1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
|
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2009 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
/*
* Routines to set gssd value of uid and replace getuid libsys call.
*/
#include <sys/types.h>
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <libintl.h>
#include <priv.h>
#include <errno.h>
#include <syslog.h>
static uid_t krb5_cc_uid;
#define LOWPRIVS "basic,!file_link_any,!proc_info,!proc_session," \
"!proc_fork,!proc_exec"
static priv_set_t *lowprivs = NULL;
static priv_set_t *highprivs = NULL;
/*
* NOTE WELL: This assumes gssd is NOT multi-threaded. Do NOT add -A to
* the rpcgen argument list in the Makefile unless you also remove this
* assumption.
*/
void
set_gssd_uid(uid_t uid)
{
/* Initialize */
if (lowprivs == NULL) {
/* L, P & I shall not change in gssd; we manipulate P though */
if ((highprivs = priv_allocset()) == NULL ||
(lowprivs = priv_str_to_set(LOWPRIVS, ",", NULL)) == NULL) {
printf(gettext(
"fatal: can't allocate privilege set (%s)\n"),
strerror(ENOMEM));
syslog(LOG_ERR, "Fatal: can't allocate privilege "
"set (%s)"), strerror(ENOMEM);
exit(1);
}
/* P has the privs we need when we need privs */
(void) getppriv(PRIV_PERMITTED, highprivs);
/*
* In case "basic" grows privs not excluded in LOWPRIVS
* but excluded in the service's method_context
*/
priv_intersect(highprivs, lowprivs);
(void) setpflags(PRIV_AWARE, 1);
}
printf(gettext("set_gssd_uid called with uid = %d\n"), uid);
/*
* nfsd runs as UID 1, so upcalls triggered by nfsd will cause uid to
* 1 here, but nfsd's upcalls need to run as root with privs here.
*/
if (uid == 1)
uid = 0;
/*
* Set the value of krb5_cc_uid, so it can be retrieved when
* app_krb5_user_uid() is called by the underlying mechanism
* libraries. This should go away soon.
*/
krb5_cc_uid = uid;
/* Claw privs back */
(void) setppriv(PRIV_SET, PRIV_EFFECTIVE, highprivs);
/*
* Switch uid and set the saved set-uid to 0 so setuid(0) will work
* later.
*/
if (setuid(0) != 0 ||
(uid != 0 && setreuid(uid, -1) != 0) ||
(uid != 0 && seteuid(uid) != 0)) {
/* Not enough privs, so bail! */
printf(gettext(
"fatal: gssd is running with insufficient privilege\n"));
syslog(LOG_ERR, "Fatal: gssd is running with insufficient "
"privilege.");
exit(1);
}
/* Temporarily drop privs, but only if uid != 0 */
if (uid != 0)
(void) setppriv(PRIV_SET, PRIV_EFFECTIVE, lowprivs);
}
uid_t
app_krb5_user_uid(void)
{
/*
* return the value set when one of the gssd procedures was
* entered. This is the value of the uid under which the
* underlying mechanism library must operate in order to
* get the user's credentials. This call is necessary since
* gssd runs as root and credentials are many times stored
* in files and directories specific to the user
*/
printf(gettext(
"getuid called and returning krb5_cc_uid = %d\n"), krb5_cc_uid);
return (krb5_cc_uid);
}
|
