blob: f3a15cea3c5f0eb60f7b8988dbe6ecdb12b5aca3 [file] [log] [blame]
paul01245822003-05-20 01:22:17 +00001/*
2 * Zebra privileges.
3 *
4 * Copyright (C) 2003 Paul Jakma.
5 *
6 * This file is part of GNU Zebra.
7 *
8 * GNU Zebra is free software; you can redistribute it and/or modify it
9 * under the terms of the GNU General Public License as published by the
10 * Free Software Foundation; either version 2, or (at your option) any
11 * later version.
12 *
13 * GNU Zebra is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with GNU Zebra; see the file COPYING. If not, write to the Free
20 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
21 * 02111-1307, USA.
22 */
23
24#include <zebra.h>
25#include "log.h"
26#include "privs.h"
27#include "memory.h"
paul01245822003-05-20 01:22:17 +000028
29/* internal privileges state */
30static struct _zprivs_t
31{
32#ifdef HAVE_LCAPS
33 cap_t caps; /* caps storage */
34 cap_value_t *syscaps_p; /* system permitted caps */
35 cap_value_t *syscaps_i; /* system inheritable caps */
36 int sys_num_p; /* number of syscaps_p */
37 int sys_num_i; /* number of syscaps_i */
38#endif /* HAVE_LCAPS */
39 uid_t zuid, /* uid to run as */
40 zsuid; /* saved uid */
41 gid_t zgid; /* gid to run as */
hassoba3a0bc2003-06-04 17:41:54 +000042 gid_t vtygrp; /* gid for vty sockets */
paul01245822003-05-20 01:22:17 +000043} zprivs_state;
44
45/* externally exported but not directly accessed functions */
46#ifdef HAVE_LCAPS
47int zprivs_change_caps (zebra_privs_ops_t);
48zebra_privs_current_t zprivs_state_caps (void);
49#endif /* HAVE_LCAPS */
50int zprivs_change_uid (zebra_privs_ops_t);
51zebra_privs_current_t zprivs_state_uid (void);
52int zprivs_change_null (zebra_privs_ops_t);
53zebra_privs_current_t zprivs_state_null (void);
54void zprivs_terminate (void);
55
56#ifdef HAVE_LCAPS
57static int
58cap_map [ZCAP_MAX] =
59{
60 [ZCAP_SETGID] = CAP_SETGID,
61 [ZCAP_SETUID] = CAP_SETUID,
62 [ZCAP_BIND] = CAP_NET_BIND_SERVICE,
63 [ZCAP_BROADCAST] = CAP_NET_BROADCAST,
64 [ZCAP_ADMIN] = CAP_NET_ADMIN,
65 [ZCAP_RAW] = CAP_NET_RAW,
66 [ZCAP_CHROOT] = CAP_SYS_CHROOT,
67 [ZCAP_NICE] = CAP_SYS_NICE,
paul8d6b00e2003-05-22 02:35:52 +000068 [ZCAP_PTRACE] = CAP_SYS_PTRACE,
69 [ZCAP_DAC_OVERRIDE] = CAP_DAC_OVERRIDE,
70 [ZCAP_READ_SEARCH] = CAP_DAC_READ_SEARCH,
71 [ZCAP_SYS_ADMIN] = CAP_SYS_ADMIN,
hassoba3a0bc2003-06-04 17:41:54 +000072 [ZCAP_FOWNER] = CAP_FOWNER
paul01245822003-05-20 01:22:17 +000073};
74
paul01245822003-05-20 01:22:17 +000075/* convert zebras privileges to system capabilities */
76static cap_value_t *
77zcaps2sys (zebra_capabilities_t *zcaps, int num)
78{
79 cap_value_t *syscaps;
80 int i;
81
82 if (!num)
83 return NULL;
84
85 syscaps = (cap_value_t *) XCALLOC ( MTYPE_PRIVS,
86 (sizeof(cap_value_t) * num) );
87 if (!syscaps)
88 {
89 zlog_err ("zcap2sys: could not XCALLOC!");
90 return NULL;
91 }
92
93 for (i=0; i < num; i++)
94 {
95 syscaps[i] = cap_map[zcaps[i]];
96 }
97
98 return syscaps;
99}
100
101/* set or clear the effective capabilities to/from permitted */
102int
103zprivs_change_caps (zebra_privs_ops_t op)
104{
105 cap_flag_value_t cflag;
106
107 if (op == ZPRIVS_RAISE)
108 cflag = CAP_SET;
109 else if (op == ZPRIVS_LOWER)
110 cflag = CAP_CLEAR;
111 else
112 return -1;
113
114 if ( !cap_set_flag (zprivs_state.caps, CAP_EFFECTIVE,
115 zprivs_state.sys_num_p, zprivs_state.syscaps_p, cflag))
116 return cap_set_proc (zprivs_state.caps);
117 return -1;
118}
119
120zebra_privs_current_t
121zprivs_state_caps (void)
122{
123 int i;
paul01245822003-05-20 01:22:17 +0000124 cap_flag_value_t val;
125
paul33b72942003-05-20 02:22:42 +0000126 for (i=0; i < zprivs_state.sys_num_p; i++)
paul01245822003-05-20 01:22:17 +0000127 {
128 if ( cap_get_flag (zprivs_state.caps, zprivs_state.syscaps_p[i],
129 CAP_EFFECTIVE, &val) )
130 zlog_warn ("zprivs_state_caps: could not cap_get_flag, %s",
131 strerror (errno) );
132 if (val == CAP_SET)
paul33b72942003-05-20 02:22:42 +0000133 return ZPRIVS_RAISED;
paul01245822003-05-20 01:22:17 +0000134 }
135 return ZPRIVS_LOWERED;
136}
137
138#endif /* HAVE_LCAPS */
139
140int
141zprivs_change_uid (zebra_privs_ops_t op)
142{
paul28efaa32003-05-20 03:49:43 +0000143
paul01245822003-05-20 01:22:17 +0000144 if (op == ZPRIVS_RAISE)
145 return seteuid (zprivs_state.zsuid);
146 else if (op == ZPRIVS_LOWER)
147 return seteuid (zprivs_state.zuid);
148 else
149 return -1;
150}
151
152zebra_privs_current_t
153zprivs_state_uid (void)
154{
155 return ( (zprivs_state.zuid == geteuid()) ? ZPRIVS_LOWERED : ZPRIVS_RAISED);
156}
157
158int
159zprivs_change_null (zebra_privs_ops_t op)
160{
161 return 0;
162}
163
164zebra_privs_current_t
165zprivs_state_null (void)
166{
167 return ZPRIVS_RAISED;
168}
169
170
171void
172zprivs_init(struct zebra_privs_t *zprivs)
173{
174 struct passwd *pwentry = NULL;
175 struct group *grentry = NULL;
176
hassoba3a0bc2003-06-04 17:41:54 +0000177 if (!zprivs)
178 {
179 zlog_err ("zprivs_init: called with NULL arg!");
180 exit (1);
181 }
182
paul01245822003-05-20 01:22:17 +0000183 /* NULL privs */
184 if (! (zprivs->user || zprivs->group
185 || zprivs->cap_num_p || zprivs->cap_num_i) )
186 {
187 zprivs->change = zprivs_change_null;
188 zprivs->current_state = zprivs_state_null;
189 return;
190 }
191
192 if (zprivs->user)
193 {
194 if ( (pwentry = getpwnam (zprivs->user)) )
hassoba3a0bc2003-06-04 17:41:54 +0000195 {
196 zprivs_state.zuid = pwentry->pw_uid;
197 }
198 else
199 {
200 zlog_err ("privs_init: could not lookup supplied user");
201 exit (1);
202 }
203 }
204
205 grentry = NULL;
206
207 if (zprivs->vty_group)
208 /* Add the vty_group to the supplementary groups so it can be chowned to */
209 {
210 if ( (grentry = getgrnam (zprivs->vty_group)) )
211 {
212 zprivs_state.vtygrp = grentry->gr_gid;
213 if ( setgroups (1, &zprivs_state.vtygrp) )
214 {
215 zlog_err ("privs_init: could not setgroups, %s",
216 strerror (errno) );
217 exit (1);
218 }
219 }
paul01245822003-05-20 01:22:17 +0000220 else
221 {
222 zlog_err ("privs_init: could not lookup supplied user");
223 exit (1);
224 }
225 }
226
227 if (zprivs->group)
228 {
hassoba3a0bc2003-06-04 17:41:54 +0000229 if ( (grentry = getgrnam (zprivs->group)) )
230 {
231 zprivs_state.zgid = grentry->gr_gid;
232 }
paul01245822003-05-20 01:22:17 +0000233 else
234 {
235 zlog_err ("privs_init: could not lookup supplied user");
236 exit (1);
237 }
paul01245822003-05-20 01:22:17 +0000238 /* change group now, forever. uid we do later */
239 if ( setregid (zprivs_state.zgid, zprivs_state.zgid) )
240 {
hassoba3a0bc2003-06-04 17:41:54 +0000241 zlog_err ("zprivs_init: could not setregid, %s",
242 strerror (errno) );
paul01245822003-05-20 01:22:17 +0000243 exit (1);
244 }
245 }
246
247#ifdef HAVE_LCAPS
248 zprivs_state.syscaps_p = zcaps2sys (zprivs->caps_p, zprivs->cap_num_p);
249 zprivs_state.sys_num_p = zprivs->cap_num_p;
250 zprivs_state.syscaps_i = zcaps2sys (zprivs->caps_i, zprivs->cap_num_i);
251 zprivs_state.sys_num_i = zprivs->cap_num_i;
252
253 /* Tell kernel we want caps maintained across uid changes */
254 if ( prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1 )
255 {
paul33b72942003-05-20 02:22:42 +0000256 zlog_err("privs_init: could not set PR_SET_KEEPCAPS, %s",
paul01245822003-05-20 01:22:17 +0000257 strerror (errno) );
258 exit(1);
259 }
260
261 if ( !zprivs_state.syscaps_p )
262 {
263 zlog_warn ("privs_init: capabilities enabled, but no capabilities supplied");
264 }
265
266 if ( !(zprivs_state.caps = cap_init()) )
267 {
paul33b72942003-05-20 02:22:42 +0000268 zlog_err ("privs_init: failed to cap_init, %s", strerror (errno) );
paul01245822003-05-20 01:22:17 +0000269 exit (1);
270 }
hassoba3a0bc2003-06-04 17:41:54 +0000271
272 /* we have caps, we have no need to ever change back the original user */
273 if (zprivs_state.zuid)
274 {
275 if ( setreuid (zprivs_state.zuid, zprivs_state.zuid) )
276 {
277 zlog_err ("zprivs_init (cap): could not setreuid, %s",
278 strerror (errno) );
279 exit (1);
280 }
281 }
paul01245822003-05-20 01:22:17 +0000282
283 if ( cap_clear (zprivs_state.caps) )
284 {
paul33b72942003-05-20 02:22:42 +0000285 zlog_err ("privs_init: failed to cap_clear, %s", strerror (errno));
paul01245822003-05-20 01:22:17 +0000286 exit (1);
287 }
288
289 /* set permitted caps */
290 cap_set_flag(zprivs_state.caps, CAP_PERMITTED,
291 zprivs_state.sys_num_p, zprivs_state.syscaps_p, CAP_SET);
292 cap_set_flag(zprivs_state.caps, CAP_EFFECTIVE,
293 zprivs_state.sys_num_p, zprivs_state.syscaps_p, CAP_SET);
294
paul01245822003-05-20 01:22:17 +0000295 /* set inheritable caps, if any */
296 if (zprivs_state.sys_num_i)
297 {
298 cap_set_flag(zprivs_state.caps, CAP_INHERITABLE,
299 zprivs_state.sys_num_i, zprivs_state.syscaps_i, CAP_SET);
300 }
301
hassoba3a0bc2003-06-04 17:41:54 +0000302 /* apply caps. CAP_EFFECTIVE is cleared. we'll raise the caps as
303 * and when, and only when, they are needed.
paul01245822003-05-20 01:22:17 +0000304 */
305 if ( cap_set_proc (zprivs_state.caps) )
306 {
307 zlog_err ("privs_init: initial cap_set_proc failed");
308 exit (1);
309 }
310
hassoba3a0bc2003-06-04 17:41:54 +0000311 /* set methods for the caller to use */
paul01245822003-05-20 01:22:17 +0000312 zprivs->change = zprivs_change_caps;
313 zprivs->current_state = zprivs_state_caps;
314
315#elif !defined(HAVE_LCAPS)
316 /* we dont have caps. we'll need to maintain rid and saved uid
317 * and change euid back to saved uid (who we presume has all neccessary
318 * privileges) whenever we are asked to raise our privileges.
319 */
320 zprivs_state.zsuid = geteuid();
321 if ( zprivs_state.zuid )
322 {
323 if ( setreuid (-1, zprivs_state.zuid) )
324 {
paul33b72942003-05-20 02:22:42 +0000325 zlog_err ("privs_init (uid): could not setreuid, %s", strerror (errno));
paul01245822003-05-20 01:22:17 +0000326 exit (1);
327 }
328 }
329
330 zprivs->change = zprivs_change_uid;
331 zprivs->current_state = zprivs_state_uid;
332#endif /* HAVE_LCAPS */
333}
334
335void
336zprivs_terminate (void)
337{
paul33b72942003-05-20 02:22:42 +0000338
paul01245822003-05-20 01:22:17 +0000339#ifdef HAVE_LCAPS
paul33b72942003-05-20 02:22:42 +0000340
341 if (zprivs_state.caps)
342 cap_clear (zprivs_state.caps);
paul01245822003-05-20 01:22:17 +0000343
344 if ( cap_set_proc (zprivs_state.caps) )
345 {
paul33b72942003-05-20 02:22:42 +0000346 zlog_err ("privs_terminate: cap_set_proc failed, %s",
paul01245822003-05-20 01:22:17 +0000347 strerror (errno) );
348 exit (1);
349 }
350
paul33b72942003-05-20 02:22:42 +0000351 if (zprivs_state.sys_num_p)
paul01245822003-05-20 01:22:17 +0000352 XFREE (MTYPE_PRIVS, zprivs_state.syscaps_p);
353
paul33b72942003-05-20 02:22:42 +0000354 if (zprivs_state.sys_num_i)
paul01245822003-05-20 01:22:17 +0000355 XFREE (MTYPE_PRIVS, zprivs_state.syscaps_i);
356
357 cap_free (zprivs_state.caps);
358#else
359 if (zprivs_state.zuid)
360 {
361 if ( setreuid (zprivs_state.zuid, zprivs_state.zuid) )
362 {
paul33b72942003-05-20 02:22:42 +0000363 zlog_err ("privs_terminate: could not setreuid, %s",
paul01245822003-05-20 01:22:17 +0000364 strerror (errno) );
365 exit (1);
366 }
367 }
368#endif /* HAVE_LCAPS */
369 return;
370}
hassoba3a0bc2003-06-04 17:41:54 +0000371
372void
373zprivs_get_ids(struct zprivs_ids_t *ids)
374{
375
376 ids->uid_priv = getuid();
377 (zprivs_state.zuid) ? (ids->uid_normal = zprivs_state.zuid)
378 : (ids->uid_normal = -1);
379 (zprivs_state.zgid) ? (ids->gid_normal = zprivs_state.zgid)
380 : (ids->gid_normal = -1);
381 (zprivs_state.vtygrp) ? (ids->gid_vty = zprivs_state.vtygrp)
382 : (ids->gid_vty = -1);
383
384 return;
385}