1 /* $NetBSD: pt_file.c,v 1.13 2001/01/10 03:33:16 lukem Exp $ */ 2 3 /* 4 * Copyright (c) 1992, 1993 5 * The Regents of the University of California. All rights reserved. 6 * 7 * This code is derived from software donated to Berkeley by 8 * Jan-Simon Pendry. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. All advertising materials mentioning features or use of this software 19 * must display the following acknowledgement: 20 * This product includes software developed by the University of 21 * California, Berkeley and its contributors. 22 * 4. Neither the name of the University nor the names of its contributors 23 * may be used to endorse or promote products derived from this software 24 * without specific prior written permission. 25 * 26 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 * 38 * from: Id: pt_file.c,v 1.1 1992/05/25 21:43:09 jsp Exp 39 * @(#)pt_file.c 8.3 (Berkeley) 7/3/94 40 */ 41 42 #include <sys/cdefs.h> 43 #ifndef lint 44 __RCSID("$NetBSD: pt_file.c,v 1.13 2001/01/10 03:33:16 lukem Exp $"); 45 #endif /* not lint */ 46 47 #include <stdio.h> 48 #include <unistd.h> 49 #include <stdlib.h> 50 #include <string.h> 51 #include <errno.h> 52 #include <fcntl.h> 53 #include <sys/types.h> 54 #include <sys/param.h> 55 #include <sys/syslog.h> 56 57 #include "portald.h" 58 59 #ifdef DEBUG 60 #define DEBUG_SYSLOG syslog 61 #else 62 /* 63 * The "if (0) ..." will be optimized away by the compiler if 64 * DEBUG is not defined. 65 */ 66 #define DEBUG_SYSLOG if (0) syslog 67 #endif 68 69 int 70 lose_credentials(pcr) 71 struct portal_cred *pcr; 72 { 73 /* 74 * If we are root, then switch into the caller's credentials. 75 * By the way, we _always_ log failures, to make 76 * sure questionable activity is noticed. 77 */ 78 if (getuid() == 0) { 79 /* Set groups first ... */ 80 if (setgroups(pcr->pcr_ngroups, pcr->pcr_groups) < 0) { 81 syslog(LOG_WARNING, 82 "lose_credentials: setgroups() failed (%m)"); 83 return (errno); 84 } 85 /* ... then gid ... */ 86 if (setgid(pcr->pcr_gid) < 0) { 87 syslog(LOG_WARNING, 88 "lose_credentials: setgid(%d) failed (%m)", 89 pcr->pcr_gid); 90 } 91 /* 92 * ... and now do the setuid() where we lose all special 93 * powers (both real and effective userid). 94 */ 95 if (setuid(pcr->pcr_uid) < 0) { 96 syslog(LOG_WARNING, 97 "lose_credentials: setuid(%d) failed (%m)", 98 pcr->pcr_uid); 99 } 100 /* The credential change was successful! */ 101 DEBUG_SYSLOG(LOG_DEBUG, "Root-owned mount process lowered credentials -- returning successfully!\n"); 102 return 0; 103 } 104 DEBUG_SYSLOG(LOG_DEBUG, "Actual/effective/caller's creds are:"); 105 DEBUG_SYSLOG(LOG_DEBUG, "%d/%d %d/%d %d/%d", getuid(), 106 getgid(), geteuid(), getegid(), pcr->pcr_uid, pcr->pcr_gid); 107 /* 108 * Else, fail if the uid is neither actual or effective 109 * uid of mount process... 110 */ 111 if ((getuid() != pcr->pcr_uid) && (geteuid() != pcr->pcr_uid)) { 112 syslog(LOG_WARNING, 113 "lose_credentials: uid %d != uid %d, or euid %d != uid %d", 114 getuid(), pcr->pcr_uid, geteuid(), pcr->pcr_uid); 115 return EPERM; 116 } 117 /* 118 * ... or the gid is neither the actual or effective 119 * gid of the mount process. 120 */ 121 if ((getgid() != pcr->pcr_gid) && (getegid() != pcr->pcr_gid)) { 122 syslog(LOG_WARNING, 123 "lose_credentials: gid %d != gid %d, or egid %d != gid %d", 124 getgid(), pcr->pcr_gid, getegid(), pcr->pcr_gid); 125 return EPERM; 126 } 127 /* 128 * If we make it here, we have a uid _and_ gid match! Allow the 129 * access. 130 */ 131 DEBUG_SYSLOG(LOG_DEBUG, "Returning successfully!\n"); 132 return 0; 133 } 134 135 int 136 portal_file(pcr, key, v, so, fdp) 137 struct portal_cred *pcr; 138 char *key; 139 char **v; 140 int so; 141 int *fdp; 142 { 143 int fd; 144 char pbuf[MAXPATHLEN]; 145 int error; 146 int origuid, origgid; 147 148 origuid = getuid(); 149 origgid = getgid(); 150 pbuf[0] = '/'; 151 strcpy(pbuf + 1, key + (v[1] ? strlen(v[1]) : 0)); 152 DEBUG_SYSLOG(LOG_DEBUG, "path = %s, uid = %d, gid = %d", 153 pbuf, pcr->pcr_uid, pcr->pcr_gid); 154 155 if ((error = lose_credentials(pcr)) != 0) { 156 DEBUG_SYSLOG(LOG_DEBUG, "portal_file: Credential err %d", error); 157 return error; 158 } 159 error = 0; 160 /* 161 * Be careful -- only set error to errno if there is an error. 162 * errno could hold an old, uncaught value, from a routine 163 * called long before now. 164 */ 165 fd = open(pbuf, O_RDWR | O_CREAT, 0666); 166 if (fd < 0) { 167 error = errno; 168 if (error == EACCES) { 169 DEBUG_SYSLOG(LOG_DEBUG, "Error: could not open '%s' " 170 "read/write with create flag. " 171 "Trying read-only open...", pbuf); 172 /* Try opening read-only. */ 173 fd = open(pbuf, O_RDONLY, 0); 174 if (fd < 0) { 175 error = errno; 176 DEBUG_SYSLOG(LOG_DEBUG, "That failed too! %m"); 177 } else { 178 /* Clear the error indicator. */ 179 error = 0; 180 } 181 } else { 182 DEBUG_SYSLOG(LOG_DEBUG, "Error: could not open '%s': %m", pbuf); 183 } 184 185 } 186 if (seteuid((uid_t) origuid) < 0) { /* XXX - should reset gidset 187 * too */ 188 error = errno; 189 syslog(LOG_WARNING, "setcred: %m"); 190 if (fd >= 0) { 191 (void) close(fd); 192 fd = -1; 193 } 194 } 195 if (error == 0) 196 *fdp = fd; 197 198 DEBUG_SYSLOG(LOG_DEBUG, "pt_file returns *fdp = %d, error = %d", *fdp, 199 error); 200 return (error); 201 } 202