xref: /illumos-gate/usr/src/cmd/gss/gssd/gssd_getuid.c (revision 1f03f049)

/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */
/*
 * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

/*
 *  Routines to set gssd value of uid and replace getuid libsys call.
 */

#include <sys/types.h>
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <libintl.h>
#include <priv.h>
#include <errno.h>
#include <syslog.h>

static uid_t krb5_cc_uid;
#define	LOWPRIVS	"basic,!file_link_any,!proc_info,!proc_session," \
			"!proc_fork,!proc_exec"

static priv_set_t *lowprivs = NULL;
static priv_set_t *highprivs = NULL;

/*
 * NOTE WELL: This assumes gssd is NOT multi-threaded.  Do NOT add -A to
 * the rpcgen argument list in the Makefile unless you also remove this
 * assumption.
 */

void
set_gssd_uid(uid_t uid)
{
	/* Initialize */
	if (lowprivs == NULL) {
		/* L, P & I shall not change in gssd; we manipulate P though */
		if ((highprivs = priv_allocset()) == NULL ||
		    (lowprivs = priv_str_to_set(LOWPRIVS, ",", NULL)) == NULL) {
			printf(gettext(
			    "fatal: can't allocate privilege set (%s)\n"),
			    strerror(ENOMEM));
			syslog(LOG_ERR, "Fatal: can't allocate privilege "
			    "set (%s)"), strerror(ENOMEM);
			exit(1);
		}
		/* P has the privs we need when we need privs */
		(void) getppriv(PRIV_PERMITTED, highprivs);

		/*
		 * In case "basic" grows privs not excluded in LOWPRIVS
		 * but excluded in the service's method_context
		 */
		priv_intersect(highprivs, lowprivs);

		(void) setpflags(PRIV_AWARE, 1);
	}

	printf(gettext("set_gssd_uid called with uid = %d\n"), uid);

	/*
	 * nfsd runs as UID 1, so upcalls triggered by nfsd will cause uid to
	 * 1 here, but nfsd's upcalls need to run as root with privs here.
	 */
	if (uid == 1)
		uid = 0;

	/*
	 * Set the value of krb5_cc_uid, so it can be retrieved when
	 * app_krb5_user_uid() is called by the underlying mechanism
	 * libraries.  This should go away soon.
	 */
	krb5_cc_uid = uid;

	/* Claw privs back */
	(void) setppriv(PRIV_SET, PRIV_EFFECTIVE, highprivs);

	/*
	 * Switch uid and set the saved set-uid to 0 so setuid(0) will work
	 * later.
	 */
	if (setuid(0) != 0 ||
	    (uid != 0 && setreuid(uid, -1) != 0) ||
	    (uid != 0 && seteuid(uid) != 0)) {

		/* Not enough privs, so bail! */
		printf(gettext(
		    "fatal: gssd is running with insufficient privilege\n"));
		syslog(LOG_ERR, "Fatal: gssd is running with insufficient "
		    "privilege.");
		exit(1);
	}

	/* Temporarily drop privs, but only if uid != 0 */
	if (uid != 0)
		(void) setppriv(PRIV_SET, PRIV_EFFECTIVE, lowprivs);
}

uid_t
app_krb5_user_uid(void)
{
	/*
	 * return the value set when one of the gssd procedures was
	 * entered. This is the value of the uid under which the
	 * underlying mechanism library must operate in order to
	 * get the user's credentials. This call is necessary since
	 * gssd runs as root and credentials are many times stored
	 * in files and directories specific to the user
	 */
	printf(gettext(
	    "getuid called and returning krb5_cc_uid = %d\n"), krb5_cc_uid);
	return (krb5_cc_uid);
}