17c478bd9Sstevel@tonic-gate /*
27c478bd9Sstevel@tonic-gate * CDDL HEADER START
37c478bd9Sstevel@tonic-gate *
47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the
524da5b34Srie * Common Development and Distribution License (the "License").
624da5b34Srie * You may not use this file except in compliance with the License.
77c478bd9Sstevel@tonic-gate *
87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing.
107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions
117c478bd9Sstevel@tonic-gate * and limitations under the License.
127c478bd9Sstevel@tonic-gate *
137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each
147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the
167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying
177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner]
187c478bd9Sstevel@tonic-gate *
197c478bd9Sstevel@tonic-gate * CDDL HEADER END
207c478bd9Sstevel@tonic-gate */
217c478bd9Sstevel@tonic-gate /*
22*1f03f049SPeter Shoults * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
2324da5b34Srie * Use is subject to license terms.
247c478bd9Sstevel@tonic-gate */
257c478bd9Sstevel@tonic-gate
267c478bd9Sstevel@tonic-gate /*
277c478bd9Sstevel@tonic-gate * Routines to set gssd value of uid and replace getuid libsys call.
287c478bd9Sstevel@tonic-gate */
297c478bd9Sstevel@tonic-gate
307c478bd9Sstevel@tonic-gate #include <sys/types.h>
317c478bd9Sstevel@tonic-gate #include <unistd.h>
327c478bd9Sstevel@tonic-gate #include <stdio.h>
337c478bd9Sstevel@tonic-gate #include <stdlib.h>
347c478bd9Sstevel@tonic-gate #include <libintl.h>
35*1f03f049SPeter Shoults #include <priv.h>
36*1f03f049SPeter Shoults #include <errno.h>
37*1f03f049SPeter Shoults #include <syslog.h>
387c478bd9Sstevel@tonic-gate
3924da5b34Srie static uid_t krb5_cc_uid;
40*1f03f049SPeter Shoults #define LOWPRIVS "basic,!file_link_any,!proc_info,!proc_session," \
41*1f03f049SPeter Shoults "!proc_fork,!proc_exec"
42*1f03f049SPeter Shoults
43*1f03f049SPeter Shoults static priv_set_t *lowprivs = NULL;
44*1f03f049SPeter Shoults static priv_set_t *highprivs = NULL;
45*1f03f049SPeter Shoults
46*1f03f049SPeter Shoults /*
47*1f03f049SPeter Shoults * NOTE WELL: This assumes gssd is NOT multi-threaded. Do NOT add -A to
48*1f03f049SPeter Shoults * the rpcgen argument list in the Makefile unless you also remove this
49*1f03f049SPeter Shoults * assumption.
50*1f03f049SPeter Shoults */
517c478bd9Sstevel@tonic-gate
527c478bd9Sstevel@tonic-gate void
set_gssd_uid(uid_t uid)5324da5b34Srie set_gssd_uid(uid_t uid)
547c478bd9Sstevel@tonic-gate {
55*1f03f049SPeter Shoults /* Initialize */
56*1f03f049SPeter Shoults if (lowprivs == NULL) {
57*1f03f049SPeter Shoults /* L, P & I shall not change in gssd; we manipulate P though */
58*1f03f049SPeter Shoults if ((highprivs = priv_allocset()) == NULL ||
59*1f03f049SPeter Shoults (lowprivs = priv_str_to_set(LOWPRIVS, ",", NULL)) == NULL) {
60*1f03f049SPeter Shoults printf(gettext(
61*1f03f049SPeter Shoults "fatal: can't allocate privilege set (%s)\n"),
62*1f03f049SPeter Shoults strerror(ENOMEM));
63*1f03f049SPeter Shoults syslog(LOG_ERR, "Fatal: can't allocate privilege "
64*1f03f049SPeter Shoults "set (%s)"), strerror(ENOMEM);
65*1f03f049SPeter Shoults exit(1);
66*1f03f049SPeter Shoults }
67*1f03f049SPeter Shoults /* P has the privs we need when we need privs */
68*1f03f049SPeter Shoults (void) getppriv(PRIV_PERMITTED, highprivs);
69*1f03f049SPeter Shoults
70*1f03f049SPeter Shoults /*
71*1f03f049SPeter Shoults * In case "basic" grows privs not excluded in LOWPRIVS
72*1f03f049SPeter Shoults * but excluded in the service's method_context
73*1f03f049SPeter Shoults */
74*1f03f049SPeter Shoults priv_intersect(highprivs, lowprivs);
75*1f03f049SPeter Shoults
76*1f03f049SPeter Shoults (void) setpflags(PRIV_AWARE, 1);
77*1f03f049SPeter Shoults }
78*1f03f049SPeter Shoults
79*1f03f049SPeter Shoults printf(gettext("set_gssd_uid called with uid = %d\n"), uid);
80*1f03f049SPeter Shoults
817c478bd9Sstevel@tonic-gate /*
82*1f03f049SPeter Shoults * nfsd runs as UID 1, so upcalls triggered by nfsd will cause uid to
83*1f03f049SPeter Shoults * 1 here, but nfsd's upcalls need to run as root with privs here.
84*1f03f049SPeter Shoults */
85*1f03f049SPeter Shoults if (uid == 1)
86*1f03f049SPeter Shoults uid = 0;
87*1f03f049SPeter Shoults
88*1f03f049SPeter Shoults /*
89*1f03f049SPeter Shoults * Set the value of krb5_cc_uid, so it can be retrieved when
90*1f03f049SPeter Shoults * app_krb5_user_uid() is called by the underlying mechanism
91*1f03f049SPeter Shoults * libraries. This should go away soon.
927c478bd9Sstevel@tonic-gate */
9324da5b34Srie krb5_cc_uid = uid;
94*1f03f049SPeter Shoults
95*1f03f049SPeter Shoults /* Claw privs back */
96*1f03f049SPeter Shoults (void) setppriv(PRIV_SET, PRIV_EFFECTIVE, highprivs);
97*1f03f049SPeter Shoults
98*1f03f049SPeter Shoults /*
99*1f03f049SPeter Shoults * Switch uid and set the saved set-uid to 0 so setuid(0) will work
100*1f03f049SPeter Shoults * later.
101*1f03f049SPeter Shoults */
102*1f03f049SPeter Shoults if (setuid(0) != 0 ||
103*1f03f049SPeter Shoults (uid != 0 && setreuid(uid, -1) != 0) ||
104*1f03f049SPeter Shoults (uid != 0 && seteuid(uid) != 0)) {
105*1f03f049SPeter Shoults
106*1f03f049SPeter Shoults /* Not enough privs, so bail! */
107*1f03f049SPeter Shoults printf(gettext(
108*1f03f049SPeter Shoults "fatal: gssd is running with insufficient privilege\n"));
109*1f03f049SPeter Shoults syslog(LOG_ERR, "Fatal: gssd is running with insufficient "
110*1f03f049SPeter Shoults "privilege.");
111*1f03f049SPeter Shoults exit(1);
112*1f03f049SPeter Shoults }
113*1f03f049SPeter Shoults
114*1f03f049SPeter Shoults /* Temporarily drop privs, but only if uid != 0 */
115*1f03f049SPeter Shoults if (uid != 0)
116*1f03f049SPeter Shoults (void) setppriv(PRIV_SET, PRIV_EFFECTIVE, lowprivs);
1177c478bd9Sstevel@tonic-gate }
1187c478bd9Sstevel@tonic-gate
1197c478bd9Sstevel@tonic-gate uid_t
app_krb5_user_uid(void)12024da5b34Srie app_krb5_user_uid(void)
1217c478bd9Sstevel@tonic-gate {
1227c478bd9Sstevel@tonic-gate /*
1237c478bd9Sstevel@tonic-gate * return the value set when one of the gssd procedures was
1247c478bd9Sstevel@tonic-gate * entered. This is the value of the uid under which the
1257c478bd9Sstevel@tonic-gate * underlying mechanism library must operate in order to
1267c478bd9Sstevel@tonic-gate * get the user's credentials. This call is necessary since
1277c478bd9Sstevel@tonic-gate * gssd runs as root and credentials are many times stored
1287c478bd9Sstevel@tonic-gate * in files and directories specific to the user
1297c478bd9Sstevel@tonic-gate */
1307c478bd9Sstevel@tonic-gate printf(gettext(
131*1f03f049SPeter Shoults "getuid called and returning krb5_cc_uid = %d\n"), krb5_cc_uid);
13224da5b34Srie return (krb5_cc_uid);
1337c478bd9Sstevel@tonic-gate }
134