From b2daf09c10eb5c20522b7db539c9d995e27de804 Mon Sep 17 00:00:00 2001 From: "Nicholas J. Kain" Date: Fri, 12 Nov 2010 09:04:43 -0500 Subject: [PATCH] Move set_cap() to ncmlib/cap.[ch]. --- ifchd/ifchd.c | 3 ++- ifchd/linux.c | 42 +----------------------------- ifchd/linux.h | 3 +-- ncmlib/cap.c | 63 +++++++++++++++++++++++++++++++++++++++++++++ ncmlib/cap.h | 35 +++++++++++++++++++++++++ ndhc/CMakeLists.txt | 1 - ndhc/dhcpc.c | 4 +-- ndhc/rootcap.c | 46 --------------------------------- ndhc/rootcap.h | 6 ----- 9 files changed, 103 insertions(+), 100 deletions(-) create mode 100644 ncmlib/cap.c create mode 100644 ncmlib/cap.h delete mode 100644 ndhc/rootcap.c delete mode 100644 ndhc/rootcap.h diff --git a/ifchd/ifchd.c b/ifchd/ifchd.c index c7bb4e4..1a74818 100644 --- a/ifchd/ifchd.c +++ b/ifchd/ifchd.c @@ -1,5 +1,5 @@ /* ifchd.c - interface change daemon - * Time-stamp: <2010-11-12 06:02:59 njk> + * Time-stamp: <2010-11-12 09:02:54 njk> * * (C) 2004 Nicholas J. Kain * @@ -49,6 +49,7 @@ #include "strlist.h" #include "ifproto.h" #include "strl.h" +#include "cap.h" #include "linux.h" enum states { diff --git a/ifchd/linux.c b/ifchd/linux.c index 562a985..72d6e71 100644 --- a/ifchd/linux.c +++ b/ifchd/linux.c @@ -1,5 +1,5 @@ /* linux.c - ifchd Linux-specific functions - * Time-stamp: <2010-11-12 05:14:52 njk> + * Time-stamp: <2010-11-12 08:45:42 njk> * * (C) 2004 Nicholas J. Kain * @@ -27,8 +27,6 @@ #include #include #include -#include -#include #include #include #include @@ -333,41 +331,3 @@ void perform_broadcast(int idx, char *str) ifnam[idx], strerror(errno)); close(fd); } - -void set_cap(uid_t uid, gid_t gid, char *captxt) -{ - cap_t caps; - - if (!captxt) { - log_line("FATAL - set_cap: captxt == NULL\n"); - exit(EXIT_FAILURE); - } - - if (prctl(PR_SET_KEEPCAPS, 1)) { - log_line("FATAL - set_cap: prctl() failed\n"); - exit(EXIT_FAILURE); - } - - if (setgroups(0, NULL) == -1) { - log_line("FATAL - set_cap: setgroups() failed\n"); - exit(EXIT_FAILURE); - } - - if (setegid(gid) == -1 || seteuid(uid) == -1) { - log_line("FATAL - set_cap: seteuid() failed\n"); - exit(EXIT_FAILURE); - } - - caps = cap_from_text(captxt); - if (!caps) { - log_line("FATAL - set_cap: cap_from_text() failed\n"); - exit(EXIT_FAILURE); - } - - if (cap_set_proc(caps) == -1) { - log_line("FATAL - set_cap: cap_set_proc() failed\n"); - exit(EXIT_FAILURE); - } - - cap_free(caps); -} diff --git a/ifchd/linux.h b/ifchd/linux.h index 17f2d81..d26ad04 100644 --- a/ifchd/linux.h +++ b/ifchd/linux.h @@ -1,5 +1,5 @@ /* linux.h - ifchd Linux-specific functions include - * Time-stamp: <2010-11-12 04:59:01 njk> + * Time-stamp: <2010-11-12 09:03:29 njk> * * (C) 2004 Nicholas J. Kain * @@ -31,6 +31,5 @@ void perform_subnet(int idx, char *str); void perform_router(int idx, char *str); void perform_mtu(int idx, char *str); void perform_broadcast(int idx, char *str); -void set_cap(uid_t uid, gid_t gid, char *captxt); #endif diff --git a/ncmlib/cap.c b/ncmlib/cap.c new file mode 100644 index 0000000..dd8f530 --- /dev/null +++ b/ncmlib/cap.c @@ -0,0 +1,63 @@ +/* cap.c - POSIX capability support + * Time-stamp: <2010-11-12 09:01:07 njk> + * + * (c) 2004-2010 Nicholas J. Kain + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * - Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#include +#include +#include +#include +#include +#include + +#include "log.h" + +void set_cap(uid_t uid, gid_t gid, char *captxt) +{ + cap_t caps; + + if (!captxt) + suicide("FATAL - set_cap: captxt == NULL"); + + if (prctl(PR_SET_KEEPCAPS, 1)) + suicide("FATAL - set_cap: prctl() failed"); + + if (setgroups(0, NULL) == -1) + suicide("FATAL - set_cap: setgroups() failed"); + + if (setegid(gid) == -1 || seteuid(uid) == -1) + suicide("FATAL - set_cap: seteuid() failed"); + + caps = cap_from_text(captxt); + if (!caps) + suicide("FATAL - set_cap: cap_from_text() failed"); + + if (cap_set_proc(caps) == -1) + suicide("FATAL - set_cap: cap_set_proc() failed"); + + cap_free(caps); +} diff --git a/ncmlib/cap.h b/ncmlib/cap.h new file mode 100644 index 0000000..9e1ae74 --- /dev/null +++ b/ncmlib/cap.h @@ -0,0 +1,35 @@ +/* cap.h - POSIX capability support + * Time-stamp: <2010-11-12 08:59:46 njk> + * + * (c) 2005-2010 Nicholas J. Kain + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * - Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef NCM_CAP_H +#define NCM_CAP_H + +void set_cap(uid_t uid, gid_t gid, char *captxt); + +#endif /* NCM_CAP_H */ diff --git a/ndhc/CMakeLists.txt b/ndhc/CMakeLists.txt index 7a5f03b..51897b6 100644 --- a/ndhc/CMakeLists.txt +++ b/ndhc/CMakeLists.txt @@ -8,7 +8,6 @@ set(NDHC_SRCS packet.c script.c clientpacket.c - rootcap.c dhcpc.c ) diff --git a/ndhc/dhcpc.c b/ndhc/dhcpc.c index 74a0a20..b201c19 100644 --- a/ndhc/dhcpc.c +++ b/ndhc/dhcpc.c @@ -36,8 +36,6 @@ #include #include #include -#include -#include #include #include @@ -50,7 +48,7 @@ #include "socket.h" #include "log.h" #include "chroot.h" -#include "rootcap.h" +#include "cap.h" #include "strl.h" #define VERSION "1.0" diff --git a/ndhc/rootcap.c b/ndhc/rootcap.c deleted file mode 100644 index 3b57bd4..0000000 --- a/ndhc/rootcap.c +++ /dev/null @@ -1,46 +0,0 @@ -#include -#include -#include -#include -#include -#include - -#include "log.h" - -void set_cap(uid_t uid, gid_t gid, char *captxt) -{ - cap_t caps; - - if (!captxt) { - log_error("FATAL - set_cap: captxt == NULL"); - exit(EXIT_FAILURE); - } - - if (prctl(PR_SET_KEEPCAPS, 1)) { - log_error("FATAL - set_cap: prctl() failed"); - exit(EXIT_FAILURE); - } - - if (setgroups(0, NULL) == -1) { - log_error("FATAL - set_cap: setgroups() failed"); - exit(EXIT_FAILURE); - } - - if (setegid(gid) == -1 || seteuid(uid) == -1) { - log_error("FATAL - set_cap: seteuid() failed"); - exit(EXIT_FAILURE); - } - - caps = cap_from_text(captxt); - if (!caps) { - log_error("FATAL - set_cap: cap_from_text() failed"); - exit(EXIT_FAILURE); - } - - if (cap_set_proc(caps) == -1) { - log_error("FATAL - set_cap: cap_set_proc() failed"); - exit(EXIT_FAILURE); - } - - cap_free(caps); -} diff --git a/ndhc/rootcap.h b/ndhc/rootcap.h deleted file mode 100644 index 45c7542..0000000 --- a/ndhc/rootcap.h +++ /dev/null @@ -1,6 +0,0 @@ -#ifndef ROOTCAP_H_ -#define ROOTCAP_H_ - -void set_cap(uid_t uid, gid_t gid, char *captxt); - -#endif /* ROOTCAP_H_ */