b396c6a921256f9f95cac22086000bdae92a0ab4
[strongswan.git] / src / libstrongswan / utils / capabilities.c
1 /*
2 * Copyright (C) 2012 Martin Willi
3 * Copyright (C) 2012 revosec AG
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "capabilities.h"
17
18 #include <errno.h>
19 #include <string.h>
20 #include <sys/types.h>
21 #include <pwd.h>
22 #include <grp.h>
23 #include <unistd.h>
24 #ifdef HAVE_PRCTL
25 # include <sys/prctl.h>
26 #endif /* HAVE_PRCTL */
27
28 #include <debug.h>
29
30 typedef struct private_capabilities_t private_capabilities_t;
31
32 /**
33 * Private data of an capabilities_t object.
34 */
35 struct private_capabilities_t {
36
37 /**
38 * Public capabilities_t interface.
39 */
40 capabilities_t public;
41
42 /**
43 * user ID to switch during rights dropping
44 */
45 uid_t uid;
46
47 /**
48 * group ID to switch during rights dropping
49 */
50 gid_t gid;
51
52 /**
53 * capabilities to keep
54 */
55 #ifdef CAPABILITIES_LIBCAP
56 cap_t caps;
57 #endif /* CAPABILITIES_LIBCAP */
58 #ifdef CAPABILITIES_NATIVE
59 struct __user_cap_data_struct caps[2];
60 #endif /* CAPABILITIES_NATIVE */
61 };
62
63 METHOD(capabilities_t, keep, void,
64 private_capabilities_t *this, u_int cap)
65 {
66 #ifdef CAPABILITIES_LIBCAP
67 cap_set_flag(this->caps, CAP_EFFECTIVE, 1, &cap, CAP_SET);
68 cap_set_flag(this->caps, CAP_INHERITABLE, 1, &cap, CAP_SET);
69 cap_set_flag(this->caps, CAP_PERMITTED, 1, &cap, CAP_SET);
70 #endif /* CAPABILITIES_LIBCAP */
71 #ifdef CAPABILITIES_NATIVE
72 int i = 0;
73
74 if (cap >= 32)
75 {
76 i++;
77 cap -= 32;
78 }
79 this->caps[i].effective |= 1 << cap;
80 this->caps[i].permitted |= 1 << cap;
81 this->caps[i].inheritable |= 1 << cap;
82 #endif /* CAPABILITIES_NATIVE */
83 }
84
85 METHOD(capabilities_t, get_uid, uid_t,
86 private_capabilities_t *this)
87 {
88 return this->uid;
89 }
90
91 METHOD(capabilities_t, get_gid, gid_t,
92 private_capabilities_t *this)
93 {
94 return this->gid;
95 }
96
97 METHOD(capabilities_t, set_uid, void,
98 private_capabilities_t *this, uid_t uid)
99 {
100 this->uid = uid;
101 }
102
103 METHOD(capabilities_t, set_gid, void,
104 private_capabilities_t *this, gid_t gid)
105 {
106 this->gid = gid;
107 }
108
109 METHOD(capabilities_t, resolve_uid, bool,
110 private_capabilities_t *this, char *username)
111 {
112 const char *errstr = "user not found";
113 struct passwd passwd, *pwp;
114 char buf[1024];
115 int err;
116
117 err = getpwnam_r(username, &passwd, buf, sizeof(buf), &pwp);
118 if (pwp == NULL)
119 {
120 if (err)
121 {
122 errstr = strerror(err);
123 }
124 DBG1(DBG_LIB, "resolving user '%s' failed: %s", username, errstr);
125 return FALSE;
126 }
127 this->uid = pwp->pw_uid;
128 return TRUE;
129 }
130
131 METHOD(capabilities_t, resolve_gid, bool,
132 private_capabilities_t *this, char *groupname)
133 {
134 const char *errstr = "group not found";
135 struct group group, *grp;
136 char buf[1024];
137 int err;
138
139 err = getgrnam_r(groupname, &group, buf, sizeof(buf), &grp);
140 if (grp == NULL)
141 {
142 if (err)
143 {
144 errstr = strerror(err);
145 }
146 DBG1(DBG_LIB, "resolving user '%s' failed: %s", groupname, errstr);
147 return FALSE;
148 }
149 this->gid = grp->gr_gid;
150 return TRUE;
151 }
152
153 METHOD(capabilities_t, drop, bool,
154 private_capabilities_t *this)
155 {
156 #ifdef HAVE_PRCTL
157 prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);
158 #endif
159
160 if (this->gid && setgid(this->gid) != 0)
161 {
162 DBG1(DBG_LIB, "change to unprivileged group %u failed: %s",
163 this->gid, strerror(errno));
164 return FALSE;
165 }
166 if (this->uid && setuid(this->uid) != 0)
167 {
168 DBG1(DBG_LIB, "change to unprivileged user %u failed: %s",
169 this->uid, strerror(errno));
170 return FALSE;
171 }
172
173 #ifdef CAPABILITIES_LIBCAP
174 if (cap_set_proc(this->caps) != 0)
175 {
176 DBG1(DBG_LIB, "dropping capabilities failed: %s", strerror(errno));
177 return FALSE;
178 }
179 #endif /* CAPABILITIES_LIBCAP */
180 #ifdef CAPABILITIES_NATIVE
181 struct __user_cap_header_struct header = {
182 #if defined(_LINUX_CAPABILITY_VERSION_3)
183 .version = _LINUX_CAPABILITY_VERSION_3,
184 #elif defined(_LINUX_CAPABILITY_VERSION_2)
185 .version = _LINUX_CAPABILITY_VERSION_2,
186 #elif defined(_LINUX_CAPABILITY_VERSION_1)
187 .version = _LINUX_CAPABILITY_VERSION_1,
188 #else
189 .version = _LINUX_CAPABILITY_VERSION,
190 #endif
191 };
192 if (capset(&header, this->caps) != 0)
193 {
194 DBG1(DBG_LIB, "dropping capabilities failed: %s", strerror(errno));
195 return FALSE;
196 }
197 #endif /* CAPABILITIES_NATIVE */
198 #ifdef CAPABILITIES
199 DBG1(DBG_LIB, "dropped capabilities, running as uid %u, gid %u",
200 this->uid, this->gid);
201 #endif /* CAPABILITIES */
202 return TRUE;
203 }
204
205 METHOD(capabilities_t, destroy, void,
206 private_capabilities_t *this)
207 {
208 #ifdef CAPABILITIES_LIBCAP
209 cap_free(this->caps);
210 #endif /* CAPABILITIES_LIBCAP */
211 free(this);
212 }
213
214 /**
215 * See header
216 */
217 capabilities_t *capabilities_create()
218 {
219 private_capabilities_t *this;
220
221 INIT(this,
222 .public = {
223 .keep = _keep,
224 .get_uid = _get_uid,
225 .get_gid = _get_gid,
226 .set_uid = _set_uid,
227 .set_gid = _set_gid,
228 .resolve_uid = _resolve_uid,
229 .resolve_gid = _resolve_gid,
230 .drop = _drop,
231 .destroy = _destroy,
232 },
233 );
234
235 #ifdef CAPABILITIES
236 #ifdef CAPABILITIES_LIBCAP
237 this->caps = cap_init();
238 #endif /* CAPABILITIES_LIBCAP */
239 if (lib->leak_detective)
240 {
241 keep(this, CAP_SYS_NICE);
242 }
243 #endif /* CAPABILITIES */
244
245 return &this->public;
246 }