int cli_start(void) { priv_init(); priv_down(); putenv("REMADDR="); // get username if ((username = getlogin()) == NULL) { username = getenv("USER"); } set_permissions_map(); // set login info cli_login(username, CLI_MAX_NODES, CLI_MAX_CMDS); // send welcome msg to the client sprintf(buffer, "%s", WELCOME_MSG); send(cli_cfg->cfd, buffer, strlen(buffer), 0); printf(WELCOME_MSG); printf("[CLI] started...\n"); sprintf(cli_cfg->prompt,"%s%c ", cli_prompt(), cli_cfg->promptchar); send(cli_cfg->cfd,cli_cfg->prompt, strlen(cli_cfg->prompt), 0); return 1; }
int main() { int counter = 0; priv_init(1, NULL); assert(priv_euid == getuid()); assert(priv_ruid == getuid()); assert(!privileged()); assert(priv_run(runfn, &counter) == 99); assert(counter == 1); return 0; }
int main(void) { const char *users[5]; struct passwd *pw; int i = 0; while (i < 5 && (pw = getpwent()) != NULL) { if (pw->pw_uid > 10) { users[i++] = strdup(pw->pw_name); } } /* Do this before priv_init so that children can see it. */ priv_init("myrerun"); /* Nothing up my sleeve... */ pw = getpwuid(getuid()); printf("state = %d, uid = %d/%d (%s)\n", state, getuid(), geteuid(), pw->pw_name); if (state < 5) { char **arg; arg = (char**)malloc(sizeof(char *) * 2); arg[0] = malloc(5); arg[1] = 0; /* Create a string to pass the state to the next iteration. */ snprintf(arg[0], 4, "%d", state + 1); /* setuid to user, don't chroot, call rerun_fn(arg) before dropping * out of priv_init again. */ if ( priv_rerunas(rerun_fn, arg, users[state], NULL, 0) < 0) fprintf(stderr,"priv_rerunas failed.\n"); _exit(0); } exit(EXIT_SUCCESS); }
int main(int argc, char *argv[]) { Arg arglist[10]; Cardinal num_args; #ifdef USE_PRIVSEP struct passwd *pw; #endif XtSetLanguageProc(NULL,NULL,NULL); top = XtInitialize ("xconsole", "XConsole", options, XtNumber (options), &argc, argv); XtGetApplicationResources (top, (XtPointer)&app_resources, resources, XtNumber (resources), NULL, 0); #ifdef USE_PRIVSEP /* Revoke privileges if any */ if (getuid() == 0) { /* Running as root */ pw = getpwnam(XCONSOLE_USER); if (!pw) { fprintf(stderr, "%s user not found\n", XCONSOLE_USER); exit(2); } if (priv_init(pw->pw_uid, pw->pw_gid) < 0) { fprintf(stderr, "priv_init failed\n"); exit(2); } } else if (priv_init(-1, -1) < 0) { fprintf(stderr, "priv_init failed\n"); exit(2); } #endif if (app_resources.daemon) if (fork ()) exit (0); XtAddActions (actions, XtNumber (actions)); text = XtCreateManagedWidget ("text", asciiTextWidgetClass, top, NULL, 0); XtRealizeWidget (top); num_args = 0; XtSetArg(arglist[num_args], XtNiconic, &iconified); num_args++; XtGetValues(top, arglist, num_args); if (iconified) Iconified((Widget)NULL, (XEvent*)NULL, (String*)NULL, (Cardinal*)NULL); else Deiconified((Widget)NULL,(XEvent*)NULL,(String*)NULL,(Cardinal*)NULL); wm_delete_window = XInternAtom(XtDisplay(top), "WM_DELETE_WINDOW", False); (void) XSetWMProtocols (XtDisplay(top), XtWindow(top), &wm_delete_window, 1); XmuGetHostname (mit_console_name + MIT_CONSOLE_LEN, 255); mit_console = XInternAtom(XtDisplay(top), mit_console_name, False); if (XGetSelectionOwner (XtDisplay (top), mit_console)) { XtGetSelectionValue(top, mit_console, XA_STRING, InsertSelection, NULL, CurrentTime); } else { XtOwnSelection(top, mit_console, CurrentTime, ConvertSelection, LoseSelection, NULL); OpenConsole (); } #ifdef USE_OSM ioerror = XSetIOErrorHandler(IOError); #endif #ifdef USE_PRIVSEP if (pledge("stdio rpath sendfd recvfd", NULL) == -1) err(1, "pledge"); #endif XtMainLoop (); return 0; }
int main(int argc, char **argv) { int ch, np, ret, Xflag = 0; pcap_handler phandler = dump_packet; const char *errstr = NULL; char *pidf = NULL; ret = 0; closefrom(STDERR_FILENO + 1); while ((ch = getopt(argc, argv, "Dxd:f:i:p:s:")) != -1) { switch (ch) { case 'D': Debug = 1; break; case 'd': delay = strtonum(optarg, 5, 60*60, &errstr); if (errstr) usage(); break; case 'f': filename = optarg; break; case 'i': interface = optarg; break; case 'p': pidf = optarg; break; case 's': snaplen = strtonum(optarg, 0, PFLOGD_MAXSNAPLEN, &errstr); if (snaplen <= 0) snaplen = DEF_SNAPLEN; if (errstr) snaplen = PFLOGD_MAXSNAPLEN; break; case 'x': Xflag++; break; default: usage(); } } log_debug = Debug; argc -= optind; argv += optind; /* does interface exist */ if (!if_exists(interface)) { warn("Failed to initialize: %s", interface); logmsg(LOG_ERR, "Failed to initialize: %s", interface); logmsg(LOG_ERR, "Exiting, init failure"); exit(1); } if (!Debug) { openlog("pflogd", LOG_PID | LOG_CONS, LOG_DAEMON); if (daemon(0, 0)) { logmsg(LOG_WARNING, "Failed to become daemon: %s", strerror(errno)); } pidfile(pidf); } tzset(); (void)umask(S_IRWXG | S_IRWXO); /* filter will be used by the privileged process */ if (argc) { filter = copy_argv(argv); if (filter == NULL) logmsg(LOG_NOTICE, "Failed to form filter expression"); } /* initialize pcap before dropping privileges */ if (init_pcap()) { logmsg(LOG_ERR, "Exiting, init failure"); exit(1); } /* Privilege separation begins here */ if (priv_init()) { logmsg(LOG_ERR, "unable to privsep"); exit(1); } setproctitle("[initializing]"); /* Process is now unprivileged and inside a chroot */ signal(SIGTERM, sig_close); signal(SIGINT, sig_close); signal(SIGQUIT, sig_close); signal(SIGALRM, sig_alrm); signal(SIGUSR1, sig_usr1); signal(SIGHUP, sig_hup); alarm(delay); buffer = malloc(PFLOGD_BUFSIZE); if (buffer == NULL) { logmsg(LOG_WARNING, "Failed to allocate output buffer"); phandler = dump_packet_nobuf; } else { bufleft = buflen = PFLOGD_BUFSIZE; bufpos = buffer; bufpkt = 0; } if (reset_dump(Xflag) < 0) { if (Xflag) return (1); logmsg(LOG_ERR, "Logging suspended: open error"); set_suspended(1); } else if (Xflag) return (0); while (1) { np = pcap_dispatch(hpcap, PCAP_NUM_PKTS, phandler, (u_char *)dpcap); if (np < 0) { if (!if_exists(interface) == -1) { logmsg(LOG_NOTICE, "interface %s went away", interface); ret = -1; break; } logmsg(LOG_NOTICE, "%s", pcap_geterr(hpcap)); } if (gotsig_close) break; if (gotsig_hup) { if (reset_dump(0)) { logmsg(LOG_ERR, "Logging suspended: open error"); set_suspended(1); } gotsig_hup = 0; } if (gotsig_alrm) { if (dpcap) flush_buffer(dpcap); else gotsig_hup = 1; gotsig_alrm = 0; alarm(delay); } if (gotsig_usr1) { log_pcap_stats(); gotsig_usr1 = 0; } } logmsg(LOG_NOTICE, "Exiting"); if (dpcap) { flush_buffer(dpcap); fclose(dpcap); } purge_buffer(); log_pcap_stats(); pcap_close(hpcap); if (!Debug) closelog(); return (ret); }
VEObj::VEObj(const char *ctid) { priv_init(); SET_CTID(m_ctid, ctid); }
void cred_init(void) { priv_init(); crsize = sizeof (cred_t); if (get_c2audit_load() > 0) { #ifdef _LP64 /* assure audit context is 64-bit aligned */ audoff = (crsize + sizeof (int64_t) - 1) & ~(sizeof (int64_t) - 1); #else /* _LP64 */ audoff = crsize; #endif /* _LP64 */ crsize = audoff + sizeof (auditinfo_addr_t); crsize = (crsize + sizeof (int) - 1) & ~(sizeof (int) - 1); } cred_cache = kmem_cache_create("cred_cache", crsize, 0, NULL, NULL, NULL, NULL, NULL, 0); /* * dummycr is used to copy initial state for creds. */ dummycr = cralloc(); bzero(dummycr, crsize); dummycr->cr_ref = 1; dummycr->cr_uid = (uid_t)-1; dummycr->cr_gid = (gid_t)-1; dummycr->cr_ruid = (uid_t)-1; dummycr->cr_rgid = (gid_t)-1; dummycr->cr_suid = (uid_t)-1; dummycr->cr_sgid = (gid_t)-1; /* * kcred is used by anything that needs all privileges; it's * also the template used for crget as it has all the compatible * sets filled in. */ kcred = cralloc(); bzero(kcred, crsize); kcred->cr_ref = 1; /* kcred is never freed, so we don't need zone_cred_hold here */ kcred->cr_zone = &zone0; priv_fillset(&CR_LPRIV(kcred)); CR_IPRIV(kcred) = *priv_basic; /* Not a basic privilege, if chown is not restricted add it to I0 */ if (!rstchown) priv_addset(&CR_IPRIV(kcred), PRIV_FILE_CHOWN_SELF); /* Basic privilege, if link is restricted remove it from I0 */ if (rstlink) priv_delset(&CR_IPRIV(kcred), PRIV_FILE_LINK_ANY); CR_EPRIV(kcred) = CR_PPRIV(kcred) = CR_IPRIV(kcred); CR_FLAGS(kcred) = NET_MAC_AWARE; /* * Set up credentials of p0. */ ttoproc(curthread)->p_cred = kcred; curthread->t_cred = kcred; ucredsize = UCRED_SIZE; mutex_init(&ephemeral_zone_mutex, NULL, MUTEX_DEFAULT, NULL); zone_key_create(&ephemeral_zone_key, NULL, NULL, destroy_ephemeral_zsd); }