xref: /netbsd/sbin/mount_portal/pt_file.c (revision bf9ec67e) 
1 /*	$NetBSD: pt_file.c,v 1.13 2001/01/10 03:33:16 lukem Exp $	*/
2 
3 /*
4  * Copyright (c) 1992, 1993
5  *	The Regents of the University of California.  All rights reserved.
6  *
7  * This code is derived from software donated to Berkeley by
8  * Jan-Simon Pendry.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  * 1. Redistributions of source code must retain the above copyright
14  *    notice, this list of conditions and the following disclaimer.
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  * 3. All advertising materials mentioning features or use of this software
19  *    must display the following acknowledgement:
20  *	This product includes software developed by the University of
21  *	California, Berkeley and its contributors.
22  * 4. Neither the name of the University nor the names of its contributors
23  *    may be used to endorse or promote products derived from this software
24  *    without specific prior written permission.
25  *
26  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
27  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
30  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36  * SUCH DAMAGE.
37  *
38  *	from: Id: pt_file.c,v 1.1 1992/05/25 21:43:09 jsp Exp
39  *	@(#)pt_file.c	8.3 (Berkeley) 7/3/94
40  */
41 
42 #include <sys/cdefs.h>
43 #ifndef lint
44 __RCSID("$NetBSD: pt_file.c,v 1.13 2001/01/10 03:33:16 lukem Exp $");
45 #endif /* not lint */
46 
47 #include <stdio.h>
48 #include <unistd.h>
49 #include <stdlib.h>
50 #include <string.h>
51 #include <errno.h>
52 #include <fcntl.h>
53 #include <sys/types.h>
54 #include <sys/param.h>
55 #include <sys/syslog.h>
56 
57 #include "portald.h"
58 
59 #ifdef DEBUG
60 #define DEBUG_SYSLOG	syslog
61 #else
62 /*
63  * The "if (0) ..." will be optimized away by the compiler if
64  * DEBUG is not defined.
65  */
66 #define DEBUG_SYSLOG	if (0) syslog
67 #endif
68 
69 int
70 lose_credentials(pcr)
71 	struct portal_cred	*pcr;
72 {
73 	/*
74 	 * If we are root, then switch into the caller's credentials.
75 	 * By the way, we _always_ log failures, to make
76 	 * sure questionable activity is noticed.
77 	 */
78 	if (getuid() == 0) {
79 		/* Set groups first ... */
80 		if (setgroups(pcr->pcr_ngroups, pcr->pcr_groups) < 0) {
81 			syslog(LOG_WARNING,
82 			    "lose_credentials: setgroups() failed (%m)");
83 			return (errno);
84 		}
85 		/* ... then gid ... */
86 		if (setgid(pcr->pcr_gid) < 0) {
87 			syslog(LOG_WARNING,
88 				"lose_credentials: setgid(%d) failed (%m)",
89 				pcr->pcr_gid);
90 		}
91 		/*
92 		 * ... and now do the setuid() where we lose all special
93 		 * powers (both real and effective userid).
94 		 */
95 		if (setuid(pcr->pcr_uid) < 0) {
96 			syslog(LOG_WARNING,
97 				"lose_credentials: setuid(%d) failed (%m)",
98 				pcr->pcr_uid);
99 		}
100 		/* The credential change was successful! */
101 		DEBUG_SYSLOG(LOG_DEBUG, "Root-owned mount process lowered credentials -- returning successfully!\n");
102 		return 0;
103 	}
104 	DEBUG_SYSLOG(LOG_DEBUG, "Actual/effective/caller's creds are:");
105 	DEBUG_SYSLOG(LOG_DEBUG, "%d/%d %d/%d %d/%d", getuid(),
106 	    getgid(), geteuid(), getegid(), pcr->pcr_uid, pcr->pcr_gid);
107 	/*
108 	 * Else, fail if the uid is neither actual or effective
109 	 * uid of mount process...
110 	 */
111 	if ((getuid() != pcr->pcr_uid) && (geteuid() != pcr->pcr_uid)) {
112 		syslog(LOG_WARNING,
113 		    "lose_credentials: uid %d != uid %d, or euid %d != uid %d",
114 		    getuid(), pcr->pcr_uid, geteuid(), pcr->pcr_uid);
115 		return EPERM;
116 	}
117 	/*
118 	 * ... or the gid is neither the actual or effective
119 	 * gid of the mount process.
120 	 */
121 	if ((getgid() != pcr->pcr_gid) && (getegid() != pcr->pcr_gid)) {
122 		syslog(LOG_WARNING,
123 		    "lose_credentials: gid %d != gid %d, or egid %d != gid %d",
124 		    getgid(), pcr->pcr_gid, getegid(), pcr->pcr_gid);
125 		return EPERM;
126 	}
127 	/*
128 	 * If we make it here, we have a uid _and_ gid match! Allow the
129 	 * access.
130 	 */
131 	DEBUG_SYSLOG(LOG_DEBUG, "Returning successfully!\n");
132 	return 0;
133 }
134 
135 int
136 portal_file(pcr, key, v, so, fdp)
137 	struct portal_cred *pcr;
138 	char   *key;
139 	char  **v;
140 	int     so;
141 	int    *fdp;
142 {
143 	int     fd;
144 	char    pbuf[MAXPATHLEN];
145 	int     error;
146 	int     origuid, origgid;
147 
148 	origuid = getuid();
149 	origgid = getgid();
150 	pbuf[0] = '/';
151 	strcpy(pbuf + 1, key + (v[1] ? strlen(v[1]) : 0));
152 	DEBUG_SYSLOG(LOG_DEBUG, "path = %s, uid = %d, gid = %d",
153 	    pbuf, pcr->pcr_uid, pcr->pcr_gid);
154 
155 	if ((error = lose_credentials(pcr)) != 0) {
156 		DEBUG_SYSLOG(LOG_DEBUG, "portal_file: Credential err %d", error);
157 		return error;
158 	}
159 	error = 0;
160 	/*
161 	 * Be careful -- only set error to errno if there is an error.
162 	 * errno could hold an old, uncaught value, from a routine
163 	 * called long before now.
164 	 */
165 	fd = open(pbuf, O_RDWR | O_CREAT, 0666);
166 	if (fd < 0) {
167 		error = errno;
168 		if (error == EACCES) {
169 			DEBUG_SYSLOG(LOG_DEBUG, "Error:  could not open '%s' "
170 			    "read/write with create flag.  "
171 			    "Trying read-only open...", pbuf);
172 			/* Try opening read-only. */
173 			fd = open(pbuf, O_RDONLY, 0);
174 			if (fd < 0) {
175 				error = errno;
176 				DEBUG_SYSLOG(LOG_DEBUG, "That failed too!  %m");
177 			} else {
178 				/* Clear the error indicator. */
179 				error = 0;
180 			}
181 		} else {
182 			DEBUG_SYSLOG(LOG_DEBUG, "Error:  could not open '%s': %m", pbuf);
183 		}
184 
185 	}
186 	if (seteuid((uid_t) origuid) < 0) {	/* XXX - should reset gidset
187 						 * too */
188 		error = errno;
189 		syslog(LOG_WARNING, "setcred: %m");
190 		if (fd >= 0) {
191 			(void) close(fd);
192 			fd = -1;
193 		}
194 	}
195 	if (error == 0)
196 		*fdp = fd;
197 
198 	DEBUG_SYSLOG(LOG_DEBUG, "pt_file returns *fdp = %d, error = %d", *fdp,
199 	    error);
200 	return (error);
201 }
202