usr/src/cmd/gss/gssd/gssd_getuid.c

   1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  23  * Use is subject to license terms.
  24  */
  25
  26 /*
  27  *  Routines to set gssd value of uid and replace getuid libsys call.
  28  */
  29
  30 #include <sys/types.h>
  31 #include <unistd.h>
  32 #include <stdio.h>
  33 #include <stdlib.h>
  34 #include <libintl.h>
  35 #include <priv.h>
  36 #include <errno.h>
  37 #include <syslog.h>
  38
  39 static uid_t krb5_cc_uid;
  40 #define LOWPRIVS        "basic,!file_link_any,!proc_info,!proc_session," \
  41                         "!proc_fork,!proc_exec"
  42
  43 static priv_set_t *lowprivs = NULL;
  44 static priv_set_t *highprivs = NULL;
  45
  46 /*
  47  * NOTE WELL: This assumes gssd is NOT multi-threaded.  Do NOT add -A to
  48  * the rpcgen argument list in the Makefile unless you also remove this
  49  * assumption.
  50  */
  51
  52 void
  53 set_gssd_uid(uid_t uid)
  54 {
  55         /* Initialize */
  56         if (lowprivs == NULL) {
  57                 /* L, P & I shall not change in gssd; we manipulate P though */
  58                 if ((highprivs = priv_allocset()) == NULL ||
  59                     (lowprivs = priv_str_to_set(LOWPRIVS, ",", NULL)) == NULL) {
  60                         printf(gettext(
  61                             "fatal: can't allocate privilege set (%s)\n"),
  62                             strerror(ENOMEM));
  63                         syslog(LOG_ERR, "Fatal: can't allocate privilege "
  64                             "set (%s)"), strerror(ENOMEM);
  65                         exit(1);
  66                 }
  67                 /* P has the privs we need when we need privs */
  68                 (void) getppriv(PRIV_PERMITTED, highprivs);
  69
  70                 /*
  71                  * In case "basic" grows privs not excluded in LOWPRIVS
  72                  * but excluded in the service's method_context
  73                  */
  74                 priv_intersect(highprivs, lowprivs);
  75
  76                 (void) setpflags(PRIV_AWARE, 1);
  77         }
  78
  79         printf(gettext("set_gssd_uid called with uid = %d\n"), uid);
  80
  81         /*
  82          * nfsd runs as UID 1, so upcalls triggered by nfsd will cause uid to
  83          * 1 here, but nfsd's upcalls need to run as root with privs here.
  84          */
  85         if (uid == 1)
  86                 uid = 0;
  87
  88         /*
  89          * Set the value of krb5_cc_uid, so it can be retrieved when
  90          * app_krb5_user_uid() is called by the underlying mechanism
  91          * libraries.  This should go away soon.
  92          */
  93         krb5_cc_uid = uid;
  94
  95         /* Claw privs back */
  96         (void) setppriv(PRIV_SET, PRIV_EFFECTIVE, highprivs);
  97
  98         /*
  99          * Switch uid and set the saved set-uid to 0 so setuid(0) will work
 100          * later.
 101          */
 102         if (setuid(0) != 0 ||
 103             (uid != 0 && setreuid(uid, -1) != 0) ||
 104             (uid != 0 && seteuid(uid) != 0)) {
 105
 106                 /* Not enough privs, so bail! */
 107                 printf(gettext(
 108                     "fatal: gssd is running with insufficient privilege\n"));
 109                 syslog(LOG_ERR, "Fatal: gssd is running with insufficient "
 110                     "privilege.");
 111                 exit(1);
 112         }
 113
 114         /* Temporarily drop privs, but only if uid != 0 */
 115         if (uid != 0)
 116                 (void) setppriv(PRIV_SET, PRIV_EFFECTIVE, lowprivs);
 117 }
 118
 119 uid_t
 120 app_krb5_user_uid(void)
 121 {
 122         /*
 123          * return the value set when one of the gssd procedures was
 124          * entered. This is the value of the uid under which the
 125          * underlying mechanism library must operate in order to
 126          * get the user's credentials. This call is necessary since
 127          * gssd runs as root and credentials are many times stored
 128          * in files and directories specific to the user
 129          */
 130         printf(gettext(
 131             "getuid called and returning krb5_cc_uid = %d\n"), krb5_cc_uid);
 132         return (krb5_cc_uid);
 133 }