Annotation of src/sbin/mount_portal/pt_file.c, Revision 1.17
1.17 ! pooka 1: /* $NetBSD: pt_file.c,v 1.16 2005/02/09 13:57:57 xtraeme Exp $ */
1.4 cgd 2:
1.1 cgd 3: /*
4: * Copyright (c) 1992, 1993
5: * The Regents of the University of California. All rights reserved.
6: *
7: * This code is derived from software donated to Berkeley by
8: * Jan-Simon Pendry.
9: *
10: * Redistribution and use in source and binary forms, with or without
11: * modification, are permitted provided that the following conditions
12: * are met:
13: * 1. Redistributions of source code must retain the above copyright
14: * notice, this list of conditions and the following disclaimer.
15: * 2. Redistributions in binary form must reproduce the above copyright
16: * notice, this list of conditions and the following disclaimer in the
17: * documentation and/or other materials provided with the distribution.
1.15 agc 18: * 3. Neither the name of the University nor the names of its contributors
1.1 cgd 19: * may be used to endorse or promote products derived from this software
20: * without specific prior written permission.
21: *
22: * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25: * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32: * SUCH DAMAGE.
33: *
1.3 mycroft 34: * from: Id: pt_file.c,v 1.1 1992/05/25 21:43:09 jsp Exp
1.9 lukem 35: * @(#)pt_file.c 8.3 (Berkeley) 7/3/94
1.1 cgd 36: */
37:
1.8 lukem 38: #include <sys/cdefs.h>
39: #ifndef lint
1.17 ! pooka 40: __RCSID("$NetBSD: pt_file.c,v 1.16 2005/02/09 13:57:57 xtraeme Exp $");
1.8 lukem 41: #endif /* not lint */
42:
1.1 cgd 43: #include <stdio.h>
44: #include <unistd.h>
45: #include <stdlib.h>
1.3 mycroft 46: #include <string.h>
1.1 cgd 47: #include <errno.h>
48: #include <fcntl.h>
49: #include <sys/types.h>
50: #include <sys/param.h>
51: #include <sys/syslog.h>
52:
53: #include "portald.h"
54:
1.11 bgrayson 55: #ifdef DEBUG
56: #define DEBUG_SYSLOG syslog
57: #else
58: /*
59: * The "if (0) ..." will be optimized away by the compiler if
60: * DEBUG is not defined.
61: */
62: #define DEBUG_SYSLOG if (0) syslog
63: #endif
64:
65: int
1.16 xtraeme 66: lose_credentials(struct portal_cred *pcr)
1.11 bgrayson 67: {
68: /*
69: * If we are root, then switch into the caller's credentials.
70: * By the way, we _always_ log failures, to make
71: * sure questionable activity is noticed.
72: */
73: if (getuid() == 0) {
1.12 bgrayson 74: /* Set groups first ... */
75: if (setgroups(pcr->pcr_ngroups, pcr->pcr_groups) < 0) {
1.13 lukem 76: syslog(LOG_WARNING,
1.12 bgrayson 77: "lose_credentials: setgroups() failed (%m)");
1.11 bgrayson 78: return (errno);
79: }
1.12 bgrayson 80: /* ... then gid ... */
81: if (setgid(pcr->pcr_gid) < 0) {
1.13 lukem 82: syslog(LOG_WARNING,
1.12 bgrayson 83: "lose_credentials: setgid(%d) failed (%m)",
84: pcr->pcr_gid);
1.11 bgrayson 85: }
1.12 bgrayson 86: /*
87: * ... and now do the setuid() where we lose all special
88: * powers (both real and effective userid).
89: */
90: if (setuid(pcr->pcr_uid) < 0) {
1.13 lukem 91: syslog(LOG_WARNING,
1.12 bgrayson 92: "lose_credentials: setuid(%d) failed (%m)",
93: pcr->pcr_uid);
1.11 bgrayson 94: }
95: /* The credential change was successful! */
1.13 lukem 96: DEBUG_SYSLOG(LOG_DEBUG, "Root-owned mount process lowered credentials -- returning successfully!\n");
1.11 bgrayson 97: return 0;
98: }
1.13 lukem 99: DEBUG_SYSLOG(LOG_DEBUG, "Actual/effective/caller's creds are:");
100: DEBUG_SYSLOG(LOG_DEBUG, "%d/%d %d/%d %d/%d", getuid(),
1.11 bgrayson 101: getgid(), geteuid(), getegid(), pcr->pcr_uid, pcr->pcr_gid);
102: /*
103: * Else, fail if the uid is neither actual or effective
104: * uid of mount process...
105: */
106: if ((getuid() != pcr->pcr_uid) && (geteuid() != pcr->pcr_uid)) {
1.13 lukem 107: syslog(LOG_WARNING,
108: "lose_credentials: uid %d != uid %d, or euid %d != uid %d",
1.11 bgrayson 109: getuid(), pcr->pcr_uid, geteuid(), pcr->pcr_uid);
110: return EPERM;
111: }
112: /*
113: * ... or the gid is neither the actual or effective
114: * gid of the mount process.
115: */
116: if ((getgid() != pcr->pcr_gid) && (getegid() != pcr->pcr_gid)) {
1.13 lukem 117: syslog(LOG_WARNING,
118: "lose_credentials: gid %d != gid %d, or egid %d != gid %d",
1.11 bgrayson 119: getgid(), pcr->pcr_gid, getegid(), pcr->pcr_gid);
120: return EPERM;
121: }
122: /*
123: * If we make it here, we have a uid _and_ gid match! Allow the
124: * access.
125: */
1.13 lukem 126: DEBUG_SYSLOG(LOG_DEBUG, "Returning successfully!\n");
1.11 bgrayson 127: return 0;
128: }
129:
1.8 lukem 130: int
1.17 ! pooka 131: portal_file(struct portal_cred *pcr, char *key, char **v, int *fdp)
1.1 cgd 132: {
1.11 bgrayson 133: int fd;
134: char pbuf[MAXPATHLEN];
135: int error;
136: int origuid, origgid;
1.1 cgd 137:
1.11 bgrayson 138: origuid = getuid();
139: origgid = getgid();
1.1 cgd 140: pbuf[0] = '/';
1.14 itojun 141: strlcpy(pbuf + 1, key + (v[1] ? strlen(v[1]) : 0), sizeof(pbuf) - 1);
1.13 lukem 142: DEBUG_SYSLOG(LOG_DEBUG, "path = %s, uid = %d, gid = %d",
1.11 bgrayson 143: pbuf, pcr->pcr_uid, pcr->pcr_gid);
144:
145: if ((error = lose_credentials(pcr)) != 0) {
1.13 lukem 146: DEBUG_SYSLOG(LOG_DEBUG, "portal_file: Credential err %d", error);
1.11 bgrayson 147: return error;
148: }
149: error = 0;
150: /*
151: * Be careful -- only set error to errno if there is an error.
152: * errno could hold an old, uncaught value, from a routine
153: * called long before now.
154: */
155: fd = open(pbuf, O_RDWR | O_CREAT, 0666);
156: if (fd < 0) {
1.1 cgd 157: error = errno;
1.11 bgrayson 158: if (error == EACCES) {
1.13 lukem 159: DEBUG_SYSLOG(LOG_DEBUG, "Error: could not open '%s' "
1.11 bgrayson 160: "read/write with create flag. "
161: "Trying read-only open...", pbuf);
162: /* Try opening read-only. */
163: fd = open(pbuf, O_RDONLY, 0);
164: if (fd < 0) {
165: error = errno;
1.13 lukem 166: DEBUG_SYSLOG(LOG_DEBUG, "That failed too! %m");
1.11 bgrayson 167: } else {
168: /* Clear the error indicator. */
169: error = 0;
170: }
171: } else {
1.13 lukem 172: DEBUG_SYSLOG(LOG_DEBUG, "Error: could not open '%s': %m", pbuf);
1.11 bgrayson 173: }
1.1 cgd 174:
1.11 bgrayson 175: }
176: if (seteuid((uid_t) origuid) < 0) { /* XXX - should reset gidset
177: * too */
1.1 cgd 178: error = errno;
1.13 lukem 179: syslog(LOG_WARNING, "setcred: %m");
1.1 cgd 180: if (fd >= 0) {
181: (void) close(fd);
182: fd = -1;
183: }
184: }
185: if (error == 0)
186: *fdp = fd;
187:
1.13 lukem 188: DEBUG_SYSLOG(LOG_DEBUG, "pt_file returns *fdp = %d, error = %d", *fdp,
1.10 enami 189: error);
1.1 cgd 190: return (error);
191: }
CVSweb <webmaster@jp.NetBSD.org>