GCOV - Varnish Cache


/*-
 * Copyright (c) 2006-2015 Varnish Software AS
 * All rights reserved.
 *
 * Author: Poul-Henning Kamp <phk@phk.freebsd.dk>
 *
 * SPDX-License-Identifier: BSD-2-Clause
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * Jailing processes the UNIX way, using setuid(2) etc.
 */

#include "config.h"

#include <fcntl.h>
#include <grp.h>
#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/stat.h>

#include "mgt/mgt.h"
#include "common/heritage.h"

static gid_t vju_mgt_gid;
static uid_t vju_uid;
static gid_t vju_gid;
static const char *vju_user;

static uid_t vju_wrkuid;
static gid_t vju_wrkgid;
static const char *vju_wrkuser;

static gid_t vju_cc_gid;
static int vju_cc_gid_set;

#ifndef VARNISH_USER
#define VARNISH_USER "varnish"
#endif

#ifndef VCACHE_USER
#define VCACHE_USER "vcache"
#endif

#ifndef NGID
#define NGID 2000
#endif

static int
vju_getuid(const char *arg)
{
        struct passwd *pw;

        pw = getpwnam(arg);
        if (pw != NULL) {
                vju_user = strdup(arg);
                AN(vju_user);
                vju_uid = pw->pw_uid;
                vju_gid = pw->pw_gid;
        }
        endpwent();
        return (pw == NULL ? -1 : 0);
}

static int
vju_getwrkuid(const char *arg)
{
        struct passwd *pw;

        pw = getpwnam(arg);
        if (pw != NULL) {
                vju_wrkuser = strdup(arg);
                AN(vju_wrkuser);
                vju_wrkuid = pw->pw_uid;
                vju_wrkgid = pw->pw_gid;
        }
        endpwent();
        return (pw == NULL ? -1 : 0);
}

static int
vju_getccgid(const char *arg)
{
        struct group *gr;

        gr = getgrnam(arg);
        if (gr != NULL) {
                vju_cc_gid_set = 1;
                vju_cc_gid = gr->gr_gid;
        }
        endgrent();
        return (gr == NULL ? -1 : 0);
}

/**********************************************************************
 */

// avoid line breaks
#define JERR(what, val)                                         \
        ARGV_ERR("Unix jail: %s " what " not found.\n", val)

static int v_matchproto_(jail_init_f)
vju_init(char **args)
{
        const char *val;

        if (args == NULL) {
                /* Autoconfig */
                if (geteuid() != 0)
                        return (1);
                if (vju_getuid(VARNISH_USER))
                        return (1);
        } else {

                if (geteuid() != 0)
                        ARGV_ERR("Unix Jail: Must be root.\n");

                for (;*args != NULL; args++) {
                        val = keyval(*args, "user=");
                        if (val != NULL) {
                                if (vju_getuid(val))
                                        JERR("user", val);
                                continue;
                        }
                        val = keyval(*args, "workuser=");
                        if (val != NULL) {
                                if (vju_getwrkuid(val))
                                        JERR("user", val);
                                continue;
                        }
                        val = keyval(*args, "ccgroup=");
                        if (val != NULL) {
                                if (vju_getccgid(val))
                                        JERR("group", val);
                                continue;
                        }
                        ARGV_ERR("Unix jail: unknown sub-argument '%s'\n",
                            *args);
                }

                if (vju_user == NULL && vju_getuid(VARNISH_USER))
                        JERR("user", VARNISH_USER);
        }

        AN(vju_user);

        vju_mgt_gid = getgid();

        if (vju_wrkuser == NULL && vju_getwrkuid(VCACHE_USER)) {
                vju_wrkuid = vju_uid;
                vju_wrkgid = vju_gid;
        }

        if (vju_wrkuser != NULL && vju_wrkgid != vju_gid)
                ARGV_ERR("Unix jail: user %s and %s have "
                    "different login groups\n", vju_user, vju_wrkuser);

        /* Do an explicit JAIL_MASTER_LOW */
        AZ(setegid(vju_gid));
        AZ(seteuid(vju_uid));
        return (0);
}

#undef JERR

static void v_matchproto_(jail_master_f)
vju_master(enum jail_master_e jme)
{
        ASSERT_JAIL_MASTER(jme);
        if (jme == JAIL_MASTER_LOW) {
                AZ(setegid(vju_gid));
                AZ(seteuid(vju_uid));
        } else {
                AZ(seteuid(0));
                AZ(setegid(vju_mgt_gid));
        }
}

static void v_matchproto_(jail_subproc_f)
vju_subproc(enum jail_subproc_e jse)
{
        int i;
        gid_t gid_list[NGID];

        ASSERT_JAIL_SUBPROC(jse);
        AZ(seteuid(0));
        if (vju_wrkuser != NULL &&
            (jse == JAIL_SUBPROC_VCLLOAD || jse == JAIL_SUBPROC_WORKER)) {
                AZ(setgid(vju_wrkgid));
                AZ(initgroups(vju_wrkuser, vju_wrkgid));
        } else {
                AZ(setgid(vju_gid));
                AZ(initgroups(vju_user, vju_gid));
        }

        if (jse == JAIL_SUBPROC_CC && vju_cc_gid_set) {
                /* Add the optional extra group for the C-compiler access */
                i = getgroups(NGID, gid_list);
                assert(i >= 0);
                assert(i < NGID - 1);
                gid_list[i++] = vju_cc_gid;
                AZ(setgroups(i, gid_list));
        }

        if (vju_wrkuser != NULL &&
            (jse == JAIL_SUBPROC_VCLLOAD || jse == JAIL_SUBPROC_WORKER)) {
                AZ(setuid(vju_wrkuid));
        } else {
                AZ(setuid(vju_uid));
        }
}

static int v_matchproto_(jail_make_dir_f)
vju_make_subdir(const char *dname, const char *what, struct vsb *vsb)
{
        int e;

        AN(dname);
        AN(what);
        AN(vsb);
        AZ(seteuid(0));

        if (mkdir(dname, 0755) < 0 && errno != EEXIST) {
                e = errno;
                VSB_printf(vsb, "Cannot create %s directory '%s': %s\n",
                    what, dname, VAS_errtxt(e));
                return (1);
        }
        AZ(chown(dname, vju_uid, vju_gid));
        AZ(seteuid(vju_uid));
        return (0);
}

static int v_matchproto_(jail_make_dir_f)
vju_make_workdir(const char *dname, const char *what, struct vsb *vsb)
{

        AN(dname);
        AZ(what);
        AN(vsb);
        AZ(seteuid(0));

        if (mkdir(dname, 0755) < 0 && errno != EEXIST) {
                VSB_printf(vsb, "Cannot create working directory '%s': %s",
                    dname, VAS_errtxt(errno));
                return (1);
        }
        //lint -e{570}
        if (chown(dname, -1, vju_gid)) {
                MGT_Complain(C_ERR, "Cannot change group of working directory '%s': %s",
                    dname, VAS_errtxt(errno));
                return (1);
        }
        AZ(seteuid(vju_uid));
        return (0);
}

static void v_matchproto_(jail_fixfd_f)
vju_fixfd(int fd, enum jail_fixfd_e what)
{
        /* Called under JAIL_MASTER_FILE */

        switch (what) {
        case JAIL_FIXFD_FILE:
                AZ(fchmod(fd, 0600));
                AZ(fchown(fd, vju_wrkuid, vju_wrkgid));
                break;
        case JAIL_FIXFD_VSMMGT:
                AZ(fchmod(fd, 0750));
                AZ(fchown(fd, vju_uid, vju_gid));
                break;
        case JAIL_FIXFD_VSMWRK:
        case JAIL_FIXFD_WRKTMP:
                AZ(fchmod(fd, 0750));
                AZ(fchown(fd, vju_wrkuid, vju_wrkgid));
                break;
        default:
                WRONG("Ain't Fixin'");
        }
}

const struct jail_tech jail_tech_unix = {
        .magic =        JAIL_TECH_MAGIC,
        .name =         "unix",
        .init =         vju_init,
        .master =       vju_master,
        .make_subdir =  vju_make_subdir,
        .make_workdir = vju_make_workdir,
        .fixfd =        vju_fixfd,
        .subproc =      vju_subproc,
};

		varnish-cache/bin/varnishd/mgt/mgt_jail_unix.c
0		/*-
1		* Copyright (c) 2006-2015 Varnish Software AS
2		* All rights reserved.
3		*
4		* Author: Poul-Henning Kamp <phk@phk.freebsd.dk>
5		*
6		* SPDX-License-Identifier: BSD-2-Clause
7		*
8		* Redistribution and use in source and binary forms, with or without
9		* modification, are permitted provided that the following conditions
10		* are met:
11		* 1. Redistributions of source code must retain the above copyright
12		* notice, this list of conditions and the following disclaimer.
13		* 2. Redistributions in binary form must reproduce the above copyright
14		* notice, this list of conditions and the following disclaimer in the
15		* documentation and/or other materials provided with the distribution.
16		*
17		* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18		* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19		* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20		* ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
21		* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22		* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23		* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24		* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25		* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26		* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27		* SUCH DAMAGE.
28		*
29		* Jailing processes the UNIX way, using setuid(2) etc.
30		*/
31
32		#include "config.h"
33
34		#include <fcntl.h>
35		#include <grp.h>
36		#include <pwd.h>
37		#include <stdio.h>
38		#include <stdlib.h>
39		#include <string.h>
40		#include <unistd.h>
41		#include <sys/stat.h>
42
43		#include "mgt/mgt.h"
44		#include "common/heritage.h"
45
46		static gid_t vju_mgt_gid;
47		static uid_t vju_uid;
48		static gid_t vju_gid;
49		static const char *vju_user;
50
51		static uid_t vju_wrkuid;
52		static gid_t vju_wrkgid;
53		static const char *vju_wrkuser;
54
55		static gid_t vju_cc_gid;
56		static int vju_cc_gid_set;
57
58		#ifndef VARNISH_USER
59		#define VARNISH_USER "varnish"
60		#endif
61
62		#ifndef VCACHE_USER
63		#define VCACHE_USER "vcache"
64		#endif
65
66		#ifndef NGID
67		#define NGID 2000
68		#endif
69
70		static int
71	16	vju_getuid(const char *arg)
72		{
73		struct passwd *pw;
74
75	16	pw = getpwnam(arg);
76	16	if (pw != NULL) {
77	15	vju_user = strdup(arg);
78	15	AN(vju_user);
79	15	vju_uid = pw->pw_uid;
80	15	vju_gid = pw->pw_gid;
81	15	}
82	16	endpwent();
83	16	return (pw == NULL ? -1 : 0);
84		}
85
86		static int
87	16	vju_getwrkuid(const char *arg)
88		{
89		struct passwd *pw;
90
91	16	pw = getpwnam(arg);
92	16	if (pw != NULL) {
93	15	vju_wrkuser = strdup(arg);
94	15	AN(vju_wrkuser);
95	15	vju_wrkuid = pw->pw_uid;
96	15	vju_wrkgid = pw->pw_gid;
97	15	}
98	16	endpwent();
99	16	return (pw == NULL ? -1 : 0);
100		}
101
102		static int
103	5	vju_getccgid(const char *arg)
104		{
105		struct group *gr;
106
107	5	gr = getgrnam(arg);
108	5	if (gr != NULL) {
109	4	vju_cc_gid_set = 1;
110	4	vju_cc_gid = gr->gr_gid;
111	4	}
112	5	endgrent();
113	5	return (gr == NULL ? -1 : 0);
114		}
115
116		/**********************************************************************
117		*/
118
119		// avoid line breaks
120		#define JERR(what, val) \
121		ARGV_ERR("Unix jail: %s " what " not found.\n", val)
122
123		static int v_matchproto_(jail_init_f)
124	1016	vju_init(char **args)
125		{
126		const char *val;
127
128	1016	if (args == NULL) {
129		/* Autoconfig */
130	1007	if (geteuid() != 0)
131	997	return (1);
132	10	if (vju_getuid(VARNISH_USER))
133	0	return (1);
134	10	} else {
135
136	9	if (geteuid() != 0)
137	0	ARGV_ERR("Unix Jail: Must be root.\n");
138
139	19	for (;*args != NULL; args++) {
140	14	val = keyval(*args, "user=");
141	14	if (val != NULL) {
142	5	if (vju_getuid(val))
143	1	JERR("user", val);
144	4	continue;
145		}
146	9	val = keyval(*args, "workuser=");
147	9	if (val != NULL) {
148	3	if (vju_getwrkuid(val))
149	1	JERR("user", val);
150	2	continue;
151		}
152	6	val = keyval(*args, "ccgroup=");
153	6	if (val != NULL) {
154	5	if (vju_getccgid(val))
155	1	JERR("group", val);
156	4	continue;
157		}
158	1	ARGV_ERR("Unix jail: unknown sub-argument '%s'\n",
159		*args);
160	0	}
161
162	5	if (vju_user == NULL && vju_getuid(VARNISH_USER))
163	0	JERR("user", VARNISH_USER);
164		}
165
166	15	AN(vju_user);
167
168	15	vju_mgt_gid = getgid();
169
170	15	if (vju_wrkuser == NULL && vju_getwrkuid(VCACHE_USER)) {
171	0	vju_wrkuid = vju_uid;
172	0	vju_wrkgid = vju_gid;
173	0	}
174
175	15	if (vju_wrkuser != NULL && vju_wrkgid != vju_gid)
176	1	ARGV_ERR("Unix jail: user %s and %s have "
177		"different login groups\n", vju_user, vju_wrkuser);
178
179		/* Do an explicit JAIL_MASTER_LOW */
180	14	AZ(setegid(vju_gid));
181	14	AZ(seteuid(vju_uid));
182	14	return (0);
183	1011	}
184
185		#undef JERR
186
187		static void v_matchproto_(jail_master_f)
188	721	vju_master(enum jail_master_e jme)
189		{
190	721	ASSERT_JAIL_MASTER(jme);
191	721	if (jme == JAIL_MASTER_LOW) {
192	345	AZ(setegid(vju_gid));
193	345	AZ(seteuid(vju_uid));
194	345	} else {
195	376	AZ(seteuid(0));
196	376	AZ(setegid(vju_mgt_gid));
197		}
198	721	}
199
200		static void v_matchproto_(jail_subproc_f)
201	28	vju_subproc(enum jail_subproc_e jse)
202		{
203		int i;
204		gid_t gid_list[NGID];
205
206	28	ASSERT_JAIL_SUBPROC(jse);
207	28	AZ(seteuid(0));
208	56	if (vju_wrkuser != NULL &&
209	28	(jse == JAIL_SUBPROC_VCLLOAD \|\| jse == JAIL_SUBPROC_WORKER)) {
210	0	AZ(setgid(vju_wrkgid));
211	0	AZ(initgroups(vju_wrkuser, vju_wrkgid));
212	0	} else {
213	28	AZ(setgid(vju_gid));
214	28	AZ(initgroups(vju_user, vju_gid));
215		}
216
217	28	if (jse == JAIL_SUBPROC_CC && vju_cc_gid_set) {
218		/* Add the optional extra group for the C-compiler access */
219	4	i = getgroups(NGID, gid_list);
220	4	assert(i >= 0);
221	4	assert(i < NGID - 1);
222	4	gid_list[i++] = vju_cc_gid;
223	4	AZ(setgroups(i, gid_list));
224	4	}
225
226	56	if (vju_wrkuser != NULL &&
227	28	(jse == JAIL_SUBPROC_VCLLOAD \|\| jse == JAIL_SUBPROC_WORKER)) {
228	0	AZ(setuid(vju_wrkuid));
229	0	} else {
230	28	AZ(setuid(vju_uid));
231		}
232	28	}
233
234		static int v_matchproto_(jail_make_dir_f)
235	42	vju_make_subdir(const char dname, const char what, struct vsb *vsb)
236		{
237		int e;
238
239	42	AN(dname);
240	42	AN(what);
241	42	AN(vsb);
242	42	AZ(seteuid(0));
243
244	42	if (mkdir(dname, 0755) < 0 && errno != EEXIST) {
245	0	e = errno;
246	0	VSB_printf(vsb, "Cannot create %s directory '%s': %s\n",
247	0	what, dname, VAS_errtxt(e));
248	0	return (1);
249		}
250	42	AZ(chown(dname, vju_uid, vju_gid));
251	42	AZ(seteuid(vju_uid));
252	42	return (0);
253	42	}
254
255		static int v_matchproto_(jail_make_dir_f)
256	14	vju_make_workdir(const char dname, const char what, struct vsb *vsb)
257		{
258
259	14	AN(dname);
260	14	AZ(what);
261	14	AN(vsb);
262	14	AZ(seteuid(0));
263
264	14	if (mkdir(dname, 0755) < 0 && errno != EEXIST) {
265	0	VSB_printf(vsb, "Cannot create working directory '%s': %s",
266	0	dname, VAS_errtxt(errno));
267	0	return (1);
268		}
269		//lint -e{570}
270	14	if (chown(dname, -1, vju_gid)) {
271	0	MGT_Complain(C_ERR, "Cannot change group of working directory '%s': %s",
272	0	dname, VAS_errtxt(errno));
273	0	return (1);
274		}
275	14	AZ(seteuid(vju_uid));
276	14	return (0);
277	14	}
278
279		static void v_matchproto_(jail_fixfd_f)
280	45	vju_fixfd(int fd, enum jail_fixfd_e what)
281		{
282		/* Called under JAIL_MASTER_FILE */
283
284	45	switch (what) {
285		case JAIL_FIXFD_FILE:
286	0	AZ(fchmod(fd, 0600));
287	0	AZ(fchown(fd, vju_wrkuid, vju_wrkgid));
288	0	break;
289		case JAIL_FIXFD_VSMMGT:
290	14	AZ(fchmod(fd, 0750));
291	14	AZ(fchown(fd, vju_uid, vju_gid));
292	14	break;
293		case JAIL_FIXFD_VSMWRK:
294		case JAIL_FIXFD_WRKTMP:
295	31	AZ(fchmod(fd, 0750));
296	31	AZ(fchown(fd, vju_wrkuid, vju_wrkgid));
297	31	break;
298		default:
299	0	WRONG("Ain't Fixin'");
300	0	}
301	45	}
302
303		const struct jail_tech jail_tech_unix = {
304		.magic = JAIL_TECH_MAGIC,
305		.name = "unix",
306		.init = vju_init,
307		.master = vju_master,
308		.make_subdir = vju_make_subdir,
309		.make_workdir = vju_make_workdir,
310		.fixfd = vju_fixfd,
311		.subproc = vju_subproc,
312		};