static void gain_root(void)
{
if (non_root_mode()) {
return;
}
if (geteuid() != 0) {
set_effective_uid(0);
if (geteuid() != 0) {
DEBUG(0,
("Warning: You appear to have a trapdoor "
"uid system\n"));
}
}
if (getegid() != 0) {
set_effective_gid(0);
if (getegid() != 0) {
DEBUG(0,
("Warning: You appear to have a trapdoor "
"gid system\n"));
}
}
}
main()
{
if (getuid() != 0) {
#if (defined(AIX) && defined(USE_SETREUID))
/* setreuid is badly broken on AIX 4.1, we avoid it completely */
fprintf(stderr,"avoiding possibly broken setreuid\n");
exit(1);
#endif
/* if not running as root then at least check to see if we get ENOSYS - this
handles Linux 2.0.x with glibc 2.1 */
fprintf(stderr,"not running as root: checking for ENOSYS\n");
exit(have_syscall());
}
gain_root_privilege();
gain_root_group_privilege();
set_effective_gid(1);
set_effective_uid(1);
save_re_uid();
restore_re_uid();
gain_root_privilege();
gain_root_group_privilege();
become_user_permanently(1, 1);
setuid(0);
if (getuid() == 0) {
fprintf(stderr,"uid not set permanently\n");
exit(1);
}
printf("OK\n");
exit(0);
}
/****************************************************************************
and restore them!
****************************************************************************/
void restore_re_gid(void)
{
#if USE_SETRESUID
setresgid(saved_rgid, saved_egid, -1);
#elif USE_SETREUID
setregid(saved_rgid, -1);
setregid(-1,saved_egid);
#elif USE_SETUIDX
setgidx(ID_REAL, saved_rgid);
setgidx(ID_EFFECTIVE, saved_egid);
#else
set_effective_gid(saved_egid);
if (getgid() != saved_rgid)
setgid(saved_rgid);
set_effective_gid(saved_egid);
#endif
assert_gid(saved_rgid, saved_egid);
}
/****************************************************************************
and restore them!
****************************************************************************/
void restore_re_gid(void)
{
#if defined(USE_SETRESUID) || defined(USE_LINUX_THREAD_CREDENTIALS)
samba_setresgid(saved_rgid, saved_egid, -1);
#elif USE_SETREUID
samba_setregid(saved_rgid, -1);
samba_setregid(-1,saved_egid);
#elif USE_SETUIDX
samba_setgidx(ID_REAL, saved_rgid);
samba_setgidx(ID_EFFECTIVE, saved_egid);
#else
set_effective_gid(saved_egid);
if (getgid() != saved_rgid)
samba_setgid(saved_rgid);
set_effective_gid(saved_egid);
#endif
assert_gid(saved_rgid, saved_egid);
}
int get_current_groups(gid_t gid, int *p_ngroups, gid_t **p_groups)
{
int i;
gid_t grp;
int ngroups;
gid_t *groups = NULL;
(*p_ngroups) = 0;
(*p_groups) = NULL;
/* this looks a little strange, but is needed to cope with
systems that put the current egid in the group list
returned from getgroups() (tridge) */
save_re_gid();
set_effective_gid(gid);
setgid(gid);
ngroups = sys_getgroups(0,&grp);
if (ngroups <= 0) {
goto fail;
}
if((groups = (gid_t *)malloc(sizeof(gid_t)*(ngroups+1))) == NULL) {
DEBUG(0,("setup_groups malloc fail !\n"));
goto fail;
}
if ((ngroups = sys_getgroups(ngroups,groups)) == -1) {
goto fail;
}
restore_re_gid();
(*p_ngroups) = ngroups;
(*p_groups) = groups;
DEBUG( 3, ( "get_current_groups: user is in %u groups: ", ngroups));
for (i = 0; i < ngroups; i++ ) {
DEBUG( 3, ( "%s%d", (i ? ", " : ""), (int)groups[i] ) );
}
DEBUG( 3, ( "\n" ) );
return ngroups;
fail:
SAFE_FREE(groups);
restore_re_gid();
return -1;
}
static bool become_gid(gid_t gid)
{
/* Check for dodgy gid values */
if (gid == (gid_t)-1 || ((sizeof(gid_t) == 2) &&
(gid == (gid_t)65535))) {
if (!become_gid_done) {
DEBUG(1,("WARNING: using gid %d is a security risk\n",
(int)gid));
become_gid_done = true;
}
}
/* Set effective group id */
set_effective_gid(gid);
return True;
}
/*
This is a *much* faster way of getting the list of groups for a user
without changing the current supplemenrary group list. The old
method used getgrent() which could take 20 minutes on a really big
network with hundeds of thousands of groups and users. The new method
takes a couple of seconds.
NOTE!! this function only works if it is called as root!
*/
static int getgrouplist_internals(const char *user, gid_t gid, gid_t *groups, int *grpcnt)
{
gid_t *gids_saved;
int ret, ngrp_saved, num_gids;
if (non_root_mode()) {
*grpcnt = 0;
return 0;
}
/* work out how many groups we need to save */
ngrp_saved = getgroups(0, NULL);
if (ngrp_saved == -1) {
/* this shouldn't happen */
return -1;
}
gids_saved = (gid_t *)malloc(sizeof(gid_t) * (ngrp_saved+1));
if (!gids_saved) {
errno = ENOMEM;
return -1;
}
ngrp_saved = getgroups(ngrp_saved, gids_saved);
if (ngrp_saved == -1) {
SAFE_FREE(gids_saved);
/* very strange! */
return -1;
}
if (initgroups(user, gid) != 0) {
DEBUG(0, ("getgrouplist_internals: initgroups() failed!\n"));
SAFE_FREE(gids_saved);
return -1;
}
/* this must be done to cope with systems that put the current egid in the
return from getgroups() */
save_re_gid();
set_effective_gid(gid);
setgid(gid);
num_gids = getgroups(0, NULL);
if (num_gids + 1 > *grpcnt) {
*grpcnt = num_gids + 1;
ret = -1;
} else {
ret = getgroups(*grpcnt - 1, &groups[1]);
if (ret >= 0) {
groups[0] = gid;
*grpcnt = ret + 1;
}
}
restore_re_gid();
if (sys_setgroups(ngrp_saved, gids_saved) != 0) {
/* yikes! */
DEBUG(0,("ERROR: getgrouplist: failed to reset group list!\n"));
smb_panic("getgrouplist: failed to reset group list!\n");
free(gids_saved);
return -1;
}
/* this will remove any duplicates gids in the list and
update the group counter */
remove_duplicate_gids( grpcnt, groups );
free(gids_saved);
return ret;
}
/*******************************************************************
check on a DCE/DFS authentication
********************************************************************/
static BOOL dfs_auth(char *user, char *password)
{
error_status_t err;
int err2;
int prterr;
signed32 expire_time, current_time;
boolean32 password_reset;
struct passwd *pw;
sec_passwd_rec_t passwd_rec;
sec_login_auth_src_t auth_src = sec_login_auth_src_network;
unsigned char dce_errstr[dce_c_error_string_len];
gid_t egid;
if (dcelogin_atmost_once)
return (False);
#ifdef HAVE_CRYPT
/*
* We only go for a DCE login context if the given password
* matches that stored in the local password file..
* Assumes local passwd file is kept in sync w/ DCE RGY!
*/
if (strcmp((char *)crypt(password, this_salt), this_crypted))
{
return (False);
}
#endif
sec_login_get_current_context(&my_dce_sec_context, &err);
if (err != error_status_ok)
{
dce_error_inq_text(err, dce_errstr, &err2);
DEBUG(0, ("DCE can't get current context. %s\n", dce_errstr));
return (False);
}
sec_login_certify_identity(my_dce_sec_context, &err);
if (err != error_status_ok)
{
dce_error_inq_text(err, dce_errstr, &err2);
DEBUG(0, ("DCE can't get current context. %s\n", dce_errstr));
return (False);
}
sec_login_get_expiration(my_dce_sec_context, &expire_time, &err);
if (err != error_status_ok)
{
dce_error_inq_text(err, dce_errstr, &err2);
DEBUG(0, ("DCE can't get expiration. %s\n", dce_errstr));
return (False);
}
time(¤t_time);
if (expire_time < (current_time + 60))
{
struct passwd *pw;
sec_passwd_rec_t *key;
sec_login_get_pwent(my_dce_sec_context,
(sec_login_passwd_t *) & pw, &err);
if (err != error_status_ok)
{
dce_error_inq_text(err, dce_errstr, &err2);
DEBUG(0, ("DCE can't get pwent. %s\n", dce_errstr));
return (False);
}
sec_login_refresh_identity(my_dce_sec_context, &err);
if (err != error_status_ok)
{
dce_error_inq_text(err, dce_errstr, &err2);
DEBUG(0, ("DCE can't refresh identity. %s\n",
dce_errstr));
return (False);
}
sec_key_mgmt_get_key(rpc_c_authn_dce_secret, NULL,
(unsigned char *)pw->pw_name,
sec_c_key_version_none,
(void **)&key, &err);
if (err != error_status_ok)
{
dce_error_inq_text(err, dce_errstr, &err2);
DEBUG(0, ("DCE can't get key for %s. %s\n",
pw->pw_name, dce_errstr));
return (False);
}
sec_login_valid_and_cert_ident(my_dce_sec_context, key,
&password_reset, &auth_src,
&err);
if (err != error_status_ok)
{
dce_error_inq_text(err, dce_errstr, &err2);
DEBUG(0,
("DCE can't validate and certify identity for %s. %s\n",
pw->pw_name, dce_errstr));
}
sec_key_mgmt_free_key(key, &err);
if (err != error_status_ok)
{
dce_error_inq_text(err, dce_errstr, &err2);
DEBUG(0, ("DCE can't free key.\n", dce_errstr));
}
}
if (sec_login_setup_identity((unsigned char *)user,
sec_login_no_flags,
&my_dce_sec_context, &err) == 0)
{
dce_error_inq_text(err, dce_errstr, &err2);
DEBUG(0, ("DCE Setup Identity for %s failed: %s\n",
user, dce_errstr));
return (False);
}
sec_login_get_pwent(my_dce_sec_context,
(sec_login_passwd_t *) & pw, &err);
if (err != error_status_ok)
{
dce_error_inq_text(err, dce_errstr, &err2);
DEBUG(0, ("DCE can't get pwent. %s\n", dce_errstr));
return (False);
}
sec_login_purge_context(&my_dce_sec_context, &err);
if (err != error_status_ok)
{
dce_error_inq_text(err, dce_errstr, &err2);
DEBUG(0, ("DCE can't purge context. %s\n", dce_errstr));
return (False);
}
/*
* NB. I'd like to change these to call something like change_to_user()
* instead but currently we don't have a connection
* context to become the correct user. This is already
* fairly platform specific code however, so I think
* this should be ok. I have added code to go
* back to being root on error though. JRA.
*/
egid = getegid();
set_effective_gid(pw->pw_gid);
set_effective_uid(pw->pw_uid);
if (sec_login_setup_identity((unsigned char *)user,
sec_login_no_flags,
&my_dce_sec_context, &err) == 0)
{
dce_error_inq_text(err, dce_errstr, &err2);
DEBUG(0, ("DCE Setup Identity for %s failed: %s\n",
user, dce_errstr));
goto err;
}
sec_login_get_pwent(my_dce_sec_context,
(sec_login_passwd_t *) & pw, &err);
if (err != error_status_ok)
{
dce_error_inq_text(err, dce_errstr, &err2);
DEBUG(0, ("DCE can't get pwent. %s\n", dce_errstr));
goto err;
}
passwd_rec.version_number = sec_passwd_c_version_none;
passwd_rec.pepper = NULL;
passwd_rec.key.key_type = sec_passwd_plain;
passwd_rec.key.tagged_union.plain = (idl_char *) password;
sec_login_validate_identity(my_dce_sec_context,
&passwd_rec, &password_reset,
&auth_src, &err);
if (err != error_status_ok)
{
dce_error_inq_text(err, dce_errstr, &err2);
DEBUG(0,
("DCE Identity Validation failed for principal %s: %s\n",
user, dce_errstr));
goto err;
}
sec_login_certify_identity(my_dce_sec_context, &err);
if (err != error_status_ok)
{
dce_error_inq_text(err, dce_errstr, &err2);
DEBUG(0, ("DCE certify identity failed: %s\n", dce_errstr));
goto err;
}
if (auth_src != sec_login_auth_src_network)
{
DEBUG(0, ("DCE context has no network credentials.\n"));
}
sec_login_set_context(my_dce_sec_context, &err);
if (err != error_status_ok)
{
dce_error_inq_text(err, dce_errstr, &err2);
DEBUG(0,
("DCE login failed for principal %s, cant set context: %s\n",
user, dce_errstr));
sec_login_purge_context(&my_dce_sec_context, &err);
goto err;
}
sec_login_get_pwent(my_dce_sec_context,
(sec_login_passwd_t *) & pw, &err);
if (err != error_status_ok)
{
dce_error_inq_text(err, dce_errstr, &err2);
DEBUG(0, ("DCE can't get pwent. %s\n", dce_errstr));
goto err;
}
DEBUG(0, ("DCE login succeeded for principal %s on pid %d\n",
user, sys_getpid()));
DEBUG(3, ("DCE principal: %s\n"
" uid: %d\n"
" gid: %d\n",
pw->pw_name, pw->pw_uid, pw->pw_gid));
DEBUG(3, (" info: %s\n"
" dir: %s\n"
" shell: %s\n",
pw->pw_gecos, pw->pw_dir, pw->pw_shell));
sec_login_get_expiration(my_dce_sec_context, &expire_time, &err);
if (err != error_status_ok)
{
dce_error_inq_text(err, dce_errstr, &err2);
DEBUG(0, ("DCE can't get expiration. %s\n", dce_errstr));
goto err;
}
set_effective_uid(0);
set_effective_gid(0);
DEBUG(0,
("DCE context expires: %s", asctime(localtime(&expire_time))));
dcelogin_atmost_once = 1;
return (True);
err:
/* Go back to root, JRA. */
set_effective_uid(0);
set_effective_gid(egid);
return (False);
}