Annotation of fam/fam/Cred.c++, Revision 1.1.1.1
1.1 trev 1: // Copyright (C) 1999-2002 Silicon Graphics, Inc. All Rights Reserved.
2: //
3: // This program is free software; you can redistribute it and/or modify it
4: // under the terms of version 2 of the GNU General Public License as
5: // published by the Free Software Foundation.
6: //
7: // This program is distributed in the hope that it would be useful, but
8: // WITHOUT ANY WARRANTY; without even the implied warranty of
9: // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Further, any
10: // license provided herein, whether implied or otherwise, is limited to
11: // this program in accordance with the express provisions of the GNU
12: // General Public License. Patent licenses, if any, provided herein do not
13: // apply to combinations of this program with other product or programs, or
14: // any other product whatsoever. This program is distributed without any
15: // warranty that the program is delivered free of the rightful claim of any
16: // third person by way of infringement or the like. See the GNU General
17: // Public License for more details.
18: //
19: // You should have received a copy of the GNU General Public License along
20: // with this program; if not, write the Free Software Foundation, Inc., 59
21: // Temple Place - Suite 330, Boston MA 02111-1307, USA.
22:
23: #include "Cred.h"
24:
25: #include <assert.h>
26: #include <stdio.h>
27: #include <string.h>
28: #include <unistd.h>
29: #include <grp.h>
30: #include <stdlib.h>
31: #include <ctype.h>
32: #include <pwd.h>
33: #include <errno.h>
34:
35: #include "Log.h"
36: #ifdef HAVE_MAC
37: #include <sys/mac.h>
38: #include <t6net.h>
39: #endif
40:
41: static gid_t SuperUser_groups[1] = { 0 };
42: const Cred Cred::SuperUser(0, 1, SuperUser_groups, -1);
43: Cred Cred::untrusted;
44: const Cred::Implementation *Cred::Implementation::last = NULL;
45: Cred::Implementation **Cred::impllist;
46: unsigned Cred::nimpl;
47: unsigned Cred::nimpl_alloc;
48: bool Cred::insecure_compat = false;
49: #ifdef HAVE_MAC
50: bool Cred::use_mac = true;
51: #endif
52:
53: // This is used by Listener to create a new Cred for each connection whose
54: // per-request UIDs will be ignored. (The uid could either be the untrusted
55: // uid, or the uid which the client has been authenticated as.) It's also
56: // used by Cred::set_untrusted_user() to create the untrusted Cred.
57: Cred::Cred(uid_t u, int sockfd)
58: {
59: unsigned int nAddlGroups = sysconf(_SC_NGROUPS_MAX);
60: struct passwd *pwd;
61: gid_t *addlGroups = new gid_t[nAddlGroups];
62: gid_t primary_group;
63: if ((pwd = getpwuid(u)) != NULL)
64: {
65: primary_group = pwd->pw_gid;
66: #ifdef HAVE_GETGRMEMBER
67: nAddlGroups = getgrmember(pwd->pw_name, addlGroups, nAddlGroups, 0);
68: if (nAddlGroups == -1)
69: {
70: Log::info("getgrmember(%s, ...) failed: %s",
71: pwd->pw_name, strerror(errno));
72: nAddlGroups = 0;
73: }
74: #else
75: group *gbp;
76: unsigned int ii = 0;
77: setgrent();
78: while ((ii < nAddlGroups) && ((gbp = getgrent()) != NULL))
79: {
80: // See if our user's name is in the list of group members.
81: for (int i = 0; gbp->gr_mem[i] != NULL; ++i)
82: {
83: if (!strcmp(pwd->pw_name, gbp->gr_mem[i]))
84: {
85: addlGroups[ii++] = gbp->gr_gid;
86: break;
87: }
88: }
89: }
90: endgrent();
91: nAddlGroups = ii;
92: #endif
93: }
94: else
95: {
96: nAddlGroups = 0;
97: #ifdef NOGROUP
98: primary_group = untrusted.is_valid() ? untrusted.gid() : (gid_t) NOGROUP;
99: #else
100: primary_group = untrusted.is_valid() ? untrusted.gid() : (gid_t) GID_NOBODY;
101: #endif
102: Log::info("Warning: uid %i is unknown to this system, so "
103: "that user will be given the gid of the untrusted user: %i",
104: u, primary_group);
105:
106: }
107: mac_t mac = NULL;
108: #ifdef HAVE_MAC
109: if ((use_mac) && (sockfd != -1))
110: {
111: if(tsix_get_mac(sockfd, &mac) != 0)
112: {
113: Log::error("tsix_get_mac failed for client fd %d", sockfd);
114: exit(1);
115: }
116: }
117: #endif
118: new_impl(u, primary_group, nAddlGroups, addlGroups, mac);
119: delete [] addlGroups;
120: }
121:
122: // This is used by TCP_Client to create a new Cred for each request from
123: // a trusted remote fam. The MAC label is not handled correctly; the
124: // remote fam's is being used, rather than the remote client's.
125: Cred::Cred(uid_t u, unsigned int ng, const gid_t *gs, int sockfd)
126: {
127: mac_t mac = NULL;
128: #ifdef HAVE_MAC
129: if (use_mac) tsix_get_mac(sockfd, &mac);
130: #endif
131: // The first gid in the group array should be considered the
132: // primary group id, and the remaining groups are additional
133: new_impl(u, gs[0], ng-1, gs+1, mac);
134: }
135:
136: // This is used by Cred::get_cred_for_untrusted_conn() to create a new
137: // Cred for each unauthenticated connection. Before the MAC stuff was
138: // added, we could just use the untrusted Cred, but now each untrusted can
139: // have their own MAC label.
140: Cred::Cred(int sockfd)
141: {
142: #ifdef HAVE_MAC
143: if (use_mac)
144: {
145: mac_t mac = NULL;
146: if(tsix_get_mac(sockfd, &mac) != 0)
147: {
148: // what to do in this case? Proceed without a good MAC label?
149: Log::error("tsix_get_mac failed for client fd %d", sockfd);
150: }
151: // this is broken: needs to test for null untrusted.p
152: else if (mac_equal(mac, untrusted.p->mac) == 0)
153: {
154: new_impl(untrusted.p->myuid, untrusted.p->mygid,
155: untrusted.p->nAddlGroups, untrusted.p->AddlGroups, mac);
156: return;
157: }
158: else mac_free(mac); // because we'll share the Implementation.
159: }
160: #endif
161: // If we're here, either we're not using MAC or the socket's MAC label
162: // matches untrusted's, so we want to share untrusted's Implementation.
163: p = untrusted.p;
164: if (p != NULL) p->refcount++;
165: }
166:
167: // This builds an invalid cred which shouldn't be used until it's assigned
168: // the value of a good cred. It's used for the uninitialized untrusted cred,
169: // and for the Creds which are created per-connection by
170: // Listener::accept_client.
171: Cred::Cred()
172: {
173: p = NULL;
174: }
175:
176: Cred::Cred(const Cred& that)
177: {
178: p = that.p;
179: if (p != NULL) p->refcount++;
180: }
181:
182: Cred::~Cred()
183: {
184: if (p && (!--p->refcount)) drop(p);
185: }
186:
187: Cred&
188: Cred::operator = (const Cred& that)
189: {
190: if (this != &that)
191: { if ((p != NULL) && (!--p->refcount))
192: drop(p);
193: p = that.p;
194: if (p != NULL) p->refcount++;
195: }
196: return *this;
197: }
198:
199: void
200: Cred::add(Implementation *np)
201: {
202: if (nimpl >= nimpl_alloc)
203: { nimpl_alloc = nimpl_alloc * 3 / 2 + 3;
204: Implementation **nl = new Implementation *[nimpl_alloc];
205: for (int i = 0; i < nimpl; i++)
206: nl[i] = impllist[i];
207: delete [] impllist;
208: impllist = nl;
209: }
210: impllist[nimpl++] = np;
211: }
212:
213: void
214: Cred::drop(Implementation *dp)
215: {
216: assert(!dp->refcount);
217: for (Implementation **pp = impllist, **end = pp + nimpl; pp < end; pp++)
218: if (*pp == dp)
219: { *pp = *--end;
220: assert(nimpl);
221: --nimpl;
222: break;
223: }
224: delete dp;
225:
226: if (!nimpl)
227: { delete[] impllist;
228: impllist = NULL;
229: nimpl_alloc = 0;
230: }
231: }
232:
233: void
234: Cred::new_impl(uid_t u, gid_t g, unsigned int ng, const gid_t *gs, mac_t mac)
235: {
236: for (Implementation **pp = impllist, **end = pp + nimpl; pp < end; pp++)
237: if ((*pp)->equal(u, g, ng, gs, mac))
238: { (*pp)->refcount++;
239: p = *pp;
240: #ifdef HAVE_MAC
241: if (mac != NULL) mac_free(mac);
242: #endif
243: return;
244: }
245:
246: p = new Implementation(u, g, ng, gs, mac);
247: add(p);
248: }
249:
250: void
251: Cred::set_untrusted_user(const char *name)
252: {
253: // The only time this should get called is at startup, when we're
254: // handling command-line or config-file options, and before any
255: // requests are accepted.
256: assert(!untrusted.is_valid());
257:
258: // The untrusted user is never used if we're running in
259: // insecure_compat mode.
260: if (insecure_compat) return;
261:
262: // First see if we were passed a uid.
263: const char *p = name;
264: while (isdigit(*p)) ++p;
265: if((*p == '\0') && (p != name)) // need at least one character!
266: {
267: uid_t uid = atoi(name);
268: struct passwd *pwd = getpwuid(uid);
269: if(pwd == NULL)
270: {
271: Log::error("Fatal misconfiguration: attempted to use unknown uid "
272: "\"%i\" for untrusted-user", uid);
273: exit(1);
274: }
275: Cred tmpcred(uid, -1);
276: untrusted = tmpcred;
277: Log::debug("Setting untrusted-user to \"%s\" (uid: %d, gid: %d)",
278: pwd->pw_name, pwd->pw_uid, pwd->pw_gid);
279: return;
280: }
281:
282: // Looks like we were passed a user name.
283: struct passwd *pwd = getpwnam(name);
284: if(pwd == NULL)
285: {
286: Log::error("Fatal misconfiguration: attempted to use unknown user "
287: "name \"%s\" for untrusted-user", name);
288: exit(1);
289: }
290: Log::debug("Setting untrusted-user to \"%s\" (uid: %d, gid: %d)",
291: name, pwd->pw_uid, pwd->pw_gid);
292: Cred tmpcred(pwd->pw_uid, -1);
293: untrusted = tmpcred;
294: }
295:
296: Cred
297: Cred::get_cred_for_untrusted_conn(int sockfd)
298: {
299: // An invalid Cred on a connection means we'll trust the Creds supplied
300: // by the connection. In the case where insecure_compat is enabled, we
301: // always want to return an invalid Cred. As it happens, untrusted is
302: // always invalid when insecure_compat is enabled, so we just use it.
303: // If insecure compat isn't enabled, we want to return a valid untrusted
304: // Cred.
305: assert(untrusted.is_valid() || insecure_compat);
306: return insecure_compat ? untrusted : Cred(sockfd);
307: }
308:
309: void
310: Cred::disable_mac()
311: {
312: #ifdef HAVE_MAC
313: use_mac = false;
314: Log::audit(true, "running with MAC disabled, so all client requests will "
315: "use fam's MAC label.");
316: #endif
317: }
318:
319: void
320: Cred::enable_insecure_compat()
321: {
322: insecure_compat = true;
323: Log::audit(true, "running in insecure compatibility mode");
324: Log::info("running in insecure compatibility mode");
325: }
326:
327: ///////////////////////////////////////////////////////////////////////////////
328:
329: Cred::Implementation::Implementation(uid_t u, gid_t g,
330: unsigned int ng, const gid_t *gs,
331: mac_t m)
332: : refcount(1), myuid(u), mygid(g), nAddlGroups(ng)
333: {
334: #ifdef HAVE_MAC
335: mac = NULL;
336: if (use_mac) mac = m;
337: else if (m != NULL) mac_free(m);
338: #endif
339: AddlGroups = new gid_t[ng];
340:
341: for (int i = 0; i < nAddlGroups; i++)
342: AddlGroups[i] = gs[i];
343:
344: if (nAddlGroups == 0) {
345: addlGroupsStr = new char[1];
346: *addlGroupsStr = '\0';
347: }
348: else {
349: // The format is: <number of addl groups> <gid1> <gid2> ... <gidn>
350:
351: // Assume that the each num and accompanying space (or null
352: // character in the case of the last one) will be <= 11 chars.
353: addlGroupsStr = new char[11*(nAddlGroups + 1)];
354: char * p = addlGroupsStr;
355: p += snprintf(p, 10, "%d", nAddlGroups);
356: for (int i = 0; i < nAddlGroups; i++)
357: {
358: p += snprintf(p, 11, " %d", AddlGroups[i]);
359: }
360: }
361: }
362:
363: Cred::Implementation::~Implementation()
364: {
365: if (this == last)
366: SuperUser.become_user();
367: delete [] AddlGroups;
368: delete [] addlGroupsStr;
369: #ifdef HAVE_MAC
370: if (mac != NULL) mac_free(mac);
371: #endif
372: }
373:
374: bool
375: Cred::Implementation::equal(uid_t u, gid_t g, unsigned int ng,
376: const gid_t *gs, mac_t mac) const
377: {
378: if ((u != myuid) || (g != mygid)) {
379: return false;
380: }
381: #ifdef HAVE_MAC
382: if ((use_mac) && (mac_equal(this->mac, mac) == 0)) return -1;
383: #endif
384: return addl_groups_equal(ng, gs);
385: }
386:
387: bool
388: Cred::Implementation::addl_groups_equal(unsigned int ng, const gid_t *gs) const
389: {
390: if (ng != nAddlGroups) {
391: return false;
392: }
393: for (int i = 0; i < nAddlGroups; i++)
394: if (AddlGroups[i] != gs[i])
395: return false;
396: return true;
397: }
398:
399: // This function returns a string representation of the additional
400: // groups, as required by ServerConnection::send_monitor().
401: const char *
402: Cred::Implementation::getAddlGroupsString() const {
403: return addlGroupsStr;
404: }
405:
406: void
407: Cred::Implementation::become_user() const
408: {
409: // If we're becoming the same user we currently are, then we can
410: // just skip everything.
411: if (this == last)
412: return;
413:
414: uid_t current_uid = last ? last->myuid : 0;
415: if (current_uid != 0) {
416: /* Temporarily set the effective uid to root's uid
417: * so that we have permission to call setgroups, etc.
418: * This assumes, of course, that we were started as root,
419: * so that we have permission to do this.
420: */
421: Log::debug("Setting euid to 0");
422: if (seteuid(0) != 0)
423: {
424: Log::perror("failed to set 0 uid");
425: exit(1);
426: }
427: }
428:
429: // We need to set the primary group and additional groups before
430: // setting our euid because non-root users don't have permission
431: // to change the groups.
432: if (!last || !addl_groups_equal(last->nAddlGroups, last->AddlGroups)) {
433: if (setgroups(nAddlGroups, AddlGroups) != 0) {
434: Log::perror("failed to set groups");
435: exit(1);
436: } else if (Log::get_level() == Log::DEBUG) {
437: if (nAddlGroups == 0) {
438: Log::debug("Setting groups to: (none)");
439: } else {
440: // The groupStr variable is almost what we want, but
441: // it has the number of groups prepended. So just
442: // skip over that.
443: char * p = strchr(addlGroupsStr, ' ');
444: Log::debug("Setting groups to: %s", p+1);
445: }
446: }
447: } else {
448: Log::debug("Skipping setting groups, because they're already correct");
449: }
450:
451: if (!last || (mygid != last->mygid)) {
452: if (setegid(mygid)) {
453: Log::perror("failed to set gid %d", mygid);
454: exit(1);
455: } else {
456: Log::debug("Setting egid to %i", mygid);
457: }
458: } else {
459: Log::debug("Skipping setting egid, because it's already correct");
460: }
461:
462:
463:
464: if (myuid != 0) { // We can skip this if we're becoming root, as
465: // we either entered this function as root, or
466: // set our euid to root above
467: if (seteuid(myuid)) {
468: Log::perror("failed to set uid %d", myuid);
469: exit(1);
470: } else {
471: Log::debug("Setting euid to %i", myuid);
472: }
473: } else {
474: if (current_uid != 0) {
475: // We already logged a message above
476: } else {
477: Log::debug("Skipping setting euid, because it's already 0");
478: }
479: }
480:
481:
482: #ifdef HAVE_MAC
483: if (use_mac)
484: {
485: if (mac_set_proc(mac) != 0)
486: {
487: Log::perror("become_user() failed to set MAC label for uid %d", myuid);
488: }
489: }
490: #endif
491: last = this;
492: }
493:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to Cred.c++ CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [Development] / fam / fam