xref: /illumos-gate/usr/src/cmd/gss/gssd/gssd_getuid.c (revision 4eaa471005973e11a6110b69fe990530b3b95a38)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 /*
27  *  Routines to set gssd value of uid and replace getuid libsys call.
28  */
29 
30 #include <sys/types.h>
31 #include <unistd.h>
32 #include <stdio.h>
33 #include <stdlib.h>
34 #include <libintl.h>
35 #include <priv.h>
36 #include <errno.h>
37 #include <syslog.h>
38 
39 static uid_t krb5_cc_uid;
40 #define	LOWPRIVS	"basic,!file_link_any,!proc_info,!proc_session," \
41 			"!proc_fork,!proc_exec"
42 
43 static priv_set_t *lowprivs = NULL;
44 static priv_set_t *highprivs = NULL;
45 
46 /*
47  * NOTE WELL: This assumes gssd is NOT multi-threaded.  Do NOT add -A to
48  * the rpcgen argument list in the Makefile unless you also remove this
49  * assumption.
50  */
51 
52 void
53 set_gssd_uid(uid_t uid)
54 {
55 	/* Initialize */
56 	if (lowprivs == NULL) {
57 		/* L, P & I shall not change in gssd; we manipulate P though */
58 		if ((highprivs = priv_allocset()) == NULL ||
59 		    (lowprivs = priv_str_to_set(LOWPRIVS, ",", NULL)) == NULL) {
60 			printf(gettext(
61 			    "fatal: can't allocate privilege set (%s)\n"),
62 			    strerror(ENOMEM));
63 			syslog(LOG_ERR, "Fatal: can't allocate privilege "
64 			    "set (%s)"), strerror(ENOMEM);
65 			exit(1);
66 		}
67 		/* P has the privs we need when we need privs */
68 		(void) getppriv(PRIV_PERMITTED, highprivs);
69 
70 		/*
71 		 * In case "basic" grows privs not excluded in LOWPRIVS
72 		 * but excluded in the service's method_context
73 		 */
74 		priv_intersect(highprivs, lowprivs);
75 
76 		(void) setpflags(PRIV_AWARE, 1);
77 	}
78 
79 	printf(gettext("set_gssd_uid called with uid = %d\n"), uid);
80 
81 	/*
82 	 * nfsd runs as UID 1, so upcalls triggered by nfsd will cause uid to
83 	 * 1 here, but nfsd's upcalls need to run as root with privs here.
84 	 */
85 	if (uid == 1)
86 		uid = 0;
87 
88 	/*
89 	 * Set the value of krb5_cc_uid, so it can be retrieved when
90 	 * app_krb5_user_uid() is called by the underlying mechanism
91 	 * libraries.  This should go away soon.
92 	 */
93 	krb5_cc_uid = uid;
94 
95 	/* Claw privs back */
96 	(void) setppriv(PRIV_SET, PRIV_EFFECTIVE, highprivs);
97 
98 	/*
99 	 * Switch uid and set the saved set-uid to 0 so setuid(0) will work
100 	 * later.
101 	 */
102 	if (setuid(0) != 0 ||
103 	    (uid != 0 && setreuid(uid, -1) != 0) ||
104 	    (uid != 0 && seteuid(uid) != 0)) {
105 
106 		/* Not enough privs, so bail! */
107 		printf(gettext(
108 		    "fatal: gssd is running with insufficient privilege\n"));
109 		syslog(LOG_ERR, "Fatal: gssd is running with insufficient "
110 		    "privilege.");
111 		exit(1);
112 	}
113 
114 	/* Temporarily drop privs, but only if uid != 0 */
115 	if (uid != 0)
116 		(void) setppriv(PRIV_SET, PRIV_EFFECTIVE, lowprivs);
117 }
118 
119 uid_t
120 app_krb5_user_uid(void)
121 {
122 	/*
123 	 * return the value set when one of the gssd procedures was
124 	 * entered. This is the value of the uid under which the
125 	 * underlying mechanism library must operate in order to
126 	 * get the user's credentials. This call is necessary since
127 	 * gssd runs as root and credentials are many times stored
128 	 * in files and directories specific to the user
129 	 */
130 	printf(gettext(
131 	    "getuid called and returning krb5_cc_uid = %d\n"), krb5_cc_uid);
132 	return (krb5_cc_uid);
133 }
134