search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
7029 want per-process exploit mitigation features (secflags)
[unleashed.git] / usr / src / lib / libc / port / gen / priv_str_xlate.c
blob60ed80c122f38d2a83a7baf96191a77371d195ad
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
25 */
26
27 /*
28 * priv_str_xlate.c - Privilege translation routines.
29 */
30
31 #pragma weak _priv_str_to_set = priv_str_to_set
32 #pragma weak _priv_set_to_str = priv_set_to_str
33 #pragma weak _priv_gettext = priv_gettext
34
35 #include "lint.h"
36 #include <stdio.h>
37 #include <stdlib.h>
38 #include <ctype.h>
39 #include <strings.h>
40 #include <errno.h>
41 #include <string.h>
42 #include <locale.h>
43 #include <sys/param.h>
44 #include <priv.h>
45 #include <alloca.h>
46 #include <locale.h>
47 #include "libc.h"
48 #include "../i18n/_loc_path.h"
49 #include "priv_private.h"
50
51 priv_set_t *
52 priv_basic(void)
53 {
54 priv_data_t *d;
55
56 LOADPRIVDATA(d);
57
58 return (d->pd_basicset);
59 }
60
61 /*
62 * Name: priv_str_to_set()
63 *
64 * Description: Given a buffer with privilege strings, the
65 * equivalent privilege set is returned.
66 *
67 * Special tokens recognized: all, none, basic and "".
68 *
69 * On failure, this function returns NULL.
70 * *endptr == NULL and errno set: resource error.
71 * *endptr != NULL: parse error.
72 */
73 priv_set_t *
74 priv_str_to_set(const char *priv_names,
75 const char *separators,
76 const char **endptr)
77 {
78
79 char *base;
80 char *offset;
81 char *last;
82 priv_set_t *pset = NULL;
83 priv_set_t *zone;
84 priv_set_t *basic;
85
86 if (endptr != NULL)
87 *endptr = NULL;
88
89 if ((base = libc_strdup(priv_names)) == NULL ||
90 (pset = priv_allocset()) == NULL) {
91 /* Whether base is NULL or allocated, this works */
92 libc_free(base);
93 return (NULL);
94 }
95
96 priv_emptyset(pset);
97 basic = priv_basic();
98 zone = privdata->pd_zoneset;
99
100 /* This is how to use strtok_r nicely in a while loop ... */
101 last = base;
102
103 while ((offset = strtok_r(NULL, separators, &last)) != NULL) {
104 /*
105 * Search for these special case strings.
106 */
107 if (basic != NULL && strcasecmp(offset, "basic") == 0) {
108 priv_union(basic, pset);
109 } else if (strcasecmp(offset, "none") == 0) {
110 priv_emptyset(pset);
111 } else if (strcasecmp(offset, "all") == 0) {
112 priv_fillset(pset);
113 } else if (strcasecmp(offset, "zone") == 0) {
114 priv_union(zone, pset);
115 } else {
116 boolean_t neg = (*offset == '-' || *offset == '!');
117 int privid;
118 int slen;
119
120 privid = priv_getbyname(offset +
121 ((neg || *offset == '+') ? 1 : 0));
122 if (privid < 0) {
123 slen = offset - base;
124 libc_free(base);
125 priv_freeset(pset);
126 if (endptr != NULL)
127 *endptr = priv_names + slen;
128 errno = EINVAL;
129 return (NULL);
130 } else {
131 if (neg)
132 PRIV_DELSET(pset, privid);
133 else
134 PRIV_ADDSET(pset, privid);
135 }
136 }
137 }
138
139 libc_free(base);
140 return (pset);
141 }
142
143 /*
144 * Name: priv_set_to_str()
145 *
146 * Description: Given a set of privileges, list of privileges are
147 * returned in privilege numeric order (which can be an ASCII sorted
148 * list as our implementation allows renumbering.
149 *
150 * String "none" identifies an empty privilege set, and string "all"
151 * identifies a full set.
152 *
153 * A pointer to a buffer is returned which needs to be freed by
154 * the caller.
155 *
156 * Several types of output are supported:
157 * PRIV_STR_PORT - portable output: basic,!basic
158 * PRIV_STR_LIT - literal output
159 * PRIV_STR_SHORT - shortest output
160 *
161 * NOTE: this function is called both from inside the library for the
162 * current environment and from outside the library using an externally
163 * generated priv_data_t * in order to analyze core files. It should
164 * return strings which can be free()ed by applications and it should
165 * not use any data from the current environment except in the special
166 * case that it is called from within libc, with a NULL priv_data_t *
167 * argument.
168 */
169
170 char *
171 __priv_set_to_str(
172 priv_data_t *d,
173 const priv_set_t *pset,
174 char separator,
175 int flag)
176 {
177 const char *pstr;
178 char *res, *resp;
179 int i;
180 char neg = separator == '!' ? '-' : '!';
181 priv_set_t *zone;
182 boolean_t all;
183 boolean_t use_libc_data = (d == NULL);
184
185 if (use_libc_data)
186 LOADPRIVDATA(d);
187
188 if (flag != PRIV_STR_PORT && __priv_isemptyset(d, pset))
189 return (strdup("none"));
190 if (flag != PRIV_STR_LIT && __priv_isfullset(d, pset))
191 return (strdup("all"));
192
193 /* Safe upper bound: global info contains all NULL separated privs */
194 res = resp = alloca(d->pd_pinfo->priv_globalinfosize);
195
196 /*
197 * Compute the shortest form; i.e., the form with the fewest privilege
198 * tokens.
199 * The following forms are possible:
200 * literal: priv1,priv2,priv3
201 * tokcount = present
202 * port: basic,!missing_basic,other
203 * tokcount = 1 + present - presentbasic + missingbasic
204 * zone: zone,!missing_zone
205 * tokcount = 1 + missingzone
206 * all: all,!missing1,!missing2
207 * tokcount = 1 + d->pd_nprivs - present;
208 *
209 * Note that zone and all forms are identical in the global zone;
210 * in that case (or any other where the token count is the same),
211 * all is preferred. Also, the zone form is only used when the
212 * indicated privileges are a subset of the zone set.
213 */
214
215 if (use_libc_data)
216 LOCKPRIVDATA();
217
218 if (flag == PRIV_STR_SHORT) {
219 int presentbasic, missingbasic, present, missing;
220 int presentzone, missingzone;
221 int count;
222
223 presentbasic = missingbasic = present = 0;
224 presentzone = missingzone = 0;
225 zone = d->pd_zoneset;
226
227 for (i = 0; i < d->pd_nprivs; i++) {
228 int mem = PRIV_ISMEMBER(pset, i);
229 if (d->pd_basicset != NULL &&
230 PRIV_ISMEMBER(d->pd_basicset, i)) {
231 if (mem)
232 presentbasic++;
233 else
234 missingbasic++;
235 }
236 if (zone != NULL && PRIV_ISMEMBER(zone, i)) {
237 if (mem)
238 presentzone++;
239 else
240 missingzone++;
241 }
242 if (mem)
243 present++;
244 }
245 missing = d->pd_nprivs - present;
246
247 if (1 - presentbasic + missingbasic < 0) {
248 flag = PRIV_STR_PORT;
249 count = present + 1 - presentbasic + missingbasic;
250 } else {
251 flag = PRIV_STR_LIT;
252 count = present;
253 }
254 if (count >= 1 + missing) {
255 flag = PRIV_STR_SHORT;
256 count = 1 + missing;
257 all = B_TRUE;
258 }
259 if (present == presentzone && 1 + missingzone < count) {
260 flag = PRIV_STR_SHORT;
261 all = B_FALSE;
262 }
263 }
264
265 switch (flag) {
266 case PRIV_STR_LIT:
267 *res = '\0';
268 break;
269 case PRIV_STR_PORT:
270 (void) strcpy(res, "basic");
271 if (d->pd_basicset == NULL)
272 flag = PRIV_STR_LIT;
273 break;
274 case PRIV_STR_SHORT:
275 if (all)
276 (void) strcpy(res, "all");
277 else
278 (void) strcpy(res, "zone");
279 break;
280 default:
281 if (use_libc_data)
282 UNLOCKPRIVDATA();
283 return (NULL);
284 }
285 res += strlen(res);
286
287 for (i = 0; i < d->pd_nprivs; i++) {
288 /* Map the privilege to the next one sorted by name */
289 int priv = d->pd_setsort[i];
290
291 if (PRIV_ISMEMBER(pset, priv)) {
292 switch (flag) {
293 case PRIV_STR_SHORT:
294 if (all || PRIV_ISMEMBER(zone, priv))
295 continue;
296 break;
297 case PRIV_STR_PORT:
298 if (PRIV_ISMEMBER(d->pd_basicset, priv))
299 continue;
300 break;
301 case PRIV_STR_LIT:
302 break;
303 }
304 if (res != resp)
305 *res++ = separator;
306 } else {
307 switch (flag) {
308 case PRIV_STR_LIT:
309 continue;
310 case PRIV_STR_PORT:
311 if (!PRIV_ISMEMBER(d->pd_basicset, priv))
312 continue;
313 break;
314 case PRIV_STR_SHORT:
315 if (!all && !PRIV_ISMEMBER(zone, priv))
316 continue;
317 break;
318 }
319 if (res != resp)
320 *res++ = separator;
321 *res++ = neg;
322 }
323 pstr = __priv_getbynum(d, priv);
324 (void) strcpy(res, pstr);
325 res += strlen(pstr);
326 }
327 if (use_libc_data)
328 UNLOCKPRIVDATA();
329 /* Special case the set with some high bits set */
330 return (strdup(*resp == '\0' ? "none" : resp));
331 }
332
333 /*
334 * priv_set_to_str() is defined to return a string that
335 * the caller must deallocate with free(3C). Grr...
336 */
337 char *
338 priv_set_to_str(const priv_set_t *pset, char separator, int flag)
339 {
340 return (__priv_set_to_str(NULL, pset, separator, flag));
341 }
342
343 static char *
344 do_priv_gettext(const char *priv, const char *file)
345 {
346 char buf[8*1024];
347 boolean_t inentry = B_FALSE;
348 FILE *namefp;
349
350 namefp = fopen(file, "rF");
351 if (namefp == NULL)
352 return (NULL);
353
354 /*
355 * parse the file; it must have the following format
356 * Lines starting with comments "#"
357 * Lines starting with non white space with one single token:
358 * the privileges; white space indented lines which are the
359 * description; no empty lines are allowed in the description.
360 */
361 while (fgets(buf, sizeof (buf), namefp) != NULL) {
362 char *lp; /* pointer to the current line */
363
364 if (buf[0] == '#')
365 continue;
366
367 if (buf[0] == '\n') {
368 inentry = B_FALSE;
369 continue;
370 }
371
372 if (inentry)
373 continue;
374
375 /* error; not skipping; yet line starts with white space */
376 if (isspace((unsigned char)buf[0]))
377 goto out;
378
379 /* Trim trailing newline */
380 buf[strlen(buf) - 1] = '\0';
381
382 if (strcasecmp(buf, priv) != 0) {
383 inentry = B_TRUE;
384 continue;
385 }
386
387 lp = buf;
388 while (fgets(lp, sizeof (buf) - (lp - buf), namefp) != NULL) {
389 char *tstart; /* start of text */
390 int len;
391
392 /* Empty line or start of next entry terminates */
393 if (*lp == '\n' || !isspace((unsigned char)*lp)) {
394 *lp = '\0';
395 (void) fclose(namefp);
396 return (strdup(buf));
397 }
398
399 /* Remove leading white space */
400 tstart = lp;
401 while (*tstart != '\0' &&
402 isspace((unsigned char)*tstart)) {
403 tstart++;
404 }
405
406 len = strlen(tstart);
407 (void) memmove(lp, tstart, len + 1);
408 lp += len;
409
410 /* Entry to big; prevent fgets() loop */
411 if (lp == &buf[sizeof (buf) - 1])
412 goto out;
413 }
414 if (lp != buf) {
415 *lp = '\0';
416 (void) fclose(namefp);
417 return (strdup(buf));
418 }
419 }
420 out:
421 (void) fclose(namefp);
422 return (NULL);
423 }
424
425 /*
426 * priv_gettext() is defined to return a string that
427 * the caller must deallocate with free(3C). Grr...
428 */
429 char *
430 priv_gettext(const char *priv)
431 {
432 char file[MAXPATHLEN];
433 locale_t curloc;
434 const char *loc;
435 char *ret;
436
437 /* Not a valid privilege */
438 if (priv_getbyname(priv) < 0)
439 return (NULL);
440
441 curloc = uselocale(NULL);
442 loc = current_locale(curloc, LC_MESSAGES);
443
444 if (snprintf(file, sizeof (file),
445 _DFLT_LOC_PATH "%s/LC_MESSAGES/priv_names", loc) < sizeof (file)) {
446 ret = do_priv_gettext(priv, (const char *)file);
447 if (ret != NULL)
448 return (ret);
449 }
450
451 /* If the path is too long or can't be opened, punt to default */
452 ret = do_priv_gettext(priv, "/etc/security/priv_names");
453 return (ret);
454 }
Unleashed OS