/* * CDDL HEADER START * * The contents of this file are subject to the terms of the * Common Development and Distribution License (the "License"). * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. * See the License for the specific language governing permissions * and limitations under the License. * * When distributing Covered Code, include this CDDL HEADER in each * file and include the License file at usr/src/OPENSOLARIS.LICENSE. * If applicable, add the following below this CDDL HEADER, with the * fields enclosed by brackets "[]" replaced with your own identifying * information: Portions Copyright [yyyy] [name of copyright owner] * * CDDL HEADER END */ /* * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ /* * Routines to set gssd value of uid and replace getuid libsys call. */ #include <sys/types.h> #include <unistd.h> #include <stdio.h> #include <stdlib.h> #include <libintl.h> #include <priv.h> #include <errno.h> #include <syslog.h> static uid_t krb5_cc_uid; #define LOWPRIVS "basic,!file_link_any,!proc_info,!proc_session," \ "!proc_fork,!proc_exec" static priv_set_t *lowprivs = NULL; static priv_set_t *highprivs = NULL; /* * NOTE WELL: This assumes gssd is NOT multi-threaded. Do NOT add -A to * the rpcgen argument list in the Makefile unless you also remove this * assumption. */ void set_gssd_uid(uid_t uid) { /* Initialize */ if (lowprivs == NULL) { /* L, P & I shall not change in gssd; we manipulate P though */ if ((highprivs = priv_allocset()) == NULL || (lowprivs = priv_str_to_set(LOWPRIVS, ",", NULL)) == NULL) { printf(gettext( "fatal: can't allocate privilege set (%s)\n"), strerror(ENOMEM)); syslog(LOG_ERR, "Fatal: can't allocate privilege " "set (%s)"), strerror(ENOMEM); exit(1); } /* P has the privs we need when we need privs */ (void) getppriv(PRIV_PERMITTED, highprivs); /* * In case "basic" grows privs not excluded in LOWPRIVS * but excluded in the service's method_context */ priv_intersect(highprivs, lowprivs); (void) setpflags(PRIV_AWARE, 1); } printf(gettext("set_gssd_uid called with uid = %d\n"), uid); /* * nfsd runs as UID 1, so upcalls triggered by nfsd will cause uid to * 1 here, but nfsd's upcalls need to run as root with privs here. */ if (uid == 1) uid = 0; /* * Set the value of krb5_cc_uid, so it can be retrieved when * app_krb5_user_uid() is called by the underlying mechanism * libraries. This should go away soon. */ krb5_cc_uid = uid; /* Claw privs back */ (void) setppriv(PRIV_SET, PRIV_EFFECTIVE, highprivs); /* * Switch uid and set the saved set-uid to 0 so setuid(0) will work * later. */ if (setuid(0) != 0 || (uid != 0 && setreuid(uid, -1) != 0) || (uid != 0 && seteuid(uid) != 0)) { /* Not enough privs, so bail! */ printf(gettext( "fatal: gssd is running with insufficient privilege\n")); syslog(LOG_ERR, "Fatal: gssd is running with insufficient " "privilege."); exit(1); } /* Temporarily drop privs, but only if uid != 0 */ if (uid != 0) (void) setppriv(PRIV_SET, PRIV_EFFECTIVE, lowprivs); } uid_t app_krb5_user_uid(void) { /* * return the value set when one of the gssd procedures was * entered. This is the value of the uid under which the * underlying mechanism library must operate in order to * get the user's credentials. This call is necessary since * gssd runs as root and credentials are many times stored * in files and directories specific to the user */ printf(gettext( "getuid called and returning krb5_cc_uid = %d\n"), krb5_cc_uid); return (krb5_cc_uid); }
