1 /* 2 * Copyright (c) 2010-2014, Simon Schubert <2@0x2c.org>. 3 * Copyright (c) 2008 The DragonFly Project. All rights reserved. 4 * 5 * This code is derived from software contributed to The DragonFly Project 6 * by Simon Schubert <2@0x2c.org>. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in 16 * the documentation and/or other materials provided with the 17 * distribution. 18 * 3. Neither the name of The DragonFly Project nor the names of its 19 * contributors may be used to endorse or promote products derived 20 * from this software without specific, prior written permission. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 24 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 25 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 26 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 27 * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING, 28 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 29 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 30 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 31 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 32 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36 /* 37 * This binary is setuid root. Use extreme caution when touching 38 * user-supplied information. Keep the root window as small as possible. 39 */ 40 41 #ifdef __FreeBSD__ 42 #define USE_CAPSICUM 1 43 #endif 44 45 #include <sys/param.h> 46 #if USE_CAPSICUM 47 #include <sys/capsicum.h> 48 #endif 49 #include <sys/stat.h> 50 51 #include <capsicum_helpers.h> 52 #include <err.h> 53 #include <errno.h> 54 #include <fcntl.h> 55 #include <grp.h> 56 #include <paths.h> 57 #include <pwd.h> 58 #include <stdio.h> 59 #include <syslog.h> 60 #include <unistd.h> 61 62 #include "dma.h" 63 64 65 static void 66 logfail(int exitcode, const char *fmt, ...) 67 { 68 int oerrno = errno; 69 va_list ap; 70 char outs[1024]; 71 72 outs[0] = 0; 73 if (fmt != NULL) { 74 va_start(ap, fmt); 75 vsnprintf(outs, sizeof(outs), fmt, ap); 76 va_end(ap); 77 } 78 79 errno = oerrno; 80 if (*outs != 0) 81 syslog(LOG_ERR, errno ? "%s: %m" : "%s", outs); 82 else 83 syslog(LOG_ERR, errno ? "%m" : "unknown error"); 84 85 exit(exitcode); 86 } 87 88 /* 89 * Create a mbox in /var/mail for a given user, or make sure 90 * the permissions are correct for dma. 91 */ 92 93 int 94 main(int argc, char **argv) 95 { 96 #if USE_CAPSICUM 97 cap_rights_t rights; 98 #endif 99 const char *user; 100 struct passwd *pw; 101 struct group *gr; 102 uid_t user_uid; 103 gid_t mail_gid; 104 int f, maildirfd; 105 106 /* 107 * Open log fd now for capability sandbox. 108 */ 109 openlog("dma-mbox-create", LOG_NDELAY, LOG_MAIL); 110 111 errno = 0; 112 gr = getgrnam(DMA_GROUP); 113 if (!gr) 114 logfail(EX_CONFIG, "cannot find dma group `%s'", DMA_GROUP); 115 116 mail_gid = gr->gr_gid; 117 118 if (setgid(mail_gid) != 0) 119 logfail(EX_NOPERM, "cannot set gid to %d (%s)", mail_gid, DMA_GROUP); 120 if (getegid() != mail_gid) 121 logfail(EX_NOPERM, "cannot set gid to %d (%s), still at %d", mail_gid, DMA_GROUP, getegid()); 122 123 /* 124 * We take exactly one argument: the username. 125 */ 126 if (argc != 2) { 127 errno = 0; 128 logfail(EX_USAGE, "no arguments"); 129 } 130 user = argv[1]; 131 132 syslog(LOG_NOTICE, "creating mbox for `%s'", user); 133 134 /* the username may not contain a pathname separator */ 135 if (strchr(user, '/')) { 136 errno = 0; 137 logfail(EX_DATAERR, "path separator in username `%s'", user); 138 exit(1); 139 } 140 141 /* verify the user exists */ 142 errno = 0; 143 pw = getpwnam(user); 144 if (!pw) 145 logfail(EX_NOUSER, "cannot find user `%s'", user); 146 147 maildirfd = open(_PATH_MAILDIR, O_RDONLY); 148 if (maildirfd < 0) 149 logfail(EX_NOINPUT, "cannot open maildir %s", _PATH_MAILDIR); 150 151 /* 152 * Cache NLS data, for strerror, for err(3), before entering capability 153 * mode. 154 */ 155 caph_cache_catpages(); 156 157 /* 158 * Cache local time before entering Capsicum capability sandbox. 159 */ 160 caph_cache_tzdata(); 161 162 #if USE_CAPSICUM 163 cap_rights_init(&rights, CAP_CREATE, CAP_FCHMOD, CAP_FCHOWN, 164 CAP_LOOKUP, CAP_READ); 165 if (cap_rights_limit(maildirfd, &rights) < 0 && errno != ENOSYS) 166 err(EX_OSERR, "can't limit maildirfd rights"); 167 168 /* Enter Capsicum capability sandbox */ 169 if (caph_enter() < 0) 170 err(EX_OSERR, "cap_enter"); 171 #endif 172 173 user_uid = pw->pw_uid; 174 175 f = openat(maildirfd, user, O_RDONLY|O_CREAT|O_NOFOLLOW, 0600); 176 if (f < 0) 177 logfail(EX_NOINPUT, "cannot open mbox `%s'", user); 178 179 if (fchown(f, user_uid, mail_gid)) 180 logfail(EX_OSERR, "cannot change owner of mbox `%s'", user); 181 182 if (fchmod(f, 0620)) 183 logfail(EX_OSERR, "cannot change permissions of mbox `%s'", 184 user); 185 186 /* file should be present with the right owner and permissions */ 187 188 syslog(LOG_NOTICE, "successfully created mbox for `%s'", user); 189 190 return (0); 191 } 192