int can_be_checkpointed(struct task_struct *task_to_checkpoint)
{
struct nsproxy *nsp;
/* Task must live in the Kerrighed container. */
rcu_read_lock();
nsp = rcu_dereference(task_to_checkpoint->nsproxy);
if (!nsp || !nsp->krg_ns) {
rcu_read_unlock();
goto exit;
}
rcu_read_unlock();
/* Check permissions */
if (!permissions_ok(task_to_checkpoint))
goto exit;
/* Check capabilities */
if (!can_use_krg_cap(task_to_checkpoint, CAP_CHECKPOINTABLE))
goto exit;
return 1; /* means true */
exit:
return 0; /* means false */
}
static void
get_password_from_command(Pop3 pc, const char *username,
const char *servername,
/*@out@ */ char *password,
/*@out@ */
unsigned char *password_len)
{
password[*password_len - 1] = '\0';
password[0] = '\0';
/* check that the executed file is a good one. */
if (permissions_ok(pc, pc->askpass)) {
char *command;
char *password_ptr;
int len =
strlen(pc->askpass) + strlen(username) +
strlen(servername) + 40;
command = malloc(len);
snprintf(command, len, "%s 'password for wmbiff: %s@%s'",
pc->askpass, username, servername);
(void) grabCommandOutput(pc, command, &password_ptr, NULL);
/* it's not clear what to do with the exit
status, though we can get it from
grabCommandOutput if needed to deal with some
programs that will print a message but exit
non-zero on error */
free(command);
if (password_ptr == NULL) {
/* this likely means that the user cancelled, and doesn't
want us to keep asking about the password. */
DM(pc, DEBUG_ERROR,
"passmgr: fgets password failed, exiting\n");
DM(pc, DEBUG_ERROR,
"passmgr: (it looks like you pressed 'cancel')\n");
/* this seems like the sanest thing to do, for now */
exit(EXIT_FAILURE);
}
strncpy(password, password_ptr, *password_len);
if (password[*password_len - 1] != '\0') {
DM(pc, DEBUG_ERROR,
"passmgr: warning: your password appears longer (%lu) than expected (%d)\n",
(unsigned long) strlen(password_ptr), *password_len - 1);
}
free(password_ptr);
password[*password_len - 1] = '\0';
*password_len = strlen(password);
} else {
/* consider this error to be particularly troublesome */
DM(pc, DEBUG_ERROR,
"passmgr: permissions check of '%s' failed.", pc->askpass);
exit(EXIT_FAILURE);
}
}
static int krg_get_cap(struct task_struct *tsk, kernel_krg_cap_t *resulting_cap)
{
kernel_krg_cap_t *caps = &tsk->krg_caps;
int res;
task_lock(tsk);
if (resulting_cap && permissions_ok(tsk)) {
*resulting_cap = *caps;
res = 0;
} else {
res = -EPERM;
}
task_unlock(tsk);
return res;
}
/* return 1 if fail, 0 if success */
int test_passwordMgr(void)
{
const char *b;
mbox_t m;
strcpy(m.label, "x");
/* sh is almost certainly conforming; owned by root, etc. */
if (!permissions_ok(NULL, "/bin/sh")) {
printf("FAILURE: permission checker failed on /bin/sh.");
return (1);
}
/* tmp is definitely bad; and better be og+w */
if (permissions_ok(NULL, "/tmp")) {
printf("FAILURE: permission checker failed on /tmp.");
return (1);
}
/* TODO: also find some user-owned binary that shouldn't be g+w */
printf("SUCCESS: permission checker sanity check went well.\n");
/* *** */
m.askpass = "******";
b = passwordFor("bill", "ted", &m, 0);
if (strcmp(b, "xlnt") != 0) {
printf("FAILURE: expected 'xlnt' got '%s'\n", b);
return (1);
}
printf("SUCCESS: expected 'xlnt' got '%s'\n", b);
/* *** */
m.askpass = "******";
b = passwordFor("bill", "ted", &m, 0);
if (strcmp(b, "xlnt") != 0) {
printf("FAILURE: expected 'xlnt' got '%s'\n", b);
return (1);
}
printf("SUCCESS: cached 'xlnt' correctly\n");
/* *** */
m.askpass = "******";
b = passwordFor("abbot", "costello", &m, 0);
if (strcmp(b, "abcdefghi1abcdefghi2abcdefghi3a") != 0) {
printf
("FAILURE: expected 'abcdefghi1abcdefghi2abcdefghi3a' got '%s'\n",
b);
return (1);
}
printf
("SUCCESS: expected 'abcdefghi1abcdefghi2abcdefghi3a' got '%s'\n",
b);
/* try overflowing the buffer */
m.askpass = "******";
b = passwordFor("laverne", "shirley", &m, 0);
/* should come back truncated to fill the buffer */
if (strcmp(b, "abcdefghi1abcdefghi2abcdefghi3a") != 0) {
printf
("FAILURE: expected 'abcdefghi1abcdefghi2abcdefghi3a' got '%s'\n",
b);
return (1);
}
printf
("SUCCESS: expected 'abcdefghi1abcdefghi2abcdefghi3a' got '%s'\n",
b);
/* make sure we still have the old one */
b = passwordFor("bill", "ted", &m, 0);
if (strcmp(b, "xlnt") != 0) {
printf("FAILURE: expected 'xlnt' got '%s'\n", b);
return (1);
}
printf("SUCCESS: expected 'xlnt' got '%s'\n", b);
/* what it's like if ssh-askpass is cancelled - should drop the mailbox */
#if 0
/* will exit on our behalf; not so good for continued testing. */
m.askpass = "******";
b = passwordFor("abort", "me", &m, 0);
if (strcmp(b, "") != 0) {
printf("FAILURE: expected '' got '%s'\n", b);
return (1);
}
printf("SUCCESS: expected '' got '%s'\n", b);
#endif
/* what it's like if ssh-askpass is ok'd with an empty password. */
m.askpass = "******";
b = passwordFor("try", "again", &m, 0);
if (b == NULL || strcmp(b, "") != 0) {
printf("FAILURE: expected '' got '%s'\n", b ? b : "(null)");
return (1);
}
printf("SUCCESS: expected '' got '%s'\n", b);
m.askpass = "******"rt*m\"; #";
b = passwordFor("faq", "faq", &m, 0);
if (strcmp(b, "rt*m") != 0) {
printf("FAILURE: expected '' got '%s'\n", b);
return (1);
}
printf("SUCCESS: expected 'rt*m' got '%s'\n", b);
return (0);
}
static int krg_set_cap(struct task_struct *tsk,
const kernel_krg_cap_t *requested_cap)
{
kernel_krg_cap_t *caps = &tsk->krg_caps;
kernel_cap_t tmp_cap;
struct nsproxy *nsp;
int res;
int i;
res = 0;
rcu_read_lock();
nsp = rcu_dereference(tsk->nsproxy);
if (!nsp || !nsp->krg_ns)
res = -EPERM;
rcu_read_unlock();
if (res)
goto out;
res = -EINVAL;
if (!cap_issubset(requested_cap->effective, requested_cap->permitted)
|| !cap_issubset(requested_cap->inheritable_permitted,
requested_cap->permitted)
|| !cap_issubset(requested_cap->inheritable_effective,
requested_cap->inheritable_permitted))
goto out;
res = -ENOSYS;
tmp_cap = KRG_CAP_SUPPORTED;
if (!cap_issubset(requested_cap->permitted, tmp_cap))
goto out;
res = -EPERM;
if (!permissions_ok(tsk))
goto out;
task_lock(tsk);
if (!cap_raised(caps->effective, CAP_CHANGE_KERRIGHED_CAP))
goto out_unlock;
res = -EBUSY;
for (i = 0; i < CAP_SIZE; i++)
if (atomic_read(&tsk->krg_cap_used[i])
&& !cap_raised(requested_cap->effective, i))
goto out_unlock;
tmp_cap = cap_intersect(caps->permitted, requested_cap->permitted);
caps->permitted = tmp_cap;
tmp_cap = cap_intersect(caps->permitted, requested_cap->effective);
caps->effective = tmp_cap;
tmp_cap = cap_intersect(caps->permitted,
requested_cap->inheritable_effective);
caps->inheritable_effective = tmp_cap;
tmp_cap = cap_intersect(caps->permitted,
requested_cap->inheritable_permitted);
caps->inheritable_permitted = tmp_cap;
res = 0;
out_unlock:
task_unlock(tsk);
out:
return res;
}
