1 /* $Id: port-linux.c,v 1.11.4.3 2011/02/06 02:24:17 dtucker Exp $ */ 2 3 /* 4 * Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com> 5 * Copyright (c) 2006 Damien Miller <djm@openbsd.org> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 /* 21 * Linux-specific portability code - just SELinux support at present 22 */ 23 24 #include "includes.h" 25 26 #if defined(WITH_SELINUX) || defined(LINUX_OOM_ADJUST) 27 #include <errno.h> 28 #include <stdarg.h> 29 #include <string.h> 30 #include <stdio.h> 31 32 #include "log.h" 33 #include "xmalloc.h" 34 #include "port-linux.h" 35 36 #ifdef WITH_SELINUX 37 #include <selinux/selinux.h> 38 #include <selinux/flask.h> 39 #include <selinux/get_context_list.h> 40 41 /* Wrapper around is_selinux_enabled() to log its return value once only */ 42 int 43 ssh_selinux_enabled(void) 44 { 45 static int enabled = -1; 46 47 if (enabled == -1) { 48 enabled = (is_selinux_enabled() == 1); 49 debug("SELinux support %s", enabled ? "enabled" : "disabled"); 50 } 51 52 return (enabled); 53 } 54 55 /* Return the default security context for the given username */ 56 static security_context_t 57 ssh_selinux_getctxbyname(char *pwname) 58 { 59 security_context_t sc; 60 char *sename = NULL, *lvl = NULL; 61 int r; 62 63 #ifdef HAVE_GETSEUSERBYNAME 64 if (getseuserbyname(pwname, &sename, &lvl) != 0) 65 return NULL; 66 #else 67 sename = pwname; 68 lvl = NULL; 69 #endif 70 71 #ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL 72 r = get_default_context_with_level(sename, lvl, NULL, &sc); 73 #else 74 r = get_default_context(sename, NULL, &sc); 75 #endif 76 77 if (r != 0) { 78 switch (security_getenforce()) { 79 case -1: 80 fatal("%s: ssh_selinux_getctxbyname: " 81 "security_getenforce() failed", __func__); 82 case 0: 83 error("%s: Failed to get default SELinux security " 84 "context for %s", __func__, pwname); 85 break; 86 default: 87 fatal("%s: Failed to get default SELinux security " 88 "context for %s (in enforcing mode)", 89 __func__, pwname); 90 } 91 } 92 93 #ifdef HAVE_GETSEUSERBYNAME 94 if (sename != NULL) 95 xfree(sename); 96 if (lvl != NULL) 97 xfree(lvl); 98 #endif 99 100 return (sc); 101 } 102 103 /* Set the execution context to the default for the specified user */ 104 void 105 ssh_selinux_setup_exec_context(char *pwname) 106 { 107 security_context_t user_ctx = NULL; 108 109 if (!ssh_selinux_enabled()) 110 return; 111 112 debug3("%s: setting execution context", __func__); 113 114 user_ctx = ssh_selinux_getctxbyname(pwname); 115 if (setexeccon(user_ctx) != 0) { 116 switch (security_getenforce()) { 117 case -1: 118 fatal("%s: security_getenforce() failed", __func__); 119 case 0: 120 error("%s: Failed to set SELinux execution " 121 "context for %s", __func__, pwname); 122 break; 123 default: 124 fatal("%s: Failed to set SELinux execution context " 125 "for %s (in enforcing mode)", __func__, pwname); 126 } 127 } 128 if (user_ctx != NULL) 129 freecon(user_ctx); 130 131 debug3("%s: done", __func__); 132 } 133 134 /* Set the TTY context for the specified user */ 135 void 136 ssh_selinux_setup_pty(char *pwname, const char *tty) 137 { 138 security_context_t new_tty_ctx = NULL; 139 security_context_t user_ctx = NULL; 140 security_context_t old_tty_ctx = NULL; 141 142 if (!ssh_selinux_enabled()) 143 return; 144 145 debug3("%s: setting TTY context on %s", __func__, tty); 146 147 user_ctx = ssh_selinux_getctxbyname(pwname); 148 149 /* XXX: should these calls fatal() upon failure in enforcing mode? */ 150 151 if (getfilecon(tty, &old_tty_ctx) == -1) { 152 error("%s: getfilecon: %s", __func__, strerror(errno)); 153 goto out; 154 } 155 156 if (security_compute_relabel(user_ctx, old_tty_ctx, 157 SECCLASS_CHR_FILE, &new_tty_ctx) != 0) { 158 error("%s: security_compute_relabel: %s", 159 __func__, strerror(errno)); 160 goto out; 161 } 162 163 if (setfilecon(tty, new_tty_ctx) != 0) 164 error("%s: setfilecon: %s", __func__, strerror(errno)); 165 out: 166 if (new_tty_ctx != NULL) 167 freecon(new_tty_ctx); 168 if (old_tty_ctx != NULL) 169 freecon(old_tty_ctx); 170 if (user_ctx != NULL) 171 freecon(user_ctx); 172 debug3("%s: done", __func__); 173 } 174 175 void 176 ssh_selinux_change_context(const char *newname) 177 { 178 int len, newlen; 179 char *oldctx, *newctx, *cx; 180 181 if (!ssh_selinux_enabled()) 182 return; 183 184 if (getcon((security_context_t *)&oldctx) < 0) { 185 logit("%s: getcon failed with %s", __func__, strerror (errno)); 186 return; 187 } 188 if ((cx = index(oldctx, ':')) == NULL || (cx = index(cx + 1, ':')) == 189 NULL) { 190 logit ("%s: unparseable context %s", __func__, oldctx); 191 return; 192 } 193 194 newlen = strlen(oldctx) + strlen(newname) + 1; 195 newctx = xmalloc(newlen); 196 len = cx - oldctx + 1; 197 memcpy(newctx, oldctx, len); 198 strlcpy(newctx + len, newname, newlen - len); 199 if ((cx = index(cx + 1, ':'))) 200 strlcat(newctx, cx, newlen); 201 debug3("%s: setting context from '%s' to '%s'", __func__, oldctx, 202 newctx); 203 if (setcon(newctx) < 0) 204 logit("%s: setcon failed with %s", __func__, strerror (errno)); 205 xfree(oldctx); 206 xfree(newctx); 207 } 208 209 void 210 ssh_selinux_setfscreatecon(const char *path) 211 { 212 security_context_t context; 213 214 if (!ssh_selinux_enabled()) 215 return; 216 if (path == NULL) { 217 setfscreatecon(NULL); 218 return; 219 } 220 if (matchpathcon(path, 0700, &context) == 0) 221 setfscreatecon(context); 222 } 223 224 #endif /* WITH_SELINUX */ 225 226 #ifdef LINUX_OOM_ADJUST 227 /* 228 * The magic "don't kill me" values, old and new, as documented in eg: 229 * http://lxr.linux.no/#linux+v2.6.32/Documentation/filesystems/proc.txt 230 * http://lxr.linux.no/#linux+v2.6.36/Documentation/filesystems/proc.txt 231 */ 232 233 static int oom_adj_save = INT_MIN; 234 static char *oom_adj_path = NULL; 235 struct { 236 char *path; 237 int value; 238 } oom_adjust[] = { 239 {"/proc/self/oom_score_adj", -1000}, /* kernels >= 2.6.36 */ 240 {"/proc/self/oom_adj", -17}, /* kernels <= 2.6.35 */ 241 {NULL, 0}, 242 }; 243 244 /* 245 * Tell the kernel's out-of-memory killer to avoid sshd. 246 * Returns the previous oom_adj value or zero. 247 */ 248 void 249 oom_adjust_setup(void) 250 { 251 int i, value; 252 FILE *fp; 253 254 debug3("%s", __func__); 255 for (i = 0; oom_adjust[i].path != NULL; i++) { 256 oom_adj_path = oom_adjust[i].path; 257 value = oom_adjust[i].value; 258 if ((fp = fopen(oom_adj_path, "r+")) != NULL) { 259 if (fscanf(fp, "%d", &oom_adj_save) != 1) 260 verbose("error reading %s: %s", oom_adj_path, 261 strerror(errno)); 262 else { 263 rewind(fp); 264 if (fprintf(fp, "%d\n", value) <= 0) 265 verbose("error writing %s: %s", 266 oom_adj_path, strerror(errno)); 267 else 268 verbose("Set %s from %d to %d", 269 oom_adj_path, oom_adj_save, value); 270 } 271 fclose(fp); 272 return; 273 } 274 } 275 oom_adj_path = NULL; 276 } 277 278 /* Restore the saved OOM adjustment */ 279 void 280 oom_adjust_restore(void) 281 { 282 FILE *fp; 283 284 debug3("%s", __func__); 285 if (oom_adj_save == INT_MIN || oom_adj_path == NULL || 286 (fp = fopen(oom_adj_path, "w")) == NULL) 287 return; 288 289 if (fprintf(fp, "%d\n", oom_adj_save) <= 0) 290 verbose("error writing %s: %s", oom_adj_path, strerror(errno)); 291 else 292 verbose("Set %s to %d", oom_adj_path, oom_adj_save); 293 294 fclose(fp); 295 return; 296 } 297 #endif /* LINUX_OOM_ADJUST */ 298 #endif /* WITH_SELINUX || LINUX_OOM_ADJUST */ 299