int cli_start(void)
{
priv_init();
priv_down();
putenv("REMADDR=");
// get username
if ((username = getlogin()) == NULL) {
username = getenv("USER");
}
set_permissions_map();
// set login info
cli_login(username, CLI_MAX_NODES, CLI_MAX_CMDS);
// send welcome msg to the client
sprintf(buffer, "%s", WELCOME_MSG);
send(cli_cfg->cfd, buffer, strlen(buffer), 0);
printf(WELCOME_MSG);
printf("[CLI] started...\n");
sprintf(cli_cfg->prompt,"%s%c ", cli_prompt(), cli_cfg->promptchar);
send(cli_cfg->cfd,cli_cfg->prompt, strlen(cli_cfg->prompt), 0);
return 1;
}
int main() {
int counter = 0;
priv_init(1, NULL);
assert(priv_euid == getuid());
assert(priv_ruid == getuid());
assert(!privileged());
assert(priv_run(runfn, &counter) == 99);
assert(counter == 1);
return 0;
}
int main(void) {
const char *users[5];
struct passwd *pw;
int i = 0;
while (i < 5 && (pw = getpwent()) != NULL) {
if (pw->pw_uid > 10) {
users[i++] = strdup(pw->pw_name);
}
}
/* Do this before priv_init so that children can see it. */
priv_init("myrerun");
/* Nothing up my sleeve... */
pw = getpwuid(getuid());
printf("state = %d, uid = %d/%d (%s)\n", state,
getuid(), geteuid(), pw->pw_name);
if (state < 5) {
char **arg;
arg = (char**)malloc(sizeof(char *) * 2);
arg[0] = malloc(5);
arg[1] = 0;
/* Create a string to pass the state to the next iteration. */
snprintf(arg[0], 4, "%d", state + 1);
/* setuid to user, don't chroot, call rerun_fn(arg) before dropping
* out of priv_init again.
*/
if ( priv_rerunas(rerun_fn, arg, users[state], NULL, 0) < 0)
fprintf(stderr,"priv_rerunas failed.\n");
_exit(0);
}
exit(EXIT_SUCCESS);
}
int
main(int argc, char *argv[])
{
Arg arglist[10];
Cardinal num_args;
#ifdef USE_PRIVSEP
struct passwd *pw;
#endif
XtSetLanguageProc(NULL,NULL,NULL);
top = XtInitialize ("xconsole", "XConsole", options, XtNumber (options),
&argc, argv);
XtGetApplicationResources (top, (XtPointer)&app_resources, resources,
XtNumber (resources), NULL, 0);
#ifdef USE_PRIVSEP
/* Revoke privileges if any */
if (getuid() == 0) {
/* Running as root */
pw = getpwnam(XCONSOLE_USER);
if (!pw) {
fprintf(stderr, "%s user not found\n", XCONSOLE_USER);
exit(2);
}
if (priv_init(pw->pw_uid, pw->pw_gid) < 0) {
fprintf(stderr, "priv_init failed\n");
exit(2);
}
} else
if (priv_init(-1, -1) < 0) {
fprintf(stderr, "priv_init failed\n");
exit(2);
}
#endif
if (app_resources.daemon)
if (fork ()) exit (0);
XtAddActions (actions, XtNumber (actions));
text = XtCreateManagedWidget ("text", asciiTextWidgetClass,
top, NULL, 0);
XtRealizeWidget (top);
num_args = 0;
XtSetArg(arglist[num_args], XtNiconic, &iconified); num_args++;
XtGetValues(top, arglist, num_args);
if (iconified)
Iconified((Widget)NULL, (XEvent*)NULL, (String*)NULL, (Cardinal*)NULL);
else
Deiconified((Widget)NULL,(XEvent*)NULL,(String*)NULL,(Cardinal*)NULL);
wm_delete_window = XInternAtom(XtDisplay(top), "WM_DELETE_WINDOW",
False);
(void) XSetWMProtocols (XtDisplay(top), XtWindow(top),
&wm_delete_window, 1);
XmuGetHostname (mit_console_name + MIT_CONSOLE_LEN, 255);
mit_console = XInternAtom(XtDisplay(top), mit_console_name, False);
if (XGetSelectionOwner (XtDisplay (top), mit_console))
{
XtGetSelectionValue(top, mit_console, XA_STRING, InsertSelection,
NULL, CurrentTime);
}
else
{
XtOwnSelection(top, mit_console, CurrentTime,
ConvertSelection, LoseSelection, NULL);
OpenConsole ();
}
#ifdef USE_OSM
ioerror = XSetIOErrorHandler(IOError);
#endif
#ifdef USE_PRIVSEP
if (pledge("stdio rpath sendfd recvfd", NULL) == -1)
err(1, "pledge");
#endif
XtMainLoop ();
return 0;
}
int
main(int argc, char **argv)
{
int ch, np, ret, Xflag = 0;
pcap_handler phandler = dump_packet;
const char *errstr = NULL;
char *pidf = NULL;
ret = 0;
closefrom(STDERR_FILENO + 1);
while ((ch = getopt(argc, argv, "Dxd:f:i:p:s:")) != -1) {
switch (ch) {
case 'D':
Debug = 1;
break;
case 'd':
delay = strtonum(optarg, 5, 60*60, &errstr);
if (errstr)
usage();
break;
case 'f':
filename = optarg;
break;
case 'i':
interface = optarg;
break;
case 'p':
pidf = optarg;
break;
case 's':
snaplen = strtonum(optarg, 0, PFLOGD_MAXSNAPLEN,
&errstr);
if (snaplen <= 0)
snaplen = DEF_SNAPLEN;
if (errstr)
snaplen = PFLOGD_MAXSNAPLEN;
break;
case 'x':
Xflag++;
break;
default:
usage();
}
}
log_debug = Debug;
argc -= optind;
argv += optind;
/* does interface exist */
if (!if_exists(interface)) {
warn("Failed to initialize: %s", interface);
logmsg(LOG_ERR, "Failed to initialize: %s", interface);
logmsg(LOG_ERR, "Exiting, init failure");
exit(1);
}
if (!Debug) {
openlog("pflogd", LOG_PID | LOG_CONS, LOG_DAEMON);
if (daemon(0, 0)) {
logmsg(LOG_WARNING, "Failed to become daemon: %s",
strerror(errno));
}
pidfile(pidf);
}
tzset();
(void)umask(S_IRWXG | S_IRWXO);
/* filter will be used by the privileged process */
if (argc) {
filter = copy_argv(argv);
if (filter == NULL)
logmsg(LOG_NOTICE, "Failed to form filter expression");
}
/* initialize pcap before dropping privileges */
if (init_pcap()) {
logmsg(LOG_ERR, "Exiting, init failure");
exit(1);
}
/* Privilege separation begins here */
if (priv_init()) {
logmsg(LOG_ERR, "unable to privsep");
exit(1);
}
setproctitle("[initializing]");
/* Process is now unprivileged and inside a chroot */
signal(SIGTERM, sig_close);
signal(SIGINT, sig_close);
signal(SIGQUIT, sig_close);
signal(SIGALRM, sig_alrm);
signal(SIGUSR1, sig_usr1);
signal(SIGHUP, sig_hup);
alarm(delay);
buffer = malloc(PFLOGD_BUFSIZE);
if (buffer == NULL) {
logmsg(LOG_WARNING, "Failed to allocate output buffer");
phandler = dump_packet_nobuf;
} else {
bufleft = buflen = PFLOGD_BUFSIZE;
bufpos = buffer;
bufpkt = 0;
}
if (reset_dump(Xflag) < 0) {
if (Xflag)
return (1);
logmsg(LOG_ERR, "Logging suspended: open error");
set_suspended(1);
} else if (Xflag)
return (0);
while (1) {
np = pcap_dispatch(hpcap, PCAP_NUM_PKTS,
phandler, (u_char *)dpcap);
if (np < 0) {
if (!if_exists(interface) == -1) {
logmsg(LOG_NOTICE, "interface %s went away",
interface);
ret = -1;
break;
}
logmsg(LOG_NOTICE, "%s", pcap_geterr(hpcap));
}
if (gotsig_close)
break;
if (gotsig_hup) {
if (reset_dump(0)) {
logmsg(LOG_ERR,
"Logging suspended: open error");
set_suspended(1);
}
gotsig_hup = 0;
}
if (gotsig_alrm) {
if (dpcap)
flush_buffer(dpcap);
else
gotsig_hup = 1;
gotsig_alrm = 0;
alarm(delay);
}
if (gotsig_usr1) {
log_pcap_stats();
gotsig_usr1 = 0;
}
}
logmsg(LOG_NOTICE, "Exiting");
if (dpcap) {
flush_buffer(dpcap);
fclose(dpcap);
}
purge_buffer();
log_pcap_stats();
pcap_close(hpcap);
if (!Debug)
closelog();
return (ret);
}
VEObj::VEObj(const char *ctid)
{
priv_init();
SET_CTID(m_ctid, ctid);
}
void
cred_init(void)
{
priv_init();
crsize = sizeof (cred_t);
if (get_c2audit_load() > 0) {
#ifdef _LP64
/* assure audit context is 64-bit aligned */
audoff = (crsize +
sizeof (int64_t) - 1) & ~(sizeof (int64_t) - 1);
#else /* _LP64 */
audoff = crsize;
#endif /* _LP64 */
crsize = audoff + sizeof (auditinfo_addr_t);
crsize = (crsize + sizeof (int) - 1) & ~(sizeof (int) - 1);
}
cred_cache = kmem_cache_create("cred_cache", crsize, 0,
NULL, NULL, NULL, NULL, NULL, 0);
/*
* dummycr is used to copy initial state for creds.
*/
dummycr = cralloc();
bzero(dummycr, crsize);
dummycr->cr_ref = 1;
dummycr->cr_uid = (uid_t)-1;
dummycr->cr_gid = (gid_t)-1;
dummycr->cr_ruid = (uid_t)-1;
dummycr->cr_rgid = (gid_t)-1;
dummycr->cr_suid = (uid_t)-1;
dummycr->cr_sgid = (gid_t)-1;
/*
* kcred is used by anything that needs all privileges; it's
* also the template used for crget as it has all the compatible
* sets filled in.
*/
kcred = cralloc();
bzero(kcred, crsize);
kcred->cr_ref = 1;
/* kcred is never freed, so we don't need zone_cred_hold here */
kcred->cr_zone = &zone0;
priv_fillset(&CR_LPRIV(kcred));
CR_IPRIV(kcred) = *priv_basic;
/* Not a basic privilege, if chown is not restricted add it to I0 */
if (!rstchown)
priv_addset(&CR_IPRIV(kcred), PRIV_FILE_CHOWN_SELF);
/* Basic privilege, if link is restricted remove it from I0 */
if (rstlink)
priv_delset(&CR_IPRIV(kcred), PRIV_FILE_LINK_ANY);
CR_EPRIV(kcred) = CR_PPRIV(kcred) = CR_IPRIV(kcred);
CR_FLAGS(kcred) = NET_MAC_AWARE;
/*
* Set up credentials of p0.
*/
ttoproc(curthread)->p_cred = kcred;
curthread->t_cred = kcred;
ucredsize = UCRED_SIZE;
mutex_init(&ephemeral_zone_mutex, NULL, MUTEX_DEFAULT, NULL);
zone_key_create(&ephemeral_zone_key, NULL, NULL, destroy_ephemeral_zsd);
}
