xref: /titanic_50/usr/src/cmd/hal/hald/util_helper.c (revision 42cac157f878fbb7ae190eb0339c6932f3192b87)
1 /***************************************************************************
2  *
3  * util_helper.c - HAL utilities for helper (as e.g. prober/addons) et al.
4  *
5  * Copyright (C) 2006 David Zeuthen, <david@fubar.dk>
6  *
7  * Licensed under the Academic Free License version 2.1
8  *
9  * This program is free software; you can redistribute it and/or modify
10  * it under the terms of the GNU General Public License as published by
11  * the Free Software Foundation; either version 2 of the License, or
12  * (at your option) any later version.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License
20  * along with this program; if not, write to the Free Software
21  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
22  *
23  **************************************************************************/
24 
25 #ifdef HAVE_CONFIG_H
26 #  include <config.h>
27 #endif
28 
29 #include <grp.h>
30 #include <stdarg.h>
31 #include <stdlib.h>
32 #include <string.h>
33 #include <sys/time.h>
34 #include <time.h>
35 #include <pwd.h>
36 #include <unistd.h>
37 
38 #include "logger.h"
39 
40 #include "util_helper.h"
41 
42 #ifdef __linux__
43 extern char **environ;
44 #endif
45 
46 static char **argv_buffer = NULL;
47 static size_t argv_size = 0;
48 
49 #ifdef sun
50 #include <priv.h>
51 void
52 drop_privileges (int keep_auxgroups)
53 {
54 	priv_set_t *pPrivSet = NULL;
55 	priv_set_t *lPrivSet = NULL;
56 
57 	/*
58 	 * Start with the 'basic' privilege set and then remove any
59 	 * of the 'basic' privileges that will not be needed.
60 	 */
61 	if ((pPrivSet = priv_str_to_set("basic", ",", NULL)) == NULL) {
62 		return;
63 	}
64 
65 	/* Clear privileges we will not need from the 'basic' set */
66 	(void) priv_delset(pPrivSet, PRIV_FILE_LINK_ANY);
67 	(void) priv_delset(pPrivSet, PRIV_PROC_INFO);
68 	(void) priv_delset(pPrivSet, PRIV_PROC_SESSION);
69 
70 	/* for sysevent need to be root and have this privilege */
71 	(void) priv_addset(pPrivSet, PRIV_SYS_CONFIG);
72 
73 	/* need proc_audit privilege */
74 	(void) priv_addset(pPrivSet, PRIV_PROC_AUDIT);
75 
76 	/* Set the permitted privilege set. */
77 	if (setppriv(PRIV_SET, PRIV_PERMITTED, pPrivSet) != 0) {
78 		return;
79 	}
80 
81 	/* Clear the limit set. */
82 	if ((lPrivSet = priv_allocset()) == NULL) {
83 		return;
84 	}
85 
86 	priv_emptyset(lPrivSet);
87 
88 	if (setppriv(PRIV_SET, PRIV_LIMIT, lPrivSet) != 0) {
89 		return;
90 	}
91 
92 	priv_freeset(lPrivSet);
93 }
94 #else /* !sun */
95 
96 /** Drop root privileges: Set the running user id to HAL_USER and
97  *  group to HAL_GROUP, and optionally retain auxiliary groups of HAL_USER.
98  */
99 void
100 drop_privileges (int keep_auxgroups)
101 {
102 	struct passwd *pw = NULL;
103 	struct group *gr = NULL;
104 
105 	/* determine user id */
106 	pw = getpwnam (HAL_USER);
107 	if (!pw)  {
108 		HAL_DEBUG (("drop_privileges: user " HAL_USER " does not exist"));
109 		exit (-1);
110 	}
111 
112 	/* determine primary group id */
113 	gr = getgrnam (HAL_GROUP);
114 	if (!gr) {
115 		HAL_DEBUG (("drop_privileges: group " HAL_GROUP " does not exist"));
116 		exit (-1);
117 	}
118 
119 	if (keep_auxgroups) {
120 		if (initgroups (HAL_USER, gr->gr_gid)) {
121 			HAL_DEBUG(("drop_privileges: could not initialize groups"));
122 			exit (-1);
123 		}
124 	}
125 
126 	if (setgid (gr->gr_gid)) {
127 		HAL_DEBUG (("drop_privileges: could not set group id"));
128 		exit (-1);
129 	}
130 
131 	if (setuid (pw->pw_uid)) {
132 		HAL_DEBUG (("drop_privileges: could not set user id"));
133 		exit (-1);
134 	}
135 }
136 #endif /* !sun */
137 
138 void
139 hal_set_proc_title_init (int argc, char *argv[])
140 {
141 #ifdef __linux__
142 	unsigned int i;
143 	char **new_environ, *endptr;
144 
145 	/* This code is really really ugly. We make some memory layout
146 	 * assumptions and reuse the environment array as memory to store
147 	 * our process title in */
148 
149 	for (i = 0; environ[i] != NULL; i++)
150 		;
151 
152 	endptr = i ? environ[i-1] + strlen (environ[i-1]) : argv[argc-1] + strlen (argv[argc-1]);
153 
154 	argv_buffer = argv;
155 	argv_size = endptr - argv_buffer[0];
156 
157 	/* Make a copy of environ */
158 
159 	new_environ = malloc (sizeof(char*) * (i + 1));
160 	for (i = 0; environ[i] != NULL; i++)
161 		new_environ[i] = strdup (environ[i]);
162 	new_environ[i] = NULL;
163 
164 	environ = new_environ;
165 #endif
166 }
167 
168 /* this code borrowed from avahi-daemon's setproctitle.c (LGPL v2) */
169 void
170 hal_set_proc_title (const char *format, ...)
171 {
172 #ifdef __linux__
173 	size_t len;
174 	va_list ap;
175 
176 	if (argv_buffer == NULL)
177 		goto out;
178 
179 	va_start (ap, format);
180 	vsnprintf (argv_buffer[0], argv_size, format, ap);
181 	va_end (ap);
182 
183 	len = strlen (argv_buffer[0]);
184 
185 	memset (argv_buffer[0] + len, 0, argv_size - len);
186 	argv_buffer[1] = NULL;
187 out:
188 	;
189 #endif
190 }
191 
192