1: /*
2: * Zebra privileges.
3: *
4: * Copyright (C) 2003 Paul Jakma.
5: * Copyright (C) 2005 Sun Microsystems, Inc.
6: *
7: * This file is part of GNU Zebra.
8: *
9: * GNU Zebra is free software; you can redistribute it and/or modify it
10: * under the terms of the GNU General Public License as published by the
11: * Free Software Foundation; either version 2, or (at your option) any
12: * later version.
13: *
14: * GNU Zebra is distributed in the hope that it will be useful, but
15: * WITHOUT ANY WARRANTY; without even the implied warranty of
16: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17: * General Public License for more details.
18: *
19: * You should have received a copy of the GNU General Public License
20: * along with GNU Zebra; see the file COPYING. If not, write to the Free
21: * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
22: * 02111-1307, USA.
23: */
24: #include <zebra.h>
25: #include "log.h"
26: #include "privs.h"
27: #include "memory.h"
28:
29: #ifdef HAVE_CAPABILITIES
30: /* sort out some generic internal types for:
31: *
32: * privilege values (cap_value_t, priv_t) -> pvalue_t
33: * privilege set (..., priv_set_t) -> pset_t
34: * privilege working storage (cap_t, ...) -> pstorage_t
35: *
36: * values we think of as numeric (they're ints really, but we dont know)
37: * sets are mostly opaque, to hold a set of privileges, related in some way.
38: * storage binds together a set of sets we're interested in.
39: * (in reality: cap_value_t and priv_t are ints)
40: */
41: #ifdef HAVE_LCAPS
42: /* Linux doesn't have a 'set' type: a set of related privileges */
43: struct _pset {
44: int num;
45: cap_value_t *caps;
46: };
47: typedef cap_value_t pvalue_t;
48: typedef struct _pset pset_t;
49: typedef cap_t pstorage_t;
50: �
51: #elif defined (HAVE_SOLARIS_CAPABILITIES)
52: typedef priv_t pvalue_t;
53: typedef priv_set_t pset_t;
54: typedef priv_set_t *pstorage_t;
55: #else /* neither LCAPS nor SOLARIS_CAPABILITIES */
56: #error "HAVE_CAPABILITIES defined, but neither LCAPS nor Solaris Capabilties!"
57: #endif /* HAVE_LCAPS */
58: #endif /* HAVE_CAPABILITIES */
59: �
60: /* the default NULL state we report is RAISED, but could be LOWERED if
61: * zprivs_terminate is called and the NULL handler is installed.
62: */
63: static zebra_privs_current_t zprivs_null_state = ZPRIVS_RAISED;
64:
65: /* internal privileges state */
66: static struct _zprivs_t
67: {
68: #ifdef HAVE_CAPABILITIES
69: pstorage_t caps; /* working storage */
70: pset_t *syscaps_p; /* system-type requested permitted caps */
71: pset_t *syscaps_i; /* system-type requested inheritable caps */
72: #endif /* HAVE_CAPABILITIES */
73: uid_t zuid, /* uid to run as */
74: zsuid; /* saved uid */
75: gid_t zgid; /* gid to run as */
76: gid_t vtygrp; /* gid for vty sockets */
77: } zprivs_state;
78:
79: /* externally exported but not directly accessed functions */
80: #ifdef HAVE_CAPABILITIES
81: int zprivs_change_caps (zebra_privs_ops_t);
82: zebra_privs_current_t zprivs_state_caps (void);
83: #endif /* HAVE_CAPABILITIES */
84: int zprivs_change_uid (zebra_privs_ops_t);
85: zebra_privs_current_t zprivs_state_uid (void);
86: int zprivs_change_null (zebra_privs_ops_t);
87: zebra_privs_current_t zprivs_state_null (void);
88:
89: #ifdef HAVE_CAPABILITIES
90: /* internal capability API */
91: static pset_t *zcaps2sys (zebra_capabilities_t *, int);
92: static void zprivs_caps_init (struct zebra_privs_t *);
93: static void zprivs_caps_terminate (void);
94:
95: /* Map of Quagga abstract capabilities to system capabilities */
96: static struct
97: {
98: int num;
99: pvalue_t *system_caps;
100: } cap_map [ZCAP_MAX] =
101: {
102: #ifdef HAVE_LCAPS /* Quagga -> Linux capabilities mappings */
103: [ZCAP_SETID] = { 2, (pvalue_t []) { CAP_SETGID,
104: CAP_SETUID }, },
105: [ZCAP_BIND] = { 2, (pvalue_t []) { CAP_NET_BIND_SERVICE,
106: CAP_NET_BROADCAST }, },
107: [ZCAP_NET_ADMIN] = { 1, (pvalue_t []) { CAP_NET_ADMIN }, },
108: [ZCAP_NET_RAW] = { 1, (pvalue_t []) { CAP_NET_RAW }, },
109: [ZCAP_CHROOT] = { 1, (pvalue_t []) { CAP_SYS_CHROOT, }, },
110: [ZCAP_NICE] = { 1, (pvalue_t []) { CAP_SYS_NICE }, },
111: [ZCAP_PTRACE] = { 1, (pvalue_t []) { CAP_SYS_PTRACE }, },
112: [ZCAP_DAC_OVERRIDE] = { 1, (pvalue_t []) { CAP_DAC_OVERRIDE }, },
113: [ZCAP_READ_SEARCH] = { 1, (pvalue_t []) { CAP_DAC_READ_SEARCH }, },
114: [ZCAP_SYS_ADMIN] = { 1, (pvalue_t []) { CAP_SYS_ADMIN }, },
115: [ZCAP_FOWNER] = { 1, (pvalue_t []) { CAP_FOWNER }, },
116: #elif defined(HAVE_SOLARIS_CAPABILITIES) /* HAVE_LCAPS */
117: /* Quagga -> Solaris privilege mappings */
118: [ZCAP_SETID] = { 1, (pvalue_t []) { PRIV_PROC_SETID }, },
119: [ZCAP_BIND] = { 1, (pvalue_t []) { PRIV_NET_PRIVADDR }, },
120: /* IP_CONFIG is a subset of NET_CONFIG and is allowed in zones */
121: #ifdef PRIV_SYS_IP_CONFIG
122: [ZCAP_NET_ADMIN] = { 1, (pvalue_t []) { PRIV_SYS_IP_CONFIG }, },
123: #else
124: [ZCAP_NET_ADMIN] = { 1, (pvalue_t []) { PRIV_SYS_NET_CONFIG }, },
125: #endif
126: [ZCAP_NET_RAW] = { 2, (pvalue_t []) { PRIV_NET_RAWACCESS,
127: PRIV_NET_ICMPACCESS }, },
128: [ZCAP_CHROOT] = { 1, (pvalue_t []) { PRIV_PROC_CHROOT }, },
129: [ZCAP_NICE] = { 1, (pvalue_t []) { PRIV_PROC_PRIOCNTL }, },
130: [ZCAP_PTRACE] = { 1, (pvalue_t []) { PRIV_PROC_SESSION }, },
131: [ZCAP_DAC_OVERRIDE] = { 2, (pvalue_t []) { PRIV_FILE_DAC_EXECUTE,
132: PRIV_FILE_DAC_READ,
133: PRIV_FILE_DAC_SEARCH,
134: PRIV_FILE_DAC_WRITE,
135: PRIV_FILE_DAC_SEARCH }, },
136: [ZCAP_READ_SEARCH] = { 2, (pvalue_t []) { PRIV_FILE_DAC_SEARCH,
137: PRIV_FILE_DAC_READ }, },
138: [ZCAP_SYS_ADMIN] = { 1, (pvalue_t []) { PRIV_SYS_ADMIN }, },
139: [ZCAP_FOWNER] = { 1, (pvalue_t []) { PRIV_FILE_OWNER }, },
140: #endif /* HAVE_SOLARIS_CAPABILITIES */
141: };
142: �
143: #ifdef HAVE_LCAPS
144: /* Linux forms of capabilities methods */
145: /* convert zebras privileges to system capabilities */
146: static pset_t *
147: zcaps2sys (zebra_capabilities_t *zcaps, int num)
148: {
149: pset_t *syscaps;
150: int i, j = 0, count = 0;
151:
152: if (!num)
153: return NULL;
154:
155: /* first count up how many system caps we have */
156: for (i= 0; i < num; i++)
157: count += cap_map[zcaps[i]].num;
158:
159: if ( (syscaps = XCALLOC (MTYPE_PRIVS, (sizeof(pset_t) * num))) == NULL)
160: {
161: fprintf (stderr, "%s: could not allocate syscaps!", __func__);
162: return NULL;
163: }
164:
165: syscaps->caps = XCALLOC (MTYPE_PRIVS, (sizeof (pvalue_t) * count));
166:
167: if (!syscaps->caps)
168: {
169: fprintf (stderr, "%s: could not XCALLOC caps!", __func__);
170: return NULL;
171: }
172:
173: /* copy the capabilities over */
174: count = 0;
175: for (i=0; i < num; i++)
176: for (j = 0; j < cap_map[zcaps[i]].num; j++)
177: syscaps->caps[count++] = cap_map[zcaps[i]].system_caps[j];
178:
179: /* iterations above should be exact same as previous count, obviously.. */
180: syscaps->num = count;
181:
182: return syscaps;
183: }
184:
185: /* set or clear the effective capabilities to/from permitted */
186: int
187: zprivs_change_caps (zebra_privs_ops_t op)
188: {
189: cap_flag_value_t cflag;
190:
191: /* should be no possibility of being called without valid caps */
192: assert (zprivs_state.syscaps_p && zprivs_state.caps);
193: if (! (zprivs_state.syscaps_p && zprivs_state.caps))
194: exit (1);
195:
196: if (op == ZPRIVS_RAISE)
197: cflag = CAP_SET;
198: else if (op == ZPRIVS_LOWER)
199: cflag = CAP_CLEAR;
200: else
201: return -1;
202:
203: if ( !cap_set_flag (zprivs_state.caps, CAP_EFFECTIVE,
204: zprivs_state.syscaps_p->num,
205: zprivs_state.syscaps_p->caps,
206: cflag))
207: return cap_set_proc (zprivs_state.caps);
208: return -1;
209: }
210:
211: zebra_privs_current_t
212: zprivs_state_caps (void)
213: {
214: int i;
215: cap_flag_value_t val;
216:
217: /* should be no possibility of being called without valid caps */
218: assert (zprivs_state.syscaps_p && zprivs_state.caps);
219: if (! (zprivs_state.syscaps_p && zprivs_state.caps))
220: exit (1);
221:
222: for (i=0; i < zprivs_state.syscaps_p->num; i++)
223: {
224: if ( cap_get_flag (zprivs_state.caps, zprivs_state.syscaps_p->caps[i],
225: CAP_EFFECTIVE, &val) )
226: {
227: zlog_warn ("zprivs_state_caps: could not cap_get_flag, %s",
228: safe_strerror (errno) );
229: return ZPRIVS_UNKNOWN;
230: }
231: if (val == CAP_SET)
232: return ZPRIVS_RAISED;
233: }
234: return ZPRIVS_LOWERED;
235: }
236:
237: static void
238: zprivs_caps_init (struct zebra_privs_t *zprivs)
239: {
240: zprivs_state.syscaps_p = zcaps2sys (zprivs->caps_p, zprivs->cap_num_p);
241: zprivs_state.syscaps_i = zcaps2sys (zprivs->caps_i, zprivs->cap_num_i);
242:
243: /* Tell kernel we want caps maintained across uid changes */
244: if ( prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1 )
245: {
246: fprintf (stderr, "privs_init: could not set PR_SET_KEEPCAPS, %s\n",
247: safe_strerror (errno) );
248: exit(1);
249: }
250:
251: if ( !zprivs_state.syscaps_p )
252: {
253: fprintf (stderr, "privs_init: capabilities enabled, "
254: "but no capabilities supplied\n");
255: }
256:
257: /* we have caps, we have no need to ever change back the original user */
258: if (zprivs_state.zuid)
259: {
260: if ( setreuid (zprivs_state.zuid, zprivs_state.zuid) )
261: {
262: fprintf (stderr, "zprivs_init (cap): could not setreuid, %s\n",
263: safe_strerror (errno));
264: exit (1);
265: }
266: }
267:
268: if ( !(zprivs_state.caps = cap_init()) )
269: {
270: fprintf (stderr, "privs_init: failed to cap_init, %s\n",
271: safe_strerror (errno));
272: exit (1);
273: }
274:
275: if ( cap_clear (zprivs_state.caps) )
276: {
277: fprintf (stderr, "privs_init: failed to cap_clear, %s\n",
278: safe_strerror (errno));
279: exit (1);
280: }
281:
282: /* set permitted caps */
283: cap_set_flag(zprivs_state.caps, CAP_PERMITTED,
284: zprivs_state.syscaps_p->num,
285: zprivs_state.syscaps_p->caps,
286: CAP_SET);
287:
288: /* set inheritable caps, if any */
289: if (zprivs_state.syscaps_i && zprivs_state.syscaps_i->num)
290: {
291: cap_set_flag(zprivs_state.caps, CAP_INHERITABLE,
292: zprivs_state.syscaps_i->num,
293: zprivs_state.syscaps_i->caps,
294: CAP_SET);
295: }
296:
297: /* apply caps. CAP_EFFECTIVE is cleared. we'll raise the caps as
298: * and when, and only when, they are needed.
299: */
300: if ( cap_set_proc (zprivs_state.caps) )
301: {
302: fprintf (stderr, "privs_init: initial cap_set_proc failed\n");
303: exit (1);
304: }
305:
306: /* set methods for the caller to use */
307: zprivs->change = zprivs_change_caps;
308: zprivs->current_state = zprivs_state_caps;
309: }
310:
311: static void
312: zprivs_caps_terminate (void)
313: {
314: /* clear all capabilities */
315: if (zprivs_state.caps)
316: cap_clear (zprivs_state.caps);
317:
318: /* and boom, capabilities are gone forever */
319: if ( cap_set_proc (zprivs_state.caps) )
320: {
321: fprintf (stderr, "privs_terminate: cap_set_proc failed, %s",
322: safe_strerror (errno) );
323: exit (1);
324: }
325:
326: /* free up private state */
327: if (zprivs_state.syscaps_p->num)
328: {
329: XFREE (MTYPE_PRIVS, zprivs_state.syscaps_p->caps);
330: XFREE (MTYPE_PRIVS, zprivs_state.syscaps_p);
331: }
332:
333: if (zprivs_state.syscaps_i && zprivs_state.syscaps_i->num)
334: {
335: XFREE (MTYPE_PRIVS, zprivs_state.syscaps_i->caps);
336: XFREE (MTYPE_PRIVS, zprivs_state.syscaps_i);
337: }
338:
339: cap_free (zprivs_state.caps);
340: }
341: #elif defined (HAVE_SOLARIS_CAPABILITIES) /* !HAVE_LCAPS */
342: �
343: /* Solaris specific capability/privilege methods
344: *
345: * Resources:
346: * - the 'privileges' man page
347: * - http://cvs.opensolaris.org
348: * - http://blogs.sun.com/roller/page/gbrunett?entry=privilege_enabling_set_id_programs1
349: */
350:
351: /* convert zebras privileges to system capabilities */
352: static pset_t *
353: zcaps2sys (zebra_capabilities_t *zcaps, int num)
354: {
355: pset_t *syscaps;
356: int i, j = 0;
357:
358: if ((syscaps = priv_allocset()) == NULL)
359: {
360: fprintf (stderr, "%s: could not allocate syscaps!\n", __func__);
361: exit (1);
362: }
363:
364: priv_emptyset (syscaps);
365:
366: for (i=0; i < num; i++)
367: for (j = 0; j < cap_map[zcaps[i]].num; j++)
368: priv_addset (syscaps, cap_map[zcaps[i]].system_caps[j]);
369:
370: return syscaps;
371: }
372:
373: /* callback exported to users to RAISE and LOWER effective privileges
374: * from nothing to the given permitted set and back down
375: */
376: int
377: zprivs_change_caps (zebra_privs_ops_t op)
378: {
379:
380: /* should be no possibility of being called without valid caps */
381: assert (zprivs_state.syscaps_p);
382: if (!zprivs_state.syscaps_p)
383: {
384: fprintf (stderr, "%s: Eek, missing caps!", __func__);
385: exit (1);
386: }
387:
388: /* to raise: copy original permitted into our working effective set
389: * to lower: just clear the working effective set
390: */
391: if (op == ZPRIVS_RAISE)
392: priv_copyset (zprivs_state.syscaps_p, zprivs_state.caps);
393: else if (op == ZPRIVS_LOWER)
394: priv_emptyset (zprivs_state.caps);
395: else
396: return -1;
397:
398: if (setppriv (PRIV_SET, PRIV_EFFECTIVE, zprivs_state.caps) != 0)
399: return -1;
400:
401: return 0;
402: }
403:
404: /* Retrieve current privilege state, is it RAISED or LOWERED? */
405: zebra_privs_current_t
406: zprivs_state_caps (void)
407: {
408: zebra_privs_current_t result;
409: pset_t *effective;
410:
411: if ( (effective = priv_allocset()) == NULL)
412: {
413: fprintf (stderr, "%s: failed to get priv_allocset! %s\n", __func__,
414: safe_strerror (errno));
415: return ZPRIVS_UNKNOWN;
416: }
417:
418: if (getppriv (PRIV_EFFECTIVE, effective))
419: {
420: fprintf (stderr, "%s: failed to get state! %s\n", __func__,
421: safe_strerror (errno));
422: result = ZPRIVS_UNKNOWN;
423: }
424: else
425: {
426: if (priv_isemptyset (effective) == B_TRUE)
427: result = ZPRIVS_LOWERED;
428: else
429: result = ZPRIVS_RAISED;
430: }
431:
432: if (effective)
433: priv_freeset (effective);
434:
435: return result;
436: }
437:
438: static void
439: zprivs_caps_init (struct zebra_privs_t *zprivs)
440: {
441: pset_t *basic;
442: pset_t *empty;
443:
444: /* the specified sets */
445: zprivs_state.syscaps_p = zcaps2sys (zprivs->caps_p, zprivs->cap_num_p);
446: zprivs_state.syscaps_i = zcaps2sys (zprivs->caps_i, zprivs->cap_num_i);
447:
448: /* nonsensical to have gotten here but not have capabilities */
449: if (!zprivs_state.syscaps_p)
450: {
451: fprintf (stderr, "%s: capabilities enabled, "
452: "but no valid capabilities supplied\n",
453: __func__);
454: }
455:
456: /* We retain the basic set in our permitted set, as Linux has no
457: * equivalent. The basic set on Linux hence is implicit, always
458: * there.
459: */
460: if ((basic = priv_str_to_set("basic", ",", NULL)) == NULL)
461: {
462: fprintf (stderr, "%s: couldn't get basic set!\n", __func__);
463: exit (1);
464: }
465:
466: /* Add the basic set to the permitted set */
467: priv_union (basic, zprivs_state.syscaps_p);
468: priv_freeset (basic);
469:
470: /* we need an empty set for 'effective', potentially for inheritable too */
471: if ( (empty = priv_allocset()) == NULL)
472: {
473: fprintf (stderr, "%s: couldn't get empty set!\n", __func__);
474: exit (1);
475: }
476: priv_emptyset (empty);
477:
478: /* Hey kernel, we know about privileges!
479: * this isn't strictly required, use of setppriv should have same effect
480: */
481: if (setpflags (PRIV_AWARE, 1))
482: {
483: fprintf (stderr, "%s: error setting PRIV_AWARE!, %s\n", __func__,
484: safe_strerror (errno) );
485: exit (1);
486: }
487:
488: /* need either valid or empty sets for both p and i.. */
489: assert (zprivs_state.syscaps_i && zprivs_state.syscaps_p);
490:
491: /* we have caps, we have no need to ever change back the original user
492: * change real, effective and saved to the specified user.
493: */
494: if (zprivs_state.zuid)
495: {
496: if ( setreuid (zprivs_state.zuid, zprivs_state.zuid) )
497: {
498: fprintf (stderr, "%s: could not setreuid, %s\n",
499: __func__, safe_strerror (errno));
500: exit (1);
501: }
502: }
503:
504: /* set the permitted set */
505: if (setppriv (PRIV_SET, PRIV_PERMITTED, zprivs_state.syscaps_p))
506: {
507: fprintf (stderr, "%s: error setting permitted set!, %s\n", __func__,
508: safe_strerror (errno) );
509: exit (1);
510: }
511:
512: /* set the inheritable set */
513: if (setppriv (PRIV_SET, PRIV_INHERITABLE, zprivs_state.syscaps_i))
514: {
515: fprintf (stderr, "%s: error setting inheritable set!, %s\n", __func__,
516: safe_strerror (errno) );
517: exit (1);
518: }
519:
520: /* now clear the effective set and we're ready to go */
521: if (setppriv (PRIV_SET, PRIV_EFFECTIVE, empty))
522: {
523: fprintf (stderr, "%s: error setting effective set!, %s\n", __func__,
524: safe_strerror (errno) );
525: exit (1);
526: }
527:
528: /* we'll use this as our working-storage privset */
529: zprivs_state.caps = empty;
530:
531: /* set methods for the caller to use */
532: zprivs->change = zprivs_change_caps;
533: zprivs->current_state = zprivs_state_caps;
534: }
535:
536: static void
537: zprivs_caps_terminate (void)
538: {
539: assert (zprivs_state.caps);
540:
541: /* clear all capabilities */
542: priv_emptyset (zprivs_state.caps);
543: setppriv (PRIV_SET, PRIV_EFFECTIVE, zprivs_state.caps);
544: setppriv (PRIV_SET, PRIV_PERMITTED, zprivs_state.caps);
545: setppriv (PRIV_SET, PRIV_INHERITABLE, zprivs_state.caps);
546:
547: /* free up private state */
548: if (zprivs_state.syscaps_p)
549: priv_freeset (zprivs_state.syscaps_p);
550: if (zprivs_state.syscaps_i)
551: priv_freeset (zprivs_state.syscaps_i);
552:
553: priv_freeset (zprivs_state.caps);
554: }
555: #else /* !HAVE_LCAPS && ! HAVE_SOLARIS_CAPABILITIES */
556: #error "Neither Solaris nor Linux capabilities, dazed and confused..."
557: #endif /* HAVE_LCAPS */
558: #endif /* HAVE_CAPABILITIES */
559: �
560: int
561: zprivs_change_uid (zebra_privs_ops_t op)
562: {
563:
564: if (op == ZPRIVS_RAISE)
565: return seteuid (zprivs_state.zsuid);
566: else if (op == ZPRIVS_LOWER)
567: return seteuid (zprivs_state.zuid);
568: else
569: return -1;
570: }
571:
572: zebra_privs_current_t
573: zprivs_state_uid (void)
574: {
575: return ( (zprivs_state.zuid == geteuid()) ? ZPRIVS_LOWERED : ZPRIVS_RAISED);
576: }
577:
578: int
579: zprivs_change_null (zebra_privs_ops_t op)
580: {
581: return 0;
582: }
583:
584: zebra_privs_current_t
585: zprivs_state_null (void)
586: {
587: return zprivs_null_state;
588: }
589:
590: void
591: zprivs_init(struct zebra_privs_t *zprivs)
592: {
593: struct passwd *pwentry = NULL;
594: struct group *grentry = NULL;
595:
596: if (!zprivs)
597: {
598: fprintf (stderr, "zprivs_init: called with NULL arg!\n");
599: exit (1);
600: }
601:
602: /* NULL privs */
603: if (! (zprivs->user || zprivs->group
604: || zprivs->cap_num_p || zprivs->cap_num_i) )
605: {
606: zprivs->change = zprivs_change_null;
607: zprivs->current_state = zprivs_state_null;
608: return;
609: }
610:
611: if (zprivs->user)
612: {
613: if ( (pwentry = getpwnam (zprivs->user)) )
614: {
615: zprivs_state.zuid = pwentry->pw_uid;
616: }
617: else
618: {
619: /* cant use log.h here as it depends on vty */
620: fprintf (stderr, "privs_init: could not lookup user %s\n",
621: zprivs->user);
622: exit (1);
623: }
624: }
625:
626: grentry = NULL;
627:
628: if (zprivs->vty_group)
629: /* Add the vty_group to the supplementary groups so it can be chowned to */
630: {
631: if ( (grentry = getgrnam (zprivs->vty_group)) )
632: {
633: zprivs_state.vtygrp = grentry->gr_gid;
634: if ( setgroups (1, &zprivs_state.vtygrp) )
635: {
636: fprintf (stderr, "privs_init: could not setgroups, %s\n",
637: safe_strerror (errno) );
638: exit (1);
639: }
640: }
641: else
642: {
643: fprintf (stderr, "privs_init: could not lookup vty group %s\n",
644: zprivs->vty_group);
645: exit (1);
646: }
647: }
648:
649: if (zprivs->group)
650: {
651: if ( (grentry = getgrnam (zprivs->group)) )
652: {
653: zprivs_state.zgid = grentry->gr_gid;
654: }
655: else
656: {
657: fprintf (stderr, "privs_init: could not lookup group %s\n",
658: zprivs->group);
659: exit (1);
660: }
661: /* change group now, forever. uid we do later */
662: if ( setregid (zprivs_state.zgid, zprivs_state.zgid) )
663: {
664: fprintf (stderr, "zprivs_init: could not setregid, %s\n",
665: safe_strerror (errno) );
666: exit (1);
667: }
668: }
669:
670: #ifdef HAVE_CAPABILITIES
671: zprivs_caps_init (zprivs);
672: #else /* !HAVE_CAPABILITIES */
673: /* we dont have caps. we'll need to maintain rid and saved uid
674: * and change euid back to saved uid (who we presume has all neccessary
675: * privileges) whenever we are asked to raise our privileges.
676: *
677: * This is not worth that much security wise, but all we can do.
678: */
679: zprivs_state.zsuid = geteuid();
680: if ( zprivs_state.zuid )
681: {
682: if ( setreuid (-1, zprivs_state.zuid) )
683: {
684: fprintf (stderr, "privs_init (uid): could not setreuid, %s\n",
685: safe_strerror (errno));
686: exit (1);
687: }
688: }
689:
690: zprivs->change = zprivs_change_uid;
691: zprivs->current_state = zprivs_state_uid;
692: #endif /* HAVE_CAPABILITIES */
693: }
694:
695: void
696: zprivs_terminate (struct zebra_privs_t *zprivs)
697: {
698: if (!zprivs)
699: {
700: fprintf (stderr, "%s: no privs struct given, terminating", __func__);
701: exit (0);
702: }
703:
704: #ifdef HAVE_CAPABILITIES
705: zprivs_caps_terminate();
706: #else /* !HAVE_CAPABILITIES */
707: if (zprivs_state.zuid)
708: {
709: if ( setreuid (zprivs_state.zuid, zprivs_state.zuid) )
710: {
711: fprintf (stderr, "privs_terminate: could not setreuid, %s",
712: safe_strerror (errno) );
713: exit (1);
714: }
715: }
716: #endif /* HAVE_LCAPS */
717:
718: zprivs->change = zprivs_change_null;
719: zprivs->current_state = zprivs_state_null;
720: zprivs_null_state = ZPRIVS_LOWERED;
721: return;
722: }
723:
724: void
725: zprivs_get_ids(struct zprivs_ids_t *ids)
726: {
727:
728: ids->uid_priv = getuid();
729: (zprivs_state.zuid) ? (ids->uid_normal = zprivs_state.zuid)
730: : (ids->uid_normal = -1);
731: (zprivs_state.zgid) ? (ids->gid_normal = zprivs_state.zgid)
732: : (ids->gid_normal = -1);
733: (zprivs_state.vtygrp) ? (ids->gid_vty = zprivs_state.vtygrp)
734: : (ids->gid_vty = -1);
735:
736: return;
737: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to privs.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / quagga / lib