Home | History | Annotate | Line # | Download | only in mount_portal
pt_file.c revision 1.14 
      1 /*	$NetBSD: pt_file.c,v 1.14 2003/07/13 07:41:48 itojun Exp $	*/
      2 
      3 /*
      4  * Copyright (c) 1992, 1993
      5  *	The Regents of the University of California.  All rights reserved.
      6  *
      7  * This code is derived from software donated to Berkeley by
      8  * Jan-Simon Pendry.
      9  *
     10  * Redistribution and use in source and binary forms, with or without
     11  * modification, are permitted provided that the following conditions
     12  * are met:
     13  * 1. Redistributions of source code must retain the above copyright
     14  *    notice, this list of conditions and the following disclaimer.
     15  * 2. Redistributions in binary form must reproduce the above copyright
     16  *    notice, this list of conditions and the following disclaimer in the
     17  *    documentation and/or other materials provided with the distribution.
     18  * 3. All advertising materials mentioning features or use of this software
     19  *    must display the following acknowledgement:
     20  *	This product includes software developed by the University of
     21  *	California, Berkeley and its contributors.
     22  * 4. Neither the name of the University nor the names of its contributors
     23  *    may be used to endorse or promote products derived from this software
     24  *    without specific prior written permission.
     25  *
     26  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
     27  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     28  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
     29  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
     30  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
     31  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
     32  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     33  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
     34  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
     35  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     36  * SUCH DAMAGE.
     37  *
     38  *	from: Id: pt_file.c,v 1.1 1992/05/25 21:43:09 jsp Exp
     39  *	@(#)pt_file.c	8.3 (Berkeley) 7/3/94
     40  */
     41 
     42 #include <sys/cdefs.h>
     43 #ifndef lint
     44 __RCSID("$NetBSD: pt_file.c,v 1.14 2003/07/13 07:41:48 itojun Exp $");
     45 #endif /* not lint */
     46 
     47 #include <stdio.h>
     48 #include <unistd.h>
     49 #include <stdlib.h>
     50 #include <string.h>
     51 #include <errno.h>
     52 #include <fcntl.h>
     53 #include <sys/types.h>
     54 #include <sys/param.h>
     55 #include <sys/syslog.h>
     56 
     57 #include "portald.h"
     58 
     59 #ifdef DEBUG
     60 #define DEBUG_SYSLOG	syslog
     61 #else
     62 /*
     63  * The "if (0) ..." will be optimized away by the compiler if
     64  * DEBUG is not defined.
     65  */
     66 #define DEBUG_SYSLOG	if (0) syslog
     67 #endif
     68 
     69 int
     70 lose_credentials(pcr)
     71 	struct portal_cred	*pcr;
     72 {
     73 	/*
     74 	 * If we are root, then switch into the caller's credentials.
     75 	 * By the way, we _always_ log failures, to make
     76 	 * sure questionable activity is noticed.
     77 	 */
     78 	if (getuid() == 0) {
     79 		/* Set groups first ... */
     80 		if (setgroups(pcr->pcr_ngroups, pcr->pcr_groups) < 0) {
     81 			syslog(LOG_WARNING,
     82 			    "lose_credentials: setgroups() failed (%m)");
     83 			return (errno);
     84 		}
     85 		/* ... then gid ... */
     86 		if (setgid(pcr->pcr_gid) < 0) {
     87 			syslog(LOG_WARNING,
     88 				"lose_credentials: setgid(%d) failed (%m)",
     89 				pcr->pcr_gid);
     90 		}
     91 		/*
     92 		 * ... and now do the setuid() where we lose all special
     93 		 * powers (both real and effective userid).
     94 		 */
     95 		if (setuid(pcr->pcr_uid) < 0) {
     96 			syslog(LOG_WARNING,
     97 				"lose_credentials: setuid(%d) failed (%m)",
     98 				pcr->pcr_uid);
     99 		}
    100 		/* The credential change was successful! */
    101 		DEBUG_SYSLOG(LOG_DEBUG, "Root-owned mount process lowered credentials -- returning successfully!\n");
    102 		return 0;
    103 	}
    104 	DEBUG_SYSLOG(LOG_DEBUG, "Actual/effective/caller's creds are:");
    105 	DEBUG_SYSLOG(LOG_DEBUG, "%d/%d %d/%d %d/%d", getuid(),
    106 	    getgid(), geteuid(), getegid(), pcr->pcr_uid, pcr->pcr_gid);
    107 	/*
    108 	 * Else, fail if the uid is neither actual or effective
    109 	 * uid of mount process...
    110 	 */
    111 	if ((getuid() != pcr->pcr_uid) && (geteuid() != pcr->pcr_uid)) {
    112 		syslog(LOG_WARNING,
    113 		    "lose_credentials: uid %d != uid %d, or euid %d != uid %d",
    114 		    getuid(), pcr->pcr_uid, geteuid(), pcr->pcr_uid);
    115 		return EPERM;
    116 	}
    117 	/*
    118 	 * ... or the gid is neither the actual or effective
    119 	 * gid of the mount process.
    120 	 */
    121 	if ((getgid() != pcr->pcr_gid) && (getegid() != pcr->pcr_gid)) {
    122 		syslog(LOG_WARNING,
    123 		    "lose_credentials: gid %d != gid %d, or egid %d != gid %d",
    124 		    getgid(), pcr->pcr_gid, getegid(), pcr->pcr_gid);
    125 		return EPERM;
    126 	}
    127 	/*
    128 	 * If we make it here, we have a uid _and_ gid match! Allow the
    129 	 * access.
    130 	 */
    131 	DEBUG_SYSLOG(LOG_DEBUG, "Returning successfully!\n");
    132 	return 0;
    133 }
    134 
    135 int
    136 portal_file(pcr, key, v, so, fdp)
    137 	struct portal_cred *pcr;
    138 	char   *key;
    139 	char  **v;
    140 	int     so;
    141 	int    *fdp;
    142 {
    143 	int     fd;
    144 	char    pbuf[MAXPATHLEN];
    145 	int     error;
    146 	int     origuid, origgid;
    147 
    148 	origuid = getuid();
    149 	origgid = getgid();
    150 	pbuf[0] = '/';
    151 	strlcpy(pbuf + 1, key + (v[1] ? strlen(v[1]) : 0), sizeof(pbuf) - 1);
    152 	DEBUG_SYSLOG(LOG_DEBUG, "path = %s, uid = %d, gid = %d",
    153 	    pbuf, pcr->pcr_uid, pcr->pcr_gid);
    154 
    155 	if ((error = lose_credentials(pcr)) != 0) {
    156 		DEBUG_SYSLOG(LOG_DEBUG, "portal_file: Credential err %d", error);
    157 		return error;
    158 	}
    159 	error = 0;
    160 	/*
    161 	 * Be careful -- only set error to errno if there is an error.
    162 	 * errno could hold an old, uncaught value, from a routine
    163 	 * called long before now.
    164 	 */
    165 	fd = open(pbuf, O_RDWR | O_CREAT, 0666);
    166 	if (fd < 0) {
    167 		error = errno;
    168 		if (error == EACCES) {
    169 			DEBUG_SYSLOG(LOG_DEBUG, "Error:  could not open '%s' "
    170 			    "read/write with create flag.  "
    171 			    "Trying read-only open...", pbuf);
    172 			/* Try opening read-only. */
    173 			fd = open(pbuf, O_RDONLY, 0);
    174 			if (fd < 0) {
    175 				error = errno;
    176 				DEBUG_SYSLOG(LOG_DEBUG, "That failed too!  %m");
    177 			} else {
    178 				/* Clear the error indicator. */
    179 				error = 0;
    180 			}
    181 		} else {
    182 			DEBUG_SYSLOG(LOG_DEBUG, "Error:  could not open '%s': %m", pbuf);
    183 		}
    184 
    185 	}
    186 	if (seteuid((uid_t) origuid) < 0) {	/* XXX - should reset gidset
    187 						 * too */
    188 		error = errno;
    189 		syslog(LOG_WARNING, "setcred: %m");
    190 		if (fd >= 0) {
    191 			(void) close(fd);
    192 			fd = -1;
    193 		}
    194 	}
    195 	if (error == 0)
    196 		*fdp = fd;
    197 
    198 	DEBUG_SYSLOG(LOG_DEBUG, "pt_file returns *fdp = %d, error = %d", *fdp,
    199 	    error);
    200 	return (error);
    201 }
    202