1 /* $NetBSD: pt_file.c,v 1.20 2019/05/23 11:13:17 kre Exp $ */
2
3 /*
4 * Copyright (c) 1992, 1993
5 * The Regents of the University of California. All rights reserved.
6 *
7 * This code is derived from software donated to Berkeley by
8 * Jan-Simon Pendry.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. Neither the name of the University nor the names of its contributors
19 * may be used to endorse or promote products derived from this software
20 * without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 *
34 * from: Id: pt_file.c,v 1.1 1992/05/25 21:43:09 jsp Exp
35 * @(#)pt_file.c 8.3 (Berkeley) 7/3/94
36 */
37
38 #include <sys/cdefs.h>
39 #ifndef lint
40 __RCSID("$NetBSD: pt_file.c,v 1.20 2019/05/23 11:13:17 kre Exp $");
41 #endif /* not lint */
42
43 #include <stdio.h>
44 #include <unistd.h>
45 #include <stdlib.h>
46 #include <string.h>
47 #include <errno.h>
48 #include <fcntl.h>
49 #include <sys/types.h>
50 #include <sys/param.h>
51 #include <sys/syslog.h>
52
53 #include "portald.h"
54
55 #ifdef DEBUG
56 #define DEBUG_SYSLOG syslog
57 #else
58 /*
59 * The "if (0) ..." will be optimized away by the compiler if
60 * DEBUG is not defined.
61 */
62 #define DEBUG_SYSLOG if (0) syslog
63 #endif
64
65 int
lose_credentials(struct portal_cred * pcr)66 lose_credentials(struct portal_cred *pcr)
67 {
68 /*
69 * If we are root, then switch into the caller's credentials.
70 * By the way, we _always_ log failures, to make
71 * sure questionable activity is noticed.
72 */
73 if (getuid() == 0) {
74 /* Set groups first ... */
75 if (setgroups(pcr->pcr_ngroups, pcr->pcr_groups) < 0) {
76 syslog(LOG_WARNING,
77 "lose_credentials: setgroups() failed (%m)");
78 return (errno);
79 }
80 /* ... then gid ... */
81 if (setgid(pcr->pcr_gid) < 0) {
82 syslog(LOG_WARNING,
83 "lose_credentials: setgid(%d) failed (%m)",
84 pcr->pcr_gid);
85 }
86 /*
87 * ... and now do the seteuid() where we temporarily give
88 * away our root privileges.
89 */
90 if (seteuid(pcr->pcr_uid) < 0) {
91 syslog(LOG_WARNING,
92 "lose_credentials: setuid(%d) failed (%m)",
93 pcr->pcr_uid);
94 }
95 /* The credential change was successful! */
96 DEBUG_SYSLOG(LOG_DEBUG, "Root-owned mount process lowered credentials -- returning successfully!\n");
97 return 0;
98 }
99 DEBUG_SYSLOG(LOG_DEBUG, "Actual/effective/caller's creds are:");
100 DEBUG_SYSLOG(LOG_DEBUG, "%d/%d %d/%d %d/%d", getuid(),
101 getgid(), geteuid(), getegid(), pcr->pcr_uid, pcr->pcr_gid);
102 /*
103 * Else, fail if the uid is neither actual or effective
104 * uid of mount process...
105 */
106 if ((getuid() != pcr->pcr_uid) && (geteuid() != pcr->pcr_uid)) {
107 syslog(LOG_WARNING,
108 "lose_credentials: uid %d != uid %d, or euid %d != uid %d",
109 getuid(), pcr->pcr_uid, geteuid(), pcr->pcr_uid);
110 return EPERM;
111 }
112 /*
113 * ... or the gid is neither the actual or effective
114 * gid of the mount process.
115 */
116 if ((getgid() != pcr->pcr_gid) && (getegid() != pcr->pcr_gid)) {
117 syslog(LOG_WARNING,
118 "lose_credentials: gid %d != gid %d, or egid %d != gid %d",
119 getgid(), pcr->pcr_gid, getegid(), pcr->pcr_gid);
120 return EPERM;
121 }
122 /*
123 * If we make it here, we have a uid _and_ gid match! Allow the
124 * access.
125 */
126 DEBUG_SYSLOG(LOG_DEBUG, "Returning successfully!\n");
127 return 0;
128 }
129
130 int
portal_file(struct portal_cred * pcr,char * key,char ** v,int * fdp)131 portal_file(struct portal_cred *pcr, char *key, char **v, int *fdp)
132 {
133 int fd;
134 char pbuf[MAXPATHLEN];
135 int error;
136 int origuid;
137
138 origuid = getuid();
139 pbuf[0] = '/';
140 strlcpy(pbuf + 1, key + (v[1] ? strlen(v[1]) : 0), sizeof(pbuf) - 1);
141 DEBUG_SYSLOG(LOG_DEBUG, "path = %s, uid = %d, gid = %d",
142 pbuf, pcr->pcr_uid, pcr->pcr_gid);
143
144 if ((error = lose_credentials(pcr)) != 0) {
145 DEBUG_SYSLOG(LOG_DEBUG, "portal_file: Credential err %d", error);
146 return error;
147 }
148 error = 0;
149 /*
150 * Be careful -- only set error to errno if there is an error.
151 * errno could hold an old, uncaught value, from a routine
152 * called long before now.
153 */
154 fd = open(pbuf, O_RDWR | O_CREAT, 0666);
155 if (fd < 0) {
156 error = errno;
157 if (error == EACCES || error == EISDIR) {
158 DEBUG_SYSLOG(LOG_DEBUG, "Error: could not open '%s' "
159 "read/write with create flag. "
160 "Trying read-only open...", pbuf);
161 /* Try opening read-only. */
162 fd = open(pbuf, O_RDONLY, 0);
163 if (fd < 0) {
164 error = errno;
165 DEBUG_SYSLOG(LOG_DEBUG, "That failed too! %m");
166 } else {
167 /* Clear the error indicator. */
168 error = 0;
169 }
170 } else {
171 DEBUG_SYSLOG(LOG_DEBUG, "Error: could not open '%s': %m", pbuf);
172 }
173
174 }
175 if (seteuid((uid_t) origuid) < 0) { /* XXX - should reset gidset
176 * too */
177 error = errno;
178 syslog(LOG_WARNING, "setcred: %m");
179 if (fd >= 0) {
180 (void) close(fd);
181 fd = -1;
182 }
183 }
184 if (error == 0)
185 *fdp = fd;
186
187 DEBUG_SYSLOG(LOG_DEBUG, "pt_file returns *fdp = %d, error = %d", *fdp,
188 error);
189 return (error);
190 }
191