xref: /illumos-gate/usr/src/cmd/ptools/ppriv/ppriv.c (revision 89b42a211fa7d3527b9615260f495d22e430c5c5)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
23  *
24  * Program to examine or set process privileges.
25  */
26 
27 #include <stdio.h>
28 #include <stdio_ext.h>
29 #include <stdlib.h>
30 #include <unistd.h>
31 #include <fcntl.h>
32 #include <string.h>
33 #include <limits.h>
34 #include <sys/types.h>
35 #include <libproc.h>
36 #include <priv.h>
37 #include <errno.h>
38 #include <ctype.h>
39 
40 #include <locale.h>
41 #include <langinfo.h>
42 
43 static int	look(char *);
44 static void	perr(char *);
45 static void	usage(void);
46 static void	loadprivinfo(void);
47 static int	parsespec(const char *);
48 static void	privupdate(prpriv_t *, const char *);
49 static void	privupdate_self(void);
50 static int	dumppriv(char **);
51 static void	flags2str(uint_t);
52 
53 static char		*command;
54 static char		*procname;
55 static boolean_t	verb = B_FALSE;
56 static boolean_t	set = B_FALSE;
57 static boolean_t	exec = B_FALSE;
58 static boolean_t	Don = B_FALSE;
59 static boolean_t	Doff = B_FALSE;
60 static boolean_t	list = B_FALSE;
61 static boolean_t	mac_aware = B_FALSE;
62 static boolean_t	pfexec = B_FALSE;
63 static boolean_t	xpol = B_FALSE;
64 static int		mode = PRIV_STR_PORT;
65 
66 int
67 main(int argc, char **argv)
68 {
69 	int rc = 0;
70 	int opt;
71 	struct rlimit rlim;
72 
73 	(void) setlocale(LC_ALL, "");
74 	(void) textdomain(TEXT_DOMAIN);
75 
76 	if ((command = strrchr(argv[0], '/')) != NULL)
77 		command++;
78 	else
79 		command = argv[0];
80 
81 	while ((opt = getopt(argc, argv, "lDMNPevs:xS")) != EOF) {
82 		switch (opt) {
83 		case 'l':
84 			list = B_TRUE;
85 			break;
86 		case 'D':
87 			set = B_TRUE;
88 			Don = B_TRUE;
89 			break;
90 		case 'M':
91 			mac_aware = B_TRUE;
92 			break;
93 		case 'N':
94 			set = B_TRUE;
95 			Doff = B_TRUE;
96 			break;
97 		case 'P':
98 			set = B_TRUE;
99 			pfexec = B_TRUE;
100 			break;
101 		case 'e':
102 			exec = B_TRUE;
103 			break;
104 		case 'S':
105 			mode = PRIV_STR_SHORT;
106 			break;
107 		case 'v':
108 			verb = B_TRUE;
109 			mode = PRIV_STR_LIT;
110 			break;
111 		case 's':
112 			set = B_TRUE;
113 			if ((rc = parsespec(optarg)) != 0)
114 				return (rc);
115 			break;
116 		case 'x':
117 			set = B_TRUE;
118 			xpol = B_TRUE;
119 			break;
120 		default:
121 			usage();
122 			/*NOTREACHED*/
123 		}
124 	}
125 
126 	argc -= optind;
127 	argv += optind;
128 
129 	if ((argc < 1 && !list) || Doff && Don || list && (set || exec) ||
130 	    (mac_aware && !exec))
131 		usage();
132 
133 	/*
134 	 * Make sure we'll have enough file descriptors to handle a target
135 	 * that has many many mappings.
136 	 */
137 	if (getrlimit(RLIMIT_NOFILE, &rlim) == 0) {
138 		rlim.rlim_cur = rlim.rlim_max;
139 		(void) setrlimit(RLIMIT_NOFILE, &rlim);
140 		(void) enable_extended_FILE_stdio(-1, -1);
141 	}
142 
143 	if (exec) {
144 		privupdate_self();
145 		rc = execvp(argv[0], &argv[0]);
146 		(void) fprintf(stderr, "%s: %s: %s\n", command, argv[0],
147 		    strerror(errno));
148 	} else if (list) {
149 		rc = dumppriv(argv);
150 	} else {
151 		while (argc-- > 0)
152 			rc += look(*argv++);
153 	}
154 
155 	return (rc);
156 }
157 
158 static int
159 look(char *arg)
160 {
161 	static size_t pprivsz = sizeof (prpriv_t);
162 	static prpriv_t *ppriv;
163 
164 	struct ps_prochandle *Pr;
165 	int gcode;
166 	size_t sz;
167 	void *pdata;
168 	char *x;
169 	int i;
170 	boolean_t nodata;
171 
172 	procname = arg;		/* for perr() */
173 
174 	if ((Pr = proc_arg_grab(arg, set ? PR_ARG_PIDS : PR_ARG_ANY,
175 	    PGRAB_RETAIN | PGRAB_FORCE | (set ? 0 : PGRAB_RDONLY) |
176 	    PGRAB_NOSTOP, &gcode)) == NULL) {
177 		(void) fprintf(stderr, "%s: cannot examine %s: %s\n",
178 		    command, arg, Pgrab_error(gcode));
179 		return (1);
180 	}
181 
182 	if (ppriv == NULL)
183 		ppriv = malloc(pprivsz);
184 
185 	if (Ppriv(Pr, ppriv, pprivsz) == -1) {
186 		perr(command);
187 		Prelease(Pr, 0);
188 		return (1);
189 	}
190 
191 	sz = PRIV_PRPRIV_SIZE(ppriv);
192 
193 	/*
194 	 * The ppriv fields are unsigned and may overflow, so check them
195 	 * separately.  Size must be word aligned, so check that too.
196 	 * Make sure size is "smallish" too.
197 	 */
198 	if ((sz & 3) || ppriv->pr_nsets == 0 ||
199 	    sz / ppriv->pr_nsets < ppriv->pr_setsize ||
200 	    ppriv->pr_infosize > sz || sz > 1024 * 1024) {
201 		(void) fprintf(stderr,
202 		    "%s: %s: bad PRNOTES section, size = %lx\n",
203 		    command, arg, (long)sz);
204 		Prelease(Pr, 0);
205 		return (1);
206 	}
207 
208 	if (sz > pprivsz) {
209 		ppriv = realloc(ppriv, sz);
210 
211 		if (ppriv == NULL || Ppriv(Pr, ppriv, sz) != sz) {
212 			perr(command);
213 			Prelease(Pr, 0);
214 			return (1);
215 		}
216 		pprivsz = sz;
217 	}
218 
219 	if (set) {
220 		privupdate(ppriv, arg);
221 		if (Psetpriv(Pr, ppriv) != 0) {
222 			perr(command);
223 			Prelease(Pr, 0);
224 			return (1);
225 		}
226 		Prelease(Pr, 0);
227 		return (0);
228 	}
229 
230 	if (Pstate(Pr) == PS_DEAD) {
231 		(void) printf("core '%s' of %d:\t%.70s\n",
232 		    arg, (int)Ppsinfo(Pr)->pr_pid, Ppsinfo(Pr)->pr_psargs);
233 		pdata = Pprivinfo(Pr);
234 		nodata = Pstate(Pr) == PS_DEAD && pdata == NULL;
235 	} else {
236 		(void) printf("%d:\t%.70s\n",
237 		    (int)Ppsinfo(Pr)->pr_pid, Ppsinfo(Pr)->pr_psargs);
238 		pdata = NULL;
239 		nodata = B_FALSE;
240 	}
241 
242 	x = (char *)ppriv + sz - ppriv->pr_infosize;
243 	while (x < (char *)ppriv + sz) {
244 		/* LINTED: alignment */
245 		priv_info_t *pi = (priv_info_t *)x;
246 		priv_info_uint_t *pii;
247 
248 		switch (pi->priv_info_type) {
249 		case PRIV_INFO_FLAGS:
250 			/* LINTED: alignment */
251 			pii = (priv_info_uint_t *)x;
252 			(void) printf("flags =");
253 			flags2str(pii->val);
254 			(void) putchar('\n');
255 			break;
256 		default:
257 			(void) fprintf(stderr, "%s: unknown priv_info: %d\n",
258 			    arg, pi->priv_info_type);
259 			break;
260 		}
261 		if (pi->priv_info_size > ppriv->pr_infosize ||
262 		    pi->priv_info_size <=  sizeof (priv_info_t) ||
263 		    (pi->priv_info_size & 3) != 0) {
264 			(void) fprintf(stderr, "%s: bad priv_info_size: %u\n",
265 			    arg, pi->priv_info_size);
266 			break;
267 		}
268 		x += pi->priv_info_size;
269 	}
270 
271 	for (i = 0; i < ppriv->pr_nsets; i++) {
272 		extern const char *__priv_getsetbynum(const void *, int);
273 		const char *setnm = pdata ? __priv_getsetbynum(pdata, i) :
274 		    priv_getsetbynum(i);
275 		priv_chunk_t *pc =
276 		    (priv_chunk_t *)&ppriv->pr_sets[ppriv->pr_setsize * i];
277 
278 
279 		(void) printf("\t%c: ", setnm && !nodata ? *setnm : '?');
280 		if (!nodata) {
281 			extern char *__priv_set_to_str(void *,
282 			    const priv_set_t *, char, int);
283 			priv_set_t *pset = (priv_set_t *)pc;
284 
285 			char *s;
286 
287 			if (pdata)
288 				s = __priv_set_to_str(pdata, pset, ',', mode);
289 			else
290 				s = priv_set_to_str(pset, ',', mode);
291 			(void) puts(s);
292 			free(s);
293 		} else {
294 			int j;
295 			for (j = 0; j < ppriv->pr_setsize; j++)
296 				(void) printf("%08x", pc[j]);
297 			(void) putchar('\n');
298 		}
299 	}
300 	Prelease(Pr, 0);
301 	return (0);
302 }
303 
304 static void
305 fatal(const char *s)
306 {
307 	(void) fprintf(stderr, "%s: %s: %s\n", command, s, strerror(errno));
308 	exit(3);
309 }
310 
311 static void
312 perr(char *s)
313 {
314 	int err = errno;
315 
316 	if (s != NULL)
317 		(void) fprintf(stderr, "%s: ", procname);
318 	else
319 		s = procname;
320 
321 	errno = err;
322 	perror(s);
323 }
324 
325 static void
326 usage(void)
327 {
328 	(void) fprintf(stderr,
329 	    "usage:\t%s [-v] [-S] [-D|-N] [-s spec] { pid | core } ...\n"
330 	    "\t%s -e [-D|-N] [-M] [-s spec] cmd [args ...]\n"
331 	    "\t%s -l [-v] [privilege ...]\n"
332 	    "  (report, set or list process privileges)\n", command,
333 	    command, command);
334 	exit(2);
335 	/*NOTREACHED*/
336 }
337 
338 /*
339  * Parse the privilege bits to add and/or remove from
340  * a privilege set.
341  *
342  * [EPIL][+-=]priv,priv,priv
343  */
344 
345 static int
346 strindex(char c, const char *str)
347 {
348 	const char *s;
349 
350 	if (islower(c))
351 		c = toupper(c);
352 
353 	s = strchr(str, c);
354 
355 	if (s == NULL)
356 		return (-1);
357 	else
358 		return (s - str);
359 }
360 
361 static void
362 badspec(const char *spec)
363 {
364 	(void) fprintf(stderr, "%s: bad privilege specification: \"%s\"\n",
365 	    command, spec);
366 	exit(3);
367 	/*NOTREACHED*/
368 }
369 
370 /*
371  * For each set, you can set either add and/or
372  * remove or you can set assign.
373  */
374 static priv_set_t **rem, **add, **assign;
375 static const priv_impl_info_t *pri = NULL;
376 static char *sets;
377 
378 static void
379 loadprivinfo(void)
380 {
381 	int i;
382 
383 	if (pri != NULL)
384 		return;
385 
386 	pri = getprivimplinfo();
387 
388 	if (pri == NULL)
389 		fatal("getprivimplinfo");
390 
391 	sets = malloc(pri->priv_nsets + 1);
392 	if (sets == NULL)
393 		fatal("malloc");
394 
395 	for (i = 0; i < pri->priv_nsets; i++) {
396 		sets[i] = *priv_getsetbynum(i);
397 		if (islower(sets[i]))
398 			sets[i] = toupper(sets[i]);
399 	}
400 
401 	sets[pri->priv_nsets] = '\0';
402 
403 	rem = calloc(pri->priv_nsets, sizeof (priv_set_t *));
404 	add = calloc(pri->priv_nsets, sizeof (priv_set_t *));
405 	assign = calloc(pri->priv_nsets, sizeof (priv_set_t *));
406 	if (rem == NULL || add == NULL || assign == NULL)
407 		fatal("calloc");
408 }
409 
410 static int
411 parsespec(const char *spec)
412 {
413 	char *p;
414 	const char *q;
415 	int count;
416 	priv_set_t ***toupd;
417 	priv_set_t *upd;
418 	int i;
419 	boolean_t freeupd = B_TRUE;
420 
421 	if (pri == NULL)
422 		loadprivinfo();
423 
424 	p = strpbrk(spec, "+-=");
425 
426 	if (p == NULL || p - spec > pri->priv_nsets)
427 		badspec(spec);
428 
429 	if (p[1] == '\0' || (upd = priv_str_to_set(p + 1, ",", NULL)) == NULL)
430 		badspec(p + 1);
431 
432 	count = p - spec;
433 	switch (*p) {
434 	case '+':
435 		toupd = &add;
436 		break;
437 	case '-':
438 		toupd = &rem;
439 		priv_inverse(upd);
440 		break;
441 	case '=':
442 		toupd = &assign;
443 		break;
444 	}
445 
446 	/* Update all sets? */
447 	if (count == 0 || *spec == 'a' || *spec == 'A') {
448 		count = pri->priv_nsets;
449 		q = sets;
450 	} else
451 		q = spec;
452 
453 	for (i = 0; i < count; i++) {
454 		int ind = strindex(q[i], sets);
455 
456 		if (ind == -1)
457 			badspec(spec);
458 
459 		/* Assign is mutually exclusive with add/remove and itself */
460 		if (((toupd == &rem || toupd == &add) && assign[ind] != NULL) ||
461 		    (toupd == &assign && (assign[ind] != NULL ||
462 		    rem[ind] != NULL || add[ind] != NULL))) {
463 			(void) fprintf(stderr, "%s: conflicting spec: %s\n",
464 			    command, spec);
465 			exit(1);
466 		}
467 		if ((*toupd)[ind] != NULL) {
468 			if (*p == '-')
469 				priv_intersect(upd, (*toupd)[ind]);
470 			else
471 				priv_union(upd, (*toupd)[ind]);
472 		} else {
473 			(*toupd)[ind] = upd;
474 			freeupd = B_FALSE;
475 		}
476 	}
477 	if (freeupd)
478 		priv_freeset(upd);
479 	return (0);
480 }
481 
482 static void
483 privupdate(prpriv_t *pr, const char *arg)
484 {
485 	int i;
486 
487 	if (sets != NULL) {
488 		for (i = 0; i < pri->priv_nsets; i++) {
489 			priv_set_t *target =
490 			    (priv_set_t *)&pr->pr_sets[pr->pr_setsize * i];
491 			if (rem[i] != NULL)
492 				priv_intersect(rem[i], target);
493 			if (add[i] != NULL)
494 				priv_union(add[i], target);
495 			if (assign[i] != NULL)
496 				priv_copyset(assign[i], target);
497 		}
498 	}
499 
500 	if (Doff || Don || pfexec || xpol) {
501 		priv_info_uint_t *pii;
502 		int sz = PRIV_PRPRIV_SIZE(pr);
503 		char *x = (char *)pr + PRIV_PRPRIV_INFO_OFFSET(pr);
504 		uint32_t fl = 0;
505 
506 		while (x < (char *)pr + sz) {
507 			/* LINTED: alignment */
508 			priv_info_t *pi = (priv_info_t *)x;
509 
510 			if (pi->priv_info_type == PRIV_INFO_FLAGS) {
511 				/* LINTED: alignment */
512 				pii = (priv_info_uint_t *)x;
513 				fl = pii->val;
514 				goto done;
515 			}
516 			if (pi->priv_info_size > pr->pr_infosize ||
517 			    pi->priv_info_size <=  sizeof (priv_info_t) ||
518 			    (pi->priv_info_size & 3) != 0)
519 				break;
520 			x += pi->priv_info_size;
521 		}
522 		(void) fprintf(stderr,
523 		    "%s: cannot find privilege flags to set\n", arg);
524 		pr->pr_infosize = 0;
525 		return;
526 done:
527 
528 		pr->pr_infosize = sizeof (priv_info_uint_t);
529 		/* LINTED: alignment */
530 		pii = (priv_info_uint_t *)
531 		    ((char *)pr + PRIV_PRPRIV_INFO_OFFSET(pr));
532 
533 		if (Don)
534 			fl |= PRIV_DEBUG;
535 		if (Doff)
536 			fl &= ~PRIV_DEBUG;
537 		if (pfexec)
538 			fl |= PRIV_PFEXEC;
539 		if (xpol)
540 			fl |= PRIV_XPOLICY;
541 
542 		pii->info.priv_info_size = sizeof (*pii);
543 		pii->info.priv_info_type = PRIV_INFO_FLAGS;
544 		pii->val = fl;
545 	} else {
546 		pr->pr_infosize = 0;
547 	}
548 }
549 
550 static void
551 privupdate_self(void)
552 {
553 	int set;
554 
555 	if (mac_aware) {
556 		if (setpflags(NET_MAC_AWARE, 1) != 0)
557 			fatal("setpflags(NET_MAC_AWARE)");
558 		if (setpflags(NET_MAC_AWARE_INHERIT, 1) != 0)
559 			fatal("setpflags(NET_MAC_AWARE_INHERIT)");
560 	}
561 	if (pfexec) {
562 		if (setpflags(PRIV_PFEXEC, 1) != 0)
563 			fatal("setpflags(PRIV_PFEXEC)");
564 	}
565 
566 	if (sets != NULL) {
567 		priv_set_t *target = priv_allocset();
568 
569 		if (target == NULL)
570 			fatal("priv_allocet");
571 
572 		set = priv_getsetbyname(PRIV_INHERITABLE);
573 		if (rem[set] != NULL || add[set] != NULL ||
574 		    assign[set] != NULL) {
575 			(void) getppriv(PRIV_INHERITABLE, target);
576 			if (rem[set] != NULL)
577 				priv_intersect(rem[set], target);
578 			if (add[set] != NULL)
579 				priv_union(add[set], target);
580 			if (assign[set] != NULL)
581 				priv_copyset(assign[set], target);
582 			if (setppriv(PRIV_SET, PRIV_INHERITABLE, target) != 0)
583 				fatal("setppriv(Inheritable)");
584 		}
585 		set = priv_getsetbyname(PRIV_LIMIT);
586 		if (rem[set] != NULL || add[set] != NULL ||
587 		    assign[set] != NULL) {
588 			(void) getppriv(PRIV_LIMIT, target);
589 			if (rem[set] != NULL)
590 				priv_intersect(rem[set], target);
591 			if (add[set] != NULL)
592 				priv_union(add[set], target);
593 			if (assign[set] != NULL)
594 				priv_copyset(assign[set], target);
595 			if (setppriv(PRIV_SET, PRIV_LIMIT, target) != 0)
596 				fatal("setppriv(Limit)");
597 		}
598 		priv_freeset(target);
599 	}
600 
601 	if (Doff || Don)
602 		(void) setpflags(PRIV_DEBUG, Don ? 1 : 0);
603 	if (xpol)
604 		(void) setpflags(PRIV_XPOLICY, 1);
605 	if (pfexec)
606 		(void) setpflags(PRIV_PFEXEC, 1);
607 }
608 
609 static int
610 dopriv(const char *p)
611 {
612 	(void) puts(p);
613 	if (verb) {
614 		char *text = priv_gettext(p);
615 		char *p, *q;
616 		if (text == NULL)
617 			return (1);
618 		for (p = text; q = strchr(p, '\n'); p = q + 1) {
619 			*q = '\0';
620 			(void) printf("\t%s\n", p);
621 		}
622 		free(text);
623 	}
624 	return (0);
625 }
626 
627 static int
628 dumppriv(char **argv)
629 {
630 	int rc = 0;
631 	const char *pname;
632 	int i;
633 
634 	if (argv[0] == NULL) {
635 		for (i = 0; ((pname = priv_getbynum(i++)) != NULL); )
636 			rc += dopriv(pname);
637 	} else {
638 		for (; *argv; argv++) {
639 			priv_set_t *pset = priv_str_to_set(*argv, ",", NULL);
640 
641 			if (pset == NULL) {
642 				(void) fprintf(stderr, "%s: %s: bad privilege"
643 				    " list\n", command, *argv);
644 				rc++;
645 				continue;
646 			}
647 			for (i = 0; ((pname = priv_getbynum(i++)) != NULL); )
648 				if (priv_ismember(pset, pname))
649 					rc += dopriv(pname);
650 		}
651 	}
652 	return (rc);
653 }
654 
655 static struct {
656 	int flag;
657 	char *name;
658 } flags[] = {
659 	{ PRIV_DEBUG, "PRIV_DEBUG" },
660 	{ PRIV_AWARE, "PRIV_AWARE" },
661 	{ PRIV_AWARE_INHERIT, "PRIV_AWARE_INHERIT" },
662 	{ PRIV_AWARE_RESET, "PRIV_AWARE_RESET" },
663 	{ PRIV_XPOLICY, "PRIV_XPOLICY" },
664 	{ PRIV_PFEXEC, "PRIV_PFEXEC" },
665 	{ NET_MAC_AWARE, "NET_MAC_AWARE" },
666 	{ NET_MAC_AWARE_INHERIT, "NET_MAC_AWARE_INHERIT" },
667 };
668 
669 /*
670  * Print flags preceeded by a space.
671  */
672 static void
673 flags2str(uint_t pflags)
674 {
675 	char c = ' ';
676 	int i;
677 
678 	if (pflags == 0) {
679 		(void) fputs(" <none>", stdout);
680 		return;
681 	}
682 	for (i = 0; i < sizeof (flags)/sizeof (flags[0]) && pflags != 0; i++) {
683 		if ((pflags & flags[i].flag) != 0) {
684 			(void) printf("%c%s", c, flags[i].name);
685 			pflags &= ~flags[i].flag;
686 			c = '|';
687 		}
688 	}
689 	if (pflags != 0)
690 		(void) printf("%c<0x%x>", c, pflags);
691 }
692