2 * Copyright (c) 2013 The FreeBSD Foundation
5 * This software was developed by Pawel Jakub Dawidek under sponsorship from
6 * the FreeBSD Foundation.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 #include <sys/cdefs.h>
31 __FBSDID("$FreeBSD$");
35 #include <sys/param.h>
43 #include <libcasper.h>
44 #include <libcasper_service.h>
48 static struct group ggrp;
50 static size_t gbufsize;
63 gbuffer = realloc(buf, gbufsize);
64 if (gbuffer == NULL) {
69 memset(gbuffer, 0, gbufsize);
75 group_unpack_string(const nvlist_t *nvl, const char *fieldname, char **fieldp,
76 char **bufferp, size_t *bufsizep)
81 str = nvlist_get_string(nvl, fieldname);
82 len = strlcpy(*bufferp, str, *bufsizep);
93 group_unpack_members(const nvlist_t *nvl, char ***fieldp, char **bufferp,
97 char **outstrs, *str, nvlname[64];
98 size_t nmem, datasize, strsize;
102 if (!nvlist_exists_number(nvl, "gr_nmem")) {
103 datasize = _ALIGNBYTES + sizeof(char *);
104 if (datasize >= *bufsizep)
106 outstrs = (char **)_ALIGN(*bufferp);
109 *bufferp += datasize;
110 *bufsizep -= datasize;
114 nmem = (size_t)nvlist_get_number(nvl, "gr_nmem");
115 datasize = _ALIGNBYTES + sizeof(char *) * (nmem + 1);
116 for (ii = 0; ii < nmem; ii++) {
117 n = snprintf(nvlname, sizeof(nvlname), "gr_mem[%u]", ii);
118 assert(n > 0 && n < (int)sizeof(nvlname));
119 mem = dnvlist_get_string(nvl, nvlname, NULL);
122 datasize += strlen(mem) + 1;
125 if (datasize >= *bufsizep)
128 outstrs = (char **)_ALIGN(*bufferp);
129 str = (char *)outstrs + sizeof(char *) * (nmem + 1);
130 for (ii = 0; ii < nmem; ii++) {
131 n = snprintf(nvlname, sizeof(nvlname), "gr_mem[%u]", ii);
132 assert(n > 0 && n < (int)sizeof(nvlname));
133 mem = nvlist_get_string(nvl, nvlname);
134 strsize = strlen(mem) + 1;
135 memcpy(str, mem, strsize);
143 *bufferp += datasize;
144 *bufsizep -= datasize;
150 group_unpack(const nvlist_t *nvl, struct group *grp, char *buffer,
155 if (!nvlist_exists_string(nvl, "gr_name"))
158 memset(grp, 0, sizeof(*grp));
160 error = group_unpack_string(nvl, "gr_name", &grp->gr_name, &buffer,
164 error = group_unpack_string(nvl, "gr_passwd", &grp->gr_passwd, &buffer,
168 grp->gr_gid = (gid_t)nvlist_get_number(nvl, "gr_gid");
169 error = group_unpack_members(nvl, &grp->gr_mem, &buffer, &bufsize);
177 cap_getgrcommon_r(cap_channel_t *chan, const char *cmd, const char *name,
178 gid_t gid, struct group *grp, char *buffer, size_t bufsize,
179 struct group **result)
185 nvl = nvlist_create(0);
186 nvlist_add_string(nvl, "cmd", cmd);
187 if (strcmp(cmd, "getgrent") == 0 || strcmp(cmd, "getgrent_r") == 0) {
189 } else if (strcmp(cmd, "getgrnam") == 0 ||
190 strcmp(cmd, "getgrnam_r") == 0) {
191 nvlist_add_string(nvl, "name", name);
192 } else if (strcmp(cmd, "getgrgid") == 0 ||
193 strcmp(cmd, "getgrgid_r") == 0) {
194 nvlist_add_number(nvl, "gid", (uint64_t)gid);
198 nvl = cap_xfer_nvlist(chan, nvl, 0);
204 error = (int)nvlist_get_number(nvl, "error");
211 if (!nvlist_exists_string(nvl, "gr_name")) {
218 getgr_r = (strcmp(cmd, "getgrent_r") == 0 ||
219 strcmp(cmd, "getgrnam_r") == 0 || strcmp(cmd, "getgrgid_r") == 0);
222 error = group_unpack(nvl, grp, buffer, bufsize);
223 if (getgr_r || error != ERANGE)
225 assert(buffer == gbuffer);
226 assert(bufsize == gbufsize);
227 error = group_resize();
230 /* Update pointers after resize. */
245 static struct group *
246 cap_getgrcommon(cap_channel_t *chan, const char *cmd, const char *name,
249 struct group *result;
254 error = cap_getgrcommon_r(chan, cmd, name, gid, &ggrp, gbuffer,
267 cap_getgrent(cap_channel_t *chan)
270 return (cap_getgrcommon(chan, "getgrent", NULL, 0));
274 cap_getgrnam(cap_channel_t *chan, const char *name)
277 return (cap_getgrcommon(chan, "getgrnam", name, 0));
281 cap_getgrgid(cap_channel_t *chan, gid_t gid)
284 return (cap_getgrcommon(chan, "getgrgid", NULL, gid));
288 cap_getgrent_r(cap_channel_t *chan, struct group *grp, char *buffer,
289 size_t bufsize, struct group **result)
292 return (cap_getgrcommon_r(chan, "getgrent_r", NULL, 0, grp, buffer,
297 cap_getgrnam_r(cap_channel_t *chan, const char *name, struct group *grp,
298 char *buffer, size_t bufsize, struct group **result)
301 return (cap_getgrcommon_r(chan, "getgrnam_r", name, 0, grp, buffer,
306 cap_getgrgid_r(cap_channel_t *chan, gid_t gid, struct group *grp, char *buffer,
307 size_t bufsize, struct group **result)
310 return (cap_getgrcommon_r(chan, "getgrgid_r", NULL, gid, grp, buffer,
315 cap_setgroupent(cap_channel_t *chan, int stayopen)
319 nvl = nvlist_create(0);
320 nvlist_add_string(nvl, "cmd", "setgroupent");
321 nvlist_add_bool(nvl, "stayopen", stayopen != 0);
322 nvl = cap_xfer_nvlist(chan, nvl, 0);
325 if (nvlist_get_number(nvl, "error") != 0) {
326 errno = nvlist_get_number(nvl, "error");
336 cap_setgrent(cap_channel_t *chan)
340 nvl = nvlist_create(0);
341 nvlist_add_string(nvl, "cmd", "setgrent");
342 nvl = cap_xfer_nvlist(chan, nvl, 0);
345 if (nvlist_get_number(nvl, "error") != 0) {
346 errno = nvlist_get_number(nvl, "error");
356 cap_endgrent(cap_channel_t *chan)
360 nvl = nvlist_create(0);
361 nvlist_add_string(nvl, "cmd", "endgrent");
362 /* Ignore any errors, we have no way to report them. */
363 nvlist_destroy(cap_xfer_nvlist(chan, nvl, 0));
367 cap_grp_limit_cmds(cap_channel_t *chan, const char * const *cmds, size_t ncmds)
369 nvlist_t *limits, *nvl;
372 if (cap_limit_get(chan, &limits) < 0)
374 if (limits == NULL) {
375 limits = nvlist_create(0);
377 if (nvlist_exists_nvlist(limits, "cmds"))
378 nvlist_free_nvlist(limits, "cmds");
380 nvl = nvlist_create(0);
381 for (i = 0; i < ncmds; i++)
382 nvlist_add_null(nvl, cmds[i]);
383 nvlist_move_nvlist(limits, "cmds", nvl);
384 return (cap_limit_set(chan, limits));
388 cap_grp_limit_fields(cap_channel_t *chan, const char * const *fields,
391 nvlist_t *limits, *nvl;
394 if (cap_limit_get(chan, &limits) < 0)
396 if (limits == NULL) {
397 limits = nvlist_create(0);
399 if (nvlist_exists_nvlist(limits, "fields"))
400 nvlist_free_nvlist(limits, "fields");
402 nvl = nvlist_create(0);
403 for (i = 0; i < nfields; i++)
404 nvlist_add_null(nvl, fields[i]);
405 nvlist_move_nvlist(limits, "fields", nvl);
406 return (cap_limit_set(chan, limits));
410 cap_grp_limit_groups(cap_channel_t *chan, const char * const *names,
411 size_t nnames, gid_t *gids, size_t ngids)
413 nvlist_t *limits, *groups;
418 if (cap_limit_get(chan, &limits) < 0)
420 if (limits == NULL) {
421 limits = nvlist_create(0);
423 if (nvlist_exists_nvlist(limits, "groups"))
424 nvlist_free_nvlist(limits, "groups");
426 groups = nvlist_create(0);
427 for (i = 0; i < ngids; i++) {
428 n = snprintf(nvlname, sizeof(nvlname), "gid%u", i);
429 assert(n > 0 && n < (int)sizeof(nvlname));
430 nvlist_add_number(groups, nvlname, (uint64_t)gids[i]);
432 for (i = 0; i < nnames; i++) {
433 n = snprintf(nvlname, sizeof(nvlname), "gid%u", i);
434 assert(n > 0 && n < (int)sizeof(nvlname));
435 nvlist_add_string(groups, nvlname, names[i]);
437 nvlist_move_nvlist(limits, "groups", groups);
438 return (cap_limit_set(chan, limits));
445 grp_allowed_cmd(const nvlist_t *limits, const char *cmd)
452 * If no limit was set on allowed commands, then all commands
455 if (!nvlist_exists_nvlist(limits, "cmds"))
458 limits = nvlist_get_nvlist(limits, "cmds");
459 return (nvlist_exists_null(limits, cmd));
463 grp_allowed_cmds(const nvlist_t *oldlimits, const nvlist_t *newlimits)
470 while ((name = nvlist_next(newlimits, &type, &cookie)) != NULL) {
471 if (type != NV_TYPE_NULL)
473 if (!grp_allowed_cmd(oldlimits, name))
474 return (ENOTCAPABLE);
481 grp_allowed_group(const nvlist_t *limits, const char *gname, gid_t gid)
491 * If no limit was set on allowed groups, then all groups are allowed.
493 if (!nvlist_exists_nvlist(limits, "groups"))
496 limits = nvlist_get_nvlist(limits, "groups");
498 while ((name = nvlist_next(limits, &type, &cookie)) != NULL) {
501 if (gid != (gid_t)-1 &&
502 nvlist_get_number(limits, name) == (uint64_t)gid) {
508 strcmp(nvlist_get_string(limits, name),
522 grp_allowed_groups(const nvlist_t *oldlimits, const nvlist_t *newlimits)
524 const char *name, *gname;
530 while ((name = nvlist_next(newlimits, &type, &cookie)) != NULL) {
533 gid = (gid_t)nvlist_get_number(newlimits, name);
538 gname = nvlist_get_string(newlimits, name);
543 if (!grp_allowed_group(oldlimits, gname, gid))
544 return (ENOTCAPABLE);
551 grp_allowed_field(const nvlist_t *limits, const char *field)
558 * If no limit was set on allowed fields, then all fields are allowed.
560 if (!nvlist_exists_nvlist(limits, "fields"))
563 limits = nvlist_get_nvlist(limits, "fields");
564 return (nvlist_exists_null(limits, field));
568 grp_allowed_fields(const nvlist_t *oldlimits, const nvlist_t *newlimits)
575 while ((name = nvlist_next(newlimits, &type, &cookie)) != NULL) {
576 if (type != NV_TYPE_NULL)
578 if (!grp_allowed_field(oldlimits, name))
579 return (ENOTCAPABLE);
586 grp_pack(const nvlist_t *limits, const struct group *grp, nvlist_t *nvl)
595 * If either name or GID is allowed, we allow it.
597 if (!grp_allowed_group(limits, grp->gr_name, grp->gr_gid))
600 if (grp_allowed_field(limits, "gr_name"))
601 nvlist_add_string(nvl, "gr_name", grp->gr_name);
603 nvlist_add_string(nvl, "gr_name", "");
604 if (grp_allowed_field(limits, "gr_passwd"))
605 nvlist_add_string(nvl, "gr_passwd", grp->gr_passwd);
607 nvlist_add_string(nvl, "gr_passwd", "");
608 if (grp_allowed_field(limits, "gr_gid"))
609 nvlist_add_number(nvl, "gr_gid", (uint64_t)grp->gr_gid);
611 nvlist_add_number(nvl, "gr_gid", (uint64_t)-1);
612 if (grp_allowed_field(limits, "gr_mem") && grp->gr_mem[0] != NULL) {
613 unsigned int ngroups;
615 for (ngroups = 0; grp->gr_mem[ngroups] != NULL; ngroups++) {
616 n = snprintf(nvlname, sizeof(nvlname), "gr_mem[%u]",
618 assert(n > 0 && n < (ssize_t)sizeof(nvlname));
619 nvlist_add_string(nvl, nvlname, grp->gr_mem[ngroups]);
621 nvlist_add_number(nvl, "gr_nmem", (uint64_t)ngroups);
628 grp_getgrent(const nvlist_t *limits, const nvlist_t *nvlin __unused,
638 if (grp_pack(limits, grp, nvlout))
646 grp_getgrnam(const nvlist_t *limits, const nvlist_t *nvlin, nvlist_t *nvlout)
651 if (!nvlist_exists_string(nvlin, "name"))
653 name = nvlist_get_string(nvlin, "name");
654 assert(name != NULL);
657 grp = getgrnam(name);
661 (void)grp_pack(limits, grp, nvlout);
667 grp_getgrgid(const nvlist_t *limits, const nvlist_t *nvlin, nvlist_t *nvlout)
672 if (!nvlist_exists_number(nvlin, "gid"))
675 gid = (gid_t)nvlist_get_number(nvlin, "gid");
682 (void)grp_pack(limits, grp, nvlout);
688 grp_setgroupent(const nvlist_t *limits __unused, const nvlist_t *nvlin,
689 nvlist_t *nvlout __unused)
693 if (!nvlist_exists_bool(nvlin, "stayopen"))
696 stayopen = nvlist_get_bool(nvlin, "stayopen") ? 1 : 0;
698 return (setgroupent(stayopen) == 0 ? EFAULT : 0);
702 grp_setgrent(const nvlist_t *limits __unused, const nvlist_t *nvlin __unused,
703 nvlist_t *nvlout __unused)
712 grp_endgrent(const nvlist_t *limits __unused, const nvlist_t *nvlin __unused,
713 nvlist_t *nvlout __unused)
722 grp_limit(const nvlist_t *oldlimits, const nvlist_t *newlimits)
724 const nvlist_t *limits;
729 if (oldlimits != NULL && nvlist_exists_nvlist(oldlimits, "cmds") &&
730 !nvlist_exists_nvlist(newlimits, "cmds")) {
731 return (ENOTCAPABLE);
733 if (oldlimits != NULL && nvlist_exists_nvlist(oldlimits, "fields") &&
734 !nvlist_exists_nvlist(newlimits, "fields")) {
735 return (ENOTCAPABLE);
737 if (oldlimits != NULL && nvlist_exists_nvlist(oldlimits, "groups") &&
738 !nvlist_exists_nvlist(newlimits, "groups")) {
739 return (ENOTCAPABLE);
743 while ((name = nvlist_next(newlimits, &type, &cookie)) != NULL) {
744 if (type != NV_TYPE_NVLIST)
746 limits = nvlist_get_nvlist(newlimits, name);
747 if (strcmp(name, "cmds") == 0)
748 error = grp_allowed_cmds(oldlimits, limits);
749 else if (strcmp(name, "fields") == 0)
750 error = grp_allowed_fields(oldlimits, limits);
751 else if (strcmp(name, "groups") == 0)
752 error = grp_allowed_groups(oldlimits, limits);
763 grp_command(const char *cmd, const nvlist_t *limits, nvlist_t *nvlin,
768 if (!grp_allowed_cmd(limits, cmd))
769 return (ENOTCAPABLE);
771 if (strcmp(cmd, "getgrent") == 0 || strcmp(cmd, "getgrent_r") == 0)
772 error = grp_getgrent(limits, nvlin, nvlout);
773 else if (strcmp(cmd, "getgrnam") == 0 || strcmp(cmd, "getgrnam_r") == 0)
774 error = grp_getgrnam(limits, nvlin, nvlout);
775 else if (strcmp(cmd, "getgrgid") == 0 || strcmp(cmd, "getgrgid_r") == 0)
776 error = grp_getgrgid(limits, nvlin, nvlout);
777 else if (strcmp(cmd, "setgroupent") == 0)
778 error = grp_setgroupent(limits, nvlin, nvlout);
779 else if (strcmp(cmd, "setgrent") == 0)
780 error = grp_setgrent(limits, nvlin, nvlout);
781 else if (strcmp(cmd, "endgrent") == 0)
782 error = grp_endgrent(limits, nvlin, nvlout);
789 CREATE_SERVICE("system.grp", grp_limit, grp_command, 0);