xref: /freebsd/contrib/dma/dma-mbox-create.c (revision ab40f58ccfe6c07ebefddc72f4661a52fe746353)
1 /*
2  * Copyright (c) 2010-2014, Simon Schubert <2@0x2c.org>.
3  * Copyright (c) 2008 The DragonFly Project.  All rights reserved.
4  *
5  * This code is derived from software contributed to The DragonFly Project
6  * by Simon Schubert <2@0x2c.org>.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in
16  *    the documentation and/or other materials provided with the
17  *    distribution.
18  * 3. Neither the name of The DragonFly Project nor the names of its
19  *    contributors may be used to endorse or promote products derived
20  *    from this software without specific, prior written permission.
21  *
22  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
25  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE
26  * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
27  * INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES (INCLUDING,
28  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
29  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
30  * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
31  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
32  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33  * SUCH DAMAGE.
34  */
35 
36 /*
37  * This binary is setuid root.  Use extreme caution when touching
38  * user-supplied information.  Keep the root window as small as possible.
39  */
40 
41 #ifdef __FreeBSD__
42 #define	USE_CAPSICUM	1
43 #endif
44 
45 #include <sys/param.h>
46 #if USE_CAPSICUM
47 #include <sys/capsicum.h>
48 #endif
49 #include <sys/stat.h>
50 
51 #include <capsicum_helpers.h>
52 #include <err.h>
53 #include <errno.h>
54 #include <fcntl.h>
55 #include <grp.h>
56 #include <paths.h>
57 #include <pwd.h>
58 #include <stdio.h>
59 #include <syslog.h>
60 #include <unistd.h>
61 
62 #include "dma.h"
63 
64 
65 static void
66 logfail(int exitcode, const char *fmt, ...)
67 {
68 	int oerrno = errno;
69 	va_list ap;
70 	char outs[1024];
71 
72 	outs[0] = 0;
73 	if (fmt != NULL) {
74 		va_start(ap, fmt);
75 		vsnprintf(outs, sizeof(outs), fmt, ap);
76 		va_end(ap);
77 	}
78 
79 	errno = oerrno;
80 	if (*outs != 0)
81 		syslog(LOG_ERR, errno ? "%s: %m" : "%s", outs);
82 	else
83 		syslog(LOG_ERR, errno ? "%m" : "unknown error");
84 
85 	exit(exitcode);
86 }
87 
88 /*
89  * Create a mbox in /var/mail for a given user, or make sure
90  * the permissions are correct for dma.
91  */
92 
93 int
94 main(int argc, char **argv)
95 {
96 #if USE_CAPSICUM
97 	cap_rights_t rights;
98 #endif
99 	const char *user;
100 	struct passwd *pw;
101 	struct group *gr;
102 	uid_t user_uid;
103 	gid_t mail_gid;
104 	int f, maildirfd;
105 
106 	/*
107 	 * Open log fd now for capability sandbox.
108 	 */
109 	openlog("dma-mbox-create", LOG_NDELAY, LOG_MAIL);
110 
111 	errno = 0;
112 	gr = getgrnam(DMA_GROUP);
113 	if (!gr)
114 		logfail(EX_CONFIG, "cannot find dma group `%s'", DMA_GROUP);
115 
116 	mail_gid = gr->gr_gid;
117 
118 	if (setgid(mail_gid) != 0)
119 		logfail(EX_NOPERM, "cannot set gid to %d (%s)", mail_gid, DMA_GROUP);
120 	if (getegid() != mail_gid)
121 		logfail(EX_NOPERM, "cannot set gid to %d (%s), still at %d", mail_gid, DMA_GROUP, getegid());
122 
123 	/*
124 	 * We take exactly one argument: the username.
125 	 */
126 	if (argc != 2) {
127 		errno = 0;
128 		logfail(EX_USAGE, "no arguments");
129 	}
130 	user = argv[1];
131 
132 	syslog(LOG_NOTICE, "creating mbox for `%s'", user);
133 
134 	/* the username may not contain a pathname separator */
135 	if (strchr(user, '/')) {
136 		errno = 0;
137 		logfail(EX_DATAERR, "path separator in username `%s'", user);
138 		exit(1);
139 	}
140 
141 	/* verify the user exists */
142 	errno = 0;
143 	pw = getpwnam(user);
144 	if (!pw)
145 		logfail(EX_NOUSER, "cannot find user `%s'", user);
146 
147 	maildirfd = open(_PATH_MAILDIR, O_RDONLY);
148 	if (maildirfd < 0)
149 		logfail(EX_NOINPUT, "cannot open maildir %s", _PATH_MAILDIR);
150 
151 	/*
152 	 * Cache NLS data, for strerror, for err(3), before entering capability
153 	 * mode.
154 	 */
155 	caph_cache_catpages();
156 
157 	/*
158 	 * Cache local time before entering Capsicum capability sandbox.
159 	 */
160 	caph_cache_tzdata();
161 
162 #if USE_CAPSICUM
163 	cap_rights_init(&rights, CAP_CREATE, CAP_FCHMOD, CAP_FCHOWN,
164 	    CAP_LOOKUP, CAP_READ);
165 	if (cap_rights_limit(maildirfd, &rights) < 0 && errno != ENOSYS)
166 		err(EX_OSERR, "can't limit maildirfd rights");
167 
168 	/* Enter Capsicum capability sandbox */
169 	if (caph_enter() < 0)
170 		err(EX_OSERR, "cap_enter");
171 #endif
172 
173 	user_uid = pw->pw_uid;
174 
175 	f = openat(maildirfd, user, O_RDONLY|O_CREAT|O_NOFOLLOW, 0600);
176 	if (f < 0)
177 		logfail(EX_NOINPUT, "cannot open mbox `%s'", user);
178 
179 	if (fchown(f, user_uid, mail_gid))
180 		logfail(EX_OSERR, "cannot change owner of mbox `%s'", user);
181 
182 	if (fchmod(f, 0620))
183 		logfail(EX_OSERR, "cannot change permissions of mbox `%s'",
184 		    user);
185 
186 	/* file should be present with the right owner and permissions */
187 
188 	syslog(LOG_NOTICE, "successfully created mbox for `%s'", user);
189 
190 	return (0);
191 }
192