Blame - openbsd-compat/port-linux.c - fp2-dev/platform/external/openssh

blob: ea8dff40f706e105bfd61716416d86a8740ce3b2 [file] [log] [blame]

Mike Lockwood	1305e95	2011-12-07 08:17:59 -0800	[diff] [blame]	1	/* $Id: port-linux.c,v 1.16 2011/08/29 06:09:57 djm Exp $ */
				2
				3	/*
				4	* Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com>
				5	* Copyright (c) 2006 Damien Miller <djm@openbsd.org>
				6	*
				7	* Permission to use, copy, modify, and distribute this software for any
				8	* purpose with or without fee is hereby granted, provided that the above
				9	* copyright notice and this permission notice appear in all copies.
				10	*
				11	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
				12	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
				13	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
				14	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
				15	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
				16	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
				17	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
				18	*/
				19
				20	/*
				21	* Linux-specific portability code - just SELinux support at present
				22	*/
				23
				24	#include "includes.h"
				25
				26	#if defined(WITH_SELINUX) \|\| defined(LINUX_OOM_ADJUST)
				27	#include <errno.h>
				28	#include <stdarg.h>
				29	#include <string.h>
				30	#include <stdio.h>
				31
				32	#include "log.h"
				33	#include "xmalloc.h"
				34	#include "port-linux.h"
				35
				36	#ifdef WITH_SELINUX
				37	#include <selinux/selinux.h>
				38	#include <selinux/flask.h>
				39	#include <selinux/get_context_list.h>
				40
				41	#ifndef SSH_SELINUX_UNCONFINED_TYPE
				42	# define SSH_SELINUX_UNCONFINED_TYPE ":unconfined_t:"
				43	#endif
				44
				45	/* Wrapper around is_selinux_enabled() to log its return value once only */
				46	int
				47	ssh_selinux_enabled(void)
				48	{
				49	static int enabled = -1;
				50
				51	if (enabled == -1) {
				52	enabled = (is_selinux_enabled() == 1);
				53	debug("SELinux support %s", enabled ? "enabled" : "disabled");
				54	}
				55
				56	return (enabled);
				57	}
				58
				59	/* Return the default security context for the given username */
				60	static security_context_t
				61	ssh_selinux_getctxbyname(char *pwname)
				62	{
				63	security_context_t sc;
				64	char sename = NULL, lvl = NULL;
				65	int r;
				66
				67	#ifdef HAVE_GETSEUSERBYNAME
				68	if (getseuserbyname(pwname, &sename, &lvl) != 0)
				69	return NULL;
				70	#else
				71	sename = pwname;
				72	lvl = NULL;
				73	#endif
				74
				75	#ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL
				76	r = get_default_context_with_level(sename, lvl, NULL, &sc);
				77	#else
				78	r = get_default_context(sename, NULL, &sc);
				79	#endif
				80
				81	if (r != 0) {
				82	switch (security_getenforce()) {
				83	case -1:
				84	fatal("%s: ssh_selinux_getctxbyname: "
				85	"security_getenforce() failed", __func__);
				86	case 0:
				87	error("%s: Failed to get default SELinux security "
				88	"context for %s", __func__, pwname);
				89	break;
				90	default:
				91	fatal("%s: Failed to get default SELinux security "
				92	"context for %s (in enforcing mode)",
				93	__func__, pwname);
				94	}
				95	}
				96
				97	#ifdef HAVE_GETSEUSERBYNAME
				98	if (sename != NULL)
				99	xfree(sename);
				100	if (lvl != NULL)
				101	xfree(lvl);
				102	#endif
				103
				104	return (sc);
				105	}
				106
				107	/* Set the execution context to the default for the specified user */
				108	void
				109	ssh_selinux_setup_exec_context(char *pwname)
				110	{
				111	security_context_t user_ctx = NULL;
				112
				113	if (!ssh_selinux_enabled())
				114	return;
				115
				116	debug3("%s: setting execution context", __func__);
				117
				118	user_ctx = ssh_selinux_getctxbyname(pwname);
				119	if (setexeccon(user_ctx) != 0) {
				120	switch (security_getenforce()) {
				121	case -1:
				122	fatal("%s: security_getenforce() failed", __func__);
				123	case 0:
				124	error("%s: Failed to set SELinux execution "
				125	"context for %s", __func__, pwname);
				126	break;
				127	default:
				128	fatal("%s: Failed to set SELinux execution context "
				129	"for %s (in enforcing mode)", __func__, pwname);
				130	}
				131	}
				132	if (user_ctx != NULL)
				133	freecon(user_ctx);
				134
				135	debug3("%s: done", __func__);
				136	}
				137
				138	/* Set the TTY context for the specified user */
				139	void
				140	ssh_selinux_setup_pty(char pwname, const char tty)
				141	{
				142	security_context_t new_tty_ctx = NULL;
				143	security_context_t user_ctx = NULL;
				144	security_context_t old_tty_ctx = NULL;
				145
				146	if (!ssh_selinux_enabled())
				147	return;
				148
				149	debug3("%s: setting TTY context on %s", __func__, tty);
				150
				151	user_ctx = ssh_selinux_getctxbyname(pwname);
				152
				153	/* XXX: should these calls fatal() upon failure in enforcing mode? */
				154
				155	if (getfilecon(tty, &old_tty_ctx) == -1) {
				156	error("%s: getfilecon: %s", __func__, strerror(errno));
				157	goto out;
				158	}
				159
				160	if (security_compute_relabel(user_ctx, old_tty_ctx,
				161	SECCLASS_CHR_FILE, &new_tty_ctx) != 0) {
				162	error("%s: security_compute_relabel: %s",
				163	__func__, strerror(errno));
				164	goto out;
				165	}
				166
				167	if (setfilecon(tty, new_tty_ctx) != 0)
				168	error("%s: setfilecon: %s", __func__, strerror(errno));
				169	out:
				170	if (new_tty_ctx != NULL)
				171	freecon(new_tty_ctx);
				172	if (old_tty_ctx != NULL)
				173	freecon(old_tty_ctx);
				174	if (user_ctx != NULL)
				175	freecon(user_ctx);
				176	debug3("%s: done", __func__);
				177	}
				178
				179	void
				180	ssh_selinux_change_context(const char *newname)
				181	{
				182	int len, newlen;
				183	char oldctx, newctx, *cx;
				184	void (switchlog) (const char fmt,...) = logit;
				185
				186	if (!ssh_selinux_enabled())
				187	return;
				188
				189	if (getcon((security_context_t *)&oldctx) < 0) {
				190	logit("%s: getcon failed with %s", __func__, strerror(errno));
				191	return;
				192	}
				193	if ((cx = index(oldctx, ':')) == NULL \|\| (cx = index(cx + 1, ':')) ==
				194	NULL) {
				195	logit ("%s: unparseable context %s", __func__, oldctx);
				196	return;
				197	}
				198
				199	/*
				200	* Check whether we are attempting to switch away from an unconfined
				201	* security context.
				202	*/
				203	if (strncmp(cx, SSH_SELINUX_UNCONFINED_TYPE,
				204	sizeof(SSH_SELINUX_UNCONFINED_TYPE) - 1) == 0)
				205	switchlog = debug3;
				206
				207	newlen = strlen(oldctx) + strlen(newname) + 1;
				208	newctx = xmalloc(newlen);
				209	len = cx - oldctx + 1;
				210	memcpy(newctx, oldctx, len);
				211	strlcpy(newctx + len, newname, newlen - len);
				212	if ((cx = index(cx + 1, ':')))
				213	strlcat(newctx, cx, newlen);
				214	debug3("%s: setting context from '%s' to '%s'", __func__,
				215	oldctx, newctx);
				216	if (setcon(newctx) < 0)
				217	switchlog("%s: setcon %s from %s failed with %s", __func__,
				218	newctx, oldctx, strerror(errno));
				219	xfree(oldctx);
				220	xfree(newctx);
				221	}
				222
				223	void
				224	ssh_selinux_setfscreatecon(const char *path)
				225	{
				226	security_context_t context;
				227
				228	if (!ssh_selinux_enabled())
				229	return;
				230	if (path == NULL) {
				231	setfscreatecon(NULL);
				232	return;
				233	}
				234	if (matchpathcon(path, 0700, &context) == 0)
				235	setfscreatecon(context);
				236	}
				237
				238	#endif /* WITH_SELINUX */
				239
				240	#ifdef LINUX_OOM_ADJUST
				241	/*
				242	* The magic "don't kill me" values, old and new, as documented in eg:
				243	* http://lxr.linux.no/#linux+v2.6.32/Documentation/filesystems/proc.txt
				244	* http://lxr.linux.no/#linux+v2.6.36/Documentation/filesystems/proc.txt
				245	*/
				246
				247	static int oom_adj_save = INT_MIN;
				248	static char *oom_adj_path = NULL;
				249	struct {
				250	char *path;
				251	int value;
				252	} oom_adjust[] = {
				253	{"/proc/self/oom_score_adj", -1000}, /* kernels >= 2.6.36 */
				254	{"/proc/self/oom_adj", -17}, /* kernels <= 2.6.35 */
				255	{NULL, 0},
				256	};
				257
				258	/*
				259	* Tell the kernel's out-of-memory killer to avoid sshd.
				260	* Returns the previous oom_adj value or zero.
				261	*/
				262	void
				263	oom_adjust_setup(void)
				264	{
				265	int i, value;
				266	FILE *fp;
				267
				268	debug3("%s", __func__);
				269	for (i = 0; oom_adjust[i].path != NULL; i++) {
				270	oom_adj_path = oom_adjust[i].path;
				271	value = oom_adjust[i].value;
				272	if ((fp = fopen(oom_adj_path, "r+")) != NULL) {
				273	if (fscanf(fp, "%d", &oom_adj_save) != 1)
				274	verbose("error reading %s: %s", oom_adj_path,
				275	strerror(errno));
				276	else {
				277	rewind(fp);
				278	if (fprintf(fp, "%d\n", value) <= 0)
				279	verbose("error writing %s: %s",
				280	oom_adj_path, strerror(errno));
				281	else
				282	verbose("Set %s from %d to %d",
				283	oom_adj_path, oom_adj_save, value);
				284	}
				285	fclose(fp);
				286	return;
				287	}
				288	}
				289	oom_adj_path = NULL;
				290	}
				291
				292	/* Restore the saved OOM adjustment */
				293	void
				294	oom_adjust_restore(void)
				295	{
				296	FILE *fp;
				297
				298	debug3("%s", __func__);
				299	if (oom_adj_save == INT_MIN \|\| oom_adj_path == NULL \|\|
				300	(fp = fopen(oom_adj_path, "w")) == NULL)
				301	return;
				302
				303	if (fprintf(fp, "%d\n", oom_adj_save) <= 0)
				304	verbose("error writing %s: %s", oom_adj_path, strerror(errno));
				305	else
				306	verbose("Set %s to %d", oom_adj_path, oom_adj_save);
				307
				308	fclose(fp);
				309	return;
				310	}
				311	#endif /* LINUX_OOM_ADJUST */
				312	#endif /* WITH_SELINUX \|\| LINUX_OOM_ADJUST */