xref: /titanic_44/usr/src/cmd/ptools/ppriv/ppriv.c (revision 6d89ca534e2138511ecb76c02bcec1bcb83f685b)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
23  */
24 /*
25  * Copyright (c) 2013 by Delphix. All rights reserved.
26  */
27 /*
28  * Program to examine or set process privileges.
29  */
30 
31 #include <stdio.h>
32 #include <stdio_ext.h>
33 #include <stdlib.h>
34 #include <unistd.h>
35 #include <fcntl.h>
36 #include <string.h>
37 #include <limits.h>
38 #include <sys/types.h>
39 #include <libproc.h>
40 #include <priv.h>
41 #include <errno.h>
42 #include <ctype.h>
43 
44 #include <locale.h>
45 #include <langinfo.h>
46 
47 static int	look(char *);
48 static void	perr(char *);
49 static void	usage(void);
50 static void	loadprivinfo(void);
51 static int	parsespec(const char *);
52 static void	privupdate(prpriv_t *, const char *);
53 static void	privupdate_self(void);
54 static int	dumppriv(char **);
55 static void	flags2str(uint_t);
56 
57 static char		*command;
58 static char		*procname;
59 static boolean_t	verb = B_FALSE;
60 static boolean_t	set = B_FALSE;
61 static boolean_t	exec = B_FALSE;
62 static boolean_t	Don = B_FALSE;
63 static boolean_t	Doff = B_FALSE;
64 static boolean_t	list = B_FALSE;
65 static boolean_t	mac_aware = B_FALSE;
66 static boolean_t	pfexec = B_FALSE;
67 static boolean_t	xpol = B_FALSE;
68 static int		mode = PRIV_STR_PORT;
69 
70 int
71 main(int argc, char **argv)
72 {
73 	int rc = 0;
74 	int opt;
75 	struct rlimit rlim;
76 
77 	(void) setlocale(LC_ALL, "");
78 	(void) textdomain(TEXT_DOMAIN);
79 
80 	if ((command = strrchr(argv[0], '/')) != NULL)
81 		command++;
82 	else
83 		command = argv[0];
84 
85 	while ((opt = getopt(argc, argv, "lDMNPevs:xS")) != EOF) {
86 		switch (opt) {
87 		case 'l':
88 			list = B_TRUE;
89 			break;
90 		case 'D':
91 			set = B_TRUE;
92 			Don = B_TRUE;
93 			break;
94 		case 'M':
95 			mac_aware = B_TRUE;
96 			break;
97 		case 'N':
98 			set = B_TRUE;
99 			Doff = B_TRUE;
100 			break;
101 		case 'P':
102 			set = B_TRUE;
103 			pfexec = B_TRUE;
104 			break;
105 		case 'e':
106 			exec = B_TRUE;
107 			break;
108 		case 'S':
109 			mode = PRIV_STR_SHORT;
110 			break;
111 		case 'v':
112 			verb = B_TRUE;
113 			mode = PRIV_STR_LIT;
114 			break;
115 		case 's':
116 			set = B_TRUE;
117 			if ((rc = parsespec(optarg)) != 0)
118 				return (rc);
119 			break;
120 		case 'x':
121 			set = B_TRUE;
122 			xpol = B_TRUE;
123 			break;
124 		default:
125 			usage();
126 			/*NOTREACHED*/
127 		}
128 	}
129 
130 	argc -= optind;
131 	argv += optind;
132 
133 	if ((argc < 1 && !list) || Doff && Don || list && (set || exec) ||
134 	    (mac_aware && !exec))
135 		usage();
136 
137 	/*
138 	 * Make sure we'll have enough file descriptors to handle a target
139 	 * that has many many mappings.
140 	 */
141 	if (getrlimit(RLIMIT_NOFILE, &rlim) == 0) {
142 		rlim.rlim_cur = rlim.rlim_max;
143 		(void) setrlimit(RLIMIT_NOFILE, &rlim);
144 		(void) enable_extended_FILE_stdio(-1, -1);
145 	}
146 
147 	if (exec) {
148 		privupdate_self();
149 		rc = execvp(argv[0], &argv[0]);
150 		(void) fprintf(stderr, "%s: %s: %s\n", command, argv[0],
151 		    strerror(errno));
152 	} else if (list) {
153 		rc = dumppriv(argv);
154 	} else {
155 		while (argc-- > 0)
156 			rc += look(*argv++);
157 	}
158 
159 	return (rc);
160 }
161 
162 static int
163 look(char *arg)
164 {
165 	struct ps_prochandle *Pr;
166 	int gcode;
167 	size_t sz;
168 	void *pdata;
169 	char *x;
170 	int i;
171 	boolean_t nodata;
172 	prpriv_t *ppriv;
173 
174 	procname = arg;		/* for perr() */
175 
176 	if ((Pr = proc_arg_grab(arg, set ? PR_ARG_PIDS : PR_ARG_ANY,
177 	    PGRAB_RETAIN | PGRAB_FORCE | (set ? 0 : PGRAB_RDONLY) |
178 	    PGRAB_NOSTOP, &gcode)) == NULL) {
179 		(void) fprintf(stderr, "%s: cannot examine %s: %s\n",
180 		    command, arg, Pgrab_error(gcode));
181 		return (1);
182 	}
183 
184 	if (Ppriv(Pr, &ppriv) == -1) {
185 		perr(command);
186 		Prelease(Pr, 0);
187 		return (1);
188 	}
189 	sz = PRIV_PRPRIV_SIZE(ppriv);
190 
191 	/*
192 	 * The ppriv fields are unsigned and may overflow, so check them
193 	 * separately.  Size must be word aligned, so check that too.
194 	 * Make sure size is "smallish" too.
195 	 */
196 	if ((sz & 3) || ppriv->pr_nsets == 0 ||
197 	    sz / ppriv->pr_nsets < ppriv->pr_setsize ||
198 	    ppriv->pr_infosize > sz || sz > 1024 * 1024) {
199 		(void) fprintf(stderr,
200 		    "%s: %s: bad PRNOTES section, size = %lx\n",
201 		    command, arg, (long)sz);
202 		Prelease(Pr, 0);
203 		free(ppriv);
204 		return (1);
205 	}
206 
207 	if (set) {
208 		privupdate(ppriv, arg);
209 		if (Psetpriv(Pr, ppriv) != 0) {
210 			perr(command);
211 			Prelease(Pr, 0);
212 			free(ppriv);
213 			return (1);
214 		}
215 		Prelease(Pr, 0);
216 		free(ppriv);
217 		return (0);
218 	}
219 
220 	if (Pstate(Pr) == PS_DEAD) {
221 		(void) printf("core '%s' of %d:\t%.70s\n",
222 		    arg, (int)Ppsinfo(Pr)->pr_pid, Ppsinfo(Pr)->pr_psargs);
223 		pdata = Pprivinfo(Pr);
224 		nodata = Pstate(Pr) == PS_DEAD && pdata == NULL;
225 	} else {
226 		(void) printf("%d:\t%.70s\n",
227 		    (int)Ppsinfo(Pr)->pr_pid, Ppsinfo(Pr)->pr_psargs);
228 		pdata = NULL;
229 		nodata = B_FALSE;
230 	}
231 
232 	x = (char *)ppriv + sz - ppriv->pr_infosize;
233 	while (x < (char *)ppriv + sz) {
234 		/* LINTED: alignment */
235 		priv_info_t *pi = (priv_info_t *)x;
236 		priv_info_uint_t *pii;
237 
238 		switch (pi->priv_info_type) {
239 		case PRIV_INFO_FLAGS:
240 			/* LINTED: alignment */
241 			pii = (priv_info_uint_t *)x;
242 			(void) printf("flags =");
243 			flags2str(pii->val);
244 			(void) putchar('\n');
245 			break;
246 		default:
247 			(void) fprintf(stderr, "%s: unknown priv_info: %d\n",
248 			    arg, pi->priv_info_type);
249 			break;
250 		}
251 		if (pi->priv_info_size > ppriv->pr_infosize ||
252 		    pi->priv_info_size <=  sizeof (priv_info_t) ||
253 		    (pi->priv_info_size & 3) != 0) {
254 			(void) fprintf(stderr, "%s: bad priv_info_size: %u\n",
255 			    arg, pi->priv_info_size);
256 			break;
257 		}
258 		x += pi->priv_info_size;
259 	}
260 
261 	for (i = 0; i < ppriv->pr_nsets; i++) {
262 		extern const char *__priv_getsetbynum(const void *, int);
263 		const char *setnm = pdata ? __priv_getsetbynum(pdata, i) :
264 		    priv_getsetbynum(i);
265 		priv_chunk_t *pc =
266 		    (priv_chunk_t *)&ppriv->pr_sets[ppriv->pr_setsize * i];
267 
268 
269 		(void) printf("\t%c: ", setnm && !nodata ? *setnm : '?');
270 		if (!nodata) {
271 			extern char *__priv_set_to_str(void *,
272 			    const priv_set_t *, char, int);
273 			priv_set_t *pset = (priv_set_t *)pc;
274 
275 			char *s;
276 
277 			if (pdata)
278 				s = __priv_set_to_str(pdata, pset, ',', mode);
279 			else
280 				s = priv_set_to_str(pset, ',', mode);
281 			(void) puts(s);
282 			free(s);
283 		} else {
284 			int j;
285 			for (j = 0; j < ppriv->pr_setsize; j++)
286 				(void) printf("%08x", pc[j]);
287 			(void) putchar('\n');
288 		}
289 	}
290 	Prelease(Pr, 0);
291 	free(ppriv);
292 	return (0);
293 }
294 
295 static void
296 fatal(const char *s)
297 {
298 	(void) fprintf(stderr, "%s: %s: %s\n", command, s, strerror(errno));
299 	exit(3);
300 }
301 
302 static void
303 perr(char *s)
304 {
305 	int err = errno;
306 
307 	if (s != NULL)
308 		(void) fprintf(stderr, "%s: ", procname);
309 	else
310 		s = procname;
311 
312 	errno = err;
313 	perror(s);
314 }
315 
316 static void
317 usage(void)
318 {
319 	(void) fprintf(stderr,
320 	    "usage:\t%s [-v] [-S] [-D|-N] [-s spec] { pid | core } ...\n"
321 	    "\t%s -e [-D|-N] [-M] [-s spec] cmd [args ...]\n"
322 	    "\t%s -l [-v] [privilege ...]\n"
323 	    "  (report, set or list process privileges)\n", command,
324 	    command, command);
325 	exit(2);
326 	/*NOTREACHED*/
327 }
328 
329 /*
330  * Parse the privilege bits to add and/or remove from
331  * a privilege set.
332  *
333  * [EPIL][+-=]priv,priv,priv
334  */
335 
336 static int
337 strindex(char c, const char *str)
338 {
339 	const char *s;
340 
341 	if (islower(c))
342 		c = toupper(c);
343 
344 	s = strchr(str, c);
345 
346 	if (s == NULL)
347 		return (-1);
348 	else
349 		return (s - str);
350 }
351 
352 static void
353 badspec(const char *spec)
354 {
355 	(void) fprintf(stderr, "%s: bad privilege specification: \"%s\"\n",
356 	    command, spec);
357 	exit(3);
358 	/*NOTREACHED*/
359 }
360 
361 /*
362  * For each set, you can set either add and/or
363  * remove or you can set assign.
364  */
365 static priv_set_t **rem, **add, **assign;
366 static const priv_impl_info_t *pri = NULL;
367 static char *sets;
368 
369 static void
370 loadprivinfo(void)
371 {
372 	int i;
373 
374 	if (pri != NULL)
375 		return;
376 
377 	pri = getprivimplinfo();
378 
379 	if (pri == NULL)
380 		fatal("getprivimplinfo");
381 
382 	sets = malloc(pri->priv_nsets + 1);
383 	if (sets == NULL)
384 		fatal("malloc");
385 
386 	for (i = 0; i < pri->priv_nsets; i++) {
387 		sets[i] = *priv_getsetbynum(i);
388 		if (islower(sets[i]))
389 			sets[i] = toupper(sets[i]);
390 	}
391 
392 	sets[pri->priv_nsets] = '\0';
393 
394 	rem = calloc(pri->priv_nsets, sizeof (priv_set_t *));
395 	add = calloc(pri->priv_nsets, sizeof (priv_set_t *));
396 	assign = calloc(pri->priv_nsets, sizeof (priv_set_t *));
397 	if (rem == NULL || add == NULL || assign == NULL)
398 		fatal("calloc");
399 }
400 
401 static int
402 parsespec(const char *spec)
403 {
404 	char *p;
405 	const char *q;
406 	int count;
407 	priv_set_t ***toupd;
408 	priv_set_t *upd;
409 	int i;
410 	boolean_t freeupd = B_TRUE;
411 
412 	if (pri == NULL)
413 		loadprivinfo();
414 
415 	p = strpbrk(spec, "+-=");
416 
417 	if (p == NULL || p - spec > pri->priv_nsets)
418 		badspec(spec);
419 
420 	if (p[1] == '\0' || (upd = priv_str_to_set(p + 1, ",", NULL)) == NULL)
421 		badspec(p + 1);
422 
423 	count = p - spec;
424 	switch (*p) {
425 	case '+':
426 		toupd = &add;
427 		break;
428 	case '-':
429 		toupd = &rem;
430 		priv_inverse(upd);
431 		break;
432 	case '=':
433 		toupd = &assign;
434 		break;
435 	}
436 
437 	/* Update all sets? */
438 	if (count == 0 || *spec == 'a' || *spec == 'A') {
439 		count = pri->priv_nsets;
440 		q = sets;
441 	} else
442 		q = spec;
443 
444 	for (i = 0; i < count; i++) {
445 		int ind = strindex(q[i], sets);
446 
447 		if (ind == -1)
448 			badspec(spec);
449 
450 		/* Assign is mutually exclusive with add/remove and itself */
451 		if (((toupd == &rem || toupd == &add) && assign[ind] != NULL) ||
452 		    (toupd == &assign && (assign[ind] != NULL ||
453 		    rem[ind] != NULL || add[ind] != NULL))) {
454 			(void) fprintf(stderr, "%s: conflicting spec: %s\n",
455 			    command, spec);
456 			exit(1);
457 		}
458 		if ((*toupd)[ind] != NULL) {
459 			if (*p == '-')
460 				priv_intersect(upd, (*toupd)[ind]);
461 			else
462 				priv_union(upd, (*toupd)[ind]);
463 		} else {
464 			(*toupd)[ind] = upd;
465 			freeupd = B_FALSE;
466 		}
467 	}
468 	if (freeupd)
469 		priv_freeset(upd);
470 	return (0);
471 }
472 
473 static void
474 privupdate(prpriv_t *pr, const char *arg)
475 {
476 	int i;
477 
478 	if (sets != NULL) {
479 		for (i = 0; i < pri->priv_nsets; i++) {
480 			priv_set_t *target =
481 			    (priv_set_t *)&pr->pr_sets[pr->pr_setsize * i];
482 			if (rem[i] != NULL)
483 				priv_intersect(rem[i], target);
484 			if (add[i] != NULL)
485 				priv_union(add[i], target);
486 			if (assign[i] != NULL)
487 				priv_copyset(assign[i], target);
488 		}
489 	}
490 
491 	if (Doff || Don || pfexec || xpol) {
492 		priv_info_uint_t *pii;
493 		int sz = PRIV_PRPRIV_SIZE(pr);
494 		char *x = (char *)pr + PRIV_PRPRIV_INFO_OFFSET(pr);
495 		uint32_t fl = 0;
496 
497 		while (x < (char *)pr + sz) {
498 			/* LINTED: alignment */
499 			priv_info_t *pi = (priv_info_t *)x;
500 
501 			if (pi->priv_info_type == PRIV_INFO_FLAGS) {
502 				/* LINTED: alignment */
503 				pii = (priv_info_uint_t *)x;
504 				fl = pii->val;
505 				goto done;
506 			}
507 			if (pi->priv_info_size > pr->pr_infosize ||
508 			    pi->priv_info_size <=  sizeof (priv_info_t) ||
509 			    (pi->priv_info_size & 3) != 0)
510 				break;
511 			x += pi->priv_info_size;
512 		}
513 		(void) fprintf(stderr,
514 		    "%s: cannot find privilege flags to set\n", arg);
515 		pr->pr_infosize = 0;
516 		return;
517 done:
518 
519 		pr->pr_infosize = sizeof (priv_info_uint_t);
520 		/* LINTED: alignment */
521 		pii = (priv_info_uint_t *)
522 		    ((char *)pr + PRIV_PRPRIV_INFO_OFFSET(pr));
523 
524 		if (Don)
525 			fl |= PRIV_DEBUG;
526 		if (Doff)
527 			fl &= ~PRIV_DEBUG;
528 		if (pfexec)
529 			fl |= PRIV_PFEXEC;
530 		if (xpol)
531 			fl |= PRIV_XPOLICY;
532 
533 		pii->info.priv_info_size = sizeof (*pii);
534 		pii->info.priv_info_type = PRIV_INFO_FLAGS;
535 		pii->val = fl;
536 	} else {
537 		pr->pr_infosize = 0;
538 	}
539 }
540 
541 static void
542 privupdate_self(void)
543 {
544 	int set;
545 
546 	if (mac_aware) {
547 		if (setpflags(NET_MAC_AWARE, 1) != 0)
548 			fatal("setpflags(NET_MAC_AWARE)");
549 		if (setpflags(NET_MAC_AWARE_INHERIT, 1) != 0)
550 			fatal("setpflags(NET_MAC_AWARE_INHERIT)");
551 	}
552 	if (pfexec) {
553 		if (setpflags(PRIV_PFEXEC, 1) != 0)
554 			fatal("setpflags(PRIV_PFEXEC)");
555 	}
556 
557 	if (sets != NULL) {
558 		priv_set_t *target = priv_allocset();
559 
560 		if (target == NULL)
561 			fatal("priv_allocet");
562 
563 		set = priv_getsetbyname(PRIV_INHERITABLE);
564 		if (rem[set] != NULL || add[set] != NULL ||
565 		    assign[set] != NULL) {
566 			(void) getppriv(PRIV_INHERITABLE, target);
567 			if (rem[set] != NULL)
568 				priv_intersect(rem[set], target);
569 			if (add[set] != NULL)
570 				priv_union(add[set], target);
571 			if (assign[set] != NULL)
572 				priv_copyset(assign[set], target);
573 			if (setppriv(PRIV_SET, PRIV_INHERITABLE, target) != 0)
574 				fatal("setppriv(Inheritable)");
575 		}
576 		set = priv_getsetbyname(PRIV_LIMIT);
577 		if (rem[set] != NULL || add[set] != NULL ||
578 		    assign[set] != NULL) {
579 			(void) getppriv(PRIV_LIMIT, target);
580 			if (rem[set] != NULL)
581 				priv_intersect(rem[set], target);
582 			if (add[set] != NULL)
583 				priv_union(add[set], target);
584 			if (assign[set] != NULL)
585 				priv_copyset(assign[set], target);
586 			if (setppriv(PRIV_SET, PRIV_LIMIT, target) != 0)
587 				fatal("setppriv(Limit)");
588 		}
589 		priv_freeset(target);
590 	}
591 
592 	if (Doff || Don)
593 		(void) setpflags(PRIV_DEBUG, Don ? 1 : 0);
594 	if (xpol)
595 		(void) setpflags(PRIV_XPOLICY, 1);
596 	if (pfexec)
597 		(void) setpflags(PRIV_PFEXEC, 1);
598 }
599 
600 static int
601 dopriv(const char *p)
602 {
603 	(void) puts(p);
604 	if (verb) {
605 		char *text = priv_gettext(p);
606 		char *p, *q;
607 		if (text == NULL)
608 			return (1);
609 		for (p = text; q = strchr(p, '\n'); p = q + 1) {
610 			*q = '\0';
611 			(void) printf("\t%s\n", p);
612 		}
613 		free(text);
614 	}
615 	return (0);
616 }
617 
618 static int
619 dumppriv(char **argv)
620 {
621 	int rc = 0;
622 	const char *pname;
623 	int i;
624 
625 	if (argv[0] == NULL) {
626 		for (i = 0; ((pname = priv_getbynum(i++)) != NULL); )
627 			rc += dopriv(pname);
628 	} else {
629 		for (; *argv; argv++) {
630 			priv_set_t *pset = priv_str_to_set(*argv, ",", NULL);
631 
632 			if (pset == NULL) {
633 				(void) fprintf(stderr, "%s: %s: bad privilege"
634 				    " list\n", command, *argv);
635 				rc++;
636 				continue;
637 			}
638 			for (i = 0; ((pname = priv_getbynum(i++)) != NULL); )
639 				if (priv_ismember(pset, pname))
640 					rc += dopriv(pname);
641 		}
642 	}
643 	return (rc);
644 }
645 
646 static struct {
647 	int flag;
648 	char *name;
649 } flags[] = {
650 	{ PRIV_DEBUG, "PRIV_DEBUG" },
651 	{ PRIV_AWARE, "PRIV_AWARE" },
652 	{ PRIV_AWARE_INHERIT, "PRIV_AWARE_INHERIT" },
653 	{ PRIV_AWARE_RESET, "PRIV_AWARE_RESET" },
654 	{ PRIV_XPOLICY, "PRIV_XPOLICY" },
655 	{ PRIV_PFEXEC, "PRIV_PFEXEC" },
656 	{ NET_MAC_AWARE, "NET_MAC_AWARE" },
657 	{ NET_MAC_AWARE_INHERIT, "NET_MAC_AWARE_INHERIT" },
658 };
659 
660 /*
661  * Print flags preceeded by a space.
662  */
663 static void
664 flags2str(uint_t pflags)
665 {
666 	char c = ' ';
667 	int i;
668 
669 	if (pflags == 0) {
670 		(void) fputs(" <none>", stdout);
671 		return;
672 	}
673 	for (i = 0; i < sizeof (flags)/sizeof (flags[0]) && pflags != 0; i++) {
674 		if ((pflags & flags[i].flag) != 0) {
675 			(void) printf("%c%s", c, flags[i].name);
676 			pflags &= ~flags[i].flag;
677 			c = '|';
678 		}
679 	}
680 	if (pflags != 0)
681 		(void) printf("%c<0x%x>", c, pflags);
682 }
683