Context Navigation

source: branches/samba-3.0/source/lib/util_sec.c

Visit:

Last change on this file was 26, checked in by Paul Smedley, 18 years ago
Updated source to 3.0.25rc1
File size: 11.7 KB

Line
1	/*
2	Unix SMB/CIFS implementation.
3	Copyright (C) Jeremy Allison 1998.
4	rewritten for version 2.0.6 by Tridge
5
6	This program is free software; you can redistribute it and/or modify
7	it under the terms of the GNU General Public License as published by
8	the Free Software Foundation; either version 2 of the License, or
9	(at your option) any later version.
10
11	This program is distributed in the hope that it will be useful,
12	but WITHOUT ANY WARRANTY; without even the implied warranty of
13	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14	GNU General Public License for more details.
15
16	You should have received a copy of the GNU General Public License
17	along with this program; if not, write to the Free Software
18	Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
19	*/
20
21	#ifndef AUTOCONF_TEST
22	#include "includes.h"
23	#else
24	/* we are running this code in autoconf test mode to see which type of setuid
25	function works */
26	#if defined(HAVE_UNISTD_H)
27	#include <unistd.h>
28	#endif
29	#include <stdlib.h>
30	#include <stdio.h>
31	#include <sys/types.h>
32	#include <errno.h>
33
34	#ifdef HAVE_SYS_PRIV_H
35	#include <sys/priv.h>
36	#endif
37	#ifdef HAVE_SYS_ID_H
38	#include <sys/id.h>
39	#endif
40
41	#define DEBUG(x, y) printf y
42	#define smb_panic(x) exit(1)
43	#define BOOL int
44	#endif
45
46	/* are we running as non-root? This is used by the regresison test code,
47	and potentially also for sites that want non-root smbd */
48	static uid_t initial_uid;
49	static gid_t initial_gid;
50
51	/****************************************************************************
52	remember what uid we got started as - this allows us to run correctly
53	as non-root while catching trapdoor systems
54	****************************************************************************/
55
56	void sec_init(void)
57	{
58	static int initialized;
59
60	if (!initialized) {
61	initial_uid = geteuid();
62	initial_gid = getegid();
63	initialized = 1;
64	}
65	}
66
67	/****************************************************************************
68	some code (eg. winbindd) needs to know what uid we started as
69	****************************************************************************/
70	uid_t sec_initial_uid(void)
71	{
72	return initial_uid;
73	}
74
75	/****************************************************************************
76	some code (eg. winbindd, profiling shm) needs to know what gid we started as
77	****************************************************************************/
78	gid_t sec_initial_gid(void)
79	{
80	return initial_gid;
81	}
82
83	/****************************************************************************
84	are we running in non-root mode?
85	****************************************************************************/
86	BOOL non_root_mode(void)
87	{
88	return (initial_uid != (uid_t)0);
89	}
90
91	/****************************************************************************
92	abort if we haven't set the uid correctly
93	****************************************************************************/
94	static void assert_uid(uid_t ruid, uid_t euid)
95	{
96	#ifndef __OS2__
97	if ((euid != (uid_t)-1 && geteuid() != euid) \|\|
98	(ruid != (uid_t)-1 && getuid() != ruid)) {
99	if (!non_root_mode()) {
100	DEBUG(0,("Failed to set uid privileges to (%d,%d) now set to (%d,%d)\n",
101	(int)ruid, (int)euid,
102	(int)getuid(), (int)geteuid()));
103	smb_panic("failed to set uid\n");
104	exit(1);
105	}
106	}
107	#endif /* __OS2__ */
108	}
109
110	/****************************************************************************
111	abort if we haven't set the gid correctly
112	****************************************************************************/
113	static void assert_gid(gid_t rgid, gid_t egid)
114	{
115	#ifndef __OS2__
116	if ((egid != (gid_t)-1 && getegid() != egid) \|\|
117	(rgid != (gid_t)-1 && getgid() != rgid)) {
118	if (!non_root_mode()) {
119	DEBUG(0,("Failed to set gid privileges to (%d,%d) now set to (%d,%d) uid=(%d,%d)\n",
120	(int)rgid, (int)egid,
121	(int)getgid(), (int)getegid(),
122	(int)getuid(), (int)geteuid()));
123	smb_panic("failed to set gid\n");
124	exit(1);
125	}
126	}
127	#endif
128	}
129
130	/****************************************************************************
131	Gain root privilege before doing something.
132	We want to end up with ruid==euid==0
133	****************************************************************************/
134	void gain_root_privilege(void)
135	{
136	#if USE_SETRESUID
137	setresuid(0,0,0);
138	#endif
139
140	#if USE_SETEUID
141	seteuid(0);
142	#endif
143
144	#if USE_SETREUID
145	setreuid(0, 0);
146	#endif
147
148	#if USE_SETUIDX
149	setuidx(ID_EFFECTIVE, 0);
150	setuidx(ID_REAL, 0);
151	#endif
152
153	/* this is needed on some systems */
154	setuid(0);
155
156	assert_uid(0, 0);
157	}
158
159
160	/****************************************************************************
161	Ensure our real and effective groups are zero.
162	we want to end up with rgid==egid==0
163	****************************************************************************/
164	void gain_root_group_privilege(void)
165	{
166	#if USE_SETRESUID
167	setresgid(0,0,0);
168	#endif
169
170	#if USE_SETREUID
171	setregid(0,0);
172	#endif
173
174	#if USE_SETEUID
175	setegid(0);
176	#endif
177
178	#if USE_SETUIDX
179	setgidx(ID_EFFECTIVE, 0);
180	setgidx(ID_REAL, 0);
181	#endif
182
183	setgid(0);
184
185	assert_gid(0, 0);
186	}
187
188
189	/****************************************************************************
190	Set effective uid, and possibly the real uid too.
191	We want to end up with either:
192
193	ruid==uid and euid==uid
194
195	or
196
197	ruid==0 and euid==uid
198
199	depending on what the local OS will allow us to regain root from.
200	****************************************************************************/
201	void set_effective_uid(uid_t uid)
202	{
203	#if USE_SETRESUID
204	/* Set the effective as well as the real uid. */
205	if (setresuid(uid,uid,-1) == -1) {
206	if (errno == EAGAIN) {
207	DEBUG(0, ("setresuid failed with EAGAIN. uid(%d) "
208	"might be over its NPROC limit\n",
209	(int)uid));
210	}
211	}
212	#endif
213
214	#if USE_SETREUID
215	setreuid(-1,uid);
216	#endif
217
218	#if USE_SETEUID
219	seteuid(uid);
220	#endif
221
222	#if USE_SETUIDX
223	setuidx(ID_EFFECTIVE, uid);
224	#endif
225
226	assert_uid(-1, uid);
227	}
228
229	/****************************************************************************
230	Set only the effective gid.
231	we want to end up with rgid==0 and egid==gid
232	****************************************************************************/
233	void set_effective_gid(gid_t gid)
234	{
235	#if USE_SETRESUID
236	setresgid(-1,gid,-1);
237	#endif
238
239	#if USE_SETREUID
240	setregid(-1,gid);
241	#endif
242
243	#if USE_SETEUID
244	setegid(gid);
245	#endif
246
247	#if USE_SETUIDX
248	setgidx(ID_EFFECTIVE, gid);
249	#endif
250
251	assert_gid(-1, gid);
252	}
253
254	static uid_t saved_euid, saved_ruid;
255	static gid_t saved_egid, saved_rgid;
256
257	/****************************************************************************
258	save the real and effective uid for later restoration. Used by the quotas
259	code
260	****************************************************************************/
261	void save_re_uid(void)
262	{
263	saved_ruid = getuid();
264	saved_euid = geteuid();
265	}
266
267
268	/****************************************************************************
269	and restore them!
270	****************************************************************************/
271
272	void restore_re_uid_fromroot(void)
273	{
274	#if USE_SETRESUID
275	setresuid(saved_ruid, saved_euid, -1);
276	#elif USE_SETREUID
277	setreuid(saved_ruid, -1);
278	setreuid(-1,saved_euid);
279	#elif USE_SETUIDX
280	setuidx(ID_REAL, saved_ruid);
281	setuidx(ID_EFFECTIVE, saved_euid);
282	#else
283	set_effective_uid(saved_euid);
284	if (getuid() != saved_ruid)
285	setuid(saved_ruid);
286	set_effective_uid(saved_euid);
287	#endif
288
289	assert_uid(saved_ruid, saved_euid);
290	}
291
292	void restore_re_uid(void)
293	{
294	set_effective_uid(0);
295	restore_re_uid_fromroot();
296	}
297
298	/****************************************************************************
299	save the real and effective gid for later restoration. Used by the
300	getgroups code
301	****************************************************************************/
302	void save_re_gid(void)
303	{
304	saved_rgid = getgid();
305	saved_egid = getegid();
306	}
307
308	/****************************************************************************
309	and restore them!
310	****************************************************************************/
311	void restore_re_gid(void)
312	{
313	#if USE_SETRESUID
314	setresgid(saved_rgid, saved_egid, -1);
315	#elif USE_SETREUID
316	setregid(saved_rgid, -1);
317	setregid(-1,saved_egid);
318	#elif USE_SETUIDX
319	setgidx(ID_REAL, saved_rgid);
320	setgidx(ID_EFFECTIVE, saved_egid);
321	#else
322	set_effective_gid(saved_egid);
323	if (getgid() != saved_rgid)
324	setgid(saved_rgid);
325	set_effective_gid(saved_egid);
326	#endif
327
328	assert_gid(saved_rgid, saved_egid);
329	}
330
331
332	/****************************************************************************
333	set the real AND effective uid to the current effective uid in a way that
334	allows root to be regained.
335	This is only possible on some platforms.
336	****************************************************************************/
337	int set_re_uid(void)
338	{
339	uid_t uid = geteuid();
340
341	#if USE_SETRESUID
342	setresuid(geteuid(), -1, -1);
343	#endif
344
345	#if USE_SETREUID
346	setreuid(0, 0);
347	setreuid(uid, -1);
348	setreuid(-1, uid);
349	#endif
350
351	#if USE_SETEUID
352	/* can't be done */
353	return -1;
354	#endif
355
356	#if USE_SETUIDX
357	/* can't be done */
358	return -1;
359	#endif
360
361	assert_uid(uid, uid);
362	return 0;
363	}
364
365
366	/****************************************************************************
367	Become the specified uid and gid - permanently !
368	there should be no way back if possible
369	****************************************************************************/
370	void become_user_permanently(uid_t uid, gid_t gid)
371	{
372	/*
373	* First - gain root privilege. We do this to ensure
374	* we can lose it again.
375	*/
376
377	gain_root_privilege();
378	gain_root_group_privilege();
379
380	#if USE_SETRESUID
381	setresgid(gid,gid,gid);
382	setgid(gid);
383	setresuid(uid,uid,uid);
384	setuid(uid);
385	#endif
386
387	#if USE_SETREUID
388	setregid(gid,gid);
389	setgid(gid);
390	setreuid(uid,uid);
391	setuid(uid);
392	#endif
393
394	#if USE_SETEUID
395	setegid(gid);
396	setgid(gid);
397	setuid(uid);
398	seteuid(uid);
399	setuid(uid);
400	#endif
401
402	#if USE_SETUIDX
403	setgidx(ID_REAL, gid);
404	setgidx(ID_EFFECTIVE, gid);
405	setgid(gid);
406	setuidx(ID_REAL, uid);
407	setuidx(ID_EFFECTIVE, uid);
408	setuid(uid);
409	#endif
410
411	assert_uid(uid, uid);
412	assert_gid(gid, gid);
413	}
414
415	#ifdef AUTOCONF_TEST
416
417	/****************************************************************************
418	this function just checks that we don't get ENOSYS back
419	****************************************************************************/
420	static int have_syscall(void)
421	{
422	errno = 0;
423
424	#if USE_SETRESUID
425	setresuid(-1,-1,-1);
426	#endif
427
428	#if USE_SETREUID
429	setreuid(-1,-1);
430	#endif
431
432	#if USE_SETEUID
433	seteuid(-1);
434	#endif
435
436	#if USE_SETUIDX
437	setuidx(ID_EFFECTIVE, -1);
438	#endif
439
440	if (errno == ENOSYS) return -1;
441
442	return 0;
443	}
444
445	main()
446	{
447	if (getuid() != 0) {
448	#if (defined(AIX) && defined(USE_SETREUID))
449	/* setreuid is badly broken on AIX 4.1, we avoid it completely */
450	fprintf(stderr,"avoiding possibly broken setreuid\n");
451	exit(1);
452	#endif
453
454	/* if not running as root then at least check to see if we get ENOSYS - this
455	handles Linux 2.0.x with glibc 2.1 */
456	fprintf(stderr,"not running as root: checking for ENOSYS\n");
457	exit(have_syscall());
458	}
459
460	gain_root_privilege();
461	gain_root_group_privilege();
462	set_effective_gid(1);
463	set_effective_uid(1);
464	save_re_uid();
465	restore_re_uid();
466	gain_root_privilege();
467	gain_root_group_privilege();
468	become_user_permanently(1, 1);
469	setuid(0);
470	if (getuid() == 0) {
471	fprintf(stderr,"uid not set permanently\n");
472	exit(1);
473	}
474
475	printf("OK\n");
476
477	exit(0);
478	}
479	#endif
480
481	/****************************************************************************
482	Check if we are setuid root. Used in libsmb and smbpasswd paranoia checks.
483	****************************************************************************/
484	BOOL is_setuid_root(void)
485	{
486	return (geteuid() == (uid_t)0) && (getuid() != (uid_t)0);
487	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: