tags/debian_version_3.0pl1-115/user.c

/* Copyright 1988,1990,1993,1994 by Paul Vixie
 * All rights reserved
 *
 * Distribute freely, except: don't remove my name from the source or
 * documentation (don't take credit for my work), mark your changes (don't
 * get me blamed for your possible bugs), don't alter or remove this
 * notice.  May be sold if buildable source is provided to buyer.  No
 * warrantee of any kind, express or implied, is included with this
 * software; use at your own risk, responsibility for damages (if any) to
 * anyone resulting from the use of this software rests entirely with the
 * user.
 *
 * Send bug reports, bug fixes, enhancements, requests, flames, etc., and
 * I'll try to keep a version up to date.  I can be reached as follows:
 * Paul Vixie          <paul@vix.com>          uunet!decwrl!vixie!paul
 */

#if !defined(lint) && !defined(LINT)
static char rcsid[] = "$Id: user.c,v 2.8 1994/01/15 20:43:43 vixie Exp $";
#endif

/* vix 26jan87 [log is in RCS file]
 */


#include <syslog.h>
#include <string.h>
#include "cron.h"


#ifdef WITH_SELINUX
#include <selinux/selinux.h>
#include <selinux/flask.h>
#include <selinux/av_permissions.h>
#include <selinux/get_context_list.h>

static int get_security_context(char *name, int crontab_fd, security_context_t
                                *rcontext, char *tabname) {
    security_context_t scontext=NULL;
    security_context_t  file_context=NULL;
    struct av_decision avd;
    int retval=0;

    *rcontext = NULL;
    if (get_default_context(name, NULL, &scontext)) {
        if (security_getenforce() > 0) {
            log_it(name, getpid(), "No SELinux security context", tabname);
            return -1;
        } else {
            log_it(name, getpid(),
                   "No security context but SELinux in permissive mode,"
                   " continuing", tabname);
            return 0;
        }
    }

    if (fgetfilecon(crontab_fd, &file_context) < OK) {
        if (security_getenforce() > 0) {
            log_it(name, getpid(), "getfilecon FAILED", tabname);
            freecon(scontext);
            return -1;
        } else {
            log_it(name, getpid(), "getfilecon FAILED but SELinux in "
                   "permissive mode, continuing", tabname);
            *rcontext=scontext;
            return 0;
        }
    }

    /*
     * Since crontab files are not directly executed,
     * crond must ensure that the crontab file has
     * a context that is appropriate for the context of
     * the user cron job.  It performs an entrypoint
     * permission check for this purpose.
     */

    retval = security_compute_av(scontext,
                                 file_context,
                                 SECCLASS_FILE,
                                 FILE__ENTRYPOINT,
                                 &avd);
    freecon(file_context);
    if (retval || ((FILE__ENTRYPOINT & avd.allowed) != FILE__ENTRYPOINT)) {
        if (security_getenforce() > 0) {
            log_it(name, getpid(), "ENTRYPOINT FAILED", tabname);
            freecon(scontext);
            return -1;
        } else {
            log_it(name, getpid(), "ENTRYPOINT FAILED but SELinux in permissive mode, continuing", tabname);
        }
    }
    *rcontext=scontext;
    return 0;
}
#endif


#ifdef DEBIAN
/* Function used to log errors in crontabs from cron daemon. (User
   crontabs are checked before they're accepted, but system crontabs
   are not. */
static char *err_user=NULL;

void
crontab_error(msg)
     char *msg;
{
  const char *fn;
  /* Figure out the file name from the username */
  if (0 == strcmp(err_user,"*system*")) {
    syslog(LOG_ERR|LOG_CRON,"Error: %s; while reading %s", msg, SYSCRONTAB);
  } else if (0 == strncmp(err_user,"*system*",8)) {
    fn = err_user+8;
    syslog(LOG_ERR|LOG_CRON,"Error: %s; while reading %s/%s", msg, 
           SYSCRONDIR,fn);
  } else {
    syslog(LOG_ERR|LOG_CRON, "Error: %s; while reading crontab for user %s",
           msg, err_user);
  }
}

#endif

void
free_user(u)
        user    *u;
{
        entry   *e, *ne;

        free(u->name);
        for (e = u->crontab;  e != NULL;  e = ne) {
                ne = e->next;
                free_entry(e);
        }
#ifdef WITH_SELINUX
        if (u->scontext)
                freecon(u->scontext);
#endif
        free(u);
}


user *
load_user(crontab_fd, pw, uname, fname, tabname)
        int             crontab_fd;
        struct passwd   *pw;            /* NULL implies syscrontab */
        char            *uname;
        char            *fname;
        char            *tabname;
{
        char    envstr[MAX_ENVSTR];
        FILE    *file;
        user    *u;
        entry   *e;
        int     status;
        char    **envp = NULL, **tenvp;

        if (!(file = fdopen(crontab_fd, "r"))) {
                perror("fdopen on crontab_fd in load_user");
                return NULL;
        }

        Debug(DPARS, ("load_user()\n"))

        /* file is open.  build user entry, then read the crontab file.
         */
        if ((u = (user *) malloc(sizeof(user))) == NULL) {
                errno = ENOMEM;
                return NULL;
        }
        if ((u->name = strdup(fname)) == NULL) {
                free(u);
                errno = ENOMEM;
                return NULL;
        }
        u->crontab = NULL;

#ifdef WITH_SELINUX
        u->scontext = NULL;
        if (is_selinux_enabled() > 0) {
            char *sname=uname;
            if (pw==NULL) {
                sname="system_u";
            }
            if (get_security_context(sname, crontab_fd, 
                                     &u->scontext, tabname) != 0 ) {
                u->scontext = NULL;
                free_user(u);
                u = NULL;
                goto done;
            }
        }
#endif


        /* 
         * init environment.  this will be copied/augmented for each entry.
         */
        if ((envp = env_init()) == NULL) {
                free(u->name);
                free(u);
                return NULL;
        }

        /*
         * load the crontab
         */
        while ((status = load_env(envstr, file)) >= OK) {
                switch (status) {
                case ERR:
                        free_user(u);
                        u = NULL;
                        goto done;
                case FALSE:
#ifdef DEBIAN
                        err_user = fname;
                        e = load_entry(file, crontab_error, pw, envp);
                        err_user = NULL;
#else
                        e = load_entry(file, NULL, pw, envp);
#endif
                        if (e) {
                                e->next = u->crontab;
                                u->crontab = e;
                        }
                        break;
                case TRUE:
                        if ((tenvp = env_set(envp, envstr))) {
                                envp = tenvp;
                        } else {
                                free_user(u);
                                u = NULL;
                                goto done;
                        }
                        break;
                }
        }

 done:
        env_free(envp);
        fclose(file);
        Debug(DPARS, ("...load_user() done\n"))
        return u;
}
1	steveg	2	/* Copyright 1988,1990,1993,1994 by Paul Vixie
2			* All rights reserved
3			*
4			* Distribute freely, except: don't remove my name from the source or
5			* documentation (don't take credit for my work), mark your changes (don't
6			* get me blamed for your possible bugs), don't alter or remove this
7			* notice. May be sold if buildable source is provided to buyer. No
8			* warrantee of any kind, express or implied, is included with this
9			* software; use at your own risk, responsibility for damages (if any) to
10			* anyone resulting from the use of this software rests entirely with the
11			* user.
12			*
13			* Send bug reports, bug fixes, enhancements, requests, flames, etc., and
14			* I'll try to keep a version up to date. I can be reached as follows:
15			* Paul Vixie <paul@vix.com> uunet!decwrl!vixie!paul
16			*/
17
18			#if !defined(lint) && !defined(LINT)
19			static char rcsid[] = "$Id: user.c,v 2.8 1994/01/15 20:43:43 vixie Exp $";
20			#endif
21
22			/* vix 26jan87 [log is in RCS file]
23			*/
24
25
26	steveg	210	#include <syslog.h>
27			#include <string.h>
28	steveg	2	#include "cron.h"
29
30	steveg	286
31			#ifdef WITH_SELINUX
32			#include <selinux/selinux.h>
33			#include <selinux/flask.h>
34			#include <selinux/av_permissions.h>
35			#include <selinux/get_context_list.h>
36
37			static int get_security_context(char *name, int crontab_fd, security_context_t
38			rcontext, char tabname) {
39	jfs	323	security_context_t scontext=NULL;
40	steveg	286	security_context_t file_context=NULL;
41			struct av_decision avd;
42			int retval=0;
43
44	jfs	312	*rcontext = NULL;
45	steveg	286	if (get_default_context(name, NULL, &scontext)) {
46			if (security_getenforce() > 0) {
47			log_it(name, getpid(), "No SELinux security context", tabname);
48			return -1;
49			} else {
50			log_it(name, getpid(),
51			"No security context but SELinux in permissive mode,"
52			" continuing", tabname);
53	jfs	323	return 0;
54	steveg	286	}
55			}
56
57			if (fgetfilecon(crontab_fd, &file_context) < OK) {
58			if (security_getenforce() > 0) {
59			log_it(name, getpid(), "getfilecon FAILED", tabname);
60			freecon(scontext);
61			return -1;
62			} else {
63			log_it(name, getpid(), "getfilecon FAILED but SELinux in "
64			"permissive mode, continuing", tabname);
65			*rcontext=scontext;
66			return 0;
67			}
68			}
69
70			/*
71			* Since crontab files are not directly executed,
72			* crond must ensure that the crontab file has
73			* a context that is appropriate for the context of
74			* the user cron job. It performs an entrypoint
75			* permission check for this purpose.
76			*/
77
78			retval = security_compute_av(scontext,
79			file_context,
80			SECCLASS_FILE,
81			FILE__ENTRYPOINT,
82			&avd);
83			freecon(file_context);
84			if (retval \|\| ((FILE__ENTRYPOINT & avd.allowed) != FILE__ENTRYPOINT)) {
85			if (security_getenforce() > 0) {
86			log_it(name, getpid(), "ENTRYPOINT FAILED", tabname);
87			freecon(scontext);
88			return -1;
89			} else {
90			log_it(name, getpid(), "ENTRYPOINT FAILED but SELinux in permissive mode, continuing", tabname);
91			}
92			}
93			*rcontext=scontext;
94			return 0;
95			}
96			#endif
97
98
99	steveg	210	#ifdef DEBIAN
100			/* Function used to log errors in crontabs from cron daemon. (User
101			crontabs are checked before they're accepted, but system crontabs
102			are not. */
103			static char *err_user=NULL;
104	steveg	2
105			void
106	steveg	210	crontab_error(msg)
107			char *msg;
108			{
109			const char *fn;
110			/* Figure out the file name from the username */
111			if (0 == strcmp(err_user,"system")) {
112			syslog(LOG_ERR\|LOG_CRON,"Error: %s; while reading %s", msg, SYSCRONTAB);
113			} else if (0 == strncmp(err_user,"system",8)) {
114			fn = err_user+8;
115			syslog(LOG_ERR\|LOG_CRON,"Error: %s; while reading %s/%s", msg,
116			SYSCRONDIR,fn);
117			} else {
118			syslog(LOG_ERR\|LOG_CRON, "Error: %s; while reading crontab for user %s",
119			msg, err_user);
120			}
121			}
122
123			#endif
124
125			void
126	steveg	2	free_user(u)
127			user *u;
128			{
129			entry e, ne;
130
131			free(u->name);
132			for (e = u->crontab; e != NULL; e = ne) {
133			ne = e->next;
134			free_entry(e);
135			}
136	steveg	286	#ifdef WITH_SELINUX
137	jfs	323	if (u->scontext)
138	jfs	321	freecon(u->scontext);
139	steveg	286	#endif
140	steveg	2	free(u);
141			}
142
143
144			user *
145	steveg	286	load_user(crontab_fd, pw, uname, fname, tabname)
146	steveg	2	int crontab_fd;
147			struct passwd pw; / NULL implies syscrontab */
148	steveg	286	char *uname;
149			char *fname;
150			char *tabname;
151	steveg	2	{
152			char envstr[MAX_ENVSTR];
153			FILE *file;
154			user *u;
155			entry *e;
156			int status;
157	jfs	312	char envp = NULL, tenvp;
158	steveg	2
159			if (!(file = fdopen(crontab_fd, "r"))) {
160			perror("fdopen on crontab_fd in load_user");
161			return NULL;
162			}
163
164			Debug(DPARS, ("load_user()\n"))
165
166			/* file is open. build user entry, then read the crontab file.
167			*/
168	steveg	6	if ((u = (user *) malloc(sizeof(user))) == NULL) {
169			errno = ENOMEM;
170			return NULL;
171			}
172	steveg	286	if ((u->name = strdup(fname)) == NULL) {
173	steveg	6	free(u);
174			errno = ENOMEM;
175			return NULL;
176			}
177	steveg	2	u->crontab = NULL;
178
179	steveg	286	#ifdef WITH_SELINUX
180	jfs	323	u->scontext = NULL;
181	steveg	286	if (is_selinux_enabled() > 0) {
182			char *sname=uname;
183			if (pw==NULL) {
184			sname="system_u";
185			}
186			if (get_security_context(sname, crontab_fd,
187			&u->scontext, tabname) != 0 ) {
188	jfs	312	u->scontext = NULL;
189	steveg	286	free_user(u);
190			u = NULL;
191			goto done;
192			}
193			}
194			#endif
195
196
197	steveg	2	/*
198			* init environment. this will be copied/augmented for each entry.
199			*/
200	steveg	6	if ((envp = env_init()) == NULL) {
201			free(u->name);
202			free(u);
203			return NULL;
204			}
205	steveg	2
206			/*
207			* load the crontab
208			*/
209			while ((status = load_env(envstr, file)) >= OK) {
210			switch (status) {
211			case ERR:
212			free_user(u);
213			u = NULL;
214			goto done;
215			case FALSE:
216	steveg	210	#ifdef DEBIAN
217	steveg	286	err_user = fname;
218	steveg	210	e = load_entry(file, crontab_error, pw, envp);
219			err_user = NULL;
220			#else
221	steveg	2	e = load_entry(file, NULL, pw, envp);
222	steveg	210	#endif
223	steveg	2	if (e) {
224			e->next = u->crontab;
225			u->crontab = e;
226			}
227			break;
228			case TRUE:
229	steveg	6	if ((tenvp = env_set(envp, envstr))) {
230			envp = tenvp;
231			} else {
232			free_user(u);
233			u = NULL;
234			goto done;
235			}
236	steveg	2	break;
237			}
238			}
239
240			done:
241			env_free(envp);
242			fclose(file);
243			Debug(DPARS, ("...load_user() done\n"))
244			return u;
245			}