2 * Copyright (c) 2013 The FreeBSD Foundation
5 * This software was developed by Pawel Jakub Dawidek under sponsorship from
6 * the FreeBSD Foundation.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 #include <sys/cdefs.h>
31 __FBSDID("$FreeBSD$");
33 #include <sys/types.h>
43 #include <libcasper.h>
44 #include <libcasper_service.h>
48 static struct passwd gpwd;
50 static size_t gbufsize;
63 gbuffer = realloc(buf, gbufsize);
64 if (gbuffer == NULL) {
69 memset(gbuffer, 0, gbufsize);
75 passwd_unpack_string(const nvlist_t *nvl, const char *fieldname, char **fieldp,
76 char **bufferp, size_t *bufsizep)
81 str = nvlist_get_string(nvl, fieldname);
82 len = strlcpy(*bufferp, str, *bufsizep);
93 passwd_unpack(const nvlist_t *nvl, struct passwd *pwd, char *buffer,
98 if (!nvlist_exists_string(nvl, "pw_name"))
101 memset(pwd, 0, sizeof(*pwd));
103 error = passwd_unpack_string(nvl, "pw_name", &pwd->pw_name, &buffer,
107 pwd->pw_uid = (uid_t)nvlist_get_number(nvl, "pw_uid");
108 pwd->pw_gid = (gid_t)nvlist_get_number(nvl, "pw_gid");
109 pwd->pw_change = (time_t)nvlist_get_number(nvl, "pw_change");
110 error = passwd_unpack_string(nvl, "pw_passwd", &pwd->pw_passwd, &buffer,
114 error = passwd_unpack_string(nvl, "pw_class", &pwd->pw_class, &buffer,
118 error = passwd_unpack_string(nvl, "pw_gecos", &pwd->pw_gecos, &buffer,
122 error = passwd_unpack_string(nvl, "pw_dir", &pwd->pw_dir, &buffer,
126 error = passwd_unpack_string(nvl, "pw_shell", &pwd->pw_shell, &buffer,
130 pwd->pw_expire = (time_t)nvlist_get_number(nvl, "pw_expire");
131 pwd->pw_fields = (int)nvlist_get_number(nvl, "pw_fields");
137 cap_getpwcommon_r(cap_channel_t *chan, const char *cmd, const char *login,
138 uid_t uid, struct passwd *pwd, char *buffer, size_t bufsize,
139 struct passwd **result)
145 nvl = nvlist_create(0);
146 nvlist_add_string(nvl, "cmd", cmd);
147 if (strcmp(cmd, "getpwent") == 0 || strcmp(cmd, "getpwent_r") == 0) {
149 } else if (strcmp(cmd, "getpwnam") == 0 ||
150 strcmp(cmd, "getpwnam_r") == 0) {
151 nvlist_add_string(nvl, "name", login);
152 } else if (strcmp(cmd, "getpwuid") == 0 ||
153 strcmp(cmd, "getpwuid_r") == 0) {
154 nvlist_add_number(nvl, "uid", (uint64_t)uid);
158 nvl = cap_xfer_nvlist(chan, nvl, 0);
164 error = (int)nvlist_get_number(nvl, "error");
171 if (!nvlist_exists_string(nvl, "pw_name")) {
178 getpw_r = (strcmp(cmd, "getpwent_r") == 0 ||
179 strcmp(cmd, "getpwnam_r") == 0 || strcmp(cmd, "getpwuid_r") == 0);
182 error = passwd_unpack(nvl, pwd, buffer, bufsize);
183 if (getpw_r || error != ERANGE)
185 assert(buffer == gbuffer);
186 assert(bufsize == gbufsize);
187 error = passwd_resize();
190 /* Update pointers after resize. */
205 static struct passwd *
206 cap_getpwcommon(cap_channel_t *chan, const char *cmd, const char *login,
209 struct passwd *result;
214 error = cap_getpwcommon_r(chan, cmd, login, uid, &gpwd, gbuffer,
227 cap_getpwent(cap_channel_t *chan)
230 return (cap_getpwcommon(chan, "getpwent", NULL, 0));
234 cap_getpwnam(cap_channel_t *chan, const char *login)
237 return (cap_getpwcommon(chan, "getpwnam", login, 0));
241 cap_getpwuid(cap_channel_t *chan, uid_t uid)
244 return (cap_getpwcommon(chan, "getpwuid", NULL, uid));
248 cap_getpwent_r(cap_channel_t *chan, struct passwd *pwd, char *buffer,
249 size_t bufsize, struct passwd **result)
252 return (cap_getpwcommon_r(chan, "getpwent_r", NULL, 0, pwd, buffer,
257 cap_getpwnam_r(cap_channel_t *chan, const char *name, struct passwd *pwd,
258 char *buffer, size_t bufsize, struct passwd **result)
261 return (cap_getpwcommon_r(chan, "getpwnam_r", name, 0, pwd, buffer,
266 cap_getpwuid_r(cap_channel_t *chan, uid_t uid, struct passwd *pwd, char *buffer,
267 size_t bufsize, struct passwd **result)
270 return (cap_getpwcommon_r(chan, "getpwuid_r", NULL, uid, pwd, buffer,
275 cap_setpassent(cap_channel_t *chan, int stayopen)
279 nvl = nvlist_create(0);
280 nvlist_add_string(nvl, "cmd", "setpassent");
281 nvlist_add_bool(nvl, "stayopen", stayopen != 0);
282 nvl = cap_xfer_nvlist(chan, nvl, 0);
285 if (nvlist_get_number(nvl, "error") != 0) {
286 errno = nvlist_get_number(nvl, "error");
296 cap_set_end_pwent(cap_channel_t *chan, const char *cmd)
300 nvl = nvlist_create(0);
301 nvlist_add_string(nvl, "cmd", cmd);
302 /* Ignore any errors, we have no way to report them. */
303 nvlist_destroy(cap_xfer_nvlist(chan, nvl, 0));
307 cap_setpwent(cap_channel_t *chan)
310 cap_set_end_pwent(chan, "setpwent");
314 cap_endpwent(cap_channel_t *chan)
317 cap_set_end_pwent(chan, "endpwent");
321 cap_pwd_limit_cmds(cap_channel_t *chan, const char * const *cmds, size_t ncmds)
323 nvlist_t *limits, *nvl;
326 if (cap_limit_get(chan, &limits) < 0)
328 if (limits == NULL) {
329 limits = nvlist_create(0);
331 if (nvlist_exists_nvlist(limits, "cmds"))
332 nvlist_free_nvlist(limits, "cmds");
334 nvl = nvlist_create(0);
335 for (i = 0; i < ncmds; i++)
336 nvlist_add_null(nvl, cmds[i]);
337 nvlist_move_nvlist(limits, "cmds", nvl);
338 return (cap_limit_set(chan, limits));
342 cap_pwd_limit_fields(cap_channel_t *chan, const char * const *fields,
345 nvlist_t *limits, *nvl;
348 if (cap_limit_get(chan, &limits) < 0)
350 if (limits == NULL) {
351 limits = nvlist_create(0);
353 if (nvlist_exists_nvlist(limits, "fields"))
354 nvlist_free_nvlist(limits, "fields");
356 nvl = nvlist_create(0);
357 for (i = 0; i < nfields; i++)
358 nvlist_add_null(nvl, fields[i]);
359 nvlist_move_nvlist(limits, "fields", nvl);
360 return (cap_limit_set(chan, limits));
364 cap_pwd_limit_users(cap_channel_t *chan, const char * const *names,
365 size_t nnames, uid_t *uids, size_t nuids)
367 nvlist_t *limits, *users;
372 if (cap_limit_get(chan, &limits) < 0)
374 if (limits == NULL) {
375 limits = nvlist_create(0);
377 if (nvlist_exists_nvlist(limits, "users"))
378 nvlist_free_nvlist(limits, "users");
380 users = nvlist_create(0);
381 for (i = 0; i < nuids; i++) {
382 n = snprintf(nvlname, sizeof(nvlname), "uid%u", i);
383 assert(n > 0 && n < (int)sizeof(nvlname));
384 nvlist_add_number(users, nvlname, (uint64_t)uids[i]);
386 for (i = 0; i < nnames; i++) {
387 n = snprintf(nvlname, sizeof(nvlname), "name%u", i);
388 assert(n > 0 && n < (int)sizeof(nvlname));
389 nvlist_add_string(users, nvlname, names[i]);
391 nvlist_move_nvlist(limits, "users", users);
392 return (cap_limit_set(chan, limits));
400 pwd_allowed_cmd(const nvlist_t *limits, const char *cmd)
407 * If no limit was set on allowed commands, then all commands
410 if (!nvlist_exists_nvlist(limits, "cmds"))
413 limits = nvlist_get_nvlist(limits, "cmds");
414 return (nvlist_exists_null(limits, cmd));
418 pwd_allowed_cmds(const nvlist_t *oldlimits, const nvlist_t *newlimits)
425 while ((name = nvlist_next(newlimits, &type, &cookie)) != NULL) {
426 if (type != NV_TYPE_NULL)
428 if (!pwd_allowed_cmd(oldlimits, name))
429 return (ENOTCAPABLE);
436 pwd_allowed_user(const nvlist_t *limits, const char *uname, uid_t uid)
446 * If no limit was set on allowed users, then all users are allowed.
448 if (!nvlist_exists_nvlist(limits, "users"))
451 limits = nvlist_get_nvlist(limits, "users");
453 while ((name = nvlist_next(limits, &type, &cookie)) != NULL) {
456 if (uid != (uid_t)-1 &&
457 nvlist_get_number(limits, name) == (uint64_t)uid) {
463 strcmp(nvlist_get_string(limits, name),
477 pwd_allowed_users(const nvlist_t *oldlimits, const nvlist_t *newlimits)
479 const char *name, *uname;
485 while ((name = nvlist_next(newlimits, &type, &cookie)) != NULL) {
488 uid = (uid_t)nvlist_get_number(newlimits, name);
493 uname = nvlist_get_string(newlimits, name);
498 if (!pwd_allowed_user(oldlimits, uname, uid))
499 return (ENOTCAPABLE);
506 pwd_allowed_field(const nvlist_t *limits, const char *field)
513 * If no limit was set on allowed fields, then all fields are allowed.
515 if (!nvlist_exists_nvlist(limits, "fields"))
518 limits = nvlist_get_nvlist(limits, "fields");
519 return (nvlist_exists_null(limits, field));
523 pwd_allowed_fields(const nvlist_t *oldlimits, const nvlist_t *newlimits)
530 while ((name = nvlist_next(newlimits, &type, &cookie)) != NULL) {
531 if (type != NV_TYPE_NULL)
533 if (!pwd_allowed_field(oldlimits, name))
534 return (ENOTCAPABLE);
541 pwd_pack(const nvlist_t *limits, const struct passwd *pwd, nvlist_t *nvl)
549 * If either name or UID is allowed, we allow it.
551 if (!pwd_allowed_user(limits, pwd->pw_name, pwd->pw_uid))
554 fields = pwd->pw_fields;
556 if (pwd_allowed_field(limits, "pw_name")) {
557 nvlist_add_string(nvl, "pw_name", pwd->pw_name);
559 nvlist_add_string(nvl, "pw_name", "");
560 fields &= ~_PWF_NAME;
562 if (pwd_allowed_field(limits, "pw_uid")) {
563 nvlist_add_number(nvl, "pw_uid", (uint64_t)pwd->pw_uid);
565 nvlist_add_number(nvl, "pw_uid", (uint64_t)-1);
568 if (pwd_allowed_field(limits, "pw_gid")) {
569 nvlist_add_number(nvl, "pw_gid", (uint64_t)pwd->pw_gid);
571 nvlist_add_number(nvl, "pw_gid", (uint64_t)-1);
574 if (pwd_allowed_field(limits, "pw_change")) {
575 nvlist_add_number(nvl, "pw_change", (uint64_t)pwd->pw_change);
577 nvlist_add_number(nvl, "pw_change", (uint64_t)0);
578 fields &= ~_PWF_CHANGE;
580 if (pwd_allowed_field(limits, "pw_passwd")) {
581 nvlist_add_string(nvl, "pw_passwd", pwd->pw_passwd);
583 nvlist_add_string(nvl, "pw_passwd", "");
584 fields &= ~_PWF_PASSWD;
586 if (pwd_allowed_field(limits, "pw_class")) {
587 nvlist_add_string(nvl, "pw_class", pwd->pw_class);
589 nvlist_add_string(nvl, "pw_class", "");
590 fields &= ~_PWF_CLASS;
592 if (pwd_allowed_field(limits, "pw_gecos")) {
593 nvlist_add_string(nvl, "pw_gecos", pwd->pw_gecos);
595 nvlist_add_string(nvl, "pw_gecos", "");
596 fields &= ~_PWF_GECOS;
598 if (pwd_allowed_field(limits, "pw_dir")) {
599 nvlist_add_string(nvl, "pw_dir", pwd->pw_dir);
601 nvlist_add_string(nvl, "pw_dir", "");
604 if (pwd_allowed_field(limits, "pw_shell")) {
605 nvlist_add_string(nvl, "pw_shell", pwd->pw_shell);
607 nvlist_add_string(nvl, "pw_shell", "");
608 fields &= ~_PWF_SHELL;
610 if (pwd_allowed_field(limits, "pw_expire")) {
611 nvlist_add_number(nvl, "pw_expire", (uint64_t)pwd->pw_expire);
613 nvlist_add_number(nvl, "pw_expire", (uint64_t)0);
614 fields &= ~_PWF_EXPIRE;
616 nvlist_add_number(nvl, "pw_fields", (uint64_t)fields);
622 pwd_getpwent(const nvlist_t *limits, const nvlist_t *nvlin __unused,
632 if (pwd_pack(limits, pwd, nvlout))
640 pwd_getpwnam(const nvlist_t *limits, const nvlist_t *nvlin, nvlist_t *nvlout)
645 if (!nvlist_exists_string(nvlin, "name"))
647 name = nvlist_get_string(nvlin, "name");
648 assert(name != NULL);
651 pwd = getpwnam(name);
655 (void)pwd_pack(limits, pwd, nvlout);
661 pwd_getpwuid(const nvlist_t *limits, const nvlist_t *nvlin, nvlist_t *nvlout)
666 if (!nvlist_exists_number(nvlin, "uid"))
669 uid = (uid_t)nvlist_get_number(nvlin, "uid");
676 (void)pwd_pack(limits, pwd, nvlout);
682 pwd_setpassent(const nvlist_t *limits __unused, const nvlist_t *nvlin,
683 nvlist_t *nvlout __unused)
687 if (!nvlist_exists_bool(nvlin, "stayopen"))
690 stayopen = nvlist_get_bool(nvlin, "stayopen") ? 1 : 0;
692 return (setpassent(stayopen) == 0 ? EFAULT : 0);
696 pwd_setpwent(const nvlist_t *limits __unused, const nvlist_t *nvlin __unused,
697 nvlist_t *nvlout __unused)
706 pwd_endpwent(const nvlist_t *limits __unused, const nvlist_t *nvlin __unused,
707 nvlist_t *nvlout __unused)
716 pwd_limit(const nvlist_t *oldlimits, const nvlist_t *newlimits)
718 const nvlist_t *limits;
723 if (oldlimits != NULL && nvlist_exists_nvlist(oldlimits, "cmds") &&
724 !nvlist_exists_nvlist(newlimits, "cmds")) {
725 return (ENOTCAPABLE);
727 if (oldlimits != NULL && nvlist_exists_nvlist(oldlimits, "fields") &&
728 !nvlist_exists_nvlist(newlimits, "fields")) {
729 return (ENOTCAPABLE);
731 if (oldlimits != NULL && nvlist_exists_nvlist(oldlimits, "users") &&
732 !nvlist_exists_nvlist(newlimits, "users")) {
733 return (ENOTCAPABLE);
737 while ((name = nvlist_next(newlimits, &type, &cookie)) != NULL) {
738 if (type != NV_TYPE_NVLIST)
740 limits = nvlist_get_nvlist(newlimits, name);
741 if (strcmp(name, "cmds") == 0)
742 error = pwd_allowed_cmds(oldlimits, limits);
743 else if (strcmp(name, "fields") == 0)
744 error = pwd_allowed_fields(oldlimits, limits);
745 else if (strcmp(name, "users") == 0)
746 error = pwd_allowed_users(oldlimits, limits);
757 pwd_command(const char *cmd, const nvlist_t *limits, nvlist_t *nvlin,
762 if (!pwd_allowed_cmd(limits, cmd))
763 return (ENOTCAPABLE);
765 if (strcmp(cmd, "getpwent") == 0 || strcmp(cmd, "getpwent_r") == 0)
766 error = pwd_getpwent(limits, nvlin, nvlout);
767 else if (strcmp(cmd, "getpwnam") == 0 || strcmp(cmd, "getpwnam_r") == 0)
768 error = pwd_getpwnam(limits, nvlin, nvlout);
769 else if (strcmp(cmd, "getpwuid") == 0 || strcmp(cmd, "getpwuid_r") == 0)
770 error = pwd_getpwuid(limits, nvlin, nvlout);
771 else if (strcmp(cmd, "setpassent") == 0)
772 error = pwd_setpassent(limits, nvlin, nvlout);
773 else if (strcmp(cmd, "setpwent") == 0)
774 error = pwd_setpwent(limits, nvlin, nvlout);
775 else if (strcmp(cmd, "endpwent") == 0)
776 error = pwd_endpwent(limits, nvlin, nvlout);
783 CREATE_SERVICE("system.pwd", pwd_limit, pwd_command, 0);