experiments/clixon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

* Implemented backend daemon drop privileges after initialization to

Browse source 
run as non-privileged user
This commit is contained in:
Olof hagsand 2019-09-14 18:34:32 +02:00
parent cacba627b5
commit 27fd99e7cd
61 changed files with 673 additions and 207 deletions
Download patch file Download diff file Expand all files Collapse all files

2
lib/src/Makefile.in
View file

@ -66,7 +66,7 @@ CPPFLAGS = @CPPFLAGS@
INCLUDES = -I. @INCLUDES@ -I$(top_srcdir)/lib/clixon -I$(top_srcdir)/include -I$(top_srcdir)
SRC = clixon_sig.c clixon_log.c clixon_err.c clixon_event.c \
SRC = clixon_sig.c clixon_uid.c clixon_log.c clixon_err.c clixon_event.c \
clixon_string.c clixon_regex.c clixon_handle.c \
clixon_xml.c clixon_xml_sort.c clixon_xml_map.c clixon_file.c \
clixon_json.c clixon_yang.c clixon_yang_type.c clixon_yang_module.c \

60
lib/src/clixon_file.c
View file

@ -43,14 +43,12 @@
#include <errno.h>
#include <dirent.h>
#include <regex.h>
#include <pwd.h>
#include <fcntl.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/param.h>
#include <unistd.h>
#include <netinet/in.h>
#include <grp.h>
/* cligen */
#include <cligen/cligen.h>
@ -210,61 +208,3 @@ clicon_file_copy(char *src,
errno = err;
return retval;
}
/*! Translate group name to gid. Return -1 if error or not found.
* @param[in] name Name of group
* @param[out] gid Group id
* @retval 0 OK
* @retval -1 Error. or not found
*/
int
group_name2gid(const char *name,
gid_t *gid)
{
int retval = -1;
char buf[1024];
struct group g0;
struct group *gr = &g0;
struct group *gtmp;
gr = &g0;
/* This leaks memory in ubuntu */
if (getgrnam_r(name, gr, buf, sizeof(buf), &gtmp) < 0){
clicon_err(OE_UNIX, errno, "getgrnam_r(%s)", name);
goto done;
}
if (gtmp == NULL){
clicon_err(OE_UNIX, 0, "No such group: %s", name);
goto done;
}
if (gid)
*gid = gr->gr_gid;
retval = 0;
done:
return retval;
}
int
name2uid(const char *name,
uid_t *uid)
{
int retval = -1;
char buf[1024];
struct passwd pwbuf;
struct passwd *pwbufp = NULL;
if (getpwnam_r(name, &pwbuf, buf, sizeof(buf), &pwbufp) != 0){
clicon_err(OE_UNIX, errno, "getpwnam_r(%s)", name);
goto done;
}
if (pwbufp == NULL){
clicon_err(OE_UNIX, 0, "No such user: %s", name);
goto done;
}
if (uid)
*uid = pwbufp->pw_uid;
retval = 0;
done:
return retval;
}

117
lib/src/clixon_options.c
View file

@ -82,6 +82,15 @@
*/
#define CLIXON_CONF_NS "http://clicon.org/config"
/* Mapping between Cli generation from Yang string <--> constants,
see clixon-config.yang type cli_genmodel_type */
static const map_str2int cli_genmodel_map[] = {
{"NONE", GT_NONE},
{"VARS", GT_VARS},
{"ALL", GT_ALL},
{NULL, -1}
};
/* Mapping between Clicon startup modes string <--> constants,
see clixon-config.yang type startup_mode */
static const map_str2int startup_mode_map[] = {
@ -92,6 +101,32 @@ static const map_str2int startup_mode_map[] = {
{NULL, -1}
};
/* Mapping between Clicon privilegese modes string <--> constants,
* see clixon-config.yang type priv_mode */
static const map_str2int priv_mode_map[] = {
{"none", PM_NONE},
{"drop_perm", PM_DROP_PERM},
{"drop_temp", PM_DROP_TEMP},
{NULL, -1}
};
/* Mapping between datastore cache string <--> constants,
* see clixon-config.yang type datastore_cache */
static const map_str2int datastore_cache_map[] = {
{"nocache", DATASTORE_NOCACHE},
{"cache", DATASTORE_CACHE},
{"cache-zerocopy", DATASTORE_CACHE_ZEROCOPY},
{NULL, -1}
};
/* Mapping between regular expression type string <--> constants,
* see clixon-config.yang type regexp_mode */
static const map_str2int yang_regexp_map[] = {
{"posix", REGEXP_POSIX},
{"libxml2", REGEXP_LIBXML2},
{NULL, -1}
};
/*! Print registry on file. For debugging.
* @param[in] h Clicon handle
* @param[in] dbglevel Debug level
@ -453,6 +488,9 @@ clicon_option_int(clicon_handle h,
}
/*! Set option given as int.
* @param[in] h Clicon handle
* @param[in] name Name of option to set
* @param[in] val Integer value
*/
int
clicon_option_int_set(clicon_handle h,
@ -468,7 +506,7 @@ clicon_option_int_set(clicon_handle h,
/*! Get options as bool but stored as string
*
* @param[in] h clicon handle
* @param[in] h Clicon handle
* @param[in] name name of option
* @retval 0 false, or does not exist, or does not have a boolean value
* @retval 1 true
@ -496,6 +534,9 @@ clicon_option_bool(clicon_handle h,
}
/*! Set option given as bool
* @param[in] h Clicon handle
* @param[in] name Name of option to set
* @param[in] val Boolean value, 0 or 1
*/
int
clicon_option_bool_set(clicon_handle h,
@ -510,6 +551,8 @@ clicon_option_bool_set(clicon_handle h,
}
/*! Delete option
* @param[in] h Clicon handle
* @param[in] name Name of option to delete
*/
int
clicon_option_del(clicon_handle h,
@ -530,8 +573,10 @@ clicon_option_del(clicon_handle h,
* But sometimes there are type conversions, etc which makes it more
* convenient to make wrapper functions. Or not?
*-----------------------------------------------------------------*/
/*! Whether to generate CLIgen syntax from datamodel or not (0 or 1)
/*! Wether to generate CLIgen syntax from datamodel or not (0 or 1)
* Must be used with a previous clicon_option_exists().
* @param[in] h Clicon handle
* @retval flag If set, generate CLI code from yang model, otherwise not
* @see clixon-config@<date>.yang CLICON_CLI_GENMODEL
*/
int
@ -546,6 +591,8 @@ clicon_cli_genmodel(clicon_handle h)
}
/*! Generate code for CLI completion of existing db symbols
* @param[in] h Clicon handle
* @retval flag If set, generate auto-complete CLI specs
* @see clixon-config@<date>.yang CLICON_CLI_GENMODEL_COMPLETION
*/
int
@ -559,14 +606,9 @@ clicon_cli_genmodel_completion(clicon_handle h)
return 0;
}
static const map_str2int cli_genmodel_map[] = {
{"NONE", GT_NONE},
{"VARS", GT_VARS},
{"ALL", GT_ALL},
{NULL, -1}
};
/*! How to generate and show CLI syntax: VARS|ALL
* @param[in] h Clicon handle
* @retval mode
* @see clixon-config@<date>.yang CLICON_CLI_GENMODEL_TYPE
*/
enum genmodel_type
@ -580,7 +622,9 @@ clicon_cli_genmodel_type(clicon_handle h)
return clicon_str2int(cli_genmodel_map, str);
}
/*! Get Dont include keys in cvec in cli vars callbacks
/*! Get "do not include keys in cvec" in cli vars callbacks
* @param[in] h Clicon handle
* @retval flag If set, get only vars
* @see clixon-config@<date>.yang CLICON_CLI_VARONLY
*/
int
@ -596,6 +640,8 @@ clicon_cli_varonly(clicon_handle h)
/*! Get family of backend socket: AF_UNIX, AF_INET or AF_INET6
* @see clixon-config@<date>.yang CLICON_SOCK_FAMILY
* @param[in] h Clicon handle
* @retval fam Socket family
*/
int
clicon_sock_family(clicon_handle h)
@ -613,6 +659,8 @@ clicon_sock_family(clicon_handle h)
}
/*! Get port for backend socket in case of AF_INET or AF_INET6
* @param[in] h Clicon handle
* @retval port Socket port
* @see clixon-config@<date>.yang CLICON_SOCK_PORT
*/
int
@ -626,6 +674,8 @@ clicon_sock_port(clicon_handle h)
}
/*! Set if all configuration changes are committed automatically
* @param[in] h Clicon handle
* @retval flag Autocommit (or not)
*/
int
clicon_autocommit(clicon_handle h)
@ -638,25 +688,37 @@ clicon_autocommit(clicon_handle h)
return 0;
}
/*! Which method to boot/start clicon backen
/*! Which method to boot/start clicon backend
* @param[in] h Clicon handle
* @retval mode Startup mode
*/
int
clicon_startup_mode(clicon_handle h)
{
char *mode;
if ((mode = clicon_option_str(h, "CLICON_STARTUP_MODE")) == NULL)
return -1;
return clicon_str2int(startup_mode_map, mode);
}
static const map_str2int datastore_cache_map[] = {
{"nocache", DATASTORE_NOCACHE},
{"cache", DATASTORE_CACHE},
{"cache-zerocopy", DATASTORE_CACHE_ZEROCOPY},
{NULL, -1}
};
/*! Which privileges drop method to use
* @param[in] h Clicon handle
* @retval mode Privileges mode
*/
int
clicon_backend_privileges_mode(clicon_handle h)
{
char *mode;
if ((mode = clicon_option_str(h, "CLICON_BACKEND_PRIVILEGES")) == NULL)
return -1;
return clicon_str2int(priv_mode_map, mode);
}
/*! Which datastore cache method to use
* @param[in] h Clicon handle
* @retval method Datastore cache method
* @see clixon-config@<date>.yang CLICON_DATASTORE_CACHE
*/
enum datastore_cache
@ -670,13 +732,9 @@ clicon_datastore_cache(clicon_handle h)
return clicon_str2int(datastore_cache_map, str);
}
static const map_str2int yang_regexp_map[] = {
{"posix", REGEXP_POSIX},
{"libxml2", REGEXP_LIBXML2},
{NULL, -1}
};
/*! Which Yang regexp/pattern engine to use
* @param[in] h Clicon handle
* @retval mode Regexp engine to use
* @see clixon-config@<date>.yang CLICON_YANG_REGEXP
*/
enum regexp_mode
@ -696,7 +754,10 @@ clicon_yang_regexp(clicon_handle h)
* Such as handles to plugins, API:s and parsed structures
*--------------------------------------------------------------------*/
/* eg -q option, dont print notifications on stdout */
/*! Get quiet mode eg -q option, do not print notifications on stdout
* @param[in] h Clicon handle
* @retval flag quiet mode on or off
*/
int
clicon_quiet_mode(clicon_handle h)
{
@ -705,8 +766,14 @@ clicon_quiet_mode(clicon_handle h)
return 0; /* default */
return atoi(s);
}
/*! Set quiet mode
* @param[in] h Clicon handle
* @param[in] val Flag value
*/
int
clicon_quiet_mode_set(clicon_handle h, int val)
clicon_quiet_mode_set(clicon_handle h,
int val)
{
return clicon_option_int_set(h, "CLICON_QUIET", val);
}

200
lib/src/clixon_uid.c Normal file
View file

@ -0,0 +1,200 @@
/*
*
***** BEGIN LICENSE BLOCK *****
Copyright (C) 2009-2019 Olof Hagsand and Benny Holmgren
This file is part of CLIXON.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Alternatively, the contents of this file may be used under the terms of
the GNU General Public License Version 3 or later (the "GPL"),
in which case the provisions of the GPL are applicable instead
of those above. If you wish to allow use of your version of this file only
under the terms of the GPL, and not to allow others to
use your version of this file under the terms of Apache License version 2,
indicate your decision by deleting the provisions above and replace them with
the notice and other provisions required by the GPL. If you do not delete
the provisions above, a recipient may use your version of this file under
the terms of any one of the Apache License version 2 or the GPL.
***** END LICENSE BLOCK *****
* uid, gid, privileges
*/
#ifdef HAVE_CONFIG_H
#include "clixon_config.h" /* generated by config & autoconf */
#endif
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#define __USE_GNU /* For setresuid */
#include <unistd.h>
#undef __USE_GNU
#include <stdarg.h>
#include <signal.h>
#include <syslog.h>
#include <errno.h>
#include <grp.h>
#include <pwd.h>
/* clicon */
#include "clixon_err.h"
#include "clixon_log.h"
#include "clixon_uid.h"
/*! Translate group name to gid. Return -1 if error or not found.
* @param[in] name Name of group
* @param[out] gid Group id
* @retval 0 OK
* @retval -1 Error. or not found
*/
int
group_name2gid(const char *name,
gid_t *gid)
{
int retval = -1;
char buf[1024];
struct group g0;
struct group *gr = &g0;
struct group *gtmp;
gr = &g0;
/* This leaks memory in ubuntu */
if (getgrnam_r(name, gr, buf, sizeof(buf), &gtmp) < 0){
clicon_err(OE_UNIX, errno, "getgrnam_r(%s)", name);
goto done;
}
if (gtmp == NULL){
clicon_err(OE_UNIX, 0, "No such group: %s", name);
goto done;
}
if (gid)
*gid = gr->gr_gid;
retval = 0;
done:
return retval;
}
/*! Translate user name to uid. Return -1 if error or not found.
* @param[in] name Name of user
* @param[out] uid User id
* @retval 0 OK
* @retval -1 Error. or not found
*/
int
name2uid(const char *name,
uid_t *uid)
{
int retval = -1;
char buf[1024];
struct passwd pwbuf;
struct passwd *pwbufp = NULL;
if (getpwnam_r(name, &pwbuf, buf, sizeof(buf), &pwbufp) != 0){
clicon_err(OE_UNIX, errno, "getpwnam_r(%s)", name);
goto done;
}
if (pwbufp == NULL){
clicon_err(OE_UNIX, 0, "No such user: %s", name);
goto done;
}
if (uid)
*uid = pwbufp->pw_uid;
retval = 0;
done:
return retval;
}
/* Privileges drop perm, temp and restore
* @see https://www.usenix.org/legacy/events/sec02/full_papers/chen/chen.pdf
*/
/*! Temporarily drop privileges
* @param[in] new_uid
*/
int
drop_priv_temp(uid_t new_uid)
{
int retval = -1;
if (setresuid(-1, new_uid, geteuid()) < 0){
clicon_err(OE_UNIX, errno, "setresuid");
goto done;
}
if (geteuid() != new_uid){
clicon_err(OE_UNIX, errno, "geteuid");
goto done;
}
retval = 0;
done:
return retval;
}
/*! Permanently drop privileges
* @param[in] new_uid
*/
int
drop_priv_perm(uid_t new_uid)
{
int retval = -1;
uid_t ruid;
uid_t euid;
uid_t suid;
if (setresuid(new_uid, new_uid, new_uid) < 0){
clicon_err(OE_UNIX, errno, "setresuid");
goto done;
}
if (getresuid(&ruid, &euid, &suid) < 0){
clicon_err(OE_UNIX, errno, "getresuid");
goto done;
}
if (ruid != new_uid ||
euid != new_uid ||
suid != new_uid){
clicon_err(OE_UNIX, EINVAL, "Non-matching uid");
goto done;
}
retval = 0;
done:
return retval;
}
/*! Restore privileges to saved level */
int
restore_priv(void)
{
int retval = -1;
uid_t ruid;
uid_t euid;
uid_t suid;
if (getresuid(&ruid, &euid, &suid) < 0){
clicon_err(OE_UNIX, errno, "setresuid");
goto done;
}
if (setresuid(-1, suid, -1) < 0){
clicon_err(OE_UNIX, errno, "setresuid");
goto done;
}
if (geteuid() != suid){
clicon_err(OE_UNIX, EINVAL, "Non-matching uid");
goto done;
}
retval = 0;
done:
return retval;
}