Print this page
uts: add a concept of a 'default' set of privileges, separate from 'basic'


 183 
 184                         tmparr = libc_malloc(tmp->pd_nprivs *
 185                             sizeof (struct strint));
 186 
 187                         if (tmparr == NULL)
 188                                 goto out;
 189 
 190                         for (i = 0; i < tmp->pd_nprivs; i++) {
 191                                 tmparr[i].rank = i;
 192                                 tmparr[i].name = tmp->pd_privnames[i];
 193                         }
 194                         qsort(tmparr, tmp->pd_nprivs, sizeof (struct strint),
 195                             strintcmp);
 196                         for (i = 0; i < tmp->pd_nprivs; i++)
 197                                 tmp->pd_setsort[i] = tmparr[i].rank;
 198                         libc_free(tmparr);
 199                         break;
 200                 case PRIV_INFO_BASICPRIVS:
 201                         tmp->pd_basicset = (priv_set_t *)&st->set[0];
 202                         break;



 203                 default:
 204                         /* unknown, ignore */
 205                         break;
 206                 }
 207                 x += na->info.priv_info_size;
 208         }
 209         return (tmp);
 210 out:
 211         libc_free(tmp->pd_setnames);
 212         libc_free(tmp->pd_privnames);
 213         libc_free(tmp->pd_setsort);
 214         libc_free(tmp);
 215         return (NULL);
 216 }
 217 
 218 /*
 219  * Caller must have allocated d->pd_pinfo and should free it,
 220  * if necessary.
 221  */
 222 void


 479 {
 480         priv_set_t *nset;
 481         priv_set_t *perm = NULL;
 482         va_list pa;
 483         priv_data_t *d;
 484         int ret = -1;
 485         char buf[1024];
 486 
 487         LOADPRIVDATA(d);
 488 
 489         va_start(pa, gid);
 490 
 491         nset = priv_vlist(pa);
 492 
 493         va_end(pa);
 494 
 495         if (nset == NULL)
 496                 return (-1);
 497 
 498         /* Always add the basic set */

 499         if (d->pd_basicset != NULL)
 500                 priv_union(d->pd_basicset, nset);
 501 
 502         /*
 503          * This is not a significant failure: it allows us to start programs
 504          * with sufficient privileges and with the proper uid.   We don't
 505          * care enough about the extra groups in that case.
 506          */
 507         if (flags & PU_RESETGROUPS)
 508                 (void) setgroups(0, NULL);
 509 
 510         if (gid != (gid_t)-1 && setgid(gid) != 0)
 511                 goto end;
 512 
 513         perm = priv_allocset();
 514         if (perm == NULL)
 515                 goto end;
 516 
 517         /* E = P */
 518         (void) getppriv(permitted, perm);


 631 
 632         tmpset = priv_allocset();
 633 
 634         if (tmpset == NULL)
 635                 goto end;
 636 
 637         /* We cannot grow our privileges beyond P, so start there */
 638         (void) getppriv(permitted, tmpset);
 639 
 640         /* Is the privilege we need even in P? */
 641         if (!priv_issubset(nset, tmpset))
 642                 goto end;
 643 
 644         bracketpriv = priv_allocset();
 645         if (bracketpriv == NULL)
 646                 goto end;
 647 
 648         priv_copyset(nset, bracketpriv);
 649 
 650         /* Always add the basic set */

 651         priv_union(priv_basic(), nset);
 652 
 653         /* But don't add what we don't have */
 654         priv_intersect(tmpset, nset);
 655 
 656         (void) getppriv(inheritable, tmpset);
 657 
 658         /* And stir in the inheritable privileges */
 659         priv_union(tmpset, nset);
 660 
 661         if ((r = setppriv(PRIV_SET, effective, tmpset)) != 0)
 662                 goto end;
 663 
 664         if ((r = setppriv(PRIV_SET, permitted, nset)) != 0)
 665                 goto end;
 666 
 667         if (flags & PU_CLEARLIMITSET)
 668                 priv_emptyset(nset);
 669 
 670         if ((flags & (PU_LIMITPRIVS|PU_CLEARLIMITSET)) != 0 &&


 858 
 859 void
 860 __priv_emptyset(priv_data_t *d, priv_set_t *set)
 861 {
 862         (void) memset(set, 0, d->pd_setsize);
 863 }
 864 
 865 void
 866 priv_emptyset(priv_set_t *set)
 867 {
 868         __priv_emptyset(GETPRIVDATA(), set);
 869 }
 870 
 871 void
 872 priv_basicset(priv_set_t *set)
 873 {
 874         priv_copyset(priv_basic(), set);
 875 }
 876 
 877 void






 878 __priv_fillset(priv_data_t *d, priv_set_t *set)
 879 {
 880         (void) memset(set, ~0, d->pd_setsize);
 881 }
 882 
 883 void
 884 priv_fillset(priv_set_t *set)
 885 {
 886         __priv_fillset(GETPRIVDATA(), set);
 887 }
 888 
 889 
 890 #define PRIV_TEST_BODY_D(d, test) \
 891         int i; \
 892 \
 893         for (i = d->pd_pinfo->priv_setsize; i-- > 0; ) \
 894                 if (!(test)) \
 895                         return (B_FALSE); \
 896 \
 897         return (B_TRUE)




 183 
 184                         tmparr = libc_malloc(tmp->pd_nprivs *
 185                             sizeof (struct strint));
 186 
 187                         if (tmparr == NULL)
 188                                 goto out;
 189 
 190                         for (i = 0; i < tmp->pd_nprivs; i++) {
 191                                 tmparr[i].rank = i;
 192                                 tmparr[i].name = tmp->pd_privnames[i];
 193                         }
 194                         qsort(tmparr, tmp->pd_nprivs, sizeof (struct strint),
 195                             strintcmp);
 196                         for (i = 0; i < tmp->pd_nprivs; i++)
 197                                 tmp->pd_setsort[i] = tmparr[i].rank;
 198                         libc_free(tmparr);
 199                         break;
 200                 case PRIV_INFO_BASICPRIVS:
 201                         tmp->pd_basicset = (priv_set_t *)&st->set[0];
 202                         break;
 203                 case PRIV_INFO_DEFAULTPRIVS:
 204                         tmp->pd_defaultset = (priv_set_t *)&st->set[0];
 205                         break;
 206                 default:
 207                         /* unknown, ignore */
 208                         break;
 209                 }
 210                 x += na->info.priv_info_size;
 211         }
 212         return (tmp);
 213 out:
 214         libc_free(tmp->pd_setnames);
 215         libc_free(tmp->pd_privnames);
 216         libc_free(tmp->pd_setsort);
 217         libc_free(tmp);
 218         return (NULL);
 219 }
 220 
 221 /*
 222  * Caller must have allocated d->pd_pinfo and should free it,
 223  * if necessary.
 224  */
 225 void


 482 {
 483         priv_set_t *nset;
 484         priv_set_t *perm = NULL;
 485         va_list pa;
 486         priv_data_t *d;
 487         int ret = -1;
 488         char buf[1024];
 489 
 490         LOADPRIVDATA(d);
 491 
 492         va_start(pa, gid);
 493 
 494         nset = priv_vlist(pa);
 495 
 496         va_end(pa);
 497 
 498         if (nset == NULL)
 499                 return (-1);
 500 
 501         /* Always add the basic set */
 502         /* XXX: Always add the _default_ set? */
 503         if (d->pd_basicset != NULL)
 504                 priv_union(d->pd_basicset, nset);
 505 
 506         /*
 507          * This is not a significant failure: it allows us to start programs
 508          * with sufficient privileges and with the proper uid.   We don't
 509          * care enough about the extra groups in that case.
 510          */
 511         if (flags & PU_RESETGROUPS)
 512                 (void) setgroups(0, NULL);
 513 
 514         if (gid != (gid_t)-1 && setgid(gid) != 0)
 515                 goto end;
 516 
 517         perm = priv_allocset();
 518         if (perm == NULL)
 519                 goto end;
 520 
 521         /* E = P */
 522         (void) getppriv(permitted, perm);


 635 
 636         tmpset = priv_allocset();
 637 
 638         if (tmpset == NULL)
 639                 goto end;
 640 
 641         /* We cannot grow our privileges beyond P, so start there */
 642         (void) getppriv(permitted, tmpset);
 643 
 644         /* Is the privilege we need even in P? */
 645         if (!priv_issubset(nset, tmpset))
 646                 goto end;
 647 
 648         bracketpriv = priv_allocset();
 649         if (bracketpriv == NULL)
 650                 goto end;
 651 
 652         priv_copyset(nset, bracketpriv);
 653 
 654         /* Always add the basic set */
 655         /* XXX: Always add the default set? */
 656         priv_union(priv_basic(), nset);
 657 
 658         /* But don't add what we don't have */
 659         priv_intersect(tmpset, nset);
 660 
 661         (void) getppriv(inheritable, tmpset);
 662 
 663         /* And stir in the inheritable privileges */
 664         priv_union(tmpset, nset);
 665 
 666         if ((r = setppriv(PRIV_SET, effective, tmpset)) != 0)
 667                 goto end;
 668 
 669         if ((r = setppriv(PRIV_SET, permitted, nset)) != 0)
 670                 goto end;
 671 
 672         if (flags & PU_CLEARLIMITSET)
 673                 priv_emptyset(nset);
 674 
 675         if ((flags & (PU_LIMITPRIVS|PU_CLEARLIMITSET)) != 0 &&


 863 
 864 void
 865 __priv_emptyset(priv_data_t *d, priv_set_t *set)
 866 {
 867         (void) memset(set, 0, d->pd_setsize);
 868 }
 869 
 870 void
 871 priv_emptyset(priv_set_t *set)
 872 {
 873         __priv_emptyset(GETPRIVDATA(), set);
 874 }
 875 
 876 void
 877 priv_basicset(priv_set_t *set)
 878 {
 879         priv_copyset(priv_basic(), set);
 880 }
 881 
 882 void
 883 priv_defaultset(priv_set_t *set)
 884 {
 885         priv_copyset(priv_default(), set);
 886 }
 887 
 888 void
 889 __priv_fillset(priv_data_t *d, priv_set_t *set)
 890 {
 891         (void) memset(set, ~0, d->pd_setsize);
 892 }
 893 
 894 void
 895 priv_fillset(priv_set_t *set)
 896 {
 897         __priv_fillset(GETPRIVDATA(), set);
 898 }
 899 
 900 
 901 #define PRIV_TEST_BODY_D(d, test) \
 902         int i; \
 903 \
 904         for (i = d->pd_pinfo->priv_setsize; i-- > 0; ) \
 905                 if (!(test)) \
 906                         return (B_FALSE); \
 907 \
 908         return (B_TRUE)