1 /* $NetBSD: acl.c,v 1.2 2017/01/28 21:31:44 christos Exp $ */
2
3 /*
4 * Copyright (c) 2005, PADL Software Pty Ltd.
5 * All rights reserved.
6 *
7 * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 *
20 * 3. Neither the name of PADL Software nor the names of its contributors
21 * may be used to endorse or promote products derived from this software
22 * without specific prior written permission.
23 *
24 * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * SUCH DAMAGE.
35 */
36
37 #include "kcm_locl.h"
38
39 krb5_error_code
kcm_access(krb5_context context,kcm_client * client,kcm_operation opcode,kcm_ccache ccache)40 kcm_access(krb5_context context,
41 kcm_client *client,
42 kcm_operation opcode,
43 kcm_ccache ccache)
44 {
45 int read_p = 0;
46 int write_p = 0;
47 uint16_t mask;
48 krb5_error_code ret;
49
50 KCM_ASSERT_VALID(ccache);
51
52 switch (opcode) {
53 case KCM_OP_INITIALIZE:
54 case KCM_OP_DESTROY:
55 case KCM_OP_STORE:
56 case KCM_OP_REMOVE_CRED:
57 case KCM_OP_SET_FLAGS:
58 case KCM_OP_CHOWN:
59 case KCM_OP_CHMOD:
60 case KCM_OP_GET_INITIAL_TICKET:
61 case KCM_OP_GET_TICKET:
62 case KCM_OP_MOVE_CACHE:
63 case KCM_OP_SET_DEFAULT_CACHE:
64 case KCM_OP_SET_KDC_OFFSET:
65 write_p = 1;
66 read_p = 0;
67 break;
68 case KCM_OP_NOOP:
69 case KCM_OP_GET_NAME:
70 case KCM_OP_RESOLVE:
71 case KCM_OP_GEN_NEW:
72 case KCM_OP_RETRIEVE:
73 case KCM_OP_GET_PRINCIPAL:
74 case KCM_OP_GET_CRED_UUID_LIST:
75 case KCM_OP_GET_CRED_BY_UUID:
76 case KCM_OP_GET_CACHE_UUID_LIST:
77 case KCM_OP_GET_CACHE_BY_UUID:
78 case KCM_OP_GET_DEFAULT_CACHE:
79 case KCM_OP_GET_KDC_OFFSET:
80 write_p = 0;
81 read_p = 1;
82 break;
83 default:
84 ret = KRB5_FCC_PERM;
85 goto out;
86 }
87
88 if (ccache->flags & KCM_FLAGS_OWNER_IS_SYSTEM) {
89 /* System caches cannot be reinitialized or destroyed by users */
90 if (opcode == KCM_OP_INITIALIZE ||
91 opcode == KCM_OP_DESTROY ||
92 opcode == KCM_OP_REMOVE_CRED ||
93 opcode == KCM_OP_MOVE_CACHE) {
94 ret = KRB5_FCC_PERM;
95 goto out;
96 }
97
98 /* Let root always read system caches */
99 if (CLIENT_IS_ROOT(client)) {
100 ret = 0;
101 goto out;
102 }
103 }
104
105 /* start out with "other" mask */
106 mask = S_IROTH|S_IWOTH;
107
108 /* root can do anything */
109 if (CLIENT_IS_ROOT(client)) {
110 if (read_p)
111 mask |= S_IRUSR|S_IRGRP|S_IROTH;
112 if (write_p)
113 mask |= S_IWUSR|S_IWGRP|S_IWOTH;
114 }
115 /* same session same as owner */
116 if (kcm_is_same_session(client, ccache->uid, ccache->session)) {
117 if (read_p)
118 mask |= S_IROTH;
119 if (write_p)
120 mask |= S_IWOTH;
121 }
122 /* owner */
123 if (client->uid == ccache->uid) {
124 if (read_p)
125 mask |= S_IRUSR;
126 if (write_p)
127 mask |= S_IWUSR;
128 }
129 /* group */
130 if (client->gid == ccache->gid) {
131 if (read_p)
132 mask |= S_IRGRP;
133 if (write_p)
134 mask |= S_IWGRP;
135 }
136
137 ret = (ccache->mode & mask) ? 0 : KRB5_FCC_PERM;
138
139 out:
140 if (ret) {
141 kcm_log(2, "Process %d is not permitted to call %s on cache %s",
142 client->pid, kcm_op2string(opcode), ccache->name);
143 }
144
145 return ret;
146 }
147
148 krb5_error_code
kcm_chmod(krb5_context context,kcm_client * client,kcm_ccache ccache,uint16_t mode)149 kcm_chmod(krb5_context context,
150 kcm_client *client,
151 kcm_ccache ccache,
152 uint16_t mode)
153 {
154 KCM_ASSERT_VALID(ccache);
155
156 /* System cache mode can only be set at startup */
157 if (ccache->flags & KCM_FLAGS_OWNER_IS_SYSTEM)
158 return KRB5_FCC_PERM;
159
160 if (ccache->uid != client->uid)
161 return KRB5_FCC_PERM;
162
163 if (ccache->gid != client->gid)
164 return KRB5_FCC_PERM;
165
166 HEIMDAL_MUTEX_lock(&ccache->mutex);
167
168 ccache->mode = mode;
169
170 HEIMDAL_MUTEX_unlock(&ccache->mutex);
171
172 return 0;
173 }
174
175 krb5_error_code
kcm_chown(krb5_context context,kcm_client * client,kcm_ccache ccache,uid_t uid,gid_t gid)176 kcm_chown(krb5_context context,
177 kcm_client *client,
178 kcm_ccache ccache,
179 uid_t uid,
180 gid_t gid)
181 {
182 KCM_ASSERT_VALID(ccache);
183
184 /* System cache owner can only be set at startup */
185 if (ccache->flags & KCM_FLAGS_OWNER_IS_SYSTEM)
186 return KRB5_FCC_PERM;
187
188 if (ccache->uid != client->uid)
189 return KRB5_FCC_PERM;
190
191 if (ccache->gid != client->gid)
192 return KRB5_FCC_PERM;
193
194 HEIMDAL_MUTEX_lock(&ccache->mutex);
195
196 ccache->uid = uid;
197 ccache->gid = gid;
198
199 HEIMDAL_MUTEX_unlock(&ccache->mutex);
200
201 return 0;
202 }
203
204