source: trunk/samba/source/lib/util_sec.c @ 26

Last change on this file since 26 was 26, checked in by Paul Smedley, 14 years ago

Updated source to 3.0.25rc1

File size: 11.7 KB
Line 
1/*
2   Unix SMB/CIFS implementation.
3   Copyright (C) Jeremy Allison 1998.
4   rewritten for version 2.0.6 by Tridge
5
6   This program is free software; you can redistribute it and/or modify
7   it under the terms of the GNU General Public License as published by
8   the Free Software Foundation; either version 2 of the License, or
9   (at your option) any later version.
10
11   This program is distributed in the hope that it will be useful,
12   but WITHOUT ANY WARRANTY; without even the implied warranty of
13   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14   GNU General Public License for more details.
15
16   You should have received a copy of the GNU General Public License
17   along with this program; if not, write to the Free Software
18   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
19*/
20
21#ifndef AUTOCONF_TEST
22#include "includes.h"
23#else
24/* we are running this code in autoconf test mode to see which type of setuid
25   function works */
26#if defined(HAVE_UNISTD_H)
27#include <unistd.h>
28#endif
29#include <stdlib.h>
30#include <stdio.h>
31#include <sys/types.h>
32#include <errno.h>
33
34#ifdef HAVE_SYS_PRIV_H
35#include <sys/priv.h>
36#endif
37#ifdef HAVE_SYS_ID_H
38#include <sys/id.h>
39#endif
40
41#define DEBUG(x, y) printf y
42#define smb_panic(x) exit(1)
43#define BOOL int
44#endif
45
46/* are we running as non-root? This is used by the regresison test code,
47   and potentially also for sites that want non-root smbd */
48static uid_t initial_uid;
49static gid_t initial_gid;
50
51/****************************************************************************
52remember what uid we got started as - this allows us to run correctly
53as non-root while catching trapdoor systems
54****************************************************************************/
55
56void sec_init(void)
57{
58        static int initialized;
59
60        if (!initialized) {
61                initial_uid = geteuid();
62                initial_gid = getegid();
63                initialized = 1;
64        }
65}
66
67/****************************************************************************
68some code (eg. winbindd) needs to know what uid we started as
69****************************************************************************/
70uid_t sec_initial_uid(void)
71{
72        return initial_uid;
73}
74
75/****************************************************************************
76some code (eg. winbindd, profiling shm) needs to know what gid we started as
77****************************************************************************/
78gid_t sec_initial_gid(void)
79{
80        return initial_gid;
81}
82
83/****************************************************************************
84are we running in non-root mode?
85****************************************************************************/
86BOOL non_root_mode(void)
87{
88        return (initial_uid != (uid_t)0);
89}
90
91/****************************************************************************
92abort if we haven't set the uid correctly
93****************************************************************************/
94static void assert_uid(uid_t ruid, uid_t euid)
95{
96#ifndef __OS2__
97        if ((euid != (uid_t)-1 && geteuid() != euid) ||
98            (ruid != (uid_t)-1 && getuid() != ruid)) {
99                if (!non_root_mode()) {
100                        DEBUG(0,("Failed to set uid privileges to (%d,%d) now set to (%d,%d)\n",
101                                 (int)ruid, (int)euid,
102                                 (int)getuid(), (int)geteuid()));
103                        smb_panic("failed to set uid\n");
104                        exit(1);
105                }
106        }
107#endif /* __OS2__ */
108}
109
110/****************************************************************************
111abort if we haven't set the gid correctly
112****************************************************************************/
113static void assert_gid(gid_t rgid, gid_t egid)
114{
115#ifndef __OS2__
116        if ((egid != (gid_t)-1 && getegid() != egid) ||
117            (rgid != (gid_t)-1 && getgid() != rgid)) {
118                if (!non_root_mode()) {
119                        DEBUG(0,("Failed to set gid privileges to (%d,%d) now set to (%d,%d) uid=(%d,%d)\n",
120                                 (int)rgid, (int)egid,
121                                 (int)getgid(), (int)getegid(),
122                                 (int)getuid(), (int)geteuid()));
123                        smb_panic("failed to set gid\n");
124                        exit(1);
125                }
126        }
127#endif
128}
129
130/****************************************************************************
131 Gain root privilege before doing something.
132 We want to end up with ruid==euid==0
133****************************************************************************/
134void gain_root_privilege(void)
135{       
136#if USE_SETRESUID
137        setresuid(0,0,0);
138#endif
139   
140#if USE_SETEUID
141        seteuid(0);
142#endif
143
144#if USE_SETREUID
145        setreuid(0, 0);
146#endif
147
148#if USE_SETUIDX
149        setuidx(ID_EFFECTIVE, 0);
150        setuidx(ID_REAL, 0);
151#endif
152
153        /* this is needed on some systems */
154        setuid(0);
155
156        assert_uid(0, 0);
157}
158
159
160/****************************************************************************
161 Ensure our real and effective groups are zero.
162 we want to end up with rgid==egid==0
163****************************************************************************/
164void gain_root_group_privilege(void)
165{
166#if USE_SETRESUID
167        setresgid(0,0,0);
168#endif
169
170#if USE_SETREUID
171        setregid(0,0);
172#endif
173
174#if USE_SETEUID
175        setegid(0);
176#endif
177
178#if USE_SETUIDX
179        setgidx(ID_EFFECTIVE, 0);
180        setgidx(ID_REAL, 0);
181#endif
182
183        setgid(0);
184
185        assert_gid(0, 0);
186}
187
188
189/****************************************************************************
190 Set effective uid, and possibly the real uid too.
191 We want to end up with either:
192 
193   ruid==uid and euid==uid
194
195 or
196
197   ruid==0 and euid==uid
198
199 depending on what the local OS will allow us to regain root from.
200****************************************************************************/
201void set_effective_uid(uid_t uid)
202{
203#if USE_SETRESUID
204        /* Set the effective as well as the real uid. */
205        if (setresuid(uid,uid,-1) == -1) {
206                if (errno == EAGAIN) {
207                        DEBUG(0, ("setresuid failed with EAGAIN. uid(%d) "
208                                  "might be over its NPROC limit\n",
209                                  (int)uid));
210                }
211        }
212#endif
213
214#if USE_SETREUID
215        setreuid(-1,uid);
216#endif
217
218#if USE_SETEUID
219        seteuid(uid);
220#endif
221
222#if USE_SETUIDX
223        setuidx(ID_EFFECTIVE, uid);
224#endif
225
226        assert_uid(-1, uid);
227}
228
229/****************************************************************************
230 Set *only* the effective gid.
231 we want to end up with rgid==0 and egid==gid
232****************************************************************************/
233void set_effective_gid(gid_t gid)
234{
235#if USE_SETRESUID
236        setresgid(-1,gid,-1);
237#endif
238
239#if USE_SETREUID
240        setregid(-1,gid);
241#endif
242
243#if USE_SETEUID
244        setegid(gid);
245#endif
246
247#if USE_SETUIDX
248        setgidx(ID_EFFECTIVE, gid);
249#endif
250
251        assert_gid(-1, gid);
252}
253
254static uid_t saved_euid, saved_ruid;
255static gid_t saved_egid, saved_rgid;
256
257/****************************************************************************
258 save the real and effective uid for later restoration. Used by the quotas
259 code
260****************************************************************************/
261void save_re_uid(void)
262{
263        saved_ruid = getuid();
264        saved_euid = geteuid();
265}
266
267
268/****************************************************************************
269 and restore them!
270****************************************************************************/
271
272void restore_re_uid_fromroot(void)
273{
274#if USE_SETRESUID
275        setresuid(saved_ruid, saved_euid, -1);
276#elif USE_SETREUID
277        setreuid(saved_ruid, -1);
278        setreuid(-1,saved_euid);
279#elif USE_SETUIDX
280        setuidx(ID_REAL, saved_ruid);
281        setuidx(ID_EFFECTIVE, saved_euid);
282#else
283        set_effective_uid(saved_euid);
284        if (getuid() != saved_ruid)
285                setuid(saved_ruid);
286        set_effective_uid(saved_euid);
287#endif
288
289        assert_uid(saved_ruid, saved_euid);
290}
291
292void restore_re_uid(void)
293{
294        set_effective_uid(0);
295        restore_re_uid_fromroot();
296}
297
298/****************************************************************************
299 save the real and effective gid for later restoration. Used by the
300 getgroups code
301****************************************************************************/
302void save_re_gid(void)
303{
304        saved_rgid = getgid();
305        saved_egid = getegid();
306}
307
308/****************************************************************************
309 and restore them!
310****************************************************************************/
311void restore_re_gid(void)
312{
313#if USE_SETRESUID
314        setresgid(saved_rgid, saved_egid, -1);
315#elif USE_SETREUID
316        setregid(saved_rgid, -1);
317        setregid(-1,saved_egid);
318#elif USE_SETUIDX
319        setgidx(ID_REAL, saved_rgid);
320        setgidx(ID_EFFECTIVE, saved_egid);
321#else
322        set_effective_gid(saved_egid);
323        if (getgid() != saved_rgid)
324                setgid(saved_rgid);
325        set_effective_gid(saved_egid);
326#endif
327
328        assert_gid(saved_rgid, saved_egid);
329}
330
331
332/****************************************************************************
333 set the real AND effective uid to the current effective uid in a way that
334 allows root to be regained.
335 This is only possible on some platforms.
336****************************************************************************/
337int set_re_uid(void)
338{
339        uid_t uid = geteuid();
340
341#if USE_SETRESUID
342        setresuid(geteuid(), -1, -1);
343#endif
344
345#if USE_SETREUID
346        setreuid(0, 0);
347        setreuid(uid, -1);
348        setreuid(-1, uid);
349#endif
350
351#if USE_SETEUID
352        /* can't be done */
353        return -1;
354#endif
355
356#if USE_SETUIDX
357        /* can't be done */
358        return -1;
359#endif
360
361        assert_uid(uid, uid);
362        return 0;
363}
364
365
366/****************************************************************************
367 Become the specified uid and gid - permanently !
368 there should be no way back if possible
369****************************************************************************/
370void become_user_permanently(uid_t uid, gid_t gid)
371{
372        /*
373         * First - gain root privilege. We do this to ensure
374         * we can lose it again.
375         */
376
377        gain_root_privilege();
378        gain_root_group_privilege();
379
380#if USE_SETRESUID
381        setresgid(gid,gid,gid);
382        setgid(gid);
383        setresuid(uid,uid,uid);
384        setuid(uid);
385#endif
386
387#if USE_SETREUID
388        setregid(gid,gid);
389        setgid(gid);
390        setreuid(uid,uid);
391        setuid(uid);
392#endif
393
394#if USE_SETEUID
395        setegid(gid);
396        setgid(gid);
397        setuid(uid);
398        seteuid(uid);
399        setuid(uid);
400#endif
401
402#if USE_SETUIDX
403        setgidx(ID_REAL, gid);
404        setgidx(ID_EFFECTIVE, gid);
405        setgid(gid);
406        setuidx(ID_REAL, uid);
407        setuidx(ID_EFFECTIVE, uid);
408        setuid(uid);
409#endif
410       
411        assert_uid(uid, uid);
412        assert_gid(gid, gid);
413}
414
415#ifdef AUTOCONF_TEST
416
417/****************************************************************************
418this function just checks that we don't get ENOSYS back
419****************************************************************************/
420static int have_syscall(void)
421{
422        errno = 0;
423
424#if USE_SETRESUID
425        setresuid(-1,-1,-1);
426#endif
427
428#if USE_SETREUID
429        setreuid(-1,-1);
430#endif
431
432#if USE_SETEUID
433        seteuid(-1);
434#endif
435
436#if USE_SETUIDX
437        setuidx(ID_EFFECTIVE, -1);
438#endif
439
440        if (errno == ENOSYS) return -1;
441       
442        return 0;
443}
444
445main()
446{
447        if (getuid() != 0) {
448#if (defined(AIX) && defined(USE_SETREUID))
449                /* setreuid is badly broken on AIX 4.1, we avoid it completely */
450                fprintf(stderr,"avoiding possibly broken setreuid\n");
451                exit(1);
452#endif
453
454                /* if not running as root then at least check to see if we get ENOSYS - this
455                   handles Linux 2.0.x with glibc 2.1 */
456                fprintf(stderr,"not running as root: checking for ENOSYS\n");
457                exit(have_syscall());
458        }
459
460        gain_root_privilege();
461        gain_root_group_privilege();
462        set_effective_gid(1);
463        set_effective_uid(1);
464        save_re_uid();
465        restore_re_uid();
466        gain_root_privilege();
467        gain_root_group_privilege();
468        become_user_permanently(1, 1);
469        setuid(0);
470        if (getuid() == 0) {
471                fprintf(stderr,"uid not set permanently\n");
472                exit(1);
473        }
474
475        printf("OK\n");
476
477        exit(0);
478}
479#endif
480
481/****************************************************************************
482Check if we are setuid root.  Used in libsmb and smbpasswd paranoia checks.
483****************************************************************************/
484BOOL is_setuid_root(void) 
485{
486        return (geteuid() == (uid_t)0) && (getuid() != (uid_t)0);
487}
Note: See TracBrowser for help on using the repository browser.