1/* $NetBSD: openpam_check_owner_perms.c,v 1.4 2012/01/03 18:56:49 christos Exp $ */ 2 3/*- 4 * Copyright (c) 2011 Dag-Erling Smørgrav 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer 12 * in this position and unchanged. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * Id: openpam_check_owner_perms.c 499 2011-11-22 11:51:50Z des 30 */ 31 32#ifdef HAVE_CONFIG_H 33# include "config.h" 34#endif 35 36#include <sys/types.h> 37#include <sys/stat.h> 38 39#include <errno.h> 40#include <limits.h> 41#include <stdlib.h> 42#include <string.h> 43#include <unistd.h> 44 45#include <security/pam_appl.h> 46 47#include "openpam_impl.h" 48 49/* 50 * OpenPAM internal 51 * 52 * Verify that the file or directory referenced by the given descriptor is 53 * owned by either root or the arbitrator and that it is not writable by 54 * group or other. 55 */ 56 57int 58openpam_check_desc_owner_perms(const char *name, int fd) 59{ 60 uid_t root, arbitrator; 61 struct stat sb; 62 int serrno; 63 64 root = 0; 65 arbitrator = geteuid(); 66 if (fstat(fd, &sb) != 0) { 67 serrno = errno; 68 openpam_log(PAM_LOG_ERROR, "%s: %s", name, strerror(errno)); 69 errno = serrno; 70 return (-1); 71 } 72 if ((sb.st_uid != root && sb.st_uid != arbitrator) || 73 (sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) { 74 openpam_log(PAM_LOG_ERROR, 75 "%s: insecure ownership or permissions", name); 76 errno = EPERM; 77 return (-1); 78 } 79 return (0); 80} 81 82/* 83 * OpenPAM internal 84 * 85 * Verify that a file or directory and all components of the path leading 86 * up to it are owned by either root or the arbitrator and that they are 87 * not writable by group or other. 88 * 89 * Note that openpam_check_file_owner_perms() should be used instead if 90 * possible to avoid a race between the ownership / permission check and 91 * the actual open(). 92 */ 93 94int 95openpam_check_path_owner_perms(const char *path) 96{ 97 uid_t root, arbitrator; 98 char pathbuf[PATH_MAX]; 99 struct stat sb; 100 size_t len; 101 int serrno; 102 103 root = 0; 104 arbitrator = geteuid(); 105 if (realpath(path, pathbuf) == NULL) 106 return (-1); 107 len = strlen(pathbuf); 108 while (len > 0) { 109 if (stat(pathbuf, &sb) != 0) { 110 serrno = errno; 111 openpam_log(PAM_LOG_ERROR, "%s: %s", pathbuf, 112 strerror(errno)); 113 errno = serrno; 114 return (-1); 115 } 116 if ((sb.st_uid != root && sb.st_uid != arbitrator) || 117 (sb.st_mode & (S_IWGRP|S_IWOTH)) != 0) { 118 openpam_log(PAM_LOG_ERROR, 119 "%s: insecure ownership or permissions", pathbuf); 120 errno = EPERM; 121 return (-1); 122 } 123 while (--len > 0 && pathbuf[len] != '/') 124 pathbuf[len] = '\0'; 125 } 126 return (0); 127} 128 129/* 130 * NOPARSE 131 */ 132