search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
net: Allow binding of unspecified address without address existance
[dragonfly.git] / crypto / openssh / platform.c
blob44ba71dc5fcb22f9773294c51a65ccc2ca9ed896
1 /*
2 * Copyright (c) 2006 Darren Tucker. All rights reserved.
3 *
4 * Permission to use, copy, modify, and distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
11 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
13 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */
16
17 #include "includes.h"
18
19 #include <stdarg.h>
20 #include <stdio.h>
21 #include <unistd.h>
22
23 #include "log.h"
24 #include "misc.h"
25 #include "servconf.h"
26 #include "sshkey.h"
27 #include "hostfile.h"
28 #include "auth.h"
29 #include "auth-pam.h"
30 #include "platform.h"
31
32 #include "openbsd-compat/openbsd-compat.h"
33
34 extern int use_privsep;
35 extern ServerOptions options;
36
37 void
38 platform_pre_listen(void)
39 {
40 #ifdef LINUX_OOM_ADJUST
41 /* Adjust out-of-memory killer so listening process is not killed */
42 oom_adjust_setup();
43 #endif
44 }
45
46 void
47 platform_pre_fork(void)
48 {
49 #ifdef USE_SOLARIS_PROCESS_CONTRACTS
50 solaris_contract_pre_fork();
51 #endif
52 }
53
54 void
55 platform_pre_restart(void)
56 {
57 #ifdef LINUX_OOM_ADJUST
58 oom_adjust_restore();
59 #endif
60 }
61
62 void
63 platform_post_fork_parent(pid_t child_pid)
64 {
65 #ifdef USE_SOLARIS_PROCESS_CONTRACTS
66 solaris_contract_post_fork_parent(child_pid);
67 #endif
68 }
69
70 void
71 platform_post_fork_child(void)
72 {
73 #ifdef USE_SOLARIS_PROCESS_CONTRACTS
74 solaris_contract_post_fork_child();
75 #endif
76 #ifdef LINUX_OOM_ADJUST
77 oom_adjust_restore();
78 #endif
79 }
80
81 /* return 1 if we are running with privilege to swap UIDs, 0 otherwise */
82 int
83 platform_privileged_uidswap(void)
84 {
85 #ifdef HAVE_CYGWIN
86 /* uid 0 is not special on Cygwin so always try */
87 return 1;
88 #else
89 return (getuid() == 0 || geteuid() == 0);
90 #endif
91 }
92
93 /*
94 * This gets called before switching UIDs, and is called even when sshd is
95 * not running as root.
96 */
97 void
98 platform_setusercontext(struct passwd *pw)
99 {
100 #ifdef WITH_SELINUX
101 /* Cache selinux status for later use */
102 (void)ssh_selinux_enabled();
103 #endif
104
105 #ifdef USE_SOLARIS_PROJECTS
106 /*
107 * If solaris projects were detected, set the default now, unless
108 * we are using PAM in which case it is the responsibility of the
109 * PAM stack.
110 */
111 if (!options.use_pam && (getuid() == 0 || geteuid() == 0))
112 solaris_set_default_project(pw);
113 #endif
114
115 #if defined(HAVE_LOGIN_CAP) && defined (__bsdi__)
116 if (getuid() == 0 || geteuid() == 0)
117 setpgid(0, 0);
118 # endif
119
120 #if defined(HAVE_LOGIN_CAP) && defined(USE_PAM)
121 /*
122 * If we have both LOGIN_CAP and PAM, we want to establish creds
123 * before calling setusercontext (in session.c:do_setusercontext).
124 */
125 if (getuid() == 0 || geteuid() == 0) {
126 if (options.use_pam) {
127 do_pam_setcred(use_privsep);
128 }
129 }
130 # endif /* USE_PAM */
131
132 #if !defined(HAVE_LOGIN_CAP) && defined(HAVE_GETLUID) && defined(HAVE_SETLUID)
133 if (getuid() == 0 || geteuid() == 0) {
134 /* Sets login uid for accounting */
135 if (getluid() == -1 && setluid(pw->pw_uid) == -1)
136 error("setluid: %s", strerror(errno));
137 }
138 #endif
139 }
140
141 /*
142 * This gets called after we've established the user's groups, and is only
143 * called if sshd is running as root.
144 */
145 void
146 platform_setusercontext_post_groups(struct passwd *pw)
147 {
148 #if !defined(HAVE_LOGIN_CAP) && defined(USE_PAM)
149 /*
150 * PAM credentials may take the form of supplementary groups.
151 * These will have been wiped by the above initgroups() call.
152 * Reestablish them here.
153 */
154 if (options.use_pam) {
155 do_pam_setcred(use_privsep);
156 }
157 #endif /* USE_PAM */
158
159 #if !defined(HAVE_LOGIN_CAP) && (defined(WITH_IRIX_PROJECT) || \
160 defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY))
161 irix_setusercontext(pw);
162 #endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY) */
163
164 #ifdef _AIX
165 aix_usrinfo(pw);
166 #endif /* _AIX */
167
168 #ifdef HAVE_SETPCRED
169 /*
170 * If we have a chroot directory, we set all creds except real
171 * uid which we will need for chroot. If we don't have a
172 * chroot directory, we don't override anything.
173 */
174 {
175 char **creds = NULL, *chroot_creds[] =
176 { "REAL_USER=root", NULL };
177
178 if (options.chroot_directory != NULL &&
179 strcasecmp(options.chroot_directory, "none") != 0)
180 creds = chroot_creds;
181
182 if (setpcred(pw->pw_name, creds) == -1)
183 fatal("Failed to set process credentials");
184 }
185 #endif /* HAVE_SETPCRED */
186 #ifdef WITH_SELINUX
187 ssh_selinux_setup_exec_context(pw->pw_name);
188 #endif
189 }
190
191 char *
192 platform_krb5_get_principal_name(const char *pw_name)
193 {
194 #ifdef USE_AIX_KRB_NAME
195 return aix_krb5_get_principal_name(pw_name);
196 #else
197 return NULL;
198 #endif
199 }
DragonFly BSD