson * access. 125 1.11 bgrayson */ 126 1.11 bgrayson DEBUG_SYSLOG(LOG_ERR, "Returning successfully!\n"); 127 1.11 bgrayson return 0; 128 1.11 bgrayson } 129 1.11 bgrayson 130 1.8 lukem int 131 1.8 lukem portal_file(pcr, key, v, so, fdp) 132 1.8 lukem struct portal_cred *pcr; 133 1.11 bgrayson char *key; 134 1.11 bgrayson char **v; 135 1.11 bgrayson int so; 136 1.11 bgrayson int *fdp; 137 1.1 cgd { 138 1.11 bgrayson int fd; 139 1.11 bgrayson char pbuf[MAXPATHLEN]; 140 1.11 bgrayson int error; 141 1.11 bgrayson int origuid, origgid; 142 1.1 cgd 143 1.11 bgrayson origuid = getuid(); 144 1.11 bgrayson origgid = getgid(); 145 1.1 cgd pbuf[0] = '/'; 146 1.11 bgrayson strcpy(pbuf + 1, key + (v[1] ? strlen(v[1]) : 0)); 147 1.11 bgrayson DEBUG_SYSLOG(LOG_ERR, "path = %s, uid = %d, gid = %d", 148 1.11 bgrayson pbuf, pcr->pcr_uid, pcr->pcr_gid); 149 1.11 bgrayson 150 1.11 bgrayson if ((error = lose_credentials(pcr)) != 0) { 151 1.11 bgrayson DEBUG_SYSLOG(LOG_ERR, "portal_file: Credential err %d", error); 152 1.11 bgrayson return error; 153 1.11 bgrayson } 154 1.11 bgrayson error = 0; 155 1.11 bgrayson /* 156 1.11 bgrayson * Be careful -- only set error to errno if there is an error. 157 1.11 bgrayson * errno could hold an old, uncaught value, from a routine 158 1.11 bgrayson * called long before now. 159 1.11 bgrayson */ 160 1.11 bgrayson fd = open(pbuf, O_RDWR | O_CREAT, 0666); 161 1.11 bgrayson if (fd < 0) { 162 1.1 cgd error = errno; 163 1.11 bgrayson if (error == EACCES) { 164 1.11 bgrayson DEBUG_SYSLOG(LOG_ERR, "Error: could not open '%s' " 165 1.11 bgrayson "read/write with create flag. " 166 1.11 bgrayson "Trying read-only open...", pbuf); 167 1.11 bgrayson /* Try opening read-only. */ 168 1.11 bgrayson fd = open(pbuf, O_RDONLY, 0); 169 1.11 bgrayson if (fd < 0) { 170 1.11 bgrayson error = errno; 171 1.11 bgrayson DEBUG_SYSLOG(LOG_ERR, "That failed too! %m"); 172 1.11 bgrayson } else { 173 1.11 bgrayson /* Clear the error indicator. */ 174 1.11 bgrayson error = 0; 175 1.11 bgrayson } 176 1.11 bgrayson } else { 177 1.11 bgrayson DEBUG_SYSLOG(LOG_ERR, "Error: could not open '%s': %m", pbuf); 178 1.11 bgrayson } 179 1.1 cgd 180 1.11 bgrayson } 181 1.11 bgrayson if (seteuid((uid_t) origuid) < 0) { /* XXX - should reset gidset 182 1.11 bgrayson * too */ 183 1.1 cgd error = errno; 184 1.10 enami syslog(LOG_ERR, "setcred: %m"); 185 1.1 cgd if (fd >= 0) { 186 1.1 cgd (void) close(fd); 187 1.1 cgd fd = -1; 188 1.1 cgd } 189 1.1 cgd } 190 1.1 cgd if (error == 0) 191 1.1 cgd *fdp = fd; 192 1.1 cgd 193 1.11 bgrayson DEBUG_SYSLOG(LOG_ERR, "pt_file returns *fdp = %d, error = %d", *fdp, 194 1.10 enami error); 195 1.1 cgd return (error); 196 1.1 cgd } 197
Indexes created Tue Sep 30 20:09:53 GMT 2025