getpwnam_r and getgrnam_r are not supported by the Android NDK
[strongswan.git] / src / libstrongswan / utils / capabilities.c
1 /*
2 * Copyright (C) 2012 Tobias Brunner
3 * Hochschule fuer Technik Rapperswil
4 * Copyright (C) 2012 Martin Willi
5 * Copyright (C) 2012 revosec AG
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 */
17
18 #include "capabilities.h"
19
20 #include <errno.h>
21 #include <string.h>
22 #include <sys/types.h>
23 #include <pwd.h>
24 #include <grp.h>
25 #include <unistd.h>
26 #ifdef HAVE_PRCTL
27 # include <sys/prctl.h>
28 #endif /* HAVE_PRCTL */
29
30 #include <debug.h>
31
32 #if !defined(HAVE_GETPWNAM_R) || !defined(HAVE_GETGRNAM_R)
33 # include <threading/mutex.h>
34 # define EMULATE_R_FUNCS
35 #endif
36
37 typedef struct private_capabilities_t private_capabilities_t;
38
39 /**
40 * Private data of an capabilities_t object.
41 */
42 struct private_capabilities_t {
43
44 /**
45 * Public capabilities_t interface.
46 */
47 capabilities_t public;
48
49 /**
50 * user ID to switch during rights dropping
51 */
52 uid_t uid;
53
54 /**
55 * group ID to switch during rights dropping
56 */
57 gid_t gid;
58
59 /**
60 * capabilities to keep
61 */
62 #ifdef CAPABILITIES_LIBCAP
63 cap_t caps;
64 #endif /* CAPABILITIES_LIBCAP */
65 #ifdef CAPABILITIES_NATIVE
66 struct __user_cap_data_struct caps[2];
67 #endif /* CAPABILITIES_NATIVE */
68
69 #ifdef EMULATE_R_FUNCS
70 /**
71 * mutex to emulate get(pw|gr)nam_r functions
72 */
73 mutex_t *mutex;
74 #endif
75 };
76
77 METHOD(capabilities_t, keep, void,
78 private_capabilities_t *this, u_int cap)
79 {
80 #ifdef CAPABILITIES_LIBCAP
81 cap_set_flag(this->caps, CAP_EFFECTIVE, 1, &cap, CAP_SET);
82 cap_set_flag(this->caps, CAP_INHERITABLE, 1, &cap, CAP_SET);
83 cap_set_flag(this->caps, CAP_PERMITTED, 1, &cap, CAP_SET);
84 #endif /* CAPABILITIES_LIBCAP */
85 #ifdef CAPABILITIES_NATIVE
86 int i = 0;
87
88 if (cap >= 32)
89 {
90 i++;
91 cap -= 32;
92 }
93 this->caps[i].effective |= 1 << cap;
94 this->caps[i].permitted |= 1 << cap;
95 this->caps[i].inheritable |= 1 << cap;
96 #endif /* CAPABILITIES_NATIVE */
97 }
98
99 METHOD(capabilities_t, get_uid, uid_t,
100 private_capabilities_t *this)
101 {
102 return this->uid;
103 }
104
105 METHOD(capabilities_t, get_gid, gid_t,
106 private_capabilities_t *this)
107 {
108 return this->gid;
109 }
110
111 METHOD(capabilities_t, set_uid, void,
112 private_capabilities_t *this, uid_t uid)
113 {
114 this->uid = uid;
115 }
116
117 METHOD(capabilities_t, set_gid, void,
118 private_capabilities_t *this, gid_t gid)
119 {
120 this->gid = gid;
121 }
122
123 METHOD(capabilities_t, resolve_uid, bool,
124 private_capabilities_t *this, char *username)
125 {
126 struct passwd *pwp;
127 int err;
128
129 #ifdef HAVE_GETPWNAM_R
130 struct passwd passwd;
131 char buf[1024];
132
133 err = getpwnam_r(username, &passwd, buf, sizeof(buf), &pwp);
134 if (pwp)
135 {
136 this->uid = pwp->pw_uid;
137 }
138 #else /* HAVE GETPWNAM_R */
139 this->mutex->lock(this->mutex);
140 pwp = getpwnam(username);
141 if (pwp)
142 {
143 this->uid = pwp->pw_uid;
144 }
145 err = errno;
146 this->mutex->unlock(this->mutex);
147 #endif /* HAVE GETPWNAM_R */
148 if (pwp)
149 {
150 return TRUE;
151 }
152 DBG1(DBG_LIB, "resolving user '%s' failed: %s", username,
153 err ? strerror(err) : "user not found");
154 return FALSE;
155 }
156
157 METHOD(capabilities_t, resolve_gid, bool,
158 private_capabilities_t *this, char *groupname)
159 {
160 struct group *grp;
161 int err;
162
163 #ifdef HAVE_GETGRNAM_R
164 struct group group;
165 char buf[1024];
166
167 err = getgrnam_r(groupname, &group, buf, sizeof(buf), &grp);
168 if (grp)
169 {
170 this->gid = grp->gr_gid;
171 }
172 #else /* HAVE_GETGRNAM_R */
173 this->mutex->lock(this->mutex);
174 grp = getgrnam(groupname);
175 if (grp)
176 {
177 this->gid = grp->gr_gid;
178 }
179 err = errno;
180 this->mutex->unlock(this->mutex);
181 #endif /* HAVE_GETGRNAM_R */
182 if (grp)
183 {
184 return TRUE;
185 }
186 DBG1(DBG_LIB, "resolving user '%s' failed: %s", groupname,
187 err ? strerror(err) : "group not found");
188 return FALSE;
189 }
190
191 METHOD(capabilities_t, drop, bool,
192 private_capabilities_t *this)
193 {
194 #ifdef HAVE_PRCTL
195 prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);
196 #endif
197
198 if (this->gid && setgid(this->gid) != 0)
199 {
200 DBG1(DBG_LIB, "change to unprivileged group %u failed: %s",
201 this->gid, strerror(errno));
202 return FALSE;
203 }
204 if (this->uid && setuid(this->uid) != 0)
205 {
206 DBG1(DBG_LIB, "change to unprivileged user %u failed: %s",
207 this->uid, strerror(errno));
208 return FALSE;
209 }
210
211 #ifdef CAPABILITIES_LIBCAP
212 if (cap_set_proc(this->caps) != 0)
213 {
214 DBG1(DBG_LIB, "dropping capabilities failed: %s", strerror(errno));
215 return FALSE;
216 }
217 #endif /* CAPABILITIES_LIBCAP */
218 #ifdef CAPABILITIES_NATIVE
219 struct __user_cap_header_struct header = {
220 #if defined(_LINUX_CAPABILITY_VERSION_3)
221 .version = _LINUX_CAPABILITY_VERSION_3,
222 #elif defined(_LINUX_CAPABILITY_VERSION_2)
223 .version = _LINUX_CAPABILITY_VERSION_2,
224 #elif defined(_LINUX_CAPABILITY_VERSION_1)
225 .version = _LINUX_CAPABILITY_VERSION_1,
226 #else
227 .version = _LINUX_CAPABILITY_VERSION,
228 #endif
229 };
230 if (capset(&header, this->caps) != 0)
231 {
232 DBG1(DBG_LIB, "dropping capabilities failed: %s", strerror(errno));
233 return FALSE;
234 }
235 #endif /* CAPABILITIES_NATIVE */
236 #ifdef CAPABILITIES
237 DBG1(DBG_LIB, "dropped capabilities, running as uid %u, gid %u",
238 this->uid, this->gid);
239 #endif /* CAPABILITIES */
240 return TRUE;
241 }
242
243 METHOD(capabilities_t, destroy, void,
244 private_capabilities_t *this)
245 {
246 #ifdef EMULATE_R_FUNCS
247 this->mutex->destroy(this->mutex);
248 #endif /* EMULATE_R_FUNCS */
249 #ifdef CAPABILITIES_LIBCAP
250 cap_free(this->caps);
251 #endif /* CAPABILITIES_LIBCAP */
252 free(this);
253 }
254
255 /**
256 * See header
257 */
258 capabilities_t *capabilities_create()
259 {
260 private_capabilities_t *this;
261
262 INIT(this,
263 .public = {
264 .keep = _keep,
265 .get_uid = _get_uid,
266 .get_gid = _get_gid,
267 .set_uid = _set_uid,
268 .set_gid = _set_gid,
269 .resolve_uid = _resolve_uid,
270 .resolve_gid = _resolve_gid,
271 .drop = _drop,
272 .destroy = _destroy,
273 },
274 );
275
276 #ifdef CAPABILITIES
277 #ifdef CAPABILITIES_LIBCAP
278 this->caps = cap_init();
279 #endif /* CAPABILITIES_LIBCAP */
280 if (lib->leak_detective)
281 {
282 keep(this, CAP_SYS_NICE);
283 }
284 #endif /* CAPABILITIES */
285
286 #ifdef EMULATE_R_FUNCS
287 this->mutex = mutex_create(MUTEX_TYPE_DEFAULT);
288 #endif /* EMULATE_R_FUNCS */
289
290 return &this->public;
291 }