1 /*
2 * Copyright (c) 2006 Darren Tucker. All rights reserved.
3 *
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */
16
17 #include "includes.h"
18
19 #include <stdarg.h>
20 #include <stdio.h>
21 #include <string.h>
22 #include <unistd.h>
23
24 #include "log.h"
25 #include "misc.h"
26 #include "servconf.h"
27 #include "sshkey.h"
28 #include "hostfile.h"
29 #include "auth.h"
30 #include "auth-pam.h"
31 #include "platform.h"
32
33 #include "openbsd-compat/openbsd-compat.h"
34
35 extern ServerOptions options;
36
37 /* return 1 if we are running with privilege to swap UIDs, 0 otherwise */
38 int
platform_privileged_uidswap(void)39 platform_privileged_uidswap(void)
40 {
41 #ifdef HAVE_CYGWIN
42 /* uid 0 is not special on Cygwin so always try */
43 return 1;
44 #else
45 return (getuid() == 0 || geteuid() == 0);
46 #endif
47 }
48
49 /*
50 * This gets called before switching UIDs, and is called even when sshd is
51 * not running as root.
52 */
53 void
platform_setusercontext(struct passwd * pw)54 platform_setusercontext(struct passwd *pw)
55 {
56 #ifdef WITH_SELINUX
57 /* Cache selinux status for later use */
58 (void)ssh_selinux_enabled();
59 #endif
60
61 #ifdef USE_SOLARIS_PROJECTS
62 /*
63 * If solaris projects were detected, set the default now, unless
64 * we are using PAM in which case it is the responsibility of the
65 * PAM stack.
66 */
67 if (!options.use_pam && (getuid() == 0 || geteuid() == 0))
68 solaris_set_default_project(pw);
69 #endif
70
71 #if defined(HAVE_LOGIN_CAP) && defined (__bsdi__)
72 if (getuid() == 0 || geteuid() == 0)
73 setpgid(0, 0);
74 # endif
75
76 #if defined(HAVE_LOGIN_CAP) && defined(USE_PAM)
77 /*
78 * If we have both LOGIN_CAP and PAM, we want to establish creds
79 * before calling setusercontext (in session.c:do_setusercontext).
80 */
81 if (getuid() == 0 || geteuid() == 0) {
82 if (options.use_pam) {
83 do_pam_setcred();
84 }
85 }
86 # endif /* USE_PAM */
87
88 #if !defined(HAVE_LOGIN_CAP) && defined(HAVE_GETLUID) && defined(HAVE_SETLUID)
89 if (getuid() == 0 || geteuid() == 0) {
90 /* Sets login uid for accounting */
91 if (getluid() == -1 && setluid(pw->pw_uid) == -1)
92 error("setluid: %s", strerror(errno));
93 }
94 #endif
95 }
96
97 /*
98 * This gets called after we've established the user's groups, and is only
99 * called if sshd is running as root.
100 */
101 void
platform_setusercontext_post_groups(struct passwd * pw)102 platform_setusercontext_post_groups(struct passwd *pw)
103 {
104 #if !defined(HAVE_LOGIN_CAP) && defined(USE_PAM)
105 /*
106 * PAM credentials may take the form of supplementary groups.
107 * These will have been wiped by the above initgroups() call.
108 * Reestablish them here.
109 */
110 if (options.use_pam) {
111 do_pam_setcred();
112 }
113 #endif /* USE_PAM */
114
115 #if !defined(HAVE_LOGIN_CAP) && (defined(WITH_IRIX_PROJECT) || \
116 defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY))
117 irix_setusercontext(pw);
118 #endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */
119
120 #ifdef _AIX
121 aix_usrinfo(pw);
122 #endif /* _AIX */
123
124 #ifdef HAVE_SETPCRED
125 /*
126 * If we have a chroot directory, we set all creds except real
127 * uid which we will need for chroot. If we don't have a
128 * chroot directory, we don't override anything.
129 */
130 {
131 char **creds = NULL, *chroot_creds[] =
132 { "REAL_USER=root", NULL };
133
134 if (options.chroot_directory != NULL &&
135 strcasecmp(options.chroot_directory, "none") != 0)
136 creds = chroot_creds;
137
138 if (setpcred(pw->pw_name, creds) == -1)
139 fatal("Failed to set process credentials");
140 }
141 #endif /* HAVE_SETPCRED */
142 #ifdef WITH_SELINUX
143 ssh_selinux_setup_exec_context(pw->pw_name);
144 #endif
145 }
146
147 char *
platform_krb5_get_principal_name(const char * pw_name)148 platform_krb5_get_principal_name(const char *pw_name)
149 {
150 #ifdef USE_AIX_KRB_NAME
151 return aix_krb5_get_principal_name(pw_name);
152 #else
153 return NULL;
154 #endif
155 }
156
157 /* returns 1 if account is locked */
158 int
platform_locked_account(struct passwd * pw)159 platform_locked_account(struct passwd *pw)
160 {
161 int locked = 0;
162 char *passwd = pw->pw_passwd;
163 #ifdef USE_SHADOW
164 struct spwd *spw = NULL;
165 #ifdef USE_LIBIAF
166 char *iaf_passwd = NULL;
167 #endif
168
169 spw = getspnam(pw->pw_name);
170 #ifdef HAS_SHADOW_EXPIRE
171 if (spw != NULL && auth_shadow_acctexpired(spw))
172 return 1;
173 #endif /* HAS_SHADOW_EXPIRE */
174
175 if (spw != NULL)
176 #ifdef USE_LIBIAF
177 iaf_passwd = passwd = get_iaf_password(pw);
178 #else
179 passwd = spw->sp_pwdp;
180 #endif /* USE_LIBIAF */
181 #endif
182
183 /* check for locked account */
184 if (passwd && *passwd) {
185 #ifdef LOCKED_PASSWD_STRING
186 if (strcmp(passwd, LOCKED_PASSWD_STRING) == 0)
187 locked = 1;
188 #endif
189 #ifdef LOCKED_PASSWD_PREFIX
190 if (strncmp(passwd, LOCKED_PASSWD_PREFIX,
191 strlen(LOCKED_PASSWD_PREFIX)) == 0)
192 locked = 1;
193 #endif
194 #ifdef LOCKED_PASSWD_SUBSTR
195 if (strstr(passwd, LOCKED_PASSWD_SUBSTR))
196 locked = 1;
197 #endif
198 }
199 #ifdef USE_LIBIAF
200 if (iaf_passwd != NULL)
201 freezero(iaf_passwd, strlen(iaf_passwd));
202 #endif /* USE_LIBIAF */
203
204 return locked;
205 }
206