[glibc.git] / login / programs / pt_chown.c

/* pt_chmod - helper program for `grantpt'.
   Copyright (C) 1998, 1999, 2009, 2012 Free Software Foundation, Inc.
   This file is part of the GNU C Library.
   Contributed by C. Scott Ananian <cananian@alumni.princeton.edu>, 1998.

   The GNU C Library is free software; you can redistribute it and/or
   modify it under the terms of the GNU Lesser General Public
   License as published by the Free Software Foundation; either
   version 2.1 of the License, or (at your option) any later version.

   The GNU C Library is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   Lesser General Public License for more details.

   You should have received a copy of the GNU Lesser General Public
   License along with the GNU C Library; if not, write to the Free
   Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
   02111-1307 USA.  */

#include <argp.h>
#include <errno.h>
#include <error.h>
#include <grp.h>
#include <libintl.h>
#include <locale.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <unistd.h>
#ifdef HAVE_LIBCAP
# include <sys/capability.h>
# include <sys/prctl.h>
#endif

#include "pty-private.h"

/* Get libc version number.  */
#include "../version.h"

#define PACKAGE _libc_intl_domainname

/* Name and version of program.  */
static void print_version (FILE *stream, struct argp_state *state);
void (*argp_program_version_hook) (FILE *, struct argp_state *) = print_version;

/* Function to print some extra text in the help message.  */
static char *more_help (int key, const char *text, void *input);

/* Data structure to communicate with argp functions.  */
static struct argp argp =
{
  NULL, NULL, NULL, NULL, NULL, more_help
};


/* Print the version information.  */
static void
print_version (FILE *stream, struct argp_state *state)
{
  fprintf (stream, "pt_chown (GNU %s) %s\n", PACKAGE, VERSION);
  fprintf (stream, gettext ("\
Copyright (C) %s Free Software Foundation, Inc.\n\
This is free software; see the source for copying conditions.  There is NO\n\
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n\
"), "2012");
}

static char *
more_help (int key, const char *text, void *input)
{
  char *cp;

  switch (key)
    {
    case ARGP_KEY_HELP_PRE_DOC:
      asprintf (&cp, gettext ("\
Set the owner, group and access permission of the slave pseudo\
 terminal corresponding to the master pseudo terminal passed on\
 file descriptor `%d'.  This is the helper program for the\
 `grantpt' function.  It is not intended to be run directly from\
 the command line.\n"),
		PTY_FILENO);
      return cp;
    case ARGP_KEY_HELP_EXTRA:
      /* We print some extra information.  */
      asprintf (&cp, gettext ("\
The owner is set to the current user, the group is set to `%s',\
 and the access permission is set to `%o'.\n\n\
%s"),
		TTY_GROUP, S_IRUSR|S_IWUSR|S_IWGRP, gettext ("\
For bug reporting instructions, please see:\n\
<http://www.gnu.org/software/libc/bugs.html>.\n"));
      return cp;
    default:
      break;
    }
  return (char *) text;
}

static int
do_pt_chown (void)
{
  char *pty;
  struct stat64 st;
  struct group *p;
  gid_t gid;

  /* Check that PTY_FILENO is a valid master pseudo terminal.  */
  pty = ptsname (PTY_FILENO);
  if (pty == NULL)
    return errno == EBADF ? FAIL_EBADF : FAIL_EINVAL;

  /* Check that the returned slave pseudo terminal is a
     character device.  */
  if (stat64 (pty, &st) < 0 || !S_ISCHR (st.st_mode))
    return FAIL_EINVAL;

  /* Get the group ID of the special `tty' group.  */
  p = getgrnam (TTY_GROUP);
  gid = p ? p->gr_gid : getgid ();

  /* Set the owner to the real user ID, and the group to that special
     group ID.  */
  if (chown (pty, getuid (), gid) < 0)
    return FAIL_EACCES;

  /* Set the permission mode to readable and writable by the owner,
     and writable by the group.  */
  if ((st.st_mode & ACCESSPERMS) != (S_IRUSR|S_IWUSR|S_IWGRP)
      && chmod (pty, S_IRUSR|S_IWUSR|S_IWGRP) < 0)
    return FAIL_EACCES;

  return 0;
}


int
main (int argc, char *argv[])
{
  uid_t euid = geteuid ();
  uid_t uid = getuid ();
  int remaining;

  if (argc == 1 && euid == 0)
    {
#ifdef HAVE_LIBCAP
  /* Drop privileges.  */
      if (uid != euid)
	{
	  static const cap_value_t cap_list[] =
	    { CAP_CHOWN, CAP_FOWNER	};
# define ncap_list (sizeof (cap_list) / sizeof (cap_list[0]))
	  cap_t caps = cap_init ();
	  if (caps == NULL)
	    return FAIL_ENOMEM;

	  /* There is no reason why these should not work.  */
	  cap_set_flag (caps, CAP_PERMITTED, ncap_list, cap_list, CAP_SET);
	  cap_set_flag (caps, CAP_EFFECTIVE, ncap_list, cap_list, CAP_SET);

	  int res = cap_set_proc (caps);

	  cap_free (caps);

	  if (__builtin_expect (res != 0, 0))
	    return FAIL_EXEC;
	}
#endif

      /* Normal invocation of this program is with no arguments and
	 with privileges.  */
      return do_pt_chown ();
    }

  /* We aren't going to be using privileges, so drop them right now. */
  setuid (uid);

  /* Set locale via LC_ALL.  */
  setlocale (LC_ALL, "");

  /* Set the text message domain.  */
  textdomain (PACKAGE);

  /* parse and process arguments.  */
  argp_parse (&argp, argc, argv, 0, &remaining, NULL);

  if (remaining < argc)
    {
      /* We should not be called with any non-option parameters.  */
      error (0, 0, gettext ("too many arguments"));
      argp_help (&argp, stdout, ARGP_HELP_SEE | ARGP_HELP_EXIT_ERR,
		 program_invocation_short_name);
      return EXIT_FAILURE;
    }

  /* Check if we are properly installed.  */
  if (euid != 0)
    error (FAIL_EXEC, 0, gettext ("needs to be installed setuid `root'"));

  return EXIT_SUCCESS;
}
Commit	Line	Data
9b3c7c3c	1	/* pt_chmod - helper program for `grantpt'.
a316c1f6	2	Copyright (C) 1998, 1999, 2009, 2012 Free Software Foundation, Inc.
6591c335 UD	3	This file is part of the GNU C Library.
	4	Contributed by C. Scott Ananian <cananian@alumni.princeton.edu>, 1998.
	5
	6	The GNU C Library is free software; you can redistribute it and/or
41bdb6e2 AJ	7	modify it under the terms of the GNU Lesser General Public
	8	License as published by the Free Software Foundation; either
	9	version 2.1 of the License, or (at your option) any later version.
6591c335 UD	10
	11	The GNU C Library is distributed in the hope that it will be useful,
	12	but WITHOUT ANY WARRANTY; without even the implied warranty of
	13	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
41bdb6e2	14	Lesser General Public License for more details.
6591c335	15
41bdb6e2 AJ	16	You should have received a copy of the GNU Lesser General Public
	17	License along with the GNU C Library; if not, write to the Free
	18	Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
	19	02111-1307 USA. */
6591c335	20
9b3c7c3c	21	#include <argp.h>
6591c335	22	#include <errno.h>
9b3c7c3c	23	#include <error.h>
6591c335	24	#include <grp.h>
9b3c7c3c UD	25	#include <libintl.h>
	26	#include <locale.h>
	27	#include <stdio.h>
	28	#include <stdlib.h>
	29	#include <string.h>
	30	#include <sys/stat.h>
	31	#include <unistd.h>
f793b624 UD	32	#ifdef HAVE_LIBCAP
	33	# include <sys/capability.h>
	34	# include <sys/prctl.h>
	35	#endif
9b3c7c3c UD	36
9b3c7c3c UD	37	#include "pty-private.h"
6591c335	38
9b3c7c3c UD	39	/* Get libc version number. */
9b3c7c3c UD	40	#include "../version.h"
6591c335	41
9b3c7c3c UD	42	#define PACKAGE _libc_intl_domainname
	43
	44	/* Name and version of program. */
	45	static void print_version (FILE stream, struct argp_state state);
	46	void (argp_program_version_hook) (FILE , struct argp_state *) = print_version;
	47
	48	/* Function to print some extra text in the help message. */
	49	static char more_help (int key, const char text, void *input);
	50
	51	/* Data structure to communicate with argp functions. */
	52	static struct argp argp =
6591c335	53	{
9b3c7c3c UD	54	NULL, NULL, NULL, NULL, NULL, more_help
	55	};
	56
	57
	58	/* Print the version information. */
	59	static void
	60	print_version (FILE stream, struct argp_state state)
	61	{
71e5d196	62	fprintf (stream, "pt_chown (GNU %s) %s\n", PACKAGE, VERSION);
9b3c7c3c UD	63	fprintf (stream, gettext ("\
	64	Copyright (C) %s Free Software Foundation, Inc.\n\
	65	This is free software; see the source for copying conditions. There is NO\n\
	66	warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n\
a316c1f6	67	"), "2012");
6591c335 UD	68	}
6591c335 UD	69
9b3c7c3c UD	70	static char *
9b3c7c3c UD	71	more_help (int key, const char text, void input)
6591c335	72	{
9b3c7c3c	73	char *cp;
00bc5db0	74
9b3c7c3c UD	75	switch (key)
	76	{
	77	case ARGP_KEY_HELP_PRE_DOC:
	78	asprintf (&cp, gettext ("\
00bc5db0 UD	79	Set the owner, group and access permission of the slave pseudo\
	80	terminal corresponding to the master pseudo terminal passed on\
	81	file descriptor `%d'. This is the helper program for the\
	82	`grantpt' function. It is not intended to be run directly from\
	83	the command line.\n"),
9b3c7c3c UD	84	PTY_FILENO);
	85	return cp;
	86	case ARGP_KEY_HELP_EXTRA:
	87	/* We print some extra information. */
	88	asprintf (&cp, gettext ("\
	89	The owner is set to the current user, the group is set to `%s',\
	90	and the access permission is set to `%o'.\n\n\
	91	%s"),
	92	TTY_GROUP, S_IRUSR\|S_IWUSR\|S_IWGRP, gettext ("\
d40eb37a UD	93	For bug reporting instructions, please see:\n\
d40eb37a UD	94	<http://www.gnu.org/software/libc/bugs.html>.\n"));
9b3c7c3c UD	95	return cp;
	96	default:
	97	break;
	98	}
	99	return (char *) text;
6591c335 UD	100	}
6591c335 UD	101
d54fb3b6	102	static int
71e5d196	103	do_pt_chown (void)
6591c335	104	{
6591c335	105	char *pty;
f793b624	106	struct stat64 st;
9b3c7c3c	107	struct group *p;
6591c335	108	gid_t gid;
6591c335	109
9b3c7c3c UD	110	/* Check that PTY_FILENO is a valid master pseudo terminal. */
9b3c7c3c UD	111	pty = ptsname (PTY_FILENO);
6591c335 UD	112	if (pty == NULL)
6591c335 UD	113	return errno == EBADF ? FAIL_EBADF : FAIL_EINVAL;
6591c335	114
9b3c7c3c UD	115	/* Check that the returned slave pseudo terminal is a
9b3c7c3c UD	116	character device. */
f793b624	117	if (stat64 (pty, &st) < 0 \|\| !S_ISCHR (st.st_mode))
6591c335 UD	118	return FAIL_EINVAL;
6591c335 UD	119
9b3c7c3c UD	120	/* Get the group ID of the special `tty' group. */
	121	p = getgrnam (TTY_GROUP);
	122	gid = p ? p->gr_gid : getgid ();
	123
	124	/* Set the owner to the real user ID, and the group to that special
	125	group ID. */
f3799213	126	if (chown (pty, getuid (), gid) < 0)
9b3c7c3c	127	return FAIL_EACCES;
6591c335	128
9b3c7c3c UD	129	/* Set the permission mode to readable and writable by the owner,
9b3c7c3c UD	130	and writable by the group. */
837dea7c UD	131	if ((st.st_mode & ACCESSPERMS) != (S_IRUSR\|S_IWUSR\|S_IWGRP)
837dea7c UD	132	&& chmod (pty, S_IRUSR\|S_IWUSR\|S_IWGRP) < 0)
6591c335 UD	133	return FAIL_EACCES;
6591c335 UD	134
71e5d196 UD	135	return 0;
	136	}
	137
	138
	139	int
	140	main (int argc, char *argv[])
	141	{
a0e0c6c5	142	uid_t euid = geteuid ();
f793b624	143	uid_t uid = getuid ();
71e5d196 UD	144	int remaining;
71e5d196 UD	145
a0e0c6c5	146	if (argc == 1 && euid == 0)
f793b624 UD	147	{
	148	#ifdef HAVE_LIBCAP
	149	/* Drop privileges. */
	150	if (uid != euid)
	151	{
	152	static const cap_value_t cap_list[] =
	153	{ CAP_CHOWN, CAP_FOWNER };
	154	# define ncap_list (sizeof (cap_list) / sizeof (cap_list[0]))
	155	cap_t caps = cap_init ();
	156	if (caps == NULL)
139ee080	157	return FAIL_ENOMEM;
f793b624 UD	158
	159	/* There is no reason why these should not work. */
	160	cap_set_flag (caps, CAP_PERMITTED, ncap_list, cap_list, CAP_SET);
	161	cap_set_flag (caps, CAP_EFFECTIVE, ncap_list, cap_list, CAP_SET);
	162
	163	int res = cap_set_proc (caps);
	164
	165	cap_free (caps);
	166
	167	if (__builtin_expect (res != 0, 0))
139ee080	168	return FAIL_EXEC;
f793b624 UD	169	}
	170	#endif
	171
	172	/* Normal invocation of this program is with no arguments and
	173	with privileges. */
	174	return do_pt_chown ();
	175	}
71e5d196 UD	176
71e5d196 UD	177	/* We aren't going to be using privileges, so drop them right now. */
f793b624	178	setuid (uid);
a0e0c6c5	179
71e5d196 UD	180	/* Set locale via LC_ALL. */
	181	setlocale (LC_ALL, "");
	182
	183	/* Set the text message domain. */
	184	textdomain (PACKAGE);
	185
	186	/* parse and process arguments. */
	187	argp_parse (&argp, argc, argv, 0, &remaining, NULL);
	188
	189	if (remaining < argc)
	190	{
	191	/* We should not be called with any non-option parameters. */
	192	error (0, 0, gettext ("too many arguments"));
	193	argp_help (&argp, stdout, ARGP_HELP_SEE \| ARGP_HELP_EXIT_ERR,
	194	program_invocation_short_name);
	195	return EXIT_FAILURE;
	196	}
	197
	198	/* Check if we are properly installed. */
a0e0c6c5	199	if (euid != 0)
71e5d196 UD	200	error (FAIL_EXEC, 0, gettext ("needs to be installed setuid `root'"));
	201
	202	return EXIT_SUCCESS;
6591c335	203	}