lib/caputils.c

   1 /*
   2  * This program is free software; you can redistribute it and/or modify it
   3  * under the terms of the GNU General Public License as published by the
   4  * Free Software Foundation; either version 2, or (at your option) any
   5  * later version.
   6  *
   7  * This program is distributed in the hope that it will be useful, but
   8  * WITHOUT ANY WARRANTY; without even the implied warranty of
   9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  10  * General Public License for more details.
  11  *
  12  * You should have received a copy of the GNU General Public License along
  13  * with this program; if not, write to the Free Software Foundation, Inc.,
  14  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  15  */
  16
  17 #include <sys/prctl.h>
  18 #include <stdio.h>
  19 #include <stdlib.h>
  20 #include <limits.h>
  21 #include <errno.h>
  22
  23 #include "c.h"
  24 #include "caputils.h"
  25 #include "pathnames.h"
  26 #include "procfs.h"
  27 #include "nls.h"
  28
  29 static int test_cap(unsigned int cap)
  30 {
  31         /* prctl returns 0 or 1 for valid caps, -1 otherwise */
  32         return prctl(PR_CAPBSET_READ, cap, 0, 0, 0) >= 0;
  33 }
  34
  35 static int cap_last_by_bsearch(int *ret)
  36 {
  37         /* starting with cap=INT_MAX means we always know
  38          * that cap1 is invalid after the first iteration */
  39         int cap = INT_MAX;
  40         unsigned int cap0 = 0, cap1 = INT_MAX;
  41
  42         while ((int)cap0 < cap) {
  43                 if (test_cap(cap))
  44                         cap0 = cap;
  45                 else
  46                         cap1 = cap;
  47
  48                 cap = (cap0 + cap1) / 2U;
  49         }
  50
  51         *ret = cap;
  52         return 0;
  53 }
  54
  55 static int cap_last_by_procfs(int *ret)
  56 {
  57         FILE *f = fopen(_PATH_PROC_CAPLASTCAP, "r");
  58         int rc = -EINVAL;
  59
  60         *ret = 0;
  61
  62         if (f && fd_is_procfs(fileno(f))) {
  63                 int cap;
  64
  65                 /* we check if the cap after this one really isn't valid */
  66                 if (fscanf(f, "%d", &cap) == 1 &&
  67                     cap < INT_MAX && !test_cap(cap + 1)) {
  68
  69                         *ret = cap;
  70                         rc = 0;
  71                 }
  72         }
  73
  74         if (f)
  75                 fclose(f);
  76         return rc;
  77 }
  78
  79 int cap_last_cap(void)
  80 {
  81         static int cap = -1;
  82
  83         if (cap != -1)
  84                 return cap;
  85         if (cap_last_by_procfs(&cap) < 0)
  86                 cap_last_by_bsearch(&cap);
  87
  88         return cap;
  89 }
  90
  91 void cap_permitted_to_ambient(void)
  92 {
  93         /* We use capabilities system calls to propagate the permitted
  94          * capabilities into the ambient set because we may have
  95          * already forked so be in async-signal-safe context. */
  96         struct __user_cap_header_struct header = {
  97                 .version = _LINUX_CAPABILITY_VERSION_3,
  98                 .pid = 0,
  99         };
 100         struct __user_cap_data_struct payload[_LINUX_CAPABILITY_U32S_3] = {{ 0 }};
 101         uint64_t effective, cap;
 102
 103         if (capget(&header, payload) < 0)
 104                 err(EXIT_FAILURE, _("capget failed"));
 105
 106         /* In order the make capabilities ambient, we first need to ensure
 107          * that they are all inheritable. */
 108         payload[0].inheritable = payload[0].permitted;
 109         payload[1].inheritable = payload[1].permitted;
 110
 111         if (capset(&header, payload) < 0)
 112                 err(EXIT_FAILURE, _("capset failed"));
 113
 114         effective = ((uint64_t)payload[1].effective << 32) |  (uint64_t)payload[0].effective;
 115
 116         for (cap = 0; cap < (sizeof(effective) * 8); cap++) {
 117                 /* This is the same check as cap_valid(), but using
 118                  * the runtime value for the last valid cap. */
 119                 if (cap > (uint64_t) cap_last_cap())
 120                         continue;
 121
 122                 if ((effective & (1ULL << cap))
 123                     && prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, cap, 0, 0) < 0)
 124                         err(EXIT_FAILURE, _("prctl(PR_CAP_AMBIENT) failed"));
 125         }
 126 }
 127
 128 #ifdef TEST_PROGRAM_CAPUTILS
 129 int main(int argc, char *argv[])
 130 {
 131         int rc = 0, cap;
 132
 133         if (argc < 2) {
 134                 fprintf(stderr, "usage: %1$s --last-by-procfs\n"
 135                                 "       %1$s --last-by-bsearch\n"
 136                                 "       %1$s --last\n",
 137                                 program_invocation_short_name);
 138                 return EXIT_FAILURE;
 139         }
 140
 141         if (strcmp(argv[1], "--last-by-procfs") == 0) {
 142                 rc = cap_last_by_procfs(&cap);
 143                 if (rc == 0)
 144                         printf("last cap: %d\n", cap);
 145
 146         } else if (strcmp(argv[1], "--last-by-bsearch") == 0) {
 147                 rc = cap_last_by_bsearch(&cap);
 148                 if (rc == 0)
 149                         printf("last cap: %d\n", cap);
 150
 151         } else if (strcmp(argv[1], "--last") == 0)
 152                 printf("last cap: %d\n", cap_last_cap());
 153
 154         return rc == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
 155 }
 156 #endif