322 lines
9.1 KiB
C
322 lines
9.1 KiB
C
/****************************************************************
|
|
* *
|
|
* Copyright 2008, 2012 Fidelity Information Services, Inc *
|
|
* *
|
|
* This source code contains the intellectual property *
|
|
* of its copyright holder(s), and is made available *
|
|
* under a license. If you do not know the terms of *
|
|
* the license, please stop and do not read further. *
|
|
* *
|
|
****************************************************************/
|
|
|
|
#include "mdef.h"
|
|
/* We want system malloc, not gtm_malloc (which comes from mdef.h --> mdefsp.h). Since gtmsecshr_wrapper runs as root,
|
|
* using the system malloc will increase security over using gtm_malloc. Additionally, by not using gtm_malloc, we
|
|
* are reducing code bloat.
|
|
*/
|
|
#undef malloc
|
|
#include "gtm_unistd.h"
|
|
#include "gtm_stat.h"
|
|
#include "gtm_stdlib.h"
|
|
#include "gtm_stdio.h"
|
|
#include "gtm_string.h"
|
|
#include "gtm_syslog.h"
|
|
#include "main_pragma.h"
|
|
#ifndef __MVS__
|
|
#include <malloc.h>
|
|
#endif
|
|
#include <errno.h>
|
|
|
|
#define ROOTUID 0
|
|
#define ROOTGID 0
|
|
|
|
#define MAX_ENV_VAR_VAL_LEN 1024
|
|
#define MAX_ALLOWABLE_LEN 256
|
|
|
|
#define OVERWRITE 1
|
|
|
|
#define GTM_LOG "gtm_log"
|
|
#define GTM_TMP "gtm_tmp"
|
|
#define GTM_DIST "gtm_dist"
|
|
#define GTM_DBGLVL "gtmdbglvl"
|
|
#ifdef __MVS__
|
|
#define GTM_ZOS_AUTOCVT "_BPXK_AUTOCVT"
|
|
#define GTM_ZOS_AUTOCVT_ON "ON"
|
|
#endif
|
|
|
|
#define SUB_PATH_TO_GTMSECSHRDIR "/gtmsecshrdir"
|
|
#define REL_PATH_TO_CURDIR "."
|
|
#define REL_PATH_TO_GTMSECSHR "./gtmsecshr"
|
|
#define GTMSECSHR_BASENAME "/gtmsecshr"
|
|
|
|
#ifdef __osf__
|
|
/* On OSF/1 (Digital Unix), pointers are 64 bits wide; the only exception to this is C programs for which one may
|
|
* specify compiler and link editor options in order to use (and allocate) 32-bit pointers. However, since C is
|
|
* the only exception and, in particular because the operating system does not support such an exception, the argv
|
|
* array passed to the main program is an array of 64-bit pointers. Thus the C program needs to declare argv[]
|
|
* as an array of 64-bit pointers and needs to do the same for any pointer it sets to an element of argv[].
|
|
*/
|
|
#pragma pointer_size (save)
|
|
#pragma pointer_size (long)
|
|
#endif
|
|
|
|
typedef char **environptr_t;
|
|
extern char **environ;
|
|
|
|
#ifdef __osf__
|
|
#pragma pointer_size (restore)
|
|
#endif
|
|
|
|
int gtm_setenv(char * env_var_name, char * env_var_val, int overwrite);
|
|
|
|
int gtm_setenv(char * env_var_name, char * env_var_val, int overwrite)
|
|
{
|
|
/*
|
|
The overwrite parameter is not used. In our case we always want to set the value.
|
|
*/
|
|
char *env_var_ptr;
|
|
int len;
|
|
|
|
len = STRLEN(env_var_name) + STRLEN("=") + STRLEN(env_var_val) + 1;
|
|
|
|
env_var_ptr = (char *)malloc(len);
|
|
if (NULL == env_var_ptr)
|
|
return -1;
|
|
|
|
strcpy(env_var_ptr, env_var_name);
|
|
strcat(env_var_ptr, "=");
|
|
strcat(env_var_ptr, env_var_val);
|
|
|
|
if (putenv(env_var_ptr))
|
|
return -1;
|
|
|
|
return 0;
|
|
}
|
|
|
|
int gtm_unsetenv(char * env_var_name);
|
|
|
|
int gtm_unsetenv(char * env_var_name)
|
|
{
|
|
return gtm_setenv(env_var_name,"",OVERWRITE);
|
|
}
|
|
|
|
#define MAX_ENV_NAME_LEN 2048
|
|
|
|
int gtm_clearenv(void);
|
|
|
|
int gtm_clearenv()
|
|
{
|
|
char env_var_name[MAX_ENV_NAME_LEN];
|
|
environptr_t p;
|
|
char *eq;
|
|
int len;
|
|
|
|
if (NULL == environ)
|
|
return 0;
|
|
for (p = environ; *p; p++)
|
|
{
|
|
eq = strchr(*p, '=');
|
|
if (NULL != eq)
|
|
{
|
|
len = (int)(eq - *p);
|
|
if (MAX_ENV_NAME_LEN > len)
|
|
{
|
|
memcpy(env_var_name, *p, len);
|
|
env_var_name[len] = '\0';
|
|
if (gtm_unsetenv(env_var_name))
|
|
return -1;
|
|
} else
|
|
return -1;
|
|
} else
|
|
return -1;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
int main()
|
|
{
|
|
int ret, status;
|
|
char * env_var_ptr;
|
|
struct stat gtm_secshrdir_stat;
|
|
struct stat gtm_secshr_stat;
|
|
|
|
char gtm_dist_val[MAX_ENV_VAR_VAL_LEN];
|
|
char gtm_log_val[MAX_ENV_VAR_VAL_LEN];
|
|
char gtm_tmp_val[MAX_ENV_VAR_VAL_LEN];
|
|
char gtm_dbglvl_val[MAX_ENV_VAR_VAL_LEN];
|
|
char gtm_secshrdir_path[MAX_ENV_VAR_VAL_LEN];
|
|
char gtm_secshr_path[MAX_ENV_VAR_VAL_LEN];
|
|
char gtm_secshr_orig_path[MAX_ENV_VAR_VAL_LEN];
|
|
|
|
int gtm_log_exists = 0;
|
|
int gtm_tmp_exists = 0;
|
|
int gtm_dbglvl_exists = 0;
|
|
|
|
openlog("GTMSECSHRINIT", LOG_PID | LOG_CONS | LOG_NOWAIT, LOG_USER);
|
|
|
|
ret = 0; /* start positive */
|
|
|
|
/* get the ones we need */
|
|
if (env_var_ptr = getenv(GTM_DIST))
|
|
{
|
|
if (MAX_ALLOWABLE_LEN < strlen(env_var_ptr) + STR_LIT_LEN(SUB_PATH_TO_GTMSECSHRDIR) +
|
|
STR_LIT_LEN(GTMSECSHR_BASENAME))
|
|
{
|
|
syslog(LOG_USER | LOG_INFO, "gtm_dist env var too long. gtmsecshr will not be started.\n");
|
|
ret = -1;
|
|
} else
|
|
{
|
|
strcpy(gtm_dist_val,env_var_ptr);
|
|
/* point the path to the real gtmsecshr - for display purposes only */
|
|
strcpy(gtm_secshr_path, env_var_ptr);
|
|
strcat(gtm_secshr_path, SUB_PATH_TO_GTMSECSHRDIR);
|
|
strcat(gtm_secshr_path, GTMSECSHR_BASENAME);
|
|
/* point the path to the real gtmsecshrdir */
|
|
strcpy(gtm_secshrdir_path, env_var_ptr);
|
|
strcat(gtm_secshrdir_path, SUB_PATH_TO_GTMSECSHRDIR);
|
|
}
|
|
} else
|
|
{
|
|
syslog(LOG_USER | LOG_INFO, "gtm_dist env var does not exist. gtmsecshr will not be started.\n");
|
|
ret = -1;
|
|
}
|
|
|
|
if (env_var_ptr = getenv(GTM_LOG))
|
|
{
|
|
if (MAX_ALLOWABLE_LEN < strlen(env_var_ptr))
|
|
{
|
|
syslog(LOG_USER | LOG_INFO, "gtm_log env var too long. gtmsecshr will not be started.\n");
|
|
ret = -1;
|
|
} else
|
|
{
|
|
gtm_log_exists = 1;
|
|
strcpy(gtm_log_val, env_var_ptr);
|
|
}
|
|
|
|
}
|
|
|
|
if (env_var_ptr = getenv(GTM_TMP))
|
|
{
|
|
if (MAX_ALLOWABLE_LEN < strlen(env_var_ptr))
|
|
{
|
|
syslog(LOG_USER | LOG_INFO, "gtm_tmp env var too long. gtmsecshr will not be started.\n");
|
|
ret = -1;
|
|
} else
|
|
{
|
|
gtm_tmp_exists = 1;
|
|
strcpy(gtm_tmp_val, env_var_ptr);
|
|
}
|
|
}
|
|
|
|
if (env_var_ptr = getenv(GTM_DBGLVL))
|
|
{
|
|
if (MAX_ALLOWABLE_LEN < strlen(env_var_ptr))
|
|
{
|
|
syslog(LOG_USER | LOG_INFO, "gtmdbglvl env var too long. gtmsecshr will not be started.\n");
|
|
ret = -1;
|
|
} else
|
|
{
|
|
gtm_dbglvl_exists = 1;
|
|
strcpy(gtm_dbglvl_val, env_var_ptr);
|
|
}
|
|
}
|
|
|
|
#ifdef __MVS__
|
|
if (!(env_var_ptr = getenv(GTM_ZOS_AUTOCVT)))
|
|
{
|
|
syslog(LOG_USER | LOG_INFO, "_BPXK_AUTOCVT is not set, forcing autoconversion\n");
|
|
}
|
|
#endif
|
|
|
|
if (!ret)
|
|
{ /* clear all */
|
|
status = gtm_clearenv();
|
|
if (status)
|
|
{
|
|
syslog(LOG_USER | LOG_INFO, "clearenv failed. gtmsecshr will not be started.\n");
|
|
ret = -1;
|
|
}
|
|
|
|
/* add the ones we need */
|
|
status = gtm_setenv(GTM_DIST, gtm_dist_val, OVERWRITE);
|
|
if (status)
|
|
{
|
|
syslog(LOG_USER | LOG_INFO, "setenv for gtm_dist failed. gtmsecshr will not be started.\n");
|
|
ret = -1;
|
|
}
|
|
if (gtm_log_exists)
|
|
{
|
|
status = gtm_setenv(GTM_LOG, gtm_log_val, OVERWRITE);
|
|
if (status)
|
|
{
|
|
syslog(LOG_USER | LOG_INFO, "setenv for gtm_log failed. gtmsecshr will not be started.\n");
|
|
ret = -1;
|
|
}
|
|
}
|
|
if (gtm_tmp_exists)
|
|
{
|
|
status = gtm_setenv(GTM_TMP, gtm_tmp_val, OVERWRITE);
|
|
if (status)
|
|
{
|
|
syslog(LOG_USER | LOG_INFO, "setenv for gtm_tmp failed. gtmsecshr will not be started.\n");
|
|
ret = -1;
|
|
}
|
|
}
|
|
if (gtm_dbglvl_exists)
|
|
{
|
|
status = gtm_setenv(GTM_DBGLVL, gtm_dbglvl_val, OVERWRITE);
|
|
if (status)
|
|
{
|
|
syslog(LOG_USER | LOG_INFO, "setenv for gtmdbglvl failed. gtmsecshr will not be started.\n");
|
|
ret = -1;
|
|
}
|
|
}
|
|
#ifdef __MVS__
|
|
status = gtm_setenv(GTM_ZOS_AUTOCVT, GTM_ZOS_AUTOCVT_ON, OVERWRITE);
|
|
if (status)
|
|
{
|
|
syslog(LOG_USER | LOG_INFO,
|
|
"setenv for _BPXK_AUTOCVT failed. gtmsecshr logs may contain mixed ASCII and EBCDIC.\n");
|
|
}
|
|
#endif
|
|
}
|
|
|
|
if (!ret)
|
|
{ /* go to root */
|
|
if (-1 == CHDIR(gtm_secshrdir_path))
|
|
syslog(LOG_USER | LOG_INFO, "chdir failed on %s, errno %d. gtmsecshr will not be started.\n",
|
|
gtm_secshrdir_path, errno);
|
|
else if (-1 == Stat(REL_PATH_TO_CURDIR, >m_secshrdir_stat))
|
|
syslog(LOG_USER | LOG_INFO, "stat failed on %s, errno %d. gtmsecshr will not be started.\n",
|
|
gtm_secshrdir_path, errno);
|
|
else if (ROOTUID != gtm_secshrdir_stat.st_uid)
|
|
syslog(LOG_USER | LOG_INFO, "%s not owned by root. gtmsecshr will not be started.\n", gtm_secshrdir_path);
|
|
else if (gtm_secshrdir_stat.st_mode & 0277)
|
|
syslog(LOG_USER | LOG_INFO, "%s permissions incorrect (%04o). gtmsecshr will not be started.\n",
|
|
gtm_secshrdir_path, gtm_secshrdir_stat.st_mode & 0777);
|
|
else if (-1 == Stat(REL_PATH_TO_GTMSECSHR, >m_secshr_stat))
|
|
syslog(LOG_USER | LOG_INFO, "stat failed on %s, errno %d. gtmsecshr will not be started.\n",
|
|
gtm_secshr_path, errno);
|
|
else if (ROOTUID != gtm_secshr_stat.st_uid)
|
|
syslog(LOG_USER | LOG_INFO, "%s not owned by root. gtmsecshr will not be started.\n", gtm_secshr_path);
|
|
else if (gtm_secshr_stat.st_mode & 022)
|
|
syslog(LOG_USER | LOG_INFO, "%s writable. gtmsecshr will not be started.\n", gtm_secshr_path);
|
|
else if (!(gtm_secshr_stat.st_mode & 04000))
|
|
syslog(LOG_USER | LOG_INFO, "%s not set-uid. gtmsecshr will not be started.\n", gtm_secshr_path);
|
|
else if (-1 == setuid(ROOTUID))
|
|
syslog(LOG_USER | LOG_INFO, "setuid failed. gtmsecshr will not be started.\n");
|
|
else
|
|
{ /* call the real gtmsecshr, but have ps display the original gtmsecshr location */
|
|
strcpy(gtm_secshr_orig_path, gtm_dist_val);
|
|
strcat(gtm_secshr_orig_path, GTMSECSHR_BASENAME);
|
|
ret = execl(REL_PATH_TO_GTMSECSHR, gtm_secshr_orig_path, NULL);
|
|
if (-1 == ret)
|
|
syslog(LOG_USER | LOG_INFO, "execl of %s failed\n", gtm_secshr_path);
|
|
}
|
|
}
|
|
|
|
closelog();
|
|
|
|
return ret;
|
|
}
|