search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[bgpd] struct peer must have bgp field valid (redistribute crash)
[jleu-quagga.git] / lib / privs.c
blobf4117e2634100b77ade4590f2417b2e0e24c06f2
1 /*
2 * Zebra privileges.
3 *
4 * Copyright (C) 2003 Paul Jakma.
5 * Copyright (C) 2005 Sun Microsystems, Inc.
6 *
7 * This file is part of GNU Zebra.
8 *
9 * GNU Zebra is free software; you can redistribute it and/or modify it
10 * under the terms of the GNU General Public License as published by the
11 * Free Software Foundation; either version 2, or (at your option) any
12 * later version.
13 *
14 * GNU Zebra is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with GNU Zebra; see the file COPYING. If not, write to the Free
21 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
22 * 02111-1307, USA.
23 */
24 #include <zebra.h>
25 #include "log.h"
26 #include "privs.h"
27 #include "memory.h"
28
29 #ifdef HAVE_CAPABILITIES
30 /* sort out some generic internal types for:
31 *
32 * privilege values (cap_value_t, priv_t) -> pvalue_t
33 * privilege set (..., priv_set_t) -> pset_t
34 * privilege working storage (cap_t, ...) -> pstorage_t
35 *
36 * values we think of as numeric (they're ints really, but we dont know)
37 * sets are mostly opaque, to hold a set of privileges, related in some way.
38 * storage binds together a set of sets we're interested in.
39 * (in reality: cap_value_t and priv_t are ints)
40 */
41 #ifdef HAVE_LCAPS
42 /* Linux doesn't have a 'set' type: a set of related privileges */
43 struct _pset {
44 int num;
45 cap_value_t *caps;
46 };
47 typedef cap_value_t pvalue_t;
48 typedef struct _pset pset_t;
49 typedef cap_t pstorage_t;
50 \f
51 #elif defined (HAVE_SOLARIS_CAPABILITIES)
52 typedef priv_t pvalue_t;
53 typedef priv_set_t pset_t;
54 typedef priv_set_t *pstorage_t;
55 #else /* neither LCAPS nor SOLARIS_CAPABILITIES */
56 #error "HAVE_CAPABILITIES defined, but neither LCAPS nor Solaris Capabilties!"
57 #endif /* HAVE_LCAPS */
58 #endif /* HAVE_CAPABILITIES */
59 \f
60 /* the default NULL state we report is RAISED, but could be LOWERED if
61 * zprivs_terminate is called and the NULL handler is installed.
62 */
63 static zebra_privs_current_t zprivs_null_state = ZPRIVS_RAISED;
64
65 /* internal privileges state */
66 static struct _zprivs_t
67 {
68 #ifdef HAVE_CAPABILITIES
69 pstorage_t caps; /* working storage */
70 pset_t *syscaps_p; /* system-type requested permitted caps */
71 pset_t *syscaps_i; /* system-type requested inheritable caps */
72 #endif /* HAVE_CAPABILITIES */
73 uid_t zuid, /* uid to run as */
74 zsuid; /* saved uid */
75 gid_t zgid; /* gid to run as */
76 gid_t vtygrp; /* gid for vty sockets */
77 } zprivs_state;
78
79 /* externally exported but not directly accessed functions */
80 #ifdef HAVE_CAPABILITIES
81 int zprivs_change_caps (zebra_privs_ops_t);
82 zebra_privs_current_t zprivs_state_caps (void);
83 #endif /* HAVE_CAPABILITIES */
84 int zprivs_change_uid (zebra_privs_ops_t);
85 zebra_privs_current_t zprivs_state_uid (void);
86 int zprivs_change_null (zebra_privs_ops_t);
87 zebra_privs_current_t zprivs_state_null (void);
88
89 #ifdef HAVE_CAPABILITIES
90 /* internal capability API */
91 static pset_t *zcaps2sys (zebra_capabilities_t *, int);
92 static void zprivs_caps_init (struct zebra_privs_t *);
93 static void zprivs_caps_terminate (void);
94
95 /* Map of Quagga abstract capabilities to system capabilities */
96 static struct
97 {
98 int num;
99 pvalue_t *system_caps;
100 } cap_map [ZCAP_MAX] =
101 {
102 #ifdef HAVE_LCAPS /* Quagga -> Linux capabilities mappings */
103 [ZCAP_SETID] = { 2, (pvalue_t []) { CAP_SETGID,
104 CAP_SETUID }, },
105 [ZCAP_BIND] = { 2, (pvalue_t []) { CAP_NET_BIND_SERVICE,
106 CAP_NET_BROADCAST }, },
107 [ZCAP_NET_ADMIN] = { 1, (pvalue_t []) { CAP_NET_ADMIN }, },
108 [ZCAP_NET_RAW] = { 1, (pvalue_t []) { CAP_NET_RAW }, },
109 [ZCAP_CHROOT] = { 1, (pvalue_t []) { CAP_SYS_CHROOT, }, },
110 [ZCAP_NICE] = { 1, (pvalue_t []) { CAP_SYS_NICE }, },
111 [ZCAP_PTRACE] = { 1, (pvalue_t []) { CAP_SYS_PTRACE }, },
112 [ZCAP_DAC_OVERRIDE] = { 1, (pvalue_t []) { CAP_DAC_OVERRIDE }, },
113 [ZCAP_READ_SEARCH] = { 1, (pvalue_t []) { CAP_DAC_READ_SEARCH }, },
114 [ZCAP_SYS_ADMIN] = { 1, (pvalue_t []) { CAP_SYS_ADMIN }, },
115 [ZCAP_FOWNER] = { 1, (pvalue_t []) { CAP_FOWNER }, },
116 #elif defined(HAVE_SOLARIS_CAPABILITIES) /* HAVE_LCAPS */
117 /* Quagga -> Solaris privilege mappings */
118 [ZCAP_SETID] = { 1, (pvalue_t []) { PRIV_PROC_SETID }, },
119 [ZCAP_BIND] = { 1, (pvalue_t []) { PRIV_NET_PRIVADDR }, },
120 [ZCAP_NET_ADMIN] = { 1, (pvalue_t []) { PRIV_SYS_NET_CONFIG }, },
121 [ZCAP_NET_RAW] = { 2, (pvalue_t []) { PRIV_NET_RAWACCESS,
122 PRIV_NET_ICMPACCESS }, },
123 [ZCAP_CHROOT] = { 1, (pvalue_t []) { PRIV_PROC_CHROOT }, },
124 [ZCAP_NICE] = { 1, (pvalue_t []) { PRIV_PROC_PRIOCNTL }, },
125 [ZCAP_PTRACE] = { 1, (pvalue_t []) { PRIV_PROC_SESSION }, },
126 [ZCAP_DAC_OVERRIDE] = { 2, (pvalue_t []) { PRIV_FILE_DAC_EXECUTE,
127 PRIV_FILE_DAC_READ,
128 PRIV_FILE_DAC_SEARCH,
129 PRIV_FILE_DAC_WRITE,
130 PRIV_FILE_DAC_SEARCH }, },
131 [ZCAP_READ_SEARCH] = { 2, (pvalue_t []) { PRIV_FILE_DAC_SEARCH,
132 PRIV_FILE_DAC_READ }, },
133 [ZCAP_SYS_ADMIN] = { 1, (pvalue_t []) { PRIV_SYS_ADMIN }, },
134 [ZCAP_FOWNER] = { 1, (pvalue_t []) { PRIV_FILE_OWNER }, },
135 #endif /* HAVE_SOLARIS_CAPABILITIES */
136 };
137 \f
138 #ifdef HAVE_LCAPS
139 /* Linux forms of capabilities methods */
140 /* convert zebras privileges to system capabilities */
141 static pset_t *
142 zcaps2sys (zebra_capabilities_t *zcaps, int num)
143 {
144 pset_t *syscaps;
145 int i, j = 0, count = 0;
146
147 if (!num)
148 return NULL;
149
150 /* first count up how many system caps we have */
151 for (i= 0; i < num; i++)
152 count += cap_map[zcaps[i]].num;
153
154 if ( (syscaps = XCALLOC (MTYPE_PRIVS, (sizeof(pset_t) * num))) == NULL)
155 {
156 fprintf (stderr, "%s: could not allocate syscaps!", __func__);
157 return NULL;
158 }
159
160 syscaps->caps = XCALLOC (MTYPE_PRIVS, (sizeof (pvalue_t) * count));
161
162 if (!syscaps->caps)
163 {
164 fprintf (stderr, "%s: could not XCALLOC caps!", __func__);
165 return NULL;
166 }
167
168 /* copy the capabilities over */
169 count = 0;
170 for (i=0; i < num; i++)
171 for (j = 0; j < cap_map[zcaps[i]].num; j++)
172 syscaps->caps[count++] = cap_map[zcaps[i]].system_caps[j];
173
174 /* iterations above should be exact same as previous count, obviously.. */
175 syscaps->num = count;
176
177 return syscaps;
178 }
179
180 /* set or clear the effective capabilities to/from permitted */
181 int
182 zprivs_change_caps (zebra_privs_ops_t op)
183 {
184 cap_flag_value_t cflag;
185
186 /* should be no possibility of being called without valid caps */
187 assert (zprivs_state.syscaps_p && zprivs_state.caps);
188 if (! (zprivs_state.syscaps_p && zprivs_state.caps))
189 exit (1);
190
191 if (op == ZPRIVS_RAISE)
192 cflag = CAP_SET;
193 else if (op == ZPRIVS_LOWER)
194 cflag = CAP_CLEAR;
195 else
196 return -1;
197
198 if ( !cap_set_flag (zprivs_state.caps, CAP_EFFECTIVE,
199 zprivs_state.syscaps_p->num,
200 zprivs_state.syscaps_p->caps,
201 cflag))
202 return cap_set_proc (zprivs_state.caps);
203 return -1;
204 }
205
206 zebra_privs_current_t
207 zprivs_state_caps (void)
208 {
209 int i;
210 cap_flag_value_t val;
211
212 /* should be no possibility of being called without valid caps */
213 assert (zprivs_state.syscaps_p && zprivs_state.caps);
214 if (! (zprivs_state.syscaps_p && zprivs_state.caps))
215 exit (1);
216
217 for (i=0; i < zprivs_state.syscaps_p->num; i++)
218 {
219 if ( cap_get_flag (zprivs_state.caps, zprivs_state.syscaps_p->caps[i],
220 CAP_EFFECTIVE, &val) )
221 {
222 zlog_warn ("zprivs_state_caps: could not cap_get_flag, %s",
223 safe_strerror (errno) );
224 return ZPRIVS_UNKNOWN;
225 }
226 if (val == CAP_SET)
227 return ZPRIVS_RAISED;
228 }
229 return ZPRIVS_LOWERED;
230 }
231
232 static void
233 zprivs_caps_init (struct zebra_privs_t *zprivs)
234 {
235 zprivs_state.syscaps_p = zcaps2sys (zprivs->caps_p, zprivs->cap_num_p);
236 zprivs_state.syscaps_i = zcaps2sys (zprivs->caps_i, zprivs->cap_num_i);
237
238 /* Tell kernel we want caps maintained across uid changes */
239 if ( prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1 )
240 {
241 fprintf (stderr, "privs_init: could not set PR_SET_KEEPCAPS, %s\n",
242 safe_strerror (errno) );
243 exit(1);
244 }
245
246 if ( !zprivs_state.syscaps_p )
247 {
248 fprintf (stderr, "privs_init: capabilities enabled, "
249 "but no capabilities supplied\n");
250 }
251
252 /* we have caps, we have no need to ever change back the original user */
253 if (zprivs_state.zuid)
254 {
255 if ( setreuid (zprivs_state.zuid, zprivs_state.zuid) )
256 {
257 fprintf (stderr, "zprivs_init (cap): could not setreuid, %s\n",
258 safe_strerror (errno));
259 exit (1);
260 }
261 }
262
263 if ( !(zprivs_state.caps = cap_init()) )
264 {
265 fprintf (stderr, "privs_init: failed to cap_init, %s\n",
266 safe_strerror (errno));
267 exit (1);
268 }
269
270 if ( cap_clear (zprivs_state.caps) )
271 {
272 fprintf (stderr, "privs_init: failed to cap_clear, %s\n",
273 safe_strerror (errno));
274 exit (1);
275 }
276
277 /* set permitted caps */
278 cap_set_flag(zprivs_state.caps, CAP_PERMITTED,
279 zprivs_state.syscaps_p->num,
280 zprivs_state.syscaps_p->caps,
281 CAP_SET);
282
283 /* set inheritable caps, if any */
284 if (zprivs_state.syscaps_i && zprivs_state.syscaps_i->num)
285 {
286 cap_set_flag(zprivs_state.caps, CAP_INHERITABLE,
287 zprivs_state.syscaps_i->num,
288 zprivs_state.syscaps_i->caps,
289 CAP_SET);
290 }
291
292 /* apply caps. CAP_EFFECTIVE is cleared. we'll raise the caps as
293 * and when, and only when, they are needed.
294 */
295 if ( cap_set_proc (zprivs_state.caps) )
296 {
297 fprintf (stderr, "privs_init: initial cap_set_proc failed\n");
298 exit (1);
299 }
300
301 /* set methods for the caller to use */
302 zprivs->change = zprivs_change_caps;
303 zprivs->current_state = zprivs_state_caps;
304 }
305
306 static void
307 zprivs_caps_terminate (void)
308 {
309 /* clear all capabilities */
310 if (zprivs_state.caps)
311 cap_clear (zprivs_state.caps);
312
313 /* and boom, capabilities are gone forever */
314 if ( cap_set_proc (zprivs_state.caps) )
315 {
316 fprintf (stderr, "privs_terminate: cap_set_proc failed, %s",
317 safe_strerror (errno) );
318 exit (1);
319 }
320
321 /* free up private state */
322 if (zprivs_state.syscaps_p->num)
323 {
324 XFREE (MTYPE_PRIVS, zprivs_state.syscaps_p->caps);
325 XFREE (MTYPE_PRIVS, zprivs_state.syscaps_p);
326 }
327
328 if (zprivs_state.syscaps_i && zprivs_state.syscaps_i->num)
329 {
330 XFREE (MTYPE_PRIVS, zprivs_state.syscaps_i->caps);
331 XFREE (MTYPE_PRIVS, zprivs_state.syscaps_i);
332 }
333
334 cap_free (zprivs_state.caps);
335 }
336 #elif defined (HAVE_SOLARIS_CAPABILITIES) /* !HAVE_LCAPS */
337 \f
338 /* Solaris specific capability/privilege methods
339 *
340 * Resources:
341 * - the 'privileges' man page
342 * - http://cvs.opensolaris.org
343 * - http://blogs.sun.com/roller/page/gbrunett?entry=privilege_enabling_set_id_programs1
344 */
345
346 /* convert zebras privileges to system capabilities */
347 static pset_t *
348 zcaps2sys (zebra_capabilities_t *zcaps, int num)
349 {
350 pset_t *syscaps;
351 int i, j = 0;
352
353 if ((syscaps = priv_allocset()) == NULL)
354 {
355 fprintf (stderr, "%s: could not allocate syscaps!\n", __func__);
356 exit (1);
357 }
358
359 priv_emptyset (syscaps);
360
361 for (i=0; i < num; i++)
362 for (j = 0; j < cap_map[zcaps[i]].num; j++)
363 priv_addset (syscaps, cap_map[zcaps[i]].system_caps[j]);
364
365 return syscaps;
366 }
367
368 /* callback exported to users to RAISE and LOWER effective privileges
369 * from nothing to the given permitted set and back down
370 */
371 int
372 zprivs_change_caps (zebra_privs_ops_t op)
373 {
374
375 /* should be no possibility of being called without valid caps */
376 assert (zprivs_state.syscaps_p);
377 if (!zprivs_state.syscaps_p)
378 {
379 fprintf (stderr, "%s: Eek, missing caps!", __func__);
380 exit (1);
381 }
382
383 /* to raise: copy original permitted into our working effective set
384 * to lower: just clear the working effective set
385 */
386 if (op == ZPRIVS_RAISE)
387 priv_copyset (zprivs_state.syscaps_p, zprivs_state.caps);
388 else if (op == ZPRIVS_LOWER)
389 priv_emptyset (zprivs_state.caps);
390 else
391 return -1;
392
393 if (setppriv (PRIV_SET, PRIV_EFFECTIVE, zprivs_state.caps) != 0)
394 return -1;
395
396 return 0;
397 }
398
399 /* Retrieve current privilege state, is it RAISED or LOWERED? */
400 zebra_privs_current_t
401 zprivs_state_caps (void)
402 {
403 zebra_privs_current_t result;
404 pset_t *effective;
405
406 if ( (effective = priv_allocset()) == NULL)
407 {
408 fprintf (stderr, "%s: failed to get priv_allocset! %s\n", __func__,
409 safe_strerror (errno));
410 return ZPRIVS_UNKNOWN;
411 }
412
413 if (getppriv (PRIV_EFFECTIVE, effective))
414 {
415 fprintf (stderr, "%s: failed to get state! %s\n", __func__,
416 safe_strerror (errno));
417 result = ZPRIVS_UNKNOWN;
418 }
419 else
420 {
421 if (priv_isemptyset (effective) == B_TRUE)
422 result = ZPRIVS_LOWERED;
423 else
424 result = ZPRIVS_RAISED;
425 }
426
427 if (effective)
428 priv_freeset (effective);
429
430 return result;
431 }
432
433 static void
434 zprivs_caps_init (struct zebra_privs_t *zprivs)
435 {
436 pset_t *basic;
437 pset_t *empty;
438
439 /* the specified sets */
440 zprivs_state.syscaps_p = zcaps2sys (zprivs->caps_p, zprivs->cap_num_p);
441 zprivs_state.syscaps_i = zcaps2sys (zprivs->caps_i, zprivs->cap_num_i);
442
443 /* nonsensical to have gotten here but not have capabilities */
444 if (!zprivs_state.syscaps_p)
445 {
446 fprintf (stderr, "%s: capabilities enabled, "
447 "but no valid capabilities supplied\n",
448 __func__);
449 }
450
451 /* We retain the basic set in our permitted set, as Linux has no
452 * equivalent. The basic set on Linux hence is implicit, always
453 * there.
454 */
455 if ((basic = priv_str_to_set("basic", ",", NULL)) == NULL)
456 {
457 fprintf (stderr, "%s: couldn't get basic set!\n", __func__);
458 exit (1);
459 }
460
461 /* Add the basic set to the permitted set */
462 priv_union (basic, zprivs_state.syscaps_p);
463 priv_freeset (basic);
464
465 /* we need an empty set for 'effective', potentially for inheritable too */
466 if ( (empty = priv_allocset()) == NULL)
467 {
468 fprintf (stderr, "%s: couldn't get empty set!\n", __func__);
469 exit (1);
470 }
471 priv_emptyset (empty);
472
473 /* Hey kernel, we know about privileges!
474 * this isn't strictly required, use of setppriv should have same effect
475 */
476 if (setpflags (PRIV_AWARE, 1))
477 {
478 fprintf (stderr, "%s: error setting PRIV_AWARE!, %s\n", __func__,
479 safe_strerror (errno) );
480 exit (1);
481 }
482
483 /* need either valid or empty sets for both p and i.. */
484 assert (zprivs_state.syscaps_i && zprivs_state.syscaps_p);
485
486 /* we have caps, we have no need to ever change back the original user
487 * change real, effective and saved to the specified user.
488 */
489 if (zprivs_state.zuid)
490 {
491 if ( setreuid (zprivs_state.zuid, zprivs_state.zuid) )
492 {
493 fprintf (stderr, "%s: could not setreuid, %s\n",
494 __func__, safe_strerror (errno));
495 exit (1);
496 }
497 }
498
499 /* set the permitted set */
500 if (setppriv (PRIV_SET, PRIV_PERMITTED, zprivs_state.syscaps_p))
501 {
502 fprintf (stderr, "%s: error setting permitted set!, %s\n", __func__,
503 safe_strerror (errno) );
504 exit (1);
505 }
506
507 /* set the inheritable set */
508 if (setppriv (PRIV_SET, PRIV_INHERITABLE, zprivs_state.syscaps_i))
509 {
510 fprintf (stderr, "%s: error setting inheritable set!, %s\n", __func__,
511 safe_strerror (errno) );
512 exit (1);
513 }
514
515 /* now clear the effective set and we're ready to go */
516 if (setppriv (PRIV_SET, PRIV_EFFECTIVE, empty))
517 {
518 fprintf (stderr, "%s: error setting effective set!, %s\n", __func__,
519 safe_strerror (errno) );
520 exit (1);
521 }
522
523 /* we'll use this as our working-storage privset */
524 zprivs_state.caps = empty;
525
526 /* set methods for the caller to use */
527 zprivs->change = zprivs_change_caps;
528 zprivs->current_state = zprivs_state_caps;
529 }
530
531 static void
532 zprivs_caps_terminate (void)
533 {
534 assert (zprivs_state.caps);
535
536 /* clear all capabilities */
537 priv_emptyset (zprivs_state.caps);
538 setppriv (PRIV_SET, PRIV_EFFECTIVE, zprivs_state.caps);
539 setppriv (PRIV_SET, PRIV_PERMITTED, zprivs_state.caps);
540 setppriv (PRIV_SET, PRIV_INHERITABLE, zprivs_state.caps);
541
542 /* free up private state */
543 if (zprivs_state.syscaps_p)
544 priv_freeset (zprivs_state.syscaps_p);
545 if (zprivs_state.syscaps_i)
546 priv_freeset (zprivs_state.syscaps_i);
547
548 priv_freeset (zprivs_state.caps);
549 }
550 #else /* !HAVE_LCAPS && ! HAVE_SOLARIS_CAPABILITIES */
551 #error "Neither Solaris nor Linux capabilities, dazed and confused..."
552 #endif /* HAVE_LCAPS */
553 #endif /* HAVE_CAPABILITIES */
554 \f
555 int
556 zprivs_change_uid (zebra_privs_ops_t op)
557 {
558
559 if (op == ZPRIVS_RAISE)
560 return seteuid (zprivs_state.zsuid);
561 else if (op == ZPRIVS_LOWER)
562 return seteuid (zprivs_state.zuid);
563 else
564 return -1;
565 }
566
567 zebra_privs_current_t
568 zprivs_state_uid (void)
569 {
570 return ( (zprivs_state.zuid == geteuid()) ? ZPRIVS_LOWERED : ZPRIVS_RAISED);
571 }
572
573 int
574 zprivs_change_null (zebra_privs_ops_t op)
575 {
576 return 0;
577 }
578
579 zebra_privs_current_t
580 zprivs_state_null (void)
581 {
582 return zprivs_null_state;
583 }
584
585 void
586 zprivs_init(struct zebra_privs_t *zprivs)
587 {
588 struct passwd *pwentry = NULL;
589 struct group *grentry = NULL;
590
591 if (!zprivs)
592 {
593 fprintf (stderr, "zprivs_init: called with NULL arg!\n");
594 exit (1);
595 }
596
597 /* NULL privs */
598 if (! (zprivs->user || zprivs->group
599 || zprivs->cap_num_p || zprivs->cap_num_i) )
600 {
601 zprivs->change = zprivs_change_null;
602 zprivs->current_state = zprivs_state_null;
603 return;
604 }
605
606 if (zprivs->user)
607 {
608 if ( (pwentry = getpwnam (zprivs->user)) )
609 {
610 zprivs_state.zuid = pwentry->pw_uid;
611 }
612 else
613 {
614 /* cant use log.h here as it depends on vty */
615 fprintf (stderr, "privs_init: could not lookup user %s\n",
616 zprivs->user);
617 exit (1);
618 }
619 }
620
621 grentry = NULL;
622
623 if (zprivs->vty_group)
624 /* Add the vty_group to the supplementary groups so it can be chowned to */
625 {
626 if ( (grentry = getgrnam (zprivs->vty_group)) )
627 {
628 zprivs_state.vtygrp = grentry->gr_gid;
629 if ( setgroups (1, &zprivs_state.vtygrp) )
630 {
631 fprintf (stderr, "privs_init: could not setgroups, %s\n",
632 safe_strerror (errno) );
633 exit (1);
634 }
635 }
636 else
637 {
638 fprintf (stderr, "privs_init: could not lookup vty group %s\n",
639 zprivs->vty_group);
640 exit (1);
641 }
642 }
643
644 if (zprivs->group)
645 {
646 if ( (grentry = getgrnam (zprivs->group)) )
647 {
648 zprivs_state.zgid = grentry->gr_gid;
649 }
650 else
651 {
652 fprintf (stderr, "privs_init: could not lookup group %s\n",
653 zprivs->group);
654 exit (1);
655 }
656 /* change group now, forever. uid we do later */
657 if ( setregid (zprivs_state.zgid, zprivs_state.zgid) )
658 {
659 fprintf (stderr, "zprivs_init: could not setregid, %s\n",
660 safe_strerror (errno) );
661 exit (1);
662 }
663 }
664
665 #ifdef HAVE_CAPABILITIES
666 zprivs_caps_init (zprivs);
667 #else /* !HAVE_CAPABILITIES */
668 /* we dont have caps. we'll need to maintain rid and saved uid
669 * and change euid back to saved uid (who we presume has all neccessary
670 * privileges) whenever we are asked to raise our privileges.
671 *
672 * This is not worth that much security wise, but all we can do.
673 */
674 zprivs_state.zsuid = geteuid();
675 if ( zprivs_state.zuid )
676 {
677 if ( setreuid (-1, zprivs_state.zuid) )
678 {
679 fprintf (stderr, "privs_init (uid): could not setreuid, %s\n",
680 safe_strerror (errno));
681 exit (1);
682 }
683 }
684
685 zprivs->change = zprivs_change_uid;
686 zprivs->current_state = zprivs_state_uid;
687 #endif /* HAVE_CAPABILITIES */
688 }
689
690 void
691 zprivs_terminate (struct zebra_privs_t *zprivs)
692 {
693 if (!zprivs)
694 {
695 fprintf (stderr, "%s: no privs struct given, terminating", __func__);
696 exit (0);
697 }
698
699 #ifdef HAVE_CAPABILITIES
700 zprivs_caps_terminate();
701 #else /* !HAVE_CAPABILITIES */
702 if (zprivs_state.zuid)
703 {
704 if ( setreuid (zprivs_state.zuid, zprivs_state.zuid) )
705 {
706 fprintf (stderr, "privs_terminate: could not setreuid, %s",
707 safe_strerror (errno) );
708 exit (1);
709 }
710 }
711 #endif /* HAVE_LCAPS */
712
713 zprivs->change = zprivs_change_null;
714 zprivs->current_state = zprivs_state_null;
715 zprivs_null_state = ZPRIVS_LOWERED;
716 return;
717 }
718
719 void
720 zprivs_get_ids(struct zprivs_ids_t *ids)
721 {
722
723 ids->uid_priv = getuid();
724 (zprivs_state.zuid) ? (ids->uid_normal = zprivs_state.zuid)
725 : (ids->uid_normal = -1);
726 (zprivs_state.zgid) ? (ids->gid_normal = zprivs_state.zgid)
727 : (ids->gid_normal = -1);
728 (zprivs_state.vtygrp) ? (ids->gid_vty = zprivs_state.vtygrp)
729 : (ids->gid_vty = -1);
730
731 return;
732 }
Various project for quagga